Highlights
mcporter serveexposes daemon-managed keep-alive servers as one MCP bridge with readableserver__toolnames.- Headless OAuth is stronger: no-browser auth URLs, vault seeding/clearing, cached token refresh, and
auth: "refreshable_bearer"for stdio/env injection. - HTTP compatibility improved with
httpFetch: "node-http1", including automatic Sunsama support. - Parallel agents get safer config/vault/cache writes and parseable JSON output under daemon recovery.
Full Changelog
Config
- Support
auth: "refreshable_bearer"with explicitrefreshsettings so cached OAuth tokens can be refreshed before HTTP connects or injected into stdio env vars. (Issue #173, thanks @tokyo-s) - Add
httpFetch: "node-http1"for HTTP MCP servers whose providers reject Node's built-infetch, and auto-apply it to Sunsama's endpoint. (Issue #158, thanks @mattash) - Resolve
${VAR}and${VAR:-fallback}placeholders across string-valued server config fields such asbaseUrl,command/args,tokenCacheDir, and pre-registered OAuth fields while keeping headers/env/bearer-token placeholders lazy until runtime. (PR #161 / issue #157, thanks @zxyasfas) - Add
mcporter vault set <server>andmcporter vault clear <server>so headless deployments can seed or clear OAuth vault credentials without reproducing mcporter's internal vault-key format. (Issue #156)
CLI
- Add
mcporter serve, exposing daemon-managed keep-alive servers as one MCP bridge with readableserver__toolnames for stdio and Streamable HTTP clients. (PR #172, thanks @zm2231) - Prefer MCP
structuredContentnested inside JSON-RPC result envelopes somcporter call --output jsonstays parseable for dual text/structured tool responses. (Issue #168, thanks @mar-zh) - Serialize read-modify-write config and OAuth vault updates, and write JSON/cache metadata atomically to avoid lost entries under parallel invocations. (Issue #167, thanks @alexminza)
- Patch
chrome-devtools-mcp --autoConnectlaunches at runtime somcporter call chrome-devtools.list_pagescan keep using a logged-in Chrome profile while upstream DevTools-window detection can hang on busy profiles.
OAuth
- Add headless OAuth login support via
--no-browser,--browser none, andMCPORTER_OAUTH_NO_BROWSER, emitting parseable authorization URLs for remote auth flows. (PR #171 / issue #169, thanks @feniix) - Proactively complete OAuth for configured HTTP servers that allow unauthenticated
initialize/listToolsbut require credentials for tool calls, and close the local callback server promptly after browser authorization. (PR #159, thanks @Spacefish) - Refresh expired cached OAuth access tokens during non-interactive
mcporter listwithout opening a browser or clearing cached credentials when refresh fails. (Issue #166, thanks @chrisabad)
Verification
- CI: https://github.com/openclaw/mcporter/actions/runs/25876071091
- npm version: https://www.npmjs.com/package/mcporter/v/0.11.0
- npm tarball: https://registry.npmjs.org/mcporter/-/mcporter-0.11.0.tgz
- npm integrity:
sha512-jhPGtSnzV/mNcTfJkMEriRPtLqgGPf67zunMuOeqRrrb/mw4IIVuKoSoecJf613v4vcNKJ1UyBunrEdHm1wWQQ==
SHA256 (mcporter-macos-arm64-v0.11.0.tar.gz): 0b8965cb252fbd9852d31c1426ead35de75efdb4744b13b55344a9b4f3f1b224
SHA256 (mcporter-0.11.0.tgz): 18756d3ad01325e83120c9dd7a55e9b6aaebcd97761c97ac1ff593435df8a05e