Skip to content

Conversation

JamesNK
Copy link
Member

@JamesNK JamesNK commented Oct 18, 2025

Description

Additionals in dashboard MCP server PR:

  • MCP server with access to tools from AI chat
  • MCP endpoint
  • Header icon and dialog for getting MCP details
  • API key auth for MCP server
  • Integration tests

Fixes #10957

MCP dialog below. Description and instructions to add MCP server are work in progress and will be finalized in follow up PRs:

image

Checklist

  • Is this feature complete?
    • Yes. Ready to ship.
    • No. Follow-up changes expected.
  • Are you including unit tests for the changes and scenario tests if relevant?
    • Yes
    • No
  • Did you add public API?
    • Yes
      • If yes, did you have an API Review for it?
        • Yes
        • No
      • Did you add <remarks /> and <code /> elements on your triple slash comments?
        • Yes
        • No
    • No
  • Does the change make any security assumptions or guarantees?
    • Yes
      • If yes, have you done a threat model and had a security review?
        • Yes
        • No
    • No
  • Does the change require an update in our Aspire docs?

Copy link
Contributor

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 12148

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 12148"

Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds MCP server support to the dashboard, including configuration, authentication, endpoint hosting, UI integration, and integration tests.

  • Introduces MCP endpoint, auth modes (unsecured/API key), environment/config options, and server tools.
  • Refactors telemetry/log limiting helpers and adds MCP-related warnings and UI dialog.
  • Adds integration tests for MCP endpoint and API key behavior.

Reviewed Changes

Copilot reviewed 54 out of 57 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
AssistantChatDataContextTests.cs Removed legacy limit tests after refactor to AIHelpers.
AIHelpersTests.cs Added limit tests now targeting AIHelpers.
StartupTests.cs Added log assertion for unsecured MCP warning.
DashboardServerFixture.cs Injects MCP auth mode config for tests.
McpServiceTests.cs New integration tests for MCP endpoint and API key auth.
IntegrationTestHelpers.cs Adds MCP URL configuration.
FrontendBrowserTokenAuthTests.cs Adds MCP unsecured warning assertion.
KnownConfigNames.cs Adds MCP endpoint env var constant.
DashboardConfigNames.cs Adds MCP-related config keys.
DistributedApplicationBuilder.cs Persists generated MCP API key to user secrets.
TransportOptionsValidator.cs Validates MCP endpoint URL parsing.
DashboardOptions.cs (Hosting) Adds MCP endpoint/api key options.
DashboardEventHandlers.cs Adds MCP endpoint handling and env var population.
BrowserStorageKeys.cs Adds storage key for MCP unsecured message dismissal.
IDashboardClient.cs / DashboardClient.cs Exposes GetResources with locking.
Localization .xlf and .resx files Adds MCP unsecured warning strings.
AssistantChatDataContext.cs Moves limit logic to AIHelpers.
AIHelpers.cs Centralizes limits and list trimming logic.
ResourceMcpTools.cs Implements MCP server tools (resources, logs, traces, commands).
McpServerModel.cs Defines MCP server model + source gen context.
McpExtensions.cs Registers MCP server and tools via SDK.
Mcp* authentication handlers Adds MCP auth modes and composite handler.
DashboardWebApplication.cs Hosts MCP server, maps /mcp, configures endpoint & auth.
Validate/PostConfigureDashboardOptions.cs Parses/validates MCP options and defaults.
DashboardOptions.cs (Dashboard) Adds McpOptions class with parsing.
MainLayout.* Adds MCP dialog and unsecured message display.
McpServerDialog.* UI dialog for MCP server config & install links.
AspireIcons.cs Adds MCP icon.
ConnectionType* Adds MCP connection type & scheme.
Aspire.Dashboard.csproj Adds ModelContextProtocol packages & Razor feature flag.
RunCommand.cs Adds MCP endpoint env var for CLI run profile.
launchSettings.json Adds MCP endpoint env vars for playground app.
Directory.Packages.props Updates MCP protocol package versions.
Files not reviewed (1)
  • src/Aspire.Dashboard/Resources/Layout.Designer.cs: Language not supported

}
else
{
context.EnvironmentVariables[DashboardConfigNames.DashboardOtlpAuthModeName.EnvVarName] = "Unsecured";
Copy link

Copilot AI Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The else branch sets the OTLP auth mode variable instead of the MCP auth mode variable, which can incorrectly override previously set OTLP configuration when the MCP API key is absent. Change line 570 to use DashboardMcpAuthModeName.EnvVarName so the fallback applies only to MCP: context.EnvironmentVariables[DashboardConfigNames.DashboardMcpAuthModeName.EnvVarName] = "Unsecured";

Suggested change
context.EnvironmentVariables[DashboardConfigNames.DashboardOtlpAuthModeName.EnvVarName] = "Unsecured";
context.EnvironmentVariables[DashboardConfigNames.DashboardMcpAuthModeName.EnvVarName] = "Unsecured";

Copilot uses AI. Check for mistakes.

