github doobidoo/mcp-memory-service v10.32.0
v10.32.0 - Transport Health Endpoint + Configurable Timeouts + Optional DCR Registration Key Protection
on GitHub

5 hours ago

Special Thanks

This release is entirely the work of community contributors:

@Lobster-Armlock — Transport /health endpoint and configurable uvicorn timeouts (PR #656). Brings first-class production observability to SSE and Streamable HTTP transports.

@irizzant — Optional DCR registration key protection (PR #657). Adds security hardening to the OAuth Dynamic Client Registration endpoint while maintaining full backward compatibility.

What's New

Added

  • [#656] /health endpoint on SSE and Streamable HTTP transports: Added a /health endpoint to the SSE and Streamable HTTP transport servers (port MCP_SSE_PORT, default 8765) for external monitoring — load balancers, Docker healthchecks, and Kubernetes liveness/readiness probes can now query transport health independently of the main HTTP API. (contributor: @Lobster-Armlock)

  • [#656] Configurable transport timeouts: Added MCP_TRANSPORT_TIMEOUT_KEEP_ALIVE (default 5s) and MCP_TRANSPORT_TIMEOUT_GRACEFUL_SHUTDOWN (default 30s) environment variables to control uvicorn timeouts for MCP transport instances, enabling tuning for different deployment environments. (contributor: @Lobster-Armlock)

  • [#657] Optional DCR registration key protection: Added MCP_DCR_REGISTRATION_KEY environment variable to optionally protect the /oauth/register Dynamic Client Registration endpoint. When set, requests must include Authorization: Bearer <key> (timing-safe comparison via secrets.compare_digest). Backward-compatible — when unset, DCR remains open per RFC 7591. (contributor: @irizzant)

Configuration Reference

Transport Health (PR #656)

# Transport health endpoint is automatically available at:
# http://<host>:<MCP_SSE_PORT>/health  (default port: 8765)

# Kubernetes liveness probe example:
livenessProbe:
  httpGet:
    path: /health
    port: 8765

# Docker healthcheck example:
HEALTHCHECK --interval=30s --timeout=10s \
  CMD curl -f http://localhost:8765/health || exit 1

Configurable Timeouts (PR #656)

# Tune uvicorn transport instance timeouts
export MCP_TRANSPORT_TIMEOUT_KEEP_ALIVE=5      # seconds (default: 5)
export MCP_TRANSPORT_TIMEOUT_GRACEFUL_SHUTDOWN=30  # seconds (default: 30)

DCR Registration Key Protection (PR #657)

# Optionally protect /oauth/register with Bearer token auth
export MCP_DCR_REGISTRATION_KEY=your-secret-registration-key

# Client registration request:
curl -X POST http://localhost:8000/oauth/register \
  -H "Authorization: Bearer your-secret-registration-key" \
  -H "Content-Type: application/json" \
  -d '{"client_name": "My App", "redirect_uris": ["http://localhost:8080/callback"]}'

# When MCP_DCR_REGISTRATION_KEY is unset, DCR remains open per RFC 7591

Test Count

1,520 tests passing.

Upgrade

pip install --upgrade mcp-memory-service

No breaking changes. All existing configurations continue to work without modification.

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.32.0

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications