Skip to content

Releases: HelpCode-ai/anythingmcp

v0.3.0 — Redesign (sidebar app shell), cloud onboarding/conversion & KG improvements

Choose a tag to compare

@keysersoft keysersoft released this 30 Jun 14:33
3687955

Highlights

Redesign — sidebar app shell

  • New design system (Geist fonts, refreshed token palette) and shared UI primitives.
  • Left sidebar navigation with grouped sections, org switcher and mobile drawer, replacing the top nav across the app.
  • Two-column MCP server detail with a sticky "Connect your MCP client" panel and a dedicated GitHub Copilot quick-connect (VS Code, Visual Studio desktop, JetBrains…).
  • Numerous UX fixes: sticky footer, header back-links, fixed-sidebar scroll bug, refreshed login/onboarding.

Cloud onboarding & trial→paid conversion (cloud-only)

  • Deterministic, idempotent trial activation on email verification (removes the no-license signup race); self-healing license wall.
  • Value-oriented end-of-trial emails (3-day / last-day / expired, with a build recap) and a value-aware trial banner.
  • Knowledge graph & skills surfaced as the differentiator in onboarding and a live-count dashboard teaser.

Knowledge graph

  • Opt-in auto-apply of high-confidence AI-suggested connections (mirrors skill auto-apply; no extra AI cost).

All cloud-only features are gated and inert in self-hosted; no new recurring AI cost. Builds on the recent Copilot-Studio MCP transport/OAuth compatibility work.

v0.2.6 — Copilot Studio Streamable MCP compatibility

Choose a tag to compare

@keysersoft keysersoft released this 30 Jun 13:06

Fixed

  • Microsoft Copilot Studio could not finalize an MCP connection or list tools. Verified against a Copilot-compatible reference server (Microsoft Learn Docs MCP): the streamable endpoint must return SSE-framed responses (Content-Type: text/event-stream) on POST and 405 on a bare GET. AnythingMCP returned application/json and 401 respectively. Now: responses are SSE-framed by default (set MCP_STREAMABLE_JSON_RESPONSE=true for the old behaviour) and a GET to the MCP endpoint returns the transport's 405 instead of an auth 401. Spec-compliant clients (e.g. Claude) are unaffected.

v0.2.5 — OAuth /authorize idempotency fix

Choose a tag to compare

@keysersoft keysersoft released this 30 Jun 09:59

Fixed

  • OAuth /authorize 404 with some clients (e.g. Microsoft Copilot Studio). The login strategy distinguished initiate vs validate by the login cookie alone, so re-hitting /authorize while the short-lived login cookie was set made passport fall through to a 404. /authorize now always redirects to login; the cookie is only consumed at /callback. Existing clients (Claude, DCR) are unaffected.
  • setup.sh: the generated Caddyfile now routes /callback and /revoke to the backend (the OAuth authorization code is issued at /callback).

v0.2.4 — MCP OAuth/OIDC discovery for third-party clients

Choose a tag to compare

@keysersoft keysersoft released this 30 Jun 09:31

Fixed

  • MCP OAuth/OIDC discovery for third-party clients. Serve /.well-known/openid-configuration and the per-server oauth-authorization-server / oauth-protected-resource metadata (RFC 8414/9728). Clients that append the resource path during discovery — e.g. Microsoft Copilot Studio — can now complete the OAuth flow and connect. The 401 WWW-Authenticate header now points resource_metadata at the per-server document. Additive only; existing clients (Dynamic Client Registration, e.g. Claude) are unaffected.

v0.2.3

Choose a tag to compare

@keysersoft keysersoft released this 29 Jun 08:47
a25c375

Fixes

  • connectors: bitrix24_call now sends the method's native arguments at the body root instead of nesting them under a params key. New reusable __spread bodyMapping directive in the REST engine. Resolves the Bitrix24 400 errors observed in production (Could not find value for parameter {fields}, Param #0 (taskId), Argument "entityid" is required).

Full changelog: v0.2.2...v0.2.3

v0.2.2

Choose a tag to compare

@keysersoft keysersoft released this 28 Jun 19:31
f969a84

v0.2.2

Knowledge Graph + AI skills + usage analytics + security hardening, with the
observational-ingest stability fixes.

Features (since 0.1.x):

  • Knowledge Graph (static + observational), served over MCP via kg_how_to_obtain; visual editor; optional LLM enrichment (OpenAI/OpenRouter/Anthropic).
  • AI skills from captured intents, composed into MCP server instructions; search/tabs/pagination, auto-apply, AI consolidate.
  • Usage & cost analytics (/analytics, /api/audit/breakdowns).
  • Security: SSRF guard on the DatabaseEngine; RLS foundation (off by default); prototype-pollution guard on outputSchema inference.

Stability fixes (0.2.1 → 0.2.2):

  • kg-discovery observational ingest streamed in pages with per-page flush + a JSON-walk node cap → bounded memory/CPU (peak ~1 GB, was ~3 GB → OOM).
  • start.sh exits (→ container restart) if either process dies; backend V8 heap cap.

