@evantahler/mcpx 0.18.5 → 0.18.7

package/.claude/skills/mcpx.md

@@ -199,20 +199,20 @@ mcpx deauth <server>           # remove stored auth
 
 ## `add` options
 
-| Flag                       | Purpose                                |
-| -------------------------- | -------------------------------------- |
-| `--command <cmd>`          | Command to run (stdio server)          |
-| `--args <a1,a2,...>`       | Comma-separated arguments              |
-| `--env <KEY=VAL,...>`      | Comma-separated environment variables  |
-| `--cwd <dir>`              | Working directory for the command      |
-| `--url <url>`              | Server URL (HTTP server)               |
-| `--header <Key:Value>`     | HTTP header (repeatable)               |
-| `--transport <type>`       | Transport: `sse` or `streamable-http`  |
-| `--allowed-tools <t1,t2>`  | Comma-separated allowed tool patterns  |
-| `--disabled-tools <t1,t2>` | Comma-separated disabled tool patterns |
-| `-f, --force`              | Overwrite if server already exists     |
-| `--no-auth`                | Skip automatic OAuth after adding      |
-| `--no-index`               | Skip rebuilding the search index       |
+| Flag                     | Purpose                                                                                                     |
+| ------------------------ | ----------------------------------------------------------------------------------------------------------- |
+| `--command <cmd>`        | Command to run (stdio server)                                                                               |
+| `--args <arg>`           | Argument for the command. Repeatable, or comma-separated. Tokens after `--` are also appended (stdio only). |
+| `--env <KEY=VAL>`        | Environment variable. Repeatable, or comma-separated.                                                       |
+| `--cwd <dir>`            | Working directory for the command                                                                           |
+| `--url <url>`            | Server URL (HTTP server)                                                                                    |
+| `--header <Key:Value>`   | HTTP header. Repeatable.                                                                                    |
+| `--transport <type>`     | Transport: `sse` or `streamable-http`                                                                       |
+| `--allowed-tools <pat>`  | Allowed tool pattern. Repeatable, or comma-separated.                                                       |
+| `--disabled-tools <pat>` | Disabled tool pattern. Repeatable, or comma-separated.                                                      |
+| `-f, --force`            | Overwrite if server already exists                                                                          |
+| `--no-auth`              | Skip automatic OAuth after adding                                                                           |
+| `--no-index`             | Skip rebuilding the search index                                                                            |
 
 ## `remove` options
 

package/.cursor/rules/mcpx.mdc

@@ -193,20 +193,20 @@ mcpx deauth <server>           # remove stored auth
 
 ## `add` options
 
-| Flag                       | Purpose                                |
-| -------------------------- | -------------------------------------- |
-| `--command <cmd>`          | Command to run (stdio server)          |
-| `--args <a1,a2,...>`       | Comma-separated arguments              |
-| `--env <KEY=VAL,...>`      | Comma-separated environment variables  |
-| `--cwd <dir>`              | Working directory for the command      |
-| `--url <url>`              | Server URL (HTTP server)               |
-| `--header <Key:Value>`     | HTTP header (repeatable)               |
-| `--transport <type>`       | Transport: `sse` or `streamable-http`  |
-| `--allowed-tools <t1,t2>`  | Comma-separated allowed tool patterns  |
-| `--disabled-tools <t1,t2>` | Comma-separated disabled tool patterns |
-| `-f, --force`              | Overwrite if server already exists     |
-| `--no-auth`                | Skip automatic OAuth after adding      |
-| `--no-index`               | Skip rebuilding the search index       |
+| Flag                     | Purpose                                                                                                     |
+| ------------------------ | ----------------------------------------------------------------------------------------------------------- |
+| `--command <cmd>`        | Command to run (stdio server)                                                                               |
+| `--args <arg>`           | Argument for the command. Repeatable, or comma-separated. Tokens after `--` are also appended (stdio only). |
+| `--env <KEY=VAL>`        | Environment variable. Repeatable, or comma-separated.                                                       |
+| `--cwd <dir>`            | Working directory for the command                                                                           |
+| `--url <url>`            | Server URL (HTTP server)                                                                                    |
+| `--header <Key:Value>`   | HTTP header. Repeatable.                                                                                    |
+| `--transport <type>`     | Transport: `sse` or `streamable-http`                                                                       |
+| `--allowed-tools <pat>`  | Allowed tool pattern. Repeatable, or comma-separated.                                                       |
+| `--disabled-tools <pat>` | Disabled tool pattern. Repeatable, or comma-separated.                                                      |
+| `-f, --force`            | Overwrite if server already exists                                                                          |
+| `--no-auth`              | Skip automatic OAuth after adding                                                                           |
+| `--no-index`             | Skip rebuilding the search index                                                                            |
 
