Conversation
greedy52
added
no-changelog
greedy52
force-pushed
the
STeve/54705_enhance_mcp_server_connect_ui
branch
from
379e874 to
1d46cfb
Compare
github-actions
bot
added
size/md
tsh
| *Note: You might need to restart your MCP client to load the | ||
| updated configuration. |
There was a problem hiding this comment.
As someone who has no idea what tsh mcp config does, I don't know what "the updated configuration" means in this context. 😅 Does it mean that tsh mcp config has some side effects and that's why I need to restart the MCP client?
On the other hand, just above this note there's a config that I can copy, so it's just a bit confusing to me why I need to restart anything in the first place since I can just copy something? 🤔
I guess I just don't fully understand the relationship between the buttons, the config and the tsh command.
There was a problem hiding this comment.
tsh mcp config basically prints the same json in claude desktop format but it also prints some other relavent hints and offers to update the client json file on local systems directly without you manually copy-paste. of course, that is if you are not using the install link from the Web UI. gabriel was looking into install link for tsh but doesn't seem easy (because of the schema).
so the "restart your MCP client" part not only applies to tsh mcp config, but also the part above. it's just a general hint for people using LLMs like claude desktop when they configuring their MCP servers. Users should be familiar with their own LLM tool and know whether they need to restart it in general. we added this note just to emphasis on that again. you can see the steps in Claude desktop's official guide as well that a restart is required as the last step
https://modelcontextprotocol.io/quickstart/user#installing-the-filesystem-server
| return { | ||
| cursor: cursorLink.toString(), | ||
| vscode: `vscode:mcp/install?${vscodeEncodedConfig}`, | ||
| vscodeInsiders: `vscode-insiders:mcp/install?${vscodeEncodedConfig}`, |
There was a problem hiding this comment.
Regarding a possible Connect implementation: This will be a bit of a pain to move to Connect. All external links are blocked by default, with a few exceptions, like hosts of currently added clusters, goteleport.com so that we can link to the docs.
The general principle we try to follow is that even if an attacker manages to get XSS in Connect, we want to limit how they might exploit it. In this case it means allowing access only to a trusted set of hosts.
With the deep links to Cursor and VSCode, I suppose we'd need to grant blanket access to mcp/install with any config because I don't see how we could restrict it in a more granular fashion.
There was a problem hiding this comment.
the install links has special schemas like cursor://, vscode:// and they open those desktop apps, a little different from https://. maybe we need to re-evaluate the security risk for those. well, once the desktop app opens the install link, usually it's a dialog confirm on the MCP server config to be added.
so i think for Connect maybe we can whitelist the install links, with the schema, but without the parameters. if we need to do extra validations, we can extract details from the parameters like validating correct command is used.
public-teleport-github-review-bot
bot
removed the request for review
from bl-nero
greedy52
removed
the
no-changelog
* beautify MCP connect dialog * refactor(web): add cursor and mcp vscode install buttons * move helpers to shared package in case need to support Connect * rename AppLinks to InstallLinks and * review comments --------- Co-authored-by: Gabriel Corado <gabriel.oliveira@goteleport.com>
* beautify MCP connect dialog * refactor(web): add cursor and mcp vscode install buttons * move helpers to shared package in case need to support Connect * rename AppLinks to InstallLinks and * review comments --------- Co-authored-by: Gabriel Corado <gabriel.oliveira@goteleport.com>
3 participants
changelog: added Cursor and VSCode install buttons in MCP connect dialog in Web UI
changes:
tsh mcp configcommandtsh mcp logintotsh mcp configNote: the buttons are common ways to install MCP servers in the community, examples:
storybook screenshot:
(old one here: #55306)