Skip to content

Comments

feat(admin): Implement admin allowlist for MCP server configurations#18311

Merged
skeshive merged 8 commits intomainfrom
admin-mcp-config-2
Feb 5, 2026
Merged

feat(admin): Implement admin allowlist for MCP server configurations#18311
skeshive merged 8 commits intomainfrom
admin-mcp-config-2

Conversation

@skeshive
Copy link
Contributor

@skeshive skeshive commented Feb 4, 2026

Summary

This PR introduces admin allowlist mechanism for MCP server configurations. When admin.mcp.config is enabled and configured, the CLI will filter locally defined MCP servers, only allowing those present in the admin allowlist. For allowed servers, local command, args, env, and cwd fields will be cleared for security, and admin-defined tool filters will take precedence.

Details

  • If admin.mcp.config is set, only servers explicitly listed in this configuration will be considered.
  • For servers present in both local and admin configurations, admin settings for url, type, and trust will be applied, while local executable-related fields (command, args, env, cwd) will be nullified to prevent local overrides of secure admin configurations.
  • Admin-defined includeTools and excludeTools will override local settings for tool filtering, ensuring consistent tool exposure. If admin does not define tool filters, local tool filters will still be used.

Related Issues

https://github.com/google-gemini/maintainers-gemini-cli/issues/1178

@skeshive skeshive requested a review from a team as a code owner February 4, 2026 15:55
@gemini-cli
Copy link
Contributor

gemini-cli bot commented Feb 4, 2026

Hi @skeshive, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

@gemini-code-assist
Copy link
Contributor

Summary of Changes

Hello @skeshive, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the security and manageability of MCP server configurations within the CLI. By introducing an admin allowlist, it centralizes control over which MCP servers can be used and how they are executed, preventing unauthorized or insecure local configurations. This change ensures that critical server parameters and tool filtering policies are consistently applied as defined by administrators, thereby improving the overall integrity and security posture of the system.

Highlights

  • Admin Allowlist for MCP Servers: Introduced a mechanism to filter locally defined MCP servers based on an administrator-defined allowlist, ensuring only approved servers are considered.
  • Security Enhancements: For servers present in the admin allowlist, local executable-related fields (command, args, env, cwd) are cleared to prevent security vulnerabilities from local overrides.
  • Tool Filter Precedence: Admin-defined includeTools and excludeTools now take precedence over local settings for tool filtering, ensuring consistent policy enforcement.
  • Configuration Merging Logic: Implemented logic to merge admin and local MCP server configurations, prioritizing admin settings for critical fields (url, type, trust) while retaining other local settings.
Changelog
  • packages/cli/src/config/config.test.ts
    • Added comprehensive unit tests for the new admin.mcp.config functionality, covering scenarios like empty allowlists, server filtering, clearing of sensitive local fields, and tool filter precedence.
    • Imported MCPServerConfig type for use in tests.
  • packages/cli/src/config/config.ts
    • Implemented the core logic within loadCliConfig for processing the admin.mcp.config allowlist.
    • Added filtering of local MCP servers, nullifying local executable paths (command, args, env, cwd), and applying admin-defined tool filters.
    • Updated the Config constructor to receive the potentially modified mcpServerCommand and mcpServers.
  • packages/cli/src/config/settings.test.ts
    • Added a test to confirm that remote admin MCP server configurations are correctly un-nested and applied to the admin.mcp.config setting.
    • Imported MCPServerConfig type for use in tests.
  • packages/cli/src/config/settings.ts
    • Modified the setRemoteAdminSettings method within the LoadedSettings class to correctly parse and store the mcpConfig from remote admin settings into the admin.mcp.config property.
  • packages/cli/src/config/settingsSchema.ts
    • Updated the settings schema to include the new config property under admin.mcp, defining its structure and merge strategy for admin-configured MCP servers.
Activity
  • No human activity (comments, reviews, etc.) has been recorded for this pull request yet.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces an admin allowlist for MCP server configurations, a valuable security enhancement. However, a critical flaw exists in the loadCliConfig merge logic, allowing users to bypass the intended security control by overriding admin-provided server URLs using deprecated fields like httpUrl. Additionally, there's a potential issue where merging tool-filtering settings might unintentionally clear local exclusion lists, and an additional test case would be beneficial to cover this scenario.

@gemini-cli gemini-cli bot added the status/need-issue Pull requests that need to have an associated issue. label Feb 4, 2026
@skeshive skeshive requested a review from a team as a code owner February 4, 2026 16:55
@github-actions
Copy link

github-actions bot commented Feb 4, 2026

Size Change: -4.02 kB (-0.02%)

Total Size: 23.7 MB

Filename Size Change
./bundle/gemini.js 23.7 MB -4.02 kB (-0.02%)
ℹ️ View Unchanged
Filename Size
./bundle/sandbox-macos-permissive-closed.sb 1.03 kB
./bundle/sandbox-macos-permissive-open.sb 890 B
./bundle/sandbox-macos-permissive-proxied.sb 1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb 3.29 kB
./bundle/sandbox-macos-restrictive-open.sb 3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb 3.56 kB

compressed-size-action

@skeshive skeshive marked this pull request as draft February 4, 2026 17:23
@gemini-cli gemini-cli bot removed the status/need-issue Pull requests that need to have an associated issue. label Feb 4, 2026
@skeshive skeshive marked this pull request as ready for review February 4, 2026 22:52
@gemini-cli gemini-cli bot added the status/need-issue Pull requests that need to have an associated issue. label Feb 4, 2026
@skeshive skeshive added this pull request to the merge queue Feb 5, 2026
Merged via the queue into main with commit 2566057 Feb 5, 2026
26 checks passed
@skeshive skeshive deleted the admin-mcp-config-2 branch February 5, 2026 13:55
sidwan02 pushed a commit to sidwan02/gemini-cli-gemma that referenced this pull request Feb 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

status/need-issue Pull requests that need to have an associated issue.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants