Skip to content

feat(mcp): upgrade rmcp 1.2→1.3, add per-server trust level and tool allowlist#2213

Merged
bug-ops merged 1 commit intomainfrom
rmcp-1-3-mcp-auth
Mar 27, 2026
Merged

feat(mcp): upgrade rmcp 1.2→1.3, add per-server trust level and tool allowlist#2213
bug-ops merged 1 commit intomainfrom
rmcp-1-3-mcp-auth

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented Mar 27, 2026

Summary

  • Bumps rmcp to 1.3.0 (released 2026-03-26); fixes oauth.rs tests broken by AuthorizationMetadata becoming #[non_exhaustive] in rmcp 1.3
  • Adds McpTrustLevel enum (Trusted/Untrusted/Sandboxed) and tool_allowlist: Vec<String> to McpServerConfig, replacing the internal trusted: bool field on ServerEntry
  • Centralizes tool ingestion in ingest_tools() enforcing sanitize-before-filter invariant at all ingestion sites
  • Untrusted server with no allowlist: all tools exposed + warning visible in TUI/CLI/Telegram via status_tx
  • Sandboxed server with no allowlist: fail-closed (zero tools)
  • Adds --migrate-config step 3 (migrate_mcp_trust_levels) for existing configs
  • Updates --init wizard with trust level prompt
  • Adds 14 new unit tests (9 for ingest_tools, 5 for migration)

Breaking changes

ServerEntry.trusted: bool removed; replaced by trust_level: McpTrustLevel. Configs without trust_level are handled by the migration step.

Test plan

  • cargo nextest run --config-file .github/nextest.toml --workspace --features full --lib --bins — 6610 passed
  • cargo clippy --workspace --features full -- -D warnings — 0 new warnings (pre-existing warnings in sanitize.rs/client.rs unrelated to this PR)
  • cargo +nightly fmt --check — clean

Closes #2188
Partially closes #2178

@github-actions github-actions bot added documentation Improvements or additions to documentation rust Rust code changes core zeph-core crate dependencies Dependency updates config Configuration file changes enhancement New feature or request size/XL Extra large PR (500+ lines) labels Mar 27, 2026
@bug-ops bug-ops enabled auto-merge (squash) March 27, 2026 07:56
@bug-ops
feat(mcp): upgrade rmcp 1.2→1.3, add per-server trust level and tool …
d372bea 
…allowlist

Closes #2188. Partially closes #2178.

- Bump rmcp dependency to 1.3.0; fix oauth.rs tests broken by
  AuthorizationMetadata becoming #[non_exhaustive] in rmcp 1.3
- Add McpTrustLevel enum (Trusted/Untrusted/Sandboxed) to McpServerConfig;
  remove trusted: bool from ServerEntry (pre-v1.0 breaking change)
- Add tool_allowlist: Vec<String> to McpServerConfig; empty allowlist on
  Untrusted server logs a warning visible in TUI/CLI/Telegram via status_tx
- Centralize tool ingestion in ingest_tools() enforcing sanitize-before-filter
  invariant across all three ingestion sites
- Add migrate_mcp_trust_levels() migration step (--migrate-config step 3)
  preserving existing server entries without data loss
- Update --init wizard with trust level prompt for remote MCP servers
- Add 9 unit tests for ingest_tools() and 5 tests for migration function
@bug-ops bug-ops force-pushed the rmcp-1-3-mcp-auth branch from f4d0532 to d372bea Compare March 27, 2026 08:01
@bug-ops bug-ops merged commit 38d2721 into main Mar 27, 2026
25 checks passed
@bug-ops bug-ops deleted the rmcp-1-3-mcp-auth branch March 27, 2026 08:10
This was referenced Mar 27, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

config Configuration file changes core zeph-core crate dependencies Dependency updates documentation Improvements or additions to documentation enhancement New feature or request rust Rust code changes size/XL Extra large PR (500+ lines)

Projects

None yet

Milestone

No milestone

1 participant

@bug-ops