Documentation — MCPSpec

Overview

MCPSpec is "Postman for MCP" — a comprehensive testing, debugging, and documentation platform for Model Context Protocol servers. It enables developers to test MCP servers interactively, create reusable test collections, generate documentation, run security audits, and measure performance.

Key capabilities:

Record inspector sessions and replay them to catch regressions
Generate mock servers for offline development and CI
YAML-based test collections with 10 assertion types
Security audit with 8 rules (including Tool Poisoning & Excessive Agency)
MCP Score: 0–100 quality rating with SVG badge generation
Performance benchmarking with statistical analysis
CI/CD pipeline generation (GitHub Actions, GitLab CI, shell)
Full web dashboard with 10 pages

Installation

MCPSpec requires Node.js 22+ (LTS).

npm install -g mcpspec

Verify the installation:

mcpspec --version

You can also use npx mcpspec without a global install.

Quick Start

No configuration needed. Run a pre-built community collection to see MCPSpec in action:

# Install
npm install -g mcpspec

# Run a community test suite (filesystem server)
mcpspec test examples/collections/servers/filesystem.yaml

# Or explore a server interactively
mcpspec inspect "npx -y @modelcontextprotocol/server-filesystem /tmp"

Expected output:

MCPSpec running Filesystem Server Tests (12 tests)

✓ List allowed directories (52ms)

✓ List /tmp directory contents (45ms)

✓ Write a test file (67ms)

✓ Read the test file back (38ms)

... 8 more

Tests: 12 passed (12 total)

Time: 1.23s

Your First Collection

Create a file called mcpspec.yaml in your project root:

name: My First Tests
server: npx -y @modelcontextprotocol/server-filesystem /tmp

tests:
  - name: List allowed directories
    call: list_allowed_directories
    expect:
      - exists: $.content

  - name: Read a test file
    call: read_file
    with:
      path: /tmp/mcpspec-test.txt
    expect:
      - exists: $.content

  - name: Handle missing file
    call: read_file
    with:
      path: /tmp/nonexistent-file-12345.txt
    expectError: true

Run it:

mcpspec test

The server field is a command string. MCPSpec spawns the process, connects via stdio, runs the tests, and shuts it down. The expect shorthand lets you write assertions without verbose syntax.

Simple Format

The simple format is ideal for most test suites. Use call/with/expect for concise test definitions:

name: Simple Filesystem Tests
server: npx -y @modelcontextprotocol/server-filesystem /tmp

tests:
  - name: List allowed directories
    call: list_allowed_directories
    expect:
      - exists: $.content

  - name: Read a test file
    call: read_file
    with:
      path: /tmp/mcpspec-test.txt
    expect:
      - exists: $.content

  - name: Handle missing file
    call: read_file
    with:
      path: /tmp/nonexistent-file-12345.txt
    expectError: true

Key fields:

name — Collection name (displayed in output)
server — Server command string (shorthand for stdio transport)
tests[].call — Tool name to invoke
tests[].with — Input arguments (JSON object)
tests[].expect — Shorthand assertions (see Assertions)
tests[].expectError — Expect the tool call to return an error

Advanced Format

The advanced format adds environments, tags, typed assertions, variable extraction, and more:

schemaVersion: "1.0"
name: Environment-Aware Tests
description: Tests that use environment variables

server:
  transport: stdio
  command: npx
  args: ["-y", "@modelcontextprotocol/server-filesystem", "{{baseDir}}"]

environments:
  dev:
    variables:
      baseDir: /tmp
  staging:
    variables:
      baseDir: /var/tmp

defaultEnvironment: dev

tests:
  - id: test-list
    name: List directories
    tags: [smoke]
    call: list_allowed_directories
    assertions:
      - type: schema
      - type: latency
        maxMs: 10000

  - id: test-read
    name: Read test file
    tags: [integration]
    call: read_file
    with:
      path: "{{baseDir}}/mcpspec-test.txt"
    assertions:
      - type: exists
        path: $.content

Additional fields:

schemaVersion — Collection schema version (currently "1.0")
tests[].id — Unique test identifier (for dependencies and extraction)
tests[].tags — Array of tags for filtering with --tag
tests[].assertions — Full assertion objects (see Assertions)
tests[].timeout — Per-test timeout in ms
tests[].retries — Number of retry attempts
tests[].extract — Extract variables from responses for subsequent tests

Server Configuration

Three ways to configure the server:

String shorthand (stdio)

server: npx -y @modelcontextprotocol/server-filesystem /tmp

Stdio object

server:
  transport: stdio
  command: npx
  args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
  env:
    NODE_ENV: test
  timeouts:
    connect: 10000
    call: 30000

SSE / HTTP

# Server-Sent Events
server:
  transport: sse
  url: http://localhost:3000/sse

# Streamable HTTP
server:
  transport: streamable-http
  url: http://localhost:3000/mcp

Environments & Variables

Define named environments with variable sets. Use {{variable}} syntax in server config, tool inputs, and assertions:

environments:
  dev:
    variables:
      baseDir: /tmp
      apiUrl: http://localhost:3000
  prod:
    variables:
      baseDir: /data
      apiUrl: https://api.example.com

defaultEnvironment: dev

Switch environments at runtime:

mcpspec test --env prod

Note: YAML is loaded with FAILSAFE_SCHEMA, meaning all values are strings. MCPSpec automatically coerces types (numbers, booleans) when needed.

Tags & Filtering

Add tags to tests and filter with --tag:

tests:
  - name: Quick smoke test
    tags: [smoke, api]
    call: health_check

# Run only smoke tests
mcpspec test --tag smoke

# The @ prefix is optional and stripped automatically
mcpspec test --tag @smoke

Multiple --tag flags run tests matching any of the specified tags.

Retries & Timeouts

Configure per-test timeouts and retries:

tests:
  - name: Flaky network call
    call: fetch_data
    timeout: 15000    # 15s timeout for this test
    retries: 2        # Retry up to 2 times on error

Timeout hierarchy (inner timeouts must be less than outer):

Level	Default	Purpose
`test`	30,000ms	Total test timeout
`mcpCall`	25,000ms	Single tool call
`transport`	20,000ms	HTTP/stdio response
`assertion`	5,000ms	Expression evaluation
`cleanup`	5,000ms	Post-test cleanup

Note: Retries only trigger on thrown errors (e.g., connection failures), not on assertion failures. This prevents retrying tests that are simply wrong.

Assertions Overview

MCPSpec has 10 assertion types. You can use either the shorthand format (in expect) or the full format (in assertions).

Shorthand format

expect:
  - exists: $.content           # Path exists
  - equals: [$.id, 123]         # Exact match
  - contains: [$.tags, "active"] # Contains value
  - matches: [$.email, ".*@.*"] # Regex match

Full format

assertions:
  - type: exists
    path: $.content
  - type: equals
    path: $.id
    value: 123
  - type: latency
    maxMs: 1000

Type	Purpose	Key Fields
`schema`	Validate response structure	—
`equals`	Exact deep match	`path`, `value`
`contains`	Array/string contains	`path`, `value`
`exists`	Path exists and not null	`path`
`matches`	Regex pattern match	`path`, `pattern`
`type`	Type check	`path`, `expected`
`length`	Array/string length	`path`, `operator`, `value`
`latency`	Response time check	`maxMs`
`mimeType`	Content type check	`expected`
`expression`	Safe expression eval	`expr`

schema

Validates that the response is a valid MCP tool result (object or array with expected structure).

# Shorthand — not available, use full format
assertions:
  - type: schema

No additional fields needed. Checks that the response has content with proper structure.

equals

Exact deep comparison using JSON.stringify.

# Shorthand
expect:
  - equals: [$.id, 123]

# Full
assertions:
  - type: equals
    path: $.id
    value: 123

contains

Checks if an array includes a value or a string contains a substring.

# Shorthand
expect:
  - contains: [$.tags, "active"]

# Full
assertions:
  - type: contains
    path: $.tags
    value: "active"

exists

Checks that a JSONPath resolves to a non-null value.

# Shorthand
expect:
  - exists: $.content

# Full
assertions:
  - type: exists
    path: $.content

matches

Matches a string value against a regular expression.

# Shorthand
expect:
  - matches: [$.email, ".*@.*\\.com"]

# Full
assertions:
  - type: matches
    path: $.email
    pattern: ".*@.*\\.com"

type

Checks the JavaScript type of a value at the given path.

assertions:
  - type: type
    path: $.count
    expected: number   # string, number, boolean, object, array

length

Checks the length of an array or string using a comparison operator.

assertions:
  - type: length
    path: $.items
    operator: gt    # eq, gt, gte, lt, lte
    value: 0

latency

Asserts that the tool call completed within the specified time.

assertions:
  - type: latency
    maxMs: 1000   # milliseconds

expression

Evaluates a safe expression using the expr-eval library. This is not arbitrary code — only comparisons, logical operators, math, property access, and array indexing are available.

assertions:
  - type: expression
    expr: "response.items.length > 0 and response.total == response.items.length"

Available: ==, !=, >, <, and, or, not, in, property access, array indexing, basic math.

