Surfaces the new mcp_server_configs.custom_headers_user_keys and
custom_headers_user_key_descriptions columns through the MCP admin
API, and adds three /user-headers endpoints for users to manage
their own values:
- GET /api/experimental/mcp/servers/{id}/user-headers
- PUT /api/experimental/mcp/servers/{id}/user-headers
- DELETE /api/experimental/mcp/servers/{id}/user-headers
Endpoint contracts:
- Admin CreateMCPServerConfig and UpdateMCPServerConfig accept the
new fields and validate that user-set keys are disjoint from the
admin-set CustomHeaders (case-insensitive), unique among
themselves, and only used when AuthType is custom_headers.
- The user endpoints validate keys against the server's declared
CustomHeadersUserKeys, accept empty values to clear a single
key, and use case-insensitive key matching.
- The list and get responses now expose CustomHeadersUserKeys and
CustomHeadersUserKeyDescriptions so the settings UI can prompt
the user without leaking admin-set CustomHeaders values.
- AuthConnected on the list response also reflects user header
state per caller.
Endpoints are marked experimental and excluded from generated
swagger via @x-apidocgen skip annotations.
The minimal fixture additions to AgentChatInput.stories.tsx,
ChatElements/tools/Tool.stories.tsx, MCPServerAdminPanel.tsx,
MCPServerAdminPanel.stories.tsx, and MCPServerPicker.stories.tsx
keep tsc green now that MCPServerConfig requires the two new
fields; the full UI for user-set custom headers lands in a later
stack PR.
Stack: 3/6 (backend API and SDK)
Steven Masley
94939e2fbb