feat(dashboard): UI for managing MCP tokens #94

Open

sharang wants to merge 1 commits from feat/m7.3-mcp-tokens-ui into feat/m7.3-mcp-tenant-tokens

pull from: feat/m7.3-mcp-tokens-ui

merge into: sharang:feat/m7.3-mcp-tenant-tokens

sharang:main

sharang:feat/m7.3-scheduler-tenant-registry-v2

sharang:feat/m7.3-admin-endpoints

sharang:fix/remove-stale-api-webhook-routes

sharang:feat/m7.3-mcp-tenant-tokens

sharang:feat/dashboard-token-refresh

sharang:fix/dashboard-bearer-token

sharang:feat/m7.1-agent-wire

sharang:fix/m7.1-jwks-refresh

sharang:feat/m7.1-smoke-harness

sharang:feat/m7.1-tenant-claims

sharang:feat/light-mode-theme-toggle

sharang:fix/embedding-build-progress

sharang:fix/cve-scan-http-timeout

sharang:fix/scan-resource-limits-and-script-error

sharang:fix/multiple-issues

sharang:feat/cve-alerts

sharang:feat/e2e-tests

sharang:feat/help-chat-widget

sharang:fix/cascade-delete-repo

sharang:feat/refine-llm-prompts

sharang:fix/gitea-pr-review-error-handling

sharang:test/dummy-bad-code

sharang:fix/remove-code-review-from-findings

sharang:feat/pentest-onboarding

Conversation 0 Commits 1 Files Changed 5

+366

sharang commented 2026-06-18 10:54:18 +00:00

Owner

Copy Link

Copy Source

Summary

Adds a /mcp-tokens page so a logged-in user can mint, list, and revoke bearer tokens for the MCP server without curl. Stacks on #92 (which added the agent endpoints + MCP middleware) — once both land, a user can copy a token from the dashboard straight into their LLM client config.

Targets feat/m7.3-mcp-tenant-tokens (#92's branch) so the diff shown is only the UI changes. When #92 merges, this PR auto-retargets to main.

UX

• Create: "Create Token" button → inline form with name input. On submit, the server function calls POST /api/v1/mcp-tokens. The raw token is shown once in a yellow banner with a copy button and a "won't be shown again" warning. User dismisses manually.
• List: cards with name, prefix (mcpt_xxxx…), created date, last_used (or "never"). Revoked tokens render dimmed with a "revoked" pill.
• Revoke: trash button → confirm modal → soft delete.
• Toast feedback throughout.

Files

File	What
infrastructure/mcp_tokens.rs (new)	Three #[server] fns going through agent_client (auto-attaches the KC bearer + handles token refresh)
pages/mcp_tokens.rs (new)	The page component
app.rs	Adds Route::McpTokensPage at /mcp-tokens
pages/mod.rs, infrastructure/mod.rs	Module + re-export wiring

Test plan

• cargo fmt --all -- --check clean
• cargo clippy -p compliance-dashboard --features server -- -D warnings clean
• cargo clippy -p compliance-dashboard --features web --no-default-features -- -D warnings clean
• cargo check on both feature sets clean
• Manual after deploy: log in, hit /mcp-tokens, create a token, copy it, paste into a fresh curl against comp-mcp-dev.meghsakha.com/mcp, confirm tools/list works. Revoke; confirm a subsequent call 401s.

Followups

• No sidebar entry — matches mcp_servers (settings-style pages reached via direct URL). Worth a future Settings sub-menu pass.
• When the agent adds token expiry + per-tool scope, the create modal grows extra fields.

