Summary
Implement Track A Phase 1 from #1013: baseline hardening for outbound MCP actions, with emphasis on Splunk/token-based streamable_http servers.
Scope
- Add a Splunk-friendly MCP preset/profile.
- Add safe
custom_headers support in MCP additionalFields.
- Validate custom header names with a strict allowlist.
- Redact custom header values in logs, API responses, UI summaries, and test artifacts.
- Merge custom headers with auth headers in
McpPluginFactory._build_headers, with auth headers winning by default.
- Improve endpoint and transport validation for
streamable_http, sse, and websocket.
- Preserve the restriction that
stdio is only available for admin-managed global actions.
- Add optional retry count/backoff settings for discovery and tool calls without changing existing defaults unexpectedly.
- Classify DNS/connect, TLS, authentication, MCP initialization, discovery, timeout, and tool execution failures.
- Extend schema/UI validation as needed.
- Add focused functional and UI tests.
- Bump
application/single_app/config.py version when code changes are made.
Acceptance Criteria
Notes
Parent: #1013
Planning doc: docs/explanation/features/MCP_PLUGIN_ROBUSTNESS_PLAN.md
Priority: P1
Size: L
Summary
Implement Track A Phase 1 from #1013: baseline hardening for outbound MCP actions, with emphasis on Splunk/token-based
streamable_httpservers.Scope
custom_headerssupport in MCPadditionalFields.McpPluginFactory._build_headers, with auth headers winning by default.streamable_http,sse, andwebsocket.stdiois only available for admin-managed global actions.application/single_app/config.pyversion when code changes are made.Acceptance Criteria
streamable_httpMCP setup is easier and safer to configure.Notes
Parent: #1013
Planning doc:
docs/explanation/features/MCP_PLUGIN_ROBUSTNESS_PLAN.mdPriority: P1
Size: L