You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adds a replayio mcp command that runs a local stdio MCP server and bridges requests to Replay's HTTP MCP endpoint. The bridge uses existing Replay CLI auth first, then falls back to MCP OAuth with a stable pre-registered public client ID and PKCE when no CLI token is available or the server rejects CLI auth.
Details
Adds a low-level MCP stdio server using @modelcontextprotocol/sdk
Connects to https://dispatch.replay.io/mcp by default
Tries existing Replay CLI auth from replayio login or REPLAY_API_KEY first
Falls back to MCP OAuth using stable public client ID OIteqhJF3KieHSauCGduBqU8shNKzBuO without DCR
Uses PKCE with token_endpoint_auth_method: none; no client secret is accepted or shipped
Uses a PKCE loopback callback at http://127.0.0.1:42813/callback by default
Supports REPLAY_MCP_SERVER, REPLAY_MCP_OAUTH_CLIENT_ID, REPLAY_MCP_OAUTH_REDIRECT_URL, and matching CLI option overrides
Proxies tools, resources, prompts, and completions when advertised by the remote MCP server
Documents a stdio MCP config example for local clients
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types
Review the following alerts detected in dependencies.
According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.
Action
Severity
Alert (click "▶" to expand/collapse)
Block
Potential code anomaly (AI signal): npm ajv is 100.0% likely to have a medium risk anomaly
Notes: The code implements a standard AJV-like dynamic parser generator for JTD schemas. There are no explicit malware indicators in this fragment. The primary security concern is the dynamic code generation and execution from external schemas, which introduces a medium risk if schemas are untrusted. With trusted schemas and proper schema management, the risk is typically acceptable within this pattern.
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/ajv@8.18.0. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Block
Potential code anomaly (AI signal): npm ajv is 100.0% likely to have a medium risk anomaly
Notes: The code implements standard timestamp validation with clear logic for normal and leap years and leap seconds. There is no network, file, or execution of external code within this isolated fragment. The only anomalous aspect is assigning a string to validTimestamp.code, which could enable external tooling to inject behavior in certain environments, but this does not constitute active malicious behavior in this isolated snippet. Overall, low to moderate security risk in typical usage; no malware detected within the shown code.
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/ajv@8.18.0. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Block
Potential code anomaly (AI signal): npm ajv is 100.0% likely to have a medium risk anomaly
Notes: This module generates JavaScript code at runtime via standaloneCode(...) and then immediately executes it with require-from-string. Because the generated code can incorporate user-supplied schemas or custom keywords without sanitization or sandboxing, an attacker who controls those inputs could inject arbitrary code and achieve remote code execution in the Node process. Users should audit and lock down the standaloneCode output or replace dynamic evaluation with a safer, static bundling approach.
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/ajv@8.18.0. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Block
Potential code anomaly (AI signal): npm cross-spawn is 100.0% likely to have a medium risk anomaly
Notes: This file is a minimal, legitimate wrapper around Node.js child_process.spawn and spawnSync to provide improved ENOENT (command not found) error handling. It does not perform any network requests, dynamic code evaluation, secret disclosure, or telemetry. The only “sink” is the intended execution of local processes as directed by the calling application. No malicious behavior detected.
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/cross-spawn@7.0.6. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Block
Potential code anomaly (AI signal): npm send is 100.0% likely to have a medium risk anomaly
Notes: The analyzed code fragment appears to be a standard, well-structured static file server component with proper input validation, safe path handling, and conventional HTTP features (range requests, conditional GET, caching headers). There are no signs of malicious behavior or external data leakage within this fragment. The main caution is ensuring redirects (Location headers) are derived from trusted sources and not directly from untrusted user input to avoid open redirect risks.
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/send@1.2.1. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Block
Potential code anomaly (AI signal): npm side-channel-weakmap is 100.0% likely to have a medium risk anomaly
Notes: The analyzed code implements a dual-path side-channel storage mechanism that safely uses WeakMap when available, with a fallback to a separate side-channel map. It does not exhibit malicious behavior and appears to serve legitimate functionality around secure data transfer between modules without external data exfiltration or network activity.
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/side-channel-weakmap@1.0.2. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Block
Potential code anomaly (AI signal): npm zod is 100.0% likely to have a medium risk anomaly
Notes: No explicit network exfiltration, reverse shell, or credential theft is present in this fragment. However, the code assembles and compiles arbitrary code via the Function constructor and invokes passed-in functions immediately (twice). That behavior constitutes a strong dangerous primitive (arbitrary code execution) which can be abused if any inputs (strings or args) are attacker-controlled. Treat this module as risky in threat models where inputs are not fully trusted; review call sites and sanitize/validate inputs or avoid dynamic evaluation.
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/zod@4.3.6. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Can we document somewhere the challenges and needs for all of this auth stuff? It's quite complicated and hard to review without that prior context
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
BLamy
force-pushed
the
replay-mcp-wrapper
branch
from
Summary
Adds a
replayio mcpcommand that runs a local stdio MCP server and bridges requests to Replay's HTTP MCP endpoint. The bridge uses existing Replay CLI auth first, then falls back to MCP OAuth with a stable pre-registered public client ID and PKCE when no CLI token is available or the server rejects CLI auth.Details
@modelcontextprotocol/sdkhttps://dispatch.replay.io/mcpby defaultreplayio loginorREPLAY_API_KEYfirstOIteqhJF3KieHSauCGduBqU8shNKzBuOwithout DCRtoken_endpoint_auth_method: none; no client secret is accepted or shippedhttp://127.0.0.1:42813/callbackby defaultREPLAY_MCP_SERVER,REPLAY_MCP_OAUTH_CLIENT_ID,REPLAY_MCP_OAUTH_REDIRECT_URL, and matching CLI option overridesValidation
yarn prettier --check packages/replayio/src/commands/mcp.ts packages/replayio/src/config.ts packages/replayio/README.md packages/replayio/package.jsonyarn turbo run typecheck --filter=replayioyarn turbo run build --filter=replayionode packages/replayio/dist/bin.js help mcpcurl -i -X POST https://dispatch.replay.io/mcp ...returns401withWWW-Authenticate: Bearer resource_metadata="https://dispatch.replay.io/.well-known/oauth-protected-resource/mcp"rg "I45p7tSjAdpMly8ZABwFm4aNYgzr1Y4G|MCP_OAUTH_CLIENT_SECRET|client_secret|client_secret_post" packages/replayio/src packages/replayio/README.mdfinds no matches