feat(060): form-based settings page + partial-update PATCH /config#536
Merged
Conversation
Redesign the Web UI Configuration page from a raw Monaco JSON editor into prioritized, form-based sections: Security & Access / General / Advanced (subsystem accordions) / Raw JSON (Monaco kept) / Teams (server edition). Backend: new generic PATCH /api/v1/config that deep-merges only the fields the client sends onto the live config and routes through ApplyConfig. Starting from the real in-memory config means a section save never clobbers untouched fields or masked secrets (api_key, secret headers). Modeled on handlePatchDockerIsolation. Frontend: declarative field catalogue (fields.ts) drives SettingField + SettingsSection (per-section partial save, toast, restart/sensitive badges, danger-confirm dialogs). Settings.vue becomes the tab shell. data-test ids on all controls. Verified end-to-end (Playwright; Chrome ext unavailable): all sections render, partial save persists require_mcp_auth while preserving api_key, danger-confirm cancel prevents reveal_secret_headers, restart badges shown. Backend secret-preservation unit tests green. Relates to Spec 060.
Deploying mcpproxy-docs with
|
| Latest commit: |
a95f1c3
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://b20deadf.mcpproxy-docs.pages.dev |
| Branch Preview URL: | https://060-settings-page.mcpproxy-docs.pages.dev |
|
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
📦 Build ArtifactsWorkflow Run: View Run Available Artifacts
How to DownloadOption 1: GitHub Web UI (easiest)
Option 2: GitHub CLI gh run download 26646771079 --repo smart-mcp-proxy/mcpproxy-go
|
…dirty/discard Make the settings page genuinely useful for finding and reviewing options: - Cross-section search box: type to surface matching settings from every section (Security/General/Advanced/Teams) in one editable list. - Security posture summary: at-a-glance colour-coded chips (quarantine, MCP auth, Docker isolation, secret scan, code exec, read-only, reveal headers), flagging anything that warrants review. - Per-field dirty highlight (left accent + ● badge) and a per-section Discard button to revert unsaved changes. Relates to Spec 060.
…ed verification spec - Rewrote every setting's label and help text from the user's point of view: explain what each option does, how to use it, and the consequence (e.g. "Require API key for MCP clients" now explains clients send it as a Bearer token and points to the connect helper). - Added a "Connect a client" helper to the Security section that opens the shared ConnectModal, so users can register mcpproxy in their AI client's config right where they configure auth. - Committed the reproducible Playwright verification spec + config under specs/060/verification (spec only — screenshots/report stay local per policy). Relates to Spec 060.
setPath walked dot-path keys and assigned recursively without rejecting __proto__/prototype/constructor. Settings keys come from the static catalogue, but guard the generic helper so a crafted path can never pollute Object.prototype. Resolves CodeQL js/prototype-polluting-assignment. Relates to Spec 060.
Add an optional `docs` path to settings fields/accordions and render links: - per-field "docs ↗" on the options with a dedicated doc page (quarantine, Docker isolation, code execution, secret detection, routing mode, telemetry), - "Learn more ↗" on each Advanced subsystem accordion (incl. output validation/sanitisation, activity log), - "Full configuration reference ↗" in the page header. All target URLs verified to return 200 on docs.mcpproxy.app (served at root via the Docusaurus site). Verification spec asserts the field + reference links. Relates to Spec 060.
…date duration, name prompts API key field: - add a copy-to-clipboard button (with a transient ✓ + clipboard fallback); - regenerating the key now opens a confirmation dialog first (the value only changes after you confirm, and nothing persists until Save). Confirmations: - turning OFF "Anonymous usage telemetry" now asks for confirmation with an informational (non-alarming) tone explaining telemetry helps improve mcpproxy — new DangerSpec.tone:'info' (neutral styling, no "sensitive" badge). Validation: - duration fields (e.g. Tool call timeout) are validated against Go duration syntax; invalid input shows an inline error and blocks Save. Shared validateField() now gates both number and duration fields. Clarity: - "Expose MCP prompts" now names the built-in prompts (setup-new-mcp-server, troubleshoot-mcp-server). Verification spec extended to cover copy button, regen confirm, telemetry opt-out confirm, and duration validation. Relates to Spec 060.
Add format validation so users can't save values that break mcpproxy: - Listen address: must be a valid host:port (IPv4/hostname/[IPv6]:port, port 1–65535) — the critical field that previously accepted any string. - Docker memory_limit (bytesize), cpu_limit (positive number), registry (hostname) — validated, blank falls back to the Docker default. - API key: a non-empty key must be ≥16 chars (empty still = keep current). Shared validateField() drives a new `valueKind` (hostport/bytesize/cpu/ hostname/url/secretkey). Errors only surface — and only block Save — for fields the user has actually edited, so a pre-existing value never blocks saving unrelated changes. Verification spec covers the listen + duration cases. Relates to Spec 060.
The overview table listed `/mcp` as each mode's "Default MCP Endpoint", implying the mode maps to a distinct default path. All modes default to `/mcp`; the per-mode dedicated endpoints (/mcp/call, /mcp/all, /mcp/code) are documented in the Dedicated Endpoints section. Remove the confusing column and add a one-line pointer to that section.
Linked ../configuration.md (nonexistent) which failed the Docusaurus broken-links build gate. Point to the real configuration reference (../configuration/config-file.md).
CodeQL's js/prototype-pollution-utility didn't recognise the top-level Set.has(...) check as a barrier. Guard each traversal key (and the final key) with an explicit __proto__/prototype/constructor comparison, which CodeQL treats as a sanitising guard for the recursive property assignment.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Turns mcpproxy's large config surface into a friendly, prioritized Web UI Settings page, replacing the raw-JSON-only editor (kept as an escape hatch). Sections: Security & Access → General → Advanced (subsystem accordions) → Raw JSON (Monaco) → Teams (server edition only).
Backend
PATCH /api/v1/configdeep-merges only the fields the client sends onto the live config and routes through the existing ApplyConfig pipeline. Starting from the real in-memory config means a section save never clobbers untouched fields or masked secrets (api_key, secret headers). Modeled on handlePatchDockerIsolation; TDD secret-preservation + nested-merge tests.Frontend
Declarative field catalogue (fields.ts) drives SettingField + SettingsSection (per-section partial save, toast, restart/sensitive badges, danger-confirm dialogs). Settings.vue is the tab shell; Monaco kept as Raw JSON tab. Masked api_key with show/regenerate. data-test ids on all controls.
Verification (Chrome ext unavailable → Playwright + live API)
All sections render (Teams hidden in personal edition); partial save persisted require_mcp_auth=true while api_key was preserved (auth 200); danger-confirm cancel prevented reveal_secret_headers; restart/sensitive badges shown. Backend unit tests + frontend build green. QA report generated locally, not committed (project policy).
Known minor: ConfigApplyResult.changed_fields sometimes mislabels the changed key (pre-existing ApplyConfig diff quirk); values persist correctly.
Relates to Spec 060.