feat(mcp-cloud): enforce tool allowlist, fix quota semantics, improve onboarding#57
Merged
Conversation
added 6 commits
June 11, 2026 14:10
… onboarding
- Enforce per-key allowed_tools in the proxy (empty = unrestricted);
denied calls return 403 before consuming quota
- Only tools/call requests consume the monthly quota and meter events;
protocol traffic (initialize, tools/list, SSE, DELETE) stays free but
rate-limited
- Derive WRITE_TOOL_NAMES from MCP TOOL_ANNOTATIONS (readOnlyHint) minus
Studio-owned lifecycle tools; add Retry-After header on 429
- Validate key create inputs (allowedTools against TOOL_NAMES,
rateLimitPerMinute 1-600, monthlyCallLimit positive integer)
- Panel: feature-gated via useFeature('api.mcp_cloud'), canonical /mcp
endpoint URLs per key, Claude Code + JSON connect snippets in the
key reveal dialog, per-key monthly usage column
- New DatabaseProvider.getMcpCloudKeyUsage + usage enrichment on key list
- Integration tests for proxy gating and key route validation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardens and completes the MCP Cloud flow based on an end-to-end review of the proxy route, key management, and panel UX.
Proxy route (
/api/mcp/v1/{projectId}/...)allowed_toolswas stored and displayed but never checked — every key had the full tool surface. A non-empty list now 403s disallowedtools/callrequests before quota consumption (enables read-only / CI-scoped keys).tools/callrequests consume the monthly quota and produce overage meter events. Protocol traffic (initialize,tools/list, SSE GET, session DELETE) is rate-limited but free — previously a client burned ~3 quota units before its first real call.WRITE_TOOL_NAMESderived from MCPTOOL_ANNOTATIONS(readOnlyHint: false) minus the Studio-owned merge/review lifecycle tools, so a future MCP release that opens e.g.contentrain_bulkto remote providers gets brain-cache invalidation + auto-merge reconciliation without a Studio change.Retry-Afterheader on rate-limit 429s.Key management
allowedToolsagainst MCPTOOL_NAMES,rateLimitPerMinuteinteger 1–600,monthlyCallLimitpositive integer or null. Previously negative/huge values were written to the DB unchecked.calls_this_month(newDatabaseProvider.getMcpCloudKeyUsage, readsmcp_cloud_usageper key).Panel UX
useFeature('api.mcp_cloud')instead of a hardcoded['starter','pro','enterprise']array (CLAUDE.md rule)./mcp-suffixed endpoint URL, copyable per key.claude mcp addcommand and a genericmcpServersJSON config (Cursor, VS Code, others).Docs
init/bulk/scaffold/doctor/scan/apply/validate(fix)are localWorktree-gated and unavailable remotely; documented quota semantics, allowlist behavior, and the session-affinity scaling note.Tests
Not in this PR
context.json-on-feature-branch conflict (MCP remote write path) is being fixed in@contentrain/mcpseparately.🤖 Generated with Claude Code