A2a admin setting overrides

packages/a2a-server/src/config/config.ts

@@ -55,6 +55,22 @@ export async function loadConfig(
     }
   }
 
+  // Admin settings should be able to override existing mcpEnablement settings
+  // and extensionEnabled settings.
+  // By default, these should be undefined if not set by an admin so as to not
+  // override any existing defaults.
+  const getAdminBooleanOverride = (envVar: string): boolean | undefined => {
+    const value = process.env[envVar];
+    return value !== undefined ? value === 'true' : undefined;
+  };
+
+  const mcpEnabledAdminOverride = getAdminBooleanOverride('MCP_ADMIN_ENABLED');
+  const extensionsEnabledAdminOverride = getAdminBooleanOverride(
+    'EXTENSIONS_ADMIN_ENABLED',
+  );
+  const secureModeAdminEnabled =
+    getAdminBooleanOverride('SECURE_MODE_ADMIN_ENABLED') === true;
+
   const configParams: ConfigParameters = {
     sessionId: taskId,
     model: settings.general?.previewFeatures
@@ -70,9 +86,11 @@ export async function loadConfig(
     excludeTools: settings.excludeTools || undefined,
     showMemoryUsage: settings.showMemoryUsage || false,
     approvalMode:
-      process.env['GEMINI_YOLO_MODE'] === 'true'
+      process.env['GEMINI_YOLO_MODE'] === 'true' && !secureModeAdminEnabled
         ? ApprovalMode.YOLO
         : ApprovalMode.DEFAULT,
+    mcpEnabled: mcpEnabledAdminOverride,
+    extensionsEnabled: extensionsEnabledAdminOverride,
     mcpServers: settings.mcpServers,
     cwd: workspaceDir,
     telemetry: {