All notable changes to MCPProxy are documented here. Releases follow Semantic Versioning.
- 053: Cosign keyless signing of release checksums (WP-C1) (
aaa78a8) - 053: Generate + attach SPDX SBOM to releases (WP-C2) (
a86bd56) - 053: Add SLSA build provenance for release artifacts (WP-C3) (
db0bf35)
- registry/483: Docker MCP Catalog → docker run install (no fake docker:// URL) (#484) (#484) (
f772e49) - diagnostics: Classify HTTP timeouts and string-wrapped 5xx as known codes (#469) (#469) (
fd78619) - upstream: Require N consecutive health-check timeouts before marking Error (#470) (#470) (
0cbdb89) - restart: Re-read mcp_config.json before restarting upstream (#467) (#471) (#471) (
5a1718a)
- truncate: Persist + recursively cache truncated payloads so read_cache pagination works (#480) (#480) (
95d09b0) - truncate: Unique cache keys per payload + read_cache truncation observability (#482) (#482) (
496349c)
- 049: ClassifyServerToolStatus must use runtime config authority (#477) (#477) (
ff03db9) - ci: Eliminate chronic E2E timeout — Runtime.Close Docker-verify waste (#478) (#478) (
70bf68c) - configsvc: Deep-copy tool-filter slices in Snapshot.Clone (+ regression guard) (#479) (#479) (
3cafa5a)
- config: Layered config tool filter — config_denied over user toggles (#468) (#468) (
3ffa41e) - mcp: Agent-discoverable disabled tools (spec 049) (#476) (#476) (
95f5fa4)
- embed: Untrack web/frontend/dist/* and serve a fallback stub (#473) (#473) (
7a1f6fd) - generate-types: Re-sync TS output + CRLF-safe drift test (supersedes #472) (#475) (#475) (
0afa3fb)
- diagnostics: Correct bug-report URL in Unknown failure catalog entry (#465) (#465) (
aaec117) - upstream: Stop misclassifying transport errors as auth failures (#464) (#464) (
0597762)
- webui: Per-tool enable/disable + bulk Enable All/Disable All (#463) (#463) (
c086770) - server-detail: Display + edit headers/env, with reveal & convert-to-secret (#466) (#466) (
d27fa38)
- oauth: Treat zero ExpiresAt as never-expires in HasPersistedToken (#453) (#453) (
a11d002) - 046: Persist LauncherWaitTimeout to BBolt + regenerate OAS (#454) (#454) (
45a06d9)
- launcher: Local launcher for HTTP/SSE upstreams (spec 046) (#452) (#452) (
31e4887) - telemetry: Phase H — v3 diagnostics counters (spec 044) (#449) (#449) (
f4ad4e7)
- ui/store: Clear missing server fields on merge (#438) (#443) (#443) (
b541321) - runtime: Emit servers.changed after tool approval (#438) (#444) (#444) (
3e4d895)
- release: Replace --no-progress with --quiet in apt/rpm publish (
e9ae7b6)
- 046: Adaptive onboarding wizard v2 with sidebar Setup, sectioned import, passive Verify (#433) (#433) (
0064d88) - 046-us3: Onboarding-funnel telemetry — payload fields + privacy guards (#434) (#434) (
738c90a)
- secureenv: Inherit user's interactive PATH so stdio servers find uvx/npx (closes #439) (#440) (#440) (
2e47b9c)
- Add Arch Linux AUR install instructions (#430) (
adbf58f) - install: Add Arch Linux (AUR) install instructions (#431) (#431) (
0b8402f)
- scanner: Resolve docker via shellwrap in source extraction path (#421) (#421) (
5200185) - cli: Expand security scan report output (#423) (#423) (
c341f29) - Normalize nil CallTool arguments to empty object (#427) (#427) (
08d6bb8)
- webui: Bring Server Config tab to parity with macOS tray (#424) (#424) (
9e530c4) - webui: Scanned-files viewer in scan report (#426) (#426) (
75af2a8)
- headers: Redact sensitive header values in upstream_servers list and /api/v1/servers (#425) (#425) (
2566e24)
- macos-tray: Show "Loading…" instead of "No servers configured" during cold start (#417) (#417) (
344516f) - macos-tray: Make secrets config-first workflow visible after Add Secret (#418) (#418) (
a4ae827)
- release: Pass VERSION/COMMITS via env to avoid shell injection (
678640e)
- webui: Prevent Scan Now tooltip clipping at right edge (#407) (#407) (
907815a) - macos-pkg: Remove misleading non-auto-starting LaunchAgent (#405) (#412) (#412) (
bb34b13) - macos-tray: Pass MCPPROXY_KEYRING_WRITE to bundled core (#409) (#413) (#413) (
b16ffc7) - mcp: Make lethal trifecta warning opt-in (#406) (#414) (#414) (
7a5f0e0) - mcp: Set explicit annotation hints on all internal tools (#415) (#415) (
d6b913e)
- macos-tray,api: Expose resolved isolation defaults + per-field clear (#408) (#408) (
475a95e) - cockpit: Paperclip goal cockpit spec 045 + agent instruction drafts (#411) (#411) (
d63e81e)
- macos-tray: Preserve bool fields on server PATCH + refresh after save (#399) (#399) (
74f2bfd) - docker: Probe detects Docker via full path when PATH is minimal (#404) (#404) (
7619f0a)
- telemetry: Schema v3 extension — env_kind, activation funnel, autostart (spec 044) (#401) (#401) (
ebcbfcc) - diagnostics: Stable error-code catalog with REST + CLI surfacing (#400) (#400) (
1a0646f)
- config: Remove stdout debug prints that corrupt stdio MCP stream (
88fe74e)
- macos-tray+api: Expose per-server docker isolation overrides (#397) (#397) (
c200793) - webui: Show version + check-for-updates below sidebar logo (#392) (#398) (#398) (
c786fed)
- tray/macos: Show correct latest version in update menu (
b85e7db)
- Auto-clean deprecated config fields on startup (#384) (#384) (
df12602) - packaging: Ship .deb and .rpm Linux packages via nfpm (#385) (#385) (
19b853a) - scanner: Diagnose & opt out of no-new-privileges on snap-docker hosts (#386) (#386) (
77c2b37)
- mcp: Advertise native args object on call_tool_* variants (#379) (#379) (
33f3348) - mcp: Advertise maxResultSizeChars on every tool (#380) (#380) (
e911e39)
- macos-tray: Download DMG matching host CPU architecture (#377) (#377) (
4dad6d1) - docker: Wrap docker CLI invocations in user shell to inherit PATH (#378) (#378) (
b6dc5ad)
- #370: Quarantine_enabled=false auto-approves new servers (
98cd0b4) - 039: Resolve 13 QA findings in security scanner plugin system (#372) (#372) (
3f975ab) - 042: Emit enable_web_ui alongside enable_prompts in feature flags (#374) (#374) (
f0c171f) - telemetry: Honor --config flag in enable/disable save path (#375) (#375) (
bbd2a47) - scanner: Route non-CVE findings out of Supply Chain Audit section (
