- Add @testing-library/dom ^10.4.1 to devDependencies (required by @testing-library/react)
- Fix clippy::uninlined_format_args warning in shell.rs (use inline format)
Resolves CI test failures in frontend tests and rust-clippy job.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix two valid issues identified in automated code review:
1. Fix OAuth callback AppState to preserve pending_approvals
- Clone existing pending_approvals instead of creating empty HashMap
- Prevents loss of shell approval requests during OAuth flow
2. Add validation to activate_kubeconfig
- Check that kubeconfig ID exists before activation
- Return error if ID not found to prevent silent failure
Invalid findings clarified:
- Ollama retry logic is correct (anyhow::bail exits immediately)
- systemctl classification already handles subcommands correctly
(lines 230-239: status/is-active/is-enabled are Tier 1)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Quote shell:: argument to fix YAML parsing error at line 121.
The double colon was being interpreted as a YAML mapping value.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Update test workflow with shell module tests.
- Add dedicated shell module test step to .gitea/workflows/test.yml
- Tests run with --test-threads=1 for consistency
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Comprehensive wiki updates with sanitized content. Add new Shell-Execution
guide.
- Add Shell-Execution.md guide (665 lines, sanitized)
- Update AI-Providers.md with Ollama function calling
- Update Architecture.md with shell execution system
- Update IPC-Commands.md with shell commands
- Update Database.md with new tables
- Update CICD-Pipeline.md for Gitea Actions
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The test was trying to spawn a process which requires a Tokio runtime.
Changed the test to only verify validation logic by checking that safe
environment variables don't trigger 'Dangerous environment variable' errors.
Uses /usr/bin/nonexistent as command so spawn will fail (command not found)
but validation will pass for safe env vars like DEBUG, API_KEY, PATH, etc.
All 243 tests now passing.
Add defense-in-depth security validation for stdio transport to reject
environment variables that could be used for privilege escalation attacks.
Blocks the following dangerous variables (case-insensitive):
- LD_PRELOAD (Linux)
- LD_LIBRARY_PATH (Linux)
- DYLD_INSERT_LIBRARIES (macOS)
- DYLD_LIBRARY_PATH (macOS)
- DYLD_FRAMEWORK_PATH (macOS)
- DYLD_FALLBACK_LIBRARY_PATH (macOS)
These variables can inject malicious libraries into spawned processes and
should never be user-configurable for MCP servers.
Add comprehensive tests:
- test_rejects_relative_path: Verify existing path validation
- test_rejects_dangerous_env_vars: Test all blocked variables
- test_rejects_dangerous_env_vars_case_insensitive: Verify lowercase variants blocked
- test_allows_safe_env_vars: Verify legitimate vars (DEBUG, PATH, API_KEY) allowed
All tests passing.
Change plaintext_env input field from type='password' to type='text' since
this field is explicitly for non-sensitive values (DEBUG, LOG_LEVEL, etc.).
Using password type for plaintext config was misleading and prevented
copy/paste of legitimate non-sensitive configuration.
Only the encrypted_env and http_headers fields remain as type='password'
for sensitive values like API keys and tokens.
Add clearer placeholder and helper text to explain that encrypted environment
variables are never displayed for security reasons. When editing an existing
server, the encrypted_env field shows a placeholder explaining that leaving it
blank will preserve existing values.
Also apply cargo fmt formatting fixes to store.rs.
Add dual-mode environment variable support for stdio MCP servers and custom
HTTP headers for HTTP-based MCP servers to enable proper authentication and
configuration.
Backend changes (Rust):
- Add migration 023 for env_config column in mcp_servers table
- Add env_config field to McpServer, CreateMcpServerRequest, UpdateMcpServerRequest
- Encrypt env_config using AES-256-GCM on create/update in store.rs
- Add get_server_env_config() helper to decrypt and parse env vars
- Parse plaintext env from transport_config.env (stdio only)
- Parse custom headers from transport_config.headers (HTTP only)
- Merge plaintext and encrypted env vars (encrypted takes precedence)
- Update connect_stdio() to accept HashMap<String, String> for env vars
- Update connect_http() to accept HashMap<String, String> for headers
- Apply env vars to tokio::process::Command via .env() method
- Add warning for HTTP headers (rmcp v1.7.0 limitation - no .header() method)
- Add comprehensive tests for encryption, merging, and clearing
Frontend changes (TypeScript/React):
- Add env_config field to CreateMcpServerRequest and UpdateMcpServerRequest
- Add plaintext_env, encrypted_env, http_headers to ServerForm interface
- Add parsing helpers: parseEnvVars(), formatEnvVars(), parseHeaders(), formatHeaders()
- Update startEdit() to extract and format env vars/headers from transport_config
- Update handleSave() to build transport_config with env/headers and env_config JSON
- Add conditional UI fields: stdio (plaintext + encrypted env), HTTP (custom headers)
- Use password input type for all sensitive fields
Security:
- Encrypted env vars stored using AES-256-GCM (matching auth_value pattern)
- Plaintext env vars in transport_config for non-sensitive values
- UI masks all env/header fields with password input type
- Never display decrypted values when editing
Fixes inability to configure MCP servers that require environment variables
(e.g., GitHub MCP server with GITHUB_PERSONAL_ACCESS_TOKEN).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
