Skip to content

feat: add compliant MCP tool surface via MCP_COMPLIANCE_MODE [DO NOT MERGE]#166

Open
Xrazik1 wants to merge 3 commits into
mainfrom
feat/connector-mode-poc
Open

feat: add compliant MCP tool surface via MCP_COMPLIANCE_MODE [DO NOT MERGE]#166
Xrazik1 wants to merge 3 commits into
mainfrom
feat/connector-mode-poc

Conversation

@Xrazik1

@Xrazik1 Xrazik1 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds an opt-in compliant tool surface to the MCP server, selected per-process by the MCP_COMPLIANCE_MODE env var. When enabled, the server advertises a reduced, policy-compliant surface intended for the OpenAI / Anthropic app-directory listings (which reject the full surface for arbitrary code, scraping, and circumvention). The default full surface (flag off) is unchanged — verified byte-identical to main.

The compliant policy is centralized in src/tools/compliance.ts; registration is gated in src/tools/register.ts.

What changes in compliant mode

  • Tools: 5 instead of 9. Drops smartscraper, function, map, and crawl, plus the smartscraper-centric api-docs resource and the scrape-url / extract-content prompts. Registration is a data-driven surface table — every tool is classified both/full, so a newly added tool is off the compliant surface by default.
  • browserless_agent de-fanged at the schema level (strict — rejects, never silently strips): navigation/read commands only; no solve / evaluate / loadSecret; no raw-BQL method passthrough; no top-level proxy, profile, or createProfile. profile hydrates a saved auth session, so it is dropped as circumvention-adjacent.
  • export / search / performance use .pick().strict() allowlists: drop scrapeOptions (search), includeResources (export), and profile (all three). Run-layer guards back each schema.
  • Skills. The tool enum and auto-injection are filtered to 8 (drops captchas, autonomous-login, auth-profile). The 8 allowed skill bodies are de-fanged at render — full-only passages (evaluate techniques, captcha selectors) are stripped via <!-- compliant-omit --> markers, with <!-- compliant-only --> replacements so each recipe stays coherent. Markers are validated at load and fail closed on anything malformed. Site-recipe pointers are suppressed in compliant agent replies (recipes can prescribe proxy/evaluate/login).
  • Status + logging. The status resource reports surface: "compliant" | "full"; the boot log states the active surface. MCP_COMPLIANCE_MODE parsing is fail-closed — any set value other than false/0/no/off enables the compliant surface.

Testing

  • Unit: test/tools/compliance-mode.spec.ts guards the surface (exact tool set, schema accept/reject, run-layer defense, skill-body de-fang, marker validation, drift guards); test/lib/config.spec.ts covers fail-closed flag parsing. 515 passing, lint clean.
  • End-to-end (local, live backend behind a faithful nginx topology): both endpoints work; the full surface is byte-identical to production; the compliant endpoint exposes the reduced, de-fanged surface; prohibited operations are rejected at parameter validation before execution; shared-auth OAuth discovery resolves for the path-routed connector.

Deploy

Full stays on mcp.browserless.io/mcp; compliant serves at /mcp/connector (a second container with MCP_COMPLIANCE_MODE=true). Path routing is infra, not this repo — browserless/terraform#293 (connector container + LB) and browserless/load-balancer#94 (nginx route). This image is the prerequisite.

[DO NOT MERGE] — PoC.

Summary by CodeRabbit

  • New Features
    • Added MCP_COMPLIANCE_MODE to enable a reduced, directory-compliant tool surface, using fail-closed parsing with startup warnings for unrecognized values.
    • Exposed complianceMode in runtime configuration and centralized surface registration to differentiate compliant vs full availability.
    • Enforced compliant-only skill rendering (marker-based omit/only stripping) plus stricter parameter allowlists across agent/search/export/performance/tools.
  • Bug Fixes
    • Status endpoint now reports the active surface (compliant vs full).
  • Documentation
    • Documented MCP_COMPLIANCE_MODE in the environment variables section.
  • Tests
    • Expanded end-to-end and defense-in-depth compliance-mode regression coverage, including surface drift and marker validation.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

Adds MCP_COMPLIANCE_MODE configuration and applies compliant-surface restrictions to MCP registration, agent commands, schemas, descriptions, skill rendering, session transport, and status responses. Tests cover full versus compliant surfaces, filtered parameters, runtime guards, and visible skills.