9100e38) - release: Auto-update Homebrew cask on release (#367) (#367) (
12c2095)
- 039: Security Scanner Plugin System (#364) (#364) (
60c2eef) - 042: Telemetry tier 2 — privacy-respecting usage signals (#373) (#373) (
668bd86) - 042: Serve telemetry payload via REST, require daemon for show-payload (#376) (#376) (
80afbd5)
- Add missing GetToolApprovalStatus to test mocks and storage import (
dec4f62) - Windows-compatible connect tests (path prefix + file permissions) (
ecbab79) - tray: Use configured port for Open Web UI (#362) (#362) (
3770ece)
- 041: Quarantine state machine invariants, property tests & security fix (#360) (
b9375ed) - Add reconnect_on_use for on-demand upstream reconnection (#363) (#363) (
d98458b)
- All Needs Attention items navigate to server detail page (
430e3ef) - Docker status shows active when containers running + activity live updates (
8db706e) - Cap token savings at 99.99%, fix Docker status in Web UI (
96cda77) - Annotations returned by API + rebuild frontend into Go embed (
42b7903) - Changed tools were auto-approved on second checkToolApprovals pass (
c61630c)
- Tool approval badges (new/changed), annotations, word-level diff (
fa88993) - Enrich /tools API with approval_status, sort pending first (
9b87a6f) - macOS: Individual tool approve, pending column, client name in activity (
a0b232c)
- Add @executable_path/../Frameworks to rpath for Sparkle (
a243114) - Test workflow path for Swift app bundle (
6298090) - Resolve OUTPUT_DIR to absolute path before cd in build script (
ab51aa6)
- Bundle Sparkle.framework in Swift app to prevent launch crash (
3268a17)
- Add CFBundleIconName + CFBundleIconFile to Info.plist, bundle .icns (
0a7fa79)
- Copy icon PNGs to app bundle Resources for tray icon (
ddfd3cb)
- Add fail-fast: false to release/prerelease matrix (
3aef851)
- Show MCPProxy in Launchpad + fix LaunchAgent executable path (
54fe5aa)
- 037: Fix compilation errors in Swift tray app (
c55150d) - 037: Add local network usage description, remove server entitlement (
f2a99fa) - 037: Start core on app launch, not on first menu click (
cdb3200) - 037: Probe socket with API call before attaching to external core (
dd60bc6) - 037: Use TCP for SSE stream, socket for API calls (
6c81e16) - 037: Fix socket URLProtocol hanging on response read (
ec40ce1) - 037: Fix duplicate menu items in MenuBarExtra (
10ae5d7) - 037: Prevent menu item duplication from SSE-driven re-renders (
bdadabb) - 037: Replace SwiftUI MenuBarExtra with AppKit NSStatusItem+NSMenu (
e0e9bad) - 037: Improve tray menu UX based on MCP accessibility testing (
168734a) - 037: Fix 4 major UX issues in tray app (
180b680) - 037: Fix remaining UX issues + add SecretsView (
f0f5a2e) - 037: Replace List with ScrollView+LazyVStack in ServersView (
df184b9) - 037: Fix servers list, secrets API, activity filters (
d2cff8d) - 037: Use List with .id() for servers view in NavigationSplitView (
3702662) - 037: Replace SwiftUI List with AppKit NSTableView for servers (
1bfd592) - 037: Fix OAuth login and server action handlers (
60d157b) - 037: Fix double-v version display (vv0.22.0 → v0.22.0) (
a7a4ac2) - 037: Remove SearchView, use MCPProxy icon for tray + window (
4b71d0f) - 037: Fix tray icon showing red when most servers are healthy (
15c0d22) - Exclude annotations from tool quarantine hash to prevent false change spam (
91bbc18) - 037: UI polish — fonts, icons, add server button, info button, activity detail (
d7cdf50) - 037: Working pause/resume, icon overlay, status dot, tool diff (
0d8db1b) - 037: Fix tray icon grayscale, add Core to pause/resume labels (
fb11fec) - Eliminate false tool_description_changed events via self-healing hash migration (
be5cca4) - 038: Improve screenshot and submenu reliability, fix docs (
497c420) - Resolve API deadlocks, export pagination, annotation filtering (
3df29a1) - 037: Auto-refresh for all views via SSE events (
47b7755) - 037: Server logs display — parse structured API response, color-coded (
6db19de) - 037: Server disable uses correct /disable endpoint (
2a47d92) - 037: Tray menu shows correct status dots for disabled servers (
4bc5f50) - 037: Zoom fonts-only, core status banner, bigger tray icons, red delete (
2c7fe27) - 037: Remove GeometryReader+scaleEffect that broke all page layouts (
59cf4b0) - 037: Working Cmd+/Cmd- zoom via NSView.setBoundsSize (
7407d7f) - Use swift build + swiftc fallback instead of xcodebuild for CI (
6c379a8)
- 037: Add autonomous execution report (
e71a3ab) - 037: Update report with compilation verification results (
ddb1f2c) - Add macOS tray build and UI testing instructions to CLAUDE.md (
d001c11) - qa: Update QA report — 27 PASS / 0 FAIL / 3 SKIP after fixes (
28d52f4) - qa: 100-scenario intensive QA report — 86 PASS / 14 FAIL (
c22ed04) - qa: Final 100-scenario report — 96 PASS / 0 FAIL / 4 SKIP (
ee5fae6) - Design spec for CI Swift tray app build + installer updates (
f0d312a)
- 037: Add specification for native macOS Swift tray app (
17e3f87) - 037: Add implementation plan and research artifacts (
a86fa93) - 037: Implement native macOS Swift tray app (
5866a7b) - 037: Add health badge icon and notification triggers (
24e843b) - 037: Implement GitHub Releases update checker (
4f2ae45) - 037: Implement main app window with sidebar navigation (Spec B) (
7276a84) - 037: Apply research recommendations — accessibility IDs, menu delegate, Equatable rows, activation policy (
f422559) - 037: Improve tray menu — servers submenu, auth indicators, fix attention filter (
1d7b1dc) - 037: Add improvement spec for tray app P1/P2 features (
02b1686) - 037: Implement P1/P2 improvements — server detail, add/import, search, context menu (
d3e9c54) - 037: Add Dashboard, Apple-style sidebar icons, fix import spinner (
d450494) - 037: Docker Desktop-style tray icon, pause/resume, simplified menu, tool diff (
cb46aa5) - 037: Activity Log — SSE live updates, colored JSON, intent, export (
3eb922d) - 038: Add specification for MCP accessibility testing server (
62ea4b1) - 038: Implement MCP accessibility testing server (
