mcporter v0.11.3

Highlights

• Falls back to ~/.mcporter/mcporter.json[c] when XDG_CONFIG_HOME points at an empty mcporter config directory, preventing embedders from accidentally hiding the user server registry. Fixes issue #184, thanks @ChrisBot2026.
• Moves pnpm overrides into pnpm-workspace.yaml so current pnpm releases no longer ignore the override config during release gates.

Verification

• CI: https://github.com/openclaw/mcporter/actions/runs/26254162316 (chore: release 0.11.3, commit 94e65ba0572e06c9830ffd0f9c19dac65e271315)
• npm: https://www.npmjs.com/package/mcporter/v/0.11.3
• npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.3.tgz
• npm integrity: sha512-586j5J/Ts1R2K2ms5unz+FxtH331I1wle59lBPBkCsWNliNa7C3+aYv/nLTrz/3xJF+4t8/YkeJRgM3+nZ4euQ==
• Smoke: npx --yes mcporter@0.11.3 generate-cli "npx -y chrome-devtools-mcp" --compile from an empty directory, plus published-package XDG fallback smoke from a temp home/cwd.

Checksums

SHA256 (mcporter-macos-arm64-v0.11.3.tar.gz): cb73106b091ec5fcbf13bd0237ba9fc09d209147a7bc8df4e1cf25aefa320138
SHA1 (mcporter-0.11.3.tgz): a9112366b1f62260ec23875f9c2eaa35d2333566
SHA256 (mcporter-0.11.3.tgz): c9b032672005d15bf848d2c064e20053e40fb917c70dd217f701e809d6befd11

mcporter v0.11.2

Highlights

• Add mcporter list --status, --exit-code, and --quiet for concise server health checks without introducing a separate health command.
• Make generate-cli --bundle artifacts deterministic by removing bundle-only paths/timestamps from embedded metadata and sorting generated tool/schema output. Thanks @imroc.
• Let daemon-managed OAuth servers reuse cached credentials for tool calls and tool listing after token expiry. Thanks @bradhallett.
• Avoid restarting browser OAuth when an already-connected server has a still-valid cached access token. Thanks @jaigew and @StanAngeloff.
• Add the documented top-level daemonIdleTimeoutMs config to shut down inactive keep-alive daemons. Thanks @jarek083.

Verification

• CI: https://github.com/openclaw/mcporter/actions/runs/26251244471
• npm version: https://www.npmjs.com/package/mcporter/v/0.11.2
• npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.2.tgz
• npm integrity: sha512-DJE710eH7EUuKCPtMHi54/vqtCbgOaT9guQc2Y1e9DSk2VI2FDtHlV6l4i+/tf+3GY/ChUSVVOqQno3p/tTPzg==
• Smoke: npx mcporter@0.11.2 generate-cli "npx -y chrome-devtools-mcp" --compile

Checksums

• mcporter-0.11.2.tgz SHA1: b2e8731d39357934e174ac66feb1aebf83345407
• mcporter-0.11.2.tgz SHA256: 379e1010daa4df47f8c1df068e749bc2b3c7d7d36905abaf1923ba342c0eadcb
• mcporter-macos-arm64-v0.11.2.tar.gz SHA256: 4f87de9a1fc0d312c8c35cb1d60bebf6df19d97f7a74dda47be805e1b36abe75

mcporter v0.11.1

Changelog

CLI

• Make generate-cli --runtime node --bundle <name>.mjs emit an ES module bundle with a local require shim, fixing .mjs artifacts that previously crashed at startup.
• Classify generated .mjs and .cjs outputs as bundle artifacts in embedded metadata instead of reporting them as binaries.
• Avoid leaving implicit <server>.ts template files in the current directory when generating bundle-only artifacts without --output.
• Print generated CLI help with a trailing newline so subsequent shell output no longer glues onto the help footer.
• Point generated CLI metadata and npm package metadata at openclaw/mcporter.
• Document the existing generate-cli --timeout, --minify, and --no-minify flags in generate-cli --help.
• Suppress expected Rolldown unresolved-import warnings for Node built-ins during successful generated CLI bundling.

