Fix: mcp config: readd support for file secrets

[malikwirin]

Problem

MCP servers that require secrets (e.g. API tokens) currently rely on environment variable expansion via $(echo $VAR) syntax, which spawns a shell process. This makes it cumbersome to use file-based secret management tools like sops, systemd credentials, or Docker secrets.

Closes #2334

Solution

Adds a new env_files field to MCPConfig that maps environment variable names to file paths. Crush reads the file contents at startup and injects them as environment variables when spawning the MCP server process

{
  "mcp": {
    "codeberg": {
      "type": "stdio",
      "command": "/path/to/forgejo-mcp",
      "args": ["transport", "stdio", "--url", "https://codeberg.org"],
      "env_files": {
        "FORGEJO_ACCESS_TOKEN": "/run/secrets/codeberg_token"
      }
    }
  }
}

Changes

• Adds EnvFiles map[string]string to MCPConfig in config.go
• Adds resolveEnvFiles() helper that reads file contents and trims trailing newlines
• Extends MCPConfig.ResolvedEnv() to merge env and env_files
• Documents the new field in README.md with a usage example
• Adds tests for parsing, resolution, missing files, and duplicate key behavior

Notes

If the same variable is set in both env and env_files, both entries will be present in the resulting slice. The last-wins behavior of os/exec means env_files takes precedence in practice. This is documented via TestMCPConfig_ResolvedEnv_DuplicateKeyEnvWins.

• I have read CONTRIBUTING.md.
• I have created a discussion that was approved by a maintainer (for new features).

[charmcli]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[malikwirin]

I have read the Contributor License Agreement (CLA) and hereby sign the CLA.

[malikwirin]

Currently getting the following error in real tests

2026/03/24 19:03:00 ERRO Error reading env file error="open /tmp/test-token: no such file or directory" path=/tmp/test-token source=github.com/charmbracelet/crush/internal/config/config.go:659 variable=MY_TOKEN

[malikwirin]

Currently getting the following error in real tests

2026/03/24 19:03:00 ERRO Error reading env file error="open /tmp/test-token: no such file or directory" path=/tmp/test-token source=github.com/charmbracelet/crush/internal/config/config.go:659 variable=MY_TOKEN

No this error happened because my crush config was cached inside .crush.

Everything worked out great. Was validating everything somewhat like this:

mkdir ~/crush-test && cd ~/crush-test
echo "my-test-token" > ~/test-token

cat > print-env.sh <<'EOF'
#!/usr/bin/env bash
env | grep MY_TOKEN >> ~/crush-test/mcp-env.log 2>&1
sleep 10
EOF
chmod +x print-env.sh

cat > crush.json <<'EOF'
{
  "mcp": {
    "test-server": {
      "type": "stdio",
      "command": "/home/malik/crush-test/print-env.sh",
      "env_files": {
        "MY_TOKEN": "/home/malik/test-token"
      }
    }
  }
}
EOF

cat ./mcp-env.log
MY_TOKEN=my-test-token

[andreynering]

Hi @malikwirin,

I actually think that the right approach is to actually to restore the shell expansion functionality we had before, and not add env_files.

Do you agree? A separate PR with that would be welcome.

[malikwirin]

Hi @malikwirin,

I actually think that the right approach is to actually to restore the shell expansion functionality we had before, and not add env_files.

Do you agree? A separate PR with that would be welcome.

I think the shell expansion functionality has been dropped for security reasons? Can you maybe point me to the PRs that introduced the regression?