Changes

Compliance Mode Implementation

Layer / File(s) Summary
Compliance configuration
src/@types/types.d.ts, src/config.ts, README.md, src/index.ts, src/resources/status.ts, test/...
Adds required compliance configuration, fail-closed parsing, startup classification, status reporting, documentation, registration wiring, and updated configuration fixtures.
Compliance policy and schemas
src/tools/compliance.ts, src/tools/schemas.ts
Defines compliant skill and command allowlists, visible-skill filtering, compliant descriptions, and strict agent parameters.
Compliant tool behavior
src/tools/agent.ts, src/tools/search.ts, src/tools/export.ts, src/tools/performance.ts, src/lib/agent-client.ts, src/skills/system-prompt.ts
Selects compliant schemas and descriptions, rejects restricted parameters and methods, filters triggered skills, suppresses site recipes, removes proxy/profile transport fields, and adds a compliant agent prompt.
Compliance-aware skill rendering
src/skills/index.ts, src/skills/*.md, test/skills/skills.spec.ts
Validates balanced compliance markers and conditionally removes or retains marked skill content during rendering.
Surface validation
test/tools/compliance-mode.spec.ts
Tests registrations, schemas, execution guards, skill filtering and rendering, marker validation, and status responses.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Environment
  participant getConfig
  participant registerSurface
  participant CompliancePolicy
  participant MCPTools
  participant StatusResource

  Environment->>getConfig: Read MCP_COMPLIANCE_MODE
  getConfig->>registerSurface: Provide complianceMode
  registerSurface->>CompliancePolicy: Evaluate isCompliant(config)
  CompliancePolicy->>MCPTools: Select compliant or full registrations and schemas
  MCPTools-->>registerSurface: Register selected surface
  StatusResource-->>Environment: Report compliant or full surface
Loading

Possibly related PRs

Suggested reviewers: andymrtnzp, ashwinsingh2007

Poem

A rabbit hops through schemas bright,
Compliant tools are trimmed just right.
Restricted skills hide from view,
Commands are checked before they’re due.
“Binky!” sings the surface neat.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise, specific, and accurately summarizes the main change: adding a compliant MCP tool surface via MCP_COMPLIANCE_MODE.
Description check ✅ Passed The description covers the summary, major changes, testing, and deployment notes; only the template's Related issues and checklist sections are missing.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/connector-mode-poc

Comment @coderabbitai help to get the list of available commands.

@Xrazik1 Xrazik1 force-pushed the feat/connector-mode-poc branch from d2ba0a6 to 7880934 Compare July 9, 2026 22:02

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/index.ts`:
- Around line 124-135: The compliance surface logging in src/index.ts only
distinguishes compliant, unset, and explicit opt-out, but it silently treats
invalid MCP_COMPLIANCE_MODE values as compliant; update the startup logic around
registerSurface and the complianceSurface computation to detect any non-accepted
normalized value and emit an explicit warning before logging the surface. Use
the existing parseComplianceMode/complianceMode flow to identify invalid inputs,
and keep the current console.error boot log while adding a clear warning path
for typoed or mis-scoped environment values.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 44dbf51f-90a0-4761-94fa-77fd1e06e826

📥 Commits

Reviewing files that changed from the base of the PR and between d2ba0a6 and 7880934.

📒 Files selected for processing (11)
  • README.md
  • src/@types/types.d.ts
  • src/config.ts
  • src/index.ts
  • src/resources/status.ts
  • src/skills/cookie-consent.md
  • src/skills/dynamic-content.md
  • src/skills/index.ts
  • src/skills/modals.md
  • src/skills/screenshots.md
  • src/skills/shadow-dom.md
✅ Files skipped from review due to trivial changes (5)
  • src/skills/dynamic-content.md
  • src/skills/screenshots.md
  • src/skills/cookie-consent.md
  • src/skills/modals.md
  • README.md

Comment thread src/index.ts
@Xrazik1 Xrazik1 marked this pull request as ready for review July 9, 2026 22:17
@Xrazik1 Xrazik1 force-pushed the feat/connector-mode-poc branch from 7880934 to dd2239c Compare July 13, 2026 13:24

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
src/tools/compliance.ts (1)

27-36: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Hand-synced skill list risks drift.

COMPLIANT_SKILLS (Line 27) and COMPLIANT_SKILL_TOOL_DESCRIPTION's bullet list (Line 82) are currently in sync but independently maintained. Adding/removing an id from the allowlist won't update the description text, and nothing will catch the mismatch.

Consider generating the bullet list from COMPLIANT_SKILLS (or a shared id→blurb map) so the two can't diverge.