Verification

• npm: https://www.npmjs.com/package/mcporter/v/0.11.1
• npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.1.tgz
• npm integrity: sha512-L62k1w9aSIqUUK/etaRW0EzGEFtFE82Pnx89Mf1+jI8miQ6D2apgiZjzwTaMmdjKLL+7Z14YANh3dEuCYnefYw==
• CI: https://github.com/openclaw/mcporter/actions/runs/25877631589
• Empty-dir compile smoke: npx --yes mcporter@0.11.1 generate-cli "npx -y chrome-devtools-mcp" --compile

Checksums

• SHA1 (mcporter-0.11.1.tgz): 2bb09b7be426e3eca533a5cfa1063b5b5878a959
• SHA256 (mcporter-0.11.1.tgz): 0e93f4f6c036e21160ef32e1da8806744ded0fd90da336718ad0f7ad7f3a2abd
• SHA256 (mcporter-macos-arm64-v0.11.1.tar.gz): 2c48292812bc23a7c7f690df6f70a721cf92df7dc0eaee0dc739a100df8b7abd

mcporter v0.11.0

Highlights

• mcporter serve exposes daemon-managed keep-alive servers as one MCP bridge with readable server__tool names.
• Headless OAuth is stronger: no-browser auth URLs, vault seeding/clearing, cached token refresh, and auth: "refreshable_bearer" for stdio/env injection.
• HTTP compatibility improved with httpFetch: "node-http1", including automatic Sunsama support.
• Parallel agents get safer config/vault/cache writes and parseable JSON output under daemon recovery.

Full Changelog

Config

• Support auth: "refreshable_bearer" with explicit refresh settings so cached OAuth tokens can be refreshed before HTTP connects or injected into stdio env vars. (Issue #173, thanks @tokyo-s)
• Add httpFetch: "node-http1" for HTTP MCP servers whose providers reject Node's built-in fetch, and auto-apply it to Sunsama's endpoint. (Issue #158, thanks @mattash)
• Resolve ${VAR} and ${VAR:-fallback} placeholders across string-valued server config fields such as baseUrl, command/args, tokenCacheDir, and pre-registered OAuth fields while keeping headers/env/bearer-token placeholders lazy until runtime. (PR #161 / issue #157, thanks @zxyasfas)
• Add mcporter vault set <server> and mcporter vault clear <server> so headless deployments can seed or clear OAuth vault credentials without reproducing mcporter's internal vault-key format. (Issue #156)

CLI

• Add mcporter serve, exposing daemon-managed keep-alive servers as one MCP bridge with readable server__tool names for stdio and Streamable HTTP clients. (PR #172, thanks @zm2231)
• Prefer MCP structuredContent nested inside JSON-RPC result envelopes so mcporter call --output json stays parseable for dual text/structured tool responses. (Issue #168, thanks @mar-zh)
• Serialize read-modify-write config and OAuth vault updates, and write JSON/cache metadata atomically to avoid lost entries under parallel invocations. (Issue #167, thanks @alexminza)
• Patch chrome-devtools-mcp --autoConnect launches at runtime so mcporter call chrome-devtools.list_pages can keep using a logged-in Chrome profile while upstream DevTools-window detection can hang on busy profiles.

OAuth

• Add headless OAuth login support via --no-browser, --browser none, and MCPORTER_OAUTH_NO_BROWSER, emitting parseable authorization URLs for remote auth flows. (PR #171 / issue #169, thanks @feniix)
• Proactively complete OAuth for configured HTTP servers that allow unauthenticated initialize/listTools but require credentials for tool calls, and close the local callback server promptly after browser authorization. (PR #159, thanks @Spacefish)
• Refresh expired cached OAuth access tokens during non-interactive mcporter list without opening a browser or clearing cached credentials when refresh fails. (Issue #166, thanks @chrisabad)

Verification

• CI: https://github.com/openclaw/mcporter/actions/runs/25876071091
• npm version: https://www.npmjs.com/package/mcporter/v/0.11.0
• npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.0.tgz
• npm integrity: sha512-jhPGtSnzV/mNcTfJkMEriRPtLqgGPf67zunMuOeqRrrb/mw4IIVuKoSoecJf613v4vcNKJ1UyBunrEdHm1wWQQ==

SHA256 (mcporter-macos-arm64-v0.11.0.tar.gz): 0b8965cb252fbd9852d31c1426ead35de75efdb4744b13b55344a9b4f3f1b224
SHA256 (mcporter-0.11.0.tgz): 18756d3ad01325e83120c9dd7a55e9b6aaebcd97761c97ac1ff593435df8a05e

mcporter v0.10.2

Highlights

• Faster warm keep-alive calls by trimming daemon round-trips and runtime startup work.
• More robust live MCP behavior for resource errors, OAuth/list failures, and tool-name auto-correction.
• Generated CLIs now keep JSON output parseable for plain-text MCP results.

SHA256 (mcporter-macos-arm64-v0.10.2.tar.gz): 540390c49b5d04ecd9174a33a48bfabd4a3748b8616409882776954f9c17b571
SHA256 (mcporter-0.10.2.tgz): fedf0974ad84b78183c48caada7faf773dbed3100530765d7a6c503dc4f5b016

mcporter v0.10.1

Changes

CLI

• Fixed Bun-compiled standalone macOS binaries so mcporter generate-cli --compile works from an empty directory, even when there is no local package.json or node_modules tree.
• generate-cli --compile now stages the matching published mcporter package dependencies when bundled dependencies cannot be linked or copied from the local package tree.
• The Bun compile step now runs from the staging directory, so generated CLI builds resolve mcporter, commander, and related dependencies from the same directory that contains the generated artifact.
• Added a clearer failure message for standalone development binaries that cannot resolve published bundler dependencies.

Tests

• Added an opt-in standalone Bun release-binary regression smoke behind MCPORTER_STANDALONE_BINARY_TEST=1.
• The smoke builds dist-bun/mcporter, packs the current package, runs generate-cli --compile from an empty temp directory, and verifies the compiled CLI help output.

Docs / Release Process

• Clarified that the Homebrew formula should install the npm .tgz, not the standalone Bun macOS tarball, because generated CLI compilation needs the installed package tree.
• Documented the Homebrew release verification flow: update the tap URL/SHA, use --min-release-age=0, refresh tap README callouts, run brew reinstall, brew test, and run an empty-directory compile smoke with /opt/homebrew/bin/mcporter.
• Documented npm and npx post-release verification, plus optional repeat verification on another Mac.

Maintenance

• Started the next development cycle after v0.10.0 with a fresh Unreleased changelog stub.

Included Commits

• 026eb28 fix: support standalone binary CLI compilation
• 6ed9860 docs: clarify Homebrew release verification
• 2100639 chore: start next development cycle

Release Verification

• npm package surface verified.
• npx mcporter@0.10.1 surface verified.
• Direct standalone macOS binary surface verified.

Artifacts

• mcporter-macos-arm64-v0.10.1.tar.gz
  • SHA256: 17451e9fd0cba13c4c506d43a3574f1cf8c707d9076aa1d22381d958199e0e1f
• mcporter-0.10.1.tgz
  • SHA1: 918af2d239a8e27292c9621bae965e07578bdb1e
  • SHA256: efef969838b18df0bcbc3b5fe3d4a7057a96e99c46a3f25e2deb0dfd7afee1d3
• Uploaded checksum files:
  • mcporter-macos-arm64-v0.10.1.tar.gz.sha256
  • mcporter-0.10.1.tgz.sha1
  • mcporter-0.10.1.tgz.sha256

mcporter v0.10.0

Highlights

• Added mcporter resource <server> [uri] for listing and reading MCP resources, including keep-alive daemon routing.
• Improved generated keep-alive CLIs and Bun-compiled macOS daemon startup for persistent server workflows.
• Added XDG directory support and static OAuth client configuration for providers without dynamic registration.

SHA256 (mcporter-macos-arm64-v0.10.0.tar.gz): 4b23391b709ea3ba877df283cb1b66c69d361fc8cee6f87d0b5d7fd8838be0e5
SHA256 (mcporter-0.10.0.tgz): 446fdf8c6a61e5201868ba702087de003308fbb11c56f6209ef331579c1af917

mcporter v0.9.0

Changelog

CLI

• Add per-server exact-name tool filtering with allowedTools and blockedTools, including config serialization and runtime call/list enforcement. (Rebuild of PR #39, thanks @tonylampada)
• Escalate stuck stdio child-process shutdowns after close timeouts instead of treating the timeout as a clean exit. (PR #39, thanks @tonylampada)
• Quote OAuth browser URLs when launching cmd.exe on Windows, preserving query parameters such as redirect_uri. (PR #136, thanks @cosminilie)
• Document OAuth-protected server config setup with mcporter config add --auth oauth and mcporter auth. (PR #34, thanks @prateek)
• Respect schema-declared string parameters when coercing numeric-looking mcporter call key=value arguments, so Slack timestamps like thread_ts stay strings. (PR #141, thanks @Hamzaa6296)

Checksums

SHA256 (mcporter-macos-arm64-v0.9.0.tar.gz): 20cae1f412c8790d1801bd557825b12bb6354e73bd277be5484e53a58cf81c0b
SHA256 (mcporter-0.9.0.tgz): 7ebe1d1050f04a9ddea0478f8314b94239b6716f87061b2daad750d281b84526

mcporter v0.8.1

[0.8.1] - 2026-03-29

CLI

• Bun-compiled/Homebrew binaries now embed the package version before boot, so mcporter --version reports the real release (for example 0.8.1) instead of falling back to 0.0.0-dev.

