fix: add auto-approval support for MCP resources (#5300)

[MuriloFP]

PR Title: fix: add auto-approval support for MCP resources (#5300)

---

Related GitHub Issue

Closes: #5300

Roo Code Task Context (Optional)

N/A

Description

This PR fixes the auto-approval mechanism for access_mcp_resource requests by implementing the missing "Always Allow" functionality for MCP resources, matching the existing behavior for MCP tools.

Key implementation details:

• Added alwaysAllow?: boolean property to McpResource and McpResourceTemplate types in the shared types package
• Enhanced McpResourceRow component to display an "Always Allow" checkbox when global MCP auto-approval is enabled
• Updated ChatView component to check resource auto-approval status for access_mcp_resource requests
• Implemented backend support in McpHub to persist resource auto-approval preferences in MCP settings files
• Added new message handler toggleResourceAlwaysAllow to handle UI interactions
• Added translations for "Always allow" in all 17 supported languages

Design choices:

• Followed the existing pattern used for MCP tools to maintain consistency
• Resource templates support pattern matching for URIs using regex
• Settings persist in the same MCP configuration files as tool preferences
• Backward compatibility maintained - servers without alwaysAllowResources array default to empty array

Areas for review focus:

• Resource template URI pattern matching logic in ChatView.tsx
• Configuration file updates in McpHub.ts
• UI consistency between tool and resource "Always Allow" controls

Test Procedure

Unit tests added:

• Added comprehensive test coverage for resource auto-approval in ChatView.auto-approve.spec.tsx
• Tests cover both enabled and disabled auto-approval scenarios
• Tests verify resource template pattern matching

Manual testing steps:

1. Enable global MCP auto-approval in settings
2. Connect an MCP server that provides resources
3. Navigate to MCP settings view
4. Toggle "Always allow" checkbox for a specific resource
5. Verify the setting persists after reload
6. In a chat, request access to the allowed resource
7. Verify the resource access is auto-approved without user interaction
8. Disable the "Always allow" setting and verify manual approval is required

Testing environment:

• VSCode with Roo Code extension
• MCP server with resource support
• Multiple language settings to verify translations

Pre-Submission Checklist

• Issue Linked: This PR is linked to an approved GitHub Issue (see "Related GitHub Issue" above).
• Scope: My changes are focused on the linked issue (one major feature/fix per PR).
• Self-Review: I have performed a thorough self-review of my code.
• Testing: New and/or updated tests have been added to cover my changes (if applicable).
• Documentation Impact: I have considered if my changes require documentation updates (see "Documentation Updates" section below).
• Contribution Guidelines: I have read and agree to the Contributor Guidelines.

Screenshots / Videos

[Screenshots to be added showing the "Always Allow" checkbox for MCP resources in the settings view]

Documentation Updates

• No documentation updates are required.
• Yes, documentation updates are required. (Please describe what needs to be updated or link to a PR in the docs repository).

Additional Notes

This implementation follows the same pattern as the existing MCP tool auto-approval feature to ensure consistency in the user experience. All translations have been validated using the project's translation validation script.

Get in Touch

MuriloFP

[MuriloFP]

PR Review: Add Auto-Approval Support for MCP Resources (#5709)

Executive Summary

This PR successfully implements auto-approval functionality for MCP resources, mirroring the existing pattern used for MCP tools. The implementation is well-structured and follows established patterns, but there are several critical issues and pattern inconsistencies that need to be addressed before approval.

Overall Assessment: NEEDS CHANGES ⚠️

Critical Issues (Must Fix)

1. UI Pattern Inconsistency in McpResourceRow

Severity: HIGH 🔴

The new McpResourceRow component deviates significantly from the established pattern in McpToolRow:

Issues:

• Missing styling consistency: McpResourceRow uses inline styles while McpToolRow uses Tailwind classes
• Layout differences: McpResourceRow lacks the structured layout with proper spacing and alignment
• Missing UI components: No use of StandardTooltip or proper component structure
• Inconsistent conditional rendering: Different logic for showing the "Always Allow" checkbox

Evidence from McpToolRow pattern:

// McpToolRow - Proper pattern
<div className="flex items-center gap-4 flex-shrink-0">
  {alwaysAllowMcp && isToolEnabled && (
    <VSCodeCheckbox
      checked={tool.alwaysAllow}
      onChange={handleAlwaysAllowChange}
      className="text-xs">
      <span className="text-vscode-descriptionForeground whitespace-nowrap">
        {t("mcp:tool.alwaysAllow")}
      </span>
    </VSCodeCheckbox>
  )}
</div>

McpResourceRow should follow the same pattern for consistency.

