Security hardening: token validation and service URL improvements

[corinagum]

Summary

Security hardening for token validation, service URL handling, and development tooling.

• Service URL validation: Validate inbound serviceUrl against allowed hostnames from the configured cloud environment preset. Configurable via additionalAllowedDomains for non-standard channels or sovereign clouds without presets.
• Scope validation: Use exact set membership instead of substring matching for JWT scope checks.
• MCP tool results: Fix isCallToolResult returning incorrect results for valid tool responses.
• DevTools: Prevent the DevTools plugin from starting in production environments.

Test plan

• Unit tests for domain allowlist (cloud preset FQDNs, rejected domains, attacker trafficmanager, localhost, custom domains, wildcard, cross-cloud rejection, botframework.com rejected by default)
• Unit tests for exact scope matching (substring rejected, exact match among multiple scopes)
• Unit tests for isCallToolResult (valid results, null, primitives, unknown types)
• Unit tests for DevTools production guard
• E2E validated in Teams -- real Bot Framework JWT and serviceUrl pass the allowlist with no regressions
• E2E validated DevTools blocked on NODE_ENV=production
• E2E confirmed unauthenticated DevTools WebSocket is unreachable when guard is active

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Security hardening across the auth pipeline and developer tooling by tightening validation rules and preventing unsafe defaults.

Changes:

• Added allowlist-based validation for inbound serviceUrl before it’s used in outbound calls (with customization hooks).
• Hardened JWT validation (exact scope matching; enforce tenantId when restricting issuers).
• Fixed MCP tool-result type guard and blocked DevTools from running in production; added unit tests.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
packages/dev/src/plugin.ts	Throws early to prevent DevTools plugin use in production (NODE_ENV=production).
packages/dev/src/plugin.spec.ts	Adds unit tests for the production guard behavior.
packages/apps/src/middleware/jwt-validation-middleware.ts	Updates ServiceTokenValidator instantiation for new constructor parameter.
packages/apps/src/middleware/auth/service-token-validator.ts	Introduces serviceUrl allowlist validation and exposes isAllowedServiceUrl.
packages/apps/src/middleware/auth/service-token-validator.spec.ts	Adds extensive unit coverage for service URL allowlist behavior and new constructor signature.
packages/apps/src/middleware/auth/jwt-validator.ts	Enforces tenantId when allowedTenantIds is used; switches to exact scope matching.
packages/apps/src/middleware/auth/jwt-validator.spec.ts	Adds tests for new tenant/scope validation behavior.
packages/apps/src/http/http-server.ts	Threads additionalAllowedDomains and validates serviceUrl even when auth is skipped.
packages/apps/src/app.ts	Exposes additionalAllowedDomains at the App options level.
external/mcp/src/plugin.ts	Fixes isCallToolResult guard to correctly accept valid results.
external/mcp/src/plugin.spec.ts	Adds unit tests for isCallToolResult guard.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.