Skip to content

feat: add validation for package manifests and enhance SSRF protection in OpenAPI adapter#496

Merged
frontegg-david merged 3 commits into
release/1.5.xfrom
fix-wranlger
Jun 21, 2026
Merged

feat: add validation for package manifests and enhance SSRF protection in OpenAPI adapter#496
frontegg-david merged 3 commits into
release/1.5.xfrom
fix-wranlger

Conversation

@alexmercerpo

@alexmercerpo alexmercerpo commented Jun 21, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

  • New Features

    • Added worker export-condition support to internal package entrypoints for better compatibility in worker-style bundling.
  • Security

    • Strengthened OpenAPI adapter SSRF protections with hardened $ref/spec loading defaults (external refs disabled, redirects not followed, internal/private targets blocked).
  • Documentation

    • Expanded OpenAPI adapter guidance with clearer SSRF/security defaults and refResolution/redirect configuration details.
  • Chores

    • Updated mcp-from-openapi to 2.5.0.
    • Added CI validation to ensure worker export-condition resolution behaves correctly.

@coderabbitai

coderabbitai Bot commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a02b8713-e78c-4a49-8984-1debdf221555

📥 Commits

Reviewing files that changed from the base of the PR and between e61b3d7 and b155696.

📒 Files selected for processing (2)
  • apps/e2e/demo-e2e-openapi/src/apps/ecommerce/index.ts
  • apps/e2e/demo-e2e-openapi/src/security-test-main.ts

📝 Walkthrough

Walkthrough

Adds a worker export condition to the imports maps of libs/utils, libs/protocol, and libs/sdk for Cloudflare/Workerd bundler compatibility, validated by a new test script and CI step. Separately, upgrades mcp-from-openapi to 2.5.0 and enforces secure defaults (followRedirects: false, allowedProtocols: []) in the OpenAPI adapter, with corresponding documentation updates across README, MDX docs, and skills catalog.

Changes

Worker Export Condition Support

Layer / File(s) Summary
Worker condition entries in package imports maps
libs/utils/package.json, libs/protocol/package.json, libs/sdk/package.json
Adds a worker condition to 13 internal subpath specifiers across three packages. For libs/utils and libs/protocol the worker key points to Node/default implementations; for libs/sdk it points to browser polyfill paths.
Test script validating worker condition resolution
scripts/worker-export-conditions.test.mjs
Reads each package's imports map, asserts worker condition presence and ordering before browser, simulates condition resolution for worker/browser/Node consumers, and verifies expected node vs stub targets without changing existing browser/default resolution.
CI step for worker condition test
.github/workflows/push.yml
Adds a post-prettier step in the lint job running node --test scripts/*.test.mjs to gate CI on the worker export condition test.

OpenAPI SSRF Hardening (mcp-from-openapi 2.5.0)

Layer / File(s) Summary
Secure-default refResolution and followRedirects in OpenAPI adapter
libs/adapters/package.json, package.json, libs/adapters/src/openapi/openapi.types.ts, libs/adapters/src/openapi/openapi.adapter.ts
Bumps mcp-from-openapi to 2.5.0, adds resolveRefResolution() defaulting to { allowedProtocols: [] }, updates initializeGenerator() to use this helper and explicitly default followRedirects: false, and expands the loadOptions JSDoc to describe the SSRF protection scope.
OpenAPI adapter docs: SSRF section and options reference
docs/frontmcp/adapters/openapi-adapter.mdx, libs/adapters/src/openapi/README.md
Replaces the $ref Resolution Security section with a broader Spec Loading & $ref Resolution Security (SSRF) section, updates the loadOptions parameter description, adds GHSA advisory references, updates the refResolution options table, and adds a dedicated SSRF subsection to the README.
Skills reference and troubleshooting tables update
libs/skills/catalog/frontmcp-development/references/openapi-adapter.md
Replaces the $ref resolution security block with a SSRF-focused section tied to mcp-from-openapi ≥ 2.5.0, updates the Common Patterns and Troubleshooting tables with rows for external $ref, internal host blocking, and redirect behavior.
Example file, SKILL.md, and skills manifest updates
libs/skills/catalog/frontmcp-development/SKILL.md, libs/skills/catalog/frontmcp-development/examples/openapi-adapter/ref-security-and-filtering.md, libs/skills/catalog/skills-manifest.json
Updates front-matter, TypeScript snippet comments, and What This Demonstrates bullets in the ref-security-and-filtering example to reflect new secure defaults and opt-in knobs (allowedProtocols, allowedHosts, allowInternalIPs), and surfaces GHSA-65h7-9wrw-629c in SKILL.md and the skills manifest.
E2E test configuration for SSRF defaults
apps/e2e/demo-e2e-openapi/src/apps/ecommerce/index.ts, apps/e2e/demo-e2e-openapi/src/security-test-main.ts
Updates E2E test applications to explicitly configure loadOptions.refResolution with allowedProtocols: [] and allowInternalIPs: true, enabling local mock server spec fetching while maintaining strict external SSRF defaults, with documentation of DNS/SSRF behavior and rationale for opt-in loopback access.

