Releases: openclaw/mcporter
Release list
mcporter v0.12.3
Highlights
- Fix list signatures and call examples for typed arrays, keeping number, boolean, object, and unknown array values type-correct.
- Refresh compatible runtime, bundling, type-checking, lint, and security-override dependencies while preserving the Node and pnpm toolchain.
Changelog
CLI
- Fix list signatures and call examples for typed arrays, keeping number, boolean, object, and unknown array values type-correct. (Issue #221, thanks @VincXiong)
Tooling / Dependencies
- Refresh compatible runtime, bundling, type-checking, lint, and security-override dependencies while preserving the Node and pnpm toolchain. (PR #224)
npm
- Package: mcporter@0.12.3
- Registry tarball: mcporter-0.12.3.tgz
- Integrity:
sha512-FD6nV4AzrsJSYtIqkLE0emNNiVl0p9W2bJosORAhmI5HCfcz2fc0WjmaY26bfFRW+2aCNL3aCssoFRjcYcQjgQ== - Registry shasum:
1ab6f1306745e601c31927b2c1e34ec1873db8a5 - Published:
2026-07-01T07:32:19.109Z
Artifacts
- SHA256 (
mcporter-macos-arm64-v0.12.3.tar.gz):bb896bde3b7e2eef0a700bcd2598678f4f4184306e63b2e12465d780a1184b78 - SHA256 (
mcporter-0.12.3.tgz):9cf707fac46fdf69c27e67b9e29b866e7bb51d98266671c4282fdfed66569751
Verification
- Exact-head CI green on Ubuntu, macOS, and Windows
pnpm check; 129 test files passed, 814 tests passed, 3 skipped; TypeScript and Bun builds passed.- Typed-array implementation proof and source-blind built-CLI validation
- Packed consumer install/import, typed-array list/call/error validation, generated CLI compile, and published empty-directory
generate-cli --compilesmoke passed. pnpm audit --json: zero advisories at every severity; structured autoreview clean; Public Model Identifier Gate passed.- Dependency refresh proof: the deprecated DeepWiki endpoint assertion passed; upstream live calls timed out at 30 and 90 seconds. The owner waived that item-specific success-path proof because provider and transport code are unchanged.
mcporter v0.12.2
Highlights
- Prevent large piped CLI output from being truncated during forced shutdown, while keeping stalled readers bounded and treating broken pipes as normal shell behavior.
- Resolve configured and ad-hoc HTTP tool selectors consistently so targeted list and call commands keep server names separate from MCP tool names.
npm
- Package: mcporter@0.12.2
- Registry tarball: mcporter-0.12.2.tgz
- Integrity:
sha512-tpVjIFsXlrsy1LUqzDrWBNsA3ialxH2ekm8KGBKjKgBRKdfcVblTGyhI8qmjvxAhuzg+4h0IsZxCD+CPwOVJvg== - Registry shasum:
fff5ba423d56b88a720491621a43240db16d1f2d
Artifacts
- SHA256 (
mcporter-macos-arm64-v0.12.2.tar.gz):5084bad0c08816c88a39a3a56e1eff514639b1575c1e1cec81bc8094045bf358 - SHA256 (
mcporter-0.12.2.tgz):69645910e190def4a9adaf9f527216a6d59eb4e50773e93995cc5a0fc50a43f6
Verification
pnpm checkpnpm test: 811 passed, 3 skipped- TypeScript and Bun builds
- Published empty-directory
generate-cli --compilesmoke - CI green on Ubuntu, macOS, and Windows
mcporter v0.12.1
Highlights
- Add
key=@pathand--key @pathcall arguments for exact UTF-8 file values, with@@escaping for literal leading@. - Skip imported server entries with unresolved editor-specific environment placeholders while allowing later valid duplicates.
- Recover from corrupt cached OAuth tokens and client metadata by re-authenticating, while keeping callback state fail-closed.
- Preserve replacement daemon socket and metadata ownership during superseded-daemon shutdown.