NOT available: Function definitions, loops, require, file access, eval.

mcpspec test

Run a test collection.

mcpspec test [collection]

Option	Description	Default
`[collection]`	Path to collection YAML	`mcpspec.yaml`
`--env <name>`	Environment to use	defaultEnvironment
`--tag <tags...>`	Filter tests by tag (repeatable)	—
`--parallel <n>`	Parallel test execution	1 (sequential)
`--reporter <type>`	console, json, junit, html, tap	console
`--output <path>`	Output file for results	—
`--ci`	CI mode (no colors, structured output)	false
`--baseline <name>`	Compare against named baseline	—
`--watch`	Re-run on file changes (300ms debounce)	false

# Run with tags and parallel
mcpspec test --tag smoke --parallel 4

# CI mode with JUnit output
mcpspec test --ci --reporter junit --output results.xml

# Compare against baseline
mcpspec test --baseline main

mcpspec inspect

Interactive REPL for exploring an MCP server.

mcpspec inspect <server>

REPL commands:

Command	Description
`.tools`	List all available tools
`.resources`	List all available resources
`.call <tool> <json>`	Call a tool with JSON arguments
`.schema <tool>`	Display tool's input JSON Schema
`.info`	Show server info (name, version, capabilities)
`.help`	Show help
`.exit`	Disconnect and exit

mcpspec inspect "npx -y @modelcontextprotocol/server-filesystem /tmp"
# > .tools
# > .call read_file {"path": "/tmp/test.txt"}
# > .schema read_file
# > .exit

mcpspec record

Record, list, replay, and delete inspector sessions.

mcpspec record start <server>           # Record a session
mcpspec record list                      # List saved recordings
mcpspec record replay <name> <server>   # Replay and diff
mcpspec record delete <name>             # Delete a recording

During a recording session, use the same REPL commands as inspect plus:

.steps — Show recorded steps so far
.save <name> — Save recording and exit

Recordings are stored in ~/.mcpspec/recordings/.

mcpspec mock

Start a mock MCP server from a recording, or generate a standalone file.

mcpspec mock <recording> [options]

Option	Description	Default
`--mode <mode>`	`match` or `sequential`	`match`
`--latency <ms>`	Response delay: `0`, milliseconds, or `original`	`0`
`--on-missing <behavior>`	`error` or `empty`	`error`
`--generate <path>`	Generate standalone `.js` file	—

# Start mock server (stdin/stdout)
mcpspec mock my-api

# Tape/cassette style matching
mcpspec mock my-api --mode sequential

# Simulate original response timing
mcpspec mock my-api --latency original

# Generate standalone .js file (only requires @modelcontextprotocol/sdk)
mcpspec mock my-api --generate ./mocks/server.js
node ./mocks/server.js

mcpspec audit

Run a security scan against an MCP server.

mcpspec audit <server> [options]

Option	Description	Default
`--mode <mode>`	`passive`, `active`, or `aggressive`	`passive`
`--acknowledge-risk`	Skip confirmation for active/aggressive	false
`--fail-on <severity>`	Exit code 6 if findings at: info, low, medium, high, critical	—
`--rules <rules...>`	Only run specific rules	all
`--exclude-tools <tools...>`	Skip specific tools	—
`--dry-run`	Preview targets without scanning	false

# Passive scan (safe for production)
mcpspec audit "npx my-server"

# Active scan with CI gate
mcpspec audit "npx my-server" --mode active --acknowledge-risk --fail-on medium

# Preview what would be scanned
mcpspec audit "npx my-server" --dry-run

mcpspec score

Calculate the MCP Score (0–100 quality rating) for a server.

mcpspec score <server> [options]

Option	Description	Default
`--badge <path>`	Output shields.io-style SVG badge	—
`--min-score <n>`	Fail if below threshold	—

mcpspec score "npx my-server"
mcpspec score "npx my-server" --badge ./badge.svg --min-score 80

mcpspec bench

Run performance benchmarks against a server.

mcpspec bench <server> [options]

Option	Description	Default
`--iterations <n>`	Number of iterations	100
`--tool <name>`	Tool to benchmark	first available
`--args <json>`	JSON arguments for tool call	`{}`
`--timeout <ms>`	Timeout per call	30000
`--warmup <n>`	Warmup iterations (excluded from results)	5

mcpspec bench "npx my-server" --iterations 200 --tool echo --args '{"message":"test"}'

Output includes: min, max, mean, median, P95, P99, standard deviation, and throughput (calls/sec).

mcpspec docs

Auto-generate documentation from server introspection.

mcpspec docs <server> [options]

Option	Description	Default
`--format <type>`	`markdown` or `html`	markdown
`--output <dir>`	Output directory	current dir

mcpspec docs "npx my-server" --format html --output ./docs

mcpspec compare & baseline

Compare test runs and manage baselines for regression detection.