e7a6229) - 038: Add screenshot capabilities to mcpproxy-ui-test (
c6f69f0) - 037: Docker Desktop-style server table, improved tabs and logs (
ae4e2f3) - 037: Expandable tool details + sortable server columns (
10b3239) - 037: Dashboard matches web UI, Activity Log as table (
6a062c3) - 037: Cmd+/Cmd-/Cmd+0 zoom for main window, View menu (
222feab) - 037: Fix zoom, Stop/Start terminology, server action labels (
050192b) - 037: Font-only zoom via custom EnvironmentKey — panels stay fixed (
e0bcf1d) - 040: Add/Edit Server UX improvements for macOS tray app (#359) (
82718be) - Build Swift tray app in CI, use in macOS installers (
8c72179)
- 037: Apply macOS HIG design guide across all views (
b11b527)
- Enhanced Tool Annotations Intelligence (Spec 035) (#342) (#342) (
a0cdc37) - Anonymous telemetry and in-app feedback (Spec 036) (#345) (#345) (
14c1cc9)
- Session tracking not updating in Recent Sessions (#344) (
a015c3c)
- CopyServerConfig missing SkipQuarantine and Shared fields (
0fab80a) - Adapt retrieve_tools instructions for code execution routing mode (
2a29c40) - Escape Windows backslashes in TestLoadConfig_DataDirExpandFailure (
8c59657) - Handle unresolved secret refs in data_dir on Windows (
1b8e235) - Include annotations in tool quarantine hash with backward compatibility (
fec0448) - Avoid unnecessary DB writes on every approved tool check (
984b237) - ci: Upgrade macOS runners from macos-14 to macos-15 (
d5b3d30)
- spec: Add spec, plan, and tasks for expand-secret-refs (
82548d7)
- secret: Add ExpandStructSecretsCollectErrors and export CopyServerConfig (
0bb5a09) - secret: Expand env/keyring refs in all ServerConfig and DataDir fields (
78bdf57)
- Improve code_execution tool description for AI agent reliability (
1226bf9)
- teams: Wire up all teams API endpoints and fix frontend data mapping bugs (
be2a5f7) - Make swagger output deterministic by ignoring teams-only config (
efbca20) - Add nil check for config in routing mode handlers (
2045c05) - Address code review issues C1, C2, I1 (
08198db) - Use switch statement for routing mode in doctor command (
7e60915) - Add SkipQuarantine to field coverage test exclusion list (
f7a7de2) - Clean up tool approval records when server is removed (
9c3e554) - Resolve lint and E2E test failures in tool quarantine PR (
f00c04a) - Auto-approve tools for trusted servers and add quarantine stats to servers API (
0293953) - Reduce tray log noise by changing server state polling to debug level (
4238532) - Auto-approve tools for non-quarantined servers on upgrade (
3407971) - MCP endpoints dropdown not opening due to overflow-x-hidden clipping (
d44365a) - Simplify code_execution description and add it to /mcp/call mode (
673f30e) - Repair failing tests and broken docs link (
8e6ac56) - Remove broken Docusaurus link to internal code_execution docs (
6b64e0b) - Refresh server data after tool approval to prevent stale quarantine counts (
11ed0df) - Fetch tool diffs for changed tools to enable visual diff in Web UI (
177df07)
- Update CLAUDE.md with tool-level quarantine documentation (
aa19713) - Add documentation for routing modes, quarantine, TypeScript, and modern JS (
f3f7520) - Add routing modes, tool quarantine docs and QA report (
f204be8) - Add quarantine QA testing design spec (
3352889) - Add quarantine QA testing implementation plan (
43f49a1)
- teams: Shared server toggle, per-user preferences, and activity log isolation (
a33ce88) - teams: OAuth auth, multiuser routing, workspace isolation, and activity enrichment (
c458e1a) - teams: Admin server management, per-user agent tokens, and UX redesign (
56021ee) - Add TypeScript language support to code_execution tool (
72bfb05) - Add routing_mode config field with validation (Spec 031) (
1875d86) - Add routing mode logic for direct and code_execution modes (Spec 031) (
066442b) - Add multiple MCP server instances for routing modes (Spec 031) (
7e2c1e1) - Register dedicated HTTP endpoints for routing modes (Spec 031) (
6eb6f5d) - Add auth context enforcement to JS runtime call_tool (Spec 031) (
d2b603d) - Add routing mode to status and doctor CLI output (Spec 031) (
c40c818) - Add routing mode API endpoint and status field (Spec 031) (
f12138b) - Add routing mode display to Web UI (Spec 031) (
918fdf6) - Add ToolApprovalRecord model and BBolt storage (
49aa2bf) - Add quarantine_enabled and skip_quarantine config params (
d71c8a0) - Implement tool-level hash checking and approval logic (
680ce0e) - Block tool execution for unapproved/changed tools (
5a78e9d) - Add activity logging for tool quarantine events (
3a225b7) - Add tool inspection and approval REST API endpoints (
5483ffb) - Add CLI inspect and approve commands for tool quarantine (
1aaadf9) - Add tool quarantine UI in server detail view (
b35e6ad) - Extend quarantine_security MCP tool with tool-level operations (
7fc5566) - frontend: Show quarantine tool count on servers list page (
f1d4d52) - Add quarantine tool visibility to Dashboard and CLI doctor (
5647518) - Give each routing endpoint its own focused tool set (
add42aa) - MCP endpoints dropdown, CLI endpoints, version, management tools (
218de1f)
- Remove tool_search_tool_bm25_20251119 internal tool (
4753adf)
- Resolve conflicts with main branch (
d0435cc)
- Teams -> Server across product naming, build tags, and UI (
32f688c)
- Prevent auth metadata from leaking to upstream MCP servers (#322) (
542e7de)
- spec: Add MCPProxy Teams specification (029) (
72ed1ae) - teams: Repo restructure for personal + teams dual-edition architecture [#029] (
f5a399c)
- Panic recovery returns proper error result; safe tokenizer nil handling [#318] (#320) (#320) (
83508f5)
- oauth: Add Runlayer mode to Go OAuth test server (
7d71cb9) - Modifying CLAUDE.md (Constraint Architecture for Go) (
a3ed8b6) - Add --no-quarantine flag to upstream import and fix import docs (#313) (#313) (
a6611f2)
- Add Google Antigravity setup guide to client configuration (
1323928)
- oauth: Prevent orphan cleanup from deleting valid legacy tokens (
8383d04) - oauth: Preserve DCR credentials when mcp-go saves tokens (
