mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-01 20:01:35 +00:00
resolveMCPAllowlists now returns appsEnabled from the merged tenant-scoped config, so a tenant/role/user override of mcpSettings.apps reaches the registry's per-request resolution and callTool attaches no UI resource for users whose tenant disabled apps. Authorize app-driven resource reads in the canonical (fully percent-decoded) space the server resolves and reject any relative path segment, so a percent-encoded traversal such as %2e%2e%2f can no longer match an advertised template. Exact resources/list matches are unaffected. Trim narrating comments across the MCP Apps changes so the code is self-documenting. |
||
|---|---|---|
| .. | ||
| public | ||
| scripts | ||
| src | ||
| sw | ||
| test | ||
| babel.config.cjs | ||
| check_updates.sh | ||
| index.html | ||
| jest.config.cjs | ||
| nginx.conf | ||
| package.json | ||
| postcss.config.cjs | ||
| tailwind.config.cjs | ||
| tsconfig.json | ||
| vite.config.ts | ||