Tests

• Added regression coverage for the Bun compile wrapper so future release builds keep the embedded runtime version intact.

Tooling / Dependencies

• npm publishes now use an explicit package allowlist, so local release tarballs/checksum files do not get bundled into the published package.

SHA256 (mcporter-macos-arm64-v0.8.1.tar.gz): 7f726f70801bdded163699b53fade8b602c18f0dbc07851ce5ddad8e0e8bcb3b
SHA256 (mcporter-0.8.1.tgz): 07abbbc8e3ffbaf1fd2a8030a90b56a5c895f52cfa301b42ff79cbaa0644242e

mcporter v0.8.0

[0.8.0] - 2026-03-29

CLI

• Preserve OAuth flow vs post-auth transport failures so invalid OAuth/provider errors surface directly, while real legacy 404/405 transport mismatches still fall back to SSE correctly. (PR #97, thanks @mavam)
• Ignore static Authorization headers once OAuth is active so imported editor configs cannot override fresh OAuth tokens. (PR #123, thanks @ahonn)
• Keep mcporter call --output json parseable by emitting valid JSON even when the command falls back to raw output. (PR #128, thanks @armanddp)
• Render resource content blocks in call output helpers instead of dropping them, including markdown resources and JSON text payloads. (PR #124, thanks @mvanhorn)
• Preserve full JSON/error payloads when data is just one field instead of collapsing the response to data alone. (PR #106, thanks @AielloChan)
• Generated CLIs now parse object-valued flags as JSON and render object placeholders/examples with JSON-shaped help text, so tools like Jira fields no longer receive raw strings. (PR #114, thanks @v2nic)
• Deduplicate concurrent keep-alive daemon restarts per server so repeated fatal errors only force-close the cached daemon transport once before retrying. (PR #125, thanks @zm2231)
• mcporter config add now accepts plural --args as an alias for repeated stdio arguments, matching common CLI muscle memory. (PR #93, thanks @Jah-yee)
• Preserve default imports when mcporter config add writes a config file, instead of forcing "imports": [].
• OAuth: avoid crashing on headless Linux when xdg-open is unavailable; clear stale dynamic-port client registrations; close callback server if stale-client persistence reads fail. (PR #72, thanks @mgonto)
• Added optional oauthScope/oauth_scope config override as an escape hatch for providers that require explicit scopes.
• OAuth wait/redirect now share one deferred to eliminate authorization race windows and preserve stable close-path errors, including wait-before-redirect and repeated-redirect flows. (PR #70, thanks @monotykamary)
• createCallResult().json() now collects all parseable JSON entries from MCP content arrays (single item stays backward-compatible), and raw inspect depth now stays readable without unbounded traversal. (PR #91, thanks @Blankdlh)
• Added --raw-strings (numeric coercion off) and --no-coerce (all coercion off) for mcporter call argument parsing so IDs/codes can stay literal strings. (PR #59, thanks @nobrainer-tech)
• Added CallResult.images() plus opt-in mcporter call --save-images <dir> so image content blocks can be persisted without changing existing stdout output contracts. (PR #61, thanks @daniella-11ways)
• OAuth transport retries now classify HTTP 405 as HTTP (not auth) and OAuth promotion applies to configured HTTP servers too, so post-auth fallback flows no longer drop credentials on 405-only endpoints. (PR #48, thanks @caseyg)
• Config loading now parses project and explicit config files as JSONC, so mcporter.json / mcporter.jsonc can include comments and trailing commas. (PR #42, thanks @aryasaatvik)
• Added generated mcporter.schema.json plus pnpm generate:schema for IDE autocomplete/validation, including $schema and oauthScope/oauth_scope coverage. (PR #43, thanks @aryasaatvik)

Tooling / Dependencies

• Updated dependencies to latest releases (including MCP SDK, Rolldown RC, Zod, Biome, Oxlint, Vitest, Bun types).
• Synced biome.json schema URL to Biome 2.4.5.

SHA256 (mcporter-macos-arm64-v0.8.0.tar.gz): 81c093704e1f0f247f14f2fa7ff0e8206227f9d44d6b8ff4bbd839941d083475
SHA256 (mcporter-0.8.0.tgz): 1de6cbbaf1295ceaa66a5ff5896987681021003d00d176d021b44dc5dc7daa80