Skip to content

docs: update custom extensions tutorial #6388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dianed-square merged 4 commits into from
Jan 8, 2026
Merged

docs: update custom extensions tutorial #6388

dianed-square merged 4 commits into from
Jan 8, 2026

Conversation

@dianed-square
Copy link
Contributor

@dianed-square dianed-square commented Jan 7, 2026
edited
Loading

Summary

This PR removes obsolete version info from the "Building Custom Extensions" topic. Also updates dependency versions.

Documentation updates:

  • documentation/docs/tutorials/custom-extensions.md:
    • Remove protocol version specific link and link to mcp_client.rs file for client info
    • Add prereqs
    • Update dependency versions and related code fixes
    • Separate testing options into tabs
    • Update MCP Inspector screenshot and make it clickable

Type of Change

  • Feature
  • Bug fix
  • Refactor / Code quality
  • Performance improvement
  • Documentation
  • Tests
  • Security fix
  • Build / Release
  • Other (specify below)

AI Assistance

  • This PR was created or reviewed with AI assistance

Testing

Manual testing

Related Issues

Closes #6226

Copilot AI review requested due to automatic review settings January 7, 2026 23:43
@dianed-square dianed-square requested a review from a team as a code owner January 7, 2026 23:43
@github-actions
Copy link
Contributor

github-actions bot commented Jan 7, 2026
edited
Loading

PR Preview Action v1.6.3
Preview removed because the pull request was closed.
2026-01-08 00:50 UTC

Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the "Building Custom Extensions" tutorial to improve clarity and accuracy. The update removes obsolete protocol version information and modernizes dependency versions while enhancing the tutorial structure.

Key changes:

  • Updated to reference mcp_client.rs for current protocol version info instead of linking to a specific dated specification
  • Added comprehensive prerequisites section covering Python 3.13+, uv, and Node.js/npm requirements
  • Reorganized testing instructions into tabbed interface for MCP Inspector vs CLI approaches
  • Updated dependency versions (beautifulsoup4 4.14.0, html2text 2025.4.15, mcp[cli] 1.25.0) with corresponding code fixes for ErrorData constructor

documentation/docs/tutorials/custom-extensions.md
headers = {
'User-Agent': 'MCP-Wiki/1.0 (Educational purposes; Python requests)'
}
response = requests.get(url, headers=headers, timeout=10)
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The read_wikipedia_article function calls requests.get(url, ...) on a URL that appears to be user-controlled and only checks that it starts with http, which creates a server-side request forgery (SSRF) risk. An attacker who can invoke this MCP tool could supply an internal or metadata service URL (for example, pointing at cloud instance metadata or internal admin endpoints) and have the server fetch and return sensitive data. To mitigate this, parse the URL and enforce an explicit allowlist of trusted Wikipedia hostnames (and schemes) and reject or sanitize any other URLs before making the request.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@dianed-square dianed-square Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 019f97b

Copilot AI review requested due to automatic review settings January 8, 2026 00:28
Copilot AI reviewed Jan 8, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

documentation/docs/tutorials/custom-extensions.md
Comment on lines 105 to 114
# SSRF protection: only allow Wikipedia domains
parsed = urlparse(url)
if not parsed.netloc.endswith('wikipedia.org'):
raise ValueError(f"Only Wikipedia URLs are allowed. Got: {parsed.netloc}")

# Add User-Agent header to avoid 403 from Wikipedia
headers = {
'User-Agent': 'MCP-Wiki/1.0 (Educational purposes; Python requests)'
}
response = requests.get(url, headers=headers, timeout=10)
Copy link

Copilot AI Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SSRF protection around requests.get is incomplete because it only checks parsed.netloc.endswith('wikipedia.org'), which will also allow attacker-controlled domains like evilwikipedia.org that are not actually owned by Wikipedia. An attacker could register such a domain, point it at internal or local IPs, and still cause the server to make arbitrary HTTP requests, defeating the intended restriction to Wikipedia. To harden this, strictly validate the host so that only wikipedia.org and its legitimate subdomains are allowed (e.g., by checking for exact match or a .-delimited suffix) and consider additionally constraining allowed schemes and IP ranges.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@dianed-square dianed-square Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 75af242

@dianed-square dianed-square merged commit 01da90c into main Jan 8, 2026
20 checks passed
@dianed-square dianed-square deleted the docs/update-custom-extensions branch January 8, 2026 00:49
zanesq added a commit that referenced this pull request Jan 8, 2026
@zanesq
Merge branch 'main' of github.com:block/goose into zane/working-dir
08fd418 
* 'main' of github.com:block/goose:
  Fixed fonts (#6389)
  Update confidence levels prompt injection detection to reduce false positive rates (#6390)
  Add ML-based prompt injection detection  (#5623)
  docs: update custom extensions tutorial (#6388)
  fix ResultsFormat error when loading old sessions (#6385)
  docs: add MCP Apps tutorial and documentation updates (#6384)
  changed z-index to make sure the search highlighter does not appear on modal overlay (#6386)
  Handling special claude model response in github copilot provider (#6369)
  fix: prevent duplicate rendering when tool returns both mcp-ui and mcp-apps resources (#6378)
  fix: update MCP Apps _meta.ui.resourceUri to use nested format (SEP-1865) (#6372)
  feat(providers): add streaming support for Google Gemini provider (#6191)
  Blog: edit links in mcp apps post (#6371)
  fix: prevent infinite loop of tool-input notifications in MCP Apps (#6374)
michaelneale added a commit that referenced this pull request Jan 8, 2026
@michaelneale
Merge branch 'main' into micn/http-proxy
75b60db 
* main: (31 commits)
  added validation and debug for invalid call tool result (#6368)
  Update MCP apps tutorial: fix _meta structure and version prereq (#6404)
  Fixed fonts (#6389)
  Update confidence levels prompt injection detection to reduce false positive rates (#6390)
  Add ML-based prompt injection detection  (#5623)
  docs: update custom extensions tutorial (#6388)
  fix ResultsFormat error when loading old sessions (#6385)
  docs: add MCP Apps tutorial and documentation updates (#6384)
  changed z-index to make sure the search highlighter does not appear on modal overlay (#6386)
  Handling special claude model response in github copilot provider (#6369)
  fix: prevent duplicate rendering when tool returns both mcp-ui and mcp-apps resources (#6378)
  fix: update MCP Apps _meta.ui.resourceUri to use nested format (SEP-1865) (#6372)
  feat(providers): add streaming support for Google Gemini provider (#6191)
  Blog: edit links in mcp apps post (#6371)
  fix: prevent infinite loop of tool-input notifications in MCP Apps (#6374)
  fix: Show platform-specific keyboard shortcuts in UI (#6323)
  fix: we load extensions when agent starts so don't do it up front (#6350)
  docs: credit HumanLayer in RPI tutorial (#6365)
  Blog: Goose Lands MCP Apps (#6172)
  Claude 3.7 is out. we had some harcoded stuff (#6197)
  ...
wpfleger96 added a commit that referenced this pull request Jan 9, 2026
@wpfleger96
Merge branch 'main' into wpfleger/fork-session
b4105b9 
* main: (89 commits)
  fix(google): treat signed text as regular content in streaming (#6400)
  Add frameDomains and baseUriDomains CSP support for MCP Apps (#6399)
  fix(ci): add missing dependencies to openapi-schema-check job (#6367)
  feat: http proxy support
  Add support for changing working dir and extensions in same window/session (#6057)
  Sort keys in canonical models (#6403)
  added validation and debug for invalid call tool result (#6368)
  Update MCP apps tutorial: fix _meta structure and version prereq (#6404)
  Fixed fonts (#6389)
  Update confidence levels prompt injection detection to reduce false positive rates (#6390)
  Add ML-based prompt injection detection  (#5623)
  docs: update custom extensions tutorial (#6388)
  fix ResultsFormat error when loading old sessions (#6385)
  docs: add MCP Apps tutorial and documentation updates (#6384)
  changed z-index to make sure the search highlighter does not appear on modal overlay (#6386)
  Handling special claude model response in github copilot provider (#6369)
  fix: prevent duplicate rendering when tool returns both mcp-ui and mcp-apps resources (#6378)
  fix: update MCP Apps _meta.ui.resourceUri to use nested format (SEP-1865) (#6372)
  feat(providers): add streaming support for Google Gemini provider (#6191)
  Blog: edit links in mcp apps post (#6371)
  ...
wpfleger96 added a commit that referenced this pull request Jan 9, 2026
@wpfleger96
Merge branch 'main' into wpfleger/fork-session
1b9cf6f 
* main: (89 commits)
  fix(google): treat signed text as regular content in streaming (#6400)
  Add frameDomains and baseUriDomains CSP support for MCP Apps (#6399)
  fix(ci): add missing dependencies to openapi-schema-check job (#6367)
  feat: http proxy support
  Add support for changing working dir and extensions in same window/session (#6057)
  Sort keys in canonical models (#6403)
  added validation and debug for invalid call tool result (#6368)
  Update MCP apps tutorial: fix _meta structure and version prereq (#6404)
  Fixed fonts (#6389)
  Update confidence levels prompt injection detection to reduce false positive rates (#6390)
  Add ML-based prompt injection detection  (#5623)
  docs: update custom extensions tutorial (#6388)
  fix ResultsFormat error when loading old sessions (#6385)
  docs: add MCP Apps tutorial and documentation updates (#6384)
  changed z-index to make sure the search highlighter does not appear on modal overlay (#6386)
  Handling special claude model response in github copilot provider (#6369)
  fix: prevent duplicate rendering when tool returns both mcp-ui and mcp-apps resources (#6378)
  fix: update MCP Apps _meta.ui.resourceUri to use nested format (SEP-1865) (#6372)
  feat(providers): add streaming support for Google Gemini provider (#6191)
  Blog: edit links in mcp apps post (#6371)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@blackgirlbytes blackgirlbytes blackgirlbytes approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Documentation update for custom extensions

3 participants

@dianed-square @blackgirlbytes