@bryan-thompson/inspector-assessment-server 1.43.1 → 1.43.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/index.js +33 -1
- package/package.json +1 -1
package/build/index.js
CHANGED
|
@@ -25,8 +25,40 @@ const AssessmentSaveSchema = z.object({
|
|
|
25
25
|
serverName: z.string().min(1).max(255).optional().default("unknown"),
|
|
26
26
|
assessment: z.object({}).passthrough(), // Must be object, allow any properties
|
|
27
27
|
});
|
|
28
|
+
/**
|
|
29
|
+
* Returns minimal environment variables for spawned MCP servers.
|
|
30
|
+
* Using a curated set prevents unintended behavior from inherited env vars
|
|
31
|
+
* (e.g., leaking API keys or triggering unexpected native module loading).
|
|
32
|
+
*
|
|
33
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/211
|
|
34
|
+
*/
|
|
35
|
+
function getMinimalEnv() {
|
|
36
|
+
const minimal = {};
|
|
37
|
+
// Essential system paths
|
|
38
|
+
if (process.env.PATH)
|
|
39
|
+
minimal.PATH = process.env.PATH;
|
|
40
|
+
if (process.env.HOME)
|
|
41
|
+
minimal.HOME = process.env.HOME;
|
|
42
|
+
if (process.env.TMPDIR)
|
|
43
|
+
minimal.TMPDIR = process.env.TMPDIR;
|
|
44
|
+
if (process.env.TMP)
|
|
45
|
+
minimal.TMP = process.env.TMP;
|
|
46
|
+
if (process.env.TEMP)
|
|
47
|
+
minimal.TEMP = process.env.TEMP;
|
|
48
|
+
// Node.js environment
|
|
49
|
+
minimal.NODE_ENV = process.env.NODE_ENV || "production";
|
|
50
|
+
// Platform-specific essentials
|
|
51
|
+
if (process.env.USER)
|
|
52
|
+
minimal.USER = process.env.USER;
|
|
53
|
+
if (process.env.SHELL)
|
|
54
|
+
minimal.SHELL = process.env.SHELL;
|
|
55
|
+
if (process.env.LANG)
|
|
56
|
+
minimal.LANG = process.env.LANG;
|
|
57
|
+
return minimal;
|
|
58
|
+
}
|
|
28
59
|
const defaultEnvironment = {
|
|
29
60
|
...getDefaultEnvironment(),
|
|
61
|
+
...getMinimalEnv(),
|
|
30
62
|
...(process.env.MCP_ENV_VARS ? JSON.parse(process.env.MCP_ENV_VARS) : {}),
|
|
31
63
|
};
|
|
32
64
|
const { values } = parseArgs({
|
|
@@ -219,7 +251,7 @@ const createTransport = async (req) => {
|
|
|
219
251
|
const command = query.command.trim();
|
|
220
252
|
const origArgs = shellParseArgs(query.args);
|
|
221
253
|
const queryEnv = query.env ? JSON.parse(query.env) : {};
|
|
222
|
-
const env = { ...defaultEnvironment, ...
|
|
254
|
+
const env = { ...defaultEnvironment, ...queryEnv };
|
|
223
255
|
const { cmd, args } = findActualExecutable(command, origArgs);
|
|
224
256
|
console.log(`STDIO transport: command=${cmd}, args=${args}`);
|
|
225
257
|
const transport = new StdioClientTransport({
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bryan-thompson/inspector-assessment-server",
|
|
3
|
-
"version": "1.43.
|
|
3
|
+
"version": "1.43.3",
|
|
4
4
|
"description": "Server-side application for the Enhanced MCP Inspector with assessment capabilities",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Bryan Thompson <bryan@triepod.ai>",
|