Skip to main content
Most MCP servers connect in just a few minutes. The ones that take longer usually aren’t hard so much as particular — as the server guides show, one server wants a scoped token, another a region-specific URL or an admin-allowlisted callback, and a few, like the AWS MCP Server, run through a local signing proxy. Whichever you’re connecting, it helps to confirm it works on its own first, and that’s exactly what these tools are for. Two free, open-source inspectors are purpose-built to help teams building or using MCP servers validate connectivity and correctness: the official MCP Inspector and MCPJam. Both run on your own machine, speak the raw MCP protocol, and need no LLM to connect to a server and list what it offers. Use one to confirm a server is sound before you bring it into MCP Manager — so the time you spend in MCP Manager goes to what it’s for, governance (rules, identity, logging, and access), instead of diagnosing connections.
Both tools are independent open-source projects, not part of MCP Manager. Their own documentation is authoritative and may be more current than this page. We point to them because they’re the fastest, most neutral way to verify a server in isolation.

Which tool should I use?

Either works for the core job — connect to a server and inspect its tools, resources, and prompts. They differ in focus:
Official MCP InspectorMCPJam
Maintainer · licenseThe MCP project (Anthropic) · MITMCPJam · Apache 2.0
How to runnpx @modelcontextprotocol/inspector (local only)Hosted at app.mcpjam.com, npx @mcpjam/inspector@latest, or a desktop app
Strongest atThe neutral reference tool; a scriptable --cli mode for CIGuided OAuth debugging; sharing a live server with teammates
OAuthBearer token / custom headers, plus an OAuth flowA step-by-step OAuth Debugger across spec versions (DCR, pre-registration, CIMD)
Shareable / hostedNo — runs locallyYes — a hosted web app and shareable links
Needs an LLM?NeverOnly for its optional chat/eval features
  • Choose the official MCP Inspector when you want the canonical reference implementation, everything strictly local, or a --cli mode you can wire into CI.
  • Choose MCPJam when OAuth is the hard part (its OAuth Debugger is the standout), when you want to share a running server with teammates, or when you may later go beyond connectivity into model-driven chat and evals.
You don’t have to pick one forever — both install in seconds, so it’s fine to reach for whichever fits the problem in front of you.

The official MCP Inspector

The MCP Inspector is the reference testing tool maintained by the Model Context Protocol project (MIT-licensed). It has two parts: a React UI (the MCP Inspector Client, default port 6274) and a proxy (the MCP Proxy, default port 6277) that bridges the browser to the server’s transport. Both bind to localhost only.

Run it

# UI mode — opens the inspector in your browser
npx @modelcontextprotocol/inspector
It prints a URL that includes a proxy session token; open that exact link. (The token protects the proxy from other processes on your machine — see Security.) You can also point it straight at a local/STDIO server: 
npx -y @modelcontextprotocol/inspector npx @modelcontextprotocol/server-filesystem /path/to/dir
Pass environment variables with -e key=value, and change ports with CLIENT_PORT=8080 SERVER_PORT=9000.

Connect to a remote server

Run npx @modelcontextprotocol/inspector with no command, then in the Server connection pane choose the transport — Streamable HTTP for most current servers (or SSE for older ones) — and paste the server’s URL. For an authenticated server, enter a Bearer token (sent in the Authorization header; you can override the header name) or add custom headers. The Inspector runs the same initialize handshake and capability negotiation any MCP client does.

Inspect what the server offers

The UI has panes for Resources, Prompts, Tools, and Notifications. List each, read the schemas, call a tool with custom inputs, and watch every JSON-RPC message and server log in the Notifications pane.

CLI mode (for scripting and CI)

--cli runs the same checks headlessly — ideal for a CI gate: 
# List a remote server's tools over Streamable HTTP
npx @modelcontextprotocol/inspector --cli https://mcp.example.com --transport http --method tools/list

# Call a tool
npx @modelcontextprotocol/inspector --cli https://mcp.example.com --transport http \
  --method tools/call --tool-name search --tool-arg query=hello

# Send a custom auth header
npx @modelcontextprotocol/inspector --cli https://mcp.example.com --header "Authorization: Bearer <token>" --method tools/list

Security notes

The Inspector hardened its defaults after CVE-2025-49596 (a remote-code-execution risk):
  • The proxy requires a session token (auto-generated, printed on startup, or set via MCP_PROXY_AUTH_TOKEN). Use the printed link so the token is included.
  • Both the UI and proxy bind to localhost by default, with Origin-header (DNS-rebinding) validation.
  • Don’t set DANGEROUSLY_OMIT_AUTH — disabling the token can let a malicious web page reach the proxy and run commands on your machine.

MCPJam

MCPJam is an open-source (Apache 2.0) MCP development platform. For validation its standout is a guided OAuth Debugger, which is exactly what you want for the auth-heavy servers in the server guides.

Run it

OptionHowNotes
Hosted (fastest)Open app.mcpjam.comNo install. HTTPS server URLs only; no local/STDIO.
Terminal (best for sensitive credentials)npx @mcpjam/inspector@latestNode.js 20+. Opens at http://localhost:6274. HTTP/S and local STDIO. Everything stays on your machine.
Desktop (Mac/Windows)Download the installerNo Node.js required. HTTP/S and local STDIO.

Connect and inspect

Click Add server, enter the server’s URL, and choose its authentication — None, Bearer Token, or OAuth 2.0. Once connected, browse Tools, Resources, and Prompts, and run a tool by hand with full JSON-RPC visibility.

Debug OAuth

For an OAuth server, MCPJam’s OAuth Debugger walks each stage of the handshake — discovery, Dynamic Client Registration, client pre-registration, the authorize redirect, and token exchange — and shows where it breaks. This is the fastest way to pin down problems like a callback domain an admin hasn’t allowlisted, or a self-hosted server’s DCR failing.
For a real server with sensitive credentials, prefer MCPJam’s terminal (npx) or desktop app — the connection and any tokens stay on your machine. The hosted app is great for a quick check of a public HTTPS endpoint; note it stores any OAuth tokens you connect in its own vault, and its optional AI chat (the only LLM-using feature) is gated behind usage credits.

Validate, then govern

Whichever tool you use, the validation loop is the same — and none of it touches an LLM:
1

Launch the inspector locally

Start the official Inspector (npx @modelcontextprotocol/inspector) or MCPJam (npx @mcpjam/inspector@latest) and open the printed link.
2

Add the server with the same URL and auth you'll give MCP Manager

Use the identical endpoint and credentials. You’re testing the exact thing you intend to connect, so the result transfers directly.
3

Confirm it connects

A clean initialize and capability negotiation means the server and your credentials are sound. A failure here is a server- or credential-side issue to fix at the source.
4

Inspect and exercise it

List tools, resources, and prompts, and call a tool to confirm it actually responds. If it’s an OAuth server, step through the handshake (MCPJam’s OAuth Debugger is ideal).
5

Bring it into MCP Manager and focus on governance

Once the server checks out, add it in MCP Manager using the matching server guide — and spend your time there on what MCP Manager is for: rules, identity, logging, and access. Connectivity is already settled.

Audit what a gateway exposes

The same inspectors work in reverse. Point one at an MCP Manager gateway URL (with its credential) and list its tools to confirm exactly what that gateway serves to clients — a quick way to verify a gateway’s surface after you’ve assigned servers and applied rules.

Gotchas & things to keep in mind

  • Both UIs default to port 6274. To run them at the same time, move one — CLIENT_PORT/SERVER_PORT for the official Inspector, --port for MCPJam.
  • Use the official Inspector’s printed link. It carries the proxy session token; opening a bare localhost:6274 without it won’t authenticate. Never set DANGEROUSLY_OMIT_AUTH.
  • MCPJam’s hosted app is HTTPS-only and has no STDIO. For an HTTP endpoint, a local/STDIO server, or sensitive credentials, use a locally-run inspector instead.
  • These tools validate connectivity, not governance. They confirm a server works and show its capabilities; the inspection, identity, logging, and rules that make traffic safe are what MCP Manager adds on top.
  • They’re independent projects. Their UIs and flags change; if a step here has drifted, their own docs are authoritative.

Further reading

Find & Connect MCP Servers

How MCP Manager detects a server’s authentication type, and the per-server connection guides.

Connect AWS

A good example of a connection worth validating first — IAM SigV4 via a locally-run proxy.

Connect Atlassian Rovo

An OAuth server where an OAuth debugger helps — including the admin callback-domain allowlist.

Debugging your self-hosted server's OAuth

When you’re building the server yourself and the OAuth handshake is the problem.

External sources

MCP Inspector on GitHub

The official, MIT-licensed reference inspector — source, releases, and the security model.

MCP Inspector docs

The Model Context Protocol project’s guide to the Inspector’s panes and workflow.

MCPJam — hosted app

Open MCPJam in your browser; no install required (HTTPS servers only).

MCPJam on GitHub

The open-source (Apache 2.0) MCPJam project — source, installation, and releases.