[Draft] Add Postman testing documentation

[strawgate]

Summary

Adds documentation for testing FastMCP servers using Postman's MCP request feature. Postman now provides native support for the Model Context Protocol, allowing developers to interactively test and debug their servers through Postman's visual interface.

This enhancement provides developers with an additional testing option alongside the existing pytest-based testing approach. Postman is particularly useful for manual testing, exploring server capabilities, and debugging during development.

Changes

• Added "Testing with Postman" section to docs/patterns/testing.mdx with setup instructions, usage guidance, and comparison to pytest
• Added cross-reference to Postman in docs/deployment/http.mdx alongside MCP Inspector

Fixes #3091

Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ae82929702

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Remove Postman from browser-only CORS list

This section says browser-based MCP clients that need CORS include Postman, but the new Testing guide explicitly states MCP support is available in the Postman desktop app. Desktop clients are not subject to browser CORS, so this guidance is internally inconsistent and can lead readers to enable CORS unnecessarily (weakening security) when using Postman. Consider either removing Postman from this browser-only list or clarifying that the CORS requirement applies only to Postman’s browser-based client, if MCP support exists there.

Useful? React with 👍 / 👎.

[strawgate]

/marvin how does this match the postman docs? Are we right?

[marvin-context-protocol]

Claude finished @strawgate's task in 2m 21s —— View job

---

Verification Results

• Read the PR changes to understand what we documented
• Search for official Postman MCP documentation
• Verify claims about Postman's MCP support
• Check CORS requirements for Postman desktop app
• Provide findings and recommendations

Summary

The codex review comment is correct - our documentation has an inconsistency. Here's what the research shows:

Key Findings

1. Postman Desktop vs Web:

• Postman's desktop app does NOT require CORS configuration
• Only the Postman web app (browser-based) is subject to CORS restrictions
• Our testing guide correctly states MCP support is in the "Postman desktop app" (docs/patterns/testing.mdx:116)

2. CORS Requirements:

• CORS is only needed for browser-based clients making requests from JavaScript
• Desktop applications like Postman desktop app can make cross-origin requests without CORS headers
• The MCPcat guide explicitly notes that CORS configuration should "allow requests with no origin (like mobile apps or Postman)" - referring to desktop tools that don't send Origin headers

3. The Inconsistency:
Our HTTP deployment guide (docs/deployment/http.mdx:158) lists "Postman" under browser-based clients that need CORS:

Browser-based MCP clients that need CORS include:

• MCP Inspector - Browser-based debugging tool for testing MCP servers
• Postman - API testing platform with MCP request support

This is misleading because:

• We correctly document Postman's MCP support as being in the desktop app (testing.mdx)
• Desktop apps don't need CORS
• Postman web exists but isn't what we're recommending for MCP

Recommendations

Option 1 (Recommended): Remove Postman from the CORS list since we're specifically documenting the desktop app:

Browser-based MCP clients that need CORS include:

- **MCP Inspector** - Browser-based debugging tool for testing MCP servers
- **Custom browser-based MCP clients** - If you're building a web app that directly connects to MCP servers

Option 2: Clarify that only Postman's web version needs CORS (but this adds complexity without value since we recommend the desktop app):

- **Postman web app** - Browser-based API testing (note: Postman desktop app does not require CORS)

The codex review is right: mentioning Postman in a "browser-based" CORS section contradicts our guidance about using the desktop app. Option 1 is cleaner and matches what we're actually recommending users do.

