coder
diff --git a/‎cli/testdata/coder_server_--help.golden‎
Lines changed: 5 additions & 0 deletions b/‎cli/testdata/coder_server_--help.golden‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎cli/testdata/server-config.yaml.golden‎
Lines changed: 4 additions & 0 deletions b/‎cli/testdata/server-config.yaml.golden‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go‎
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/docs.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json‎
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/swagger.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎codersdk/deployment.go‎
Lines changed: 15 additions & 4 deletions b/‎codersdk/deployment.go‎
Lines changed: 15 additions & 4 deletions
diff --git a/‎docs/reference/api/general.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/reference/api/general.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/reference/api/schemas.md‎
Lines changed: 11 additions & 6 deletions b/‎docs/reference/api/schemas.md‎
Lines changed: 11 additions & 6 deletions
diff --git a/‎docs/reference/cli/server.md‎
Lines changed: 11 additions & 0 deletions b/‎docs/reference/cli/server.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎enterprise/aibridgedserver/aibridgedserver.go‎
Lines changed: 14 additions & 9 deletions b/‎enterprise/aibridgedserver/aibridgedserver.go‎
Lines changed: 14 additions & 9 deletions
diff --git a/‎enterprise/aibridgedserver/aibridgedserver_test.go‎
Lines changed: 21 additions & 9 deletions b/‎enterprise/aibridgedserver/aibridgedserver_test.go‎
Lines changed: 21 additions & 9 deletions
@@ -109,6 +109,11 @@ AIBRIDGE OPTIONS:
       --aibridge-enabled bool, $CODER_AIBRIDGE_ENABLED (default: false)
           Whether to start an in-memory aibridged instance.
 
+      --aibridge-inject-coder-mcp-tools bool, $CODER_AIBRIDGE_INJECT_CODER_MCP (default: true)
+          Whether to inject Coder's MCP tools into intercepted AI Bridge
+          requests (requires the "oauth2" and "mcp-server-http" experiments to
+          be enabled).
+
       --aibridge-openai-base-url string, $CODER_AIBRIDGE_OPENAI_BASE_URL (default: https://api.openai.com/v1/)
           The base URL of the OpenAI API.
 
 
@@ -747,3 +747,7 @@ aibridge:
   # https://docs.claude.com/en/docs/claude-code/settings#environment-variables.
   # (default: global.anthropic.claude-haiku-4-5-20251001-v1:0, type: string)
   bedrock_small_fast_model: global.anthropic.claude-haiku-4-5-20251001-v1:0
+  # Whether to inject Coder's MCP tools into intercepted AI Bridge requests
+  # (requires the "oauth2" and "mcp-server-http" experiments to be enabled).
+  # (default: true, type: bool)
+  inject_coder_mcp_tools: true
@@ -3339,6 +3339,16 @@ Write out the current server config as YAML to stdout.`,
 			Group:       &deploymentGroupAIBridge,
 			YAML:        "bedrock_small_fast_model",
 		},
+		{
+			Name:        "AIBridge Inject Coder MCP tools",
+			Description: "Whether to inject Coder's MCP tools into intercepted AI Bridge requests (requires the \"oauth2\" and \"mcp-server-http\" experiments to be enabled).",
+			Flag:        "aibridge-inject-coder-mcp-tools",
+			Env:         "CODER_AIBRIDGE_INJECT_CODER_MCP",
+			Value:       &c.AI.BridgeConfig.InjectCoderMCPTools,
+			Default:     "true",
+			Group:       &deploymentGroupAIBridge,
+			YAML:        "inject_coder_mcp_tools",
+		},
 		{
 			Name: "Enable Authorization Recordings",
 			Description: "All api requests will have a header including all authorization calls made during the request. " +
@@ -3358,10 +3368,11 @@ Write out the current server config as YAML to stdout.`,
 }
 
 type AIBridgeConfig struct {
-	Enabled   serpent.Bool            `json:"enabled" typescript:",notnull"`
-	OpenAI    AIBridgeOpenAIConfig    `json:"openai" typescript:",notnull"`
-	Anthropic AIBridgeAnthropicConfig `json:"anthropic" typescript:",notnull"`
-	Bedrock   AIBridgeBedrockConfig   `json:"bedrock" typescript:",notnull"`
+	Enabled             serpent.Bool            `json:"enabled" typescript:",notnull"`
+	OpenAI              AIBridgeOpenAIConfig    `json:"openai" typescript:",notnull"`
+	Anthropic           AIBridgeAnthropicConfig `json:"anthropic" typescript:",notnull"`
+	Bedrock             AIBridgeBedrockConfig   `json:"bedrock" typescript:",notnull"`
+	InjectCoderMCPTools serpent.Bool            `json:"inject_coder_mcp_tools" typescript:",notnull"`
 }
 
 type AIBridgeOpenAIConfig struct {
 
@@ -77,7 +77,8 @@ type Server struct {
 	coderMCPConfig *proto.MCPServerConfig // may be nil if not available
 }
 
