diff --git a/add-mcp/.vscode/schemas/VERSION b/add-mcp/.vscode/schemas/VERSION index b7c0a9b1..a5effa30 100644 --- a/add-mcp/.vscode/schemas/VERSION +++ b/add-mcp/.vscode/schemas/VERSION @@ -1 +1 @@ -v1.6.0 +v1.12.0 diff --git a/add-mcp/.vscode/schemas/mcp-server.schema.json b/add-mcp/.vscode/schemas/mcp-server.schema.json index f679623c..328e23f8 100644 --- a/add-mcp/.vscode/schemas/mcp-server.schema.json +++ b/add-mcp/.vscode/schemas/mcp-server.schema.json @@ -8,6 +8,10 @@ "description": "CORS configuration", "$ref": "#/$defs/CorsConfig" }, + "server_info": { + "description": "Server metadata configuration", + "$ref": "#/$defs/ServerInfoConfig" + }, "custom_scalars": { "description": "Path to a custom scalar map", "type": [ @@ -84,6 +88,7 @@ "$ref": "#/$defs/Transport" } }, + "additionalProperties": false, "$defs": { "CorsConfig": { "description": "CORS configuration options", @@ -168,7 +173,55 @@ "minimum": 0, "default": 7200 } - } + }, + "additionalProperties": false + }, + "ServerInfoConfig": { + "description": "Server metadata configuration returned in the MCP initialize response.\nAll fields are optional and fall back to defaults if not provided.", + "type": "object", + "properties": { + "name": { + "description": "The name of the MCP server implementation", + "type": [ + "string", + "null" + ], + "default": null + }, + "version": { + "description": "The version of the MCP server implementation", + "type": [ + "string", + "null" + ], + "default": null + }, + "title": { + "description": "Human-readable title for the server", + "type": [ + "string", + "null" + ], + "default": null + }, + "website_url": { + "description": "URL to the server's website or documentation", + "type": [ + "string", + "null" + ], + "default": null + }, + "description": { + "description": "A brief description of the server", + "type": [ + "string", + "null" + ], + "default": null + } + }, + "additionalProperties": false }, "GraphOSConfig": { "description": "Credentials to use with GraphOS", @@ -207,7 +260,8 @@ }, "default": [] } - } + }, + "additionalProperties": false }, "HealthCheckConfig": { "description": "Configuration options for the health check component.", @@ -302,7 +356,8 @@ "description": "Validate configuration for checking operations before execution", "$ref": "#/$defs/ValidateConfig" } - } + }, + "additionalProperties": false }, "ExecuteConfig": { "description": "Execution-specific introspection configuration", @@ -312,8 +367,17 @@ "description": "Enable introspection for execution", "type": "boolean", "default": false + }, + "hint": { + "description": "Optional custom hint appended to the execute tool description", + "type": [ + "string", + "null" + ], + "default": null } - } + }, + "additionalProperties": false }, "IntrospectConfig": { "description": "Introspect-specific introspection configuration", @@ -328,8 +392,17 @@ "description": "Minify introspection results", "type": "boolean", "default": false + }, + "hint": { + "description": "Optional custom hint appended to the introspect tool description", + "type": [ + "string", + "null" + ], + "default": null } - } + }, + "additionalProperties": false }, "SearchConfig": { "description": "Search tool configuration", @@ -358,8 +431,17 @@ "description": "Minify search results", "type": "boolean", "default": false + }, + "hint": { + "description": "Optional custom hint appended to the search tool description", + "type": [ + "string", + "null" + ], + "default": null } - } + }, + "additionalProperties": false }, "ValidateConfig": { "description": "Validation tool configuration", @@ -369,8 +451,17 @@ "description": "Enable validation tool", "type": "boolean", "default": false + }, + "hint": { + "description": "Optional custom hint appended to the validate tool description", + "type": [ + "string", + "null" + ], + "default": null } - } + }, + "additionalProperties": false }, "Logging": { "description": "Logging related options", @@ -399,7 +490,8 @@ "description": "Log file rotation period to use when log file path provided\n[default: Hourly]", "$ref": "#/$defs/LogRotationKind" } - } + }, + "additionalProperties": false }, "LogRotationKind": { "type": "string", @@ -436,7 +528,8 @@ "null" ] } - } + }, + "additionalProperties": false }, "Exporters": { "type": "object", @@ -461,7 +554,8 @@ } ] } - } + }, + "additionalProperties": false }, "MetricsExporters": { "type": "object", @@ -485,8 +579,17 @@ "items": { "$ref": "#/$defs/TelemetryAttribute" } + }, + "export_interval": { + "description": "Interval at which metrics are exported.\n\nAccepts human-readable durations (e.g., \"30s\", \"1m\", \"5m\").\nDefaults to 30 seconds when not specified.", + "type": [ + "string", + "null" + ], + "default": null } - } + }, + "additionalProperties": false }, "MetricTelemetryExporter": { "description": "Metric telemetry exporter options", @@ -513,6 +616,7 @@ "const": "grpc" } }, + "additionalProperties": false, "required": [ "protocol", "endpoint" @@ -541,6 +645,7 @@ "const": "http/protobuf" } }, + "additionalProperties": false, "required": [ "protocol", "endpoint" @@ -634,7 +739,8 @@ "$ref": "#/$defs/TelemetryAttribute" } } - } + }, + "additionalProperties": false }, "TraceTelemetryExporter": { "description": "Trace telemetry exporter options", @@ -657,6 +763,7 @@ "const": "grpc" } }, + "additionalProperties": false, "required": [ "protocol", "endpoint" @@ -681,6 +788,7 @@ "const": "http/protobuf" } }, + "additionalProperties": false, "required": [ "protocol", "endpoint" @@ -729,6 +837,7 @@ "const": "collection" } }, + "additionalProperties": false, "required": [ "source", "id" @@ -745,7 +854,8 @@ }, "required": [ "source" - ] + ], + "additionalProperties": false }, { "description": "Load operations by introspecting the schema\n\nNote: Requires introspection to be enabled", @@ -758,7 +868,8 @@ }, "required": [ "source" - ] + ], + "additionalProperties": false }, { "description": "Load operations from local GraphQL files / folders", @@ -775,6 +886,7 @@ "const": "local" } }, + "additionalProperties": false, "required": [ "source", "paths" @@ -792,6 +904,7 @@ "const": "manifest" } }, + "additionalProperties": false, "required": [ "source", "path" @@ -808,7 +921,8 @@ }, "required": [ "source" - ] + ], + "additionalProperties": false } ] }, @@ -840,8 +954,28 @@ "description": "Set the mutation mode access level for the MCP server", "$ref": "#/$defs/MutationMode", "default": "none" + }, + "descriptions": { + "description": "Optional map from operation name to tool description. When provided,\nthese descriptions override the auto-generated tool descriptions for\nthe matching operations, regardless of the operation source.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "default": {} + }, + "required_scopes": { + "description": "Per-operation OAuth scope requirements for step-up authorization.\nKeys are operation names; values are lists of required scopes.\nWhen a token lacks the required scopes for an operation, the server\nreturns HTTP 403 with `WWW-Authenticate: Bearer error=\"insufficient_scope\"`.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + }, + "default": {} } - } + }, + "additionalProperties": false }, "MutationMode": { "oneOf": [ @@ -877,6 +1011,7 @@ "const": "local" } }, + "additionalProperties": false, "required": [ "source", "path" @@ -893,7 +1028,8 @@ }, "required": [ "source" - ] + ], + "additionalProperties": false } ] }, @@ -910,45 +1046,8 @@ }, "required": [ "type" - ] - }, - { - "description": "Host the MCP server on the supplied configuration, using SSE for communication\n\nNote: This is deprecated in favor of HTTP streams.", - "type": "object", - "properties": { - "auth": { - "description": "Authentication configuration", - "anyOf": [ - { - "$ref": "#/$defs/Config" - }, - { - "type": "null" - } - ] - }, - "address": { - "description": "The IP address to bind to", - "type": "string", - "format": "ip", - "default": "127.0.0.1" - }, - "port": { - "description": "The port to bind to", - "type": "integer", - "format": "uint16", - "minimum": 0, - "maximum": 65535, - "default": 8000 - }, - "type": { - "type": "string", - "const": "sse" - } - }, - "required": [ - "type" - ] + ], + "additionalProperties": false }, { "description": "Host the MCP server on the configuration, using streamable HTTP messages.", @@ -980,14 +1079,20 @@ "default": 8000 }, "stateful_mode": { + "description": "Enable stateful mode for session management", "type": "boolean", "default": true }, + "host_validation": { + "description": "Host header validation configuration for DNS rebinding protection.", + "$ref": "#/$defs/HostValidationConfig" + }, "type": { "type": "string", "const": "streamable_http" } }, + "additionalProperties": false, "required": [ "type" ] @@ -1039,11 +1144,21 @@ "type": "string" } }, + "scope_mode": { + "description": "Scope enforcement mode: disabled, require_all (default), or require_any.", + "$ref": "#/$defs/ScopeMode", + "default": "require_all" + }, "disable_auth_token_passthrough": { "description": "Whether to disable the auth token passthrough to upstream API", "type": "boolean", "default": false }, + "allow_anonymous_mcp_discovery": { + "description": "Allow unauthenticated access to MCP discovery methods (e.g. `tools/list`).\n\nWhen enabled, requests without a bearer token that contain a discovery\nJSON-RPC method call will be allowed through without authentication.\nAll other requests still require valid authentication.", + "type": "boolean", + "default": false + }, "tls": { "description": "TLS configuration for connecting to OAuth servers", "$ref": "#/$defs/TlsConfig" @@ -1055,14 +1170,42 @@ "null" ], "default": null + }, + "discovery_headers": { + "description": "Headers to include in OIDC discovery and JWKS requests.\n\nUse this to set headers like `User-Agent` that may be required\nby upstream OAuth servers or web application firewalls.", + "type": "object", + "additionalProperties": { + "type": "string" + } } }, + "additionalProperties": false, "required": [ "servers", "resource", "scopes" ] }, + "ScopeMode": { + "description": "Scope enforcement mode for authenticated requests.", + "oneOf": [ + { + "description": "Skip scope enforcement entirely.", + "type": "string", + "const": "disabled" + }, + { + "description": "Token must have ALL configured scopes (default).", + "type": "string", + "const": "require_all" + }, + { + "description": "Token must have at least ONE configured scope.", + "type": "string", + "const": "require_any" + } + ] + }, "TlsConfig": { "description": "TLS configuration for OAuth server connections", "type": "object", @@ -1079,7 +1222,28 @@ "type": "boolean", "default": false } - } + }, + "additionalProperties": false + }, + "HostValidationConfig": { + "description": "Configuration for Host header validation to prevent DNS rebinding attacks.", + "type": "object", + "properties": { + "enabled": { + "description": "Enable Host header validation (enabled by default for security)", + "type": "boolean", + "default": true + }, + "allowed_hosts": { + "description": "Additional allowed hosts beyond localhost, 127.0.0.1, ::1, and 0.0.0.0.", + "type": "array", + "items": { + "type": "string" + }, + "default": [] + } + }, + "additionalProperties": false } } }