fix: swarmLeave timeout, secretCreate/configCreate stdin support, network error regex

- Bump swarmLeave timeout from 30s to 120s (swarm leave can take 60s+)

- Add inline data param to secretCreate and configCreate via spawn/stdin

- Tighten network-not-found regex in docker-api.ts to avoid false positives

- Update input validation tests for new secret/config schemas

Made-with: Cursor

Author: TMHSDigital

mcp-server/src/tools/__tests__/input-validation.test.ts

@@ -3110,15 +3110,21 @@ describe("docker_stackConfig input validation", () => {
 describe("docker_configCreate input validation", () => {
   const schema = z.object({
     name: z.string().min(1),
-    file: z.string().min(1),
+    file: z.string().optional(),
+    data: z.string().optional(),
     labels: z.array(z.string()).optional(),
   });
 
-  it("accepts required fields", () => {
+  it("accepts with file", () => {
     const result = schema.parse({ name: "my-config", file: "/path/to/config" });
     expect(result.name).toBe("my-config");
   });
 
+  it("accepts with inline data", () => {
+    const result = schema.parse({ name: "my-config", data: "key=value" });
+    expect(result.data).toBe("key=value");
+  });
+
   it("accepts with labels", () => {
     const result = schema.parse({ name: "cfg", file: "f", labels: ["env=prod"] });
     expect(result.labels).toEqual(["env=prod"]);
@@ -3182,22 +3188,28 @@ describe("docker_configRm input validation", () => {
 describe("docker_secretCreate input validation", () => {
   const schema = z.object({
     name: z.string().min(1),
-    file: z.string().min(1),
+    file: z.string().optional(),
+    data: z.string().optional(),
     labels: z.array(z.string()).optional(),
   });
 
-  it("accepts required fields", () => {
+  it("accepts with file", () => {
     const result = schema.parse({ name: "my-secret", file: "/path/to/secret" });
     expect(result.name).toBe("my-secret");
   });
 
+  it("accepts with inline data", () => {
+    const result = schema.parse({ name: "my-secret", data: "s3cret" });
+    expect(result.data).toBe("s3cret");
+  });
+
   it("accepts with labels", () => {
     const result = schema.parse({ name: "sec", file: "f", labels: ["env=prod"] });
     expect(result.labels).toEqual(["env=prod"]);
   });
 
   it("rejects empty name", () => {
-    expect(() => schema.parse({ name: "", file: "f" })).toThrow();
+    expect(() => schema.parse({ name: "", data: "x" })).toThrow();
   });
 });
 

mcp-server/src/tools/configCreate.ts

@@ -1,24 +1,47 @@
 import { z } from "zod";
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { execDocker, errorResponse } from "../utils/docker-api.js";
+import { errorResponse } from "../utils/docker-api.js";
+import { spawn } from "node:child_process";
 
 const inputSchema = {
   name: z.string().min(1).describe("Config name"),
-  file: z.string().min(1).describe("Path to the config file"),
+  file: z.string().optional().describe("Path to the config file (omit if providing data)"),
+  data: z.string().optional().describe("Inline config value (piped via stdin)"),
   labels: z.array(z.string()).optional().describe("Labels (e.g. ['env=production'])"),
 };
 
 export function register(server: McpServer): void {
   server.tool(
     "docker_configCreate",
-    "Create a Docker Swarm config from a file",
+    "Create a Docker Swarm config from a file or inline data",
     inputSchema,
     async (args) => {
       try {
+        if (!args.file && !args.data) {
+          return errorResponse(new Error("Either 'file' or 'data' must be provided"));
+        }
+
         const cmdArgs = ["config", "create"];
         if (args.labels) for (const l of args.labels) cmdArgs.push("--label", l);
-        cmdArgs.push(args.name, args.file);
-        const output = await execDocker(cmdArgs);
+        cmdArgs.push(args.name, args.file ?? "-");
+
+        const output = await new Promise<string>((resolve, reject) => {
+          const proc = spawn("docker", cmdArgs, { stdio: ["pipe", "pipe", "pipe"] });
+          let stdout = "";
+          let stderr = "";
+          proc.stdout.on("data", (d: Buffer) => { stdout += d.toString(); });
+          proc.stderr.on("data", (d: Buffer) => { stderr += d.toString(); });
+          proc.on("error", reject);
+          proc.on("close", (code) => {
+            if (code === 0) resolve(stdout);
+            else reject(new Error(stderr || `docker config create exited with code ${code}`));
+          });
+          if (args.data) {
+            proc.stdin.write(args.data);
+          }
+          proc.stdin.end();
+        });
+
         return { content: [{ type: "text" as const, text: output.trim() || `Config '${args.name}' created` }] };
       } catch (error) {
         return errorResponse(error);

