[FEATURE] Configurable network allowlist for remote triggers

Resolved 💬 5 comments Opened Mar 31, 2026 by qavaleria Closed May 6, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Remote triggers run in a sandboxed environment that blocks outbound HTTP to external APIs (403 host_not_allowed). Only MCP connector hosts are reachable.

This prevents triggers from interacting with services that don't have a
cloud MCP connector on claude.ai. In our case — Qase (test management
platform, api.qase.io). We automate regression testing: the trigger checks
Jira for active tasks via Atlassian MCP, then needs to create a test run in
Qase via their REST API. Jira and Slack work fine through MCP connectors, but
Qase has no hosted MCP server yet.

Related: #41228 (outbound curl blocked in sandbox)

Proposed Solution

Allow users to configure trusted external hosts for their remote triggers.
For example:

   {                                                                           
     "allowed_hosts": ["api.qase.io", "api.example.com"]
   }                                                                           

Or alternatively, provide a way to store secrets (API tokens) as trigger
environment variables and open outbound access for authenticated requests.

Alternative Solutions

  1. Waiting for every SaaS to build a hosted MCP server — not realistic

short-term

  1. Self-hosting Qase MCP server on a public URL — security concern, extra

infra to maintain

  1. Running automation locally instead of in triggers — works but defeats the

purpose of scheduled agents

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

  1. I have a scheduled trigger (cron) that automates QA regression workflow
  2. It checks Jira for active regression tasks via Atlassian MCP connector — works fine
  3. Then it needs to create a test run in Qase (api.qase.io) via their REST API
  4. curl to api.qase.io returns 403 host_not_allowed
  5. With a configurable allowlist, I could add api.qase.io and the trigger would handle the full workflow end-to-end

Additional Context

Many QA/DevOps tools have open REST APIs but no MCP integration: Qase,
TestRail, Allure TestOps, etc. A configurable allowlist would make remote
triggers practical for real-world automation workflows beyond the few services
that have cloud MCP connectors today.

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