Skip to content

fix: redact stdio command args in info#244

Open
haosenwang1018 wants to merge 1 commit intophilschmid:mainfrom
haosenwang1018:fix/redact-stdio-info-command
Open

fix: redact stdio command args in info#244
haosenwang1018 wants to merge 1 commit intophilschmid:mainfrom
haosenwang1018:fix/redact-stdio-info-command

Conversation

@haosenwang1018
Copy link
Copy Markdown

@haosenwang1018 haosenwang1018 commented Apr 18, 2026

Summary

  • redact stdio server args in mcp-cli info output
  • keep the executable name visible while hiding the full argument list
  • add output-format regression tests for both arg and no-arg stdio servers

Problem

Issue #217 reports that mcp-cli info can reveal secret-bearing command details. The existing info output still printed the entire stdio command line, including raw args.

Fix

formatServerDetails() now renders stdio commands as <executable> (<N> hidden arguments) instead of echoing the full arg list. This preserves useful context without leaking flags, paths, or tokens embedded in args.

Fixes #217

Validation

  • bun test tests/output.test.ts
  • npx tsc --noEmit
  • npx @biomejs/biome check src/output.ts tests/output.test.ts
  • git diff --check

@haosenwang1018
fix: redact stdio command args in info
314e830 
Signed-off-by: haosenwang1018 <haosenwang1018@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

mcp-cli info command reveal secrets string

1 participant

@haosenwang1018