Validate MCP app CSP metadata

Signed-off-by: Andrew Harvard <aharvard@squareup.com>

Author: aharvard

ui/goose2/src/features/chat/ui/__tests__/mcpAppPayload.test.ts

@@ -0,0 +1,66 @@
+import { describe, expect, it } from "vitest";
+import { extractRenderableMcpAppDocument } from "../mcpAppPayload";
+import type { McpAppPayload } from "@/shared/types/messages";
+
+function createPayload(csp: unknown): McpAppPayload {
+  return {
+    sessionId: "session-1",
+    gooseSessionId: null,
+    toolCallId: "tool-1",
+    toolCallTitle: "inspect app",
+    source: "toolCallUpdateMeta",
+    tool: {
+      name: "inspect-app",
+      extensionName: "mcpappbench",
+      resourceUri: "ui://inspect-app",
+    },
+    resource: {
+      result: {
+        contents: [
+          {
+            uri: "ui://inspect-app",
+            mimeType: "text/html;profile=mcp-app",
+            text: "<div>App</div>",
+            _meta: {
+              ui: {
+                csp,
+              },
+            },
+          },
+        ],
+      },
+    },
+  };
+}
+
+describe("extractRenderableMcpAppDocument", () => {
+  it("normalizes MCP app CSP metadata to string arrays", () => {
+    const document = extractRenderableMcpAppDocument(
+      createPayload({
+        connectDomains: "https://api.example.com",
+        resourceDomains: ["https://cdn.example.com", 42],
+        frameDomains: ["https://frame.example.com"],
+        baseUriDomains: { origin: "https://base.example.com" },
+        scriptDomains: ["https://scripts.example.com"],
+      }),
+    );
+
+    expect(document?.csp).toEqual({
+      resourceDomains: ["https://cdn.example.com"],
+      frameDomains: ["https://frame.example.com"],
+      scriptDomains: ["https://scripts.example.com"],
+    });
+  });
+
+  it("drops malformed MCP app CSP metadata", () => {
+    const document = extractRenderableMcpAppDocument(
+      createPayload({
+        connectDomains: "https://api.example.com",
+        resourceDomains: [],
+        frameDomains: { origin: "https://frame.example.com" },
+      }),
+    );
+
+    expect(document?.csp).toBeNull();
+  });
+});

ui/goose2/src/features/chat/ui/mcpAppPayload.ts

@@ -26,6 +26,13 @@ type TextContentWithMeta = GooseTextResourceContents & {
 };
 
 const MCP_APP_RESOURCE_MIME_TYPE = UI_EXTENSION_CONFIG.mimeTypes[0];
+const MCP_APP_CSP_FIELDS = [
+  "connectDomains",
+  "resourceDomains",
+  "frameDomains",
+  "baseUriDomains",
+  "scriptDomains",
+] satisfies readonly (keyof McpAppResourceCsp)[];
 
 function isRecord(value: unknown): value is Record<string, unknown> {
   return typeof value === "object" && value !== null;
@@ -59,6 +66,33 @@ function getContentPriority(content: TextContentWithMeta): number {
   return 2;
 }
 
+function normalizeCspDomains(value: unknown): string[] | undefined {
+  if (!Array.isArray(value)) {
+    return undefined;
+  }
+
+  const domains = value.filter(
+    (domain): domain is string => typeof domain === "string",
+  );
+  return domains.length > 0 ? domains : undefined;
+}
+
+function normalizeResourceCsp(csp: unknown): McpAppResourceCsp | null {
+  if (!isRecord(csp)) {
+    return null;
+  }
+
+  const normalized: McpAppResourceCsp = {};
+  for (const field of MCP_APP_CSP_FIELDS) {
+    const domains = normalizeCspDomains(csp[field]);
+    if (domains) {
+      normalized[field] = domains;
+    }
+  }
+
+  return Object.keys(normalized).length > 0 ? normalized : null;
+}
+
 export function extractRenderableMcpAppDocument(
   payload: McpAppPayload,
 ): RenderableMcpAppDocument | null {
@@ -84,7 +118,7 @@ export function extractRenderableMcpAppDocument(
   return {
     html: bestContent.text,
     resourceUri: bestContent.uri ?? payload.tool.resourceUri,
-    csp: isRecord(csp) ? (csp as McpAppResourceCsp) : null,
+    csp: normalizeResourceCsp(csp),
     prefersBorder: metadata?.prefersBorder ?? true,
   };
 }