Introduce mcp_server_enabled as dedicated MCP server availability gate

Tan Lerequested to merge
feature/mcp-server-backend-milestone-n into master

What does this MR do and why?

What does this MR do and why?

Introduces mcp_server_enabled as a dedicated availability setting for MCP server access at both the instance and group level, gated behind the mcp_server_availability_setting feature flag (milestone 18.12).

Previously, MCP server availability was derived from a combination of existing Duo settings (duo_features_enabled, instance_level_ai_beta_features_enabled). This MR adds mcp_server_enabled as a first-class setting and wires it through the backend stack so it becomes the single authoritative gate when the flag is on, while falling back to the existing Duo checks when it is off.

Changes:

  • Feature flag - adds mcp_server_availability_setting (gitlab_com_derisk, off by default) to guard the rollout.
  • Model - moves mcp_server_enabled delegation and the with_mcp_server_enabled scope to CE Namespace. Adds a mcp_server_enabled? predicate that returns a strict boolean (false for non-root namespaces and nil settings).
  • API - MCP API availability check uses Gitlab::CurrentSettings.mcp_server_enabled? when the flag is on, replacing the combined duo_features_enabled? + instance_level_ai_beta_features_enabled? check.
  • User authorization - adds any_group_with_mcp_server_enabled? on User, cached for 1 hour, which queries the user's root groups via the with_mcp_server_enabled scope when the flag is on. The MCP cache key is intentionally kept separate from the AI availability cache - dedicated cache invalidation on mcp_server_enabled change will follow in a subsequent MR.
  • Group settings - adds mcp_server_setting_available? to Group, exposes mcp_server_enabled as an allowlisted param in GroupsController, and adds an MCP client access toggle to the group Permissions settings page with a corresponding audit event.

Related MRs:

  • Catalog policy gating (read_ai_catalog_mcp_server) is handled in a separate MR based on this branch.
  • Frontend toggle UI (mcp_server_enabled in admin AI settings) is handled in the frontend MR.
  • Dedicated mcp_server_enabled cache invalidation worker will follow in a subsequent MR.

References

Screenshots or screen recordings

Before After
Screenshot_2026-05-06_at_4.27.54_pm Screenshot_2026-05-06_at_4.22.33_pm

How to set up and validate locally

  1. Check out this MR's branch.
  2. In rails console enable the feature flag 
    Feature.enable(:mcp_server_availability_setting)
  3. Visit any top-level group settings http://gdk.test:8080/groups/gitlab-duo/-/edit#js-permissions-settings.
  4. Navigate to the Permissions and group features section.
  5. Try to toggle the MCP client access setting and ensure the change persisted on save.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Tan Le

Merge request reports