- Refresh development dependencies and security overrides.
npm
- Package: mcporter@0.12.1
- Registry tarball: mcporter-0.12.1.tgz
- Integrity:
sha512-SHuuxLSvCVsnDXAEIRuFQXbKwJud/02jaQlgZypdz4VB9IuIPWUU5sQf9uWvfPiN3uSMiiq4Ww0QigOzdNxpmw== - Registry shasum:
7eb2a2fd39823aaeb848d40e43ba3bb06ab29cb2
Artifacts
- SHA256 (
mcporter-macos-arm64-v0.12.1.tar.gz):b14a2ceb48b1e389aab9cf346a59034429589d9b0dd0489fb8eda2a7455f9ba9 - SHA256 (
mcporter-0.12.1.tgz):af164afb573414b7336762648200f92d3d25cd1fccae19cae81286edc0b2dcde
Verification
pnpm checkpnpm test: 799 passed, 3 skipped- TypeScript and Bun builds
- Published empty-directory
generate-cli --compilesmoke
mcporter v0.12.0
Highlights
- Add cache-friendly
disableOAuthsupport across headless runtime, CLI, daemon, proxy, andcallOncepaths. - Add per-server
mcporter serveendpoints at/mcp/<server>plus MCP traffic record/replay helpers. - Improve daemon reliability, keep CloudBase authentication polling alive, and return non-zero status for explicit unknown-server list failures.
Changes
OAuth
- Add cache-friendly
disableOAuthsupport across headless runtime, CLI, daemon, proxy, andcallOncepaths so callers can suppress interactive OAuth without losing connection reuse. (Issues #197, #199, #201, thanks @feniix) - Recover cleanly from renamed OAuth server entries, invalid refresh tokens, and stale dynamic client registrations without reusing unrelated same-URL credentials.
- Prevent concurrent OAuth vault updates from briefly exposing empty lock files and losing credential entries under load.
CLI
- Add per-server Streamable HTTP paths for
mcporter serveat/mcp/<server>, exposing one keep-alive server with original tool names while preserving aggregate/mcpnamespacing. (PR #194, thanks @zm2231) - Add
mcporter recordandmcporter replayhelpers for capturing and replaying MCP JSON-RPC traffic, with server filters and daemon-safe manual env setup. (PR #192, thanks @LDMB123) - Prevent direct daemon starts from rebinding over an already-running healthy daemon, avoiding orphaned keep-alive processes during foreground or launch races. (PR #195, thanks @zm2231)
- Return a non-zero exit code for explicit
mcporter list <unknown-server>failures while preserving aggregate list health checks by default. (Issue #203, thanks @theo674) - Reconcile keep-alive daemon metadata with the responding process and serialize daemon startup across parallel clients, preventing duplicate orphaned daemons. (Issue #191, thanks @dtmsyi)
- Keep CloudBase MCP alive by default so device-code authentication can finish polling and persist credentials after returning
AUTH_PENDING. (PR #193, thanks @sevzq) - Keep daemon-managed stdio servers warm across repeated
mcporter listrequests instead of treating non-interactive tool listing as a throwaway process. (Issue #188, thanks @robertoronderosjr)
Tooling / Dependencies
- Refresh development dependencies and satisfy the stricter
oxlintcheck.
Verification
- npm: mcporter@0.12.0
- Registry tarball: mcporter-0.12.0.tgz
- npm integrity:
sha512-1jM+UcieQjLbQReVW0teYy8QS+2VH+/6sojK1rEdh6D5P5jsBuCRFW//0ZEhcHEsvLacSsuPyZLcV7UDJY/ouA== - Published:
2026-06-10T05:49:11.334Z - CI: release commit checks
- Release commit:
023314cf31cd15759830296a61ac2b1b982bdd1d
SHA256 (mcporter-macos-arm64-v0.12.0.tar.gz): 6bd80a34422a890b92e2ff1074966114677e06aa92126ff8b850257b29c4441f
SHA256 (mcporter-0.12.0.tgz): 847753ddffaeb63305a3088730babb94b9a3ab83ef6e9f00551dae8bba70f3d0
mcporter v0.11.3
Highlights
- Falls back to
~/.mcporter/mcporter.json[c]whenXDG_CONFIG_HOMEpoints at an empty mcporter config directory, preventing embedders from accidentally hiding the user server registry. Fixes issue #184, thanks @ChrisBot2026. - Moves pnpm overrides into
pnpm-workspace.yamlso current pnpm releases no longer ignore the override config during release gates.
