Skip to content

feat(fe): gate MCP card and /mcp route behind a feature flag#4031

Open
aterga wants to merge 6 commits into
mainfrom
claude/ci-monitoring-pr-4026-rppehq
Open

feat(fe): gate MCP card and /mcp route behind a feature flag#4031
aterga wants to merge 6 commits into
mainfrom
claude/ci-monitoring-pr-4026-rppehq

Conversation

@aterga

@aterga aterga commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Adds a new MCP feature flag in featureFlags.ts that defaults off everywhere except id.ai and beta.id.ai (matching the EMAIL_RECOVERY_SETUP pattern)
  • Gates McpAccessSection in the Settings page behind {#if $MCP} so the card is hidden on self-hosted / other deployments
  • Gates the /mcp delegation route by including $MCP in the requestValid derived — when the flag is off, the route falls through to the existing "Invalid request" screen

The flag can be overridden per-deployment via the canister feature_flags deploy arg, or at runtime via window.__featureFlags.MCP / ?feature_flag_MCP=true / localStorage, consistent with all other flags. E2e tests are unaffected because they run against id.ai where the flag auto-enables.

Test plan

  • On id.ai / beta.id.ai: MCP card still visible in Settings; /mcp flow works normally
  • On a self-hosted deployment (no domain match): MCP card absent from Settings; /mcp shows "Invalid request"
  • Operator can force-enable via feature_flags = opt vec { ("MCP", true) } in deploy args
  • Developer can toggle via browser console: window.__featureFlags.MCP.set(true/false)
  • Existing e2e tests for MCP pass (flag auto-on for id.ai test origin)

🤖 Generated with Claude Code

Generated by Claude Code

claude added 4 commits June 17, 2026 23:28
@claude
feat(fe): gate MCP card and /mcp route behind a feature flag
59cdc62 
Adds an `MCP` feature flag (defaulting off everywhere except id.ai and
beta.id.ai) to control visibility of the McpAccessSection settings card
and the /mcp delegation flow. On unsupported deployments the card is
hidden and the /mcp route falls through to the invalid screen, the same
way missing mcp_server_origin already does.

Co-Authored-By: Claude <noreply@anthropic.com>
@claude
chore(fe): fix prettier formatting in mcp page
9039993
@claude
chore: update package-lock.json after npm install
6a41204
@claude
ci: retrigger after transient Playwright CDN download failure
03ab071
@aterga aterga marked this pull request as ready for review June 18, 2026 08:19
@aterga aterga requested a review from a team as a code owner June 18, 2026 08:19
Copilot AI review requested due to automatic review settings June 18, 2026 08:19
@zeropath-ai

zeropath-ai Bot commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown

No security or compliance issues detected. Reviewed everything up to 007c922.

Security Overview
Detected Code Changes
Change Type Relevant files
Configuration changes ► .gitignore
    Add .svelte-kit to gitignore
► package-lock.json
    Update typescript dev dependency
    Add picomatch dependency
Enhancement ► src/frontend/src/lib/state/featureFlags.test.ts
    Add tests for MCP feature flag
► src/frontend/src/lib/state/featureFlags.ts
    Implement MCP feature flag
► src/frontend/src/routes/(new-styling)/manage/(authenticated)/settings/+page.svelte
    Conditionally render McpAccessSection based on MCP feature flag
► src/frontend/src/routes/(new-styling)/mcp/+page.svelte
    Enable MCP route when MCP feature flag is true

Copilot AI reviewed Jun 18, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a new frontend feature flag (MCP) to ensure MCP UI and the /mcp delegation flow are only available on id.ai / beta.id.ai by default, while remaining disabled on self-hosted/other deployments unless explicitly enabled via deploy args or runtime overrides.

Changes:

  • Added an MCP feature flag store defaulting off, auto-enabled on id.ai / beta.id.ai.
  • Hid the MCP access card on the Settings page behind the $MCP flag.
  • Gated /mcp request validation behind $MCP so disabled deployments fall back to the existing “Invalid request” screen.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
src/frontend/src/routes/(new-styling)/mcp/+page.svelte Adds $MCP to the /mcp request-validity gate so the flow is disabled when the flag is off.
src/frontend/src/routes/(new-styling)/manage/(authenticated)/settings/+page.svelte Conditionally renders the MCP settings card only when $MCP is enabled.
src/frontend/src/lib/state/featureFlags.ts Defines the new MCP feature flag (auto-enabled on id.ai/beta.id.ai) and exports it.
package-lock.json Lockfile updates related to dependency graph changes during install.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/frontend/src/lib/state/featureFlags.ts
Comment on lines +155 to +161
/// Show the MCP access card in settings and allow the /mcp delegation flow.
/// Defaults on for id.ai and beta.id.ai; off everywhere else.
export const MCP = createFeatureFlagStore(
"MCP",
false,
enableOnIdAiDomains("MCP"),
);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aterga @claude