 ## `remove` options
 

package/README.md

@@ -138,20 +138,24 @@ Server log messages (`notifications/message`) are displayed on stderr with level
 Add and remove servers from the CLI — no manual JSON editing required.
 
 ```bash
-# Add a stdio server
+# Add a stdio server (anything after `--` is passed to the command verbatim)
+mcpx add filesystem --command npx -- -y @modelcontextprotocol/server-filesystem /tmp
+
+# Equivalent forms: repeatable --args, or a single comma-separated --args
+mcpx add filesystem --command npx --args -y --args @modelcontextprotocol/server-filesystem --args /tmp
 mcpx add filesystem --command npx --args "-y,@modelcontextprotocol/server-filesystem,/tmp"
 
 # Add an HTTP server with headers
 mcpx add my-api --url https://api.example.com/mcp --header "Authorization:Bearer tok123"
 
-# Add with tool filtering
-mcpx add github --url https://mcp.github.com --allowed-tools "search_*,get_*"
+# Add with tool filtering (repeatable, or comma-separated)
+mcpx add github --url https://mcp.github.com --allowed-tools "search_*" --allowed-tools "get_*"
 
 # Add a legacy SSE server (explicit transport)
 mcpx add legacy-api --url https://api.example.com/sse --transport sse
 
-# Add with environment variables
-mcpx add my-server --command node --args "server.js" --env "API_KEY=sk-123,DEBUG=true"
+# Add with environment variables (repeatable, or comma-separated)
+mcpx add my-server --command node --args server.js --env API_KEY=sk-123 --env DEBUG=true
 
 # Overwrite an existing server
 mcpx add filesystem --command echo --force
@@ -168,20 +172,20 @@ mcpx remove my-api --dry-run
 
 **`add` options:**
 
-| Flag                       | Purpose                                |
-| -------------------------- | -------------------------------------- |
-| `--command <cmd>`          | Command to run (stdio server)          |
-| `--args <a1,a2,...>`       | Comma-separated arguments              |
-| `--env <KEY=VAL,...>`      | Comma-separated environment variables  |
-| `--cwd <dir>`              | Working directory for the command      |
-| `--url <url>`              | Server URL (HTTP server)               |
-| `--header <Key:Value>`     | HTTP header (repeatable)               |
-| `--transport <type>`       | Transport: `sse` or `streamable-http`  |
-| `--allowed-tools <t1,t2>`  | Comma-separated allowed tool patterns  |
-| `--disabled-tools <t1,t2>` | Comma-separated disabled tool patterns |
-| `-f, --force`              | Overwrite if server already exists     |
-| `--no-auth`                | Skip automatic OAuth after adding      |
-| `--no-index`               | Skip rebuilding the search index       |
+| Flag                       | Purpose                                                                |
+| -------------------------- | ---------------------------------------------------------------------- |
+| `--command <cmd>`          | Command to run (stdio server)                                          |
+| `--args <arg>`             | Argument for the command. Repeatable, or comma-separated. Tokens after `--` are also appended (stdio only). |
+| `--env <KEY=VAL>`          | Environment variable. Repeatable, or comma-separated.                  |
+| `--cwd <dir>`              | Working directory for the command                                      |
+| `--url <url>`              | Server URL (HTTP server)                                               |
+| `--header <Key:Value>`     | HTTP header. Repeatable.                                               |
+| `--transport <type>`       | Transport: `sse` or `streamable-http`                                  |
+| `--allowed-tools <pat>`    | Allowed tool pattern. Repeatable, or comma-separated.                  |
+| `--disabled-tools <pat>`   | Disabled tool pattern. Repeatable, or comma-separated.                 |
+| `-f, --force`              | Overwrite if server already exists                                     |
+| `--no-auth`                | Skip automatic OAuth after adding                                      |
+| `--no-index`               | Skip rebuilding the search index                                       |
 
 **`remove` options:**
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@evantahler/mcpx",
-	"version": "0.18.5",
+	"version": "0.18.7",
 	"description": "A command-line interface for MCP servers. curl for MCP.",
 	"type": "module",
 	"exports": {

package/src/client/browser.ts

@@ -1,20 +1,41 @@
-import { exec } from "node:child_process";
+import { execFile } from "node:child_process";
 
 /**
  * Open a URL in the default browser (macOS/Windows/Linux).
  * Falls back to printing the URL to stderr if no browser is available
  * (e.g., headless servers, Docker containers).
+ *
+ * Uses execFile (not exec) to avoid shell injection via malicious URLs.
  */
 export function openBrowser(url: string): Promise<void> {
-	const cmd =
-		process.platform === "darwin"
-			? `open "${url}"`
-			: process.platform === "win32"
-				? `start "${url}"`
-				: `xdg-open "${url}"`;
+	// Validate URL scheme to prevent non-HTTP protocols
+	try {
+		const parsed = new URL(url);
+		if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+			process.stderr.write(`Refusing to open non-HTTP URL: ${url}\n`);
+			return Promise.resolve();
+		}
+	} catch {
+		process.stderr.write(`Invalid URL: ${url}\n`);
+		return Promise.resolve();
+	}
+
+	let cmd: string;
+	let args: string[];
+
+	if (process.platform === "darwin") {
+		cmd = "open";
+		args = [url];
+	} else if (process.platform === "win32") {
+		cmd = "cmd";
+		args = ["/c", "start", "", url];
+	} else {
+		cmd = "xdg-open";
+		args = [url];
+	}
 
 	return new Promise((resolve) => {
-		exec(cmd, (err) => {
+		execFile(cmd, args, (err) => {
 			if (err) {
 				process.stderr.write(`Could not open browser. Please visit:\n  ${url}\n`);
 			}

package/src/client/debug-fetch.ts

@@ -68,11 +68,22 @@ function logBody(body: string, fmt: (s: string) => string) {
 	}
 }
 
+const SENSITIVE_HEADERS = new Set([
+	"authorization",
+	"cookie",
+	"set-cookie",
+	"proxy-authorization",
+	"x-api-key",
+	"api-key",
+	"x-auth-token",
+	"x-token",
+	"token",
+]);
+
 export function maskSensitive(key: string, value: string): string {
-	const lower = key.toLowerCase();
-	if (lower === "authorization" || lower === "cookie" || lower === "set-cookie") {
-		if (value.length <= 12) return value;
-		return `${value.slice(0, 12)}...`;
+	if (SENSITIVE_HEADERS.has(key.toLowerCase())) {
+		if (value.length <= 6) return "***";
+		return `${value.slice(0, 4)}...`;
 	}
 	return value;
 }

package/src/commands/add.ts

@@ -6,33 +6,34 @@ import { runIndex } from "./index.ts";
 
 export function registerAddCommand(program: Command) {
 	program
-		.command("add <name>")
+		.command("add <name> [passthroughArgs...]")
 		.description("add an MCP server to your config")
 		.option("--command <cmd>", "command to run (stdio server)")
-		.option("--args <args>", "comma-separated arguments for the command")
-		.option("--env <vars>", "comma-separated KEY=VAL environment variables")
+		.option("--args <arg>", "argument for the command (repeatable, comma-separated, or pass after --)", collect, [])
+		.option("--env <KEY=VAL>", "environment variable (repeatable or comma-separated)", collect, [])
 		.option("--cwd <dir>", "working directory for the command")
