ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-01 08:13:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance security measures for MCP server interactions

Browse Source 
- Restricted CORS to localhost origins to prevent remote code execution (RCE) attacks.
- Updated MCP server configuration handling to enforce security warnings when adding or importing servers.
- Introduced a SecurityWarningDialog to inform users about potential risks associated with server commands and configurations.
- Ensured that only serverId is accepted for testing server connections, preventing arbitrary command execution.

These changes improve the overall security posture of the MCP server management and usage.
This commit is contained in:
Test User
2025-12-28 22:38:29 -05:00
parent 3c719f05a1
commit 0e1e855cc5
13 changed files with 310 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libs/types/src/settings.ts
View File

@@ -520,6 +520,8 @@ export const DEFAULT_GLOBAL_SETTINGS: GlobalSettings = {
autoLoadClaudeMd: false,
enableSandboxMode: true,
mcpServers: [],
// Default to true for autonomous workflow. Security is enforced when adding servers
// via the security warning dialog that explains the risks.
mcpAutoApproveTools: true,
mcpUnrestrictedTools: true,
};