Skip to content

fix(mcp): add trust dialog for local untrusted .mcp.json config#3183

Draft
SAAITAAMAA wants to merge 2 commits into
tailcallhq:mainfrom
SAAITAAMAA:security/mcp-trust-prompt
Draft

fix(mcp): add trust dialog for local untrusted .mcp.json config#3183
SAAITAAMAA wants to merge 2 commits into
tailcallhq:mainfrom
SAAITAAMAA:security/mcp-trust-prompt

Conversation

@SAAITAAMAA
Copy link
Copy Markdown

@SAAITAAMAA SAAITAAMAA commented Apr 28, 2026

This prevents autoloading of untrusted .mcp.json and mitigates the arbitrary code execution.

@github-actions github-actions Bot added the type: fix Iterations on existing features or infrastructure. label Apr 28, 2026
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 28, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

laststylebender14
laststylebender14 reviewed May 5, 2026
View reviewed changes
Comment thread crates/forge_main/src/main.rs Outdated
let mut input = String::new();
std::io::stdin().read_line(&mut input).unwrap();
if input.trim().to_uppercase() != "YES" {
unsafe { std::env::set_var("FORGE_SKIP_LOCAL_MCP", "1") };
Copy link
Copy Markdown
Contributor

@laststylebender14 laststylebender14 May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generally we avoid using unsafe rust.

laststylebender14
laststylebender14 reviewed May 5, 2026
View reviewed changes
Comment thread crates/forge_main/src/main.rs Outdated
print!("Untrusted .mcp.json found in current directory. Do you trust its contents? (YES/NO): ");
std::io::stdout().flush().unwrap();
let mut input = String::new();
std::io::stdin().read_line(&mut input).unwrap();
Copy link
Copy Markdown
Contributor

@laststylebender14 laststylebender14 May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we already have components that you can leverage for asking prompts.

Copy link
Copy Markdown
Author

@SAAITAAMAA SAAITAAMAA May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@laststylebender14 is it acceptable now ?

@laststylebender14 laststylebender14 marked this pull request as draft May 5, 2026 03:31
@SAAITAAMAA SAAITAAMAA force-pushed the security/mcp-trust-prompt branch from b1c6e36 to 0e84894 Compare May 5, 2026 22:00
@SAAITAAMAA
fix(mcp): add trust dialog for local untrusted .mcp.json config
472bdb7 
This prevents autoloading of untrusted .mcp.json and mitigates the arbitrary code execution.

Used pre-existing confirmation code and removed unsafe block.
@SAAITAAMAA SAAITAAMAA force-pushed the security/mcp-trust-prompt branch from 0e84894 to 472bdb7 Compare May 5, 2026 22:03
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 12, 2026

Action required: PR inactive for 5 days.
Status update or closure in 10 days.

@github-actions github-actions Bot added the state: inactive No current action needed/possible; issue fixed, out of scope, or superseded. label May 12, 2026
@github-actions github-actions Bot removed the state: inactive No current action needed/possible; issue fixed, out of scope, or superseded. label May 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@laststylebender14 laststylebender14 laststylebender14 left review comments

Assignees

No one assigned

Labels

type: fix Iterations on existing features or infrastructure.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SAAITAAMAA @CLAassistant @laststylebender14