Open
Conversation
Allow stdio entrypoints to reuse local Sentry CLI auth state when an explicit token is not provided. Check --access-token, SENTRY_ACCESS_TOKEN, SENTRY_AUTH_TOKEN, and finally cli.db so the published server and test client behave more like sentry-cli while keeping host configuration explicit. Update docs and tests to cover the new fallback and self-hosted behavior. Co-Authored-By: Codex GPT-5 <noreply@openai.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Member
Author
|
since this came up in Slack: intentionally did not call out to the 'sentry cli' subprocess as 1) its expensive, and 2) its complex that means we're using an internal data format, which is a little concerning, but its fine and we can keep this repo in sync |
Member
|
we just merged a PR in the CLI to support So we can simplify this, the CLI is on 0.X versions, so we could just support this feat for newer CLI versions |
Keep SENTRY_AUTH_TOKEN resolution inside the auth resolver so token\nsource reporting stays correct and the fallback order remains\nreachable. Align the test client with SENTRY_HOST-only host\nresolution now that the Sentry CLI supports the same env var.\n\nAlso report the actual cli.db path when stdio auth reuses Sentry\nCLI state so SENTRY_CONFIG_DIR overrides are reflected in the\nwarning message.\n\nCo-Authored-By: Codex GPT-5 <noreply@openai.com>
Clarify across the stdio docs that the server and test client can\nreuse auth from the Sentry CLI when users have already run\n'sentry auth'. Add links to cli.sentry.dev anywhere the Sentry CLI\nis referenced so the auth workflow is easy to discover.\n\nCo-Authored-By: Codex GPT-5 <noreply@openai.com>
Limit stdio auth resolution to the explicit SENTRY_ACCESS_TOKEN\ninput and the default Sentry CLI auth database at\n~/.sentry/cli.db. Remove the extra SENTRY_AUTH_TOKEN alias and\nSENTRY_CONFIG_DIR override so the CLI contract stays aligned with the\nactual behavior we want to support.\n\nUpdate the stdio docs to describe only the supported auth sources and\nkeep the Sentry CLI references linked to cli.sentry.dev.\n\nCo-Authored-By: Codex GPT-5 <noreply@openai.com>
Add the Sentry CLI auth fallback to the public stdio setup\nfragment so the website matches the README and release docs. Keep the\nlink pointed at cli.sentry.dev and describe the default\n~/.sentry/cli.db behavior.\n\nCo-Authored-By: Codex GPT-5 <noreply@openai.com>
Move the Sentry CLI database lookup into a shared internal helper in\n@mcp-core so the stdio server and test client do not maintain\nseparate copies of the same auth resolution logic.\n\nThis keeps the auth behavior unchanged while removing the main drift\nrisk called out in review.\n\nCo-Authored-By: Codex GPT-5 <noreply@openai.com>
Keep the explicit-token precedence test valid by using a CLI DB token that remains outside the expiry buffer. This prevents the test from passing for the wrong reason if resolution order regresses in the future. Co-Authored-By: Codex GPT-5 <noreply@openai.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Move the ambient better-sqlite3 declaration into the shared tsconfig package and point the stdio packages at that single source. This removes declaration drift across mcp-core, mcp-server, and mcp-test-client while preserving the current TypeScript setup. Co-Authored-By: Codex GPT-5 <noreply@openai.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reuse Sentry CLI auth for stdio when no explicit access token is provided.
This adds a startup-time fallback to the default Sentry CLI auth database at
~/.sentry/cli.dbfor the stdio server and the local stdio mode in the test client. The explicit input remainsSENTRY_ACCESS_TOKEN(or--access-token), and self-hosted behavior stays host-based viaSENTRY_HOST.The goal is to make local stdio usage match how people already authenticate with the Sentry CLI without widening the auth surface with extra aliases or config knobs. The website fragment, README, release docs, and stdio testing docs now all describe the same behavior, and the new resolver tests cover the CLI DB fallback, expiry handling, and unreadable state handling.