add CUSTOM_MCP_PROTOCOL
This commit is contained in:
Henry
parent
8aa2507ed9
commit
a3c019ace4
|
|
@ -1,6 +1,6 @@
|
||||||
import { Tool } from '@langchain/core/tools'
|
import { Tool } from '@langchain/core/tools'
|
||||||
import { ICommonObject, IDatabaseEntity, INode, INodeData, INodeOptionsValue, INodeParams } from '../../../../src/Interface'
|
import { ICommonObject, IDatabaseEntity, INode, INodeData, INodeOptionsValue, INodeParams } from '../../../../src/Interface'
|
||||||
import { MCPToolkit, validateMCPServerSecurity } from '../core'
|
import { MCPToolkit } from '../core'
|
||||||
import { getVars, prepareSandboxVars } from '../../../../src/utils'
|
import { getVars, prepareSandboxVars } from '../../../../src/utils'
|
||||||
import { DataSource } from 'typeorm'
|
import { DataSource } from 'typeorm'
|
||||||
import hash from 'object-hash'
|
import hash from 'object-hash'
|
||||||
|
|
@ -173,13 +173,11 @@ class Custom_MCP implements INode {
|
||||||
serverParams = JSON.parse(serverParamsString)
|
serverParams = JSON.parse(serverParamsString)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (process.env.CUSTOM_MCP_SECURITY_CHECK === 'true') {
|
|
||||||
validateMCPServerSecurity(serverParams)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Compatible with stdio and SSE
|
// Compatible with stdio and SSE
|
||||||
let toolkit: MCPToolkit
|
let toolkit: MCPToolkit
|
||||||
if (serverParams?.command === undefined) {
|
if (process.env.CUSTOM_MCP_PROTOCOL === 'sse') {
|
||||||
|
toolkit = new MCPToolkit(serverParams, 'sse')
|
||||||
|
} else if (serverParams?.command === undefined) {
|
||||||
toolkit = new MCPToolkit(serverParams, 'sse')
|
toolkit = new MCPToolkit(serverParams, 'sse')
|
||||||
} else {
|
} else {
|
||||||
toolkit = new MCPToolkit(serverParams, 'stdio')
|
toolkit = new MCPToolkit(serverParams, 'stdio')
|
||||||
|
|
|
||||||
|
|
@ -174,32 +174,6 @@ function createSchemaModel(
|
||||||
return z.object(schemaProperties)
|
return z.object(schemaProperties)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* TODO: To be removed and only allow Remote MCP for Cloud
|
|
||||||
* Validates MCP server configuration to only allow whitelisted commands
|
|
||||||
*/
|
|
||||||
export function validateMCPServerSecurity(serverParams: Record<string, any>): void {
|
|
||||||
// Whitelist of allowed commands - only these are permitted
|
|
||||||
const allowedCommands = ['npx', 'node']
|
|
||||||
|
|
||||||
if (serverParams.command) {
|
|
||||||
const cmd = serverParams.command.toLowerCase()
|
|
||||||
const baseCmd = cmd
|
|
||||||
|
|
||||||
if (!allowedCommands.includes(baseCmd)) {
|
|
||||||
throw new Error(`Only allowed: ${allowedCommands.join(', ')}`)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (serverParams.env) {
|
|
||||||
for (const [key, value] of Object.entries(serverParams.env)) {
|
|
||||||
if (typeof value === 'string' && (value.includes('$(') || value.includes('`'))) {
|
|
||||||
throw new Error(`Environment variable "${key}" contains command substitution: "${value}"`)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
export const validateArgsForLocalFileAccess = (args: string[]): void => {
|
export const validateArgsForLocalFileAccess = (args: string[]): void => {
|
||||||
const dangerousPatterns = [
|
const dangerousPatterns = [
|
||||||
// Absolute paths
|
// Absolute paths
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue