Feat/managed-mcp

[jairo-litman]

Based on the provided code changes, here is a precise description of the pull request:

Summary
This Pull Request introduces a flexible system for "Managed MCP Servers" driven by configuration files and significantly refactors the OAuth2 architecture to be more robust, centralized, and secure. It enables the application to support pre-configured MCP servers (like Sentry) with complex authentication flows alongside custom integrations.

Key Changes

• Managed MCP Servers:

  • Replaced hardcoded managed integrations (e.g., Context7) with a JSON-based configuration file (src/config/managed-mcp-servers.json).
  • Updated KodusMCPProvider to dynamically load server configurations, allowing for easy addition of new managed services (e.g., Sentry, Kodus Docs).
  • Implemented support for managed integrations that require OAuth2 authentication and dynamic client registration.

• OAuth2 Architecture Refactor:

  • New Service: Created IntegrationOAuthService to centralize OAuth logic, including discovery (.well-known), dynamic client registration, PKCE generation, authorization URL building, and token exchange/refresh.
  • State Management: Introduced a new database table (mcp_integration_oauth) and entity to store OAuth state (tokens, refresh tokens, PKCE verifiers, metadata) separately from the static integration configuration.
  • Utilities: Added comprehensive OAuth2 utility functions in src/common/utils/oauth.ts.

• Integration & Provider Updates:

  • KodusMCP Provider: Refactored to use CustomClient for managed connections and implemented methods (initiateManagedOAuth, finalizeManagedOAuth) to handle authentication flows for managed servers.
  • Custom Provider: Updated to leverage the new IntegrationOAuthService for retrieving valid access tokens and checking integration status.
  • Custom Client: Modified to accept token data directly in the constructor, decoupling it from the raw integration entity.

• API & Infrastructure:

  • Added new endpoints in McpController to initialize and finalize OAuth flows for specific providers (/mcp/integration/:provider/oauth/...).
  • Added a database migration for the new OAuth state table.
  • Added a developer utility script (scripts/mcp-auth-check.ts) to inspect MCP server authentication types.
  • Updated nest-cli.json to include configuration assets in the build output.

[kody-ai]

The redirectUri configuration logic was moved to integration-oauth.service.ts and relies on ConfigService. Please verify if this update requires any changes to the self-hosted environment configuration. cc @Wellington01. Kody Rule violation: Verificar atualizações de variáveis de ambiente

[kody-ai]

The PR description is empty. Please add a closing statement (e.g., 'Closes #123') to link the relevant issue. Kody Rule violation: Ensure PR closes referenced issues

[kody-ai]

Found critical issues please review the requested changes

• Logging the full registration response leaks the client secret and registration access token.
• Unvalidated baseUrl in initiateOAuth allows Server-Side Request Forgery (SSRF) attacks against internal infrastructure.

[kody-ai]

Kody Review Complete

Great news! 🎉
No issues were found that match your current review configurations.

Keep up the excellent work! 🚀

Kody Guide: Usage and Configuration

Interacting with Kody

• Request a Review: Ask Kody to review your PR manually by adding a comment with the @kody start-review command at the root of your PR.

• Validate Business Logic: Ask Kody to validate your code against business rules by adding a comment with the @kody -v business-logic command.

• Provide Feedback: Help Kody learn and improve by reacting to its comments with a 👍 for helpful suggestions or a 👎 if improvements are needed.

Current Kody Configuration

Review Options

The following review options are enabled or disabled:

Options	Enabled
Bug	✅
Performance	✅
Security	✅
Breaking Changes	✅
Cross File	✅
Kody Rules	✅
Code Style	✅
Refactoring	❌
Error Handling	❌
Maintainability	✅
Potential Issues	✅
Documentation And Comments	✅
Performance And Optimization	❌

Access your configuration settings here.

​

[kody-ai]

The pull request description does not contain a closing statement (e.g., "Closes #123" or "Fixes owner/repo#456"). Please update the description to reference the issue being resolved. Kody Rule violation: Ensure PR closes referenced issues