Also applies to: 77-89

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/tools/compliance.ts` around lines 27 - 36, Eliminate the independently
maintained skill bullet list by deriving COMPLIANT_SKILL_TOOL_DESCRIPTION from
COMPLIANT_SKILLS, or from a shared skill-id-to-blurb mapping that also defines
the allowlist. Ensure adding or removing a compliant skill automatically updates
the description while preserving the existing ordering and wording.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/tools/schemas.ts`:
- Around line 751-784: Update compliantCommandSchemas to remove the
action-capable ClickCommandSchema, TypeCommandSchema, SelectCommandSchema,
CheckboxCommandSchema, HoverCommandSchema, and UploadFileCommandSchema, keeping
only commands permitted by the navigation/read-only policy. Since
COMPLIANT_AGENT_METHODS derives from this list, ensure both schema validation
and the run-layer guard reject each removed method, and add rejection tests
covering all six methods.

---

Nitpick comments:
In `@src/tools/compliance.ts`:
- Around line 27-36: Eliminate the independently maintained skill bullet list by
deriving COMPLIANT_SKILL_TOOL_DESCRIPTION from COMPLIANT_SKILLS, or from a
shared skill-id-to-blurb mapping that also defines the allowlist. Ensure adding
or removing a compliant skill automatically updates the description while
preserving the existing ordering and wording.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0eab4659-a07c-43c3-9c93-8bf472d7c54f

📥 Commits

Reviewing files that changed from the base of the PR and between 7880934 and dd2239c.

📒 Files selected for processing (34)
  • README.md
  • src/@types/types.d.ts
  • src/config.ts
  • src/index.ts
  • src/resources/status.ts
  • src/skills/cookie-consent.md
  • src/skills/dynamic-content.md
  • src/skills/index.ts
  • src/skills/modals.md
  • src/skills/screenshots.md
  • src/skills/shadow-dom.md
  • src/skills/snapshot-misses.md
  • src/tools/agent.ts
  • src/tools/compliance.ts
  • src/tools/export.ts
  • src/tools/performance.ts
  • src/tools/register.ts
  • src/tools/schemas.ts
  • src/tools/search.ts
  • test/integration/server.spec.ts
  • test/lib/api-client.spec.ts
  • test/lib/config.spec.ts
  • test/resources/resources.spec.ts
  • test/skills/skills.spec.ts
  • test/tools/agent.spec.ts
  • test/tools/annotations.spec.ts
  • test/tools/compliance-mode.spec.ts
  • test/tools/crawl.spec.ts
  • test/tools/export.spec.ts
  • test/tools/function.spec.ts
  • test/tools/map.spec.ts
  • test/tools/performance.spec.ts
  • test/tools/search.spec.ts
  • test/tools/smartscraper.spec.ts
🚧 Files skipped from review as they are similar to previous changes (11)
  • src/skills/screenshots.md
  • src/skills/cookie-consent.md
  • src/skills/dynamic-content.md
  • src/tools/export.ts
  • src/resources/status.ts
  • README.md
  • src/skills/shadow-dom.md
  • src/skills/modals.md
  • src/index.ts
  • src/skills/index.ts
  • src/tools/agent.ts

Comment thread src/tools/schemas.ts
@Xrazik1 Xrazik1 force-pushed the feat/connector-mode-poc branch from dd2239c to f5293aa Compare July 13, 2026 13:39

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/tools/compliance-mode.spec.ts`:
- Around line 274-283: Update the compliance-mode test to define the eight
approved skill IDs as an independent expected allowlist rather than deriving
them from COMPLIANT_SKILLS. Use this fixed list to assert both the
COMPLIANT_SKILLS contents and schema acceptance, ensuring accidental changes to
COMPLIANT_SKILLS cannot make the assertions pass.
- Around line 439-450: Update the runtime allowlist test in
compliance-mode.spec.ts to invoke an unknown method instead of evaluate,
ensuring it verifies fail-closed behavior for non-allowlisted commands. Leave
the later batch-index test responsible for covering the known prohibited
evaluate method.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9e58d497-6929-4fce-acbc-0220dd45ecf6

📥 Commits

Reviewing files that changed from the base of the PR and between dd2239c and f5293aa.

