feat: Add Secret support to MCPTool and MCPToolset

[vblagoje]

Why:

Fixed a security vulnerability where sensitive data (API keys, tokens, environment variables) in MCP server configurations were being serialized as plain text instead of using Haystack's Secret class for proper protection.

• fixes env vars set on StdioServerInfo are logged as plain text to external tracing tools (langfuse) haystack#9487

What:

• Core component: Enhanced MCPServerInfo classes (SSEServerInfo, StreamableHttpServerInfo, StdioServerInfo) to support Haystack Secret types
• Key features:
  • Secure serialization that omits plain text sensitive data from output
  • Backward-compatible Secret resolution in MCP client classes
  • Comprehensive field metadata system for automatic secret detection
• Integration: Follows Haystack's established Secret handling patterns used across other integrations (Anthropic, OpenAI, etc.)

How can it be used:

Recommended approach (with Secrets):

from haystack.utils import Secret
from haystack_integrations.tools.mcp import MCPTool

# SSE Server with Secret token
sse_info = SSEServerInfo(
    url="https://api.example.com/sse",
    token=Secret.from_env_var("API_TOKEN")  # Secure
)

# Stdio Server with Secret environment variables
stdio_info = StdioServerInfo(
    command="my-mcp-server",
    args=["--config", "prod"],
    env={
        "API_KEY": Secret.from_env_var("MY_API_KEY"),  # Secure
        "DATABASE_URL": Secret.from_env_var("DB_URL")  # Secure
    }
)

# Create MCP tool with secure configuration
mcp_tool = MCPTool(server_info=sse_info)

Backward-compatible approach (plain strings):

# Still works, but plain strings are omitted from serialization for security
stdio_info = StdioServerInfo(
    command="my-mcp-server", 
    env={"PUBLIC_CONFIG": "value"}  # Plain strings omitted from serialization
)

How did you test it:

• Unit tests: Updated serialization tests to verify Secret objects are properly serialized while plain strings in sensitive fields are omitted for security
• Security tests: Confirmed sensitive data protection through comprehensive serialization behavior validation

Notes for the reviewer:

• Compatibility: Maintains full backward compatibility - existing code continues to work unchanged
• Dependencies: No new external dependencies added, leverages existing Haystack Secret infrastructure
• Pattern consistency: Follows the exact same Secret handling pattern in Haystack
• Documentation: Added comprehensive docstrings with clear examples of both secure and backward-compatible usage patterns

[vblagoje]

@davidsbatista I think it makes more sense to ask @Amnah199 for a review as she is much more familiar with this code and will maintain it with me. But please by all means have a look as well.

[vblagoje]

Tested with itinerary agent, which uses mcp heavily, e2e for ay potential issues - none found!

[davidsbatista]

LGTM

[vblagoje]

Thank you @davidsbatista , @Amnah199 could you please prfioritize review of this one :-)

[vblagoje]

@Amnah199 could you please also take a quick look?

[Amnah199]

Nice work! Left a few comments

[vblagoje]

Spot on @Amnah199 - much simpler now - please have another look again

[Amnah199]

Thanks for the update. LGTM!