Studio: add stdio MCP server support

[oobabooga]

Remote (HTTP) MCP support was added in #5750; stdio (local) servers are the other transport. The official reference servers (filesystem, git, fetch, memory) and most community ones run locally as a subprocess via npx/uvx, not over HTTP.

This PR adds stdio MCP support by accepting a local command in place of a URL in the MCP Servers dialog.

How to use

Example:

1. Go to MCP Servers -> Manage -> Add server.
2. In "URL or command", enter the command, e.g. npx -y @modelcontextprotocol/server-filesystem /tmp (the directory must exist).
3. (Optional) Add environment variables in the editor below: e.g. name API_KEY, value sk-...
4. Test connection, then Add server.
5. Toggle "Use MCP Servers" on.
6. Ask the model What files are in /tmp? (calls list_directory), or Write a file /tmp/notes.txt containing "hello" (calls write_file).

The command's runtime must be installed and on PATH. The example above needs npx, a uvx server needs uv, a python3 -m server needs Python, etc.

Policy (gating)

stdio servers run an arbitrary local subprocess as the backend user, so they are gated by deployment, not by login:

• Enabled automatically in the desktop app (the backend is the user's own machine).
• Off everywhere else: manual local runs, Colab, any network (0.0.0.0) bind. Set UNSLOTH_STUDIO_ALLOW_STDIO_MCP=1 to override. The flag is process-wide with no bind check, so it grants every user who can log into the backend the ability to run commands on the machine. Only enable it when you trust everyone with access.

When disabled, stdio servers cannot be created, tested, refreshed, discovered, or executed (enforced at all five points). A DB carried from a desktop install won't spawn anything on a hosted instance.

Implementation

Reuses the existing HTTP MCP path to keep the change small. A non-HTTP address is treated as a stdio command. The command rides the existing url field and env vars ride the headers_json column. No new DB column, no migration, no new model or route. 5 files changed, transport built with fastmcp's StdioTransport. The HTTP path is untouched.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.

[gemini-code-assist]

Code Review

This pull request adds support for local stdio Model Context Protocol (MCP) servers alongside remote HTTP servers, restricted by a security gate (UNSLOTH_STUDIO_ALLOW_STDIO_MCP) that is enabled by default on the desktop app. Key feedback includes fixing a validation bug in the frontend that rejects local commands containing '://' in their arguments, stripping preserved quotes from parsed command tokens on Windows to prevent subprocess execution failures, and defensively handling empty command lists in the client initialization to avoid an IndexError.

[danielhanchen]

Tested locally: the stdio gate holds at create, test, refresh, discovery and execute, a real stdio server (npx filesystem) works end to end, and the live Studio UI checks out. CI is green. Approving.

[Datta0]

I see the request goes through but returns 400

[oobabooga]

@Datta0 This happened because stdio MCP is disabled by default except on the desktop app. To enable it on the webui, start it with UNSLOTH_STUDIO_ALLOW_STDIO_MCP=1.

The error message was unclear/misleading, I have improved that here: #5928