From 3f9438fef152566ef1eacec0a370fa6f15ccfe67 Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Tue, 3 Mar 2026 11:25:07 +0100 Subject: [PATCH 1/2] fix: default listening host to all interfaces for container compatibility When running inside a container, binding to localhost only accepts connections from within the container itself. Traffic from port forwarding arrives via the bridge network interface, not loopback, causing connection resets. Defaulting to all interfaces ensures the server is reachable without requiring an explicit override. --- README.md | 6 ++---- internal/config/config.go | 2 +- internal/config/config_test.go | 4 ++-- package.nix | 4 ++-- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index e7d3bd9..b692816 100644 --- a/README.md +++ b/README.md @@ -212,7 +212,7 @@ You can also set the following variables to override the default configuration: - `SYSDIG_MCP_MOUNT_PATH`: The URL prefix for the streamable-http/sse deployment. Defaults to: `/sysdig-mcp-server` - `SYSDIG_MCP_LOGLEVEL`: Log Level of the application (`DEBUG`, `INFO`, `WARNING`, `ERROR`). Defaults to: `INFO` - `SYSDIG_MCP_LISTENING_PORT`: The port for the server when it is deployed using remote protocols (`streamable-http`, `sse`). Defaults to: `8080` -- `SYSDIG_MCP_LISTENING_HOST`: The host for the server when it is deployed using remote protocols (`streamable-http`, `sse`). Defaults to: `localhost` +- `SYSDIG_MCP_LISTENING_HOST`: The host for the server when it is deployed using remote protocols (`streamable-http`, `sse`). Defaults to all interfaces (`:port`). Set to `127.0.0.1` for local-only access. You can find your API token in the Sysdig Secure UI under **Settings > Sysdig Secure API**. Make sure to copy the token as it will not be shown again. @@ -242,7 +242,7 @@ SYSDIG_MCP_TRANSPORT=streamable-http # SYSDIG_MCP_API_HOST=https://us2.app.sysdig.com # SYSDIG_MCP_API_TOKEN=your-api-token-here SYSDIG_MCP_LISTENING_PORT=8080 -SYSDIG_MCP_LISTENING_HOST=localhost +SYSDIG_MCP_LISTENING_HOST= SYSDIG_MCP_MOUNT_PATH=/sysdig-mcp-server ``` @@ -354,8 +354,6 @@ spec: env: - name: SYSDIG_MCP_TRANSPORT value: "streamable-http" - - name: SYSDIG_MCP_LISTENING_HOST - value: "0.0.0.0" envFrom: - secretRef: name: mcp-server-secrets diff --git a/internal/config/config.go b/internal/config/config.go index ad1f76e..5e47345 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -34,7 +34,7 @@ func Load() (*Config, error) { APIToken: getEnv("SYSDIG_MCP_API_TOKEN", ""), SkipTLSVerification: getEnv("SYSDIG_MCP_API_SKIP_TLS_VERIFICATION", false), Transport: getEnv("SYSDIG_MCP_TRANSPORT", "stdio"), - ListeningHost: getEnv("SYSDIG_MCP_LISTENING_HOST", "localhost"), + ListeningHost: getEnv("SYSDIG_MCP_LISTENING_HOST", ""), ListeningPort: getEnv("SYSDIG_MCP_LISTENING_PORT", "8080"), MountPath: getEnv("SYSDIG_MCP_MOUNT_PATH", "/sysdig-mcp-server"), LogLevel: getEnv("SYSDIG_MCP_LOGLEVEL", "INFO"), diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 2787a02..8c09099 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -78,7 +78,7 @@ var _ = Describe("Config", func() { cfg, err := config.Load() Expect(err).NotTo(HaveOccurred()) Expect(cfg.Transport).To(Equal("stdio")) - Expect(cfg.ListeningHost).To(Equal("localhost")) + Expect(cfg.ListeningHost).To(BeEmpty()) Expect(cfg.ListeningPort).To(Equal("8080")) Expect(cfg.MountPath).To(Equal("/sysdig-mcp-server")) Expect(cfg.LogLevel).To(Equal("INFO")) @@ -96,7 +96,7 @@ var _ = Describe("Config", func() { cfg, err := config.Load() Expect(err).NotTo(HaveOccurred()) Expect(cfg.Transport).To(Equal("streamable-http")) - Expect(cfg.ListeningHost).To(Equal("localhost")) + Expect(cfg.ListeningHost).To(BeEmpty()) Expect(cfg.ListeningPort).To(Equal("8080")) Expect(cfg.MountPath).To(Equal("/sysdig-mcp-server")) Expect(cfg.LogLevel).To(Equal("INFO")) diff --git a/package.nix b/package.nix index a96c471..7597ee7 100644 --- a/package.nix +++ b/package.nix @@ -1,10 +1,10 @@ { buildGo126Module, versionCheckHook }: buildGo126Module (finalAttrs: { pname = "sysdig-mcp-server"; - version = "1.0.2"; + version = "1.0.3"; src = ./.; # This hash is automatically re-calculated with `just rehash-package-nix`. This is automatically called as well by `just update`. - vendorHash = "sha256-7UtPcgvKrpSIUGEgIOTH/BBG9PacBeVtSEsrfBtgWxs="; + vendorHash = "sha256-IjVs+Mm9kV9pXoEOE3En2u+/jd/ITXZi0kp2+L92Mso="; subPackages = [ "cmd/server" From 19a9c3f9e7297ecc5ef2ed1a846854cb0f0f9747 Mon Sep 17 00:00:00 2001 From: Fede Barcelona Date: Tue, 3 Mar 2026 11:25:31 +0100 Subject: [PATCH 2/2] chore: update dependencies --- flake.lock | 6 +++--- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 21cf7ce..e9abe24 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771207753, - "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", + "lastModified": 1772479524, + "narHash": "sha256-u7nCaNiMjqvKpE+uZz9hE7pgXXTmm5yvdtFaqzSzUQI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", + "rev": "4215e62dc2cd3bc705b0a423b9719ff6be378a43", "type": "github" }, "original": { diff --git a/go.mod b/go.mod index f5120e6..a1787a4 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/sysdiglabs/sysdig-mcp-server go 1.26.0 require ( - github.com/mark3labs/mcp-go v0.44.0 - github.com/oapi-codegen/runtime v1.1.2 + github.com/mark3labs/mcp-go v0.44.1 + github.com/oapi-codegen/runtime v1.2.0 github.com/onsi/ginkgo/v2 v2.28.1 github.com/onsi/gomega v1.39.1 github.com/spf13/cobra v1.10.2 @@ -20,7 +20,7 @@ require ( github.com/go-logr/logr v1.4.3 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/google/go-cmp v0.7.0 // indirect - github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef // indirect + github.com/google/pprof v0.0.0-20260302011040-a15ffb7f9dcc // indirect github.com/google/uuid v1.6.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/invopop/jsonschema v0.13.0 // indirect @@ -32,7 +32,7 @@ require ( github.com/yosida95/uritemplate/v3 v3.0.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/mod v0.33.0 // indirect - golang.org/x/net v0.50.0 // indirect + golang.org/x/net v0.51.0 // indirect golang.org/x/sync v0.19.0 // indirect golang.org/x/sys v0.41.0 // indirect golang.org/x/text v0.34.0 // indirect diff --git a/go.sum b/go.sum index 01ce35c..6036209 100644 --- a/go.sum +++ b/go.sum @@ -28,8 +28,8 @@ github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef h1:xpF9fUHpoIrrjX24DURVKiwHcFpw19ndIs+FwTSMbno= -github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= +github.com/google/pprof v0.0.0-20260302011040-a15ffb7f9dcc h1:VBbFa1lDYWEeV5FZKUiYKYT0VxCp9twUmmaq9eb8sXw= +github.com/google/pprof v0.0.0-20260302011040-a15ffb7f9dcc/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -45,14 +45,14 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8= github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= -github.com/mark3labs/mcp-go v0.44.0 h1:OlYfcVviAnwNN40QZUrrzU0QZjq3En7rCU5X09a/B7I= -github.com/mark3labs/mcp-go v0.44.0/go.mod h1:YnJfOL382MIWDx1kMY+2zsRHU/q78dBg9aFb8W6Thdw= +github.com/mark3labs/mcp-go v0.44.1 h1:2PKppYlT9X2fXnE8SNYQLAX4hNjfPB0oNLqQVcN6mE8= +github.com/mark3labs/mcp-go v0.44.1/go.mod h1:YnJfOL382MIWDx1kMY+2zsRHU/q78dBg9aFb8W6Thdw= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= -github.com/oapi-codegen/runtime v1.1.2 h1:P2+CubHq8fO4Q6fV1tqDBZHCwpVpvPg7oKiYzQgXIyI= -github.com/oapi-codegen/runtime v1.1.2/go.mod h1:SK9X900oXmPWilYR5/WKPzt3Kqxn/uS/+lbpREv+eCg= +github.com/oapi-codegen/runtime v1.2.0 h1:RvKc1CVS1QeKSNzO97FBQbSMZyQ8s6rZd+LpmzwHMP4= +github.com/oapi-codegen/runtime v1.2.0/go.mod h1:Y7ZhmmlE8ikZOmuHRRndiIm7nf3xcVv+YMweKgG1DT0= github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI= github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= @@ -92,8 +92,8 @@ go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= -golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60= -golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM= +golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= +golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=