Add MCP requirements enforcement and update related configurations

- Introduce `mcp.requirements` section in configuration for allowed stdio commands and HTTP endpoints.
- Implement enforcement logic in MCP client to skip providers not matching requirements.
- Update documentation to reflect new configuration options and usage.
- Enhance tool naming conventions for MCP tools to support new requirements.
- Adjust UI styles for better distinction between assistant and PTY output.

Author: vinhnx

docs/config/CONFIG_FIELD_REFERENCE.md

@@ -239,6 +239,11 @@ python3 scripts/generate_config_field_reference.py
 | `mcp.max_concurrent_connections` | `integer` | no | `5` | Maximum number of concurrent MCP connections |
 | `mcp.providers` | `array` | no | `[]` | Configured MCP providers |
 | `mcp.providers[]` | `object` | no | `-` | Configuration for a single MCP provider |
+| `mcp.requirements.allowed_http_endpoints` | `array` | no | `[]` | Allowed HTTP endpoints when MCP requirements enforcement is enabled |
+| `mcp.requirements.allowed_http_endpoints[]` | `string` | no | `-` | - |
+| `mcp.requirements.allowed_stdio_commands` | `array` | no | `[]` | Allowed stdio command names when MCP requirements enforcement is enabled |
+| `mcp.requirements.allowed_stdio_commands[]` | `string` | no | `-` | - |
+| `mcp.requirements.enforce` | `boolean` | no | `false` | Enforce provider admission against transport identity allowlists |
 | `mcp.request_timeout_seconds` | `integer` | no | `30` | Request timeout in seconds |
 | `mcp.retry_attempts` | `integer` | no | `3` | Connection retry attempts |
 | `mcp.security.api_key_env` | `null \| string` | no | `null` | API key for MCP server authentication (environment variable name) |

docs/guides/mcp-integration.md

@@ -49,6 +49,7 @@ following table:
 | `startup_timeout_seconds` | `null` | Optional provider start handshake timeout; inherits `request_timeout_seconds` when unset. |
 | `tool_timeout_seconds` | `null` | Optional per-tool guard for long-running operations. |
 | `experimental_use_rmcp_client` | `true` | Enables the Rust MCP client so HTTP/streamable transports are available. |
+| `requirements` | `enforce = false` | Optional transport-identity allowlist for admitting providers during initialization. |
 | `ui` | `mode = "compact"`, `max_events = 50`, `show_provider_names = true` | Controls event rendering inside the TUI. |
 
 Configure overrides as needed:
@@ -62,11 +63,18 @@ retry_attempts = 2
 startup_timeout_seconds = 90   # optional: provider startup handshake window
 tool_timeout_seconds = 45      # optional: per-tool execution deadline
 experimental_use_rmcp_client = true
+
+[mcp.requirements]
+enforce = false
+allowed_stdio_commands = ["uvx", "npx"]
+allowed_http_endpoints = ["https://mcp.example.com/api"]
 ```
 
 `startup_timeout_seconds` defaults to `None`, which falls back to the global `request_timeout_seconds`
 value. Setting it to `0` disables the startup timeout entirely—handy for first-run npm downloads.
 `tool_timeout_seconds` behaves the same way for individual tool calls.
+When `mcp.requirements.enforce = true`, providers whose stdio `command` or HTTP `endpoint` is not
+allowlisted are skipped during MCP initialization.
 
 ### UI configuration
 

docs/mcp/MCP_INTEGRATION_GUIDE.md

@@ -2,6 +2,8 @@
 
 This document outlines how VT Code implements Model Context Protocol (MCP) based on Claude's official MCP specifications and best practices.
 
+> Status: this file is a high-level architecture reference. For accurate, current configuration and behavior, use `docs/guides/mcp-integration.md`.
+
 ## Overview
 
 VT Code integrates MCP to connect with external tools, databases, and APIs through the `vtcode-core/src/mcp/` module. MCP provides a standardized interface for AI agents to access tools beyond their native capabilities.
@@ -45,30 +47,7 @@ mcp/
 
 ### Configuration Files
 
-**Project-Scoped** (checked into source control):
-```json
-// .mcp.json
-{
-  "mcpServers": {
-    "server_name": {
-      "command": "npx",
-      "args": ["mcp-server-name"],
-      "type": "stdio",
-      "env": {
-        "API_KEY": "value"
-      }
-    }
-  }
-}
-```
-
-**User-Scoped** (personal, cross-project):
-```
-~/.claude.json
-// Under "mcpServers" field
-```
-
-**Runtime Configuration**:
+**Runtime Configuration (`vtcode.toml`)**:
 ```toml
 # vtcode.toml
 [mcp]
@@ -137,7 +116,7 @@ transport = {
 **Implementation**: `rmcp_transport.rs:create_http_transport()`
 - Requires `experimental_use_rmcp_client = true`
 - Remote server integration
-- OAuth 2.0 authentication support (via `/mcp` CLI command)
+- OAuth CLI login/logout flows are not implemented in VT Code yet
 
