mcp-server-kubernetes 3.7.0 → 3.9.0

package/dist/security/kubectl-flags.d.ts

@@ -1,3 +1,4 @@
+import { type ExecFileSyncOptionsWithStringEncoding } from "child_process";
 /**
  * Validate user-supplied kubectl flags and args. Throws an McpError if any
  * dangerous flag is present and the unsafe-flags escape hatch is not set.
@@ -8,3 +9,21 @@
  *     ("--server", "x") forms, plus short aliases ("-s").
  */
 export declare function assertNoDangerousFlags(flags?: Record<string, unknown>, args?: string[]): void;
+/**
+ * Validate a fully-constructed kubectl/helm argv. Unlike assertNoDangerousFlags
+ * (which inspects only the free-form `flags`/`args` inputs of kubectl_generic),
+ * this scans every token in the final argv — including bare positional slots
+ * such as resource names, node names, and resource types that the individual
+ * tools push directly. kubectl's pflag parser treats any token beginning with
+ * "-" as a flag regardless of position, so a tool argument like
+ * name: "--server=https://attacker" would otherwise redirect the API server
+ * and leak the operator's bearer token. Throws an McpError on any dangerous
+ * flag unless ALLOW_KUBECTL_UNSAFE_FLAGS=true.
+ */
+export declare function assertSafeArgv(args: readonly string[]): void;
+/**
+ * Drop-in replacement for child_process.execFileSync that scans the argv for
+ * credential/target-redirecting flags before executing. Tool files import this
+ * as `execFileSync`, so every kubectl/helm call site is guarded at one place.
+ */
+export declare function execFileSyncSafe(file: string, args: string[], options: ExecFileSyncOptionsWithStringEncoding): string;

package/dist/security/kubectl-flags.js

@@ -1,4 +1,5 @@
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
+import { execFileSync, } from "child_process";
 // Flags that would let a caller redirect kubectl to a different API server,
 // substitute credentials, or impersonate another identity. Allowing any of
 // these to flow in from tool inputs lets an attacker who can influence the
@@ -38,6 +39,27 @@ const DANGEROUS_FLAGS = new Set([
 const SHORT_ALIASES = new Set([
     "s", // -s is an alias for --server
 ]);
+// helm exposes the same exfiltration surface as kubectl, but under "kube-"
+// prefixed flag names (e.g. --kube-apiserver instead of --server). We add
+// those here so the argv-level guard covers helm invocations too. Context
+// selection flags (--context / --kube-context) are intentionally omitted:
+// they can only select a cluster already present in the loaded kubeconfig,
+// every tool legitimately emits "--context <value>", and without --server /
+// --kubeconfig they cannot redirect kubectl/helm to an attacker host.
+const HELM_DANGEROUS_FLAGS = new Set([
+    "kube-apiserver",
+    "kube-token",
+    "kube-ca-file",
+    "kube-as-user",
+    "kube-as-group",
+    "kube-tls-server-name",
+    "kube-insecure-skip-tls-verify",
+]);
+// Flag names that are dangerous when they appear anywhere in a fully
+// constructed argv (positional slots included), regardless of which tool
+// built it. This is DANGEROUS_FLAGS minus the context-selection flags, plus
+// the helm equivalents. See assertSafeArgv / execFileSyncSafe below.
+const ARGV_DANGEROUS_FLAGS = new Set([...DANGEROUS_FLAGS, ...HELM_DANGEROUS_FLAGS].filter((name) => name !== "context"));
 function isUnsafeFlagsAllowed() {
     return process.env.ALLOW_KUBECTL_UNSAFE_FLAGS === "true";
 }
@@ -95,3 +117,36 @@ export function assertNoDangerousFlags(flags, args) {
         }
     }
 }
+/**
+ * Validate a fully-constructed kubectl/helm argv. Unlike assertNoDangerousFlags
+ * (which inspects only the free-form `flags`/`args` inputs of kubectl_generic),
+ * this scans every token in the final argv — including bare positional slots
+ * such as resource names, node names, and resource types that the individual
+ * tools push directly. kubectl's pflag parser treats any token beginning with
+ * "-" as a flag regardless of position, so a tool argument like
+ * name: "--server=https://attacker" would otherwise redirect the API server
+ * and leak the operator's bearer token. Throws an McpError on any dangerous
+ * flag unless ALLOW_KUBECTL_UNSAFE_FLAGS=true.
+ */
+export function assertSafeArgv(args) {
+    if (isUnsafeFlagsAllowed())
+        return;
+    for (const tok of args) {
+        if (typeof tok !== "string")
+            continue;
+        if (!tok.startsWith("-"))
+            continue;
+        const name = normalizeFlagName(tok);
+        if (ARGV_DANGEROUS_FLAGS.has(name) || SHORT_ALIASES.has(name))
+            reject(tok);
+    }
+}
+/**
+ * Drop-in replacement for child_process.execFileSync that scans the argv for
+ * credential/target-redirecting flags before executing. Tool files import this
+ * as `execFileSync`, so every kubectl/helm call site is guarded at one place.
+ */
+export function execFileSyncSafe(file, args, options) {
+    assertSafeArgv(args);
+    return execFileSync(file, args, options);
+}