Verification
- CI: https://github.com/openclaw/mcporter/actions/runs/26254162316 (
chore: release 0.11.3, commit94e65ba0572e06c9830ffd0f9c19dac65e271315) - npm: https://www.npmjs.com/package/mcporter/v/0.11.3
- npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.3.tgz
- npm integrity:
sha512-586j5J/Ts1R2K2ms5unz+FxtH331I1wle59lBPBkCsWNliNa7C3+aYv/nLTrz/3xJF+4t8/YkeJRgM3+nZ4euQ== - Smoke:
npx --yes mcporter@0.11.3 generate-cli "npx -y chrome-devtools-mcp" --compilefrom an empty directory, plus published-package XDG fallback smoke from a temp home/cwd.
Checksums
SHA256 (mcporter-macos-arm64-v0.11.3.tar.gz): cb73106b091ec5fcbf13bd0237ba9fc09d209147a7bc8df4e1cf25aefa320138
SHA1 (mcporter-0.11.3.tgz): a9112366b1f62260ec23875f9c2eaa35d2333566
SHA256 (mcporter-0.11.3.tgz): c9b032672005d15bf848d2c064e20053e40fb917c70dd217f701e809d6befd11
mcporter v0.11.2
Highlights
- Add
mcporter list --status,--exit-code, and--quietfor concise server health checks without introducing a separate health command. - Make
generate-cli --bundleartifacts deterministic by removing bundle-only paths/timestamps from embedded metadata and sorting generated tool/schema output. Thanks @imroc. - Let daemon-managed OAuth servers reuse cached credentials for tool calls and tool listing after token expiry. Thanks @bradhallett.
- Avoid restarting browser OAuth when an already-connected server has a still-valid cached access token. Thanks @jaigew and @StanAngeloff.
- Add the documented top-level
daemonIdleTimeoutMsconfig to shut down inactive keep-alive daemons. Thanks @jarek083.
Verification
- CI: https://github.com/openclaw/mcporter/actions/runs/26251244471
- npm version: https://www.npmjs.com/package/mcporter/v/0.11.2
- npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.2.tgz
- npm integrity:
sha512-DJE710eH7EUuKCPtMHi54/vqtCbgOaT9guQc2Y1e9DSk2VI2FDtHlV6l4i+/tf+3GY/ChUSVVOqQno3p/tTPzg== - Smoke:
npx mcporter@0.11.2 generate-cli "npx -y chrome-devtools-mcp" --compile
Checksums
mcporter-0.11.2.tgzSHA1:b2e8731d39357934e174ac66feb1aebf83345407mcporter-0.11.2.tgzSHA256:379e1010daa4df47f8c1df068e749bc2b3c7d7d36905abaf1923ba342c0eadcbmcporter-macos-arm64-v0.11.2.tar.gzSHA256:4f87de9a1fc0d312c8c35cb1d60bebf6df19d97f7a74dda47be805e1b36abe75
mcporter v0.11.1
Changelog
CLI
- Make
generate-cli --runtime node --bundle <name>.mjsemit an ES module bundle with a localrequireshim, fixing.mjsartifacts that previously crashed at startup. - Classify generated
.mjsand.cjsoutputs as bundle artifacts in embedded metadata instead of reporting them as binaries. - Avoid leaving implicit
<server>.tstemplate files in the current directory when generating bundle-only artifacts without--output. - Print generated CLI help with a trailing newline so subsequent shell output no longer glues onto the help footer.