 ### 3. Child Process Transport (Advanced)
 
@@ -174,10 +153,9 @@ prompts = ["prompt_name"]
 
 ### Access Control
 
-**Token Management**:
-- Stored securely on disk
-- Automatically refreshed
-- Revocable via `/mcp` CLI
+**Token/API Key Management**:
+- Use `api_key_env` or `env_http_headers` to source credentials from environment variables
+- Avoid embedding secrets directly in config files
 
 **API Key Handling**:
 - Read from environment variables (recommended)
@@ -352,8 +330,9 @@ fn get_status(&self) -> McpClientStatus
 # Configure server
 /mcp config <name> --env KEY=value
 
-# Authenticate remote server
-/mcp authenticate <name>
+# OAuth login/logout placeholders (currently return "not implemented")
+/mcp login <name>
+/mcp logout <name>
 
 # Remove server
 /mcp remove <name>
@@ -464,9 +443,8 @@ pub struct McpProvider {
 - Review output size in tool design
 
 **4. Authentication Failures**
-- Use `/mcp authenticate <name>` for OAuth
-- Verify API keys in environment variables
-- Check token refresh status
+- Verify API keys and header env vars are set
+- Confirm `api_key_env` / `env_http_headers` entries match exported variable names
 
 ### Diagnostic Commands
 
@@ -536,9 +514,8 @@ Implement additional transport types by extending `rmcp_transport.rs`:
    - Monitor token usage with `MAX_MCP_OUTPUT_TOKENS`
 
 4. **Configuration Management**
-   - Use `.mcp.json` for project-specific servers
-   - Use `~/.claude.json` for personal utilities
-   - Use `vtcode.toml` for runtime configuration
+   - Configure MCP providers in `vtcode.toml`
+   - Keep secrets in environment variables
    - Document custom servers in project README
 
 5. **Testing**

docs/project/TODO.md

@@ -96,3 +96,10 @@ https://sw.kovidgoyal.net/kitty/graphics-protocol/
 2. consider showing image as popup and on demand only to save memory and reduce token usage, instead of embedding image data directly in the prompt or response.
 3. suggestion, when an image is detected in the chat user input. show as a [image #N] tag in the user prompt, similiar to [pasted text #N] for pasted text. then the agent can choose to request the image data if needed, and the system can provide the image data in a separate tool call or context update, rather than embedding it directly in the prompt. This would allow for more efficient handling of images without bloating the prompt with large base64 data.
 4. also allow keyboard shortcut to view the image in a popup viewer, so that users can easily view the image without it taking up space in the main chat interface. like keyboard and click on the [image #N] tag to open the image in a popup.
+
+---
+
+increase assistant agent message ansi brighter.
+current it look identical to PTY output message " All checks passed. No changes required." '/Users/vinhnguyenxuan/Desktop/Screenshot 2026-03-05 at 9.16.19 PM.png'
+
+make sure PTY output message is dimmer and assistant agent message is brighter, so that it's easier to visually distinguish between the two types of messages in the chat interface. This will improve readability and help users quickly identify which messages are from the assistant agent versus which are outputs from PTY commands. Consider using different ANSI color codes or brightness levels to achieve this visual distinction effectively.

src/agent/runloop/unified/session_setup/mcp_tools.rs

@@ -1,5 +1,6 @@
 use vtcode_core::llm::provider as uni;
 use vtcode_core::mcp::McpToolInfo;
+use vtcode_core::tools::mcp::model_visible_mcp_tool_name;
 
 fn build_single_mcp_tool_definition(tool: &McpToolInfo) -> uni::ToolDefinition {
     let parameters = vtcode_core::llm::providers::gemini::sanitize_function_parameters(
@@ -14,7 +15,11 @@ fn build_single_mcp_tool_definition(tool: &McpToolInfo) -> uni::ToolDefinition {
         )
     };
 
-    uni::ToolDefinition::function(format!("mcp_{}", tool.name), description, parameters)
+    uni::ToolDefinition::function(
+        model_visible_mcp_tool_name(&tool.provider, &tool.name),
+        description,
+        parameters,
+    )
 }
 
 pub fn build_mcp_tool_definitions(tools: &[McpToolInfo]) -> Vec<uni::ToolDefinition> {

src/agent/runloop/unified/tool_output_handler.rs

@@ -165,6 +165,8 @@ async fn handle_success_common(
     ctx.session_stats.record_tool(name);
 
     if let Some(tool_name) = name.strip_prefix("mcp_") {
+        let tool_name = tool_name.trim_start_matches('_');
+        let tool_name = tool_name.split("__").last().unwrap_or(tool_name);
         record_mcp_success_event(ctx.mcp_panel_state, tool_name, args_val);
     } else {
         render_tool_output_common(

src/agent/runloop/unified/tool_summary.rs

@@ -474,7 +474,9 @@ pub(crate) fn describe_tool_action(tool_name: &str, args: &Value) -> (String, Ha
         tool_name.starts_with("mcp::") || tool_name.starts_with("mcp_") || tool_name == "fetch";
 
