Skip to content

feat:Add MCPToolFilter schema and extend MCP server invocation fields#214

Merged
HavenDV merged 1 commit intomainfrom
bot/update-openapi_202508212114
Aug 21, 2025
Merged

feat:Add MCPToolFilter schema and extend MCP server invocation fields#214
HavenDV merged 1 commit intomainfrom
bot/update-openapi_202508212114

Conversation

@HavenDV
Copy link
Copy Markdown
Contributor

@HavenDV HavenDV commented Aug 21, 2025
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • New Features
    • Add support for connecting to MCP servers via predefined service connectors (Dropbox, Gmail, Google Calendar/Drive, Microsoft Teams, Outlook Calendar/Email, SharePoint).
    • Support OAuth access tokens and custom HTTP headers for MCP connections.
  • Refactor
    • Standardize tool-approval configuration with a reusable MCP tool filter, including read-only and allowed tool names.
    • Make server URL optional; either a server URL or a connector can be provided.
  • Documentation
    • Update guidance to reflect connector usage, authentication/headers, and the either URL-or-connector requirement.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Aug 21, 2025
edited
Loading

Walkthrough

Introduces MCPToolFilter as a reusable schema and replaces prior inline tool filter definitions. Extends the MCP server invocation schema with authorization, connector_id, and headers. Adjusts required properties to allow either server_url or connector_id. Updates references for tool approval sections to use MCPToolFilter and refreshes descriptions.

Changes

Cohort / File(s) Summary
OpenAPI schema updates
src/libs/tryAGI.OpenAI/openapi.yaml		 Added MCPToolFilter schema; replaced inline tool filter usages with $ref. Extended MCP server object with authorization, connector_id (enum), and headers. Made server_url optional with one-of requirement vs connector_id. Updated tool approval (always/never) to reference MCPToolFilter and revised descriptions.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Client
  participant API as OpenAI-Compatible API
  participant Connector as Connector Service
  participant MCP as MCP Server

  Client->>API: Invoke MCP (server_label, type, server_url? / connector_id?, headers?, authorization?, tool_filter?)
  Note over API: Validate: require one of server_url or connector_id<br/>Validate MCPToolFilter schema (read_only, tool_names)

  alt Using connector_id
    API->>Connector: Connect(connector_id, auth token, headers)
    Connector->>MCP: Resolve/Route to service-specific MCP endpoint
  else Using server_url
    API->>MCP: Connect(server_url, headers, auth token)
  end

  API->>Client: Response / errors (validation, connectivity)

  Note over API,MCP: Tool approvals reference MCPToolFilter for allow/deny
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I thump my paw—new filters bloom,
Tool names sorted, banish gloom.
Headers packed, a token rides,
URL or connector guides.
In burrows of schemas, tidy and bright—
I hop through routes that now feel right. 🐇✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch bot/update-openapi_202508212114

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@HavenDV HavenDV merged commit 1ad6796 into main Aug 21, 2025
2 of 4 checks passed
@HavenDV HavenDV deleted the bot/update-openapi_202508212114 branch August 21, 2025 21:15
@coderabbitai coderabbitai Bot changed the title feat:@coderabbitai feat:Add MCPToolFilter schema and extend MCP server invocation fields Aug 21, 2025
coderabbitai[bot]
coderabbitai Bot reviewed Aug 21, 2025
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (3)
src/libs/tryAGI.OpenAI/openapi.yaml (3)

17744-17755: Future-proof connector_id or document update cadence

Hard-coding an enum of connector IDs is fine for strong validation, but it will break clients when new connectors ship. Either:

  • Document that this enum will evolve and may require frequent client updates, or
  • Switch to a relaxed validation (e.g., pattern: '^connector_[a-z0-9]+$') and move the known set to docs.

