Skip MCP server connections in untrusted folders (#7358)

2026-04-30 06:54:15 -07:00 · 2025-08-28 15:46:27 -07:00
parent f00cf42f69
commit a0fbe000ee
7 changed files with 179 additions and 16 deletions
@@ -10,6 +10,7 @@ import { McpClient } from './mcp-client.js';
 import type { ToolRegistry } from './tool-registry.js';
 import type { PromptRegistry } from '../prompts/prompt-registry.js';
 import type { WorkspaceContext } from '../utils/workspaceContext.js';
+import type { Config } from '../config/config.js';

 vi.mock('./mcp-client.js', async () => {
  const originalModule = await vi.importActual('./mcp-client.js');
@@ -47,8 +48,64 @@ describe('McpClientManager', () => {
      false,
      {} as WorkspaceContext,
    );
-    await manager.discoverAllMcpTools();
+    await manager.discoverAllMcpTools({
+      isTrustedFolder: () => true,
+    } as unknown as Config);
    expect(mockedMcpClient.connect).toHaveBeenCalledOnce();
    expect(mockedMcpClient.discover).toHaveBeenCalledOnce();
  });
+
+  it('should discover tools if isTrustedFolder is undefined', async () => {
+    const mockedMcpClient = {
+      connect: vi.fn(),
+      discover: vi.fn(),
+      disconnect: vi.fn(),
+      getStatus: vi.fn(),
+    };
+    vi.mocked(McpClient).mockReturnValue(
+      mockedMcpClient as unknown as McpClient,
+    );
+    const manager = new McpClientManager(
+      {
+        'test-server': {},
+      },
+      '',
+      {} as ToolRegistry,
+      {} as PromptRegistry,
+      false,
+      {} as WorkspaceContext,
+    );
+    await manager.discoverAllMcpTools({
+      isTrustedFolder: () => undefined,
+    } as unknown as Config);
+    expect(mockedMcpClient.connect).toHaveBeenCalledOnce();
+    expect(mockedMcpClient.discover).toHaveBeenCalledOnce();
+  });
+
+  it('should not discover tools if folder is not trusted', async () => {
+    const mockedMcpClient = {
+      connect: vi.fn(),
+      discover: vi.fn(),
+      disconnect: vi.fn(),
+      getStatus: vi.fn(),
+    };
+    vi.mocked(McpClient).mockReturnValue(
+      mockedMcpClient as unknown as McpClient,
+    );
+    const manager = new McpClientManager(
+      {
+        'test-server': {},
+      },
+      '',
+      {} as ToolRegistry,
+      {} as PromptRegistry,
+      false,
+      {} as WorkspaceContext,
+    );
+    await manager.discoverAllMcpTools({
+      isTrustedFolder: () => false,
+    } as unknown as Config);
+    expect(mockedMcpClient.connect).not.toHaveBeenCalled();
+    expect(mockedMcpClient.discover).not.toHaveBeenCalled();
+  });
 });