🤖 Generated with Claude Code

## Summary Adds a `/mcp-tokens` page so a logged-in user can mint, list, and revoke bearer tokens for the MCP server without curl. Stacks on **#92** (which added the agent endpoints + MCP middleware) — once both land, a user can copy a token from the dashboard straight into their LLM client config. **Targets `feat/m7.3-mcp-tenant-tokens` (#92's branch)** so the diff shown is only the UI changes. When #92 merges, this PR auto-retargets to main. ## UX - **Create**: "Create Token" button → inline form with name input. On submit, the server function calls `POST /api/v1/mcp-tokens`. The raw token is shown **once** in a yellow banner with a copy button and a "won't be shown again" warning. User dismisses manually. - **List**: cards with name, prefix (`mcpt_xxxx…`), created date, last_used (or "never"). Revoked tokens render dimmed with a "revoked" pill. - **Revoke**: trash button → confirm modal → soft delete. - Toast feedback throughout. ## Files | File | What | |---|---| | `infrastructure/mcp_tokens.rs` (new) | Three `#[server]` fns going through `agent_client` (auto-attaches the KC bearer + handles token refresh) | | `pages/mcp_tokens.rs` (new) | The page component | | `app.rs` | Adds `Route::McpTokensPage` at `/mcp-tokens` | | `pages/mod.rs`, `infrastructure/mod.rs` | Module + re-export wiring | ## Test plan - [x] `cargo fmt --all -- --check` clean - [x] `cargo clippy -p compliance-dashboard --features server -- -D warnings` clean - [x] `cargo clippy -p compliance-dashboard --features web --no-default-features -- -D warnings` clean - [x] `cargo check` on both feature sets clean - [ ] Manual after deploy: log in, hit `/mcp-tokens`, create a token, copy it, paste into a fresh curl against `comp-mcp-dev.meghsakha.com/mcp`, confirm tools/list works. Revoke; confirm a subsequent call 401s. ## Followups - No sidebar entry — matches `mcp_servers` (settings-style pages reached via direct URL). Worth a future Settings sub-menu pass. - When the agent adds token expiry + per-tool scope, the create modal grows extra fields. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

sharang added 1 commit 2026-06-18 10:54:19 +00:00

feat(dashboard): UI for managing MCP tokens ... b3a8a97729

Adds /mcp-tokens page that lets a logged-in user mint, list, and
revoke bearer tokens for the MCP server. Stacks on #92 (which added
the agent endpoints + middleware) — once both land, the loop is
closed: a user can copy a token from the dashboard straight into
their Claude Desktop / Cursor / ChatGPT MCP config.

UX
- "Create Token" button → inline form with name input.
- On submit, server function calls `POST /api/v1/mcp-tokens`. The
  raw token is shown ONCE in a prominent yellow banner with a copy
  button and a "won't be shown again" warning, then the user
  dismisses it manually.
- List view: card per token with name, prefix `mcpt_xxxx…`, created
  date, last_used (or "never"). Revoked tokens render dimmed with a
  "revoked" pill. Active tokens have a trash button → confirm
  modal → soft delete.
- Toast feedback on create/revoke success/failure.

Files
- infrastructure/mcp_tokens.rs (new) — three #[server] functions:
  fetch_mcp_tokens, create_mcp_token, revoke_mcp_token. All go
  through agent_client so the Keycloak Bearer is auto-attached;
  the agent then enforces tenant scoping on every endpoint.
- pages/mcp_tokens.rs (new) — the page component itself.
- app.rs — adds Route::McpTokensPage at /mcp-tokens.
- pages/mod.rs, infrastructure/mod.rs — module + re-export wiring.

Timestamp format
- The agent serializes BSON DateTime as extended JSON
  `{"$date":{"$numberLong":"..."}}`. Page has a small helper that
  accepts that shape, plain ISO strings, or anything else
  (best-effort). Same approach used elsewhere in the dashboard so
  there's no new dependency.

Test plan
- cargo fmt --all clean
- cargo clippy -p compliance-dashboard --features server
  -- -D warnings clean
- cargo clippy -p compliance-dashboard --features web
  --no-default-features -- -D warnings clean
- cargo check on both feature sets clean

Followup
- No sidebar entry yet (matches mcp_servers — settings-style
  pages are reached via direct URL today). Worth adding a
  Settings sub-menu in a separate UX pass.
- Token expiry + per-tool scope when those land on the agent side
  will need a small UI for the create modal (extra fields).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Some checks are pending

Hide all checks

CI / Check (pull_request) Successful in 8m8s

Details

CI / Detect Changes (pull_request) Has been skipped

Details

CI / Deploy Agent (pull_request) Has been skipped

Details

CI / Deploy Dashboard (pull_request) Has been skipped

Details

CI / Deploy Docs (pull_request) Has been skipped

Details

CI / Deploy MCP (pull_request) Has been skipped

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin feat/m7.3-mcp-tokens-ui:feat/m7.3-mcp-tokens-ui

git checkout feat/m7.3-mcp-tokens-ui

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

critical

enhancement

high

infrastructure

performance

security

v0.3.0

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Benjamin_Boenisch sharang (Sharang Parnerkar)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sharang/compliance-scanner-agent#94