mcp-server/src/tools/secretCreate.ts

@@ -1,24 +1,47 @@
 import { z } from "zod";
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { execDocker, errorResponse } from "../utils/docker-api.js";
+import { errorResponse } from "../utils/docker-api.js";
+import { spawn } from "node:child_process";
 
 const inputSchema = {
   name: z.string().min(1).describe("Secret name"),
-  file: z.string().min(1).describe("Path to the secret file"),
+  file: z.string().optional().describe("Path to the secret file (omit if providing data)"),
+  data: z.string().optional().describe("Inline secret value (piped via stdin)"),
   labels: z.array(z.string()).optional().describe("Labels (e.g. ['env=production'])"),
 };
 
 export function register(server: McpServer): void {
   server.tool(
     "docker_secretCreate",
-    "Create a Docker Swarm secret from a file",
+    "Create a Docker Swarm secret from a file or inline data",
     inputSchema,
     async (args) => {
       try {
+        if (!args.file && !args.data) {
+          return errorResponse(new Error("Either 'file' or 'data' must be provided"));
+        }
+
         const cmdArgs = ["secret", "create"];
         if (args.labels) for (const l of args.labels) cmdArgs.push("--label", l);
-        cmdArgs.push(args.name, args.file);
-        const output = await execDocker(cmdArgs);
+        cmdArgs.push(args.name, args.file ?? "-");
+
+        const output = await new Promise<string>((resolve, reject) => {
+          const proc = spawn("docker", cmdArgs, { stdio: ["pipe", "pipe", "pipe"] });
+          let stdout = "";
+          let stderr = "";
+          proc.stdout.on("data", (d: Buffer) => { stdout += d.toString(); });
+          proc.stderr.on("data", (d: Buffer) => { stderr += d.toString(); });
+          proc.on("error", reject);
+          proc.on("close", (code) => {
+            if (code === 0) resolve(stdout);
+            else reject(new Error(stderr || `docker secret create exited with code ${code}`));
+          });
+          if (args.data) {
+            proc.stdin.write(args.data);
+          }
+          proc.stdin.end();
+        });
+
         return { content: [{ type: "text" as const, text: output.trim() || `Secret '${args.name}' created` }] };
       } catch (error) {
         return errorResponse(error);

mcp-server/src/tools/swarmLeave.ts

@@ -15,7 +15,7 @@ export function register(server: McpServer): void {
       try {
         const cmdArgs = ["swarm", "leave"];
         if (args.force) cmdArgs.push("--force");
-        const output = await execDocker(cmdArgs);
+        const output = await execDocker(cmdArgs, { timeout: 120_000 });
         return { content: [{ type: "text" as const, text: output.trim() || "Node left the swarm" }] };
       } catch (error) {
         return errorResponse(error);

mcp-server/src/utils/docker-api.ts

@@ -104,7 +104,7 @@ export async function execDocker(
       throw new VolumeNotFoundError(match?.[1] ?? "unknown");
     }
 
-    if (stderr.includes("No such network") || stderr.includes("network") && stderr.includes("not found")) {
+    if (stderr.includes("No such network") || /network\s+\S+\s+not found/.test(stderr)) {
       const match = stderr.match(/No such network:\s*(\S+)/) ?? stderr.match(/network\s+(\S+)\s+not found/);
       throw new NetworkNotFoundError(match?.[1] ?? "unknown");
     }