f7258a3) - oauth: Resolve stale stateview and handle server 5xx as token error (
5485a4b) - supervisor: Resolve stale "Connecting..." status by fixing lock ordering in reconcile (
f2d2919) - oauth: Prevent Connect() from blocking Disconnect and HTTP startup (
d19f142) - oauth: Resolve deadlock in persistDCRCredentials during Connect (
41e272f)
- oauth: Implement direct token refresh bypassing ForceReconnect early return (
432a880) - oauth: Persist DCR credentials for proactive token refresh (
822dd99) - oauth: Force mode for standalone auth login, expand error detection (
b04c44b) - oauth: Guard nil storage and handle missing expires_in (
2fab66b) - oauth: Harden token refresh with timeout and endpoint validation (
193b22a)
- signing: Switch Windows installer to production SignPath certificate (
c963d17)
- Update demo video link in README (
fa9ecf1)
- upstream: Clear stale core client state before reconnect (#286) (#286) (
47cc680) - build: Use correct module path in ldflags for version injection (#287) (#287) (
31ee931) - oauth: Clean up orphaned tokens on server removal and startup (#288) (#288) (
55b0861)
- oauth: Handle rate limiting in resource auto-detection (
53b7141) - lint: Use fmt.Fprintf instead of Write([]byte(fmt.Sprintf(...))) (
a149e30) - oauth: Limit response body read size in resource detection (
c027a0a)
- test: Add rate limit testing support to OAuth test server (
f11d63c) - oauth: Add context support to rate limit retry logic (
2a0bb15)
- Resolve secret references in HTTP headers (#284) (#284) (
05fc9b1) - index: Clean stale tool entries and include description in hash (#283) (#283) (
cfe9276)
- oauth: Drain stale callback params to prevent state mismatch on retry (#281) (#281) (
f63c3f8) - intent: Infer operation_type from tool variant instead of requiring it (#282) (#282) (
dd9376a)
- ci: Handle SignPath output with correct filename (
6b13013)
- ci: Upload exe directly for SignPath signing (
257c592)
- ci: Add SignPath Windows code signing to release workflow (
f8c98f8)
- Add JSON/YAML output support to auth status command (#270) (#270) (
1da0980) - oauth: Inject resource parameter into auth URL for API/UI login (#271) (#272) (#272) (
6a9b793)
- Update Homebrew workflow to use pre-built binaries (#257) (
888b937) - Implement RFC 8414 compliant OAuth metadata discovery (#262) (#262) (
028e799) - Correct YAML heredoc indentation in release workflow (
8aab666)
- Add config import from Claude Desktop, Claude Code, Cursor, Codex, Gemini (Spec 025) (#261) (#261) (
aa4419e)
- Remove unused isolation_* parameters from upstream_servers tool (#252) (#252) (
1b18c07) - Improve tool descriptions and error messages for AI reliability (#258) (#258) (
2c1b3ae) - Use canonical module path for go install support (#259) (#259) (
50e5bb8)
- Add 410 Gone error handling for deprecated MCP endpoints (#248) (#248) (
83e2575) - Implement smart config patching for upstream servers (Spec 023) (#249) (#249) (
c903d3c) - Implement RFC 7396 null-means-remove for env/headers patch (#250) (#250) (
4f38376)
- oauth: Open browser window for 'auth login' command (#155) (#241) (#241) (
b32ea51) - Remove timestamp from generated contracts.ts to prevent churn (#246) (#246) (
1dc5323) - frontend: Make server name clickable in attention banner (#244) (#244) (
86cca77)
- api: Add request ID tracking for end-to-end tracing (#021) (#237) (#237) (
b6e3253) - Structured Server State - Health as Single Source of Truth (#205) (#205) (
2841f33) - oauth: Persist callback port for redirect URI consistency (#022) (#247) (#247) (
767bd78) - oauth: Add structured error feedback for OAuth login (Spec 020) (#243) (#243) (
80f2226)
- Exclude quarantined servers from tool discovery and search (#219) (#219) (
48199ef) - Resolve activity CLI bugs from QA report (#223) (#223) (
87cc79c) - Log CLI tool calls with source indicator (#224) (#224) (
9bca687) - Address QA report issues for intent declaration (#226) (#226) (
abee7d8) - Search-servers command now outputs table by default (#228) (#228) (
cf627d8) - Log invalid intent attempts to activity log (#232) (#232) (
e8ca63a) - cli: Correct field names in activity watch display (#235) (#235) (
730d5e3) - oauth: Detect empty client_id when DCR fails with 403 (#236) (#236) (
4c4d070)
- Add RFC-003 Activity Log & Observability (
d6c143d) - Simplify GitHub release page for better UX (
b6ebddc) - Fix call tool flag documentation (--json_args not --input) (#227) (#227) (
80efea3) - Fix CLI flag references in spec 018 (--json_args not --args) (#229) (#229) (
e53a07a) - Add --intent-type filter and INTENT column to activity docs (#230) (#230) (
4cfb008)
- Implement CLI output formatting system (Spec 014) (#216) (#216) (
c1dd8eb) - Add CLI commands for server management (Spec 015) (#217) (#217) (
4070760) - Implement Activity Log Backend (Spec 016) (#220) (#220) (
4c42097) - Implement Activity CLI Commands (Spec 017) (#222) (#222) (
0a6c614) - Implement Intent Declaration with Tool Split (Spec 018) (#225) (#225) (
5cbdb63) - Add --no-icons flag for activity list and show commands (#231) (#231) (
09cf95d) - frontend: Add Activity Log web UI with real-time updates (#233) (#233) (
635bbc0)
- Subscribe to notifications/tools/list_changed for automatic tool re-indexing (#212) (#212) (
575dcaa)
- Add tool cache invalidation with differential update logic and manual discovery trigger (#208) (#208) (
080156d)
- Add introduction page with architecture diagram (#203) (#203) (
0500460) - Update CLI and REST API docs for unified health status (#204) (#204) (
c4e6545)
- Add centralized version display and update notifications (#201) (#201) (
27555c4) - health: Unified Health Status Implementation (#192) (#192) (
2173d65)
- Resolve path separator issues in Git Bash on Windows (#195) (
e5f4ae3) - Add favicon and apple-touch-icon for docs site (
ba74ce4)
- Optimize CLAUDE.md by moving detailed sections to dedicated docs (#190) (#190) (
5bbab84) - Add Docusaurus documentation site for docs.mcpproxy.app (#197) (#197) (
380057e) - Fix incorrect config options in security and OAuth documentation (#198) (#198) (