- Point generated CLI metadata and npm package metadata at
openclaw/mcporter. - Document the existing
generate-cli --timeout,--minify, and--no-minifyflags ingenerate-cli --help. - Suppress expected Rolldown unresolved-import warnings for Node built-ins during successful generated CLI bundling.
Verification
- npm: https://www.npmjs.com/package/mcporter/v/0.11.1
- npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.1.tgz
- npm integrity:
sha512-L62k1w9aSIqUUK/etaRW0EzGEFtFE82Pnx89Mf1+jI8miQ6D2apgiZjzwTaMmdjKLL+7Z14YANh3dEuCYnefYw== - CI: https://github.com/openclaw/mcporter/actions/runs/25877631589
- Empty-dir compile smoke:
npx --yes mcporter@0.11.1 generate-cli "npx -y chrome-devtools-mcp" --compile
Checksums
- SHA1 (
mcporter-0.11.1.tgz):2bb09b7be426e3eca533a5cfa1063b5b5878a959 - SHA256 (
mcporter-0.11.1.tgz):0e93f4f6c036e21160ef32e1da8806744ded0fd90da336718ad0f7ad7f3a2abd - SHA256 (
mcporter-macos-arm64-v0.11.1.tar.gz):2c48292812bc23a7c7f690df6f70a721cf92df7dc0eaee0dc739a100df8b7abd
mcporter v0.11.0
Highlights
mcporter serveexposes daemon-managed keep-alive servers as one MCP bridge with readableserver__toolnames.- Headless OAuth is stronger: no-browser auth URLs, vault seeding/clearing, cached token refresh, and
auth: "refreshable_bearer"for stdio/env injection. - HTTP compatibility improved with
httpFetch: "node-http1", including automatic Sunsama support. - Parallel agents get safer config/vault/cache writes and parseable JSON output under daemon recovery.
Full Changelog
Config
- Support
auth: "refreshable_bearer"with explicitrefreshsettings so cached OAuth tokens can be refreshed before HTTP connects or injected into stdio env vars. (Issue #173, thanks @tokyo-s) - Add
httpFetch: "node-http1"for HTTP MCP servers whose providers reject Node's built-infetch, and auto-apply it to Sunsama's endpoint. (Issue #158, thanks @mattash) - Resolve
${VAR}and${VAR:-fallback}placeholders across string-valued server config fields such asbaseUrl,command/args,tokenCacheDir, and pre-registered OAuth fields while keeping headers/env/bearer-token placeholders lazy until runtime. (PR #161 / issue #157, thanks @zxyasfas) - Add
mcporter vault set <server>andmcporter vault clear <server>so headless deployments can seed or clear OAuth vault credentials without reproducing mcporter's internal vault-key format. (Issue #156)
CLI
- Add
mcporter serve, exposing daemon-managed keep-alive servers as one MCP bridge with readableserver__toolnames for stdio and Streamable HTTP clients. (PR #172, thanks @zm2231) - Prefer MCP
structuredContentnested inside JSON-RPC result envelopes somcporter call --output jsonstays parseable for dual text/structured tool responses. (Issue #168, thanks @mar-zh) - Serialize read-modify-write config and OAuth vault updates, and write JSON/cache metadata atomically to avoid lost entries under parallel invocations. (Issue #167, thanks @alexminza)
- Patch
chrome-devtools-mcp --autoConnectlaunches at runtime somcporter call chrome-devtools.list_pagescan keep using a logged-in Chrome profile while upstream DevTools-window detection can hang on busy profiles.
