[subtask] [Subtask 3/4] Add OCI authentication to MCP load-component tool #563
Description
Parent Issue: #559
Objective
Add OCI authentication support to the MCP load-component tool, enabling AI agents to load private components with authentication.
Context
Subtasks 1 and 2 implemented OCI authentication for the CLI, but the MCP built-in tool load-component (used by AI agents) doesn't yet support authentication parameters. This subtask extends the MCP tool to accept and use credentials when loading components from private registries.
Implementation Details
Files to Modify
-
MCP Tool Schema (in
crates/mcp-server/src/components.rs):- Update the
load-componenttool schema to include optional authentication parameters:{ "name": "load-component", "description": "Load a WebAssembly component from a file path or OCI registry", "inputSchema": { "type": "object", "properties": { "path": { "type": "string", "description": "Path to component ((redacted) or (redacted))" }, "registry_user": { "type": "string", "description": "Registry username for OCI authentication (optional)" }, "registry_password": { "type": "string", "description": "Registry password for OCI authentication (optional)" } }, "required": ["path"] } }
- Update the
-
crates/mcp-server/src/components.rs(line 44-86):- Update
handle_load_component()to extract optionalregistry_userandregistry_passwordfrom args - Pass credentials to
lifecycle_manager.load_component() - Ensure sensitive data (passwords) are not logged
- Update
-
Documentation:
- Update built-in tools documentation to mention authentication support
- Add examples of using authentication with AI agents
Key Implementation Notes
- Extract credentials from MCP tool arguments safely
- Security: Never log passwords or include them in error messages visible to clients
- Fallback: If no credentials provided, use Docker config (Subtask 1) or Anonymous
- Consider using Wassette's existing secrets management for storing registry credentials per-component
- The MCP client (AI agent) will prompt users for credentials when needed
Security Considerations
- Passwords in MCP tool calls are transmitted over the MCP transport (typically local stdio/SSE)
- Consider logging a warning when credentials are provided via MCP vs Docker config
- Ensure error messages don't leak credential information
- Add documentation about preferred authentication methods (Docker config > explicit credentials)
Acceptance Criteria
- MCP
load-componenttool accepts optionalregistry_userandregistry_passwordparameters - Credentials are passed correctly to the loading pipeline
- Loading private components via MCP works with explicit credentials
- Docker config fallback still works when credentials not provided
- Passwords are never logged or exposed in error messages
- Tool schema validation works correctly
- Tests added for MCP tool with authentication
- Documentation updated with examples
Testing Strategy
-
Unit tests:
- Test argument extraction from MCP tool call request
- Test credential passing to lifecycle manager
- Verify password sanitization in logs
-
Integration tests:
- Test MCP tool call with valid credentials (may need test registry)
- Test MCP tool call without credentials (Docker config fallback)
- Test error handling with invalid credentials
-
Manual testing with MCP inspector:
# Start Wassette MCP server just run # Use MCP inspector to test load-component with auth npx `@modelcontextprotocol/inspector` --cli (redacted) \ --method tools/call \ --tool-name load-component \ --tool-arg path=(redacted) \ --tool-arg registry_user=myuser \ --tool-arg registry_password=mypass
Dependencies
Depends on Subtasks 1 and 2 being completed (authentication infrastructure and CLI support).
Example AI Agent Interaction
User: Load the private component from (redacted)
AI Agent: To load this private component, I need credentials. What is your registry username?
User: myusername
AI Agent: What is the registry password?
User: [provides password]
AI Agent: [calls load-component tool with credentials]
Component loaded successfully!
Related to #559