dcf9057) - Sync CLI documentation with source code (#199) (#199) (
da4aeb7)
- Improve HTTP server UI - show Login instead of Restart, use Reconnect in Actions (#184) (#184) (
5df6310)
- Resolve race condition in TestE2E_TrayToCore_UnixSocket with race detector (
03d4607) - Use bash shell for security test check on Windows (
4d7e96e) - Add API key authentication to quarantine config test HTTP requests (
24acc6f) - Resolve PR artifact comment permission errors for fork PRs (#163) (#163) (
c3e31d1) - Complete OAuth config extraction in API responses (fixes #155) (#164) (#164) (
9708bbc) - Escape hash symbols in PR artifacts workflow YAML (
d9cbf18) - Use heredoc with placeholders for PR artifacts comment (
ed12f71) - OAuth token refresh and flow coordination improvements (#170) (#170) (
260bd2c) - Persist DCR credentials for OAuth token refresh (#176) (#176) (
e276b41) - Clear OAuth error on successful reconnection (#177) (#177) (
b828811) - Make Login button consistent with other server action buttons (#178) (#178) (
58225d9) - Handle grace period for short-lived OAuth tokens (#179) (#179) (
4c5b565) - Skip browser OAuth flow when valid token exists in storage (#181) (#181) (
5678086)
- Add OAuth E2E testing with Playwright (#168) (#168) (
1c59b18) - OAuth extra params support and token status improvements (#167) (#167) (
03ea346) - OAuth extra params with zero-config OAuth features (#173) (#173) (
38d15dc) - Proactive OAuth token refresh and logout commands (#180) (#180) (
47d87b3) - AI-powered release notes generation with Claude API (#183) (#183) (
88c6ed4)
- Skip TestE2E_TrayToCore_UnixSocket on Go 1.23.x (
066bff4)
- Add Unix socket support to tools list, auth login, and auth status CLI commands (#152) (#152) (
b5bba51) - Refactor REST endpoints to use management service layer (#153) (#153) (
fc94510)
- Make server management operations synchronous and fix E2E tests (
8382247) - Replace nil context with context.TODO() in tests (
89351bf) - Replace deprecated skip-dirs with exclude-dirs in golangci-lint config (
a328596) - Move exclude-dirs from run to issues section in golangci-lint config (
cd51751) - Remove exclude-dirs section from golangci-lint config entirely (
f1c8663) - Upgrade golangci-lint from v2.5.0 to v2.6.2 (
0c6f7a9) - Exclude specs files from linting with build tag (
ac54c08) - Complete field mapping in management service ListServers (
17c47c2) - Mount Swagger UI directly on main mux to resolve 404 error (
90b417d) - Correct field names in doctor command output for upstream errors (
3787035) - Add sync and delay before hdiutil DMG creation to avoid Resource busy error (
6e5b641) - Remove problematic base_ref check in release workflow (
ac0ef2b)
- Add LISTEN_PORT environment variable support to E2E test script (
31c8488)
- Update hashFiles pattern in GitHub Actions workflows (
76ffb58) - Use setup-go built-in caching instead of manual cache (
18b3e89) - Implement proper Windows named pipe availability check (
8d34b70)
- Resolve context timeout and memory leak in logs follow mode (
ec53f3f) - Correct data structure parsing for missing_secrets and runtime_warnings in doctor command (
b5b9879) - Improve signal handling and server validation in upstream commands (
f0eb040) - Make follow mode respect --tail flag in upstream logs command (
7361e9d) - Parse zap logger format in GetServerLogs to prevent double timestamps (
e958989) - Update ServerController interface to match GetServerLogs signature (
6dcac3f) - Update CLI client to use structured LogEntry type (
d44eda5) - Remove deprecated read-test-data utility and add missing mock methods (
ae8f564) - Remove redundant nil check for map length (
ae21268) - Eliminate Docker recovery notification spam (
21c62bf)
- Reduce CLAUDE.md size from 43.6k to 26k chars (
6d71493) - Add CLI management commands design (
e795349) - Add CLI management commands implementation plan (
5fedb2b) - Add CLI management commands to CLAUDE.md (
e2c154d) - Add comprehensive CLI management commands reference (
cae6930) - Clarify that doctor command pretty output needs implementation (
0ac4e96) - Add godoc comments for exported CLI functions (
7c1d01b)
- Add confirmation helper for bulk operations (
bdefd6f) - Add 'mcpproxy upstream list' command (
89b8e04) - Add 'mcpproxy upstream logs' command with follow mode (
d367901) - Add upstream enable/disable/restart commands with --all support (
ec1712c) - Add 'mcpproxy doctor' command (placeholder) (
b4e813e) - Implement pretty output formatting for mcpproxy doctor command (
2269b14) - Sort upstream server list alphabetically for consistency (
65fed41) - Add tool annotations and MCP sessions tracking to WebUI (
ac0ca97) - Track and display MCP client capabilities in WebUI (
8bdf52c)
- Use box-drawing characters for table separators (
35eff6d)
- Resolve call tool and code exec client mode issues (
179f88e) - Resolve test failures in httpapi and upstream manager (
5b59db7) - Correct field name mismatch in code execution HTTP API (
4bd1a0b) - Add .exe extension for Windows in CLI E2E tests (
e042505) - Rename TestConcurrentCLICommands to include E2E suffix (
c2aece7)
- Add shared socket detection and dialer module (
689becc) - Add /api/v1/code/exec endpoint for CLI client mode (
a3dddb6) - Add HTTP client for CLI daemon communication (
1b1326e) - Enhance CLI client mode with better logging, faster timeout, and user feedback (
d265bd9)
- Add client mode to 'code exec' command (
3277248) - Add client mode to 'call tool' command (
7528533) - Use shared socket module in tray (
68dc4eb)
- Include code_execution parent calls in tool call history and add token metrics for nested calls (
585df2f) - Make Monaco editor properly fill resizable container (
4603a6d)
- Add token metrics for code_execution parent calls and improve UI (
86083cc)
- Register code_execution tool in CallBuiltInTool and CallToolDirect methods (
29d6b47) - Allow 0 for code execution config defaults in validation (
76f9d03)
- Add JavaScript code execution tool with full observability (
36899fa) - Add MCP session tracking and parent-child call linking (