Example diff for the relaxed approach:

-        connector_id:
-          enum:
-            - connector_dropbox
-            - connector_gmail
-            - connector_googlecalendar
-            - connector_googledrive
-            - connector_microsoftteams
-            - connector_outlookcalendar
-            - connector_outlookemail
-            - connector_sharepoint
-          type: string
+        connector_id:
+          type: string
+          pattern: '^connector_[a-z0-9]+$'

17765-17773: Approval object semantics: precedence and completeness checks

Good move to reuse MCPToolFilter via $ref for always/never. Two follow-ups:

  • Define precedence if a tool matches both always and never (e.g., never overrides always).
  • Ensure the alternate string enum path includes both 'always' and 'never' (the snippet shows only 'always').

Proposed doc tweak:

               description: "Specify which of the MCP server's tools require approval. Can be
-`always`, `never`, or a filter object associated with tools
+`always`, `never`, or an object with `always`/`never` filters. If a tool matches both,
+`never` takes precedence. This setting determines which tools require user approval
 that require approval.\n"

Please confirm that the accompanying string variant enum includes both:

  • always
  • never

17834-17848: MCPToolFilter: add constraints and clarify AND/OR semantics

The schema looks good. Two refinements:

  • Enforce uniqueness and non-empty tool_names.
  • Clarify whether multiple fields are combined with AND (recommended) or OR when both are provided.

Apply:

       MCPToolFilter:
         title: MCP tool filter
         type: object
         properties:
           read_only:
             type: boolean
             description: "Indicates whether or not a tool modifies data or is read-only. If an
 MCP server is [annotated with `readOnlyHint`](https://modelcontextprotocol.io/specification/2025-06-18/schema#toolannotations-readonlyhint),
 it will match this filter.\n"
           tool_names:
             title: MCP allowed tools
             type: array
             items:
               type: string
-            description: List of allowed tool names.
+            description: List of allowed tool names.
+            minItems: 1
+            uniqueItems: true
         additionalProperties: false
-        description: "A filter object to specify which tools are allowed.\n"
+        description: "A filter object to specify which tools are allowed. When multiple fields are provided, they are combined with logical AND."

Defining this as a reusable schema is a solid improvement in consistency.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e5ae227 and 436bd20.

⛔ Files ignored due to path filters (13)
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI..JsonSerializerContext.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.JsonConverters.MCPToolConnectorId.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.JsonConverters.MCPToolConnectorIdNullable.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.JsonSerializerContextTypes.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPTool.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPToolConnectorId.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPToolFilter.Json.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPToolFilter.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPToolRequireApprovalEnum.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPToolRequireApprovalEnumAlways.Json.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPToolRequireApprovalEnumAlways.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPToolRequireApprovalEnumNever.Json.g.cs is excluded by !**/generated/**
  • src/libs/tryAGI.OpenAI/Generated/tryAGI.OpenAI.Models.MCPToolRequireApprovalEnumNever.g.cs is excluded by !**/generated/**
📒 Files selected for processing (1)
  • src/libs/tryAGI.OpenAI/openapi.yaml (4 hunks)
🔇 Additional comments (2)
src/libs/tryAGI.OpenAI/openapi.yaml (2)

17735-17741: No invalid union here: anyOf already wraps the array and the filter object

The snippet around lines 17735–17741 shows you’re using an anyOf composition on allowed_tools, which is valid OpenAPI 3.x syntax and will be accepted by standard validators. The original comment—which assumed a bare array followed by a dangling $ref—doesn’t match the current code.

• The union is correctly modelled under anyOf:

allowed_tools:
  anyOf:
    - title: MCP allowed tools
      type: array
      items:
        type: string
      description: A string array of allowed tool names
    - $ref: '#/components/schemas/MCPToolFilter'
  description: "List of allowed tool names or a filter object.\n"
  nullable: true

• If you need exclusive “either array or object” semantics, you may opt to replace anyOf with oneOf. Otherwise, no change is needed.

Please disregard the original suggestion to “add a oneOf around array vs. MCPToolFilter,” since the schema is already valid as written.

Likely an incorrect or invalid review comment.

