LibreChat/api/server/services
Dustin Healy ea75afc99a fix(mcp): harden MCP Apps host security and CJS compatibility
Reimplement the MCP Apps ui-meta helpers (RESOURCE_MIME_TYPE, getToolUiResourceUri,
isToolVisibilityModelOnly, isToolVisibilityAppOnly) in packages/api/src/mcp/apps.ts so
@librechat/api no longer imports the ESM-only @modelcontextprotocol/ext-apps from its CommonJS
build. ext-apps remains a client-only dependency, removing the require(ESM) boundary that throws
ERR_REQUIRE_ESM on Node versions without synchronous require(esm) support.

Add an mcpSettings.apps toggle (enabled unless explicitly false). Thread enableApps through
connection creation so the io.modelcontextprotocol/ui capability is advertised only when apps are
enabled, and gate the resource and app-tool-call routes with a requireMCPAppsEnabled middleware.

Authorize app-driven resources/read against the resources and templates a server advertises, so a
sandboxed app cannot proxy arbitrary uris. ui:// resources stay allowed and the check fails closed.

Render MCP apps in shared and search transcripts display-only by withholding the host-bound bridge
handlers and capabilities in read-only views, so an embedded app cannot call tools or read
resources with the viewer's auth while the stored tool result still renders.
2026-06-28 21:56:28 -07:00
..
__tests__
Artifacts
Config
Endpoints
Files
Runs
Skills
start
Threads
Tools
ActionService.js
ActionService.spec.js
AssistantService.js
AuthService.js
AuthService.spec.js
cleanup.js
createRunBody.js
GraphApiService.js
GraphApiService.spec.js
GraphTokenService.js
initializeMCPs.js
initializeMCPs.spec.js
initializeOAuthReconnectManager.js
MCP.js
MCP.spec.js
MCPRequestContext.js
OboPolicyService.js
OboTokenService.js
OboTokenService.spec.js
PermissionService.js
PermissionService.spec.js
PluginService.js
systemGrant.spec.js
ToolService.js
twoFactorService.js