Skip to content

Add environment variable support for stdio MCP servers #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 17, 2025
Merged

Add environment variable support for stdio MCP servers #82

merged 8 commits into from
Nov 17, 2025

Conversation

Copy link
Contributor

Copilot AI commented Nov 17, 2025
edited
Loading

Enables passing environment variables to stdio MCP servers via mcp.json configuration. Supports literal values and ${VAR} substitution from system environment.

Changes

  • Config model: Added env: Optional[Dict[str, str]] field to MCPServerConfig
  • Client initialization: Extract env from config, resolve ${VAR} patterns, pass to StdioTransport
  • Error handling: Server initialization fails gracefully if referenced env var is unset
  • Tests: 6 new tests covering literal values, substitution, empty dict, missing vars
  • Documentation: Added section to admin guide with examples and security notes
  • Demo Server: Added env-demo MCP server in backend/mcp/env-demo/ that demonstrates the environment variable capability with three tools: get_env_var, list_configured_env_vars, and demonstrate_env_usage

Usage

{
  "my-external-tool": {
    "command": ["wrapper-cli", "my.external.tool@latest"],
    "cwd": "backend",
    "env": {
      "CLOUD_PROFILE": "my-profile-9",
      "CLOUD_REGION": "us-east-7",
      "API_KEY": "${MY_API_KEY}"
    }
  }
}

The env field only applies to stdio servers; HTTP/SSE servers ignore it. Missing env vars during substitution cause initialization failure with clear error logging.

Demo Server

The env-demo server is configured in both config/defaults/mcp.json and config/overrides/mcp.json and includes:

  • Example configuration with both literal values and ${VAR} substitution

  • Three tools demonstrating environment variable access and usage patterns

  • Complete documentation in backend/mcp/env-demo/README.md

  • Fixes allow setting env values for individual mcps #81

Original prompt

This section details on the original issue you should resolve

<issue_title>allow setting env values for individual mcps</issue_title>
<issue_description>For example.

"env": {
"CLOUD_PROFILE": "my-profile-9",
"CLOUD_REGION": "us-east-7"
},

So on the mcp.json.

{
"my-external-tool": {
"command": [
"wrapper-cli",
"my.external.tool@latest",
"--allow-write"
],
"cwd": "backend",
"env": {
"ENV_VAR_1": "",
"ENV_VAR_2": ""
},
"groups": ["users"],
"is_exclusive": false,
"description": "External MCP server for XYZ functionality",
"author": "Team Name",
"short_description": "Access XYZ APIs via external MCP server",
"help_email": "support@example.com",
"compliance_level": "Public",
"require_approval": [],
"allow_edit": []
}
}</issue_description>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits November 17, 2025 15:59
@garland3
Add env variable support for MCP servers
61b86cd 
Co-authored-by: garland3 <1162675+garland3@users.noreply.github.com>
@garland3
Add documentation for env variable support
8ce2a6b 
Co-authored-by: garland3 <1162675+garland3@users.noreply.github.com>
Copilot AI changed the title [WIP] Allow setting env values for individual mcps Add environment variable support for stdio MCP servers Nov 17, 2025
Copilot AI requested a review from garland3 November 17, 2025 16:07
Copilot finished work on behalf of garland3 November 17, 2025 16:07
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 17, 2025
View reviewed changes
@github-actions
Copy link

github-actions bot commented Nov 17, 2025

🔒 Security Scan Results

Security Scan Summary

Scan Results

Python SAST (Bandit)

⚠️ Security issues found in Python code

Recommendations

  • Review all SARIF files uploaded to GitHub Security tab
  • Address high and critical severity vulnerabilities immediately
  • Run npm audit fix and pip-audit locally to fix dependencies
  • Consider implementing additional security controls

1 similar comment
@github-actions
Copy link

github-actions bot commented Nov 17, 2025

🔒 Security Scan Results

Security Scan Summary

Scan Results

Python SAST (Bandit)

⚠️ Security issues found in Python code

Recommendations

  • Review all SARIF files uploaded to GitHub Security tab
  • Address high and critical severity vulnerabilities immediately
  • Run npm audit fix and pip-audit locally to fix dependencies
  • Consider implementing additional security controls

@garland3 GitHub Codespaces
Copy link
Collaborator

garland3 commented Nov 17, 2025

@copilot please add a new mcp server in the backend folder (backend/mcp) which demostrates this capability.

@garland3
Add env-demo MCP server to demonstrate environment variable support
157de27 
Co-authored-by: garland3 <1162675+garland3@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Nov 17, 2025

@copilot please add a new mcp server in the backend folder (backend/mcp) which demostrates this capability.

Added env-demo MCP server in backend/mcp/env-demo/ that demonstrates the environment variable capability. The server includes three tools:

  1. get_env_var - Retrieves specific environment variable values
  2. list_configured_env_vars - Lists all configured environment variables
  3. demonstrate_env_usage - Shows practical usage patterns

Configured in both config/defaults/mcp.json and config/overrides/mcp.json with example environment variables including literal values and ${VAR} substitution. Complete documentation in backend/mcp/env-demo/README.md.

Commit: 157de27

Copilot finished work on behalf of garland3 November 17, 2025 20:20
@garland3
feat(config): add env-demo MCP server configuration
a393939 
- Introduced a new configuration file in `config/overrides/env-var-mcp.json` for demonstrating environment variable passing in MCP servers.
- The `env-demo` setup includes command execution, environment variables like CLOUD_PROFILE and API_KEY (with variable substitution), and metadata such as groups, descriptions, and compliance level.
- This change provides a practical example for users to understand how to configure MCP servers using both literal values and `${VAR}` substitutions.
@garland3
refactor(tests): remove unused imports in test_client_env.py
b4129ff
@garland3 garland3 marked this pull request as ready for review November 17, 2025 22:52
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 17, 2025
View reviewed changes
@github-actions
Copy link

github-actions bot commented Nov 17, 2025

🔒 Security Scan Results

Security Scan Summary

Scan Results

Python SAST (Bandit)

⚠️ Security issues found in Python code

Recommendations

  • Review all SARIF files uploaded to GitHub Security tab
  • Address high and critical severity vulnerabilities immediately
  • Run npm audit fix and pip-audit locally to fix dependencies
  • Consider implementing additional security controls

@garland3
refactor: remove unused imports in test files
606323d 
Remove `import os` from test_client_env.py and `from unittest.mock import patch` from test_env_demo_server.py, as they were not utilized in the files, to clean up the codebase and reduce linting warnings.
@garland3
refactor(test): Remove MCP JSON configuration test from env demo server
6aca4df 
Remove the test_mcp_json_configuration function that verified env-demo server setup in overrides/mcp.json, as this configuration check is no longer needed in the current test suite structure.
@github-actions
Copy link

github-actions bot commented Nov 17, 2025

🔒 Security Scan Results

Security Scan Summary

Scan Results

Python SAST (Bandit)

⚠️ Security issues found in Python code

Recommendations

  • Review all SARIF files uploaded to GitHub Security tab
  • Address high and critical severity vulnerabilities immediately
  • Run npm audit fix and pip-audit locally to fix dependencies
  • Consider implementing additional security controls

@garland3 garland3 merged commit 7526ac8 into main Nov 17, 2025
9 checks passed
@garland3 garland3 deleted the copilot/allow-env-values-for-mcps branch November 17, 2025 23:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@garland3 garland3 Awaiting requested review from garland3

Assignees

@garland3 garland3

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

allow setting env values for individual mcps

2 participants

@garland3