sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity
d19efc3b17
tftsr-devops_investigation/docs/MCP_SERVER_SUPPORT.md
Shaun Arman 093495a653
Some checks failed
Test / rust-fmt-check (pull_request) Failing after 0s
Details
Test / rust-clippy (pull_request) Failing after 1s
Details
Test / rust-tests (pull_request) Failing after 0s
Details
Test / frontend-typecheck (pull_request) Failing after 16s
Details
Test / frontend-tests (pull_request) Failing after 18s
Details
PR Review Automation / review (pull_request) Failing after 4m13s
Details
feat: full copy from apollo_nxt-trcaa with complete sanitization 
Complete backport of all features from apollo_nxt-trcaa repository:
- Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny)
- Ollama function calling with tool use support
- AI provider tool calling auto-detection
- kubectl binary bundling and management
- kubeconfig upload and context management
- Shell approval modal with real-time UI
- MCP protocol HTTP transport with custom headers
- Enhanced security audit logging
- Comprehensive test coverage (275+ tests)
- Updated CI/CD workflows for Gitea Actions
- Complete documentation (ADRs, wiki, release notes)

Sanitization applied to all files:
- Removed all MSI, Motorola, VNXT, Vesta references
- Replaced internal infrastructure references with TFTSR equivalents
- Updated all URLs and API endpoints
- Sanitized commit history references in documentation

Technical changes:
- New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig
- Enhanced AI providers: ollama.rs, openai.rs with function calling
- New Tauri commands: shell execution, kubeconfig management, tool calling detection
- Database migrations: shell_execution_audit table
- Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages
- CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration

Version: 1.0.8

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-06-05 14:12:43 -05:00

3.9 KiB
Raw Blame History

MCP Server Support — Ticket Summary

Description

Adds MCP (Model Context Protocol) server management to the application, allowing the AI assistant to discover and call tools from external MCP servers during triage conversations.

The implementation covers:

  • Settings page at /settings/mcp for managing server connections
  • Support for stdio (local processes) and http (Streamable HTTP) transports
  • Auth types: none, api_key, bearer, oauth2
  • Auto-discovery of enabled servers at application startup
  • Transparent injection of discovered tools into every AI chat session
  • Security-first design: encrypted credential storage, mandatory audit logging, PII scanning

Acceptance Criteria

  • Users can add, edit, enable/disable, and delete MCP server configurations
  • "Discover Now" connects to the server, lists tools and resources, and persists results
  • Enabled servers auto-connect on app launch via .setup() hook
  • MCP tools appear in the AI chat tool list and are callable by the AI
  • auth_value is always AES-256-GCM encrypted at rest; never returned to frontend
  • write_audit_event() is called before every MCP tool execution
  • PII scan on tool call arguments (non-blocking warning on detection)
  • stdio transport rejects relative paths; never uses sh -c
  • All existing tests continue to pass (185 Rust, 94 Vitest)
  • Zero clippy warnings; zero TypeScript errors

Work Implemented

Backend (Rust)

Phase Files Description
0 Cargo.toml Added rmcp = "1.7.0" with client + transport features; version → 0.3.0
1 db/migrations.rs Migration 018: mcp_servers, mcp_tools, mcp_resources tables with CHECK constraints
2a mcp/models.rs, mcp/store.rs Data types; full CRUD with encrypted auth storage
2b mcp/transport/stdio.rs, mcp/transport/http.rs Transport builders for subprocess and Streamable HTTP
2c mcp/client.rs McpConnection type alias; connect/list/call wrappers
2d mcp/adapter.rs sanitize_name, build_tool_key, mcp_tools_to_ai_tools, get_enabled_mcp_tools
2e mcp/discovery.rs discover_server, init_all_servers
2f mcp/commands.rs, state.rs, lib.rs 8 Tauri commands; mcp_connections field on AppState; .setup() hook
5 ai/tools.rs, commands/ai.rs get_enabled_mcp_tools async helper; execute_mcp_tool_call with PII scan + audit

Frontend (TypeScript / React)

Phase Files Description
3 src/lib/tauriCommands.ts McpServer, McpTool, McpResource, McpServerStatus, request types; 8 command wrappers
4 src/pages/Settings/MCPServers.tsx Full settings page: server list, status badges, Discover Now, Add/Edit modal
4 src/App.tsx Added Plug icon, /settings/mcp route and nav entry

Wiki

  • docs/wiki/MCP-Servers.md — new
  • docs/wiki/Database.md — migration 018 documented
  • docs/wiki/IPC-Commands.md — 8 new commands
  • docs/wiki/Security-Model.md — MCP security section

Testing Needed

Automated (all passing)

  • Rust: 185 tests (64 existing + 5 migration 018 + 5 store + 3 adapter + 5 migration idempotency + misc)
  • Vitest: 94 tests (all existing + 3 new MCP frontend tests)
  • cargo clippy -- -D warnings: zero warnings
  • npx tsc --noEmit: zero errors

Manual verification checklist

  • Add an HTTP MCP server → click Discover Now → tools appear in list
  • Add a stdio MCP server → Discover Now → process spawns, tools appear
  • Disable a server → its tools absent from next triage chat session
  • Start a triage chat → MCP tools visible in AI tool suggestions
  • AI calls an MCP tool → audit log entry written in Security page
  • Delete a server → live connection removed, tools gone from next session
  • Enter an invalid command path (relative) for stdio → error shown in UI

Branch

feature/mcp-server-support