package/dist/tools/exec_in_pod.js

@@ -8,7 +8,7 @@
  * interpretation. Shell operators (pipes, redirects, etc.) are intentionally
  * not supported.
  */
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 import { contextParameter, namespaceParameter } from "../models/common-parameters.js";
@@ -84,7 +84,7 @@ export async function execInPod(k8sManager, input) {
         }
         args.push("--", ...input.command);
         const timeoutMs = input.timeout || 60000;
-        const result = execFileSync("kubectl", args, {
+        const result = execFileSyncSafe("kubectl", args, {
             encoding: "utf8",
             maxBuffer: getSpawnMaxBuffer(),
             timeout: timeoutMs,

package/dist/tools/helm-operations.js

@@ -4,7 +4,7 @@
  * Template mode bypasses authentication issues and kubeconfig API version mismatches.
  * Supports local chart paths, remote repositories, and custom values.
  */
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { writeFileSync, unlinkSync } from "fs";
 import { dump } from "js-yaml";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
@@ -142,7 +142,7 @@ export const uninstallHelmChartSchema = {
  */
 const executeCommand = (command, args) => {
     try {
-        return execFileSync(command, args, {
+        return execFileSyncSafe(command, args, {
             encoding: "utf8",
             timeout: 300000, // 5 minutes timeout
             maxBuffer: getSpawnMaxBuffer(),

