What's Changed
- Fix Dependabot alert #18: Remove outdated package-lock.json causing axios vulnerability false positive by @Copilot in #379
- Fix: Environment variable expansion in headers for HTTP-based MCP transports by @Copilot in #380
- Add OAuth support for upstream MCP servers by @Copilot in #381
- Add JSON import for MCP servers by @Copilot in #385
- Add password security: default credential warning and strength validation by @Copilot in #386
- Expand environment variables throughout mcp_settings.json configuration by @Copilot in #384
- Refactor: Clean up code formatting and improve readability across multiple files by @samanhappy in #387
- Add group-scoped smart routing via $smart/{group} pattern by @Copilot in #388
Full Changelog: v0.9.16...v0.10.0