coder · hugodutka · Aug 4, 2025 · Jul 28, 2025 · Jul 29, 2025 · Jul 31, 2025
diff --git a/coderd/mcp/mcp.go b/coderd/mcp/mcp.go
@@ -67,7 +67,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	s.streamableServer.ServeHTTP(w, r)
 }
 
-// RegisterTools registers all available MCP tools with the server
+// Register all available MCP tools with the server excluding:
+// - ReportTask - which requires dependencies not available in the remote MCP context
+// - ChatGPT search and fetch tools, which are redundant with the standard tools.
 func (s *Server) RegisterTools(client *codersdk.Client) error {
 	if client == nil {
 		return xerrors.New("client cannot be nil: MCP HTTP server requires authenticated client")
@@ -79,10 +81,36 @@ func (s *Server) RegisterTools(client *codersdk.Client) error {
 		return xerrors.Errorf("failed to initialize tool dependencies: %w", err)
 	}
 
-	// Register all available tools, but exclude tools that require dependencies not available in the
-	// remote MCP context
 	for _, tool := range toolsdk.All {
-		if tool.Name == toolsdk.ToolNameReportTask {
+		// the ReportTask tool requires dependencies not available in the remote MCP context
+		// the ChatGPT search and fetch tools are redundant with the standard tools.
+		if tool.Name == toolsdk.ToolNameReportTask ||
+			tool.Name == toolsdk.ToolNameChatGPTSearch || tool.Name == toolsdk.ToolNameChatGPTFetch {
+			continue
+		}
+
+		s.mcpServer.AddTools(mcpFromSDK(tool, toolDeps))
+	}
+	return nil
+}
+
+// ChatGPT tools are the search and fetch tools as defined in https://platform.openai.com/docs/mcp.
+// We do not expose any extra ones because ChatGPT has an undocumented "Safety Scan" feature.
+// In my experiments, if I included extra tools in the MCP server, ChatGPT would often - but not always -
+// refuse to add Coder as a connector.
+func (s *Server) RegisterChatGPTTools(client *codersdk.Client) error {
+	if client == nil {
+		return xerrors.New("client cannot be nil: MCP HTTP server requires authenticated client")
+	}
+
+	// Create tool dependencies
+	toolDeps, err := toolsdk.NewDeps(client)
+	if err != nil {
+		return xerrors.Errorf("failed to initialize tool dependencies: %w", err)
+	}
+
+	for _, tool := range toolsdk.All {
+		if tool.Name != toolsdk.ToolNameChatGPTSearch && tool.Name != toolsdk.ToolNameChatGPTFetch {
 			continue
 		}
 

diff --git a/coderd/mcp/mcp_e2e_test.go b/coderd/mcp/mcp_e2e_test.go
@@ -1215,6 +1215,155 @@ func TestMCPHTTP_E2E_OAuth2_EndToEnd(t *testing.T) {
 	})
 }
 
