victor HF Staff commited on
Commit
11e48d8
·
1 Parent(s): 10021da

mcp: clarify pre-safety empty selection vs safety rejection; trim URLs in isValidUrl to avoid whitespace false negatives

Browse files
src/lib/server/textGeneration/mcp/runMcpFlow.ts CHANGED
@@ -100,6 +100,12 @@ export async function* runMcpFlow({
100
  // ignore selection merge errors and proceed with env servers
101
  }
102
 
 
 
 
 
 
 
103
  // Enforce server-side safety (public HTTPS only, no private ranges)
104
  {
105
  const before = servers.slice();
@@ -121,7 +127,7 @@ export async function* runMcpFlow({
121
  } catch {}
122
  }
123
  if (servers.length === 0) {
124
- console.warn("[mcp] all selected servers rejected by URL safety guard");
125
  return false;
126
  }
127
 
 
100
  // ignore selection merge errors and proceed with env servers
101
  }
102
 
103
+ // If selection/merge yielded no servers, bail early with clearer log
104
+ if (servers.length === 0) {
105
+ console.warn("[mcp] no MCP servers selected after merge/name filter");
106
+ return false;
107
+ }
108
+
109
  // Enforce server-side safety (public HTTPS only, no private ranges)
110
  {
111
  const before = servers.slice();
 
127
  } catch {}
128
  }
129
  if (servers.length === 0) {
130
+ console.warn("[mcp] all selected MCP servers rejected by URL safety guard");
131
  return false;
132
  }
133
 
src/lib/server/urlSafety.ts CHANGED
@@ -1,7 +1,7 @@
1
  // Shared server-side URL safety helper (exact behavior preserved)
2
  export function isValidUrl(urlString: string): boolean {
3
  try {
4
- const url = new URL(urlString);
5
  // Only allow HTTPS protocol
6
  if (url.protocol !== "https:") {
7
  return false;
 
1
  // Shared server-side URL safety helper (exact behavior preserved)
2
  export function isValidUrl(urlString: string): boolean {
3
  try {
4
+ const url = new URL(urlString.trim());
5
  // Only allow HTTPS protocol
6
  if (url.protocol !== "https:") {
7
  return false;