Releases: HelpCode-ai/anythingmcp
Release list
v0.1.23 — silence MCP duplicate-registration warnings
Silences Dynamic tool 'X' already registered in module — Overwriting. warnings emitted at boot.
The internal ToolRegistry correctly handles cross-tenant tool-name collisions; only the upstream single-tenant @rekog/mcp-nest registry was generating noise. The fix registers each name on the upstream registry only when it first appears, and releases it only when the last entry leaves.
See #152 for details.
v0.1.22 — HR WORKS connector, dependency drain, infra hardening
Highlights
New connector
- HR WORKS v2 — full read access to the German HR/payroll platform: 30 tools across persons, absences, sick leaves, remote work, working times, projects, applicants, holidays, cost centers.
Infrastructure
- Dependabot auto-merge workflow + branch protection on `main` with required CI checks. Patch/minor npm and github-actions PRs now auto-merge once CI is green; majors and runtime bumps are labelled `needs-review` for human triage.
- CI: rxjs duplicate-Observable fix — root override + backend pin to deduplicate rxjs across the workspace, unblocking the @nestjs/cli 11.0.21 bump and future nestjs upgrades.
Dependency bumps merged
- next 16.2.4 → 16.2.6 (security fixes), react patch
- soap 1.7.1 → 1.9.1
- graphql 16.13 → 16.14
- @rekog/mcp-nest 1.9.6 → 1.9.9
- @nestjs/cli 11.0.16 → 11.0.21, @nestjs/testing 11.1.18 → 11.1.19 (via lockfile refresh)
- prisma + @prisma/client (group)
- jest + ts-jest (group)
- @types/* (group)
- eslint + prettier + typescript-eslint (group)
- autoprefixer 10.4.27 → 10.5.0
Code fixes
- Frontend: fix `use-before-define` in `connectors/store/page.tsx` and `settings/license/page.tsx` (eslint-plugin-react-hooks 7.1.x rule).
v0.1.21 — production bug fixes
Patch release fixing four bugs surfaced by analysing 8 weeks of usage logs on cloud.anythingmcp.com.
Fixes (from #135)
-
POST /register OAuth DCR no longer 500s on malformed bodies. 17 hits in production crashed with `TypeError: Cannot read properties of undefined (reading 'redirect_uris')` when callers (multipart/form-data Server Actions, OAuth clients sending non-JSON) hit the upstream `@rekog/mcp-nest` controller. New `OAuthRegisterGuardMiddleware` returns RFC 7591 `invalid_client_metadata` / `invalid_redirect_uri` with 400 instead of letting the library 500.
-
Verification codes no longer logged in plaintext. `EmailService` was warning `verification code for X: 641958` whenever local SMTP wasn't configured (4 different users in the past week). Replaced with a debug line that just records that delegation to the external mailer happened.
-
OpenApiParser accepts YAML and OpenAPI 3.1. `Unexpected token 'o', "openapi: 3"...` was the second-most-common 5xx — users pasted YAML specs and the parser called `JSON.parse` blindly. Now decodes JSON-or-YAML and routes 3.1 specs through `SwaggerParser.dereference()` (skipping the strict 3.0-only validator) so `$ref` still resolves.
-
Cross-tenant tool-name collision on the global /mcp endpoint fixed. Three orgs had a connector with the same tool name; `getTool(name)` returned whichever was registered first. Added `organizationId` to `RegisteredTool` and a new `getToolForOrg(name, orgId)` lookup, wired through the auth handler in `mcp-server.service` and the executor in `dynamic-mcp-tools` so authenticated callers resolve their own org's tool. `/mcp/:serverId` was already safe via connector-id scoping.
Verification
- backend jest: 561 passed, 1 skipped, 0 failed (5 new tests)
- `scripts/smoke-test/run.sh`: 12/12 PASS end-to-end
- frontend Playwright: 3/3 PASS
- All CI gates green (CodeQL, Trivy filesystem scan, lint, tsc, build)
Compatibility
No breaking changes. No new env vars. The OAuth `/register` endpoint now rejects invalid bodies with 400 instead of crashing with 500 — clients that previously got 500 will now see the proper RFC 7591 error response.
v0.1.20 — Sprint 3: error reporting, tracing, ops docs, hardening
Sprint 3 closes the observability story (errors + traces opt-in) and ships the operational docs Sprint 1 had flagged.
Highlights
- Validated DTOs on the remaining write endpoints (#129): `POST /import-all`, `PUT /:id/env-vars`, `POST tools/bulk`, `POST tools/:toolId/test` now reject malformed payloads with class-validator + `@ValidateNested` + `@ArrayMinSize(1)` instead of accepting bare object literals.
