volcengine · cuericlee · May 20, 2026 · May 19, 2026
diff --git a/server/mcp_server_computer_use/README.md b/server/mcp_server_computer_use/README.md
@@ -78,14 +78,18 @@ The following environment variables are available for configuring the MCP server
 | Environment Variable | Description | Default Value |
 |----------|------|--------|
 | `MCP_SERVER_PORT` | MCP server listening port | `8000` |
-| `TOOL_SERVER_ENDPOINT` | Tool server endpoint | - |
+| `TOOL_SERVER_ENDPOINT` | Tool server endpoint. Use `https://...` when HTTPS is enabled. | - |
+| `AUTH_API_KEY` | API key sent to tool server via the `X-API-Key` header. Must match `auth_key` configured on the tool server. Leave empty to disable authentication. | `""` |
+| `TOOL_SERVER_ENABLE_HTTPS` | Set to `true` when the tool server is served over HTTPS so that the SDK validates the TLS server certificate. | `false` |
+| `TOOL_SERVER_CLIENT_CA` | Absolute path to the CA certificate that signed the tool server's server certificate. Required when `TOOL_SERVER_ENABLE_HTTPS=true`. | `""` |
 
 For example, set these environment variables before starting the server:
 
 ```bash
 # Set fastmcp port and [tool server]() endpoint here
 export MCP_SERVER_PORT=8000
 export TOOL_SERVER_ENDPOINT={endpoint}
+export AUTH_API_KEY={your-secret-api-key}        # optional
 cd mcp_server_computer_use
 uv run mcp-server-computer-use
 ```
@@ -103,14 +107,35 @@ uv run mcp-server-computer-use
           ],
             "env": {
                 "MCP_SERVER_PORT": 8000,
-                "TOOL_SERVER_ENDPOINT": "{endpoint}"
+                "TOOL_SERVER_ENDPOINT": "{endpoint}",
+                "AUTH_API_KEY": "{your-secret-api-key}"
             }
         }
     }
 }
 
 ```
 
+### Authentication & HTTPS
+
+By default the MCP server talks to the tool server over plain HTTP without authentication, which is fine for local development. For any deployment that exposes the tool server outside a fully trusted network, you should turn on at least the API-key authentication, and ideally HTTPS as well, so that the `X-API-Key` header is not transmitted in plain text.
+
+1. **API-key authentication (recommended baseline)**
+
+   Configure the **same** secret value on both sides:
+
+   - On the **tool server**, set `auth_key` in its `config.toml`.
+   - On the **MCP server**, set `AUTH_API_KEY` via the environment variable above.
+
+   When `auth_key` is set on the tool server, requests without a matching `X-API-Key` header will be rejected with `401 Permission denied`.
+
+2. **HTTPS (recommended for any non-trusted network)**
+
+   - On the **tool server**, enable HTTPS (`plugins.enable_https = true`) with `ssl.server_cert` and `ssl.server_key`.
+   - On the **MCP server**, set `TOOL_SERVER_ENABLE_HTTPS=true` and `TOOL_SERVER_CLIENT_CA=/abs/path/ca.crt` (the CA that signed the tool server certificate). Make sure `TOOL_SERVER_ENDPOINT` uses `https://`.
+
+   Both ends must agree on whether HTTPS is enabled, otherwise the TLS handshake will fail.
+
 
 # License
-volcengine/mcp-server is licensed under the [MIT License](https://github.com/volcengine/mcp-server/blob/main/LICENSE).
+volcengine/mcp-server is licensed under the [MIT License](https://github.com/volcengine/mcp-server/blob/main/LICENSE).
diff --git a/server/mcp_server_computer_use/README_zh.md b/server/mcp_server_computer_use/README_zh.md
@@ -87,13 +87,17 @@ uv run mcp-server-computer-use -t sse
 | 环境变量 | 描述 | 默认值 |
 |----------|------|--------|
 | `MCP_SERVER_PORT` | MCP Server 端口 | `8000` |
-| `TOOL_SERVER_ENDPOINT` | Tool server 端口 | - |
+| `TOOL_SERVER_ENDPOINT` | Tool server 地址。启用 HTTPS 时填 `https://...` | - |
+| `AUTH_API_KEY` | 调用 Tool Server 时随 `X-API-Key` 请求头携带的鉴权 Key，需与 Tool Server `config.toml` 的 `auth_key` 一致；为空则不鉴权 | `""` |
+| `TOOL_SERVER_ENABLE_HTTPS` | Tool Server 启用 HTTPS 时设为 `true`，SDK 将校验 TLS 服务端证书 | `false` |
+| `TOOL_SERVER_CLIENT_CA` | 签发 Tool Server 服务端证书的 CA 证书绝对路径，`TOOL_SERVER_ENABLE_HTTPS=true` 时必填 | `""` |
 
 例如，在启动服务器前设置这些环境变量:
 
 ```bash
 export MCP_SERVER_PORT=8000
 export TOOL_SERVER_ENDPOINT={endpoint}
+export AUTH_API_KEY={your-secret-api-key}        # 可选
 cd mcp_server_computer_use
 uv run mcp-server-computer-use
 ```
@@ -111,14 +115,23 @@ uv run mcp-server-computer-use
           ],
             "env": {
                 "MCP_SERVER_PORT": 8000,
-                "TOOL_SERVER_ENDPOINT": "{endpoint}"
+                "TOOL_SERVER_ENDPOINT": "{endpoint}",
+                "AUTH_API_KEY": "{your-secret-api-key}"
             }
         }
     }
 }
 
