Skip to content

feat: MCP UI proxy to goose-server #5749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: feat/mcp-ui-improvements
Choose a base branch
from
Draft

feat: MCP UI proxy to goose-server #5749

wants to merge 1 commit into from
+211 −12

Conversation

@alexhancock
Copy link
Collaborator

@alexhancock alexhancock commented Nov 14, 2025
edited
Loading

@aharvard Draft of moving it. Not complete yet.

@alexhancock alexhancock marked this pull request as draft November 14, 2025 21:48
Copilot finished reviewing on behalf of alexhancock November 14, 2025 21:49
Copilot AI reviewed Nov 14, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR migrates the MCP UI proxy functionality from a local Electron-managed HTTP server to a centralized endpoint on the goose-server. The changes remove complex client-side proxy security infrastructure (token generation, header injection, WebContents whitelisting) in favor of a simpler server-side implementation.

Key changes:

  • Removes local proxy server initialization and IPC handlers from the Electron desktop app
  • Updates the MCP UI renderer to fetch proxy URL from goose-server instead of Electron main process
  • Adds /mcp-ui-proxy endpoint to goose-server with auth bypass

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
ui/desktop/src/preload.ts Removes getMcpUIProxyUrl IPC API definition
ui/desktop/src/main.ts Removes proxy initialization call
ui/desktop/src/components/MCPUIResourceRenderer.tsx Updates to construct proxy URL from goosed host/port
ui/desktop/src/api/types.gen.ts Generated TypeScript types for new endpoint
ui/desktop/src/api/sdk.gen.ts Generated SDK client for new endpoint
ui/desktop/openapi.json OpenAPI schema update for new endpoint
crates/goose-server/src/routes/mod.rs Registers new mcp_ui_proxy route module
crates/goose-server/src/openapi.rs Registers new endpoint in OpenAPI docs
crates/goose-server/src/auth.rs Bypasses authentication for /mcp-ui-proxy

crates/goose-server/src/routes/mod.rs
pub mod audio;
pub mod config_management;
pub mod errors;
pub mod mcp_ui_proxy;
Copy link

Copilot AI Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The mcp_ui_proxy.rs module file doesn't exist yet. This will cause a compilation error.

Copilot uses AI. Check for mistakes.
crates/goose-server/src/auth.rs
next: Next,
) -> Result<Response, StatusCode> {
if request.uri().path() == "/status" {
if request.uri().path() == "/status" || request.uri().path() == "/mcp-ui-proxy" {
Copy link

Copilot AI Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bypassing authentication for /mcp-ui-proxy removes the security protections from the original implementation (token validation, origin checks, WebContents whitelisting). This allows unauthenticated access to MCP UI resources. Consider requiring the X-Secret-Key header or document why this endpoint must be public.

Suggested change
if request.uri().path() == "/status" || request.uri().path() == "/mcp-ui-proxy" {
if request.uri().path() == "/status" {

Copilot uses AI. Check for mistakes.
@alexhancock alexhancock force-pushed the feat/mcp-ui-improvements-rust-server-goosed branch from 5d2cd63 to a7770d0 Compare November 14, 2025 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aharvard aharvard Awaiting requested review from aharvard

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexhancock