Skip to content

feat: add compliant MCP tool surface via MCP_COMPLIANCE_MODE [DO NOT MERGE]#166

Open
Xrazik1 wants to merge 1 commit into
mainfrom
feat/connector-mode-poc
Open

feat: add compliant MCP tool surface via MCP_COMPLIANCE_MODE [DO NOT MERGE]#166
Xrazik1 wants to merge 1 commit into
mainfrom
feat/connector-mode-poc

Conversation

@Xrazik1

@Xrazik1 Xrazik1 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds an opt-in compliant tool surface to the MCP server, selected per-process by the MCP_COMPLIANCE_MODE env var. When enabled, the server advertises a reduced, policy-compliant surface intended for the OpenAI / Anthropic app-directory listings (which reject the full surface for arbitrary code, scraping, and circumvention). The default full surface (flag off) is unchanged — verified byte-identical to main.

The compliant policy is centralized in src/tools/compliance.ts; registration is gated in src/tools/register.ts.

What changes in compliant mode

  • Tools: 5 instead of 9. Drops smartscraper, function, map, and crawl, plus the smartscraper-centric api-docs resource and the scrape-url / extract-content prompts. Registration is a data-driven surface table — every tool is classified both/full, so a newly added tool is off the compliant surface by default.
  • browserless_agent de-fanged at the schema level (strict — rejects, never silently strips): navigation/read commands only; no solve / evaluate / loadSecret; no raw-BQL method passthrough; no top-level proxy, profile, or createProfile. profile hydrates a saved auth session, so it is dropped as circumvention-adjacent.
  • export / search / performance use .pick().strict() allowlists: drop scrapeOptions (search), includeResources (export), and profile (all three). Run-layer guards back each schema.
  • Skills. The tool enum and auto-injection are filtered to 8 (drops captchas, autonomous-login, auth-profile). The 8 allowed skill bodies are de-fanged at render — full-only passages (evaluate techniques, captcha selectors) are stripped via <!-- compliant-omit --> markers, with <!-- compliant-only --> replacements so each recipe stays coherent. Markers are validated at load and fail closed on anything malformed. Site-recipe pointers are suppressed in compliant agent replies (recipes can prescribe proxy/evaluate/login).
  • Status + logging. The status resource reports surface: "compliant" | "full"; the boot log states the active surface. MCP_COMPLIANCE_MODE parsing is fail-closed — any set value other than false/0/no/off enables the compliant surface.

Testing

  • Unit: test/tools/compliance-mode.spec.ts guards the surface (exact tool set, schema accept/reject, run-layer defense, skill-body de-fang, marker validation, drift guards); test/lib/config.spec.ts covers fail-closed flag parsing. 515 passing, lint clean.
  • End-to-end (local, live backend behind a faithful nginx topology): both endpoints work; the full surface is byte-identical to production; the compliant endpoint exposes the reduced, de-fanged surface; prohibited operations are rejected at parameter validation before execution; shared-auth OAuth discovery resolves for the path-routed connector.

Deploy

Full stays on mcp.browserless.io/mcp; compliant serves at /mcp/connector (a second container with MCP_COMPLIANCE_MODE=true). Path routing is infra, not this repo — browserless/terraform#293 (connector container + LB) and browserless/load-balancer#94 (nginx route). This image is the prerequisite.

[DO NOT MERGE] — PoC.

Summary by CodeRabbit

  • New Features

    • Added a new compliance mode that switches the app to a reduced, directory-friendly tool surface.
    • Some tools and skill guidance now adapt automatically based on the selected mode.
  • Bug Fixes

    • Tightened tool availability and parameter handling so restricted actions are no longer exposed in compliance mode.
    • Status responses now consistently report whether the server is running in compliant or full mode.
  • Documentation

    • Updated setup docs to include the new compliance environment variable and its behavior.
  • Tests

    • Added coverage for configuration, tool registration, and compliance filtering behavior.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

Adds MCP_COMPLIANCE_MODE configuration and applies compliant-surface restrictions to MCP tool registration, agent commands, schemas, descriptions, skill rendering, and status responses. Tests cover full versus compliant tool surfaces and filtered parameters and skills.