📒 Files selected for processing (34)
  • README.md
  • src/@types/types.d.ts
  • src/config.ts
  • src/index.ts
  • src/resources/status.ts
  • src/skills/cookie-consent.md
  • src/skills/dynamic-content.md
  • src/skills/index.ts
  • src/skills/modals.md
  • src/skills/screenshots.md
  • src/skills/shadow-dom.md
  • src/skills/snapshot-misses.md
  • src/tools/agent.ts
  • src/tools/compliance.ts
  • src/tools/export.ts
  • src/tools/performance.ts
  • src/tools/register.ts
  • src/tools/schemas.ts
  • src/tools/search.ts
  • test/integration/server.spec.ts
  • test/lib/api-client.spec.ts
  • test/lib/config.spec.ts
  • test/resources/resources.spec.ts
  • test/skills/skills.spec.ts
  • test/tools/agent.spec.ts
  • test/tools/annotations.spec.ts
  • test/tools/compliance-mode.spec.ts
  • test/tools/crawl.spec.ts
  • test/tools/export.spec.ts
  • test/tools/function.spec.ts
  • test/tools/map.spec.ts
  • test/tools/performance.spec.ts
  • test/tools/search.spec.ts
  • test/tools/smartscraper.spec.ts
🚧 Files skipped from review as they are similar to previous changes (30)
  • src/skills/dynamic-content.md
  • test/tools/crawl.spec.ts
  • src/skills/screenshots.md
  • test/tools/export.spec.ts
  • src/@types/types.d.ts
  • test/tools/annotations.spec.ts
  • test/tools/search.spec.ts
  • test/tools/map.spec.ts
  • test/lib/api-client.spec.ts
  • test/integration/server.spec.ts
  • src/resources/status.ts
  • test/tools/function.spec.ts
  • src/tools/search.ts
  • test/tools/smartscraper.spec.ts
  • src/skills/cookie-consent.md
  • src/skills/shadow-dom.md
  • test/resources/resources.spec.ts
  • src/skills/snapshot-misses.md
  • src/config.ts
  • src/tools/schemas.ts
  • src/tools/export.ts
  • src/skills/index.ts
  • test/skills/skills.spec.ts
  • src/skills/modals.md
  • test/lib/config.spec.ts
  • src/tools/performance.ts
  • src/tools/register.ts
  • src/tools/compliance.ts
  • src/index.ts
  • src/tools/agent.ts

Comment thread test/tools/compliance-mode.spec.ts Outdated
Comment thread test/tools/compliance-mode.spec.ts Outdated
@Xrazik1 Xrazik1 force-pushed the feat/connector-mode-poc branch from f5293aa to 204e64f Compare July 13, 2026 13:49
Comment thread src/tools/compliance.ts
Comment thread src/tools/compliance.ts Outdated
Comment thread src/tools/agent.ts
Comment thread src/@types/types.d.ts

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/tools/compliance.ts (1)

73-84: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Skill bullet list duplicated in two files.

The same 7-skill bullet list (shadow-dom, cookie-consent, modals, snapshot-misses, dynamic-content, screenshots, tabs) is hand-maintained here and again in COMPLIANT_AGENT_SYSTEM_PROMPT (src/skills/system-prompt.ts). Since COMPLIANT_SKILLS is the actual source of truth, consider generating both bullet lists from it (or from skillsRegistry metadata) to avoid manual drift when a skill is added/removed. The PR mentions drift-protection tests, which mitigates the risk somewhat.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/tools/compliance.ts` around lines 73 - 84, Update
COMPLIANT_SKILL_TOOL_DESCRIPTION and COMPLIANT_AGENT_SYSTEM_PROMPT to derive
their skill bullet lists from the authoritative COMPLIANT_SKILLS or
skillsRegistry metadata instead of maintaining duplicated literals. Preserve the
existing bullet formatting and descriptions, and ensure additions or removals in
the source-of-truth collection automatically appear in both prompts.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/tools/compliance.ts`:
- Around line 73-84: Update COMPLIANT_SKILL_TOOL_DESCRIPTION and
COMPLIANT_AGENT_SYSTEM_PROMPT to derive their skill bullet lists from the
authoritative COMPLIANT_SKILLS or skillsRegistry metadata instead of maintaining
duplicated literals. Preserve the existing bullet formatting and descriptions,
and ensure additions or removals in the source-of-truth collection automatically
appear in both prompts.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4bc4244a-904b-4e22-956a-6cab591fa7be

📥 Commits

Reviewing files that changed from the base of the PR and between 204e64f and 3ac33db.

📒 Files selected for processing (7)
  • src/@types/types.d.ts
  • src/lib/agent-client.ts
  • src/skills/system-prompt.ts
  • src/tools/agent.ts
  • src/tools/compliance.ts
  • src/tools/schemas.ts
  • test/tools/compliance-mode.spec.ts
💤 Files with no reviewable changes (1)
  • test/tools/compliance-mode.spec.ts
🚧 Files skipped from review as they are similar to previous changes (3)
  • src/tools/schemas.ts
  • src/@types/types.d.ts
  • src/tools/agent.ts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants