🚀 [FEATURE] Advanced MCP Probe Capabilities: Auth, Stress Testing & Advanced Protocol Support

[conikeec]

🚀 [FEATURE] Advanced MCP Probe Capabilities: Auth, Stress Testing & Advanced Protocol Support

🎯 Feature Summary

Enhance MCP Probe with three critical enterprise-grade capabilities: OAuth/Bearer token authentication, comprehensive stress testing tools, and advanced MCP protocol features (subscriptions & pagination).

💡 Motivation

As MCP adoption grows in production environments, MCP Probe needs to support:

• Enterprise Security: Many production MCP servers require OAuth2/Bearer token authentication
• Performance Validation: Teams need to validate MCP server performance under load
• Advanced Protocol Features: MCP protocol supports subscriptions and pagination that aren't yet supported in the debugger

📋 Detailed Description

1. 🔐 OAuth Bearer Token & Authorization Support

Add comprehensive authentication support for production MCP deployments:

Authentication Methods:

• Bearer Token authentication (Authorization: Bearer <token>)
• OAuth2 client credentials flow
• OAuth2 authorization code flow (with PKCE)
• Custom header-based authentication
• Environment variable token injection

Configuration:

# Bearer token
mcp-probe debug --http-sse https://api.example.com --auth-bearer "your-token-here"

# OAuth2 client credentials
mcp-probe debug --http-sse https://api.example.com --oauth-client-id "client123" --oauth-client-secret "secret456" --oauth-token-url "https://auth.example.com/token"

# Environment variable
export MCP_AUTH_TOKEN="your-token"
mcp-probe debug --http-sse https://api.example.com --auth-env MCP_AUTH_TOKEN

# Custom headers
mcp-probe debug --http-sse https://api.example.com --auth-header "X-API-Key: key123"

2. 🏋️ Stress Testing & Performance Analysis

Build comprehensive load testing capabilities directly into MCP Probe:

Stress Test Features:

• Concurrent connection testing
• Tool execution load testing
• Resource subscription stress tests
• Memory leak detection
• Response time analysis under load
• Connection stability testing

Stress Test Configuration:

# Basic load test
mcp-probe stress --http-sse https://api.example.com --concurrent 50 --duration 5m --tool "math.add_numbers"

# Advanced stress test
mcp-probe stress \
  --http-sse https://api.example.com \
  --concurrent 100 \
  --ramp-up 10s \
  --duration 10m \
  --scenarios stress-test-config.yaml \
  --report-file stress-report.json

Stress Test Scenarios (YAML):

scenarios:
  - name: "Tool Execution Load"
    weight: 60%
    actions:
      - tool: "github.list_repos"
        params: {"org": "microsoft"}
        frequency: "100/min"
  
  - name: "Resource Access"
    weight: 30%
    actions:
      - resource: "readme_content"
        frequency: "50/min"
  
  - name: "Subscription Test"
    weight: 10%
    actions:
      - subscribe: "resource_updates"
        duration: "5m"

3. 📡 Subscription & Pagination Support

Implement advanced MCP protocol features for real-world server testing:

Subscription Features:

• Resource change subscriptions
• Tool update notifications
• Prompt change monitoring
• Real-time event streaming
• Subscription lifecycle management

Pagination Support:

• Large resource list pagination
• Tool result pagination
• Search result pagination
• Cursor-based pagination
• Offset-based pagination

TUI Enhancements:

┌─────────────────────────────────────────────────────────────────────────────────┐
│ 📡 SUBSCRIPTIONS                    📄 PAGINATED RESULTS                        │
├─────────────────────────────────────────────────────────────────────────────────┤
│ 🟢 resource_updates (3 events)     ┌─ Tools (Page 2 of 15) ────────────────┐   │
│ 🟡 tool_changes (pending)          │ 21. github.create_repo                 │   │
│ 🔴 prompt_updates (error)          │ 22. github.delete_repo                 │   │
│                                     │ 23. github.list_branches               │   │
│ [S] Subscribe  [U] Unsubscribe      │ 24. github.create_branch               │   │
│                                     │ 25. github.merge_pr                    │   │
│                                     │ ...                                     │   │
│                                     │ [←] Prev  [→] Next  [J] Jump to Page   │   │
│                                     └─────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────────────────────────┘

✅ Acceptance Criteria

Authentication

• Bearer token authentication working with major OAuth providers
• OAuth2 client credentials flow implementation
• Environment variable token injection
• Custom header authentication support
• Token refresh handling for long-running sessions
• Secure token storage (no logging of secrets)

Stress Testing

• Concurrent connection testing (up to 1000 connections)
• Configurable load test scenarios via YAML
• Real-time performance metrics dashboard
• Comprehensive test reports (JSON/HTML)
• Memory leak detection and reporting
• Response time percentile analysis (P50, P95, P99)
• Connection failure rate monitoring

Subscriptions & Pagination

• Resource change subscription implementation
• Tool/Prompt update subscriptions
• Real-time event display in TUI
• Subscription management (subscribe/unsubscribe)
• Cursor-based pagination support
• Offset-based pagination support
• Large dataset navigation (1000+ items)
• Search result pagination

🔧 Implementation Considerations

Technical Architecture

• Authentication: Extend transport layer with auth middleware
• Stress Testing: New stress subcommand with dedicated engine
• Subscriptions: WebSocket/SSE event handling enhancement
• Pagination: Enhanced UI components for large datasets

Dependencies

• OAuth2 libraries: oauth2 crate
• Stress testing: tokio async concurrency + hdrhistogram for metrics
• WebSocket subscriptions: Enhanced tokio-tungstenite usage
• UI pagination: Extended ratatui table components

Configuration

[auth]
default_method = "bearer"
token_refresh_threshold = 300  # 5 minutes

[stress_test]
max_concurrent = 1000
default_duration = "5m"
report_format = ["json", "html"]

[subscriptions]
auto_reconnect = true
max_reconnect_attempts = 5
heartbeat_interval = 30

📖 Documentation Impact

• New authentication section in README
• Stress testing guide with examples
• Subscription management documentation
• Performance tuning recommendations
• Enterprise deployment guide

🧪 Testing Requirements

• Unit tests for all auth methods
• Integration tests with mock OAuth servers
• Stress test validation against known servers
• Subscription event simulation tests
• Pagination edge case testing

📱 UI/UX Impact

• New auth configuration in TUI settings
• Stress test dashboard with real-time metrics
• Subscription management panel
• Improved navigation for large datasets
• Progress indicators for long-running operations

🔗 Related Issues

• Performance optimization (#TBD)
• Enterprise deployment guide (#TBD)
• WebSocket transport improvements (#TBD)

📎 Additional Context

Priority Order

1. Authentication (High) - Blocking for enterprise adoption
2. Pagination (Medium) - Essential for large deployments
3. Stress Testing (Medium) - Important for production validation
4. Subscriptions (Low) - Advanced feature for real-time scenarios

Milestone Targets

• v0.2.0: Authentication + Basic pagination
• v0.3.0: Stress testing capabilities
• v0.4.0: Full subscription support

Performance Targets

• Support 1000+ concurrent connections
• Handle paginated results with 10k+ items
• Sub-100ms authentication overhead
• Real-time subscription event processing