 ```
 
+### 鉴权与 HTTPS
+
+默认情况下 MCP Server 与 Tool Server 之间走 HTTP 明文通信、且不做鉴权，只适合本地调试。一旦 Tool Server 暴露在受信任网络之外，建议至少启用 API Key 鉴权，最好同时启用 HTTPS，避免 `X-API-Key` 明文传输。
+
+1. **API Key 鉴权（最低安全基线）**：在 Tool Server `config.toml` 中配置 `auth_key`，并在本 MCP Server 的环境变量 `AUTH_API_KEY` 中填入相同值。Tool Server 配置了 `auth_key` 后，未携带匹配 `X-API-Key` 的请求会返回 `401 Permission denied`。
+
+2. **HTTPS（公网/跨机房推荐）**：在 Tool Server 启用 HTTPS（`plugins.enable_https = true`，`ssl.server_cert/server_key` 指向证书文件）；本 MCP Server 设置 `TOOL_SERVER_ENABLE_HTTPS=true` 和 `TOOL_SERVER_CLIENT_CA=/abs/path/ca.crt`，并把 `TOOL_SERVER_ENDPOINT` 协议改为 `https://`。两端 HTTPS 状态必须一致，否则 TLS 握手失败。
+
 
 # 证书
-volcengine/mcp-server is licensed under the [MIT License](https://github.com/volcengine/mcp-server/blob/main/LICENSE).
+volcengine/mcp-server is licensed under the [MIT License](https://github.com/volcengine/mcp-server/blob/main/LICENSE).
diff --git a/server/mcp_server_computer_use/pyproject.toml b/server/mcp_server_computer_use/pyproject.toml
@@ -10,12 +10,12 @@ dependencies = [
     "concurrent-log-handler==0.9.25",
     "dynaconf==3.2.10",
     "jsonref==1.1.0",
-    "tool_server_client==1.0.0rc7",
+    "tool_server_client==1.0.0rc19",
 ]
 
 [project.scripts]
 mcp-server-computer-use = "mcp_server_computer_use.main:main"
 
 [build-system]
 requires = ["hatchling"]
-build-backend = "hatchling.build"
+build-backend = "hatchling.build"
diff --git a/server/mcp_server_computer_use/src/mcp_server_computer_use/common/client.py b/server/mcp_server_computer_use/src/mcp_server_computer_use/common/client.py
@@ -1,28 +1,57 @@
 import os
+from typing import Optional
 
 from tool_server_client.client import ComputerUseClient, new_computer_use_client
 
 from mcp_server_computer_use.common.logs import LOG
-from mcp_server_computer_use.common.config import tool_server_config
+from mcp_server_computer_use.common.config import (
+    tool_server_config,
+    plugins_config,
+    ssl_config,
+)
 
 _local_client = None
 
 
+def _resolve_auth_key() -> str:
+    return os.environ.get("AUTH_API_KEY") or tool_server_config.get("auth_key", "")
+
+
+def _resolve_client_ca() -> Optional[str]:
+    enable_https_env = os.environ.get("TOOL_SERVER_ENABLE_HTTPS")
+    if enable_https_env is not None:
+        enable_https = enable_https_env.strip().lower() in ("1", "true", "yes", "on")
+    else:
+        enable_https = bool(plugins_config.get("enable_https", False))
+
+    if not enable_https:
+        return None
+
+    return os.environ.get("TOOL_SERVER_CLIENT_CA") or ssl_config.get("client_ca") or None
+
+
 def tool_server_client(endpoint: str = None) -> ComputerUseClient:
     global _local_client
 
+    auth_key = _resolve_auth_key()
+    client_ca = _resolve_client_ca()
+
     try:
         if tool_server_config["local"]:
             if _local_client is None:
                 endpoint = endpoint or os.environ.get(
                     "TOOL_SERVER_ENDPOINT") or tool_server_config["endpoint"]
-                _local_client = new_computer_use_client(endpoint)
+                _local_client = new_computer_use_client(
+                    endpoint, auth_key=auth_key, client_ca=client_ca
+                )
 
             return _local_client
         else:
             LOG.info(f"Get client, endpoint: {endpoint}")
-            return new_computer_use_client(endpoint)
+            return new_computer_use_client(
+                endpoint, auth_key=auth_key, client_ca=client_ca
+            )
 
     except Exception as e:
         LOG.error(f"Get client failed: {str(e)}")
-        raise e
+        raise e
diff --git a/server/mcp_server_computer_use/src/mcp_server_computer_use/common/config.py b/server/mcp_server_computer_use/src/mcp_server_computer_use/common/config.py
@@ -8,4 +8,22 @@
 tool_server_config = {
     "local": True,
     "endpoint": "",
+    # Optional shared secret. When tool_server is configured with a non-empty
+    # `auth_key`, clients must send the same value via the `X-API-Key` header.
+    # Can be overridden by the AUTH_API_KEY environment variable.
+    "auth_key": "",
 }
+
+# Optional HTTPS settings. When tool_server is served over HTTPS, set
+# `enable_https` to True and provide `client_ca` (the CA certificate path that
+# signs tool_server's server certificate) so the SDK can validate the TLS
+# server certificate. Both can be overridden by environment variables:
+#   - TOOL_SERVER_ENABLE_HTTPS = "true" / "false"
+#   - TOOL_SERVER_CLIENT_CA    = "/absolute/path/to/ca.crt"
+plugins_config = {
+    "enable_https": False,
+}
+
+ssl_config = {
+    "client_ca": "",
+}