make auth token configurable via env var

[kentcdodds]

Motivation and Context

I run MCP workshops. To keep exercises isolated and setup easy, I programmatically run the inspector with a bunch of things prefilled via the URL and use environment variables to control things like ports etc. With the session token changes, I now have to parse out the generated session token from the output so I can kick off the inspector with the auth token in the search params.

This is possible, but I don't like parsing output as it could easily change. I would much rather just be responsible for generating the token.

How Has This Been Tested?

I made this change in node_modules locally and it worked great.

Breaking Changes

None

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

[kentcdodds]

I have now published this change under @kentcdodds/[email protected] if anyone wants to try it out.

[kentcdodds]

This was handled by #513, so feel free to close. But this does document the feature so maybe merge for that?

[kentcdodds]

(Though I'll just add a note that I think it is odd that the env var is called MCP_PROXY_TOKEN and the search param is called MCP_PROXY_AUTH_TOKEN 🤔).

[cliffhall]

This was handled by #513, so feel free to close. But this does document the feature so maybe merge for that?

(Though I'll just add a note that I think it is odd that the env var is called MCP_PROXY_TOKEN and the search param is called MCP_PROXY_AUTH_TOKEN 🤔).

@kentcdodds I actually am not seeing that it works to startup using MCP_PROXY_TOKEN or MCP_PROXY_AUTH_TOKEN. I don't remember testing it that way when @felixweinberger was working on it.

The proxy server seems to allow for overriding MCP_PROXY_AUTH_TOKEN with the malformed MCP_PROXY_TOKEN value from the environment if present.

However, the start.js script for the client doesn't read either, and instead creates a sessionToken unconditionally.

I think it would be good for this PR to correct all that. Use MCP_PROXY_AUTH_TOKEN everywhere and make sure the server and client can start using that from the environment.

[kentcdodds]

Let me know if that's what you're looking for! Thanks!

[cliffhall]

LGTM! 👍

Tested locally...

Via the npm package entry point (node cli/build/cli.js)

Via the local dev entry point (npm run start)

Without setting environment var