- Sentry integration, opt-in (#130): `@sentry/nestjs` + `@sentry/nextjs` wired across backend, client, server, and edge runtimes. `SENTRY_DSN` / `NEXT_PUBLIC_SENTRY_DSN` are required to enable; default install ships nothing. `beforeSend` strips auth headers and credential field names. Sample rates default to 0.
- OpenTelemetry tracing, opt-in (#131): NodeSDK with auto-instrumentations for http/express/pg/mysql/redis when `OTEL_EXPORTER_OTLP_ENDPOINT` is set. `fs` and `/health` excluded.
- Settings page → toast + a11y htmlFor (#132): Profile + Change Password sections now have proper label/input pairing and emit toast notifications via `useToast()`.
- Operations docs (#133): `docs/operations/{backup-restore,disaster-recovery,slo,observability}.md` with concrete pg_dump procedures, RPO/RTO targets, six failure-mode runbooks (including the unrecoverable `ENCRYPTION_KEY`-loss case), 99.9% SLO definition, and the three-pipeline observability story threaded by `X-Request-Id`.
Verification
`scripts/smoke-test/run.sh` against this commit: 12/12 PASS end-to-end (REST, SOAP, GraphQL, MySQL prepared statements, schema introspection, free-form SELECT, INSERT/UPDATE/DELETE/DDL, anti-injection assertion, readOnly enforcement).
Playwright e2e: 3/3 PASS.
Backend jest: 554 passing, 1 skipped, 0 failing.
Compatibility
No breaking changes. All new pipelines (Sentry, OpenTelemetry) are opt-in; defaults unchanged.
v0.1.19 — Sprint 2: observability, CI gates, frontend polish
Sprint 2 ships the observability + DX foundation that Sprint 1 was missing.
Highlights
- Graceful shutdown (#121): `enableShutdownHooks` + SIGTERM/SIGINT handlers so in-flight tool invocations drain and Prisma/Redis disconnect cleanly during a rolling deploy.
- CI is now actually a gate (#121): the previous workflow only ran on `workflow_dispatch` and pointed at a non-existent `working-directory: anythingmcp`. Now runs on push and PR, with backend+frontend lint, `tsc --noEmit`, jest, build, plus CodeQL and Trivy (filesystem + image) scanning. Both packages got proper flat ESLint configs.
- Structured logging with Pino + correlation IDs (#122): replaces the default NestJS console logger. Every request carries a UUID echoed back as `X-Request-Id`; `userId` / `orgId` / `authMethod` propagated to every log line; auth headers and `password` / `token` / `apiKey` field names redacted. JSON in prod, pretty in dev.
- Frontend error fallbacks + a11y (#123): `error.tsx` and `not-found.tsx` for App Router; `htmlFor` + `autoComplete` rewired across login, register, forgot-password, reset-password — fixes the broken label/input pairing for screen readers and password managers.
- Pagination (#124): `?limit=&offset=` accepted on `/api/connectors` and `/api/mcp-servers` via a class-validator-checked DTO. Backwards compatible.
- Toast system (#125): `@radix-ui/react-toast` was in deps but unused; `components/toast.tsx` exposes a global `ToastProvider` + `useToast()`. `forgot-password` migrated as the first consumer.
- Type contracts for engine inputs (#126): `engine-types.ts` with discriminated `endpointMapping` unions per connector type plus a `ResponseMapping` interface.
- Playwright e2e (#127): boots `next dev` and asserts the new label/input pairing, focus behaviour, and the branded 404. Wired into a dedicated CI workflow that uploads the report on failure.
- Test fixes (#122): the 5 stale unit-test failures from before Sprint 1 are now green (1 deliberately skipped with a note).
Verification
`scripts/smoke-test/run.sh` against this commit: 12/12 passed — REST, SOAP, GraphQL, MySQL prepared statements, schema introspection, free-form SELECT, INSERT/UPDATE/DELETE/DDL, plus the explicit anti-injection assertion (`x'; DROP TABLE users;--` bound as a literal value).
Playwright e2e in CI: 3/3 passed.
Compatibility
No breaking changes. Same env vars, same API shape, same defaults.
v0.1.18 — Sprint 1 security hardening
First batch of security blockers from the full project review (#101).
Highlights
- Secrets: removed hardcoded
JWT_SECRET/ENCRYPTION_KEYfallbacks; the app refuses to start if either is missing or below 32 chars or matches a known placeholder. - SSRF guard: DNS-aware host check that blocks loopback, link-local (incl.
