feat: remove proxyMode — all traffic goes through mcplocal proxy

proxyMode "direct" was a security hole (leaked secrets as plaintext env vars in .mcp.json) and bypassed all mcplocal features (gating, audit, RBAC, content pipeline, namespacing). Removed from schema, API, CLI, and all tests. Old configs with proxyMode are accepted but silently stripped via Zod .transform() for backward compatibility. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 23:36:36 +00:00
parent d9d0a7a374
commit 0995851810
28 changed files with 69 additions and 221 deletions
--- a/src/mcpd/tests/project-routes.test.ts
+++ b/src/mcpd/tests/project-routes.test.ts
@@ -5,7 +5,7 @@ import { registerProjectRoutes } from '../src/routes/projects.js';
 import { ProjectService } from '../src/services/project.service.js';
 import { errorHandler } from '../src/middleware/error-handler.js';
 import type { IProjectRepository, ProjectWithRelations } from '../src/repositories/project.repository.js';
-import type { IMcpServerRepository, ISecretRepository } from '../src/repositories/interfaces.js';
+import type { IMcpServerRepository } from '../src/repositories/interfaces.js';

 let app: FastifyInstance;

@@ -15,7 +15,6 @@ function makeProject(overrides: Partial<ProjectWithRelations> = {}): ProjectWith
    name: 'test-project',
    description: '',
    ownerId: 'user-1',
-    proxyMode: 'direct',
    prompt: '',
    proxyModel: '',
    gated: true,
@@ -39,7 +38,6 @@ function mockProjectRepo(): IProjectRepository {
      name: data.name,
      description: data.description,
      ownerId: data.ownerId,
-      proxyMode: data.proxyMode,
    })),
    update: vi.fn(async (_id, data) => makeProject({ ...data as Partial<ProjectWithRelations> })),
    delete: vi.fn(async () => {}),
@@ -60,17 +58,6 @@ function mockServerRepo(): IMcpServerRepository {
  };
 }

-function mockSecretRepo(): ISecretRepository {
-  return {
-    findAll: vi.fn(async () => []),
-    findById: vi.fn(async () => null),
-    findByName: vi.fn(async () => null),
-    create: vi.fn(async () => ({} as never)),
-    update: vi.fn(async () => ({} as never)),
-    delete: vi.fn(async () => {}),
-  };
-}
-
 afterEach(async () => {
  if (app) await app.close();
 });
@@ -78,7 +65,7 @@ afterEach(async () => {
 function createApp(projectRepo: IProjectRepository, serverRepo?: IMcpServerRepository) {
  app = Fastify({ logger: false });
  app.setErrorHandler(errorHandler);
-  const service = new ProjectService(projectRepo, serverRepo ?? mockServerRepo(), mockSecretRepo());
+  const service = new ProjectService(projectRepo, serverRepo ?? mockServerRepo());
  registerProjectRoutes(app, service);
  return app.ready();
 }