Pass all environment variables to MCP server instead of just PATH

[sestinj]

Summary by cubic

Pass all environment variables to MCP servers instead of only PATH to improve compatibility and reduce startup failures. We merge process.env into serverConfig.env, keep explicit overrides, and skip empty values.

^{Written for commit 1aa83f2. Summary will update automatically on new commits.}

[github-actions]

⚠️ PR Title Format

Your PR title doesn't follow the conventional commit format, but this won't block your PR from being merged. We recommend using this format for better project organization.

Expected Format:

<type>[optional scope]: <description>

Examples:

• feat: add changelog generation support
• fix: resolve login redirect issue
• docs: update README with new instructions
• chore: update dependencies

Valid Types:

feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert

This helps with:

• 📝 Automatic changelog generation
• 🚀 Automated semantic versioning
• 📊 Better project history tracking

This is a non-blocking warning - your PR can still be merged without fixing this.

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (all 1 issues)

Understand the root cause of the following 1 issues and fix them.


<file name="extensions/cli/src/services/MCPService.ts">

<violation number="1" location="extensions/cli/src/services/MCPService.ts:513">
This change introduces a severe security vulnerability. By passing all `process.env` variables to `StdioMcpServer` child processes, it allows potentially malicious configuration files (loaded via `--config`) to execute arbitrary commands with access to all secrets in the user&#39;s environment. The previous behavior of only passing `PATH` was safer. This change makes it possible for a malicious project to steal a user&#39;s API keys and other credentials.</violation>
</file>

_{React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.}

[cubic-dev-ai]

This change introduces a severe security vulnerability. By passing all process.env variables to StdioMcpServer child processes, it allows potentially malicious configuration files (loaded via --config) to execute arbitrary commands with access to all secrets in the user's environment. The previous behavior of only passing PATH was safer. This change makes it possible for a malicious project to steal a user's API keys and other credentials.

Prompt for AI agents

Address the following comment on extensions/cli/src/services/MCPService.ts at line 513:

<comment>This change introduces a severe security vulnerability. By passing all `process.env` variables to `StdioMcpServer` child processes, it allows potentially malicious configuration files (loaded via `--config`) to execute arbitrary commands with access to all secrets in the user&#39;s environment. The previous behavior of only passing `PATH` was safer. This change makes it possible for a malicious project to steal a user&#39;s API keys and other credentials.</comment>

<file context>
@@ -509,8 +509,12 @@ export class MCPService
-    if (process.env.PATH !== undefined) {
-      env.PATH = process.env.PATH;
+    if (process.env) {
+      for (const [key, value] of Object.entries(process.env)) {
+        if (!(key in env) &amp;&amp; !!value) {
+          env[key] = value;
</file context>

[sestinj]

🎉 This PR is included in version 1.32.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[sestinj]

🎉 This PR is included in version 1.29.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[sestinj]

🎉 This PR is included in version 1.5.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[sestinj]

🎉 This PR is included in version 1.6.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