feat: Add environment variable support for HTTP MCP headers (#3075)

pahud · web-flow · commit a930a9f6eb2e · 2025-10-16T14:12:25.000-07:00
* feat: Add environment variable support for HTTP MCP headers

- Enable ${env:VAR_NAME} syntax in HTTP MCP server headers
- Extends existing env var processing from stdio to http transport
- Improves security by avoiding hardcoded tokens in config files

Example usage:
"headers": {
  "Authorization": "Bearer ${env:GITHUB_TOKEN}"
}

* test: Add unit test for HTTP headers environment variable processing

- Tests that env vars in HTTP headers are properly substituted
- Covers Authorization header with Bearer token pattern
- Verifies multiple headers and mixed content scenarios

* revert: Remove unnecessary formatting change in oauth_util.rs

Keep PR focused only on the core environment variable feature
diff --git a/crates/chat-cli/src/mcp_client/client.rs b/crates/chat-cli/src/mcp_client/client.rs
@@ -458,8 +458,13 @@ impl McpClientService {
                     ..
                 } = &self.config;
 
-                let http_service_builder =
-                    HttpServiceBuilder::new(url, os, url, *timeout, scopes, headers, oauth, messenger);
+                // Process environment variables in headers
+                let mut processed_headers = headers.clone();
+                for (_, value) in processed_headers.iter_mut() {
+                    *value = substitute_env_vars(value, &os.env);
+                }
+
+                let http_service_builder = HttpServiceBuilder::new(url, os, url, *timeout, scopes, &processed_headers, messenger);
 
                 let (service, auth_client_wrapper) = http_service_builder.try_build(&self).await?;
 
@@ -673,4 +678,30 @@ mod tests {
         assert_eq!(env_vars.get("KEY1").unwrap(), "Value is test_value");
         assert_eq!(env_vars.get("KEY2").unwrap(), "No substitution");
     }
+
+    #[tokio::test]
+    async fn test_http_headers_env_var_processing() {
+        let os = Os::new().await.unwrap();
+        unsafe {
+            os.env.set_var("GITHUB_TOKEN", "github_pat_test123");
+            os.env.set_var("API_KEY", "secret_key_456");
+        }
+
+        // Simulate HTTP headers with environment variables
+        let mut headers = HashMap::new();
+        headers.insert("Authorization".to_string(), "Bearer ${env:GITHUB_TOKEN}".to_string());
+        headers.insert("X-API-Key".to_string(), "${env:API_KEY}".to_string());
+        headers.insert("Content-Type".to_string(), "application/json".to_string());
+
+        // Process headers (same logic as in HTTP transport)
+        let mut processed_headers = headers.clone();
+        for (_, value) in processed_headers.iter_mut() {
+            *value = substitute_env_vars(value, &os.env);
+        }
+
+        // Verify environment variables were substituted
+        assert_eq!(processed_headers.get("Authorization").unwrap(), "Bearer github_pat_test123");
+        assert_eq!(processed_headers.get("X-API-Key").unwrap(), "secret_key_456");
+        assert_eq!(processed_headers.get("Content-Type").unwrap(), "application/json");
+    }
 }
