The test was trying to spawn a process which requires a Tokio runtime.
Changed the test to only verify validation logic by checking that safe
environment variables don't trigger 'Dangerous environment variable' errors.
Uses /usr/bin/nonexistent as command so spawn will fail (command not found)
but validation will pass for safe env vars like DEBUG, API_KEY, PATH, etc.
All 243 tests now passing.
Add defense-in-depth security validation for stdio transport to reject
environment variables that could be used for privilege escalation attacks.
Blocks the following dangerous variables (case-insensitive):
- LD_PRELOAD (Linux)
- LD_LIBRARY_PATH (Linux)
- DYLD_INSERT_LIBRARIES (macOS)
- DYLD_LIBRARY_PATH (macOS)
- DYLD_FRAMEWORK_PATH (macOS)
- DYLD_FALLBACK_LIBRARY_PATH (macOS)
These variables can inject malicious libraries into spawned processes and
should never be user-configurable for MCP servers.
Add comprehensive tests:
- test_rejects_relative_path: Verify existing path validation
- test_rejects_dangerous_env_vars: Test all blocked variables
- test_rejects_dangerous_env_vars_case_insensitive: Verify lowercase variants blocked
- test_allows_safe_env_vars: Verify legitimate vars (DEBUG, PATH, API_KEY) allowed
All tests passing.
Add clearer placeholder and helper text to explain that encrypted environment
variables are never displayed for security reasons. When editing an existing
server, the encrypted_env field shows a placeholder explaining that leaving it
blank will preserve existing values.
Also apply cargo fmt formatting fixes to store.rs.
- Parse plaintext env from transport_config.env (stdio)
- Decrypt encrypted env from env_config column (stdio)
- Merge env vars with encrypted taking precedence
- Parse custom headers from transport_config.headers (HTTP)
- Update connect_stdio() to accept HashMap<String, String> for env
- Update connect_http() to accept HashMap<String, String> for headers
- Apply env vars to tokio::process::Command in stdio transport
- Log warning for HTTP custom headers (rmcp v1.7.0 limitation)
All 19 MCP tests passing.
- Add env_config field to McpServer, CreateMcpServerRequest, UpdateMcpServerRequest
- Encrypt env_config using encrypt_token() on create/update
- Decrypt env_config in get_server_env_config() helper function
- Handle clearing env_config with empty string
- Add comprehensive tests:
- test_env_config_encrypted_at_rest()
- test_update_env_config()
- test_clear_env_config_with_empty_string()
- test_env_config_none_preserves_existing()
All tests passing. Follows same encryption pattern as auth_value.
- call_tool: 30s hard timeout via tokio::time::timeout
- discover_server: 60s hard timeout wrapping full connect+discover sequence
- delete_mcp_server: write_audit_event before cascade delete, capturing
server name, tool count, and resource count
- initiate_mcp_oauth: append cryptographically random state nonce for CSRF
- pr-review.yml: rewrite prompt to require line-quoted evidence for every
finding and eliminate hallucinated false positives
