Skip to content

feat: MCP AWS servers and proxy (ENG-103) #239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
betterclever merged 5 commits into from
Jan 30, 2026
Merged

feat: MCP AWS servers and proxy (ENG-103) #239

betterclever merged 5 commits into from
Jan 30, 2026

Conversation

@betterclever
Copy link
Contributor

@betterclever betterclever commented Jan 29, 2026

ENG-103 — MCP AWS Servers (CloudTrail + CloudWatch)

Summary

  • Add MCP stdio proxy (spec-compliant Streamable HTTP) and AWS MCP server images.
  • Add MCP runtime helper + AWS MCP components (tool-mode only) with credential bundle support.
  • Add MCP category and UI badges for MCP nodes; update colors + palette ordering.
  • Add workflow cleanup for MCP containers + managed volumes.

What changed

  • docker/mcp-stdio-proxy: streamable HTTP proxy using official SDK Server + stdio client.
  • docker/mcp-aws-cloudtrail, docker/mcp-aws-cloudwatch: images with AWS MCP servers installed.
  • MCP runtime helper in worker supports dynamic ports and localhost binding.
  • AWS MCP components now write shared credentials/config into isolated volumes.
  • New mcp category across backend + frontend; MCP badge on node header.
  • Cleanup activity removes MCP containers and managed volumes per run.

Testing

  • Manual: container boots, tools list/call via streamable HTTP, creds mounted OK.
  • Not run: full end-to-end workflow + UI validation.

Notes

  • Stacked on ENG-101/102.
  • Proxy currently bound to localhost only (per requirement).

Refs: ENG-103

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 29, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cd8746daec

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

backend/src/mcp/mcp-gateway.service.ts
Comment on lines +94 to +100
await Promise.all(
matchingEntries.map(async ([cacheKey, server]) => {
const allowedNodeIds =
cacheKey === runId ? undefined : cacheKey.split(':').slice(1).join(':').split(',');
const toolSet = this.registeredToolNames.get(cacheKey) ?? new Set<string>();
this.registeredToolNames.set(cacheKey, toolSet);
await this.registerTools(server, runId, undefined, allowedNodeIds, toolSet);
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve allowedTools filter when refreshing MCP servers

When a gateway session is initialized with an x-allowed-tools header, getServerForRun registers tools with that filter. The new refreshServersForRun path re-registers tools with allowedTools set to undefined, so any newly registered tools will be added to existing server instances even if they were created with a narrower tool list. This means clients that intentionally requested a limited tool set can see additional tools after any tool registration event, which breaks the expected scoping for those sessions. Consider storing the original allowedTools per cacheKey and passing it back into registerTools during refresh.

Useful? React with 👍 / 👎.

@betterclever betterclever force-pushed the eng-101/frontend-tool-mode-agent-ui branch from e0137cd to aead2e2 Compare January 30, 2026 08:43
@betterclever betterclever force-pushed the eng-103/aws-investigation-tools branch from cd8746d to 532d841 Compare January 30, 2026 08:44
@betterclever betterclever merged commit 1342d82 into eng-101/frontend-tool-mode-agent-ui Jan 30, 2026
2 of 3 checks passed
@betterclever betterclever deleted the eng-103/aws-investigation-tools branch January 30, 2026 08:45
@betterclever betterclever mentioned this pull request Jan 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@betterclever