# Save current results as a baseline
mcpspec baseline save main

# List saved baselines
mcpspec baseline list

# Compare two runs
mcpspec compare <run1> <run2>

# Compare against a baseline
mcpspec compare --baseline main

mcpspec init

Scaffold a new MCPSpec project with an interactive wizard or template.

mcpspec init [directory] --template <minimal|standard|full>

Templates:

minimal — Basic 3-test collection
standard — Full-featured with assertions and error handling
full — Comprehensive with environments, extraction, tags, multiple tests

mcpspec ci-init

Generate CI/CD pipeline configuration.

mcpspec ci-init [options]

Option	Description	Default
`--platform <type>`	`github`, `gitlab`, or `shell`	auto-detect
`--collection <path>`	Path to collection file	—
`--server <command>`	Server command	—
`--checks <list>`	Comma-separated: test, audit, score, bench	test
`--fail-on <severity>`	Audit severity gate	—
`--min-score <n>`	Minimum MCP Score threshold	—
`--force`	Overwrite existing files	false

# Interactive wizard
mcpspec ci-init

# Non-interactive
mcpspec ci-init --platform github --checks test,audit,score --fail-on medium --min-score 80

Auto-detects platform from .github/ or .gitlab-ci.yml. GitLab --force surgically replaces only the mcpspec job block.

mcpspec ui

Launch the web dashboard.

mcpspec ui [options]

Option	Description	Default
`-p, --port <port>`	Port to listen on	6274
`--host <host>`	Host to bind to	127.0.0.1
`--no-open`	Do not auto-open browser	—

The UI includes 10 pages: Dashboard, Servers, Collections, Runs, Inspector, Recordings, Audit, Benchmark, Docs, and Score. Features dark mode and real-time WebSocket updates.

Recording & Replay

Record an inspector session, save it, and replay it later against a new server version to catch regressions.

Full workflow

# 1. Start a recording session
mcpspec record start "npx my-server"

# 2. Interact with the server (REPL)
# > .call get_user {"id": "1"}
# > .call list_items {}
# > .call create_item {"name": "test"}

# 3. Save the recording
# > .save my-api

# 4. List recordings
mcpspec record list

# 5. Replay against a new version — diffs results step-by-step
mcpspec record replay my-api "npx my-server-v2"

Replay output

Replaying 3 steps...

1/3 get_user (id=1)... [OK] 42ms → {"name": "Alice"}

2/3 list_items... [CHANGED] 38ms

3/3 create_item (name=test)... [OK] 51ms → {"id": "abc"}

Summary: 2 matched, 1 changed, 0 added, 0 removed

Use cases

Regression detection — replay before every release
Migration testing — replay against a new server implementation
API contract validation — ensure responses haven't changed

Mock Servers

Generate a mock MCP server from any recording. Mock servers communicate via stdio and are drop-in replacements for real servers in CI, offline development, and testing.

Match mode (default)

Looks up responses by exact input match first. If no exact match, falls back to the next queued response for that tool.

mcpspec mock my-api

Sequential mode

Tape/cassette style — responses are served in the order they were recorded, regardless of input.

mcpspec mock my-api --mode sequential

Latency simulation

mcpspec mock my-api --latency original   # Simulate real timing
mcpspec mock my-api --latency 100        # Fixed 100ms delay

Standalone file generation

Generate a standalone .js file that can be committed to your repo. The generated file only requires @modelcontextprotocol/sdk as a runtime dependency.

mcpspec mock my-api --generate ./mocks/server.js
node ./mocks/server.js

Missing tool behavior

mcpspec mock my-api --on-missing error   # Return error (default)
mcpspec mock my-api --on-missing empty   # Return empty content

Security Audit

MCPSpec includes 8 security rules, including LLM-specific threats like Tool Poisoning and Excessive Agency.

