A visual testing and debugging developer tool for MCP servers, supporting both Web UI and CLI modes with stdio, SSE, and streamable-http transport protocols.
MCP Inspector is an MCP server debugging tool released by the official Model Context Protocol organization. The project adopts a Monorepo architecture consisting of three sub-packages: a React frontend (MCPI), a Node.js proxy service (MCPP), and a command-line tool (CLI). The proxy service serves as the core hub, acting as both an MCP client and an HTTP server to expose target MCP server capabilities—tools, resources, and prompts—through a unified Web interface or command line to developers.
The tool supports seamless switching between stdio, SSE, and streamable-http transport protocols, covering both local process and remote server scenarios without changing tools. The Web UI provides real-time interactive debugging with one-click server configuration export to clients like Cursor and Claude Code. The CLI mode supports single invocations with specified methods and parameters, facilitating integration into CI/CD pipelines or pairing with coding assistants.
On the security side, the tool binds to localhost by default and implements multiple protection layers including random session token-based proxy authentication, SSE Bearer Token authentication, and Origin header validation (DNS Rebinding prevention). It supports managing multiple server connections via mcp.json configuration files, with environment variables and URL query parameters providing flexible runtime configuration. An official Docker image is available for containerized deployment.
Quick Start:
npx @modelcontextprotocol/inspector
Access at http://localhost:6274 after launch.
CLI Mode:
npx @modelcontextprotocol/inspector --cli node build/index.js --method tools/call --tool-name mytool --tool-arg key=value
Key Environment Variables: CLIENT_PORT (default 6274), SERVER_PORT (default 6277), HOST (default localhost), MCP_AUTO_OPEN_ENABLED (default true).
Note: A known security vulnerability CVE-2025-49596 affects earlier versions; whether the current version (0.21.2) has addressed it requires further confirmation. The project is currently in a transition period from MIT to Apache-2.0 licensing.