Skip to content

feat(api): expose & persist auto_approve_tool_changes in server REST API (MCP-2940)#727

Merged
Dumbris merged 1 commit into
mainfrom
fix/mcp-2940-rest-auto-approve
Jun 19, 2026
Merged

feat(api): expose & persist auto_approve_tool_changes in server REST API (MCP-2940)#727
Dumbris merged 1 commit into
mainfrom
fix/mcp-2940-rest-auto-approve

Conversation

@Dumbris

@Dumbris Dumbris commented Jun 19, 2026

Copy link
Copy Markdown
Member

Summary

Closes the REST gap from MCP-2940 (parent MCP-2916). MCP-2930 added the per-server auto_approve_tool_changes flag to config.ServerConfig but did not extend the REST layer, so the Web-UI "Auto-approve tool changes" toggle (MCP-2932, PR #725) could neither read nor persist it. This wires the flag through the REST request/response paths and through BBolt persistence.

Changes

REST request side (internal/httpapi, internal/server)

  • Add AutoApproveToolChanges *bool to AddServerRequest.
  • Wire into handleAddServer (create) and handlePatchServer with *bool nil-preserve semantics: omitting on PATCH preserves the existing pointer (may be nil = "never set"); an explicit value — including false — is applied. server.UpdateServer applies the pointer only when non-nil, so callers that don't touch it (e.g. config-to-secret) never reset it.

REST read side (internal/contracts, internal/runtime, internal/management)

  • Add AutoApproveToolChanges *bool to contracts.Server (omitempty → tri-state nil stays out of the payload, so the UI can tell unset from explicit false).
  • Emit auto_approve_tool_changes from runtime.GetAllServers (StateView) + getAllServersLegacy, project it in management.ListServers and ConvertGenericServersToTyped / ConvertServerConfig — in parity with quarantined.

Persistence (internal/storage) — discovered during verification

  • SaveConfiguration rebuilds the JSON config's server list from BBolt records, so a field absent from UpstreamRecord is wiped on the next mutation. Added AutoApproveToolChanges to UpstreamRecord + all four selective conversions, and updated TestSaveServerSyncFieldCoverage to require it in BBolt. Without this the toggle would not survive a save/restart (the exact "always shows OFF after reload" symptom the issue describes).

Verification

  • go test ./internal/{storage,httpapi,contracts,management}/... -race green; targeted internal/server tests green.
  • golangci-lint run --config .github/.golangci.yml → 0 issues.
  • OpenAPI regenerated (make swagger); docs updated (tool-quarantine.md, rest-api.md) per ENG-9.
  • Manual E2E against a live mcpproxy serve: POST true → GET true; PATCH false → GET false; PATCH args-only → GET preserves false; a server added without the flag → omitted/nil; all values survive a full restart; config file persists auto_approve_tool_changes: false.

Notes

  • Tri-state *bool throughout — nil-preserve semantics mirror the config field; no collapse to a plain bool.
  • Runtime enforcement of the flag is separately MCP-2931. This PR is plumbing + persistence only.

Related #725

@Dumbris
feat(api): expose & persist auto_approve_tool_changes in server REST …
3e7f20d 
…API (MCP-2940)

MCP-2930 (#724) added the per-server auto_approve_tool_changes flag to
config.ServerConfig but did not extend the REST layer, so the Web UI toggle
(MCP-2932, PR #725) could neither read nor persist it.

REST request side:
- Add AutoApproveToolChanges *bool to httpapi.AddServerRequest.
- Wire it into handleAddServer (create) and handlePatchServer with *bool
  nil-preserve semantics: omitting it on PATCH preserves the existing pointer
  (which may be nil = "never set"); an explicit value (including false) is
  applied. server.UpdateServer applies the pointer only when non-nil so callers
  that don't touch it (e.g. config-to-secret) never reset it.

REST read side:
- Add AutoApproveToolChanges *bool to contracts.Server (omitempty → tri-state
  nil stays out of the payload so the UI can tell unset from explicit false).
- Emit auto_approve_tool_changes from runtime.GetAllServers (StateView path)
  and getAllServersLegacy, in parity with quarantined.
- Project it in management.ListServers and ConvertGenericServersToTyped /
  ConvertServerConfig.

Persistence:
- SaveConfiguration rebuilds the JSON config's server list from BBolt records,
  so a field absent from storage.UpstreamRecord is wiped on the next mutation.
  Add AutoApproveToolChanges to UpstreamRecord and all four selective
  conversions (Save/Get/List in manager.go, saveServerSync in async_ops.go);
  update TestSaveServerSyncFieldCoverage to require it in BBolt. Verified the
  flag now survives PATCH→GET and a full restart.

Tests: handler PATCH (set/preserve-nil/preserve-true/explicit-false) + GET
exposure; management + contracts projection; storage Save/Get/List round-trip
incl. tri-state nil. OpenAPI regenerated. Docs updated (tool-quarantine.md,
rest-api.md).

Related #725. Runtime enforcement remains MCP-2931.
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 19, 2026

Copy link
Copy Markdown

Deploying mcpproxy-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: 3e7f20d
Status: ✅  Deploy successful!
Preview URL: https://211e9748.mcpproxy-docs.pages.dev
Branch Preview URL: https://fix-mcp-2940-rest-auto-appro.mcpproxy-docs.pages.dev

View logs

@codecov-commenter

codecov-commenter commented Jun 19, 2026

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 90.36145% with 8 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
internal/runtime/runtime.go 0.00% 4 Missing ⚠️
internal/httpapi/server.go 71.42% 1 Missing and 1 partial ⚠️
internal/server/server.go 0.00% 2 Missing ⚠️

📢 Thoughts on this report? Let us know!

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

📦 Build Artifacts

Workflow Run: View Run
Branch: fix/mcp-2940-rest-auto-approve

Available Artifacts

  • archive-darwin-amd64 (28 MB)
  • archive-darwin-arm64 (25 MB)
  • archive-linux-amd64 (16 MB)
  • archive-linux-arm64 (14 MB)
  • archive-windows-amd64 (28 MB)
  • archive-windows-arm64 (25 MB)
  • frontend-dist-pr (0 MB)
  • installer-dmg-darwin-amd64 (21 MB)
  • installer-dmg-darwin-arm64 (19 MB)

How to Download

Option 1: GitHub Web UI (easiest)

  1. Go to the workflow run page linked above
  2. Scroll to the bottom "Artifacts" section
  3. Click on the artifact you want to download

Option 2: GitHub CLI

gh run download 27821934238 --repo smart-mcp-proxy/mcpproxy-go

Note: Artifacts expire in 14 days.

mcpproxy-gatekeeper[bot]
mcpproxy-gatekeeper Bot approved these changes Jun 19, 2026
View reviewed changes

@mcpproxy-gatekeeper mcpproxy-gatekeeper Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved via Claude Code review (MCP-2940). REST expose+persist auto_approve_tool_changes: tri-state *bool round-trips (explicit false preserved), BBolt rebuild path fixed, no enforcement change; -race tests + golangci-lint clean; CI green.

@Dumbris Dumbris merged commit 93c38c2 into main Jun 19, 2026
39 checks passed
@Dumbris Dumbris mentioned this pull request Jun 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcpproxy-gatekeeper mcpproxy-gatekeeper[bot] mcpproxy-gatekeeper[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dumbris @codecov-commenter