Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita80f6b5

Browse files
committed
feat: external auth MCP URL & allow/denylist
1 parent59437f0 commita80f6b5

File tree

9 files changed

+80
-0
lines changed

9 files changed

+80
-0
lines changed

‎cli/server.go‎

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2722,6 +2722,12 @@ func parseExternalAuthProvidersFromEnv(prefix string, environ []string) ([]coder
27222722
provider.DisplayName=v.Value
27232723
case"DISPLAY_ICON":
27242724
provider.DisplayIcon=v.Value
2725+
case"MCP_URL":
2726+
provider.MCPURL=v.Value
2727+
case"MCP_TOOL_ALLOWLIST":
2728+
provider.MCPToolAllowlist=v.Value
2729+
case"MCP_TOOL_DENYLIST":
2730+
provider.MCPToolDenylist=v.Value
27252731
}
27262732
providers[providerNum]=provider
27272733
}

‎coderd/apidoc/docs.go‎

Lines changed: 9 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/apidoc/swagger.json‎

Lines changed: 9 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎coderd/externalauth/externalauth.go‎

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,17 @@ type Config struct {
8181
// AppInstallationsURL is an API endpoint that returns a list of
8282
// installations for the user. This is used for GitHub Apps.
8383
AppInstallationsURLstring
84+
// MCPURL is the endpoint that clients must use to communicate with the associated
85+
// MCP server.
86+
MCPURLstring
87+
// MCPToolAllowlistPattern is a [regexp.Regexp] to match tools which are explicitly allowed to be
88+
// injected into Coder AI Bridge upstream requests.
89+
// In the case of conflicts, [MCPToolDenylistPattern] overrides items evaluated by this list.
90+
MCPToolAllowlistPattern*regexp.Regexp
91+
// MCPToolAllowlistPattern is a [regexp.Regexp] to match tools which are explicitly NOT allowed to be
92+
// injected into Coder AI Bridge upstream requests.
93+
// In the case of conflicts, items evaluated by this list override [MCPToolAllowlistPattern].
94+
MCPToolDenylistPattern*regexp.Regexp
8495
}
8596

8697
// GenerateTokenExtra generates the extra token data to store in the database.
@@ -608,6 +619,21 @@ func ConvertConfig(instrument *promoauth.Factory, entries []codersdk.ExternalAut
608619
instrumented=instrument.NewGithub(entry.ID,oauthConfig)
609620
}
610621

622+
varmcpToolAllow*regexp.Regexp
623+
varmcpToolDeny*regexp.Regexp
624+
ifentry.MCPToolAllowlist!="" {
625+
mcpToolAllow,err=regexp.Compile(entry.MCPToolAllowlist)
626+
iferr!=nil {
627+
returnnil,xerrors.Errorf("compile MCP tool allowlist for external auth provider %q: %w",entry.ID,entry.MCPToolAllowlist)
628+
}
629+
}
630+
ifentry.MCPToolDenylist!="" {
631+
mcpToolDeny,err=regexp.Compile(entry.MCPToolDenylist)
632+
iferr!=nil {
633+
returnnil,xerrors.Errorf("compile MCP tool denylist for external auth provider %q: %w",entry.ID,entry.MCPToolDenylist)
634+
}
635+
}
636+
611637
cfg:=&Config{
612638
InstrumentedOAuth2Config:instrumented,
613639
ID:entry.ID,
@@ -620,6 +646,9 @@ func ConvertConfig(instrument *promoauth.Factory, entries []codersdk.ExternalAut
620646
DisplayName:entry.DisplayName,
621647
DisplayIcon:entry.DisplayIcon,
622648
ExtraTokenKeys:entry.ExtraTokenKeys,
649+
MCPURL:entry.MCPURL,
650+
MCPToolAllowlistPattern:mcpToolAllow,
651+
MCPToolDenylistPattern:mcpToolDeny,
623652
}
624653

625654
ifentry.DeviceFlow {

‎codersdk/deployment.go‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -742,6 +742,9 @@ type ExternalAuthConfig struct {
742742
ExtraTokenKeys []string`json:"-" yaml:"extra_token_keys"`
743743
DeviceFlowbool`json:"device_flow" yaml:"device_flow"`
744744
DeviceCodeURLstring`json:"device_code_url" yaml:"device_code_url"`
745+
MCPURLstring`json:"mcp_url" yaml:"mcp_url"`
746+
MCPToolAllowliststring`json:"mcp_tool_allowlist" yaml:"mcp_tool_allowlist"`
747+
MCPToolDenyliststring`json:"mcp_tool_denylist" yaml:"mcp_tool_denylist"`
745748
// Regex allows API requesters to match an auth config by
746749
// a string (e.g. coder.com) instead of by it's type.
747750
//

‎docs/reference/api/general.md‎

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎docs/reference/api/schemas.md‎

Lines changed: 15 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎site/src/api/typesGenerated.ts‎

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎site/src/pages/DeploymentSettingsPage/ExternalAuthSettingsPage/ExternalAuthSettingsPageView.stories.tsx‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ const meta: Meta<typeof ExternalAuthSettingsPageView> = {
2323
device_code_url:"",
2424
display_icon:"",
2525
display_name:"GitHub",
26+
mcp_url:"",
27+
mcp_tool_allowlist:"",
28+
mcp_tool_denylist:"",
2629
},
2730
],
2831
},

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp