Summary
Add experimental stdio upstream MCP support behind an explicit feature flag once the remote HTTP path and security boundary are in place.
Why
Stdio support is useful for local and self-hosted integrations, but it is more sensitive than remote HTTP because it introduces process lifecycle, environment injection, and execution isolation concerns.
Deliverables
- Add a gated stdio provider implementation disabled by default.
- Require explicit enablement through a feature flag or equivalent admin-only setting.
- Support
command + args[] style process configuration without shell string execution.
- Define environment-variable injection by reference rather than inline secret values.
- Add lifecycle handling for startup timeout, shutdown, restart/failure behavior, and bounded resources.
Acceptance criteria
- Stdio upstreams cannot be enabled accidentally.
- Config validation rejects unsafe shell-style execution forms.
- Secrets remain env-referenced and redacted in logs/errors.
- Docs clearly mark stdio support as experimental and higher-risk.
Suggested files
- provider modules under
src/
src/types/profile.tsREADME.mddocs/PROFILE-GUIDE.md- stdio-focused tests
Agent-authored issue.
Summary
Add experimental stdio upstream MCP support behind an explicit feature flag once the remote HTTP path and security boundary are in place.
Why
Stdio support is useful for local and self-hosted integrations, but it is more sensitive than remote HTTP because it introduces process lifecycle, environment injection, and execution isolation concerns.
Deliverables
command+args[]style process configuration without shell string execution.Acceptance criteria
Suggested files
src/src/types/profile.tsREADME.mddocs/PROFILE-GUIDE.mdAgent-authored issue.