From 9f054ee05b4c62f8585b621c4e129850199001fc Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Tue, 21 Apr 2026 08:06:54 +0100
Subject: [PATCH] fix: sanitize mcp transport warning fields

---
 src/agents/mcp-transport-config.test.ts | 13 +++++++++++++
 src/agents/mcp-transport-config.ts      |  8 +++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/agents/mcp-transport-config.test.ts b/src/agents/mcp-transport-config.test.ts
index 44e77642108..f062355e0a0 100644
--- a/src/agents/mcp-transport-config.test.ts
+++ b/src/agents/mcp-transport-config.test.ts
@@ -83,6 +83,19 @@ describe("resolveMcpTransportConfig", () => {
     });
   });
 
+  it("sanitizes config-controlled names in stdio env warnings", () => {
+    resolveMcpTransportConfig("probe\nWARN forged\u001b[31m", {
+      command: "node",
+      env: {
+        "LD_PRELOAD\nWARN forged\u001b[31m": "/tmp/pwn.so",
+      },
+    });
+
+    expect(logWarn).toHaveBeenCalledWith(
+      'bundle-mcp: server "probeWARN forged": env "LD_PRELOADWARN forged" is blocked for stdio startup safety and was ignored.',
+    );
+  });
+
   it("resolves SSE config by default", () => {
     const resolved = resolveMcpTransportConfig("probe", {
       url: "https://mcp.example.com/sse",
diff --git a/src/agents/mcp-transport-config.ts b/src/agents/mcp-transport-config.ts
index 475ac44cc52..edd21d5eb30 100644
--- a/src/agents/mcp-transport-config.ts
+++ b/src/agents/mcp-transport-config.ts
@@ -1,5 +1,6 @@
 import { logWarn } from "../logger.js";
 import { normalizeLowercaseStringOrEmpty } from "../shared/string-coerce.js";
+import { sanitizeForLog } from "../terminal/ansi.js";
 import {
   describeHttpMcpServerLaunchConfig,
   resolveHttpMcpServerLaunchConfig,
@@ -95,11 +96,12 @@ export function resolveMcpTransportConfig(
   serverName: string,
   rawServer: unknown,
 ): ResolvedMcpTransportConfig | null {
+  const logServerName = sanitizeForLog(serverName);
   const requestedTransport = getRequestedTransport(rawServer);
   const stdioLaunch = resolveStdioMcpServerLaunchConfig(rawServer, {
     onDroppedEnv: (key) => {
       logWarn(
-        `bundle-mcp: server "${serverName}": env "${key}" is blocked for stdio startup safety and was ignored.`,
+        `bundle-mcp: server "${logServerName}": env "${sanitizeForLog(key)}" is blocked for stdio startup safety and was ignored.`,
       );
     },
   });
@@ -122,7 +124,7 @@ export function resolveMcpTransportConfig(
     requestedTransport !== "streamable-http"
   ) {
     logWarn(
-      `bundle-mcp: skipped server "${serverName}" because transport "${requestedTransport}" is not supported.`,
+      `bundle-mcp: skipped server "${logServerName}" because transport "${sanitizeForLog(requestedTransport)}" is not supported.`,
     );
     return null;
   }
@@ -142,7 +144,7 @@ export function resolveMcpTransportConfig(
   const httpLaunch = resolveHttpMcpServerLaunchConfig(rawServer);
   const httpReason = httpLaunch.ok ? "not an HTTP MCP server" : httpLaunch.reason;
   logWarn(
-    `bundle-mcp: skipped server "${serverName}" because ${stdioLaunch.reason} and ${httpReason}.`,
+    `bundle-mcp: skipped server "${logServerName}" because ${stdioLaunch.reason} and ${httpReason}.`,
   );
   return null;
 }