[Feature]: Support dynamic auth propagation for stdio MCP servers

[berri-teddy]

The Feature

Description:
Currently, LiteLLM MCP supports server-specific auth headers for HTTP/SSE servers, which allows passing tokens dynamically on each request. However, for stdio MCP servers, the auth_value is only set at process start (via config.yaml), and there’s no mechanism to dynamically pass authentication per request.

User request:
• Ability to run an HTTP → stdio bridge where the client can send a token per request.
• That token should be passed through to the stdio MCP server, rather than being hardcoded in the config.
• Today, auth headers work fine for HTTP MCP servers, but for stdio there’s no equivalent.

Motivation, pitch

Need for the auth to be dynamically passed rather than hardcoded in the config.yaml

LiteLLM is hiring a founding backend engineer, are you interested in joining us and shipping to all our users?

No

Twitter / LinkedIn details

No response

[krrishdholakia]

This should now be supported - https://docs.litellm.ai/docs/mcp#forwarding-custom-headers-to-mcp-servers

@berri-teddy please confirm with user

[jeromeroussin]

The doc you point to does not address what this RFE is about.

[berri-teddy]

What is needed now is a way for admins to map out those new env variables into stdio args and stdio env. Imagine something like this:
mcp_servers:
  my-mcp-server:
    command: npx
    args:
      - -y
      - @circle/mcp-server-circleci
    env:
      - CIRCLE_CI_TOKEN: os.getenv("MCP_AUTH_TOKEN")
      - CIRCLE_BASE_URL: https://circleci.com/ 

stdio server processes can be reused, but they need to be scoped by virtual key and mcp credentials