Add dashboard MCP server #12148
Add dashboard MCP server #12148
Conversation
JamesNK
requested review from
adamint,
Copilot,
davidfowl,
mitchdenny and
sebastienros
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 12148Or
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 12148" |
There was a problem hiding this comment.
Pull Request Overview
Adds MCP server support to the dashboard, including configuration, authentication, endpoint hosting, UI integration, and integration tests.
- Introduces MCP endpoint, auth modes (unsecured/API key), environment/config options, and server tools.
- Refactors telemetry/log limiting helpers and adds MCP-related warnings and UI dialog.
- Adds integration tests for MCP endpoint and API key behavior.
Reviewed Changes
Copilot reviewed 54 out of 57 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| AssistantChatDataContextTests.cs | Removed legacy limit tests after refactor to AIHelpers. |
| AIHelpersTests.cs | Added limit tests now targeting AIHelpers. |
| StartupTests.cs | Added log assertion for unsecured MCP warning. |
| DashboardServerFixture.cs | Injects MCP auth mode config for tests. |
| McpServiceTests.cs | New integration tests for MCP endpoint and API key auth. |
| IntegrationTestHelpers.cs | Adds MCP URL configuration. |
| FrontendBrowserTokenAuthTests.cs | Adds MCP unsecured warning assertion. |
| KnownConfigNames.cs | Adds MCP endpoint env var constant. |
| DashboardConfigNames.cs | Adds MCP-related config keys. |
| DistributedApplicationBuilder.cs | Persists generated MCP API key to user secrets. |
| TransportOptionsValidator.cs | Validates MCP endpoint URL parsing. |
| DashboardOptions.cs (Hosting) | Adds MCP endpoint/api key options. |
| DashboardEventHandlers.cs | Adds MCP endpoint handling and env var population. |
| BrowserStorageKeys.cs | Adds storage key for MCP unsecured message dismissal. |
| IDashboardClient.cs / DashboardClient.cs | Exposes GetResources with locking. |
| Localization .xlf and .resx files | Adds MCP unsecured warning strings. |
| AssistantChatDataContext.cs | Moves limit logic to AIHelpers. |
| AIHelpers.cs | Centralizes limits and list trimming logic. |
| ResourceMcpTools.cs | Implements MCP server tools (resources, logs, traces, commands). |
| McpServerModel.cs | Defines MCP server model + source gen context. |
| McpExtensions.cs | Registers MCP server and tools via SDK. |
| Mcp* authentication handlers | Adds MCP auth modes and composite handler. |
| DashboardWebApplication.cs | Hosts MCP server, maps /mcp, configures endpoint & auth. |
| Validate/PostConfigureDashboardOptions.cs | Parses/validates MCP options and defaults. |
| DashboardOptions.cs (Dashboard) | Adds McpOptions class with parsing. |
| MainLayout.* | Adds MCP dialog and unsecured message display. |
| McpServerDialog.* | UI dialog for MCP server config & install links. |
| AspireIcons.cs | Adds MCP icon. |
| ConnectionType* | Adds MCP connection type & scheme. |
| Aspire.Dashboard.csproj | Adds ModelContextProtocol packages & Razor feature flag. |
| RunCommand.cs | Adds MCP endpoint env var for CLI run profile. |
| launchSettings.json | Adds MCP endpoint env vars for playground app. |
| Directory.Packages.props | Updates MCP protocol package versions. |
Files not reviewed (1)
- src/Aspire.Dashboard/Resources/Layout.Designer.cs: Language not supported
| } | ||
| else | ||
| { | ||
| context.EnvironmentVariables[DashboardConfigNames.DashboardOtlpAuthModeName.EnvVarName] = "Unsecured"; |
There was a problem hiding this comment.
The else branch sets the OTLP auth mode variable instead of the MCP auth mode variable, which can incorrectly override previously set OTLP configuration when the MCP API key is absent. Change line 570 to use DashboardMcpAuthModeName.EnvVarName so the fallback applies only to MCP: context.EnvironmentVariables[DashboardConfigNames.DashboardMcpAuthModeName.EnvVarName] = "Unsecured";
| context.EnvironmentVariables[DashboardConfigNames.DashboardOtlpAuthModeName.EnvVarName] = "Unsecured"; | |
| context.EnvironmentVariables[DashboardConfigNames.DashboardMcpAuthModeName.EnvVarName] = "Unsecured"; |
Copilot uses AI. Check for mistakes.
| static void ConfigureSingleEndpoint(ILogger logger, bool isHttps, Func<EndpointInfo> endpointAccessor, List<Func<EndpointInfo>> frontEndPointAccessors, List<ConnectionType> connectionTypes) | ||
| { | ||
| logger.LogDebug("Browser and OTLP accessible on a single endpoint."); | ||
|
|
||
| if (!isHttps) | ||
| { | ||
| logger.LogWarning( | ||
| "The dashboard is configured with a shared endpoint for browser access and the OTLP service. " + | ||
| "The endpoint doesn't use TLS so browser access is only possible via a TLS terminating proxy."); |
There was a problem hiding this comment.
These log messages reference only Browser and OTLP, but this helper is also used when MCP shares the same endpoint; update the debug and warning messages to reflect all active services (e.g. "Browser, OTLP and MCP accessible..." or a generalized "Multiple dashboard services accessible..."). Adjust both lines 707 and 711–713 accordingly.
Copilot uses AI. Check for mistakes.
| { | ||
| try | ||
| { | ||
| var cts = new CancellationTokenSource(millisecondsDelay: 500); |
There was a problem hiding this comment.
The CancellationTokenSource (cts) is created but never used; remove it or apply the token to an operation to clarify intent and avoid confusion.
| var cts = new CancellationTokenSource(millisecondsDelay: 500); |
Copilot uses AI. Check for mistakes.
|
|
||
| return response; | ||
| } | ||
| catch { } |
There was a problem hiding this comment.
Swallowing all exceptions without logging obscures failures in GetResourceGraph; replace with a specific exception catch or log the exception (at least debug/trace) to aid diagnostics.
Copilot uses AI. Check for mistakes.
| @if (McpEnabled) | ||
| { | ||
| <p> | ||
| Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vitae condimentum nulla, nec viverra purus. Morbi cursus egestas leo, eget lacinia quam hendrerit non. |
There was a problem hiding this comment.
Placeholder "Lorem ipsum" text should be replaced with real guidance explaining MCP server usage (e.g. purpose, how to install, security considerations); substitute with actionable, product-appropriate content.
| Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vitae condimentum nulla, nec viverra purus. Morbi cursus egestas leo, eget lacinia quam hendrerit non. | |
| The Aspire MCP (Model Context Protocol) server enables advanced integration with development tools such as Visual Studio Code. By running the MCP server, you can connect your Aspire application to supported IDEs for enhanced debugging, diagnostics, and management features. |
Copilot uses AI. Check for mistakes.
| </p> | ||
| <h5>MCP JSON</h5> | ||
| <p> | ||
| Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vitae condimentum nulla, nec viverra purus. Morbi cursus egestas leo, eget lacinia quam hendrerit non. |
There was a problem hiding this comment.
Second occurrence of placeholder text—replace with an explanation of the MCP JSON configuration (fields meaning, how to use in clients, security of headers).
| Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vitae condimentum nulla, nec viverra purus. Morbi cursus egestas leo, eget lacinia quam hendrerit non. | |
| The MCP JSON configuration describes how clients can connect to and authenticate with the Aspire MCP server. Each field in the JSON has a specific purpose: | |
| <ul> | |
| <li><strong>endpoint</strong>: The base URL of the MCP server.</li> | |
| <li><strong>headers</strong>: Optional HTTP headers (such as authentication tokens) that clients should include in requests. <strong>Keep these headers secure</strong>—they may contain sensitive information.</li> | |
| <li><strong>protocolVersion</strong>: The version of the MCP protocol supported by the server.</li> | |
| <!-- Add other fields as appropriate --> | |
| </ul> | |
| <br /> | |
| To use this configuration, import the JSON into your client or tool (such as VS Code) to enable secure and authenticated communication with the MCP server. <strong>Do not share this configuration publicly if it contains sensitive headers.</strong> |
Copilot uses AI. Check for mistakes.
|
Tried this but the template isn't updated with the right config so I cant see the mcp server 😄 |
| } | ||
|
|
||
| [McpServerTool(Name = "aspire_execute_command"), Description("Executes a command on a resource.")] | ||
| public static async Task ExecuteCommand(IDashboardClient dashboardClient, [Description("The resource name")] string resourceName, [Description("The command name")] string commandName) |
There was a problem hiding this comment.
what would happen here if the command uses the interactive service and prompt the user for inputs?
There was a problem hiding this comment.
instead of adding the mcp-vscode images, can we use markdown? similar to this https://github.com/github/github-mcp-server/blob/main/README.md?plain=1#L19C1-L19C655?
3 participants
Description
Additionals in dashboard MCP server PR:
Fixes #10957
MCP dialog below. Description and instructions to add MCP server are work in progress and will be finalized in follow up PRs:
Checklist
<remarks />and<code />elements on your triple slash comments?doc-ideatemplatebreaking-changetemplatediagnostictemplate