17786-17792: Indentation Verified: oneOf aligns with schema‐level keys
The parent schema’s keys (type, properties, description) are indented 6 spaces. The proposed oneOf: block also uses 6 spaces, so it will be placed correctly at the schema level.
No linter errors are expected when applying the patch as-is.

Comment thread src/libs/tryAGI.OpenAI/openapi.yaml
Comment on lines +17741 to +17744
authorization:
type: string
description: "An OAuth access token that can be used with a remote MCP server, either \nwith a custom MCP server URL or a service connector. Your application\nmust handle the OAuth authorization flow and provide the token here.\n"
connector_id:
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

authorization should be writeOnly and clarified vs. headers.Authorization

Storing raw access tokens in a data object is acceptable here, but:

  • Mark it writeOnly to avoid accidental echoes in responses.
  • Clarify precedence if both this field and headers.Authorization are supplied.

Apply:

         authorization:
           type: string
-          description: "An OAuth access token that can be used with a remote MCP server, either 
+          writeOnly: true
+          minLength: 1
+          description: "An OAuth access token that can be used with a remote MCP server, either 
 with a custom MCP server URL or a service connector. Your application
 must handle the OAuth authorization flow and provide the token here.
+If both this field and `headers.Authorization` are present, `authorization` takes precedence."
🤖 Prompt for AI Agents 
In src/libs/tryAGI.OpenAI/openapi.yaml around lines 17741 to 17744, the schema's
authorization field needs to be marked writeOnly and its description updated to
clarify precedence versus headers.Authorization; change the field to include
writeOnly: true and update the description to state that this token will not be
returned in responses and that if both this authorization field and
headers.Authorization are provided, headers.Authorization takes precedence (or
vice versa depending on desired behavior), so callers know which value will be
used. Ensure the OpenAPI description explicitly documents the precedence and
that writeOnly is applied so tools and responses won't echo the token.

Comment thread src/libs/tryAGI.OpenAI/openapi.yaml
Comment on lines 17756 to 17758
headers:
type: object
additionalProperties:
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

❓ Verification inconclusive

headers.additionalProperties has no schema value (invalid in OAS)

additionalProperties is present but empty. OpenAPI requires a boolean or a schema. This will fail validation.

Apply:

         headers:
           type: object
-          additionalProperties:
+          additionalProperties:
+            type: string
+          description: "Arbitrary HTTP headers to include when calling the MCP server."

Optional: Document that header names are case-insensitive and will be canonicalized by the client.

Re-run the validator after this change (see previous script).

Critical: Define a schema for headers.additionalProperties

OpenAPI requires that additionalProperties be either a boolean or a Schema Object (it cannot be left empty). An empty additionalProperties: is treated as a null value, which will fail OpenAPI validation.

Please apply the following change to ensure headers may safely accept arbitrary string‐valued headers:

• File: src/libs/tryAGI.OpenAI/openapi.yaml
• Around lines ~17756

      headers:
        type: object
-       additionalProperties:
+       additionalProperties:
+         type: string
+       description: "Arbitrary HTTP headers to include when calling the MCP server."

Optional nit: note in your docs that header names are case-insensitive and will be canonicalized by the client.

After applying this change, re-run your OpenAPI validator to confirm the schema is now valid.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
headers:
type: object
additionalProperties:
headers:
type: object
additionalProperties:
type: string
description: "Arbitrary HTTP headers to include when calling the MCP server."
🤖 Prompt for AI Agents 
In src/libs/tryAGI.OpenAI/openapi.yaml around lines 17756-17758 the headers
object currently has an empty additionalProperties entry which is invalid;
update it so additionalProperties is a Schema Object that allows arbitrary
string-valued header entries (e.g. set additionalProperties to a schema with
type: string and optional description), add an optional note in the headers
description that header names are case-insensitive and will be canonicalized by
the client, and re-run the OpenAPI validator to confirm the schema is valid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

+1 more reviewer

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HavenDV