package/dist/tools/kubectl-apply.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import * as fs from "fs";
 import * as path from "path";
@@ -73,7 +73,7 @@ export async function kubectlApply(k8sManager, input) {
         }
         // Execute the command
         try {
-            const result = execFileSync(command, args, {
+            const result = execFileSyncSafe(command, args, {
                 encoding: "utf8",
                 maxBuffer: getSpawnMaxBuffer(),
                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-context.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 export const kubectlContextSchema = {
@@ -56,7 +56,7 @@ export async function kubectlContext(k8sManager, input) {
                 }
                 else if (output === "custom" || output === "json") {
                     // For custom or JSON output, we'll format it ourselves
-                    const rawResult = execFileSync(command, listArgs, {
+                    const rawResult = execFileSyncSafe(command, listArgs, {
                         encoding: "utf8",
                         maxBuffer: getSpawnMaxBuffer(),
                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
@@ -110,7 +110,7 @@ export async function kubectlContext(k8sManager, input) {
                     };
                 }
                 // Execute the command for non-json outputs
-                result = execFileSync(command, listArgs, {
+                result = execFileSyncSafe(command, listArgs, {
                     encoding: "utf8",
                     maxBuffer: getSpawnMaxBuffer(),
                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
@@ -121,14 +121,14 @@ export async function kubectlContext(k8sManager, input) {
                 const getArgs = ["config", "current-context"];
                 // Execute the command
                 try {
-                    const currentContext = execFileSync(command, getArgs, {
+                    const currentContext = execFileSyncSafe(command, getArgs, {
                         encoding: "utf8",
                         maxBuffer: getSpawnMaxBuffer(),
                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
                     }).trim();
                     if (detailed) {
                         // For detailed context info, we need to use get-contexts and filter
-                        const allContextsOutput = execFileSync(command, ["config", "get-contexts"], {
+                        const allContextsOutput = execFileSyncSafe(command, ["config", "get-contexts"], {
                             encoding: "utf8",
                             maxBuffer: getSpawnMaxBuffer(),
                             env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
@@ -211,7 +211,7 @@ export async function kubectlContext(k8sManager, input) {
                 }
                 // First check if the context exists
                 try {
-                    const allContextsOutput = execFileSync(command, ["config", "get-contexts", "-o", "name"], {
+                    const allContextsOutput = execFileSyncSafe(command, ["config", "get-contexts", "-o", "name"], {
                         encoding: "utf8",
                         maxBuffer: getSpawnMaxBuffer(),
                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
@@ -233,7 +233,7 @@ export async function kubectlContext(k8sManager, input) {
                     // Build command to set context
                     const setArgs = ["config", "use-context", contextName];
                     // Execute the command
-                    result = execFileSync(command, setArgs, {
+                    result = execFileSyncSafe(command, setArgs, {
                         encoding: "utf8",
                         maxBuffer: getSpawnMaxBuffer(),
                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-create.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import * as fs from "fs";
 import * as path from "path";
@@ -294,7 +294,7 @@ export async function kubectlCreate(k8sManager, input) {
         }
         // Execute the command
         try {
-            const result = execFileSync(command, args, {
+            const result = execFileSyncSafe(command, args, {
                 encoding: "utf8",
                 maxBuffer: getSpawnMaxBuffer(),
                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-delete.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import * as fs from "fs";
 import * as path from "path";
@@ -115,7 +115,7 @@ export async function kubectlDelete(k8sManager, input) {
         }
         // Execute the command
         try {
-            const result = execFileSync(command, args, {
+            const result = execFileSyncSafe(command, args, {
                 encoding: "utf8",
                 maxBuffer: getSpawnMaxBuffer(),
                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-describe.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 import { namespaceParameter, contextParameter, } from "../models/common-parameters.js";
@@ -52,7 +52,7 @@ export async function kubectlDescribe(k8sManager, input) {
         }
         // Execute the command
         try {
-            const result = execFileSync(command, args, {
+            const result = execFileSyncSafe(command, args, {
                 encoding: "utf8",
                 maxBuffer: getSpawnMaxBuffer(),
                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-generic.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 import { contextParameter, namespaceParameter, } from "../models/common-parameters.js";
@@ -101,7 +101,7 @@ export async function kubectlGeneric(k8sManager, input) {
         // Execute the command
         try {
             console.error(`Executing: kubectl ${cmdArgs.join(" ")}`);
-            const result = execFileSync(command, cmdArgs, {
+            const result = execFileSyncSafe(command, cmdArgs, {
                 encoding: "utf8",
                 maxBuffer: getSpawnMaxBuffer(),
                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-get.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 import * as yaml from "js-yaml";
@@ -121,7 +121,7 @@ export async function kubectlGet(k8sManager, input) {
         }
         // Execute the command
         try {
-            const result = execFileSync(command, args, {
+            const result = execFileSyncSafe(command, args, {
                 encoding: "utf8",
                 maxBuffer: getSpawnMaxBuffer(),
                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-logs.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 import { contextParameter, namespaceParameter, } from "../models/common-parameters.js";
@@ -84,7 +84,7 @@ export async function kubectlLogs(k8sManager, input) {
             }
             // Execute the command
             try {
-                const result = execFileSync(command, args, {
+                const result = execFileSyncSafe(command, args, {
                     encoding: "utf8",
                     maxBuffer: getSpawnMaxBuffer(),
                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
@@ -127,7 +127,7 @@ export async function kubectlLogs(k8sManager, input) {
                     "jsonpath='{.items[*].metadata.name}'",
                 ];
                 try {
-                    const jobs = execFileSync(command, jobsArgs, {
+                    const jobs = execFileSyncSafe(command, jobsArgs, {
                         encoding: "utf8",
                         maxBuffer: getSpawnMaxBuffer(),
                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
@@ -177,7 +177,7 @@ export async function kubectlLogs(k8sManager, input) {
                     if (!selectorArgs) {
                         throw new Error("Selector command is undefined");
                     }
-                    const selectorJson = execFileSync(command, selectorArgs, {
+                    const selectorJson = execFileSyncSafe(command, selectorArgs, {
                         encoding: "utf8",
                         maxBuffer: getSpawnMaxBuffer(),
                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
@@ -260,7 +260,7 @@ async function getLabelSelectorLogs(labelSelector, namespace, input) {
             "-o",
             "jsonpath='{.items[*].metadata.name}'",
         ];
-        const pods = execFileSync(command, podsArgs, {
+        const pods = execFileSyncSafe(command, podsArgs, {
             encoding: "utf8",
             maxBuffer: getSpawnMaxBuffer(),
             env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
@@ -293,7 +293,7 @@ async function getLabelSelectorLogs(labelSelector, namespace, input) {
             // Add other options
             podArgs = addLogOptions(podArgs, input);
             try {
-                const logs = execFileSync(command, podArgs, {
+                const logs = execFileSyncSafe(command, podArgs, {
                     encoding: "utf8",
                     maxBuffer: getSpawnMaxBuffer(),
                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-operations.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 import { contextParameter } from "../models/common-parameters.js";
 export const explainResourceSchema = {
@@ -74,7 +74,7 @@ export const listApiResourcesSchema = {
 };
 const executeKubectlCommand = (command, args) => {
     try {
-        return execFileSync(command, args, {
+        return execFileSyncSafe(command, args, {
             encoding: "utf8",
             maxBuffer: getSpawnMaxBuffer(),
             env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-patch.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import * as fs from "fs";
 import * as path from "path";
@@ -93,7 +93,7 @@ export async function kubectlPatch(k8sManager, input) {
         }
         // Execute the command
         try {
-            const result = execFileSync(command, args, {
+            const result = execFileSyncSafe(command, args, {
                 encoding: "utf8",
                 maxBuffer: getSpawnMaxBuffer(),
                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-rollout.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 import { contextParameter, namespaceParameter } from "../models/common-parameters.js";
@@ -87,7 +87,7 @@ export async function kubectlRollout(k8sManager, input) {
                 args.push("--watch");
                 // For watch we are limited in what we can do - we'll execute it with a reasonable timeout
                 // and capture the output until that point
-                const result = execFileSync(command, args, {
+                const result = execFileSyncSafe(command, args, {
                     encoding: "utf8",
                     maxBuffer: getSpawnMaxBuffer(),
                     timeout: 15000, // Reduced from 30 seconds to 15 seconds
@@ -104,7 +104,7 @@ export async function kubectlRollout(k8sManager, input) {
                 };
             }
             else {
-                const result = execFileSync(command, args, {
+                const result = execFileSyncSafe(command, args, {
                     encoding: "utf8",
                     maxBuffer: getSpawnMaxBuffer(),
                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/kubectl-scale.js

