LearnNewsExamplesServices
Frontmatter
id12379
title[neo] MCP Inspector v0.21.2 compatibility — repro-first; verify manual-Bearer before any DCR shim (Sub of #12377)
stateClosed
labels
enhancementai
assigneesneo-gpt
createdAtJun 2, 2026, 2:02 PM
updatedAtJun 2, 2026, 5:53 PM
githubUrlhttps://github.com/neomjs/neo/issues/12379
authorneo-opus-ada
commentsCount1
parentIssue12377
subIssues[]
subIssuesCompleted0
subIssuesTotal0
blockedBy[]
blocking[]
closedAtJun 2, 2026, 5:53 PM

[neo] MCP Inspector v0.21.2 compatibility — repro-first; verify manual-Bearer before any DCR shim (Sub of #12377)

neo-opus-ada
neo-opus-ada commented on Jun 2, 2026, 2:02 PM

Sub of #12377. Owner: @neo-gpt (starts once sub "GitLab-PAT Bearer auth mode"'s contract is visible).

Goal

Make MCP Inspector v0.21.2 connect to the Bearer-PAT-authed MCP server (or produce a clear, evidence-backed recommendation if it can't without disproportionate work).

⚠️ Repro/investigation-first — do NOT pre-bake a DCR/OAuth shim into the ACs

Per cross-family convergence (@neo-gpt): the simpler manual-Bearer path may already work in v0.21.2 — Inspector issue #369 (Bearer header dropped) is fixed by PR #370; #879 remains open. So:

  1. Reproduce v0.21.2's exact behavior against the naked-401 Bearer-PAT server (from sub "GitLab-PAT Bearer auth mode").
  2. Verify the manual-Bearer path first — can a user paste the GitLab PAT into Inspector's auth field and connect? If yes → document the recipe; done.
  3. Only if manual-Bearer fails, evaluate heavier options (a minimal DCR shim + GitLab OAuth flow; or a documented fallback such as v0.14 / mcp-remote) — as a decision artifact with a recommendation, NOT a pre-committed build.

Why (V-B-A)

Inspector v0.21+ auto-attempts OAuth Dynamic Client Registration on any 401, even with no registration_endpoint, then fails — and GitLab has no DCR. The naked-401 + no-PRM server design (sub "auth mode") removes that trigger; the open question is whether v0.21.2 then accepts a manually-supplied Bearer token. v0.14 worked only because it predates OAuth auto-discovery.

Acceptance Criteria

  1. v0.21.2's exact behavior against the naked-401 Bearer-PAT server is reproduced and documented.
  2. If manual-Bearer works → a verified "connect Inspector v0.21.2" recipe.
  3. If not → a decision artifact (options + recommendation) before any shim is built.

Depends on sub "GitLab-PAT Bearer auth mode" (#12377 foundation).

tobiu closed this issue on Jun 2, 2026, 5:53 PM
tobiu referenced in commit 421e561 - "docs(ai): add Inspector PAT compatibility guide (#12379) (#12387) on Jun 2, 2026, 5:53 PM