Merge branch 'main' into docs/utils-jsdoc

Author: olaservo

.github/workflows/claude.yml

@@ -18,17 +18,14 @@ jobs:
         (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
         (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
         (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
-      ) &&
-      (
-        github.actor == 'ihrpr' ||
-        github.actor == 'olaservo'
       )
     runs-on: ubuntu-latest
     permissions:
       contents: read
       pull-requests: read
       issues: read
       id-token: write
+      actions: read
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -41,24 +38,16 @@ jobs:
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
 
-          # Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4)
-          # model: "claude-opus-4-20250514"
-
-          # Optional: Customize the trigger phrase (default: @claude)
-          # trigger_phrase: "/claude"
-
-          # Optional: Trigger when specific user is assigned to an issue
-          # assignee_trigger: "claude-bot"
+          # Allow Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
 
-          # Optional: Allow Claude to run specific commands
-          # allowed_tools: "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*)"
+          # Trigger when assigned to an issue
+          assignee_trigger: "claude"
 
-          # Optional: Add custom instructions for Claude to customize its behavior for your project
-          # custom_instructions: |
-          #   Follow our coding standards
-          #   Ensure all new code has tests
-          #   Use TypeScript for new files
+          # Allow Claude to run bash
+          # This should be safe given the repo is already public
+          allowed_tools: "Bash"
 
-          # Optional: Custom environment variables for Claude
-          # claude_env: |
-          #   NODE_ENV: test
+          custom_instructions: |
+            If posting a comment to GitHub, give a concise summary of the comment at the top and put all the details in a <details> block.

.husky/pre-commit

@@ -0,0 +1,2 @@
+npx lint-staged
+git update-index --again

Dockerfile

@@ -1,5 +1,5 @@
 # Build stage
-FROM node:24-slim AS builder
+FROM node:current-alpine3.22 AS builder
 
 # Set working directory
 WORKDIR /app
@@ -49,4 +49,4 @@ ENV SERVER_PORT=6277
 EXPOSE ${CLIENT_PORT} ${SERVER_PORT}
 
 # Use ENTRYPOINT with CMD for arguments
-ENTRYPOINT ["npm", "start"]
+ENTRYPOINT ["npm", "start"]

README.md

@@ -29,6 +29,14 @@ npx @modelcontextprotocol/inspector
 
 The server will start up and the UI will be accessible at `http://localhost:6274`.
 
+### Docker Container
+
+You can also start it in a Docker container with the following command:
+
+```bash
+docker run --rm --network host -p 6274:6274 -p 6277:6277 ghcr.io/modelcontextprotocol/inspector:latest
+```
+
 ### From an MCP server repository
 
 To inspect an MCP server implementation, there's no need to clone this repo. Instead, use `npx`. For example, if your server is built at `build/index.js`:
@@ -166,6 +174,16 @@ If you need to disable authentication (NOT RECOMMENDED), you can set the `DANGER
 DANGEROUSLY_OMIT_AUTH=true npm start
 ```
 
+---
+
+**🚨 WARNING 🚨**
+
+Disabling authentication with `DANGEROUSLY_OMIT_AUTH` is incredibly dangerous! Disabling auth leaves your machine open to attack not just when exposed to the public internet, but also **via your web browser**. Meaning, visiting a malicious website OR viewing a malicious advertizement could allow an attacker to remotely compromise your computer. Do not disable this feature unless you truly understand the risks.
+
+Read more about the risks of this vulnerability on Oligo's blog: [Critical RCE Vulnerability in Anthropic MCP Inspector - CVE-2025-49596](https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596)
+
+---
+
 You can also set the token via the `MCP_PROXY_AUTH_TOKEN` environment variable when starting the server:
 
 ```bash

cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelcontextprotocol/inspector-cli",
-  "version": "0.16.4",
+  "version": "0.16.5",
   "description": "CLI for the Model Context Protocol inspector",
   "license": "MIT",
   "author": "Anthropic, PBC (https://anthropic.com)",
@@ -21,7 +21,7 @@
   },
   "devDependencies": {},
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.17.2",
+    "@modelcontextprotocol/sdk": "^1.17.3",
     "commander": "^13.1.0",
     "spawn-rx": "^5.1.2"
   }

cli/src/transport.ts

@@ -32,8 +32,8 @@ function createStdioTransport(options: TransportOptions): Transport {
   const defaultEnv = getDefaultEnvironment();
 
   const env: Record<string, string> = {
-    ...processEnv,
     ...defaultEnv,
+    ...processEnv,
   };
 
   const { cmd: actualCommand, args: actualArgs } = findActualExecutable(

client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelcontextprotocol/inspector-client",
-  "version": "0.16.4",
+  "version": "0.16.5",
   "description": "Client-side application for the Model Context Protocol inspector",
   "license": "MIT",
   "author": "Anthropic, PBC (https://anthropic.com)",
@@ -25,7 +25,7 @@
     "cleanup:e2e": "node e2e/global-teardown.js"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.17.2",
+    "@modelcontextprotocol/sdk": "^1.17.3",
     "@radix-ui/react-checkbox": "^1.1.4",
     "@radix-ui/react-dialog": "^1.1.3",
     "@radix-ui/react-icons": "^1.3.0",

client/src/App.tsx

@@ -34,7 +34,6 @@ import {
   useDraggablePane,
   useDraggableSidebar,
 } from "./lib/hooks/useDraggablePane";
-import { StdErrNotification } from "./lib/notificationTypes";
 
 import { Tabs, TabsContent, TabsList, TabsTrigger } from "@/components/ui/tabs";
 import { Button } from "@/components/ui/button";
@@ -106,9 +105,6 @@ const App = () => {
   >(getInitialTransportType);
   const [logLevel, setLogLevel] = useState<LoggingLevel>("debug");
   const [notifications, setNotifications] = useState<ServerNotification[]>([]);
-  const [stdErrNotifications, setStdErrNotifications] = useState<
-    StdErrNotification[]
-  >([]);
   const [roots, setRoots] = useState<Root[]>([]);
   const [env, setEnv] = useState<Record<string, string>>({});
 
@@ -224,12 +220,6 @@ const App = () => {
     onNotification: (notification) => {
       setNotifications((prev) => [...prev, notification as ServerNotification]);
     },
-    onStdErrNotification: (notification) => {
-      setStdErrNotifications((prev) => [
-        ...prev,
-        notification as StdErrNotification,
-      ]);
-    },
     onPendingRequest: (request, resolve, reject) => {
       setPendingSampleRequests((prev) => [
         ...prev,
@@ -757,10 +747,6 @@ const App = () => {
     setLogLevel(level);
   };
 
-  const clearStdErrNotifications = () => {
-    setStdErrNotifications([]);
-  };
-
   const AuthDebuggerWrapper = () => (
     <TabsContent value="auth">
       <AuthDebugger
@@ -829,11 +815,9 @@ const App = () => {
           setOauthScope={setOauthScope}
           onConnect={connectMcpServer}
           onDisconnect={disconnectMcpServer}
-          stdErrNotifications={stdErrNotifications}
           logLevel={logLevel}
           sendLogLevelRequest={sendLogLevelRequest}
           loggingSupported={!!serverCapabilities?.logging || false}
-          clearStdErrNotifications={clearStdErrNotifications}
         />
         <div
           onMouseDown={handleSidebarDragStart}

client/src/components/AuthDebugger.tsx

@@ -6,6 +6,7 @@ import { AuthDebuggerState, EMPTY_DEBUGGER_STATE } from "../lib/auth-types";
 import { OAuthFlowProgress } from "./OAuthFlowProgress";
 import { OAuthStateMachine } from "../lib/oauth-state-machine";
 import { SESSION_KEYS } from "../lib/constants";
+import { validateRedirectUrl } from "@/utils/urlValidation";
 
 export interface AuthDebuggerProps {
   serverUrl: string;
@@ -163,6 +164,23 @@ const AuthDebugger = ({
           currentState.oauthStep === "authorization_code" &&
           currentState.authorizationUrl
         ) {
+          // Validate the URL before redirecting
+          try {
+            validateRedirectUrl(currentState.authorizationUrl);
+          } catch (error) {
+            updateAuthState({
+              ...currentState,
+              isInitiatingAuth: false,
+              latestError:
+                error instanceof Error ? error : new Error(String(error)),
+              statusMessage: {
+                type: "error",
+                message: `Invalid authorization URL: ${error instanceof Error ? error.message : String(error)}`,
+              },
+            });
+            return;
+          }
+
           // Store the current auth state before redirecting
           sessionStorage.setItem(
             SESSION_KEYS.AUTH_DEBUGGER_STATE,

client/src/components/OAuthDebugCallback.tsx

@@ -46,6 +46,17 @@ const OAuthDebugCallback = ({ onConnect }: OAuthCallbackProps) => {
       if (storedState) {
         try {
           restoredState = JSON.parse(storedState);
+          if (restoredState && typeof restoredState.resource === "string") {
+            restoredState.resource = new URL(restoredState.resource);
+          }
+          if (
+            restoredState &&
+            typeof restoredState.authorizationUrl === "string"
+          ) {
+            restoredState.authorizationUrl = new URL(
+              restoredState.authorizationUrl,
+            );
+          }
           // Clean up the stored state
           sessionStorage.removeItem(SESSION_KEYS.AUTH_DEBUGGER_STATE);
         } catch (e) {