From 62959b142d81605b18b24940cec6475086f9a459 Mon Sep 17 00:00:00 2001
From: Arnold Wang <arnold@retool.com>
Date: Fri, 12 Jun 2026 16:43:05 -0700
Subject: [PATCH] Add MCP agent sandbox JWT key config

---
 charts/retool/Chart.yaml                               |  2 +-
 .../ci/test-mcp-agent-sandbox-secret-option.yaml       |  6 ++++++
 charts/retool/ci/test-mcp-enabled-option.yaml          |  1 +
 charts/retool/templates/deployment_mcp.yaml            | 10 ++++++++++
 charts/retool/values.yaml                              |  9 +++++++++
 values.yaml                                            |  9 +++++++++
 6 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 charts/retool/ci/test-mcp-agent-sandbox-secret-option.yaml

diff --git a/charts/retool/Chart.yaml b/charts/retool/Chart.yaml
index 0ebe5b1..b14c54f 100644
--- a/charts/retool/Chart.yaml
+++ b/charts/retool/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: retool
 description: A Helm chart for Kubernetes
 type: application
-version: 6.11.1
+version: 6.11.2
 maintainers:
   - name: Retool Engineering
     email: engineering+helm@retool.com
diff --git a/charts/retool/ci/test-mcp-agent-sandbox-secret-option.yaml b/charts/retool/ci/test-mcp-agent-sandbox-secret-option.yaml
new file mode 100644
index 0000000..ca28d3d
--- /dev/null
+++ b/charts/retool/ci/test-mcp-agent-sandbox-secret-option.yaml
@@ -0,0 +1,6 @@
+mcp:
+  enabled: true
+  config:
+    oauthIntrospectionAuthToken: test-oauth-introspection-token
+    agentSandboxJwtPrivateKeySecretName: agent-sandbox-jwt
+    agentSandboxJwtPrivateKeySecretKey: private-key
diff --git a/charts/retool/ci/test-mcp-enabled-option.yaml b/charts/retool/ci/test-mcp-enabled-option.yaml
index 95a3d38..3305375 100644
--- a/charts/retool/ci/test-mcp-enabled-option.yaml
+++ b/charts/retool/ci/test-mcp-enabled-option.yaml
@@ -4,6 +4,7 @@ mcp:
   config:
     oauthMainDomain: https://oauth.example.com
     oauthIntrospectionAuthToken: test-oauth-introspection-token
+    agentSandboxJwtPrivateKey: test-agent-sandbox-jwt-private-key
     enabledToolsets:
       - apps
       - resources
diff --git a/charts/retool/templates/deployment_mcp.yaml b/charts/retool/templates/deployment_mcp.yaml
index 9930cc5..d461c8d 100644
--- a/charts/retool/templates/deployment_mcp.yaml
+++ b/charts/retool/templates/deployment_mcp.yaml
@@ -146,6 +146,16 @@ spec:
           - name: OAUTH_INTROSPECTION_AUTH_TOKEN
             value: {{ $mcpConfig.oauthIntrospectionAuthToken | quote }}
           {{- end }}
+          {{- if $mcpConfig.agentSandboxJwtPrivateKeySecretName }}
+          - name: AGENT_SANDBOX_JWT_PRIVATE_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ $mcpConfig.agentSandboxJwtPrivateKeySecretName }}
+                key: {{ $mcpConfig.agentSandboxJwtPrivateKeySecretKey | default "jwt-private-key" }}
+          {{- else if $mcpConfig.agentSandboxJwtPrivateKey }}
+          - name: AGENT_SANDBOX_JWT_PRIVATE_KEY
+            value: {{ $mcpConfig.agentSandboxJwtPrivateKey | quote }}
+          {{- end }}
           {{- if $mcpConfig.nodeOptions }}
           - name: NODE_OPTIONS
             value: {{ $mcpConfig.nodeOptions | quote }}
diff --git a/charts/retool/values.yaml b/charts/retool/values.yaml
index e85b3c9..f1efd1e 100644
--- a/charts/retool/values.yaml
+++ b/charts/retool/values.yaml
@@ -624,6 +624,15 @@ mcp:
   #   # is provided directly in mcp.environmentVariables.
   #   oauthIntrospectionAuthToken:
   #
+  #   # Secret-backed private key used by MCP to sign agent sandbox requests.
+  #   # Usually points at the same key as rr.agentSandbox.externalSecret.name.
+  #   agentSandboxJwtPrivateKeySecretName:
+  #   agentSandboxJwtPrivateKeySecretKey: jwt-private-key
+  #
+  #   # Literal private key override for development/testing only. Prefer the
+  #   # secret-backed setting above for real deployments.
+  #   agentSandboxJwtPrivateKey:
+  #
   #   # Optional Node.js options for the MCP server process. Unset by default.
   #   nodeOptions: --max_old_space_size=1024
   #
diff --git a/values.yaml b/values.yaml
index e85b3c9..f1efd1e 100644
--- a/values.yaml
+++ b/values.yaml
@@ -624,6 +624,15 @@ mcp:
   #   # is provided directly in mcp.environmentVariables.
   #   oauthIntrospectionAuthToken:
   #
+  #   # Secret-backed private key used by MCP to sign agent sandbox requests.
+  #   # Usually points at the same key as rr.agentSandbox.externalSecret.name.
+  #   agentSandboxJwtPrivateKeySecretName:
+  #   agentSandboxJwtPrivateKeySecretKey: jwt-private-key
+  #
+  #   # Literal private key override for development/testing only. Prefer the
+  #   # secret-backed setting above for real deployments.
+  #   agentSandboxJwtPrivateKey:
+  #
   #   # Optional Node.js options for the MCP server process. Unset by default.
   #   nodeOptions: --max_old_space_size=1024
   #