+func TestMCPHTTP_E2E_ChatGPTEndpoint(t *testing.T) {
+	t.Parallel()
+
+	// Setup Coder server with authentication
+	coderClient, closer, api := coderdtest.NewWithAPI(t, &coderdtest.Options{
+		IncludeProvisionerDaemon: true,
+	})
+	defer closer.Close()
+
+	user := coderdtest.CreateFirstUser(t, coderClient)
+
+	// Create template and workspace for testing search functionality
+	version := coderdtest.CreateTemplateVersion(t, coderClient, user.OrganizationID, nil)
+	coderdtest.AwaitTemplateVersionJobCompleted(t, coderClient, version.ID)
+	template := coderdtest.CreateTemplate(t, coderClient, user.OrganizationID, version.ID)
+
+	// Create MCP client pointing to the ChatGPT endpoint
+	mcpURL := api.AccessURL.String() + "/api/experimental/mcp/http?toolset=chatgpt"
+
+	// Configure client with authentication headers using RFC 6750 Bearer token
+	mcpClient, err := mcpclient.NewStreamableHttpClient(mcpURL,
+		transport.WithHTTPHeaders(map[string]string{
+			"Authorization": "Bearer " + coderClient.SessionToken(),
+		}))
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		if closeErr := mcpClient.Close(); closeErr != nil {
+			t.Logf("Failed to close MCP client: %v", closeErr)
+		}
+	})
+
+	ctx, cancel := context.WithTimeout(t.Context(), testutil.WaitLong)
+	defer cancel()
+
+	// Start client
+	err = mcpClient.Start(ctx)
+	require.NoError(t, err)
+
+	// Initialize connection
+	initReq := mcp.InitializeRequest{
+		Params: mcp.InitializeParams{
+			ProtocolVersion: mcp.LATEST_PROTOCOL_VERSION,
+			ClientInfo: mcp.Implementation{
+				Name:    "test-chatgpt-client",
+				Version: "1.0.0",
+			},
+		},
+	}
+
+	result, err := mcpClient.Initialize(ctx, initReq)
+	require.NoError(t, err)
+	require.Equal(t, mcpserver.MCPServerName, result.ServerInfo.Name)
+	require.Equal(t, mcp.LATEST_PROTOCOL_VERSION, result.ProtocolVersion)
+	require.NotNil(t, result.Capabilities)
+
+	// Test tool listing - should only have search and fetch tools for ChatGPT
+	tools, err := mcpClient.ListTools(ctx, mcp.ListToolsRequest{})
+	require.NoError(t, err)
+	require.NotEmpty(t, tools.Tools)
+
+	// Verify we have exactly the ChatGPT tools and no others
+	var foundTools []string
+	for _, tool := range tools.Tools {
+		foundTools = append(foundTools, tool.Name)
+	}
+
+	// ChatGPT endpoint should only expose search and fetch tools
+	assert.Contains(t, foundTools, toolsdk.ToolNameChatGPTSearch, "Should have ChatGPT search tool")
+	assert.Contains(t, foundTools, toolsdk.ToolNameChatGPTFetch, "Should have ChatGPT fetch tool")
+	assert.Len(t, foundTools, 2, "ChatGPT endpoint should only expose search and fetch tools")
+
+	// Should NOT have other tools that are available in the standard endpoint
+	assert.NotContains(t, foundTools, toolsdk.ToolNameGetAuthenticatedUser, "Should not have authenticated user tool")
+	assert.NotContains(t, foundTools, toolsdk.ToolNameListWorkspaces, "Should not have list workspaces tool")
+
+	t.Logf("ChatGPT endpoint tools: %v", foundTools)
+
+	// Test search tool - search for templates
+	var searchTool *mcp.Tool
+	for _, tool := range tools.Tools {
+		if tool.Name == toolsdk.ToolNameChatGPTSearch {
+			searchTool = &tool
+			break
+		}
+	}
+	require.NotNil(t, searchTool, "Expected to find search tool")
+
+	// Execute search for templates
+	searchReq := mcp.CallToolRequest{
+		Params: mcp.CallToolParams{
+			Name: searchTool.Name,
+			Arguments: map[string]any{
+				"query": "templates",
+			},
+		},
+	}
+
+	searchResult, err := mcpClient.CallTool(ctx, searchReq)
+	require.NoError(t, err)
+	require.NotEmpty(t, searchResult.Content)
+
+	// Verify the search result contains our template
+	assert.Len(t, searchResult.Content, 1)
+	if textContent, ok := searchResult.Content[0].(mcp.TextContent); ok {
+		assert.Equal(t, "text", textContent.Type)
+		assert.Contains(t, textContent.Text, template.ID.String(), "Search result should contain our test template")
+		t.Logf("Search result: %s", textContent.Text)
+	} else {
+		t.Errorf("Expected TextContent type, got %T", searchResult.Content[0])
+	}
+
+	// Test fetch tool
+	var fetchTool *mcp.Tool
+	for _, tool := range tools.Tools {
+		if tool.Name == toolsdk.ToolNameChatGPTFetch {
+			fetchTool = &tool
+			break
+		}
+	}
+	require.NotNil(t, fetchTool, "Expected to find fetch tool")
+
+	// Execute fetch for the template
+	fetchReq := mcp.CallToolRequest{
+		Params: mcp.CallToolParams{
+			Name: fetchTool.Name,
+			Arguments: map[string]any{
+				"id": fmt.Sprintf("template:%s", template.ID.String()),
+			},
+		},
+	}
+
+	fetchResult, err := mcpClient.CallTool(ctx, fetchReq)
+	require.NoError(t, err)
+	require.NotEmpty(t, fetchResult.Content)
+
+	// Verify the fetch result contains template details
+	assert.Len(t, fetchResult.Content, 1)
+	if textContent, ok := fetchResult.Content[0].(mcp.TextContent); ok {
+		assert.Equal(t, "text", textContent.Type)
+		assert.Contains(t, textContent.Text, template.Name, "Fetch result should contain template name")
+		assert.Contains(t, textContent.Text, template.ID.String(), "Fetch result should contain template ID")
+		t.Logf("Fetch result contains template data")
+	} else {
+		t.Errorf("Expected TextContent type, got %T", fetchResult.Content[0])
+	}
+
+	t.Logf("ChatGPT endpoint E2E test successful: search and fetch tools working correctly")
+}
+
 // Helper function to parse URL safely in tests
 func mustParseURL(t *testing.T, rawURL string) *url.URL {
 	u, err := url.Parse(rawURL)