Comment on lines +705 to +713
static void ConfigureSingleEndpoint(ILogger logger, bool isHttps, Func<EndpointInfo> endpointAccessor, List<Func<EndpointInfo>> frontEndPointAccessors, List<ConnectionType> connectionTypes)
{
logger.LogDebug("Browser and OTLP accessible on a single endpoint.");

if (!isHttps)
{
logger.LogWarning(
"The dashboard is configured with a shared endpoint for browser access and the OTLP service. " +
"The endpoint doesn't use TLS so browser access is only possible via a TLS terminating proxy.");
Copy link

Copilot AI Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These log messages reference only Browser and OTLP, but this helper is also used when MCP shares the same endpoint; update the debug and warning messages to reflect all active services (e.g. "Browser, OTLP and MCP accessible..." or a generalized "Multiple dashboard services accessible..."). Adjust both lines 707 and 711–713 accordingly.

Copilot uses AI. Check for mistakes.

{
try
{
var cts = new CancellationTokenSource(millisecondsDelay: 500);
Copy link

Copilot AI Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CancellationTokenSource (cts) is created but never used; remove it or apply the token to an operation to clarify intent and avoid confusion.

Suggested change
var cts = new CancellationTokenSource(millisecondsDelay: 500);

Copilot uses AI. Check for mistakes.


return response;
}
catch { }
Copy link

Copilot AI Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Swallowing all exceptions without logging obscures failures in GetResourceGraph; replace with a specific exception catch or log the exception (at least debug/trace) to aid diagnostics.

Copilot uses AI. Check for mistakes.

@if (McpEnabled)
{
<p>
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vitae condimentum nulla, nec viverra purus. Morbi cursus egestas leo, eget lacinia quam hendrerit non.
Copy link

Copilot AI Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Placeholder "Lorem ipsum" text should be replaced with real guidance explaining MCP server usage (e.g. purpose, how to install, security considerations); substitute with actionable, product-appropriate content.

Suggested change
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vitae condimentum nulla, nec viverra purus. Morbi cursus egestas leo, eget lacinia quam hendrerit non.
The Aspire MCP (Model Context Protocol) server enables advanced integration with development tools such as Visual Studio Code. By running the MCP server, you can connect your Aspire application to supported IDEs for enhanced debugging, diagnostics, and management features.

Copilot uses AI. Check for mistakes.

</p>
<h5>MCP JSON</h5>
<p>
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vitae condimentum nulla, nec viverra purus. Morbi cursus egestas leo, eget lacinia quam hendrerit non.
Copy link

Copilot AI Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Second occurrence of placeholder text—replace with an explanation of the MCP JSON configuration (fields meaning, how to use in clients, security of headers).

Suggested change
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vitae condimentum nulla, nec viverra purus. Morbi cursus egestas leo, eget lacinia quam hendrerit non.
The MCP JSON configuration describes how clients can connect to and authenticate with the Aspire MCP server. Each field in the JSON has a specific purpose:
<ul>
<li><strong>endpoint</strong>: The base URL of the MCP server.</li>
<li><strong>headers</strong>: Optional HTTP headers (such as authentication tokens) that clients should include in requests. <strong>Keep these headers secure</strong>—they may contain sensitive information.</li>
<li><strong>protocolVersion</strong>: The version of the MCP protocol supported by the server.</li>
<!-- Add other fields as appropriate -->
</ul>
<br />
To use this configuration, import the JSON into your client or tool (such as VS Code) to enable secure and authenticated communication with the MCP server. <strong>Do not share this configuration publicly if it contains sensitive headers.</strong>

Copilot uses AI. Check for mistakes.

@davidfowl
Copy link
Member

Tried this but the template isn't updated with the right config so I cant see the mcp server 😄

}

[McpServerTool(Name = "aspire_execute_command"), Description("Executes a command on a resource.")]
public static async Task ExecuteCommand(IDashboardClient dashboardClient, [Description("The resource name")] string resourceName, [Description("The command name")] string commandName)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what would happen here if the command uses the interactive service and prompt the user for inputs?

Copy link
Contributor

@Meir017 Meir017 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of adding the mcp-vscode images, can we use markdown? similar to this https://github.com/github/github-mcp-server/blob/main/README.md?plain=1#L19C1-L19C655?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add built-in MCP server (preview) to dashboard with streaming HTTP and minimal tool surface

3 participants