kb/openspec/changes/mcp-allowed-hosts/tasks.md at da5b8435bcf17eaca4cad27d87abd823de3d6837 - kb - DCG Git

steve/kb

Files

T

steve da5b8435bc Add configurable allowed hosts for MCP remote access (KB_MCP_ALLOWED_HOSTS)

The MCP SDK's DNS rebinding protection rejects remote clients with 421
when the Host header isn't in the allowlist. Add KB_MCP_ALLOWED_HOSTS env
var (comma-separated IPs/FQDNs) to configure additional allowed hosts
while keeping localhost always permitted.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-04 12:39:43 +01:00

949 B

Raw Blame History

1. Configuration

1.1 Add KB_MCP_ALLOWED_HOSTS to mcp/config.py — read from env, default empty string
1.2 Add host-parsing helper that splits the comma-separated value, strips whitespace, and filters empty entries

2. Transport security

2.1 Build TransportSecuritySettings in mcp/server.py — merge localhost defaults with parsed KB_MCP_ALLOWED_HOSTS, derive allowed origins from allowed hosts
2.2 Pass transport_security= to the FastMCP() constructor

3. Compose files

3.1 Add KB_MCP_ALLOWED_HOSTS=${KB_MCP_ALLOWED_HOSTS:-} to the kb-mcp environment block in compose.cpu.yaml, compose.nvidia.yaml, and compose.rocm.yaml with a comment explaining the format

4. Verification

4.1 Test: unset KB_MCP_ALLOWED_HOSTS — confirm localhost connects, remote host gets 421
4.2 Test: set KB_MCP_ALLOWED_HOSTS to the server IP — confirm remote host connects successfully