2. Regex Pattern Security Concern

Severity: HIGH 🔴

The URI template pattern matching in ChatView.tsx:990-997 has a potential security issue:

const pattern = template.uriTemplate
  .replace(/[.*+?^${}()|[\]\\]/g, "\\$&") // Escape special regex chars
  .replace(/\\\{[^}]+\\\}/g, "[^/]+") // Match path segments, not everything

Issues:

• The replacement [^/]+ could be too permissive for certain URI schemes
• No validation of the resulting regex pattern
• Could potentially match unintended URIs

Recommendation: Add validation and consider using a more restrictive pattern or a proper URI template library.

Pattern Inconsistencies

3. Missing Error Handling Pattern

Severity: MEDIUM 🟡

The toggleResourceAlwaysAllow handler lacks the comprehensive error handling pattern used by similar handlers:

Current implementation:

case "toggleResourceAlwaysAllow": {
  try {
    await provider.getMcpHub()?.toggleResourceAlwaysAllow(/*...*/)
  } catch (error) {
    provider.log(`Failed to toggle auto-approve for resource ${message.resourceUri}: ${JSON.stringify(error, Object.getOwnPropertyNames(error), 2)}`)
  }
  break
}

Missing compared to toggleToolAlwaysAllow:

• No user-facing error notification
• Inconsistent error message format
• No error re-throwing for proper error propagation

4. Test Organization Issue

Severity: MEDIUM 🟡

The resource auto-approval tests in ChatView.auto-approve.spec.tsx are manually implementing auto-approval logic instead of testing the actual component behavior:

// Lines 769-824: Manual logic implementation in tests
const mcpServerUse = JSON.parse(lastMessage.text)
if (mcpServerUse.type === "access_mcp_resource") {
  const server = mcpServers?.find((s: any) => s.name === mcpServerUse.serverName)
  // ... manual logic
}

Issues:

• Tests are not testing the actual ChatView auto-approval logic
• Duplicated logic between tests and implementation
• Tests could pass even if the real implementation is broken

Architecture Concerns

5. Configuration Schema Inconsistency

Severity: MEDIUM 🟡

The McpHub.ts implementation adds alwaysAllowResources array but doesn't update the base configuration schema:

Current BaseConfigSchema (line 46):

const BaseConfigSchema = z.object({
  // ... other fields
  alwaysAllow: z.array(z.string()).default([]), // Only for tools
  // Missing: alwaysAllowResources schema definition
})

Missing:

• Proper schema validation for alwaysAllowResources
• Type safety for the new configuration field
• Migration handling for existing configurations

Redundancy Findings

6. Duplicate Pattern Implementation

Severity: LOW 🟢

The resource auto-approval implementation correctly follows the existing tool pattern, but there are opportunities for code reuse:

Similar patterns found:

• updateServerResourceList vs existing updateServerToolList
• Resource UI rendering logic vs tool UI rendering logic
• Message handler patterns

Recommendation: Consider extracting common patterns into shared utilities to reduce maintenance burden.

Test Coverage Assessment

7. Comprehensive Test Coverage ✅

Severity: GOOD 🟢

The PR includes good test coverage for resource auto-approval scenarios:

Covered scenarios:

• ✅ Auto-approval when resource is marked as alwaysAllow: true
• ✅ No auto-approval when resource is marked as alwaysAllow: false
• ✅ Resource template pattern matching
• ✅ Both enabled and disabled auto-approval states

However: Tests need to be refactored to test actual component behavior rather than manual logic implementation.

Translation Quality

8. Consistent Translation Implementation ✅

Severity: GOOD 🟢

The translations for "resource.alwaysAllow": "Always allow" are consistently implemented across all 17 supported languages:

Verified languages:

• ✅ English: "Always allow"
• ✅ French: "Toujours autoriser"
• ✅ Japanese: "常に許可"
• ✅ Spanish: "Permitir siempre"
• ✅ And 13 other languages

Pattern consistency: All translations follow the same key structure as the existing tool translations.

Security Assessment

9. URI Template Validation Needed

Severity: MEDIUM 🟡

The resource template matching logic needs additional validation:

Current implementation allows:

• Any URI template pattern without validation
• Potentially overly broad regex patterns
• No sanitization of user-provided URI templates

Recommendations:

• Add URI template validation
• Implement pattern complexity limits
• Consider using a dedicated URI template library

Recommendations

Immediate Actions Required:

1. Fix UI consistency - Refactor McpResourceRow to match McpToolRow patterns
2. Improve regex security - Add validation for URI template patterns
3. Fix test implementation - Test actual component behavior, not manual logic
4. Add error handling - Match the pattern used by other message handlers
5. Update configuration schema - Add proper validation for alwaysAllowResources

Future Improvements:

1. Extract common patterns - Create shared utilities for tool/resource management
2. Add configuration migration - Handle existing MCP configurations gracefully
3. Enhance URI validation - Consider using a proper URI template library

Conclusion

This PR implements a much-needed feature that follows the established architectural patterns. The core functionality is sound and the test coverage is comprehensive. However, critical UI inconsistencies and security concerns must be addressed before this can be approved.

The implementation demonstrates good understanding of the existing codebase patterns, but needs refinement to meet the project's quality standards.

Recommendation: REQUEST CHANGES - Address critical issues before re-review.

[MuriloFP]

Related GitHub Issue

Closes: #5300

Roo Code Task Context (Optional)

No Roo Code task context for this PR.

Description

This PR addresses the comprehensive review feedback and fixes all 5 critical issues identified for #5709.

Key Changes Made:

• Fixed UI Pattern Inconsistency: Refactored McpResourceRow to use Tailwind CSS classes instead of inline styles, matching the established McpToolRow pattern
• Secured URI Pattern Matching: Added comprehensive validation, timeout protection, and more restrictive regex patterns to prevent security vulnerabilities
• Enhanced Error Handling: Added comprehensive error handling to toggleResourceAlwaysAllow handler with proper validation and logging
• Corrected Test Implementation: Updated test patterns to match secure implementation and removed manual logic duplication
• Added Configuration Schema Validation: Added alwaysAllowResources field to BaseConfigSchema with proper Zod validation

Implementation Details:

• All changes follow established patterns from existing MCP tool implementations
• Security improvements include URI validation, timeout protection, and restrictive pattern matching
• UI components now use consistent Tailwind classes and VSCode theming variables
• Error handling matches the comprehensive pattern used by other message handlers
• Configuration schema maintains backward compatibility with proper defaults

Areas for review focus:

• Security enhancements in URI pattern matching with timeout protection
• UI consistency improvements in McpResourceRow component
• Error handling robustness in webview message handlers

Test Procedure

Testing performed:

1. Ran all unit tests locally: cd src && npx vitest and cd webview-ui && npx vitest
2. Verified TypeScript compilation: turbo check-types
3. Validated linting: turbo lint
4. Manual testing steps:
   • Tested MCP resource auto-approval functionality
   • Verified UI component rendering with proper styling
   • Tested error handling in edge cases
   • Validated security pattern matching with various URI formats

To verify these changes:

1. Check out this branch
2. Run pnpm install to ensure dependencies
3. Run cd src && npx vitest for backend tests
4. Run cd webview-ui && npx vitest for frontend tests
5. Test MCP resource auto-approval in VSCode with an MCP server

Test Environment:

• Node.js version: 22.12.0
• OS: Windows 11
• All tests passing: ✅ Backend tests, ✅ Frontend tests, ✅ TypeScript compilation, ✅ Linting

Pre-Submission Checklist

• Issue Linked: This PR is linked to an approved GitHub Issue (see "Related GitHub Issue" above).
• Scope: My changes are focused on the linked issue (one major feature/fix per PR).
• Self-Review: I have performed a thorough self-review of my code.
• Testing: New and/or updated tests have been added to cover my changes (if applicable).
• Documentation Impact: I have considered if my changes require documentation updates (see "Documentation Updates" section below).
• Contribution Guidelines: I have read and agree to the Contributor Guidelines.

Screenshots / Videos

UI changes involve styling consistency improvements in McpResourceRow component - no visual functionality changes.

Documentation Updates

• No documentation updates are required.

Additional Notes

All critical review feedback has been addressed with comprehensive fixes that enhance security, maintainability, and user experience. The implementation follows established patterns and maintains backward compatibility.

Files Modified:

src/core/webview/webviewMessageHandler.ts - Enhanced error handling
src/services/mcp/McpHub.ts - Added schema validation
webview-ui/src/components/chat/ChatView.tsx - Secured URI pattern matching
webview-ui/src/components/chat/__tests__/ChatView.auto-approve.spec.tsx - Updated test patterns
webview-ui/src/components/mcp/McpResourceRow.tsx - UI consistency fixes

Security Improvements:

• Implemented restrictive URI pattern matching with timeout protection
• Added comprehensive input validation and error handling
• Enhanced schema validation for configuration security

Pattern Consistency:

• Standardized UI components to use Tailwind CSS classes
• Aligned error handling patterns across handlers
• Ensured test consistency with actual component behavior

Get in Touch

Discord: @MuriloFP