afe19cd)
- Add Windows installer with Inno Setup and WiX support (
42e9b06)
- Add static OAuth credentials support and HTTP trace logging (
51e6895) - Enable zero-config OAuth with public client PKCE (
54936f3) - Prevent panic after DCR failure, add helpful error messages (
45204db)
- Implement OAuth scope auto-discovery (RFC 9728 & RFC 8414) (
620cc11)
- upstream: Prevent goroutine logging after test completion in Docker recovery (
ba1a133) - upstream: Prevent goroutine logging in Docker recovery monitor on Windows (
5428401) - upstream: Prevent logging after context cancellation in Docker recovery retry (
96ae306) - upstream: Prevent OAuth event monitor logging after context cancellation (
6323250) - upstream: Use parent context for shutdown detection in Docker recovery (
bec9617) - upstream: Use parent context in Docker recovery timer checks (
b50e7bc) - tray: Remove Docker dependency and always launch core (
8e72161) - upstream: Use ctx.Err() instead of select-default for context checks (
8a7f8a4) - upstream: Add WaitGroup to track background goroutines during shutdown (
432077a)
- Ensure all Docker containers are cleaned up on application exit (
e424b37) - Add missing ConnectionStateRecoveringDocker to stub file (
19d30aa) - tray: Fix shutdown bugs causing orphaned Docker containers (
207a68e) - windows: Move Unix-specific process functions to platform-specific files (
acc5161) - tray: Correct build constraints for desktop-only tray application (
59c1209)
- Critical analysis of Docker recovery implementation (
4b8c84e) - Add Issue #11 - duplicate container spawning prevention (
abc5dd4) - Add comprehensive Docker recovery documentation (Issue #10) (
6b1c1f0) - Add comprehensive shutdown bug analysis and fixes (
6675c0c)
- Implement Phase 1 - critical Docker recovery improvements (
ead9be8) - Implement Phase 2 - reliability improvements (
1acd9e2) - Add system notifications for Docker recovery events (Issue #6) (
de9b841) - Add persistent Docker recovery state across restarts (Issue #5) (
a9c2ed2) - Add configurable Docker recovery health check intervals (Issue #7) (
d3c7e7d) - Add comprehensive metrics and observability for Docker recovery (Issue #8) (
850e7c9)
- Ensure tray app exits cleanly on Quit (
e69753a) - Make OAuth client_id optional to support Dynamic Client Registration (
a3b287e) - Remove empty if block to pass staticcheck linter (
84fb408)
- Improve OAuth token refresh with proactive grace period (
716fcdc)
- Optimize GitHub Actions workflows for faster PR feedback (
e755ae2)
- tray: Prevent panic on double-close in health monitor (
2dd7e8b) - cli: Make tools list command use managed client (same as serve mode) (
1033984) - Clear OAuth error flags when transitioning to StateReady (
036f74b)
- Implement non-blocking tool count reads for /api/v1/servers endpoint (
66f5b4f) - Fix Web UI re-rendering and scroll position loss (
21d2f96)
- upstream: Improve SSE stability and OAuth timeout for remote scenarios (
503b971) - upstream: Add SSE OnConnectionLost handlers and remove unused code (
fea8e1c) - tray: Fix shutdown sequence to prevent SSE reconnection and ensure clean exit (
0a750f9) - SSE transport with TeeReader to prevent stream consumption (
2e4af05) - quarantine: Non-blocking inspection with circuit breaker (issue #105) (
8221ef7) - supervisor: ActorPoolSimple.ConnectServer() now actually connects servers (
1420c1b) - sse: Fix SSE stream context lifecycle and add request serialization (
442269a) - ci: Fix E2E test and Windows npm install failures (
f43b290)
- Add permissions for PR comment workflow (
0478258) - Include mcpproxy-tray binary in Windows archives (
8eae28c) - Use bash shell explicitly for Windows runner compatibility (
471d75b) - Add .exe extension for Windows E2E test binaries (
f0fe3d3) - Skip tests for Windows ARM64 cross-compilation (
2896e00) - Use PowerShell Compress-Archive for Windows zip creation (
b707d5b) - Properly format file list for PowerShell Compress-Archive (
b04a5c0) - Skip internal/server E2E tests on Windows (timeout after 11min) (
4ac225e) - Add shell: bash to test step to ensure bash execution on Windows (
41dc8a0)
- Enhance PR build workflow with dynamic versioning and artifact sharing (
d673ae5) - Improve PR artifact download instructions (
d673704) - Align PR builds with release workflow using app bundle DMG (
6e7300a)
- Streamline autostart functionality by consolidating launch scripts and removing redundant environment setup (
de2dac1)
- Correct syscall.GetsockoptUcred signature for Linux (
3dbe6db) - Rename socket E2E tests to match skip pattern (
f40794c) - Add missing Windows dependency go-winio (
1a3007e) - Windows build issues with named pipes and platform-specific code (
73fe3f7) - Re-add runtime import needed for GOOS checks (
d960fa1) - Skip Unix socket test on Windows in dialer_test (
a5fbbdd) - Resolve golangci-lint issues (
24d3316) - E2E test failures - Windows binary path and data directory permissions (
b532540) - Socket E2E tests - macOS path limits and shutdown race conditions (
66930bd) - Tray menu displays server list and correct status URL in API mode (
7b3fac4) - Support empty MCPPROXY_API_KEY to disable authentication in E2E tests (
7aea31b) - Add curl -s flag to suppress progress meter in TestSocketInfoEndpoint (
b2b80dc) - Remove auto-retry logic from error states to match CanRetry configuration (
3e0f709) - Skip E2E tests in unit test step to prevent 2-minute timeout (
92b1b07) - Skip E2E tests in unit-tests.yml workflow (
79d57cd) - Skip Unix socket E2E test on Go < 1.23 (
55f8ace) - Resolve macOS Go cache conflict in PR build workflow (
1f515f1) - Add missing Quit() method to tray stub implementation (
cd731ec) - Skip Unix socket E2E tests on Go < 1.23 to prevent port resolution failures (
6c98ad9) - Remove toolchain directive to enable Go version matrix testing (
3cdc780) - Skip TCP tests in socket E2E when port resolution fails (
f29e5ff) - Skip TestE2E_QuarantineConfigApply when race detector is enabled (
e4dbbb2) - Move raceEnabled variable to separate file to fix build errors (
020a2ae)