Security rules

Rule	Mode	Detects
Tool Poisoning	passive	LLM prompt injection in descriptions, hidden Unicode (zero-width, bidirectional), cross-tool manipulation, embedded code, overly long descriptions
Excessive Agency	passive	Destructive tools without confirmation params, arbitrary code/command params, overly broad schemas, missing descriptions
Path Traversal	passive	`../../etc/passwd` style directory escape attacks
Input Validation	passive	Missing constraints (enum, pattern, min/max) on tool inputs
Info Disclosure	passive	Leaked paths, stack traces, API keys in tool descriptions
Resource Exhaustion	active	Unbounded loops, large allocations
Auth Bypass	active	Missing auth checks, hardcoded credentials
Injection	active	SQL and command injection in tool inputs

Scan modes

Passive (5 rules) — Analyzes metadata only. No tool calls. Safe for production.
Active (8 rules) — Sends test payloads. Requires confirmation. Auto-skips destructive tools.
Aggressive (8 rules) — More exhaustive probing. Requires confirmation.

Confirmation flow

Active and aggressive modes display a warning and require explicit confirmation:

⚠️ SECURITY SCAN WARNING

This sends potentially harmful payloads.

NEVER run against production systems!

Is this a TEST environment? [y/N]

Use --acknowledge-risk to skip the prompt (for CI).

Each finding includes severity, evidence, and remediation advice.

MCP Score

The MCP Score rates server quality from 0 to 100 across 5 weighted categories:

Category	Weight	What it measures
Documentation	25%	Tool descriptions, parameter docs, resource docs
Schema Quality	25%	Input schema completeness and correctness
Error Handling	20%	Graceful error responses, proper error codes
Responsiveness	15%	Response latency for tool calls
Security	15%	Results from passive security scan

Schema quality sub-criteria

Criterion	Weight
Structure (proper object type)	20%
Property types defined	20%
Property descriptions	20%
Required fields specified	15%
Constraints (enum, pattern, min/max)	15%
Naming conventions (camelCase)	10%

Score ranges

80–100 green — Excellent quality
60–79 yellow — Acceptable, improvements recommended
< 60 red — Significant issues

Badge generation

mcpspec score "npx my-server" --badge ./mcp-score.svg

Generates a shields.io-style SVG badge for your README.

CI/CD Integration

Use mcpspec ci-init to generate pipeline configurations, or use these examples directly.

GitHub Actions

name: MCP Server Tests
on: [push, pull_request]

jobs:
  mcpspec:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '22'
      - run: npm install -g mcpspec

      - name: Run tests
        run: mcpspec test --ci --reporter junit --output results.xml

      - name: Security audit
        run: mcpspec audit "npx my-server" --mode passive --fail-on high

      - name: Quality gate
        run: mcpspec score "npx my-server" --min-score 80

      - uses: mikepenz/action-junit-report@v4
        if: always()
        with:
          report_paths: results.xml

GitLab CI

mcpspec:
  image: node:22
  stage: test
  script:
    - npm install -g mcpspec
    - mcpspec test --ci --reporter junit --output results.xml
    - mcpspec audit "npx my-server" --mode passive --fail-on high
  artifacts:
    when: always
    paths:
      - results.xml
    reports:
      junit: results.xml
    expire_in: 1 week

Exit codes for pipeline gating

Code	Meaning
`0`	Success
`1`	Test failure
`2`	Runtime error
`3`	Config error
`4`	Connection error
`5`	Timeout
`6`	Security findings above threshold
`7`	Validation error
`130`	Interrupted (Ctrl+C)

Pre-commit hook

#!/bin/bash
# .git/hooks/pre-commit
if git diff --cached --name-only | grep -q "collections/.*\.yaml$"; then
  mcpspec test $(git diff --cached --name-only | grep "collections/.*\.yaml$")
fi

Transports

MCPSpec supports three transport types for communicating with MCP servers:

stdio (default)

MCPSpec spawns the server as a child process and communicates via stdin/stdout. This is the most common transport and works with any server that reads from stdin and writes to stdout.

# Shorthand
server: npx my-server /tmp

# Explicit
server:
  transport: stdio
  command: npx
  args: ["my-server", "/tmp"]
  env:
    NODE_ENV: test

SSE (Server-Sent Events)

Connects to an already-running server via SSE. Useful for remote servers or servers started independently.

server:
  transport: sse
  url: http://localhost:3000/sse

Streamable HTTP

The newer HTTP-based transport for MCP servers.

server:
  transport: streamable-http
  url: http://localhost:3000/mcp

When to use each

Transport	Use when
`stdio`	Testing local servers, CI pipelines, most common
`sse`	Server is already running, remote testing
`streamable-http`	Modern HTTP-based MCP servers

Collection Schema

Complete field reference for collection YAML files.