Changes

Compliance Mode Implementation

Layer / File(s) Summary
Compliance configuration
src/@types/types.d.ts, src/config.ts, README.md, test/lib/config.spec.ts
Adds required complianceMode configuration, fail-closed environment parsing, documentation, and environment-value tests.
Compliance policy and schemas
src/tools/compliance.ts, src/tools/schemas.ts
Defines restricted skills, visible-skill filtering, compliant descriptions, and a strict allowlisted agent schema.
Compliant tool surfaces
src/tools/agent.ts, src/tools/search.ts, src/tools/export.ts
Selects compliant schemas and descriptions, rejects non-allowlisted agent methods, and filters restricted triggered skills.
Compliance-aware skill rendering
src/skills/index.ts, src/skills/*.md
Validates balanced compliance markers and conditionally removes marked skill content during rendering.
Surface registration and status reporting
src/tools/register.ts, src/index.ts, src/resources/status.ts
Centralizes registration, omits function/map/crawl tools in compliant mode, logs the active surface, and reports it in status responses.
Compliance behavior validation
test/tools/compliance-mode.spec.ts
Tests tool counts, agent restrictions, restricted skills, parameter removal, descriptions, and visible-skill filtering in both modes.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Environment
  participant getConfig
  participant registerSurface
  participant CompliancePolicy
  participant MCPTools

  Environment->>getConfig: Read MCP_COMPLIANCE_MODE
  getConfig->>registerSurface: Provide complianceMode
  registerSurface->>CompliancePolicy: Evaluate isCompliant(config)
  CompliancePolicy->>MCPTools: Select compliant or full schemas and registrations
  MCPTools-->>registerSurface: Register selected tool surface
Loading

Possibly related PRs

Suggested reviewers: ahmedAmien

Poem

A rabbit hops through schemas bright,
Six tools remain in compliant light.
Restricted skills hide from view,
Commands are checked before they’re due.
“Binky!” says the surface, trimmed and neat.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly summarizes the main change: adding an MCP compliant surface controlled by MCP_COMPLIANCE_MODE.
Description check ✅ Passed The description covers the summary and testing well, but it omits the template's Related issues, Changes, and Checklist sections.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/connector-mode-poc

Comment @coderabbitai help to get the list of available commands.

@Xrazik1 Xrazik1 force-pushed the feat/connector-mode-poc branch from d2ba0a6 to 7880934 Compare July 9, 2026 22:02

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/index.ts`:
- Around line 124-135: The compliance surface logging in src/index.ts only
distinguishes compliant, unset, and explicit opt-out, but it silently treats
invalid MCP_COMPLIANCE_MODE values as compliant; update the startup logic around
registerSurface and the complianceSurface computation to detect any non-accepted
normalized value and emit an explicit warning before logging the surface. Use
the existing parseComplianceMode/complianceMode flow to identify invalid inputs,
and keep the current console.error boot log while adding a clear warning path
for typoed or mis-scoped environment values.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 44dbf51f-90a0-4761-94fa-77fd1e06e826

📥 Commits

Reviewing files that changed from the base of the PR and between d2ba0a6 and 7880934.

📒 Files selected for processing (11)
  • README.md
  • src/@types/types.d.ts
  • src/config.ts
  • src/index.ts
  • src/resources/status.ts
  • src/skills/cookie-consent.md
  • src/skills/dynamic-content.md
  • src/skills/index.ts
  • src/skills/modals.md
  • src/skills/screenshots.md
  • src/skills/shadow-dom.md
✅ Files skipped from review due to trivial changes (5)
  • src/skills/dynamic-content.md
  • src/skills/screenshots.md
  • src/skills/cookie-consent.md
  • src/skills/modals.md
  • README.md

Comment thread src/index.ts
Comment on lines +124 to +135
registerSurface(server, config, analytics);
// Log the active surface (both transports) so it's visible in the boot logs.
// complianceMode fails closed (see parseComplianceMode), so a fumbled *value*
// lands on the compliant surface. The remaining blind spot is a *missing* var —
// so distinguish "unset" (a dropped/typo'd/wrong-scoped env var on a directory
// deploy) from a deliberate opt-out, which otherwise both print "full".
const complianceSurface = config.complianceMode
? 'compliant (reduced)'
: process.env.MCP_COMPLIANCE_MODE === undefined
? 'full (MCP_COMPLIANCE_MODE unset — set it to "true" for the compliant surface)'
: 'full (explicit opt-out)';
console.error(`[browserless-mcp] Tool surface: ${complianceSurface}`);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

Warn on invalid MCP_COMPLIANCE_MODE values.

Invalid values fail closed into compliant mode, but this branch logs them as compliant (reduced) without warning. That can hide a typo or incorrectly scoped environment variable; emit an explicit warning whenever the normalized value is neither an accepted opt-in nor opt-out value.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/index.ts` around lines 124 - 135, The compliance surface logging in
src/index.ts only distinguishes compliant, unset, and explicit opt-out, but it
silently treats invalid MCP_COMPLIANCE_MODE values as compliant; update the
startup logic around registerSurface and the complianceSurface computation to
detect any non-accepted normalized value and emit an explicit warning before
logging the surface. Use the existing parseComplianceMode/complianceMode flow to
identify invalid inputs, and keep the current console.error boot log while
adding a clear warning path for typoed or mis-scoped environment values.

@Xrazik1 Xrazik1 marked this pull request as ready for review July 9, 2026 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant