feat: complete MCP Server integration with security fixes and UI improvements#2
Merged
feat: complete MCP Server integration with security fixes and UI improvements#2
Conversation
Add settings section in Basic Settings tab to enable, configure, and control the MCP Server from within ChatLab. Supports HTTP/Stdio transport mode selection, port configuration, auto-start on app launch, and displays external tool configuration info for Claude Code/Cursor integration. https://claude.ai/code/session_01U2bFTH9Gme7yYN8q4gE6YB
__dirname in electron-vite points to out/main/ which caused incorrect path traversal. app.getAppPath() reliably returns the project root in dev and the app.asar path in production. https://claude.ai/code/session_01U2bFTH9Gme7yYN8q4gE6YB
… endpoints
Security:
- Bind HTTP server to 127.0.0.1 only (no external access)
- Add API key authentication for REST API endpoints (Bearer token)
- Add CORS headers for browser clients
New MCP Tools:
- get_session_overview: comprehensive session stats (messages, members, types, top users)
- export_messages: export filtered messages as text/markdown/json
- get_word_frequency: lightweight word frequency analysis (CJK n-gram + whitespace splitting)
MCP Resources:
- chatlab://sessions: browsable session list
- chatlab://sessions/{id}/members: session members
- chatlab://sessions/{id}/schema: database table structure
New REST API Endpoints:
- GET /api/v1/sessions/:id/overview
- GET /api/v1/sessions/:id/export
- GET /api/v1/sessions/:id/word-frequency
Settings UI:
- API Key input field for HTTP mode
- Security warning when running without API key
- REST API URL display when server is running
https://claude.ai/code/session_01U2bFTH9Gme7yYN8q4gE6YB
…ovements - Packaging: bundle mcp-server via extraResources; fix ms module missing in asar - Build: add build:mcp, build:mac:zip scripts; fix electron_builder_binaries_mirror - New tools: get_date_range_messages, get_member_profile, get_interaction_frequency - New REST endpoints: /messages/range, /members/:id/profile, /interaction-frequency - Settings UI: enabled toggle starts/stops HTTP server directly (option B) - Settings UI: remove separate Start/Stop buttons and autoStart section - Settings UI: show Claude Desktop config snippet with copy button - Settings UI: auto-start HTTP server when switching transport from stdio→http - Security: extend API key auth to cover /sse and /messages endpoints (not just /api) - Security: include Authorization header in Claude Desktop config snippet when key is set - Fix: message type enum mapping aligned with base.ts (LINK=7, SYSTEM=80, RECALL=81, etc.) - Fix: getInteractionFrequency uses 5-minute window instead of adjacent row numbers - Fix: IPC auto-start uses enabled+transport=http instead of enabled+autoStart - README: add MCP Server section (tools list, HTTP/stdio config) in all 4 languages - i18n: add stdioAbiWarning explaining Electron ABI incompatibility for stdio mode Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.