You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create and execute the staged MCP robustness roadmap for SimpleChat, starting with Track A Phase 1 outbound MCP plugin hardening and carrying forward the enterprise-ready plan for a future inbound SimpleChat MCP server.
This issue is based on docs/explanation/features/MCP_PLUGIN_ROBUSTNESS_PLAN.md and incorporates review of PR #722 as prototype/context only. PR #722 should inform the initial inbound tool set and PRM/bearer-token requirements, but its external MCP server implementation should not be copied directly because it is not robust, scalable, or enterprise-ready enough for production.
Improves reliability for outbound MCP actions, especially Splunk/token-based streamable_http servers.
Reduces secret leakage, auth ambiguity, endpoint misconfiguration, and diagnostics gaps in MCP actions.
Establishes a safe roadmap for exposing SimpleChat as an inbound MCP server without bypassing existing governance, workspace roles, or enterprise security boundaries.
Gives admins a clear path to govern MCP clients, tools, scopes, and future group/public workspace access.
Plan Overview
Track A: Outbound MCP Plugin Robustness
SimpleChat acts as an MCP client that connects to external MCP servers.
Phase 1: Baseline hardening for Splunk and token-based MCP
Add a Splunk-friendly preset/profile.
Add safe custom HTTP headers.
Improve endpoint and transport validation.
Add timeout/retry controls.
Improve error classification and redaction.
Add focused functional and UI tests.
Phase 2: Capability probe and tool metadata robustness
Add compatibility probe/discovery mode.
Preserve richer tool metadata.
Add opt-in argument schema validation.
Add result-size policies.
Add UI warnings for discovery/tool issues.
Phase 3: TLS and enterprise network options
Confirm connector support first.
Prefer OS/container trust store guidance.
Add certificate references only through Key Vault/workspace identity patterns if supported.
Phase 4: OAuth 2.1 PKCE
Add explicit OAuth fields and callback flows.
Keep external MCP OAuth token storage separate from the app sign-in MSAL cache.
Store secrets/tokens securely and add redaction/tests.
Phase 5: Advanced MCP features
Prompts/resources only after UX design.
Streaming/large-result handling after result policies are stable.
Long-running calls only with persisted jobs and cleanup/retention rules.
Track B: Inbound SimpleChat MCP Server
SimpleChat exposes a governed MCP server surface for approved MCP clients.
Phase B0: Architecture decision
Decide first production hosting model.
Prefer a first-class SimpleChat component/service layer initially.
Keep business logic behind reusable auth-aware tool services.
Start with streamable HTTP.
Phase B1: Auth foundation and PRM
Add a dedicated inbound MCP auth guard.
Do not broaden the shared accesstoken_required external-route decorator.
Validate token issuer, tenant, expiration, and audience.
Require a dedicated role/scope and approved caller app ID.
Do not rely on process-local token/session caches for production auth state.
Do not expose group, public, or all-scope inbound MCP tools in the first inbound slice.
Do not ship user-data inbound tools until token audience/issuer validation, client allowlisting, governance, and delegated-user isolation are complete.
Keep all browser JavaScript/CSS assets local and CSP-compatible if UI changes are needed.
Suggested Labels / Triage
Priority: P1
Size: XL
Labels: enhancement, security_improvement
Implementation Issue Breakdown
Use this issue as the parent/epic. The implementation work is split into the following focused issues so each slice can be reviewed, implemented, and validated independently:
Summary
Create and execute the staged MCP robustness roadmap for SimpleChat, starting with Track A Phase 1 outbound MCP plugin hardening and carrying forward the enterprise-ready plan for a future inbound SimpleChat MCP server.
This issue is based on
docs/explanation/features/MCP_PLUGIN_ROBUSTNESS_PLAN.mdand incorporates review of PR #722 as prototype/context only. PR #722 should inform the initial inbound tool set and PRM/bearer-token requirements, but its external MCP server implementation should not be copied directly because it is not robust, scalable, or enterprise-ready enough for production.Related context:
docs/explanation/features/MCP_PLUGIN_ROBUSTNESS_PLAN.mdUser Value
streamable_httpservers.Plan Overview
Track A: Outbound MCP Plugin Robustness
SimpleChat acts as an MCP client that connects to external MCP servers.
Phase 1: Baseline hardening for Splunk and token-based MCP
Phase 2: Capability probe and tool metadata robustness
Phase 3: TLS and enterprise network options
Phase 4: OAuth 2.1 PKCE
Phase 5: Advanced MCP features
Track B: Inbound SimpleChat MCP Server
SimpleChat exposes a governed MCP server surface for approved MCP clients.
Phase B0: Architecture decision
Phase B1: Auth foundation and PRM
accesstoken_requiredexternal-route decorator..well-known/oauth-protected-resourcemetadata.Phase B2: Governance, roles, and tool policy
Phase B3: Initial read-only personal tools
show_user_profilelist_conversationsget_conversation_messageslist_personal_documentslist_personal_promptssearch_personal_documentslist_agent_template_tagsPhase B4: Personal chat write tool
send_personal_chat_messageonly after read-only tools, auth, governance, telemetry, and tests are stable.Phase B5: Deferred group/public/all-scope tools
Phase B6: Enterprise readiness
Phase 1 Kickoff Scope
Start implementation with Track A Phase 1 only:
custom_headerssupport in MCPadditionalFields.McpPluginFactory._build_headers, with auth headers winning by default.streamable_http,sse, andwebsockettransports.stdiois only available for admin-managed global actions.application/single_app/config.pyversion when code changes are made.Acceptance Criteria
streamable_httpMCP setup is easier and safer to configure.Risks And Guardrails
UserorAdminroles for inbound MCP.Suggested Labels / Triage
enhancement,security_improvementImplementation Issue Breakdown
Use this issue as the parent/epic. The implementation work is split into the following focused issues so each slice can be reviewed, implemented, and validated independently:
Recommended Execution Order For Today
Project Metadata Target