     // For the actual matching, we need to use the tool name without the "mcp_" prefix
-    let actual_tool_name = if let Some(stripped) = tool_name.strip_prefix("mcp_") {
+    let actual_tool_name = if tool_name.starts_with("mcp__") {
+        tool_name.split("__").last().unwrap_or(tool_name)
+    } else if let Some(stripped) = tool_name.strip_prefix("mcp_") {
         stripped
     } else if tool_name.starts_with("mcp::") {
         // For tools in mcp::provider::name format, extract just the tool name

src/agent/runloop/unified/turn/session.rs

@@ -65,6 +65,8 @@ pub(crate) async fn handle_tool_failure(
 
     // MCP event
     if let Some(tool_name) = details.name.strip_prefix("mcp_") {
+        let tool_name = tool_name.trim_start_matches('_');
+        let tool_name = tool_name.split("__").last().unwrap_or(tool_name);
         ctx.renderer
             .line_if_not_empty(vtcode_core::utils::ansi::MessageStyle::Output)?;
         ctx.renderer.line(

vtcode-config/src/mcp.rs

@@ -19,6 +19,10 @@ pub struct McpClientConfig {
     #[serde(default)]
     pub providers: Vec<McpProviderConfig>,
 
+    /// Optional transport-identity requirements for provider admission
+    #[serde(default)]
+    pub requirements: McpRequirementsConfig,
+
     /// MCP server configuration (for vtcode to expose tools)
     #[serde(default)]
     pub server: McpServerConfig,
@@ -155,6 +159,7 @@ impl Default for McpClientConfig {
             enabled: default_mcp_enabled(),
             ui: McpUiConfig::default(),
             providers: Vec::new(),
+            requirements: McpRequirementsConfig::default(),
             server: McpServerConfig::default(),
             allowlist: McpAllowListConfig::default(),
             max_concurrent_connections: default_max_concurrent_connections(),
@@ -171,6 +176,33 @@ impl Default for McpClientConfig {
     }
 }
 
+/// Requirements used to admit MCP providers by transport identity.
+#[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
+#[derive(Debug, Clone, Deserialize, Serialize)]
+pub struct McpRequirementsConfig {
+    /// Whether requirement checks are enforced
+    #[serde(default = "default_mcp_requirements_enforce")]
+    pub enforce: bool,
+
+    /// Allowed stdio command names when enforcement is enabled
+    #[serde(default)]
+    pub allowed_stdio_commands: Vec<String>,
+
+    /// Allowed HTTP endpoints when enforcement is enabled
+    #[serde(default)]
+    pub allowed_http_endpoints: Vec<String>,
+}
+
+impl Default for McpRequirementsConfig {
+    fn default() -> Self {
+        Self {
+            enforce: default_mcp_requirements_enforce(),
+            allowed_stdio_commands: Vec::new(),
+            allowed_http_endpoints: Vec::new(),
+        }
+    }
+}
+
 /// UI configuration for MCP display
 #[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
 #[derive(Debug, Clone, Deserialize, Serialize)]
@@ -746,6 +778,10 @@ fn default_max_argument_size() -> u32 {
     1024 * 1024 // 1MB
 }
 
+fn default_mcp_requirements_enforce() -> bool {
+    false
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -764,6 +800,9 @@ mod tests {
         assert_eq!(config.request_timeout_seconds, 30);
         assert_eq!(config.retry_attempts, 3);
         assert!(config.providers.is_empty());
+        assert!(!config.requirements.enforce);
+        assert!(config.requirements.allowed_stdio_commands.is_empty());
+        assert!(config.requirements.allowed_http_endpoints.is_empty());
         assert!(!config.server.enabled);
         assert!(!config.allowlist.enforce);
         assert!(config.allowlist.default.tools.is_none());

vtcode-core/src/mcp/cli.rs

@@ -384,12 +384,14 @@ async fn run_get(get_args: GetArgs) -> Result<()> {
 
 async fn run_login(login_args: LoginArgs) -> Result<()> {
     let _ = login_args;
-    bail!("MCP OAuth login is not yet supported in VT Code.")
+    bail!(
+        "MCP OAuth login is not implemented in VT Code yet. Configure HTTP auth with --bearer-token-env-var or provider api_key_env."
+    )
 }
 
 async fn run_logout(logout_args: LogoutArgs) -> Result<()> {
     let _ = logout_args;
-    bail!("MCP OAuth logout is not yet supported in VT Code.")
+    bail!("MCP OAuth logout is not implemented in VT Code yet.")
 }
 
 fn build_stdio_transport(args: AddMcpStdioArgs) -> Result<McpTransportConfig> {