API Testing MCP

Overview Schema Related Servers Score Discussions

env_get

Fetch environment variables for API testing; sensitive values are masked by default, but you can request a specific variable to see its full value.

Instructions

Obtiene una variable específica o todas las variables de un entorno. Los valores sensibles (token, password, secret, api_key...) se enmascaran por defecto. Pide una variable por nombre para ver su valor completo.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`key`	No	Variable específica. Si se omite, retorna todas
`environment`	No	Entorno a consultar (default: entorno activo)

Implementation Reference

src/tools/environment.ts:169-254 (handler)

The env_get tool handler: retrieves variables from an environment. If 'key' is specified, returns its full value (unmasked). If no key, returns all variables with sensitive values masked via maskVariables(). Uses the active environment if none specified.

// ── env_get ──
server.tool(
  'env_get',
  'Obtiene una variable específica o todas las variables de un entorno. Los valores sensibles (token, password, secret, api_key...) se enmascaran por defecto. Pide una variable por nombre para ver su valor completo.',
  {
    key: z
      .string()
      .optional()
      .describe('Variable específica. Si se omite, retorna todas'),
    environment: z
      .string()
      .optional()
      .describe('Entorno a consultar (default: entorno activo)'),
  },
  async (params) => {
    try {
      const envName = params.environment ?? (await storage.getActiveEnvironment())

      if (!envName) {
        return {
          content: [
            {
              type: 'text' as const,
              text: 'No hay entorno activo. Usa env_switch para activar uno.',
            },
          ],
          isError: true,
        }
      }

      const env = await storage.getEnvironment(envName)
      if (!env) {
        return {
          content: [
            { type: 'text' as const, text: `Entorno '${envName}' no encontrado` },
          ],
          isError: true,
        }
      }

      // Variable específica: mostrar valor completo (sin enmascarar)
      if (params.key) {
        const value = env.variables[params.key]
        if (value === undefined) {
          return {
            content: [
              {
                type: 'text' as const,
                text: `Variable '${params.key}' no encontrada en entorno '${envName}'`,
              },
            ],
            isError: true,
          }
        }
        return {
          content: [
            {
              type: 'text' as const,
              text: JSON.stringify({ key: params.key, value, environment: envName }, null, 2),
            },
          ],
        }
      }

      // Todas las variables: enmascarar sensibles
      return {
        content: [
          {
            type: 'text' as const,
            text: JSON.stringify(
              { environment: envName, variables: maskVariables(env.variables) },
              null,
              2,
            ),
          },
        ],
      }
    } catch (error) {
      const message = error instanceof Error ? error.message : String(error)
      return {
        content: [{ type: 'text' as const, text: `Error: ${message}` }],
        isError: true,
      }
    }
  },
)

src/tools/environment.ts:174-182 (schema)

Schema definition for env_get: accepts optional 'key' (specific variable name) and optional 'environment' (target env name, defaults to active).

  key: z
    .string()
    .optional()
    .describe('Variable específica. Si se omite, retorna todas'),
  environment: z
    .string()
    .optional()
    .describe('Entorno a consultar (default: entorno activo)'),
},

src/server.ts:64-64 (registration)
Registration of the environment tools (including env_get) via registerEnvironmentTools() called in the server setup.
```
registerEnvironmentTools(server, storage)
```

src/lib/storage.ts:14-36 (helper)

Helper functions used by env_get: maskVariables() masks sensitive variables when returning all variables. maskSensitiveValue() checks key against SENSITIVE_PATTERNS regex.

const SENSITIVE_PATTERNS =
  /^(token|password|passwd|secret|api_key|apikey|api[-_]?secret|auth|credential|pat|app_password|access_token|refresh_token)$/i

/** Enmascara un valor si el nombre de la variable indica que es sensible */
export function maskSensitiveValue(
  key: string,
  value: string,
): string {
  if (!SENSITIVE_PATTERNS.test(key)) return value
  if (value.length <= 12) return '***'
  return `${value.slice(0, 4)}...${value.slice(-4)}`
}

/** Enmascara todas las variables sensibles de un objeto */
export function maskVariables(
  variables: Record<string, string>,
): Record<string, string> {
  const masked: Record<string, string> = {}
  for (const [key, value] of Object.entries(variables)) {
    masked[key] = maskSensitiveValue(key, value)
  }
  return masked
}

Tool Definition Quality

A4.4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden; it discloses that sensitive values are masked by default and that specifying a variable shows the full value, though it omits details like authentication or rate limits.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences that are front-loaded with purpose and behavioral nuance, with no wasted words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple read tool with two parameters and no output schema, the description covers core functionality and key behavioral trait (masking), but could add return value details.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, baseline 3; description adds value by explaining masking behavior and reinforcing the semantic of the 'key' parameter's optionality.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool retrieves a specific variable or all variables from an environment, with a distinct read-only purpose compared to sibling tools like env_set or env_delete.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

It explains when to request a specific variable to see its full value, and the context implies read-only use, but it does not explicitly exclude other scenarios or name alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cocaxcode/api-testing-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server