diff --git a/coderd/mcp_http.go b/coderd/mcp_http.go
@@ -1,6 +1,7 @@
 package coderd
 
 import (
+	"fmt"
 	"net/http"
 
 	"cdr.dev/slog"
@@ -11,7 +12,15 @@ import (
 	"github.com/coder/coder/v2/codersdk"
 )
 
+type MCPToolset string
+
+const (
+	MCPToolsetStandard MCPToolset = "standard"
-	MCPToolsetStandard MCPToolset = "standard"
+	MCPToolsetStandard MCPToolset = ""
-	MCPToolsetStandard MCPToolset = "standard"
+	MCPToolsetStandard MCPToolset = ""
+	MCPToolsetChatGPT  MCPToolset = "chatgpt"
+)
+
 // mcpHTTPHandler creates the MCP HTTP transport handler
+// It supports a "toolset" query parameter to select the set of tools to register.
 func (api *API) mcpHTTPHandler() http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Create MCP server instance for each request
@@ -23,14 +32,30 @@ func (api *API) mcpHTTPHandler() http.Handler {
 			})
 			return
 		}
-
 		authenticatedClient := codersdk.New(api.AccessURL)
 		// Extract the original session token from the request
 		authenticatedClient.SetSessionToken(httpmw.APITokenFromRequest(r))
 
-		// Register tools with authenticated client
-		if err := mcpServer.RegisterTools(authenticatedClient); err != nil {
-			api.Logger.Warn(r.Context(), "failed to register MCP tools", slog.Error(err))
+		toolset := MCPToolset(r.URL.Query().Get("toolset"))
+		// Default to standard toolset if no toolset is specified.
+		if toolset == "" {
+			toolset = MCPToolsetStandard
+		}
+
+		switch toolset {
+		case MCPToolsetStandard:
+			if err := mcpServer.RegisterTools(authenticatedClient); err != nil {
+				api.Logger.Warn(r.Context(), "failed to register MCP tools", slog.Error(err))
+			}
+		case MCPToolsetChatGPT:
+			if err := mcpServer.RegisterChatGPTTools(authenticatedClient); err != nil {
+				api.Logger.Warn(r.Context(), "failed to register MCP tools", slog.Error(err))
+			}
+		default:
+			httpapi.Write(r.Context(), w, http.StatusBadRequest, codersdk.Response{
+				Message: fmt.Sprintf("Invalid toolset: %s", toolset),
+			})
+			return
 		}
 
 		// Handle the MCP request