feat: add validation to prevent usage of 'stdio' in MCP servers

2025-12-26 01:33:05 +00:00 · 2025-07-16 16:50:23 +08:00 · 2025-07-16 16:50:23 +08:00 · e7f61994ec
parent f648457ba5
commit e7f61994ec
2 changed files with 3 additions and 1 deletions
--- a/apps/application/flow/step_node/ai_chat_step_node/impl/base_chat_node.py
+++ b/apps/application/flow/step_node/ai_chat_step_node/impl/base_chat_node.py
@ -222,7 +222,7 @@ class BaseChatNode(IChatNode):
        message_list = self.generate_message_list(system, prompt, history_message)
        self.context['message_list'] = message_list

-        if mcp_enable and mcp_servers is not None:
+        if mcp_enable and mcp_servers is not None and '"stdio"' not in mcp_servers:
            r = mcp_response_generator(chat_model, message_list, mcp_servers)
            return NodeResult(
                {'result': r, 'chat_model': chat_model, 'message_list': message_list,
--- a/apps/application/serializers/application.py
+++ b/apps/application/serializers/application.py
@ -630,6 +630,8 @@ class ApplicationOperateSerializer(serializers.Serializer):
        if with_valid:
            self.is_valid(raise_exception=True)
            McpServersSerializer(data=instance).is_valid(raise_exception=True)
+            if '"stdio"' in instance.get('mcp_servers'):
+                raise AppApiException(500, _('stdio is not supported'))
        servers = json.loads(instance.get('mcp_servers'))
        tools = []
        for server in servers: