Add OpenAI MCP server ownership verification route (#62)

Serve the OpenAI verification token at `/.well-known/openai-apps-challenge`
to complete the app validation flow for their MCP directory listing.

GitOrigin-RevId: 14efe30183c45bd8aac9444f52bced0cb60e6578

Author: metonym

cmd/server.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"log"
+	"net/http"
 	"os"
 
 	"github.com/mark3labs/mcp-go/server"
@@ -53,13 +54,26 @@ func Serve(transport string) *server.MCPServer {
 			log.Print("using in-memory session store\n")
 			sessionStore = session.NewInMemoryStore()
 		}
-		err := server.
-			NewStreamableHTTPServer(s, server.WithHTTPContextFunc(multicontext.MultiHTTPContextFunc(
-				session.ContextWithHTTPSession(sessionStore),
-				authn.ContextWithAPITokenFromHeader,
-				httpcontext.ContextWithHTTPRequest,
-			))).
-			Start(":10000")
+		streamableServer := server.NewStreamableHTTPServer(s, server.WithHTTPContextFunc(multicontext.MultiHTTPContextFunc(
+			session.ContextWithHTTPSession(sessionStore),
+			authn.ContextWithAPITokenFromHeader,
+			httpcontext.ContextWithHTTPRequest,
+		)))
+
+		mux := http.NewServeMux()
+		mux.Handle("/mcp", streamableServer)
+		if token := os.Getenv("OPENAI_VERIFICATION_TOKEN"); token != "" {
+			mux.HandleFunc("/.well-known/openai-apps-challenge", func(w http.ResponseWriter, r *http.Request) {
+				w.Header().Set("Content-Type", "text/plain")
+				w.Write([]byte(token))
+			})
+		}
+
+		httpServer := &http.Server{
+			Addr:    ":10000",
+			Handler: mux,
+		}
+		err := httpServer.ListenAndServe()
 		if err != nil {
 			log.Fatalf("Starting Streamable server: %v\n:", err)
 		}

pkg/keyvalue/tools_test.go

@@ -3,6 +3,7 @@ package keyvalue
 import (
 	"context"
 	"net/http"
+	"path/filepath"
 	"testing"
 
 	"github.com/mark3labs/mcp-go/mcp"
@@ -64,7 +65,7 @@ func TestCreateKeyValueTool(t *testing.T) {
 				},
 			}, nil)
 
-			ctx := createTestContext(ownerId)
+			ctx := createTestContext(t, ownerId)
 
 			args := map[string]any{
 				"name": kvName,
@@ -91,7 +92,9 @@ func TestCreateKeyValueTool(t *testing.T) {
 	}
 }
 
-func createTestContext(workspaceID string) context.Context {
+func createTestContext(t *testing.T, workspaceID string) context.Context {
+	t.Helper()
+	t.Setenv("RENDER_CONFIG_PATH", filepath.Join(t.TempDir(), "mcp-server.yaml"))
 	ctx := session.ContextWithStdioSession(context.Background())
 	sess := session.FromContext(ctx)
 	sess.SetWorkspace(ctx, workspaceID)

pkg/metrics/test_helpers.go

@@ -3,6 +3,7 @@ package metrics
 import (
 	"context"
 	"net/http"
+	"path/filepath"
 	"time"
 
 	"github.com/render-oss/render-mcp-server/pkg/client"
@@ -86,10 +87,11 @@ type MetricsTestSuite struct {
 }
 
 func (s *MetricsTestSuite) SetupTest() {
+	s.T().Setenv("RENDER_CONFIG_PATH", filepath.Join(s.T().TempDir(), "mcp-server.yaml"))
 	s.mockClient = &MockClientWithResponses{}
 	s.repo = NewRepo(s.mockClient)
 	s.ctx = session.ContextWithStdioSession(context.Background())
-	
+
 	// Set up a workspace for tests
 	sess := session.FromContext(s.ctx)
 	err := sess.SetWorkspace(s.ctx, "test-workspace-123")

pkg/postgres/tools_test.go

@@ -3,6 +3,7 @@ package postgres
 import (
 	"context"
 	"net/http"
+	"path/filepath"
 	"testing"
 
 	"github.com/mark3labs/mcp-go/mcp"
@@ -65,7 +66,7 @@ func TestCreatePostgresTool(t *testing.T) {
 				},
 			}, nil)
 
-			ctx := createTestContext(ownerId)
+			ctx := createTestContext(t, ownerId)
 
 			args := map[string]any{
 				"name": dbName,
@@ -92,7 +93,9 @@ func TestCreatePostgresTool(t *testing.T) {
 	}
 }
 
-func createTestContext(workspaceID string) context.Context {
+func createTestContext(t *testing.T, workspaceID string) context.Context {
+	t.Helper()
+	t.Setenv("RENDER_CONFIG_PATH", filepath.Join(t.TempDir(), "mcp-server.yaml"))
 	ctx := session.ContextWithStdioSession(context.Background())
 	sess := session.FromContext(ctx)
 	sess.SetWorkspace(ctx, workspaceID)

pkg/service/tools_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"path/filepath"
 	"testing"
 
 	"github.com/mark3labs/mcp-go/mcp"
@@ -201,7 +202,7 @@ func TestCreateWebServiceTool(t *testing.T) {
 				},
 			}, nil)
 
-			ctx := createTestContext(ownerId)
+			ctx := createTestContext(t, ownerId)
 
 			args := map[string]any{
 				"name":         serviceName,
@@ -373,7 +374,7 @@ func TestCreateCronJobTool(t *testing.T) {
 			}, nil)
 
 			// Create a test context with a session
-			ctx := createTestContext(ownerId)
+			ctx := createTestContext(t, ownerId)
 
 			// Build the request
 			request := mcp.CallToolRequest{}
@@ -410,7 +411,9 @@ func TestCreateCronJobTool(t *testing.T) {
 }
 
 // createTestContext creates a test context with a session that has the given workspace ID
-func createTestContext(workspaceID string) context.Context {
+func createTestContext(t *testing.T, workspaceID string) context.Context {
+	t.Helper()
+	t.Setenv("RENDER_CONFIG_PATH", filepath.Join(t.TempDir(), "mcp-server.yaml"))
 	ctx := session.ContextWithStdioSession(context.Background())
 	sess := session.FromContext(ctx)
 	sess.SetWorkspace(ctx, workspaceID)

render.yaml

@@ -11,6 +11,8 @@ services:
   buildCommand: go build -tags netgo -ldflags '-s -w' -o app
   startCommand: ./app --transport http
   envVars:
+  - key: OPENAI_VERIFICATION_TOKEN
+    sync: false
   - key: REDIS_URL
     fromService:
       name: mcp-kv