All migrations are additive and auto-applied on container start.

v0.2.0 — Knowledge Graph, AI skills, analytics & security hardening

Choose a tag to compare

@keysersoft keysersoft released this 28 Jun 10:43
c06a55a

v0.2.0 — Knowledge Graph, AI skills, usage analytics & security hardening

A "smart, AI-empowered gateway" release. All AI features are opt-in and inert by default.

  • Knowledge Graph: per-workspace PII-safe data-relationship graph served over MCP (kg_how_to_obtain), visual editor + redesigned canvas, optional LLM enrichment (cost-capped, batched).
  • AI skills: rules captured from real tool-call intents, composed into MCP server instructions (not extra tools); search/tabs/pagination, auto-apply, AI consolidate.
  • Usage & cost analytics: /analytics + /api/audit/breakdowns per connector/server/user with proxy metering and a volume-based cost estimate.
  • Security hardening: SSRF guard on the DatabaseEngine; RLS foundation (off by default) with a real-DB isolation proof; prototype-pollution guard on outputSchema inference.
  • Migrations: 10 additive, auto-applied on container start.

v0.1.34

Choose a tag to compare

@keysersoft keysersoft released this 11 Jun 19:51
2a63567

Maintenance release: a server-stability fix plus self-hosting and packaging improvements.

Fixed

  • MCP server no longer 500s on duplicate tool names. A connector that produced two tools with the same name could take down the /mcp endpoint; tool names are now deduplicated. (#313)

Self-hosting

  • Run multiple stacks on one host. docker-compose.yml now derives the project, network, volume and container names from COMPOSE_PROJECT_NAME (default amcp, so existing setups are unchanged). Set it to isolate a second instance without name collisions. (#316)
  • Single source of truth for the Node version in the Dockerfile (ARG NODE_VERSION), and an explicit engines.node >=22 so the supported minimum is machine-readable. (#316)
  • .env.example documents COMPOSE_PROJECT_NAME and the internal-PORT vs host-BACKEND_PORT distinction.

Packaging / license

  • AnythingMCP is now licensed under AGPL-3.0 (OSI-approved open source), with operator-only cloud features kept under a separate commercial license in ee/ directories. Self-hosting is unaffected. (#314, #315)

Upgrade

docker compose pull && docker compose up -d

No configuration changes required.

v0.1.33

Choose a tag to compare

@keysersoft keysersoft released this 10 Jun 13:40
5a57703

Fixes

  • auth: membership-based tenant isolation for /mcp/:serverId — multi-org users can reach every workspace they belong to; cross-org access stays denied (#311)
  • auth: resolve OAuth org by id OR email — fixes a production 403 lockout where legitimate owners were denied their own MCP servers after OAuth login (#309)
  • dashboard: Claude Desktop connection config now uses type: "http" (was the invalid "url", which Claude Desktop silently skipped) (#310)
  • weclapp: fix filter 400s via a general __rawquery engine passthrough — weclapp property-operator filters now work (#308)

Connectors

  • 8 reverse-engineered read-only connectors live: Playtomic (+ public), OpenTable, Resy, Vinted, Untappd, Idealista, Trenitalia
  • Etsy migrated to OAuth2 with automatic refresh-token rotation

Notes

No breaking changes. Tenant isolation remains fail-closed and was verified against production data.

v0.1.32 — Proxy / Web-Unblocker + Onboarding + Help Scout OAuth2

Choose a tag to compare

@keysersoft keysersoft released this 31 May 18:20
9253ecb

✨ Highlights

Proxy / Web-Unblocker (#280, #281, #282)

Route a tool's outbound request through a proxy or web-unblocker (e.g. Zyte API proxy mode) to reach anti-bot / geo / rate-limited APIs. Fixes the Deutsche Bahn connector that 403'd on Akamai-protected endpoints.

  • Per-tool opt-in: mcp_tools.use_proxy (seeded from the adapter spec's useProxy), toggled via a per-tool UI checkbox shown only when CONNECTOR_PROXY_URL is set.
  • Cloud rate limit: PROXY_RATE_LIMIT_DEFAULT (default 100) proxy calls/hour per workspace; over-cap returns an explicit error. Overridable only by a service admin via organizations.proxy_rate_limit (no API).
  • Engine: REST + GraphQL attach an HttpsProxyAgent. SOAP/DB/MCP ignore it.
  • Adapters shipped with useProxy: true: Deutsche Bahn, Playtomic (+ public), Sorare, OpenTable, Resy, Vinted, Untappd, idealista, Trenitalia, ImmobilienScout24, Etsy, Mercado Libre.
  • Docs: docs/connectors/proxy.md.

Onboarding (#272, #273, #276)

  • In-app /welcome wizard with a gate-aware redirect (respects LicenseWall + license-choice).
  • Email drip cron for users who registered but never created a connector.

Connectors

  • Help Scout → OAuth2 client-credentials with auto-refresh (#277).
  • Clockify → expanded to 18 tools (#279).
  • Sendcloudto_country required to avoid 14s "all carriers" calls (#274).

Fixes

  • Audit: resolve user_id from the JWT email so cloud analytics aren't always NULL (#275).
  • License wall: hide on logout + auth routes, clear stale block state (#278).

Diff

v0.1.31...v0.1.32