OAuth
- Add headless OAuth login support via
--no-browser,--browser none, andMCPORTER_OAUTH_NO_BROWSER, emitting parseable authorization URLs for remote auth flows. (PR #171 / issue #169, thanks @feniix) - Proactively complete OAuth for configured HTTP servers that allow unauthenticated
initialize/listToolsbut require credentials for tool calls, and close the local callback server promptly after browser authorization. (PR #159, thanks @Spacefish) - Refresh expired cached OAuth access tokens during non-interactive
mcporter listwithout opening a browser or clearing cached credentials when refresh fails. (Issue #166, thanks @chrisabad)
Verification
- CI: https://github.com/openclaw/mcporter/actions/runs/25876071091
- npm version: https://www.npmjs.com/package/mcporter/v/0.11.0
- npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.0.tgz
- npm integrity:
sha512-jhPGtSnzV/mNcTfJkMEriRPtLqgGPf67zunMuOeqRrrb/mw4IIVuKoSoecJf613v4vcNKJ1UyBunrEdHm1wWQQ==
SHA256 (mcporter-macos-arm64-v0.11.0.tar.gz): 0b8965cb252fbd9852d31c1426ead35de75efdb4744b13b55344a9b4f3f1b224
SHA256 (mcporter-0.11.0.tgz): 18756d3ad01325e83120c9dd7a55e9b6aaebcd97761c97ac1ff593435df8a05e
mcporter v0.10.2
Highlights
- Faster warm keep-alive calls by trimming daemon round-trips and runtime startup work.
- More robust live MCP behavior for resource errors, OAuth/list failures, and tool-name auto-correction.
- Generated CLIs now keep JSON output parseable for plain-text MCP results.
SHA256 (mcporter-macos-arm64-v0.10.2.tar.gz): 540390c49b5d04ecd9174a33a48bfabd4a3748b8616409882776954f9c17b571
SHA256 (mcporter-0.10.2.tgz): fedf0974ad84b78183c48caada7faf773dbed3100530765d7a6c503dc4f5b016
mcporter v0.10.1
Changes
CLI
- Fixed Bun-compiled standalone macOS binaries so
mcporter generate-cli --compileworks from an empty directory, even when there is no localpackage.jsonornode_modulestree. generate-cli --compilenow stages the matching publishedmcporterpackage dependencies when bundled dependencies cannot be linked or copied from the local package tree.- The Bun compile step now runs from the staging directory, so generated CLI builds resolve
mcporter,commander, and related dependencies from the same directory that contains the generated artifact. - Added a clearer failure message for standalone development binaries that cannot resolve published bundler dependencies.
Tests
- Added an opt-in standalone Bun release-binary regression smoke behind
MCPORTER_STANDALONE_BINARY_TEST=1. - The smoke builds
dist-bun/mcporter, packs the current package, runsgenerate-cli --compilefrom an empty temp directory, and verifies the compiled CLI help output.
Docs / Release Process
- Clarified that the Homebrew formula should install the npm
.tgz, not the standalone Bun macOS tarball, because generated CLI compilation needs the installed package tree. - Documented the Homebrew release verification flow: update the tap URL/SHA, use
--min-release-age=0, refresh tap README callouts, runbrew reinstall,brew test, and run an empty-directory compile smoke with/opt/homebrew/bin/mcporter. - Documented npm and npx post-release verification, plus optional repeat verification on another Mac.
Maintenance
- Started the next development cycle after
v0.10.0with a freshUnreleasedchangelog stub.
Included Commits
026eb28fix: support standalone binary CLI compilation6ed9860docs: clarify Homebrew release verification2100639chore: start next development cycle
Release Verification
- npm package surface verified.
npx mcporter@0.10.1surface verified.- Direct standalone macOS binary surface verified.
Artifacts
mcporter-macos-arm64-v0.10.1.tar.gz- SHA256:
17451e9fd0cba13c4c506d43a3574f1cf8c707d9076aa1d22381d958199e0e1f
- SHA256:
mcporter-0.10.1.tgz- SHA1:
918af2d239a8e27292c9621bae965e07578bdb1e - SHA256:
efef969838b18df0bcbc3b5fe3d4a7057a96e99c46a3f25e2deb0dfd7afee1d3
- SHA1:
- Uploaded checksum files:
mcporter-macos-arm64-v0.10.1.tar.gz.sha256mcporter-0.10.1.tgz.sha1mcporter-0.10.1.tgz.sha256