Add standalone MCP Approval Server GUI application with history window

Move MCP server from BuildTools to a standalone WPF application with:
- System tray integration with status icons (green/orange/blue)
- Individual approval windows for each pending request
- Command history window showing pending and completed requests
- HTTP-based MCP server for Docker container communication
- Risk analysis with AI and regex-based assessment

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: gfraiteur

CLAUDE.md

@@ -18,13 +18,22 @@ Before any work in this repo, read these skills:
 
 When running inside a Docker container, you have access to the `host-approval` MCP server for executing privileged commands on the host machine. These commands require human approval before execution.
 
+### Starting the MCP Approval Server
+
+The MCP Approval Server is now a standalone GUI application with system tray integration. Before running Claude in Docker mode, start the server:
+
+1. Build the solution: `dotnet build`
+2. Run the GUI application: `.\src\PostSharp.Engineering.McpApprovalServer\bin\Debug\net8.0-windows\PostSharp.Engineering.McpApprovalServer.exe`
+3. The server will appear as a tray icon (green = ready, orange = pending requests)
+4. Now run `DockerBuild.ps1 -Claude` - it will detect the running server automatically
+
 ### Security Model
 
-The MCP server uses token-based authentication:
-- DockerBuild.ps1 generates a random 128-bit secret when starting the MCP server
-- The secret is passed to the container via the `MCP_APPROVAL_SERVER_TOKEN` environment variable
-- All MCP requests include this secret as a URL parameter for authentication
-- The MCP server validates the token before processing any commands
+The MCP server uses localhost-only binding for security:
+- Server binds exclusively to `localhost:9847` (not exposed to the network)
+- Docker containers access via the host gateway IP
+- No authentication tokens needed since only local processes can connect
+- Human approval required for all non-low-risk commands via the GUI
 
 ### When to Use the MCP Server
 

Directory.Packages.props

@@ -45,5 +45,10 @@
     <PackageVersion Include="ModelContextProtocol.AspNetCore" Version="0.5.0-preview.1" />
     <PackageVersion Include="Octokit" Version="13.0.1" />
     <PackageVersion Include="Octokit.GraphQL" Version="0.2.0-beta" />
+    <!-- MCP Approval Server GUI dependencies -->
+    <PackageVersion Include="Hardcodet.NotifyIcon.Wpf" Version="1.1.0" />
+    <PackageVersion Include="CommunityToolkit.Mvvm" Version="8.2.2" />
+    <PackageVersion Include="AvalonEdit" Version="6.3.0.90" />
+    <PackageVersion Include="Microsoft.Extensions.Hosting" Version="9.0.0" />
   </ItemGroup>
 </Project>

DockerBuild.ps1

@@ -1,43 +1,49 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 17
-VisualStudioVersion = 17.0.31912.275
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PostSharp.Engineering.BuildTools", "src\PostSharp.Engineering.BuildTools\PostSharp.Engineering.BuildTools.csproj", "{79C98592-B228-448D-B590-95FD9C8E3123}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PostSharp.Engineering.Sdk", "src\PostSharp.Engineering.Sdk\PostSharp.Engineering.Sdk.csproj", "{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PostSharp.Engineering.DocFx", "src\PostSharp.Engineering.DocFx\PostSharp.Engineering.DocFx.csproj", "{53B2C52E-9095-4D49-8C34-5507BB941EE6}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PostSharp.Engineering.SystemTypes", "src\PostSharp.Engineering.SystemTypes\PostSharp.Engineering.SystemTypes.csproj", "{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{79C98592-B228-448D-B590-95FD9C8E3123}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{79C98592-B228-448D-B590-95FD9C8E3123}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{79C98592-B228-448D-B590-95FD9C8E3123}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{79C98592-B228-448D-B590-95FD9C8E3123}.Release|Any CPU.Build.0 = Release|Any CPU
-		{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}.Release|Any CPU.Build.0 = Release|Any CPU
-		{53B2C52E-9095-4D49-8C34-5507BB941EE6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{53B2C52E-9095-4D49-8C34-5507BB941EE6}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{53B2C52E-9095-4D49-8C34-5507BB941EE6}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{53B2C52E-9095-4D49-8C34-5507BB941EE6}.Release|Any CPU.Build.0 = Release|Any CPU
-		{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {EE2C48C5-7AD7-4852-A39D-A3C5C94000A9}
-	EndGlobalSection
-EndGlobal
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31912.275
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PostSharp.Engineering.BuildTools", "src\PostSharp.Engineering.BuildTools\PostSharp.Engineering.BuildTools.csproj", "{79C98592-B228-448D-B590-95FD9C8E3123}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PostSharp.Engineering.Sdk", "src\PostSharp.Engineering.Sdk\PostSharp.Engineering.Sdk.csproj", "{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PostSharp.Engineering.DocFx", "src\PostSharp.Engineering.DocFx\PostSharp.Engineering.DocFx.csproj", "{53B2C52E-9095-4D49-8C34-5507BB941EE6}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PostSharp.Engineering.SystemTypes", "src\PostSharp.Engineering.SystemTypes\PostSharp.Engineering.SystemTypes.csproj", "{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PostSharp.Engineering.McpApprovalServer", "src\PostSharp.Engineering.McpApprovalServer\PostSharp.Engineering.McpApprovalServer.csproj", "{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{79C98592-B228-448D-B590-95FD9C8E3123}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{79C98592-B228-448D-B590-95FD9C8E3123}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{79C98592-B228-448D-B590-95FD9C8E3123}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{79C98592-B228-448D-B590-95FD9C8E3123}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E7879F3E-FEE6-4E89-A265-52A1297BBCBC}.Release|Any CPU.Build.0 = Release|Any CPU
+		{53B2C52E-9095-4D49-8C34-5507BB941EE6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{53B2C52E-9095-4D49-8C34-5507BB941EE6}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{53B2C52E-9095-4D49-8C34-5507BB941EE6}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{53B2C52E-9095-4D49-8C34-5507BB941EE6}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B6DB99A8-CF03-44CB-9C5E-2FEC7888DA3E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {EE2C48C5-7AD7-4852-A39D-A3C5C94000A9}
+	EndGlobalSection
+EndGlobal

PostSharp.Engineering.sln

@@ -0,0 +1,53 @@
+# StartMcp.ps1 - Builds and runs the MCP Approval Server from a temp folder to avoid file locks
+
+param(
+    [switch]$NoBuild,
+    [switch]$Debug
+)
+
+$ErrorActionPreference = "Stop"
+
+$projectPath = "$PSScriptRoot\src\PostSharp.Engineering.McpApprovalServer\PostSharp.Engineering.McpApprovalServer.csproj"
+$outputPath = "$PSScriptRoot\src\PostSharp.Engineering.McpApprovalServer\bin\Debug\net8.0-windows"
+$tempPath = "$env:LOCALAPPDATA\PostSharp\McpApprovalServer\bin"
+$exeName = "PostSharp.Engineering.McpApprovalServer.exe"
+
+# Kill any running instance
+$existingProcess = Get-Process -Name "PostSharp.Engineering.McpApprovalServer" -ErrorAction SilentlyContinue
+if ($existingProcess) {
+    Write-Host "Stopping existing MCP server process..." -ForegroundColor Yellow
+    $existingProcess | Stop-Process -Force
+    Start-Sleep -Milliseconds 500
+}
+
+# Build unless -NoBuild is specified
+if (-not $NoBuild) {
+    Write-Host "Building MCP Approval Server..." -ForegroundColor Cyan
+    $buildArgs = @("build", $projectPath, "-c", "Debug")
+    if (-not $Debug) {
+        $buildArgs += "-v:q"
+    }
+    & dotnet @buildArgs
+    if ($LASTEXITCODE -ne 0) {
+        Write-Host "Build failed!" -ForegroundColor Red
+        exit 1
+    }
+    Write-Host "Build succeeded." -ForegroundColor Green
+}
+
+# Ensure temp directory exists
+if (-not (Test-Path $tempPath)) {
+    New-Item -ItemType Directory -Path $tempPath -Force | Out-Null
+}
+
+# Copy all files to temp folder
+Write-Host "Copying to $tempPath..." -ForegroundColor Cyan
+Copy-Item -Path "$outputPath\*" -Destination $tempPath -Recurse -Force
+
+# Start the server
+$exePath = Join-Path $tempPath $exeName
+Write-Host "Starting MCP server from $exePath..." -ForegroundColor Cyan
+Start-Process -FilePath $exePath
+
+Write-Host "MCP Approval Server started." -ForegroundColor Green
+Write-Host "Logs: $env:LOCALAPPDATA\PostSharp\McpApprovalServer\audit\" -ForegroundColor Gray

StartMcp.ps1

@@ -20,14 +20,6 @@ if ($env:RUNNING_IN_DOCKER -ne "true")
 $mcpConfigArg = ""
 if ($McpPort -gt 0)
 {
-    # Get MCP secret from environment variable
-    $mcpSecret = $env:MCP_APPROVAL_SERVER_TOKEN
-    if ( [string]::IsNullOrEmpty($mcpSecret))
-    {
-        Write-Error "MCP_APPROVAL_SERVER_TOKEN environment variable is not set. Cannot authenticate to MCP server."
-        exit 1
-    }
-
     # On Windows containers, host.docker.internal doesn't resolve.
     # Use the default gateway IP which points to the host.
     $hostIp = (Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Select-Object -First 1).NextHop
@@ -38,20 +30,17 @@ if ($McpPort -gt 0)
     }
     Write-Host "Host IP (gateway): $hostIp" -ForegroundColor Cyan
 
-    # Use HTTP Streamable transport (not SSE) with Bearer token authentication
+    # Use HTTP Streamable transport - no authentication needed (server binds to localhost)
     $mcpUrl = "http://${hostIp}:$McpPort"
-    Write-Host "Configuring MCP approval server with Bearer token authentication" -ForegroundColor Cyan
+    Write-Host "Configuring MCP approval server at $mcpUrl" -ForegroundColor Cyan
 
-    # Create temporary MCP config file with Bearer token authentication
+    # Create temporary MCP config file (no authentication header - server binds to localhost only)
     $mcpConfigPath = "$env:TEMP\mcp-config.json"
     $mcpConfig = @{
         'mcpServers' = @{
             'host-approval' = @{
                 'type' = 'http'
                 'url' = $mcpUrl
-                'headers' = @{
-                    'Authorization' = "Bearer $mcpSecret"
-                }
             }
         }
     }