169.254.169.254cloud metadata), RFC1918, CGNAT and IPv4-mapped IPv6 — applied to REST/GraphQL/SOAP/MCP-client engines, OAuth2 token service, mcp-oauth, and OpenAPI/Postman/GraphQL spec fetchers. - SQL injection:
DatabaseEnginenow compiles templates to driver-specific prepared statements ($1pg,?mysql/sqlite,@p0mssql,:b0oracle); user values are bound, never inlined. - Template injection: REST
bodyTemplaterejects__proto__/constructor/prototypekeys and JSON-encodes interpolated values. - IDOR: tools
update/deletepinned toconnectorId; roles and users admin endpoints scoped to the requesting organization. - HTTP: Helmet middleware, HSTS in prod, CORS rejects
'*' + credentialsin production, per-endpoint rate limiting on auth flows. - Dependencies:
npm audit fixbrings vulnerabilities from 43 (1 critical, 22 high, 20 moderate) down to 11 (1 high, 10 moderate transitive); Dependabot config added.
Compatibility note
After upgrade you must set JWT_SECRET and ENCRYPTION_KEY to real values (≥32 chars, not the documented placeholders). Generate with openssl rand -base64 48. The app will refuse to boot otherwise — that is the fix.
v0.1.17 — Account & organization deletion UI
What's new
- Account self-delete — Users can now delete their own account from
/settings(Danger Zone). Requires password confirmation + typingDELETE. Audit logs are preserved without identifying information; OAuth artifacts and active MCP API keys are revoked atomically. - Organization delete — Org admins can delete the entire organization from
/settings/organization(Danger Zone). Requires typing the org name. Cascade-removes all members, connectors, MCP servers, API keys, custom roles, invitations, and settings.
Behavior details
- Sole-admin guardrail: self-delete is blocked when the user is the only admin of an org with other members; the dialog lists which orgs need attention.
- Sole-occupant cleanup: orgs where the deleting user is the only member are removed in the same transaction.
- Orphan migration: when an org is deleted, other members whose cached active org pointed to it are migrated to their oldest remaining membership; if none, their
organizationIdbecomesnulland the next request auto-resyncs. - Last-org safety net: deleting your last org auto-creates a fresh Personal Workspace and reissues a JWT, so admins are never stranded without a workspace.
Migration
User.organizationId is now nullable with onDelete: SetNull. Apply the included Prisma migration before deploying:
npm run db:migrate
v0.1.16
Adapter bug-fix pass + 13 new connectors
REST engine
mapParamsrecurses into nested objects/arrays (fixes FastBill-style nested bodies).- New
QUERY_AUTHauth type for APIs that carry credentials in the URL (Destatis, Oxomi, HERE). - Embedded
${param}interpolation inside strings (e.g. OData filters). - Endpoint
queryParamsmerge with auth-injected params instead of overwriting them.
Existing adapters (16) — bugs fixed
${x}→{x}in paths;${x}→$xin queryParams/bodyMapping/headers.BASIC→BASIC_AUTH(FastBill, MFR).body→bodyMapping/bodyTemplate(FastBill, Scopevisio, MFR link endpoints).- Destatis: credentials moved from queryParams to
QUERY_AUTHauthConfig.
New adapters (13)
- Public data: vies-vat, handelsregister, deutsche-bahn, openplz
- Baustoff/Wholesale: oxomi
- Logistics: dpd-germany, gls-tracking, shipcloud, sendcloud
- Other: xentral (ERP), shopware-6 (e-commerce), here-geocoding (mapping), personio (HR)
Catalog is now 29 adapters. All declare requiredEnvVars so the import UI auto-prompts for credentials.
Tests
275/275 passing across rest.engine.spec + catalog.spec (new parametrized catalog smoke test). TypeScript clean.
v0.1.15 — Fix cloud password reset email
Bug Fixes
- Fix password reset email silently dropped on cloud deployments without SMTP (#93). Password reset now falls back to the central Resend endpoint at anythingmcp.com/api/email/password-reset when SMTP is not configured, matching the existing pattern used by invite, welcome, and verification emails.
v0.1.14 — Fix cross-org MCP tool isolation
What's Changed
Security Fix
- Cross-org tool collision: ToolRegistry now uses tool ID (globally unique) as primary key instead of tool name. Prevents org A from accidentally executing org B's tool when both have tools with the same name.
- Tool lookup scoped to connector IDs of the requesting MCP server.
Bug Fixes
- Trial banner no longer shows on login/register pages
- License status endpoint returns empty in cloud mode without auth
- Email fallback finds license key from DB when site_settings is stale
- Cloud registration correctly assigns ADMIN role to org creator
Improvements
- Docker workflow now tags both version + latest in a single build (was two separate builds)