Add support for MCP scopes & tool permissions

[jsourcebot]

• We now support the ability for an admin the set the scopes of a connector which allows proper support for servers like slack or GitHub.
• Scopes can be modified by the admin which will invalidate all existing tokens
• Admin can now configure per tool permissions for a given connector
• Per connector/user tools are cached on redis with 1h TTL. This means a user engaging in a chat does not have to live refetch all the tools for all the connectors they have access to on every question they ask.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4c73b555-afab-4273-b159-42ed6937bdcb

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch staticmcp

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

@jsourcebot your pull request is missing a changelog!

[brendan-kellam]

do we want to collapse this into the existing migration file?

[brendan-kellam]

why do we need to parse the inputs here? Presumably since this is a server action, they are already well typed?

[brendan-kellam]

could there be a case where the ListToolsResult type can change? Do we need to do some schema validation here?

[brendan-kellam]

rename to McpServerOauthScope