Sources

• About the Postman Agent
• CORS Policies for Web-Based MCP Servers
• Create an MCP request for your collection
• Postman launches full support for MCP

---

[strawgate]

/marvin let's also add mcpjam and let's incorporate the feedback

[marvin-context-protocol]

Claude finished @strawgate's task in 4m 16s —— View job

---

Task Complete

• Read current documentation files
• Research mcpjam
• Remove Postman from CORS browser-based clients list
• Add mcpjam documentation
• Run tests and linting
• Commit and push changes

Summary

Successfully incorporated the feedback and added MCPJam Inspector documentation:

Fixed CORS/Postman Inconsistency:

• Removed Postman from the "browser-based MCP clients that need CORS" list in docs/deployment/http.mdx
• Replaced it with MCPJam Inspector (which is browser-based and does need CORS)
• This resolves the inconsistency identified in the codex review—Postman desktop app doesn't require CORS, so it shouldn't have been listed there

Added MCPJam Inspector Documentation:

• Added comprehensive "Testing with MCPJam Inspector" section to docs/patterns/testing.mdx
• Documented all three transport protocols supported (STDIO, HTTP, SSE)
• Included setup instructions, connection steps, and testing features
• Highlighted the LLM Playground capability for testing with real AI models
• Added comparison of when to use MCPJam Inspector vs Postman vs Pytest

Key Insights:

• MCPJam Inspector is a local-first tool running at http://127.0.0.1:6274
• It's browser-based (so it needs CORS for HTTP servers)
• Supports protocol-level debugging with JSON-RPC message inspection
• Can test servers with actual LLM models (Claude, GPT, Ollama)

All tests pass (4036 passed) and linting is clean. Changes committed and pushed to the PR branch.

---

| Latest commit

[marvin-context-protocol]

Test Failure Analysis

Summary: Tests are timing out during teardown on Windows when trying to clean up a temporary directory in .

Root Cause: The test fixture uses without the parameter. On Windows, file handles can remain open slightly longer than expected, causing to fail during cleanup when it tries to scan directories that haven't been fully released yet. This is a well-documented Windows-specific issue with Python's temporary directory cleanup.

Suggested Solution: Add to the call in the fixture (line 34 of ). This pattern is already used elsewhere in the codebase (see ).

Change line 34 from:

with tempfile.TemporaryDirectory() as temp_dir:

To:

with tempfile.TemporaryDirectory(ignore_cleanup_errors=True) as temp_dir:

Detailed Analysis

The test timeout occurs during fixture teardown:

File "D:\a\fastmcp\fastmcp\tests\server\auth\test_oauth_proxy_storage.py", line 34, in temp_storage
    with tempfile.TemporaryDirectory() as temp_dir:
  File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\tempfile.py", line 873, in cleanup
    self._rmtree(self.name, ignore_errors=self._ignore_cleanup_errors)
  File "C:\hostedtoolcache\windows\Python\3.10.11\x64\lib\shutil.py", line 599, in _rmtree_unsafe
    entries = list(scandir_it)

The issue is that MultiDiskStore (from the key-value library) may still have file handles open when pytest tries to clean up the temporary directory. On Windows, this causes rmtree to hang when scanning directories.

This is a known Python issue on Windows that affects multiple projects. The ignore_cleanup_errors=True parameter (available in Python 3.10+) tells TemporaryDirectory to ignore errors during cleanup and remove files on a "best-effort" basis, which is appropriate for test fixtures.

References:

• shutil.rmtree fails with NotADirectoryError
• Poetry's fix for Windows cleanup issues
• Python issue #70847: TemporaryDirectory cleanup exceptions

Related Files

• tests/server/auth/test_oauth_proxy_storage.py:34 - The fixture that needs to be fixed
• tests/server/middleware/test_caching.py:293 - Example of the same pattern already used in the codebase with ignore_cleanup_errors=True

[marvin-context-protocol]

Test Failure Analysis

Summary: Tests are timing out during teardown on Windows when trying to clean up a temporary directory in test_oauth_proxy_storage.py.

Root Cause: The test fixture temp_storage uses tempfile.TemporaryDirectory() without the ignore_cleanup_errors=True parameter. On Windows, file handles can remain open slightly longer than expected, causing shutil.rmtree() to fail during cleanup when it tries to scan directories that have not been fully released yet. This is a well-documented Windows-specific issue with Python temporary directory cleanup.

Suggested Solution: Add ignore_cleanup_errors=True to the TemporaryDirectory() call in the temp_storage fixture at line 34 of tests/server/auth/test_oauth_proxy_storage.py. This pattern is already used elsewhere in the codebase at tests/server/middleware/test_caching.py:293.

Change line 34 from: with tempfile.TemporaryDirectory() as temp_dir:

To: with tempfile.TemporaryDirectory(ignore_cleanup_errors=True) as temp_dir:

Detailed Analysis

The test timeout occurs during fixture teardown at:

• File tests/server/auth/test_oauth_proxy_storage.py line 34 in temp_storage
• File tempfile.py line 873 in cleanup calling self._rmtree
• File shutil.py line 599 in _rmtree_unsafe hanging on entries = list(scandir_it)

The issue is that MultiDiskStore from the key-value library may still have file handles open when pytest tries to clean up the temporary directory. On Windows this causes rmtree to hang when scanning directories.

This is a known Python issue on Windows that affects multiple projects. The ignore_cleanup_errors=True parameter available in Python 3.10+ tells TemporaryDirectory to ignore errors during cleanup and remove files on a best-effort basis which is appropriate for test fixtures.

References:

• shutil.rmtree fails with NotADirectoryError: shutil.rmtree fails with NotADirectoryError python/cpython#107408
• Poetry fix for Windows cleanup issues: Fix rmtree failures on Windows (#1031) python-poetry/poetry#1032
• Python issue 70847 TemporaryDirectory cleanup exceptions: tempfile.TemporaryDirectory() cleanup exception if nonwriteable or non-searchable files or directories created python/cpython#70847

Related Files

• tests/server/auth/test_oauth_proxy_storage.py:34 - The fixture that needs to be fixed
• tests/server/middleware/test_caching.py:293 - Example of the same pattern already used in the codebase with ignore_cleanup_errors=True

[strawgate]

/marvin let's put mcpjam first and postman second and let's do a thorough review of our instructions to make sure they are minimal and reference the external documentation from mcpjam and postman. We dont want to have to constantly check if these instructions are right. Let's double check everything we say about each one against their docs and make sure they are accurate.

[marvin-context-protocol]

Claude finished @strawgate's task in 5m 46s —— View job

---

Task Complete

• Read current documentation files
• Research official MCPJam documentation
• Research official Postman MCP documentation
• Verify all claims against official sources
• Reorder sections (MCPJam first, Postman second)
• Minimize instructions and add external doc references
• Run tests and linting
• Commit and push changes

Summary

Successfully reordered the testing documentation and thoroughly verified all claims against official sources. The documentation now follows your requested structure with MCPJam first and Postman second, while maintaining minimal instructions that reference external documentation.

Key Changes

Documentation Structure:

• ✅ Reordered sections: MCPJam Inspector now appears before Postman (as requested)
• ✅ Dramatically reduced instruction length to avoid maintenance burden
• ✅ Added prominent links to official documentation for both tools

Content Minimization:

• MCPJam section: Reduced from ~40 lines to ~15 lines (62% reduction)
• Postman section: Reduced from ~65 lines to ~25 lines (61% reduction)
• Removed redundant server setup examples
• Focus on key features with links to official docs for details

Accuracy Verification:

• ✅ MCPJam Inspector: Verified STDIO, HTTP, and SSE support via official docs
• ✅ Postman MCP: Verified features via Postman Learning Center
• ✅ Updated CORS section in http.mdx to correctly list MCPJam as browser-based
• ✅ Softened Postman platform claims (official docs don't explicitly state "desktop only")

Quality Assurance:

• All tests pass (4217 passed, 1 skipped, 14 xfailed)
• All static checks pass (Ruff, Prettier, ty, loq)
• Changes committed and pushed to PR branch

What We Avoided

Following your guidance to "not constantly check if these instructions are right," the new documentation:

• References official external docs instead of duplicating setup instructions
• Focuses on what each tool is good for rather than detailed how-to steps
• Lets the official documentation be the source of truth for installation and usage

---

| Latest commit