Skip to content

add list of allowed headers to be passed to tool calls #1217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kevin-shelaga wants to merge 4 commits into
base: main
Choose a base branch
from
Open

add list of allowed headers to be passed to tool calls #1217

kevin-shelaga wants to merge 4 commits into from

Conversation

@kevin-shelaga
Copy link
Contributor

@kevin-shelaga kevin-shelaga commented Jan 18, 2026
edited
Loading

Add new allowedHeaders option on agent mcp server config. Its an array of string (case insensitive) of headers to be passed along to tool calls.

This is useful for things outside of jwt, like passing in tenant id and user email for cloud provider calls.

@kevin-shelaga
add list of allowed headers to be passed to tool cals
06920a8 
Signed-off-by: kevin-shelaga <kevin.shelaga@solo.io>
Copilot AI review requested due to automatic review settings January 18, 2026 13:05
@kevin-shelaga kevin-shelaga changed the title add list of allowed headers to be passed to tool cals add list of allowed headers to be passed to tool calls Jan 18, 2026
Copilot AI reviewed Jan 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for propagating specific HTTP headers from A2A requests to MCP tool calls, allowing selective header forwarding based on a configured allowlist.

Changes:

  • Added header propagation functionality to combine STS tokens with allowlisted headers from A2A requests
  • Updated CRDs and Go types to support allowedHeaders configuration on Agent MCP tools
  • Added new dependencies (filelock and urllib3) to support the implementation

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
python/uv.lock Updated filelock (3.18.0 → 3.20.3) and urllib3 (2.5.0 → 2.6.3), added as new dependencies
python/packages/kagent-adk/tests/unittests/test_header_propagation.py Comprehensive unit tests for header propagation including case-insensitivity, STS combination, and edge cases
python/packages/kagent-adk/src/kagent/adk/types.py Core implementation of create_header_provider function and propagate_headers fields on MCP server configs
helm/kagent-crds/templates/kagent.dev_remotemcpservers.yaml Added allowedHeaders field to RemoteMCPServer CRD schema
go/internal/controller/translator/agent/testdata/inputs/agent_with_allowed_headers.yaml Test data demonstrating agent configuration with allowed headers
go/internal/controller/translator/agent/adk_api_translator.go Updated translator to pass allowedHeaders from Agent spec to ADK config
go/internal/adk/types.go Added PropagateHeaders field to HttpMcpServerConfig and SseMcpServerConfig structs
go/config/crd/bases/kagent.dev_agents.yaml Added allowedHeaders field to McpServerTool in Agent CRD schema
go/api/v1alpha2/zz_generated.deepcopy.go Generated deepcopy implementation for AllowedHeaders field
go/api/v1alpha2/agent_types.go Added AllowedHeaders field to McpServerTool struct

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kevin-shelaga
fix unused import and address header order to stop overwrites
cd37bb6 
Signed-off-by: kevin-shelaga <kevin.shelaga@solo.io>
@kevin-shelaga
add test data output
0e2e49b 
Signed-off-by: kevin-shelaga <kevin.shelaga@solo.io>
@kevin-shelaga
make golden tests deterministic by setting otel env var consistently,…
4f1a884 
… remove old ref from remote mcp servers

Signed-off-by: kevin-shelaga <kevin.shelaga@solo.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@EItanya EItanya Awaiting requested review from EItanya EItanya is a code owner

@ilackarms ilackarms Awaiting requested review from ilackarms ilackarms is a code owner

@yuval-k yuval-k Awaiting requested review from yuval-k yuval-k is a code owner

@peterj peterj Awaiting requested review from peterj peterj is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kevin-shelaga