# Top-level fields
schemaVersion: "1.0"            # Optional, currently "1.0"
name: string                    # Required — collection name
description: string             # Optional
server: string | ServerConfig   # Required — see Server Configuration
environments:                   # Optional — named variable sets
  <name>:
    variables:
      <key>: <value>
defaultEnvironment: string      # Optional
tests:                          # Required — at least 1 test
  - id: string                  # Optional — unique identifier
    name: string                # Required — display name
    tags: string[]              # Optional — for --tag filtering
    timeout: number             # Optional — ms, default 30000
    retries: number             # Optional — retry on error
    type: tool                  # Optional — default "tool"
    call: string                # Tool name to invoke
    tool: string                # Alias for call
    with: object                # Tool input arguments
    input: object               # Alias for with
    expect: Shorthand[]         # Shorthand assertions
    assertions: Assertion[]     # Full assertions
    expectError: boolean        # Expect error response
    extract:                    # Optional — extract variables
      - name: string
        path: string            # JSONPath

# ServerConfig object
server:
  name: string                  # Optional
  transport: stdio|sse|streamable-http  # Default: stdio
  command: string               # For stdio
  args: string[]                # For stdio
  url: string                   # For SSE/HTTP
  env: Record<string, string>  # Environment variables
  timeouts:
    connect: number             # Connection timeout (ms)
    call: number                # Call timeout (ms)

# Assertion object
assertions:
  - type: schema|equals|contains|exists|matches|type|length|latency|mimeType|expression
    path: string                # JSONPath (for value assertions)
    value: any                  # Expected value
    expected: any               # Expected type or mime type
    pattern: string             # Regex pattern
    maxMs: number               # Max latency
    operator: eq|gt|gte|lt|lte  # For length
    expr: string                # Safe expression

Exit Codes

Code	Constant	Meaning
`0`	`SUCCESS`	All tests passed / operation successful
`1`	`TEST_FAILURE`	One or more tests failed
`2`	`ERROR`	Runtime error (unexpected crash)
`3`	`CONFIG_ERROR`	Invalid collection YAML or configuration
`4`	`CONNECTION_ERROR`	Could not connect to server
`5`	`TIMEOUT`	Operation timed out
`6`	`SECURITY_FINDINGS`	Security findings above `--fail-on` threshold
`7`	`VALIDATION_ERROR`	Input validation failed
`130`	`INTERRUPTED`	Interrupted by user (Ctrl+C)

Configuration

Timeout defaults

Setting	Default
Test timeout	30,000ms
MCP call timeout	25,000ms
Transport timeout	20,000ms
Assertion timeout	5,000ms
Cleanup timeout	5,000ms

Rate limiting defaults

Setting	Default
Max calls/second	10
Max concurrent	5
Backoff initial	1,000ms
Backoff multiplier	2x
Backoff max	30,000ms

Environment variables

Variable	Purpose
`MCPSPEC_REMOTE_ACCESS`	Set to `true` to allow non-localhost access to UI server
`MCPSPEC_TOKEN`	Authentication token when remote access is enabled

Troubleshooting

Connection Timeout

If you see Connection Timed Out:

Verify the server command is correct and the server starts successfully
Check that the server binary/package is installed (npx may need -y)
Increase the timeout: mcpspec test --timeout 60000
Try running the server command directly to see if it outputs errors

YAML Parse Errors

MCPSpec uses FAILSAFE_SCHEMA which treats all values as strings
Numbers and booleans are automatically coerced from strings
Ensure proper YAML indentation (use spaces, not tabs)
Quote strings containing special characters: path: "{{baseDir}}/file.txt"

Process Cleanup

MCPSpec registers cleanup handlers for SIGINT, SIGTERM, and uncaught exceptions. If a server process gets stuck:

Press Ctrl+C to trigger graceful shutdown
If that fails, MCPSpec sends SIGKILL after the grace period
Check for orphaned processes: ps aux | grep "my-server"

Common Mistakes

Missing -y flag with npx — Use npx -y to auto-install packages without prompting
Wrong tool name — Use mcpspec inspect to see available tools, then use .tools in the REPL
Expression assertion syntax — Use and/or instead of &&/|| in expression assertions
Tag with/without @ — Both --tag smoke and --tag @smoke work identically

MCPSpec — MIT License — GitHub — npm