 		.option("--url <url>", "server URL (HTTP server)")
 		.option("--header <h>", "header in Key:Value format (repeatable)", collect, [])
 		.option("--transport <type>", 'transport for HTTP servers: "sse" or "streamable-http"')
-		.option("--allowed-tools <tools>", "comma-separated list of allowed tools")
-		.option("--disabled-tools <tools>", "comma-separated list of disabled tools")
+		.option("--allowed-tools <pattern>", "allowed tool pattern (repeatable or comma-separated)", collect, [])
+		.option("--disabled-tools <pattern>", "disabled tool pattern (repeatable or comma-separated)", collect, [])
 		.option("-f, --force", "overwrite if server already exists")
 		.option("--no-auth", "skip automatic OAuth authentication after adding an HTTP server")
 		.option("--no-index", "skip rebuilding the search index after adding")
 		.action(
 			async (
 				name: string,
+				passthroughArgs: string[],
 				options: {
 					command?: string;
-					args?: string;
-					env?: string;
+					args: string[];
+					env: string[];
 					cwd?: string;
 					url?: string;
-					header?: string[];
+					header: string[];
 					transport?: string;
-					allowedTools?: string;
-					disabledTools?: string;
+					allowedTools: string[];
+					disabledTools: string[];
 					force?: boolean;
 					auth?: boolean;
 					index?: boolean;
@@ -49,6 +50,10 @@ export function registerAddCommand(program: Command) {
 					console.error("Cannot specify both --command and --url");
 					process.exit(1);
 				}
+				if (!hasCommand && passthroughArgs.length > 0) {
+					console.error("Positional arguments after -- only apply to stdio servers (--command)");
+					process.exit(1);
+				}
 
 				const configFlag = program.opts().config;
 				const { configDir, servers } = await loadRawServers(configFlag);
@@ -61,7 +66,7 @@ export function registerAddCommand(program: Command) {
 				let config: ServerConfig;
 
 				if (hasCommand) {
-					config = buildStdioConfig(options);
+					config = buildStdioConfig(options, passthroughArgs);
 				} else {
 					config = buildHttpConfig(options);
 				}
@@ -74,12 +79,13 @@ export function registerAddCommand(program: Command) {
 					(config as { transport: string }).transport = options.transport;
 				}
 
-				// Common options
-				if (options.allowedTools) {
-					config.allowedTools = options.allowedTools.split(",").map((t) => t.trim());
+				const allowedTools = splitCommaList(options.allowedTools);
+				if (allowedTools.length > 0) {
+					config.allowedTools = allowedTools;
 				}
-				if (options.disabledTools) {
-					config.disabledTools = options.disabledTools.split(",").map((t) => t.trim());
+				const disabledTools = splitCommaList(options.disabledTools);
+				if (disabledTools.length > 0) {
+					config.disabledTools = disabledTools;
 				}
 
 				// For HTTP servers, resolve the canonical resource URL before saving.
@@ -127,16 +133,26 @@ function collect(value: string, previous: string[]): string[] {
 	return previous.concat([value]);
 }
 
-function buildStdioConfig(options: { command?: string; args?: string; env?: string; cwd?: string }): ServerConfig {
+// Flatten a list of repeated CLI values, splitting each on commas and trimming.
+// Supports both `--flag a --flag b` and `--flag "a,b"` forms.
+function splitCommaList(values: string[]): string[] {
+	return values.flatMap((v) => v.split(",").map((s) => s.trim())).filter((s) => s.length > 0);
+}
+
+function buildStdioConfig(
+	options: { command?: string; args: string[]; env: string[]; cwd?: string },
+	passthroughArgs: string[],
+): ServerConfig {
 	const config: Record<string, unknown> = { command: options.command! };
 
-	if (options.args) {
