feat(frontend): gate Remote MCP sidebar item behind LaunchDarkly flag

[malinskibeniamin]

Summary

• Remote MCP is GA, but we need to temporarily restrict the Console sidebar entry to an allow-list while we migrate other customers off the old experience.
• Adds enableRemoteMcpInConsole to FEATURE_FLAGS in frontend/src/components/constants.ts so cloud-ui's forwarded LD value is typed and read inside Console.
• Gates the /mcp-servers sidebar entry in frontend/src/utils/route-utils.tsx on isEmbedded() && isFeatureFlagEnabled('enableRemoteMcpInConsole'), matching the pattern already used for /knowledgebases and /observability.
• cloud-ui already forwards this flag as of redpanda-data/cloudv2#25621 — after this Console release + cloud-ui bump, LD targeting becomes the single source of truth for sidebar visibility.

Scope / non-goals

• This only hides the sidebar item. Direct URL access to /mcp-servers/* is unchanged (per product direction — allow-listed orgs still use those routes, and we don't want a hard block).
• No changes to route guards, API gating, or the MCP feature itself.

Test plan

• bun run type:check && bun run lint && bun run test pass locally.
• In cloud-ui with enable-remote-mcp-in-console = false: Remote MCP item is hidden from the Agentic sidebar group.
• In cloud-ui with the flag true (allow-listed org): Remote MCP item is visible and the existing page loads unchanged.
• OSS / non-embedded Console: no regression — item was already hidden (isEmbedded() was false), still hidden.

🤖 Generated with Claude Code

[malinskibeniamin]

@claude review

[malinskibeniamin]

@claude review

[claude]

Claude finished @malinskibeniamin's task in 53s —— View job

---

Code Review

• Gather context and read changed files
• Review frontend/src/components/constants.ts
• Review frontend/src/utils/route-utils.tsx
• Post final review

---

Summary

This is a clean, minimal, well-scoped change. The implementation correctly follows existing patterns and the logic is sound.

frontend/src/components/constants.ts — ✅

Adding enableRemoteMcpInConsole: false to FEATURE_FLAGS is the right approach. The default of false is the safe fallback — if cloud-ui hasn't been bumped yet to forward the flag, Console will simply keep the sidebar item hidden, which is the desired behavior.

The flag name follows the existing convention (enableXxxInConsole) and TypeScript type safety is automatically maintained: isFeatureFlagEnabled accepts keyof typeof FEATURE_FLAGS, so no extra typing work is needed.

frontend/src/utils/route-utils.tsx:304 — ✅

// Before
visibilityCheck: routeVisibility(() => isEmbedded()),

// After
visibilityCheck: routeVisibility(() => isEmbedded() && isFeatureFlagEnabled('enableRemoteMcpInConsole')),

Correct. The isEmbedded() guard is intentionally preserved alongside the flag check. While isFeatureFlagEnabled would already return false for non-embedded builds (because FEATURE_FLAGS defaults to false), keeping isEmbedded() makes the embedded-only intent explicit and matches the pattern used by /agents and /transcripts in the same section.

One observation (non-blocking)

The PR description notes direct URL access to /mcp-servers/* remains unguarded by design. This is fine given the product direction, but worth noting for anyone reading this: allow-listed orgs accessing the route directly will continue to work. If the product direction ever changes to a hard block, route guards would need to be added separately.

Verdict

LGTM. The change is correct, minimal, and consistent with the existing feature-flag gating pattern. No issues found.