-func NewServer(lifecycleCtx context.Context, store store, logger slog.Logger, accessURL string, externalAuthConfigs []*externalauth.Config, experiments codersdk.Experiments) (*Server, error) {
+func NewServer(lifecycleCtx context.Context, store store, logger slog.Logger, accessURL string,
+	bridgeCfg codersdk.AIBridgeConfig, externalAuthConfigs []*externalauth.Config, experiments codersdk.Experiments) (*Server, error) {
 	eac := make(map[string]*externalauth.Config, len(externalAuthConfigs))
 
 	for _, cfg := range externalAuthConfigs {
@@ -88,18 +89,22 @@ func NewServer(lifecycleCtx context.Context, store store, logger slog.Logger, ac
 		eac[cfg.ID] = cfg
 	}
 
-	coderMCPConfig, err := getCoderMCPServerConfig(experiments, accessURL)
-	if err != nil {
-		logger.Warn(lifecycleCtx, "failed to retrieve coder MCP server config, Coder MCP will not be available", slog.Error(err))
-	}
-
-	return &Server{
+	srv := &Server{
 		lifecycleCtx:        lifecycleCtx,
 		store:               store,
 		logger:              logger.Named("aibridgedserver"),
 		externalAuthConfigs: eac,
-		coderMCPConfig:      coderMCPConfig,
-	}, nil
+	}
+
+	if bridgeCfg.InjectCoderMCPTools {
+		coderMCPConfig, err := getCoderMCPServerConfig(experiments, accessURL)
+		if err != nil {
+			logger.Warn(lifecycleCtx, "failed to retrieve coder MCP server config, Coder MCP will not be available", slog.Error(err))
+		}
+		srv.coderMCPConfig = coderMCPConfig
+	}
+
+	return srv, nil
 }
 
 func (s *Server) RecordInterception(ctx context.Context, in *proto.RecordInterceptionRequest) (*proto.RecordInterceptionResponse, error) {
 
@@ -32,6 +32,7 @@ import (
 	"github.com/coder/coder/v2/enterprise/aibridged/proto"
 	"github.com/coder/coder/v2/enterprise/aibridgedserver"
 	"github.com/coder/coder/v2/testutil"
+	"github.com/coder/serpent"
 )
 
 var requiredExperiments = []codersdk.Experiment{
@@ -169,7 +170,7 @@ func TestAuthorization(t *testing.T) {
 				tc.mocksFn(db, apiKey, user)
 			}
 
-			srv, err := aibridgedserver.NewServer(t.Context(), db, logger, "/", nil, requiredExperiments)
+			srv, err := aibridgedserver.NewServer(t.Context(), db, logger, "/", codersdk.AIBridgeConfig{}, nil, requiredExperiments)
 			require.NoError(t, err)
 			require.NotNil(t, srv)
 
@@ -203,11 +204,12 @@ func TestGetMCPServerConfigs(t *testing.T) {
 	}
 
 	cases := []struct {
-		name                string
-		experiments         codersdk.Experiments
-		externalAuthConfigs []*externalauth.Config
-		expectCoderMCP      bool
-		expectedExternalMCP bool
+		name                     string
+		disableCoderMCPInjection bool
+		experiments              codersdk.Experiments
+		externalAuthConfigs      []*externalauth.Config
+		expectCoderMCP           bool
+		expectedExternalMCP      bool
 	}{
 		{
 			name:        "experiments not enabled",
@@ -238,6 +240,14 @@ func TestGetMCPServerConfigs(t *testing.T) {
 			expectCoderMCP:      true,
 			expectedExternalMCP: true,
 		},
+		{
+			name:                     "both internal & external MCP, but coder MCP tools not injected",
+			disableCoderMCPInjection: true,
+			experiments:              requiredExperiments,
+			externalAuthConfigs:      externalAuthCfgs,
+			expectCoderMCP:           false,
+			expectedExternalMCP:      true,
+		},
 	}
 
 	for _, tc := range cases {
@@ -249,7 +259,9 @@ func TestGetMCPServerConfigs(t *testing.T) {
 			logger := testutil.Logger(t)
 
 			accessURL := "https://my-cool-deployment.com"
-			srv, err := aibridgedserver.NewServer(t.Context(), db, logger, accessURL, tc.externalAuthConfigs, tc.experiments)
+			srv, err := aibridgedserver.NewServer(t.Context(), db, logger, accessURL, codersdk.AIBridgeConfig{
+				InjectCoderMCPTools: serpent.Bool(!tc.disableCoderMCPInjection),
+			}, tc.externalAuthConfigs, tc.experiments)
 			require.NoError(t, err)
 			require.NotNil(t, srv)
 
@@ -287,7 +299,7 @@ func TestGetMCPServerAccessTokensBatch(t *testing.T) {
 	logger := testutil.Logger(t)
 
 	// Given: 2 external auth configured with MCP and 1 without.
-	srv, err := aibridgedserver.NewServer(t.Context(), db, logger, "/", []*externalauth.Config{
+	srv, err := aibridgedserver.NewServer(t.Context(), db, logger, "/", codersdk.AIBridgeConfig{}, []*externalauth.Config{
 		{
 			ID:     "1",
 			MCPURL: "1.com/mcp",
@@ -794,7 +806,7 @@ func testRecordMethod[Req any, Resp any](
 			}
 
 			ctx := testutil.Context(t, testutil.WaitLong)
-			srv, err := aibridgedserver.NewServer(ctx, db, logger, "/", nil, requiredExperiments)
+			srv, err := aibridgedserver.NewServer(ctx, db, logger, "/", codersdk.AIBridgeConfig{}, nil, requiredExperiments)
 			require.NoError(t, err)
 
 			resp, err := callMethod(srv, ctx, tc.request)