feat: add compliant MCP tool surface via MCP_COMPLIANCE_MODE [DO NOT MERGE]#166
feat: add compliant MCP tool surface via MCP_COMPLIANCE_MODE [DO NOT MERGE]#166Xrazik1 wants to merge 1 commit into
Conversation
WalkthroughAdds ChangesCompliance Mode Implementation
Estimated code review effort: 4 (Complex) | ~45 minutes Sequence Diagram(s)sequenceDiagram
participant Environment
participant getConfig
participant registerSurface
participant CompliancePolicy
participant MCPTools
Environment->>getConfig: Read MCP_COMPLIANCE_MODE
getConfig->>registerSurface: Provide complianceMode
registerSurface->>CompliancePolicy: Evaluate isCompliant(config)
CompliancePolicy->>MCPTools: Select compliant or full schemas and registrations
MCPTools-->>registerSurface: Register selected tool surface
Possibly related PRs
Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
d2ba0a6 to
7880934
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/index.ts`:
- Around line 124-135: The compliance surface logging in src/index.ts only
distinguishes compliant, unset, and explicit opt-out, but it silently treats
invalid MCP_COMPLIANCE_MODE values as compliant; update the startup logic around
registerSurface and the complianceSurface computation to detect any non-accepted
normalized value and emit an explicit warning before logging the surface. Use
the existing parseComplianceMode/complianceMode flow to identify invalid inputs,
and keep the current console.error boot log while adding a clear warning path
for typoed or mis-scoped environment values.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 44dbf51f-90a0-4761-94fa-77fd1e06e826
📒 Files selected for processing (11)
README.mdsrc/@types/types.d.tssrc/config.tssrc/index.tssrc/resources/status.tssrc/skills/cookie-consent.mdsrc/skills/dynamic-content.mdsrc/skills/index.tssrc/skills/modals.mdsrc/skills/screenshots.mdsrc/skills/shadow-dom.md
✅ Files skipped from review due to trivial changes (5)
- src/skills/dynamic-content.md
- src/skills/screenshots.md
- src/skills/cookie-consent.md
- src/skills/modals.md
- README.md
| registerSurface(server, config, analytics); | ||
| // Log the active surface (both transports) so it's visible in the boot logs. | ||
| // complianceMode fails closed (see parseComplianceMode), so a fumbled *value* | ||
| // lands on the compliant surface. The remaining blind spot is a *missing* var — | ||
| // so distinguish "unset" (a dropped/typo'd/wrong-scoped env var on a directory | ||
| // deploy) from a deliberate opt-out, which otherwise both print "full". | ||
| const complianceSurface = config.complianceMode | ||
| ? 'compliant (reduced)' | ||
| : process.env.MCP_COMPLIANCE_MODE === undefined | ||
| ? 'full (MCP_COMPLIANCE_MODE unset — set it to "true" for the compliant surface)' | ||
| : 'full (explicit opt-out)'; | ||
| console.error(`[browserless-mcp] Tool surface: ${complianceSurface}`); |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Warn on invalid MCP_COMPLIANCE_MODE values.
Invalid values fail closed into compliant mode, but this branch logs them as compliant (reduced) without warning. That can hide a typo or incorrectly scoped environment variable; emit an explicit warning whenever the normalized value is neither an accepted opt-in nor opt-out value.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/index.ts` around lines 124 - 135, The compliance surface logging in
src/index.ts only distinguishes compliant, unset, and explicit opt-out, but it
silently treats invalid MCP_COMPLIANCE_MODE values as compliant; update the
startup logic around registerSurface and the complianceSurface computation to
detect any non-accepted normalized value and emit an explicit warning before
logging the surface. Use the existing parseComplianceMode/complianceMode flow to
identify invalid inputs, and keep the current console.error boot log while
adding a clear warning path for typoed or mis-scoped environment values.
Summary
Adds an opt-in compliant tool surface to the MCP server, selected per-process by the
MCP_COMPLIANCE_MODEenv var. When enabled, the server advertises a reduced, policy-compliant surface intended for the OpenAI / Anthropic app-directory listings (which reject the full surface for arbitrary code, scraping, and circumvention). The default full surface (flag off) is unchanged — verified byte-identical tomain.The compliant policy is centralized in
src/tools/compliance.ts; registration is gated insrc/tools/register.ts.What changes in compliant mode
smartscraper,function,map, andcrawl, plus the smartscraper-centricapi-docsresource and thescrape-url/extract-contentprompts. Registration is a data-driven surface table — every tool is classifiedboth/full, so a newly added tool is off the compliant surface by default.browserless_agentde-fanged at the schema level (strict — rejects, never silently strips): navigation/read commands only; nosolve/evaluate/loadSecret; no raw-BQL method passthrough; no top-levelproxy,profile, orcreateProfile.profilehydrates a saved auth session, so it is dropped as circumvention-adjacent.export/search/performanceuse.pick().strict()allowlists: dropscrapeOptions(search),includeResources(export), andprofile(all three). Run-layer guards back each schema.captchas,autonomous-login,auth-profile). The 8 allowed skill bodies are de-fanged at render — full-only passages (evaluate techniques, captcha selectors) are stripped via<!-- compliant-omit -->markers, with<!-- compliant-only -->replacements so each recipe stays coherent. Markers are validated at load and fail closed on anything malformed. Site-recipe pointers are suppressed in compliant agent replies (recipes can prescribe proxy/evaluate/login).surface: "compliant" | "full"; the boot log states the active surface.MCP_COMPLIANCE_MODEparsing is fail-closed — any set value other thanfalse/0/no/offenables the compliant surface.Testing
test/tools/compliance-mode.spec.tsguards the surface (exact tool set, schema accept/reject, run-layer defense, skill-body de-fang, marker validation, drift guards);test/lib/config.spec.tscovers fail-closed flag parsing. 515 passing, lint clean.Deploy
Full stays on
mcp.browserless.io/mcp; compliant serves at/mcp/connector(a second container withMCP_COMPLIANCE_MODE=true). Path routing is infra, not this repo — browserless/terraform#293 (connector container + LB) and browserless/load-balancer#94 (nginx route). This image is the prerequisite.[DO NOT MERGE] — PoC.
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Tests