LibreChat/packages/data-provider/src
Dustin Healy ea75afc99a fix(mcp): harden MCP Apps host security and CJS compatibility
Reimplement the MCP Apps ui-meta helpers (RESOURCE_MIME_TYPE, getToolUiResourceUri,
isToolVisibilityModelOnly, isToolVisibilityAppOnly) in packages/api/src/mcp/apps.ts so
@librechat/api no longer imports the ESM-only @modelcontextprotocol/ext-apps from its CommonJS
build. ext-apps remains a client-only dependency, removing the require(ESM) boundary that throws
ERR_REQUIRE_ESM on Node versions without synchronous require(esm) support.

Add an mcpSettings.apps toggle (enabled unless explicitly false). Thread enableApps through
connection creation so the io.modelcontextprotocol/ui capability is advertised only when apps are
enabled, and gate the resource and app-tool-call routes with a requireMCPAppsEnabled middleware.

Authorize app-driven resources/read against the resources and templates a server advertises, so a
sandboxed app cannot proxy arbitrary uris. ui:// resources stay allowed and the check fails closed.

Render MCP apps in shared and search transcripts display-only by withholding the host-bound bridge
handlers and capabilities in read-only views, so an embedded app cannot call tools or read
resources with the viewer's auth while the stored tool result still renders.
2026-06-28 21:56:28 -07:00
..
react-query 🔖 fix: Decrement Bookmark Counts When Deleting Conversations (#13830) 2026-06-18 08:37:08 -04:00
types 🪢 fix: Paginate MCP tools/list to Load All Tools (#13840) 2026-06-20 11:04:06 -04:00
accessPermissions.ts 🔗 feat: Add Granular Access Control to Shared Links via ACL System (#13051) 2026-06-03 14:17:17 -04:00
actions.ts 🛡️ fix: Implement TOCTOU-Safe SSRF Protection for Actions and MCP (#11722) 2026-02-11 22:09:58 -05:00
api-endpoints.ts 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
artifacts.ts
azure.ts
balance.spec.ts ⏱️ fix: Align Auto-Refill Next Date (#12980) 2026-05-06 21:40:18 -04:00
balance.ts ⏱️ fix: Align Auto-Refill Next Date (#12980) 2026-05-06 21:40:18 -04:00
bedrock.ts 🕐 feat: Add promptCacheTtl model parameter for 1h/5m cache duration (#13835) 2026-06-18 16:36:43 -04:00
cloudfront-config.spec.ts 🌩️ feat: Strict CloudFront signed cookie enforcement via requireSignedAccess (#13078) 2026-05-11 23:30:01 -04:00
codeEnvRef.spec.ts 🧱 refactor: typed CodeEnvRef + kind discriminator + principal-aware sandbox cache (#12960) 2026-05-08 12:29:43 -04:00
codeEnvRef.ts 🔐 feat: Mint Code API Auth Tokens (#13028) 2026-05-09 16:09:10 -04:00
config.spec.ts 🪨 fix: Preserve Bedrock Guardrail Config (#13381) 2026-05-28 21:38:53 -07:00
config.ts fix(mcp): harden MCP Apps host security and CJS compatibility 2026-06-28 21:56:28 -07:00
createPayload.ts 🕰️ feat: Resolve Agent Prompt Time Variables in User's Timezone (#13815) 2026-06-18 08:39:56 -04:00
data-service.ts 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
feedback.ts
file-config.spec.ts 🗜️ fix: Support Windows ZIP MIME Uploads (#13794) 2026-06-16 11:19:06 -04:00
file-config.ts 🗜️ fix: Support Windows ZIP MIME Uploads (#13794) 2026-06-16 11:19:06 -04:00
generate.ts feat: Model-Aware Max Output Tokens for Google/Gemini (#13390) 2026-05-29 08:09:32 -07:00
headers-helpers.ts 🍪 refactor: Refresh CloudFront Media Cookies (#13091) 2026-05-12 13:26:05 -04:00
index.ts 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
keys.ts refactor(mcp): drop ref-sync effects and cache app HTML via react-query 2026-06-25 13:12:13 -07:00
limits.ts 🧩 feat: Enable Model Spec Subagents (#13598) 2026-06-08 11:43:08 -04:00
mcp.ts 🔐 fix: Resolve Env Variables in MCP OAuth URL Fields (#13573) 2026-06-07 21:39:44 -04:00
messages.ts
models.ts 💬 feat: Conversation Starters for Model Specs (#13710) 2026-06-13 11:38:49 -04:00
parameterSettings.spec.ts feat: Model-Aware Max Output Tokens for Google/Gemini (#13390) 2026-05-29 08:09:32 -07:00
parameterSettings.ts 🪞 fix: Match Prompt Cache TTL Control to Region Combobox Styling (#13839) 2026-06-18 22:25:54 -04:00
parsers.ts 🐛 fix: resolve dayjs plugin ESM imports in data-provider (#13851) 2026-06-19 11:11:08 -04:00
permissions.ts 🔗 feat: Add Granular Access Control to Shared Links via ACL System (#13051) 2026-06-03 14:17:17 -04:00
request.ts 🎯 fix: Narrow Public Share 401 Bypass to the Share Endpoint Only (#12905) 2026-06-20 13:57:21 -04:00
roles.spec.ts 🔗 feat: Add Granular Access Control to Shared Links via ACL System (#13051) 2026-06-03 14:17:17 -04:00
roles.ts 🔗 feat: Add Granular Access Control to Shared Links via ACL System (#13051) 2026-06-03 14:17:17 -04:00
schemas.spec.ts 🗂️ feat: Add Private Chat Projects (#13467) 2026-06-03 15:29:18 -04:00
schemas.ts fix(mcp): bridge inline apps, forward full results, and close review gaps 2026-06-24 00:14:32 -07:00
types.ts 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
utils.ts 🧯 fix: Prevent Env-Variable Exfil. via Placeholder Injection (#12260) 2026-03-16 08:48:24 -04:00