[Feature Request] - Add option to skip TLS verification

[jamesspi]

Problem

The MCP app uses native fetch() in src/elastic/client.ts to connect to Elasticsearch and Kibana with no option to customize TLS verification. Self-signed certificates or internal CAs (common in on-prem and development deployments) cause connection failures.

Proposed Solution

Add an optional ELASTIC_SSL_VERIFY configuration option (default: true) that allows users to disable TLS certificate verification.

This must be supported across all configuration surfaces:

1. Environment variable (.env / manual JSON config)

ELASTIC_SSL_VERIFY=false

2. MCP bundle manifest (manifest.json user_config)

Add an optional field so Claude Desktop prompts for it during install:

"ssl_verification": {
  "type": "boolean",
  "title": "Verify SSL/TLS Certificates",
  "description": "Set to false to skip TLS certificate verification (e.g. for self-signed certs). Default: true",
  "required": false,
  "sensitive": false
}

Map it in server.mcp_config.env:

"ELASTIC_SSL_VERIFY": "${user_config.ssl_verification}"

3. All MCP client JSON configs

Update the docs for Cursor (.cursor/mcp.json), VS Code (.vscode/mcp.json), Claude Desktop (claude_desktop_config.json), and Claude Code CLI examples to show the new env var:

"env": {
  "ELASTICSEARCH_URL": "https://...",
  "ELASTICSEARCH_API_KEY": "...",
  "KIBANA_URL": "https://...",
  "ELASTIC_SSL_VERIFY": "false"
}

Implementation notes

• In src/elastic/client.ts, when ELASTIC_SSL_VERIFY=false, use a custom Node.js undici dispatcher or set NODE_TLS_REJECT_UNAUTHORIZED=0 for the fetch() calls.
• Consider also supporting ELASTIC_CA_CERT (path to a PEM CA bundle) as a more secure alternative.
• Add a startup warning when TLS verification is disabled.