@@ -1,4 +1,4 @@
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 import { contextParameter, namespaceParameter } from "../models/common-parameters.js";
@@ -49,7 +49,7 @@ export async function kubectlScale(k8sManager, input) {
         }
         // Execute the command
         try {
-            const result = execFileSync(command, args, {
+            const result = execFileSyncSafe(command, args, {
                 encoding: "utf8",
                 maxBuffer: getSpawnMaxBuffer(),
                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },

package/dist/tools/node-management.js

@@ -5,7 +5,7 @@
  * and confirmation requirements for destructive operations.
  * Note: Use kubectl_get with resourceType="nodes" to list nodes.
  */
-import { execFileSync } from "child_process";
+import { execFileSyncSafe } from "../security/kubectl-flags.js";
 import { getSpawnMaxBuffer } from "../config/max-buffer.js";
 /**
  * Schema for node_management tool.
@@ -85,7 +85,7 @@ export const nodeManagementSchema = {
  */
 const executeCommand = (command, args) => {
     try {
-        return execFileSync(command, args, {
+        return execFileSyncSafe(command, args, {
             encoding: "utf8",
             timeout: 300000, // 5 minutes timeout for node operations
             maxBuffer: getSpawnMaxBuffer(),

package/dist/utils/streamable-http.js

@@ -1,22 +1,63 @@
 import express from "express";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { createAuthMiddleware, isAuthEnabled } from "./auth.js";
+/**
+ * Build the default allowedHosts list for DNS rebinding protection.
+ * Includes localhost variants with and without port.
+ */
+function buildDefaultAllowedHosts(host, port) {
+    // Always allow the bare host and host:port for common localhost addresses
+    const localhostAliases = ["127.0.0.1", "localhost", "::1"];
+    const hosts = [];
+    for (const alias of localhostAliases) {
+        hosts.push(alias);
+        // HTTP Host header uses bracket notation for IPv6: [::1]:3000
+        if (alias.includes(":")) {
+            hosts.push(`[${alias}]`);
+            hosts.push(`[${alias}]:${port}`);
+        }
+        else {
+            hosts.push(`${alias}:${port}`);
+        }
+    }
+    // Also add the configured host if it's not already covered
+    if (!localhostAliases.includes(host)) {
+        hosts.push(host);
+        if (host.includes(":") && !host.startsWith("[")) {
+            hosts.push(`[${host}]`);
+            hosts.push(`[${host}]:${port}`);
+        }
+        else {
+            hosts.push(`${host}:${port}`);
+        }
+    }
+    return hosts;
+}
 export function startStreamableHTTPServer(server) {
     const app = express();
     app.use(express.json());
     // Create auth middleware - when MCP_AUTH_TOKEN is set, requires X-MCP-AUTH header
     const authMiddleware = createAuthMiddleware();
+    // DNS rebinding protection is enabled by default. Set DNS_REBINDING_PROTECTION=false to disable.
+    const enableDnsRebindingProtection = process.env.DNS_REBINDING_PROTECTION !== "false";
+    const host = process.env.HOST || "localhost";
+    const parsed = parseInt(process.env.PORT || "3000", 10);
+    const port = Number.isNaN(parsed) ? 3000 : parsed;
+    const allowedHosts = process.env.DNS_REBINDING_ALLOWED_HOST
+        ? [process.env.DNS_REBINDING_ALLOWED_HOST]
+        : buildDefaultAllowedHosts(host, port);
+    // Warn when binding to all interfaces with DNS rebinding protection disabled
+    if (!enableDnsRebindingProtection && (host === "0.0.0.0" || host === "::")) {
+        console.warn("WARNING: DNS rebinding protection is disabled while HOST is set to " +
+            `'${host}'. This exposes the MCP server to DNS rebinding attacks ` +
+            "from any browser on the network. Set DNS_REBINDING_PROTECTION=true " +
+            "(the default) or restrict HOST to 'localhost' / '127.0.0.1'.");
+    }
     app.post("/mcp", authMiddleware, async (req, res) => {
         // In stateless mode, create a new instance of transport and server for each request
         // to ensure complete isolation. A single instance would cause request ID collisions
         // when multiple clients connect concurrently.
         try {
-            // DNS rebinding protection is disabled by default for backwards compatibility. If you are running this server
-            // locally, make sure to set DNS_REBINDING_PROTECTION=true
-            const enableDnsRebindingProtection = process.env.DNS_REBINDING_PROTECTION === "true";
-            const allowedHosts = process.env.DNS_REBINDING_ALLOWED_HOST
-                ? [process.env.DNS_REBINDING_ALLOWED_HOST]
-                : ["127.0.0.1"];
             const transport = new StreamableHTTPServerTransport({
                 sessionIdGenerator: undefined,
                 enableDnsRebindingProtection,
@@ -91,14 +132,6 @@ export function startStreamableHTTPServer(server) {
             });
         }
     });
-    let port = 3000;
-    try {
-        port = parseInt(process.env.PORT || "3000", 10);
-    }
-    catch (e) {
-        console.error("Invalid PORT environment variable, using default port 3000.");
-    }
-    const host = process.env.HOST || "localhost";
     const httpServer = app.listen(port, host, () => {
         console.log(`mcp-kubernetes-server is listening on port ${port}\nUse the following url to connect to the server:\nhttp://${host}:${port}/mcp`);
         if (isAuthEnabled()) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp-server-kubernetes",
-  "version": "3.7.0",
+  "version": "3.9.0",
   "description": "MCP server for interacting with Kubernetes clusters via kubectl",
   "license": "MIT",
   "type": "module",