From d13ba0162ae5d6d200b3e4509e691b57e0a27dda Mon Sep 17 00:00:00 2001 From: Antonio Scandurra Date: Fri, 29 Aug 2025 12:44:47 +0200 Subject: [PATCH] Require authorization for MCP tools (#37155) Release Notes: - Fixed a regression that caused MCP tools to run without requesting authorization first. --- crates/agent2/src/tests/mod.rs | 1 + crates/agent2/src/tools/context_server_registry.rs | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/crates/agent2/src/tests/mod.rs b/crates/agent2/src/tests/mod.rs index fbeee46a484a71742dd4ce52b537bebb5da91924..4527cdb056164efa8e3bc81c19969a3fa02d7036 100644 --- a/crates/agent2/src/tests/mod.rs +++ b/crates/agent2/src/tests/mod.rs @@ -950,6 +950,7 @@ async fn test_mcp_tools(cx: &mut TestAppContext) { paths::settings_file(), json!({ "agent": { + "always_allow_tool_actions": true, "profiles": { "test": { "name": "Test Profile", diff --git a/crates/agent2/src/tools/context_server_registry.rs b/crates/agent2/src/tools/context_server_registry.rs index c7963fa6e6e14ffa34d076dc2ca5dbdc23c78cab..e13f47fb2399d7408c5047ff6491ce2d2e76d948 100644 --- a/crates/agent2/src/tools/context_server_registry.rs +++ b/crates/agent2/src/tools/context_server_registry.rs @@ -169,15 +169,18 @@ impl AnyAgentTool for ContextServerTool { fn run( self: Arc, input: serde_json::Value, - _event_stream: ToolCallEventStream, + event_stream: ToolCallEventStream, cx: &mut App, ) -> Task> { let Some(server) = self.store.read(cx).get_running_server(&self.server_id) else { return Task::ready(Err(anyhow!("Context server not found"))); }; let tool_name = self.tool.name.clone(); + let authorize = event_stream.authorize(self.initial_title(input.clone()), cx); cx.spawn(async move |_cx| { + authorize.await?; + let Some(protocol) = server.client() else { bail!("Context server not initialized"); };