github openclaw/mcporter v0.11.0
mcporter v0.11.0

latest releases: v0.12.3, v0.12.2, v0.12.1...
one month ago

Highlights

  • mcporter serve exposes daemon-managed keep-alive servers as one MCP bridge with readable server__tool names.
  • Headless OAuth is stronger: no-browser auth URLs, vault seeding/clearing, cached token refresh, and auth: "refreshable_bearer" for stdio/env injection.
  • HTTP compatibility improved with httpFetch: "node-http1", including automatic Sunsama support.
  • Parallel agents get safer config/vault/cache writes and parseable JSON output under daemon recovery.

Full Changelog

Config

  • Support auth: "refreshable_bearer" with explicit refresh settings so cached OAuth tokens can be refreshed before HTTP connects or injected into stdio env vars. (Issue #173, thanks @tokyo-s)
  • Add httpFetch: "node-http1" for HTTP MCP servers whose providers reject Node's built-in fetch, and auto-apply it to Sunsama's endpoint. (Issue #158, thanks @mattash)
  • Resolve ${VAR} and ${VAR:-fallback} placeholders across string-valued server config fields such as baseUrl, command/args, tokenCacheDir, and pre-registered OAuth fields while keeping headers/env/bearer-token placeholders lazy until runtime. (PR #161 / issue #157, thanks @zxyasfas)
  • Add mcporter vault set <server> and mcporter vault clear <server> so headless deployments can seed or clear OAuth vault credentials without reproducing mcporter's internal vault-key format. (Issue #156)

CLI

  • Add mcporter serve, exposing daemon-managed keep-alive servers as one MCP bridge with readable server__tool names for stdio and Streamable HTTP clients. (PR #172, thanks @zm2231)
  • Prefer MCP structuredContent nested inside JSON-RPC result envelopes so mcporter call --output json stays parseable for dual text/structured tool responses. (Issue #168, thanks @mar-zh)
  • Serialize read-modify-write config and OAuth vault updates, and write JSON/cache metadata atomically to avoid lost entries under parallel invocations. (Issue #167, thanks @alexminza)
  • Patch chrome-devtools-mcp --autoConnect launches at runtime so mcporter call chrome-devtools.list_pages can keep using a logged-in Chrome profile while upstream DevTools-window detection can hang on busy profiles.

OAuth

  • Add headless OAuth login support via --no-browser, --browser none, and MCPORTER_OAUTH_NO_BROWSER, emitting parseable authorization URLs for remote auth flows. (PR #171 / issue #169, thanks @feniix)
  • Proactively complete OAuth for configured HTTP servers that allow unauthenticated initialize/listTools but require credentials for tool calls, and close the local callback server promptly after browser authorization. (PR #159, thanks @Spacefish)
  • Refresh expired cached OAuth access tokens during non-interactive mcporter list without opening a browser or clearing cached credentials when refresh fails. (Issue #166, thanks @chrisabad)

Verification

SHA256 (mcporter-macos-arm64-v0.11.0.tar.gz): 0b8965cb252fbd9852d31c1426ead35de75efdb4744b13b55344a9b4f3f1b224
SHA256 (mcporter-0.11.0.tgz): 18756d3ad01325e83120c9dd7a55e9b6aaebcd97761c97ac1ff593435df8a05e

Don't miss a new mcporter release

NewReleases is sending notifications on new releases.