-		config.args = options.args.split(",").map((a) => a.trim());
+	const args = [...splitCommaList(options.args), ...passthroughArgs];
+	if (args.length > 0) {
+		config.args = args;
 	}
 
-	if (options.env) {
+	if (options.env.length > 0) {
 		const env: Record<string, string> = {};
-		for (const pair of options.env.split(",")) {
+		for (const pair of splitCommaList(options.env)) {
 			const eqIdx = pair.indexOf("=");
 			if (eqIdx === -1) {
 				console.error(`Invalid env format "${pair}", expected KEY=VAL`);
@@ -154,10 +170,10 @@ function buildStdioConfig(options: { command?: string; args?: string; env?: stri
 	return config as unknown as ServerConfig;
 }
 
-function buildHttpConfig(options: { url?: string; header?: string[] }): ServerConfig {
+function buildHttpConfig(options: { url?: string; header: string[] }): ServerConfig {
 	const config: Record<string, unknown> = { url: options.url! };
 
-	if (options.header && options.header.length > 0) {
+	if (options.header.length > 0) {
 		const headers: Record<string, string> = {};
 		for (const h of options.header) {
 			const colonIdx = h.indexOf(":");

package/src/config/loader.ts

@@ -1,3 +1,4 @@
+import { chmod } from "node:fs/promises";
 import { join, resolve } from "node:path";
 import { DEFAULT_CONFIG_DIR, ENV } from "../constants.ts";
 import { interpolateEnv } from "./env.ts";
@@ -63,6 +64,7 @@ export async function loadConfig(options: LoadConfigOptions = {}): Promise<Confi
 		const cwd = process.cwd();
 		if (await hasServersFile(cwd)) {
 			configDir = cwd;
+			process.stderr.write(`Note: using servers.json from current directory (${cwd})\n`);
 		}
 	}
 
@@ -109,9 +111,10 @@ async function saveJsonFile(configDir: string, filename: string, data: unknown):
 	await Bun.write(join(configDir, filename), `${JSON.stringify(data, null, 2)}\n`);
 }
 
-/** Save auth.json to the config directory */
+/** Save auth.json to the config directory with restrictive permissions */
 export async function saveAuth(configDir: string, auth: AuthFile): Promise<void> {
-	return saveJsonFile(configDir, "auth.json", auth);
+	await saveJsonFile(configDir, "auth.json", auth);
+	await chmod(join(configDir, "auth.json"), 0o600).catch(() => {});
 }
 
 /** Load search.json from the config directory */

package/src/output/formatter.ts

@@ -619,20 +619,23 @@ export function renderMarkdownToAnsi(input: string): string {
 	return restored;
 }
 
+const MAX_NESTED_JSON_DEPTH = 10;
+
 /** Recursively parse JSON strings inside MCP content blocks */
-function parseNestedJson(value: unknown): unknown {
+function parseNestedJson(value: unknown, depth = 0): unknown {
+	if (depth > MAX_NESTED_JSON_DEPTH) return value;
 	if (typeof value === "string") {
 		try {
-			return parseNestedJson(JSON.parse(value));
+			return parseNestedJson(JSON.parse(value), depth + 1);
 		} catch {
 			return value;
 		}
 	}
 	if (Array.isArray(value)) {
-		return value.map(parseNestedJson);
+		return value.map((v) => parseNestedJson(v, depth + 1));
 	}
 	if (typeof value === "object" && value !== null) {
-		return Object.fromEntries(Object.entries(value).map(([k, v]) => [k, parseNestedJson(v)]));
+		return Object.fromEntries(Object.entries(value).map(([k, v]) => [k, parseNestedJson(v, depth + 1)]));
 	}
 	return value;
 }

package/src/validation/schema.ts

@@ -28,8 +28,9 @@ function validateWithSchema(
 		try {
 			validate = ajv.compile(schema);
 			validatorCache.set(cacheKey, validate);
-		} catch {
-			return { valid: true, errors: [] };
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : "unknown error";
+			return { valid: false, errors: [{ path: "(schema)", message: `schema compilation failed: ${msg}` }] };
 		}
 	}