- Unix socket/named pipe communication for tray-core (
a9e8869) - Complete Unix socket/pipe implementation with enhanced testing and documentation (
32b9a5a)
- Remove config sync E2E tests that don't match current architecture (
39d15f5) - Remove unused prepareIsolatedConfig function (
dd8611d)
- Rename enable_tray_socket to enable_socket for generalization (
b262fc5)
- Data race in scanForNewTokens method (
5997f24) - Keyring secret resolution and reactive server restart (
fc85dfe) - Race condition in TestNotifySecretsChanged_WithAffectedServers test (
83b9fdc) - Windows database cleanup issue in secret tests (
4f75021)
- Configuration auto-refresh in-memory sync and SSE event integration (
ffead18)
- Populate StateView with tools from background discovery (
925e3ab) - Implement reactive tool discovery for immediate UI updates (
55b62f4) - Immediate OAuth server connection and real-time UI updates (
684d739) - Resolve data race in supervisor package (
2047768) - E2E tests failing due to improper supervisor reconciliation (
0882db5) - TestE2E_ClientConnection timeout on macOS/Windows (
7a490bf) - Web UI delete server functionality and add comprehensive tests (
a5806ca)
- Adjust tests for Windows platform atomicity limitations (
37f10bc) - Suppress expected Windows errors in TestAtomicConfigWrite (
ece8fd8) - Suppress Windows read errors in TestAtomicConfigWrite (
69e4dca) - Make tray error states persistent for better UX clarity (
c631263)
- Save config to disk when restart required (fixes listen address changes) (
a5a3ce8)
- Handle empty config files including /dev/null (
e9655af)
- runtime: Implement Phase 3 Actor model for per-server goroutines (
16109da) - runtime: Implement Phase 4 Read Model & API Decoupling (
ae24e50) - observability: Implement Phase 5 Cleanup & Observability (
f287589) - phase6: Complete HTTP API StateView integration with async reconciliation (
2c1def3)
- Remove notarization check workflow file (
07cb76e)
- Update usage instructions for mcpproxy in workflows (
65195b3)
- Refactor macOS code-signing process and improve error handling for certificate imports (
7030127)
- Add step to copy frontend dist to embed location in release workflow (
30fca3e)
- logging: Capture stderr output before MCP initialization (
0262e80) - Format code and resolve linter issues (
e36b192) - Fix UI status display and data loading issues (
fa01431) - Update default core URL to use 127.0.0.1 for consistency (
32d3b03) - Add frontend build step to prerelease and release workflows (
7c14ea3) - Remove problematic Node.js cache configuration (
91a5aa2) - Include package-lock.json for reproducible builds (
129b14d) - Correct frontend build output path for Go embed (
1214104) - Temporarily disable ESLint to fix CI workflows (
9314a38) - Format stub files with gofmt (
1a6d518) - Resolve E2E test failures with API key authentication (
9b386c1) - Resolve TypeScript error in frontend API service and E2E test issues (
ac7f8a5) - Apply linting fixes for better code quality (
6b6c870) - Update test to expect 127.0.0.1:8080 and fix linting issues (
7046021) - Prevent tray from killing healthy core servers after 30 seconds (
24f52a2) - Add /readyz endpoint and proper tray startup logic to prevent premature server kills (
2211639) - Resolve tray startup timeout issue with proper readiness checking (
a7e8aad) - Implement relaxed readiness criteria to prevent tray timeout issues (
340c2ec) - Improve HTTP API logging and tray reconnection visibility (
cd4b09d) - Resolve SSE endpoint streaming and Web UI authentication issues (
f965eac) - Improve SSE endpoint to handle non-flusher environments (
e6a32bd) - Enhance SSE connection persistence with proper flushing and timing (
af3557c) - Implement localStorage persistence for Web UI API key (
c7a23b0) - Implement keyring placeholder resolution for secrets in server configs (
361080d) - Prevent multiple DMG versions in prerelease artifacts (
9ba6c14) - Resolve linter issues across codebase (
2552824) - Resolve frontend API authentication header issues (
4b8d1a4) - Prevent race conditions in API key initialization and simplify Web UI handler (
427027c) - Add missing PKG installer scripts and fix tray HTTPS/HTTP protocol detection (
dda7692) - Improve PKG installer signing with proper certificate handling (
b911e5e) - Handle Developer ID certificate types for PKG signing (
1aaf495) - Use component PKG to avoid Gatekeeper warnings (
47bb74e) - Improve database opening logic in BoltDB (
37c3a80) - Update timestamp in e2e-config and remove sensitive api_key (
257b82b) - Update golangci-lint action version to v2.5.0 (
ce1eb36) - Update golangci-lint action version to v7 (
1f82b2a) - Correct frontend dist copying in Windows workflow (
1854f4f) - Add frontend build steps to E2E test workflow (
7bb99de) - Correct frontend build directory in E2E workflow (
5f3668a) - Copy frontend dist to web/frontend/ for Go embed (
4b9a64b) - Create web/frontend directory before copying dist (
a5e5ea3) - Disable API key auth in binary tests to prevent timeouts (
acc598b) - Remove deprecated --tray flag from CI workflows (
f94458d) - Reduce OAuth authentication error log level in tests (
fb6c22a) - Update server references from "everything" to "memory" in tests and related functions (
3cffc76) - Update test workflow to skip Binary tests and add dedicated Binary test execution (
b10bc61) - Remove tools_stat reference from documentation and enhance tool indexing wait logic in tests (
ccce7c5) - Improve waitForToolIndexing timeout and error handling (
8bdbae6)
- Add mcpproxy-tray binary to build process and clean up artifacts (
b850e89) - Retry component PKG build after cache failure (
835b618)
- Add prerelease build documentation and update workflow status (
aabe336) - Update CLAUDE.md and enhance APIService with API key management (
43812e1) - Update CLAUDE.md with new tray-core communication environment variables and API key management details (
08f09d2)
- tray: Add color icons for Windows (
bebc75f) - build: Build script for Windows PowerShell (
