Skip to content

feat(extensions): support OpenCode MCP configuration sources#1622

Merged
limityan merged 1 commit into
GCWing:mainfrom
limityan:yanzhn/opencode-mcp-source-pr6
Jul 19, 2026
Merged

feat(extensions): support OpenCode MCP configuration sources#1622
limityan merged 1 commit into
GCWing:mainfrom
limityan:yanzhn/opencode-mcp-source-pr6

Conversation

@limityan

Copy link
Copy Markdown
Collaborator

Summary

  • Discover the supported OpenCode MCP configuration subset from user, explicit config, explicit config directory, and workspace JSON/JSONC sources.
  • Convert ecosystem-specific input through the OpenCode adapter into source-neutral MCP contracts and let the existing MCP owner manage connections, tools, status, and retirement.
  • Expose the same approval, conflict, status, and recovery model in Desktop settings and the existing TUI /mcps flow without adding product-specific slash commands or requiring a BitFun restart.

Architecture and boundaries

Owner Responsibility in this change
OpenCode adapter Source order, JSON/JSONC parsing, safe previews, supported-field conversion, and OpenCode-specific degradation
External-source contracts/coordinator Provider isolation, generations, last-success behavior, watcher roots, and source-neutral MCP candidates
Product assembly Native-first conflict policy, one-time behavior approval, workspace route selection, and shared product state
MCP runtime owner Process/connection lifecycle, catalog publication, tool registration, bounded retirement, status, and cleanup
GUI/TUI surfaces Present the shared state and invoke shared decisions; neither surface interprets OpenCode configuration

Core-boundary rules cover the new contracts and prevent OpenCode parsing or concrete MCP runtime ownership from leaking into the wrong layer.

Product behavior

  • BitFun-native MCP remains the default winner. External conflicts require an explicit choice, and unchanged declined/approved behavior is not asked again.
  • GUI conflict resolution uses a review-then-approve flow and shows source, scope, transport, command/origin, environment/header names, and security impact before acceptance.
  • TUI keeps the existing /mcps entry, labels native and external sources in one list, preserves selection by stable ID, and supports scrollable approval on 40x20 terminals with Unicode-width-aware wrapping.
  • Startup, zero-tool success, unavailable, disabled, unsupported, and removed states are distinct. Recovery for a failed startup is explicit: disable, repair configuration or authentication, then enable; normal refresh does not create an automatic retry loop.
  • No BitFun restart is required, and retirement withdraws new tool routes without interrupting unrelated sessions.
  • Remote workspaces fail closed and do not fall back to local OpenCode configuration.

Security, reliability, and performance

  • External tools are authorized against the current local workspace route on every call. Unscoped Desktop Resource/Prompt/MCP App APIs cannot reuse external runtime IDs.
  • External server requests for roots, sampling, elicitation, and other host capabilities fail closed; this slice integrates external MCP Tools only.
  • Local child processes inherit only a minimal system baseline plus explicitly declared environment values. Environment names and HTTPS origins are previewed without exposing values or full URLs.
  • Behavior-changing command, arguments, working directory, environment declarations, origin, headers, or authentication require a new approval. Expanded values are validated again.
  • Per-start tokens prevent stale startup callbacks from publishing or deleting a newer instance with the same deterministic runtime ID.
  • Discovery is bounded at 5 seconds, external startup and retirement grace at 30 seconds, status reads at 100 ms, configuration files at 1 MiB, and expanded runtime text at 64 KiB.

Explicitly deferred

  • Remote-workspace execution ownership
  • SSE transport and complete OpenCode OAuth client configuration
  • Full timeout and Agent-scope semantics
  • MCP Resource, Prompt, MCP App, roots, sampling, and elicitation integration
  • Removed-item tombstone notifications and broader package/plugin support

These remain unsupported or fail closed rather than being partially executed.

Validation

  • cargo check --workspace
  • OpenCode MCP adapter: 5 tests
  • External MCP coordinator: 3 tests
  • External-source contracts: 19 tests
  • MCP service contracts with the mcp feature: 38 tests
  • Core external MCP/status/security/start-token lifecycle: 10 focused tests
  • TUI MCP selector: 6 tests
  • Web external-source settings: 18 tests
  • pnpm run type-check:web
  • pnpm run i18n:contract:test (37 tests)
  • pnpm run i18n:audit (0 warnings)
  • Core-boundary self-test and repository boundary check
  • pnpm run check:repo-hygiene
  • git diff --check

The Rust build still reports existing MCP dependency deprecation warnings and existing CLI dead-code warnings; no new warning category was introduced by this change.

@limityan
limityan marked this pull request as ready for review July 19, 2026 02:30
@limityan
limityan force-pushed the yanzhn/opencode-mcp-source-pr6 branch 2 times, most recently from 0b87b5f to 9194a32 Compare July 19, 2026 03:17
Add workspace-scoped lifecycle, approval and conflict UX, and fail-closed host boundaries for local stdio and HTTPS MCP sources.
@limityan
limityan force-pushed the yanzhn/opencode-mcp-source-pr6 branch from 9194a32 to d459178 Compare July 19, 2026 03:26
@limityan
limityan merged commit 24698d6 into GCWing:main Jul 19, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant