Refactor NPX and UVX templates for security and maintainability

Previous approach created complex shell scripts with nested quoting to handle
version stripping and buildArgs. This was error-prone and hard to maintain.

New approach:
- Add MCPPackageClean field to TemplateData, auto-populated by stripVersionSuffix()
- NPX: Use simple JSON array ENTRYPOINT with pre-stripped package name
  ENTRYPOINT ["npx", "{{.MCPPackageClean}}"{{range .BuildArgs}}, "{{.}}"{{end}}]
- UVX: Simplified to use MCPPackageClean instead of shell parameter expansion
  ENTRYPOINT ["sh", "-c", "exec '{{.MCPPackageClean}}'{{range .BuildArgs}} '{{.}}'{{end}} \"$@\"", "--"]
- Add comprehensive unit tests for version stripping logic

Benefits:
- NPX template reduced from 9 lines of shell script to 2 lines of JSON array
- Version stripping logic centralized, testable, and maintainable
- Properly handles scoped packages (@org/package@version -> @org/package)
- BuildArgs safely passed without shell injection risk
- Prevents NPX from re-pulling packages when @latest is specified

Fixes NPX @latest regression from PR #2630.

Author: danbarr

pkg/container/templates/npx.tmpl

@@ -95,10 +95,14 @@ ENV NODE_PATH=/app/node_modules \
 # Switch to non-root user
 USER appuser
 
-# `MCPPackage` may include a version suffix (e.g., `[email protected]`), which we cannot use here.
-# Create a small wrapper script to handle this.
-RUN echo "#!/bin/sh" >> entrypoint.sh && \
-    echo "exec npx {{.MCPPackage}}{{range .BuildArgs}} {{.}}{{end}} \"\$@\"" >> entrypoint.sh && \
+# Create entrypoint script that strips version tag from package name
+# NPX requires this to avoid re-pulling the package when @latest is specified
+# Using printf %s for buildArgs to safely handle special characters
+RUN echo '#!/bin/sh' > entrypoint.sh && \
+    echo 'package=$(echo "{{.MCPPackage}}" | sed '"'"'s/@[^@/]*$//'"'"')' >> entrypoint.sh && \
+    echo -n 'exec npx "$package"' >> entrypoint.sh{{range .BuildArgs}} && \
+    printf ' %s' '{{.}}' >> entrypoint.sh{{end}} && \
+    echo ' "$@"' >> entrypoint.sh && \
     chmod +x entrypoint.sh
 
 # Run the preinstalled MCP package directly using npx.

pkg/container/templates/templates_test.go

@@ -30,7 +30,7 @@ func TestGetDockerfileTemplate(t *testing.T) {
 				"package_spec=$(echo \"$package\" | sed 's/@/==/')",
 				"uv tool install \"$package_spec\"",
 				"COPY --from=builder --chown=appuser:appgroup /opt/uv-tools /opt/uv-tools",
-				"ENTRYPOINT [\"sh\", \"-c\", \"package='example-package'; exec \\\"${package%%@*}\\\"\", \"--\"]",
+				"ENTRYPOINT [\"sh\", \"-c\", \"package='example-package'; exec \\\"${package%%@*}\\\" \\\"$@\\\"\", \"--\"]",
 			},
 			wantMatches: []string{
 				`FROM python:\d+\.\d+-slim AS builder`, // Match builder stage
@@ -56,7 +56,7 @@ func TestGetDockerfileTemplate(t *testing.T) {
 				"package_spec=$(echo \"$package\" | sed 's/@/==/')",
 				"uv tool install \"$package_spec\"",
 				"COPY --from=builder --chown=appuser:appgroup /opt/uv-tools /opt/uv-tools",
-				"ENTRYPOINT [\"sh\", \"-c\", \"package='example-package'; exec \\\"${package%%@*}\\\"\", \"--\"]",
+				"ENTRYPOINT [\"sh\", \"-c\", \"package='example-package'; exec \\\"${package%%@*}\\\" \\\"$@\\\"\", \"--\"]",
 				"Add custom CA certificate BEFORE any network operations",
 				"COPY ca-cert.crt /tmp/custom-ca.crt",
 				"cat /tmp/custom-ca.crt >> /etc/ssl/certs/ca-certificates.crt",
@@ -79,7 +79,10 @@ func TestGetDockerfileTemplate(t *testing.T) {
 				"FROM node:",
 				"npm install --save example-package",
 				"COPY --from=builder --chown=appuser:appgroup /build/node_modules /app/node_modules",
-				"echo \"exec npx example-package \\\"\\$@\\\"\" >> entrypoint.sh",
+				`echo '#!/bin/sh' > entrypoint.sh`,
+				`echo 'package=$(echo "example-package" | sed '"'"'s/@[^@/]*$//'"'"')'`,
+				`echo -n 'exec npx "$package"' >> entrypoint.sh`,
+				`echo ' "$@"' >> entrypoint.sh`,
 				"ENTRYPOINT [\"./entrypoint.sh\"]",
 			},
 			wantMatches: []string{
@@ -102,7 +105,10 @@ func TestGetDockerfileTemplate(t *testing.T) {
 			wantContains: []string{
 				"FROM node:",
 				"npm install --save example-package",
-				"echo \"exec npx example-package \\\"\\$@\\\"\" >> entrypoint.sh",
+				`echo '#!/bin/sh' > entrypoint.sh`,
+				`echo 'package=$(echo "example-package" | sed '"'"'s/@[^@/]*$//'"'"')'`,
+				`echo -n 'exec npx "$package"' >> entrypoint.sh`,
+				`echo ' "$@"' >> entrypoint.sh`,
 				"ENTRYPOINT [\"./entrypoint.sh\"]",
 				"Add custom CA certificate BEFORE any network operations",
 				"COPY ca-cert.crt /tmp/custom-ca.crt",
@@ -227,7 +233,11 @@ func TestGetDockerfileTemplate(t *testing.T) {
 				"FROM node:",
 				"npm install --save @launchdarkly/mcp-server",
 				"COPY --from=builder --chown=appuser:appgroup /build/node_modules /app/node_modules",
-				"echo \"exec npx @launchdarkly/mcp-server start \\\"\\$@\\\"\" >> entrypoint.sh",
+				`echo '#!/bin/sh' > entrypoint.sh`,
+				`echo 'package=$(echo "@launchdarkly/mcp-server" | sed '"'"'s/@[^@/]*$//'"'"')'`,
+				`echo -n 'exec npx "$package"' >> entrypoint.sh`,
+				`printf ' %s' 'start' >> entrypoint.sh`,
+				`echo ' "$@"' >> entrypoint.sh`,
 				"ENTRYPOINT [\"./entrypoint.sh\"]",
 			},
 			wantMatches: []string{
@@ -247,7 +257,7 @@ func TestGetDockerfileTemplate(t *testing.T) {
 			wantContains: []string{
 				"FROM python:",
 				"uv tool install \"$package_spec\"",
-				"ENTRYPOINT [\"sh\", \"-c\", \"package='example-package'; exec \\\"${package%%@*}\\\" \\\"--transport\\\" \\\"stdio\\\"\", \"--\"]",
+				"ENTRYPOINT [\"sh\", \"-c\", \"package='example-package'; exec \\\"${package%%@*}\\\" '--transport' 'stdio' \\\"$@\\\"\", \"--\"]",
 			},
 			wantMatches: []string{
 				`FROM python:\d+\.\d+-slim AS builder`,

pkg/container/templates/uvx.tmpl

@@ -118,4 +118,5 @@ USER appuser
 # We use sh -c to allow the package name to be resolved from PATH
 # Strip version specifier (if present) from package name for execution
 # Handles format like package@version
-ENTRYPOINT ["sh", "-c", "package='{{.MCPPackage}}'; exec \"${package%%@*}\"{{range .BuildArgs}} \"{{.}}\"{{end}}", "--"]
+# BuildArgs use single quotes for safety - prevents shell injection
+ENTRYPOINT ["sh", "-c", "package='{{.MCPPackage}}'; exec \"${package%%@*}\"{{range .BuildArgs}} '{{.}}'{{end}} \"$@\"", "--"]

pkg/runner/protocol_test.go

@@ -251,7 +251,11 @@ func TestBuildFromProtocolSchemeWithNameDryRun(t *testing.T) {
 			serverOrImage: "npx://@launchdarkly/mcp-server",
 			buildArgs:     []string{"start"},
 			wantContains: []string{
-				"exec npx @launchdarkly/mcp-server start",
+				`echo '#!/bin/sh' > entrypoint.sh`,
+				`echo 'package=$(echo "@launchdarkly/mcp-server" | sed '"'"'s/@[^@/]*$//'"'"')'`,
+				`echo -n 'exec npx "$package"' >> entrypoint.sh`,
+				`printf ' %s' 'start' >> entrypoint.sh`,
+				`echo ' "$@"' >> entrypoint.sh`,
 				"FROM node:22-alpine",
 			},
 			wantErr: false,