feat: add safe application env upsert tool#56
Open
agentHits wants to merge 1 commit into
Open
Conversation
Что: - Добавлен generated MCP tool `application-env-upsert` для `POST /application.env.upsert`. - Добавлена поддержка OpenAPI pattern-record схем в генераторе, чтобы MCP валидировал имена env-переменных и непустой `variables`. - Добавлено редактирование submitted env values в логах handler для нового tool и regression tests на безопасный routing. Зачем: - MCP-клиенты смогут безопасно отправлять только нужные application env variables без client-side read/replace полного env блока. - Это снижает риск удаления или раскрытия существующих секретов при автоматизации через MCP. Риски: - Endpoint пока зависит от Dokploy core PR #4581 и отсутствует в published OpenAPI. - Live Dokploy backend не вызывался. Проверки: - Команды и результаты: `corepack pnpm exec vitest run src/server.test.ts --reporter=verbose` passed, 1 file / 6 tests; `corepack pnpm run lint` passed with existing `src/utils/responseFormatter.ts` warning; `corepack pnpm run type-check` passed; `corepack pnpm run test` passed, 3 files / 27 tests; `corepack pnpm run build` passed; `git diff --check` passed. - Ограничения: live Dokploy backend and final core OpenAPI sync were not verified because core PR #4581 is still open. What: - Added the generated MCP `application-env-upsert` tool for `POST /application.env.upsert`. - Added OpenAPI pattern-record support to the generator so MCP validates env variable names and non-empty `variables`. - Added handler log redaction for submitted env values on the new tool and regression tests for safe routing. Why: - MCP clients can send only the requested application env variables without client-side full env read/replace. - This reduces the risk of deleting or exposing existing secrets during MCP automation. Risks: - The endpoint still depends on Dokploy core PR #4581 and is not present in the published OpenAPI yet. - Live Dokploy backend was not exercised. Checks: - Commands and results: `corepack pnpm exec vitest run src/server.test.ts --reporter=verbose` passed, 1 file / 6 tests; `corepack pnpm run lint` passed with existing `src/utils/responseFormatter.ts` warning; `corepack pnpm run type-check` passed; `corepack pnpm run test` passed, 3 files / 27 tests; `corepack pnpm run build` passed; `git diff --check` passed. - Limitations: live Dokploy backend and final core OpenAPI sync were not verified because core PR #4581 is still open.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Status: ready for review, blocked for merge.
Please review the MCP implementation now, but do not merge until
Dokploy/dokploy#4581 lands or maintainers confirm the final
/application.env.upsertAPI/OpenAPI shape.Adds dependent MCP support for the safe application environment variable upsert API from Dokploy core.
This PR exposes
application-env-upsertforPOST /application.env.upsertso MCP clients can send only the variables they need to add or update, without reading or reconstructing the full current application env block.Closes #55.
Refs Dokploy/dokploy#4525.
Depends on Dokploy/dokploy#4581.
Dependency / Merge Gate
/application.env.upsertis not present in the published Dokploy OpenAPI yet. This PR is ready for review, but should not merge until Dokploy/dokploy#4581 lands or maintainers confirm the final API/OpenAPI shape.The core issue and implementation were opened by @agentHits. Review from Dokploy maintainers, including @Siumauricio if this API surface is in scope, would help confirm when the MCP side can be safely promoted.
What Changed
/application.env.upserttosrc/generated/openapi.json.src/generated/tools.tsandTOOLS.md, increasing the tool count from 524 to 525.propertyNames.pattern+minPropertiesfor string record schemas.Safety Notes
application.saveEnvironmentis used.Checks
corepack pnpm exec vitest run src/server.test.ts --reporter=verbosecorepack pnpm run lint(passes with existingsrc/utils/responseFormatter.tswarning)corepack pnpm run type-checkcorepack pnpm run testcorepack pnpm run buildgit diff --checkIndependent Agent Flow QA also re-ran targeted Vitest, type-check, and diff check with no blockers.
Not Verified