e6c154a) - Implement secrets storage & UX with OS keyring integration (
dd97d02) - Add secret management API endpoints and types (
c66468a) - Enhance secrets management with configuration secrets API (
d3f0587) - Implement port conflict resolution in tray UI (
16341e5) - Enhance tray configuration with environment variable support (
b5c48cc) - Add feature flags to e2e configuration (
dd3823e) - Fix prerelease DMG builds with proper tray binary support (
ab31add) - Add tool count caching to reduce excessive ListTools calls (
597dfa5) - Add security features - localhost binding and API key authentication (
2be5068) - Improve web UI auth flow and API key handling (
fa87c82) - Add TypeScript type generation step to frontend build process (
5da0925) - Add secret management types and enhance frontend UI (
cd1e364) - Enhance Web UI authentication flow and security measures (
4f88596) - Implement optional HTTPS support and certificate management (
655ce54) - Add macOS PKG installer creation and notarization process (
b5605ea) - Add Repositories page and copy MCP address functionality to NavBar (
c07e47a) - Add diagnostics API and UI integration (
81ef188) - Implement Tool Call History feature (
13bcdda) - Add HintsPanel component and integrate into multiple views (
758f8a4) - Add configuration management endpoints and UI integration (
c4cfc52) - Add tool call replay functionality (
ba811fa) - Implement token metrics tracking and UI integration (
4ad01d4) - Enhance server loading with concurrency support (
4b8329b) - Add JsonViewer component for enhanced JSON display (
12ddfbc) - Enhance UI with new components and chart integration (
7add75f) - Update default configuration values for listener and TLS settings (
13d258b) - Add quarantine state management tests for server configuration (
317be6c) - Update configuration and log directory paths to be platform-specific (
ff7c944) - Update installer branding and welcome messages for MCP Proxy (
4436514) - Refactor SearchResult structure and update related components for improved tool data handling (
fad192e) - Implement registry browsing functionality (Phase 7) (
8973364) - Rename 'Settings' to 'Configuration' and update related paths in SidebarNav and router (
b621c2a) - Add CollapsibleHintsPanel component and integrate it into various views (
93272e2) - Increase dropdown width in NavBar and SidebarNav for better usability (
85e9280) - Add welcome and conclusion RTF files for installer resources with fallback handling (
45c7059) - Refactor tray management by removing startStopItem and related lifecycle controls (
6afb2b7) - Implement quarantine and unquarantine functionality for servers with UI integration (
12b2b19) - Reduce logging noise by removing active and idle connection state logs (
88c269d) - Enhance LoadConfiguredServers to accept a config parameter and improve async server reload handling (
724c5c9) - Enhance secret management by adding KeyringSecretStatus and integrating it into the configuration response (
22915e4) - Enhance AddSecretModal with predefined name handling and improve Secrets view for missing secrets (
b8cdeee) - Update NewClientWithOptions to use resolved server config for environment variables (
50a0495) - Refactor web package to remove development mode and embed frontend files (
f3f7527) - Update embedded file handling to serve from frontend/dist directory (
388bfa2) - Update web handler to serve index.html from embedded filesystem and adjust .gitignore for new paths (
51cdb22) - Add new icon files and scripts for Windows tray support and build process (
ba195bc) - Add step to copy frontend dist for embedding (
2321fc3) - Add TypeScript types for API responses and server configurations (
8d0f9be) - Enhance frontend dist copying for embedding across OS environments (
c9d5992) - Update Go version matrix in unit tests workflow (
1cc9090) - Implement WaitGroup for graceful shutdown in AsyncManager (
d0af7a1) - Implement platform-specific address-in-use error detection for server (
fc3fba0) - Add RestartServer method for synchronous server restart functionality (
df02a51)
- Implement Interface Architecture & Dependency Injection (
9b4100b)
- Implement robust state machine architecture for tray app (
cd6ef7d) - Enhance core process launch handling in tray app (
54e40dc) - Update cache manager adapter and improve test logic for security checks (
30fb813) - Update LoadConfiguredServers to use asynchronous server operations and modify e2e-config for enabled state (
0e8a835) - Clean up unused code and comments for future functionality (
10061fb)
- Add frontend build output debugging to workflow (
9ac2e59) - Add directory listing to troubleshoot frontend build (
68429fe)
- Improve code formatting and consistency across multiple files (
366a83a)
- Improve startup orchestration (
034a0b8)
- Correct display tray icon on windows (
9cea772) - Run windows shell command (
fc5a508) - Define osWindows constant and update shell command logic (
fe4b8f9)
- Implement professional macOS DMG packaging and enhanced auto-update - Add macOS universal binary build configuration - Create GitHub Actions workflow for DMG creation using create-dmg - Implement comprehensive macOS installation guide - Add LaunchAgent plist for auto-start functionality - Enhance auto-update to handle ZIP files and universal binaries - Add proper asset finding logic for macOS universal binaries - Include Gatekeeper bypass instructions and security considerations - Support both drag-and-drop DMG and Homebrew installation methods (
d888f40)
- Remove DMG configuration - DMG creation requires GoReleaser Pro, not available in free version (
19f8343)
- Correct GoReleaser v2 dmg configuration - Change dmgs to dmg field and simplify configuration for v2 compatibility (
51c15c5)
- Update GoReleaser config for v2 compatibility - Replace deprecated brews with homebrew_casks, change folder to directory field, remove unsupported title field from winget pull_request, move dmg to dmgs section, add quarantine removal hook for unsigned binaries (
f0b97f0)
- Update GoReleaser action to v6 to support config version 2 (
c81d52d)