Summary
Add support for bearer token authentication to connect to secured MCP servers.
Background
Many production MCP servers require authentication. The official MCP Inspector supports:
- Bearer token authentication with customizable header names
- Session-based authentication with automatic token generation
Anvil should support authentication to test secured servers.
Proposed Implementation
CLI
# Bearer token via flag
anvil --token "your-api-key" list-tools
anvil --token-header "X-API-Key" --token "your-api-key" list-tools
# Or via environment variable
export ANVIL_TOKEN=your-api-key
anvil list-tools
Web UI
- Add authentication section in connection bar (collapsible)
- Token input field (password type for security)
- Optional custom header name field (default: "Authorization: Bearer")
- Store token in session (not localStorage for security)
Technical Implementation
- Modify
AnvilClient to accept optional auth parameters
- Add
Authorization: Bearer <token> header to requests
- Support custom header names for non-standard auth schemes
Acceptance Criteria
Security Considerations
- Never log tokens in plaintext
- Don't persist tokens to disk by default
- Clear tokens from memory when disconnecting
Summary
Add support for bearer token authentication to connect to secured MCP servers.
Background
Many production MCP servers require authentication. The official MCP Inspector supports:
Anvil should support authentication to test secured servers.
Proposed Implementation
CLI
Web UI
Technical Implementation
AnvilClientto accept optional auth parametersAuthorization: Bearer <token>header to requestsAcceptance Criteria
--tokenand--token-headeroptionsANVIL_TOKENenvironment variable supportSecurity Considerations