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant OpenAPIAdapter
  participant resolveRefResolution
  participant mcpFromOpenAPI as mcp-from-openapi 2.5.0

  Caller->>OpenAPIAdapter: initialize(options)
  OpenAPIAdapter->>resolveRefResolution: options.loadOptions.refResolution
  resolveRefResolution-->>OpenAPIAdapter: refResolution (default: { allowedProtocols: [] })
  OpenAPIAdapter->>mcpFromOpenAPI: fetch spec URL (followRedirects: false, refResolution)
  mcpFromOpenAPI-->>OpenAPIAdapter: spec (external $refs blocked, redirects blocked, internal IPs blocked)
  OpenAPIAdapter-->>Caller: OpenAPIToolGenerator initialized
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

  • agentfront/frontmcp#346: Modifies libs/adapters/src/openapi/openapi.adapter.ts to pass refResolution into generator initialization — the same code path this PR enhances with a secure-default helper.
  • agentfront/frontmcp#348: Changes loadOptions.refResolution forwarding in the same OpenAPI adapter file, directly preceding the secure-default enforcement introduced in this PR.

Suggested reviewers

  • frontegg-david

Poem

🐇 A worker hops in, conditions aligned,
No browser stub shall be misassigned.
SSRF? Blocked tight with protocols bare,
Redirects stay off — the default's secure and fair.
Docs updated, the manifest gleams,
Safe specs and $refs — or so the rabbit dreams! 🔒

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main changes: adding package manifest validation via the new worker export conditions test and enhancing SSRF protection through the OpenAPI adapter updates.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 65.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-wranlger

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@alexmercerpo alexmercerpo changed the base branch from release/1.4.x to release/1.5.x June 21, 2026 22:02

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/frontmcp/adapters/openapi-adapter.mdx`:
- Around line 879-927: Update the Load Options section in
libs/adapters/src/openapi/README.md (around lines 74-95) to align the
`followRedirects` default value with the security documentation in the main
file. Change the documented default from `true` to `false` to reflect that
spec-URL redirects are not followed by default as a secure default, ensuring
consistency across all documentation surfaces and preventing contradictory
security guidance.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ed5d2192-f3cf-4624-ad57-613bf3039954

📥 Commits

Reviewing files that changed from the base of the PR and between 0c295cf and b2fd87a.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (14)
  • .github/workflows/push.yml
  • docs/frontmcp/adapters/openapi-adapter.mdx
  • libs/adapters/package.json
  • libs/adapters/src/openapi/openapi.adapter.ts
  • libs/adapters/src/openapi/openapi.types.ts
  • libs/protocol/package.json
  • libs/sdk/package.json
  • libs/skills/catalog/frontmcp-development/SKILL.md
  • libs/skills/catalog/frontmcp-development/examples/openapi-adapter/ref-security-and-filtering.md
  • libs/skills/catalog/frontmcp-development/references/openapi-adapter.md
  • libs/skills/catalog/skills-manifest.json
  • libs/utils/package.json
  • package.json
  • scripts/worker-export-conditions.test.mjs

Comment thread docs/frontmcp/adapters/openapi-adapter.mdx
@github-actions

github-actions Bot commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Performance Test Results

Status: ✅ All tests passed

Summary

Project Tests Passed Warnings Failed Leaks
✅ demo-e2e-agents 4 4 0 0 0
✅ demo-e2e-cache 11 11 0 0 0
✅ demo-e2e-codecall 4 4 0 0 0
✅ demo-e2e-config 4 4 0 0 0
✅ demo-e2e-direct 3 3 0 0 0
✅ demo-e2e-elicitation 1 1 0 0 0
✅ demo-e2e-errors 4 4 0 0 0
✅ demo-e2e-hooks 3 3 0 0 0
✅ demo-e2e-multiapp 4 4 0 0 0
✅ demo-e2e-notifications 3 3 0 0 0
✅ demo-e2e-openapi 2 2 0 0 0
✅ demo-e2e-providers 4 4 0 0 0
✅ demo-e2e-public 4 4 0 0 0
✅ demo-e2e-redis 15 15 0 0 0
✅ demo-e2e-remember 4 4 0 0 0
✅ demo-e2e-remote 5 5 0 0 0
✅ demo-e2e-serverless 2 2 0 0 0
✅ demo-e2e-skills 15 15 0 0 0
✅ demo-e2e-standalone 2 2 0 0 0
✅ demo-e2e-transport-recreation 3 3 0 0 0
✅ demo-e2e-ui 4 4 0 0 0

Total: 101 tests across 21 projects

📊 View full report in workflow run


Generated at: 2026-06-21T22:50:46.980Z
Commit: b29a9f9f

@frontegg-david frontegg-david merged commit 96a78ea into release/1.5.x Jun 21, 2026
37 checks passed
@frontegg-david frontegg-david deleted the fix-wranlger branch June 21, 2026 22:57
@github-actions

Copy link
Copy Markdown
Contributor

Cherry-pick Created

A cherry-pick PR to main has been automatically created.

Please review and merge if this change should also be in main.

If the cherry-pick is not needed, close the PR.

frontegg-david pushed a commit that referenced this pull request Jun 21, 2026
…SRF protection in OpenAPI adapter (#497)

Cherry-picked from #496 (merged to release/1.5.x)
Original commit: 96a78ea

Co-authored-by: agentfront[bot] <agentfront[bot]@users.noreply.github.com>
Co-authored-by: alexmercerpo <251740932+alexmercerpo@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants