ollama

Commit Graph

Author	SHA1	Message	Date
code4me2	c747bedbfa	server: add declarative auto-enable for MCP servers Add configuration-driven auto-enable system allowing MCP servers to declare when they should activate based on context. MCPDefinitions (server/mcp_definitions.go): - Static server configuration from config files - AutoEnableMode: never, always, with_path, if_match - EnableCondition: file_exists, env_set conditions - Config loading: ~/.ollama/, /etc/ollama/, OLLAMA_MCP_SERVERS MCPSessionManager (server/mcp_sessions.go): - Runtime session tracking with TTL - Session pooling for API requests CommandResolver (server/mcp_command_resolver.go): - CommandResolverInterface for dependency injection - DefaultCommandResolver singleton for production use Public API (server/mcp.go): - GetMCPServersForTools(): CLI tool resolution - GetMCPManager(): Session-based manager access - ListMCPServers(): Server discovery Relates to #7865	2025-12-28 15:06:47 -08:00
code4me2	fc05536d52	server: add MCP security layer for command validation Add security infrastructure to validate and restrict MCP server commands before execution. MCPValidator (server/mcp_validator.go): - Command allowlist/blocklist validation - Argument sanitization (blocks shell metacharacters) - Environment variable name validation - Per-server security policy enforcement MCPSecurityConfig (server/mcp_security_config.go): - Configurable security rules per server - Default blocklist: bash, sh, sudo, rm, curl, wget, eval - Blocked metacharacters: ; \| & $( ` > < = etc. - SECURITY REVIEW markers for critical sections MCPCommandResolver (server/mcp_command_resolver.go): - Resolves command paths across different environments - npx/npm detection and path resolution MCPCodeAPI (server/mcp_code_api.go): - Programmatic API for MCP server management Relates to #7865	2025-12-28 15:06:47 -08:00

Author

SHA1

Message

Date

code4me2

c747bedbfa

server: add declarative auto-enable for MCP servers

Add configuration-driven auto-enable system allowing MCP servers to
declare when they should activate based on context.

MCPDefinitions (server/mcp_definitions.go):
- Static server configuration from config files
- AutoEnableMode: never, always, with_path, if_match
- EnableCondition: file_exists, env_set conditions
- Config loading: ~/.ollama/, /etc/ollama/, OLLAMA_MCP_SERVERS

MCPSessionManager (server/mcp_sessions.go):
- Runtime session tracking with TTL
- Session pooling for API requests

CommandResolver (server/mcp_command_resolver.go):
- CommandResolverInterface for dependency injection
- DefaultCommandResolver singleton for production use

Public API (server/mcp.go):
- GetMCPServersForTools(): CLI tool resolution
- GetMCPManager(): Session-based manager access
- ListMCPServers(): Server discovery

Relates to #7865

2025-12-28 15:06:47 -08:00

code4me2

fc05536d52

server: add MCP security layer for command validation

Add security infrastructure to validate and restrict MCP server commands
before execution.

MCPValidator (server/mcp_validator.go):
- Command allowlist/blocklist validation
- Argument sanitization (blocks shell metacharacters)
- Environment variable name validation
- Per-server security policy enforcement

MCPSecurityConfig (server/mcp_security_config.go):
- Configurable security rules per server
- Default blocklist: bash, sh, sudo, rm, curl, wget, eval
- Blocked metacharacters: ; | & $( ` > < = etc.
- SECURITY REVIEW markers for critical sections

MCPCommandResolver (server/mcp_command_resolver.go):
- Resolves command paths across different environments
- npx/npm detection and path resolution

MCPCodeAPI (server/mcp_code_api.go):
- Programmatic API for MCP server management

Relates to #7865

2025-12-28 15:06:47 -08:00

2 Commits