Skip to content

Releases: HelpCode-ai/anythingmcp

v0.1.23 — silence MCP duplicate-registration warnings

Choose a tag to compare

@keysersoft keysersoft released this 10 May 13:52
2cfe333

Silences Dynamic tool 'X' already registered in module — Overwriting. warnings emitted at boot.

The internal ToolRegistry correctly handles cross-tenant tool-name collisions; only the upstream single-tenant @rekog/mcp-nest registry was generating noise. The fix registers each name on the upstream registry only when it first appears, and releases it only when the last entry leaves.

See #152 for details.

v0.1.22 — HR WORKS connector, dependency drain, infra hardening

Choose a tag to compare

@keysersoft keysersoft released this 10 May 10:58
373e0c9

Highlights

New connector

  • HR WORKS v2 — full read access to the German HR/payroll platform: 30 tools across persons, absences, sick leaves, remote work, working times, projects, applicants, holidays, cost centers.

Infrastructure

  • Dependabot auto-merge workflow + branch protection on `main` with required CI checks. Patch/minor npm and github-actions PRs now auto-merge once CI is green; majors and runtime bumps are labelled `needs-review` for human triage.
  • CI: rxjs duplicate-Observable fix — root override + backend pin to deduplicate rxjs across the workspace, unblocking the @nestjs/cli 11.0.21 bump and future nestjs upgrades.

Dependency bumps merged

  • next 16.2.4 → 16.2.6 (security fixes), react patch
  • soap 1.7.1 → 1.9.1
  • graphql 16.13 → 16.14
  • @rekog/mcp-nest 1.9.6 → 1.9.9
  • @nestjs/cli 11.0.16 → 11.0.21, @nestjs/testing 11.1.18 → 11.1.19 (via lockfile refresh)
  • prisma + @prisma/client (group)
  • jest + ts-jest (group)
  • @types/* (group)
  • eslint + prettier + typescript-eslint (group)
  • autoprefixer 10.4.27 → 10.5.0

Code fixes

  • Frontend: fix `use-before-define` in `connectors/store/page.tsx` and `settings/license/page.tsx` (eslint-plugin-react-hooks 7.1.x rule).

v0.1.21 — production bug fixes

Choose a tag to compare

@keysersoft keysersoft released this 08 May 23:45
a253fc3

Patch release fixing four bugs surfaced by analysing 8 weeks of usage logs on cloud.anythingmcp.com.

Fixes (from #135)

  • POST /register OAuth DCR no longer 500s on malformed bodies. 17 hits in production crashed with `TypeError: Cannot read properties of undefined (reading 'redirect_uris')` when callers (multipart/form-data Server Actions, OAuth clients sending non-JSON) hit the upstream `@rekog/mcp-nest` controller. New `OAuthRegisterGuardMiddleware` returns RFC 7591 `invalid_client_metadata` / `invalid_redirect_uri` with 400 instead of letting the library 500.

  • Verification codes no longer logged in plaintext. `EmailService` was warning `verification code for X: 641958` whenever local SMTP wasn't configured (4 different users in the past week). Replaced with a debug line that just records that delegation to the external mailer happened.

  • OpenApiParser accepts YAML and OpenAPI 3.1. `Unexpected token 'o', "openapi: 3"...` was the second-most-common 5xx — users pasted YAML specs and the parser called `JSON.parse` blindly. Now decodes JSON-or-YAML and routes 3.1 specs through `SwaggerParser.dereference()` (skipping the strict 3.0-only validator) so `$ref` still resolves.

  • Cross-tenant tool-name collision on the global /mcp endpoint fixed. Three orgs had a connector with the same tool name; `getTool(name)` returned whichever was registered first. Added `organizationId` to `RegisteredTool` and a new `getToolForOrg(name, orgId)` lookup, wired through the auth handler in `mcp-server.service` and the executor in `dynamic-mcp-tools` so authenticated callers resolve their own org's tool. `/mcp/:serverId` was already safe via connector-id scoping.

Verification

  • backend jest: 561 passed, 1 skipped, 0 failed (5 new tests)
  • `scripts/smoke-test/run.sh`: 12/12 PASS end-to-end
  • frontend Playwright: 3/3 PASS
  • All CI gates green (CodeQL, Trivy filesystem scan, lint, tsc, build)

Compatibility

No breaking changes. No new env vars. The OAuth `/register` endpoint now rejects invalid bodies with 400 instead of crashing with 500 — clients that previously got 500 will now see the proper RFC 7591 error response.

v0.1.20 — Sprint 3: error reporting, tracing, ops docs, hardening

Choose a tag to compare

@keysersoft keysersoft released this 03 May 12:25
59777de

Sprint 3 closes the observability story (errors + traces opt-in) and ships the operational docs Sprint 1 had flagged.

Highlights

  • Validated DTOs on the remaining write endpoints (#129): `POST /import-all`, `PUT /:id/env-vars`, `POST tools/bulk`, `POST tools/:toolId/test` now reject malformed payloads with class-validator + `@ValidateNested` + `@ArrayMinSize(1)` instead of accepting bare object literals.
  • Sentry integration, opt-in (#130): `@sentry/nestjs` + `@sentry/nextjs` wired across backend, client, server, and edge runtimes. `SENTRY_DSN` / `NEXT_PUBLIC_SENTRY_DSN` are required to enable; default install ships nothing. `beforeSend` strips auth headers and credential field names. Sample rates default to 0.
  • OpenTelemetry tracing, opt-in (#131): NodeSDK with auto-instrumentations for http/express/pg/mysql/redis when `OTEL_EXPORTER_OTLP_ENDPOINT` is set. `fs` and `/health` excluded.
  • Settings page → toast + a11y htmlFor (#132): Profile + Change Password sections now have proper label/input pairing and emit toast notifications via `useToast()`.
  • Operations docs (#133): `docs/operations/{backup-restore,disaster-recovery,slo,observability}.md` with concrete pg_dump procedures, RPO/RTO targets, six failure-mode runbooks (including the unrecoverable `ENCRYPTION_KEY`-loss case), 99.9% SLO definition, and the three-pipeline observability story threaded by `X-Request-Id`.

Verification

`scripts/smoke-test/run.sh` against this commit: 12/12 PASS end-to-end (REST, SOAP, GraphQL, MySQL prepared statements, schema introspection, free-form SELECT, INSERT/UPDATE/DELETE/DDL, anti-injection assertion, readOnly enforcement).

Playwright e2e: 3/3 PASS.

Backend jest: 554 passing, 1 skipped, 0 failing.

Compatibility

No breaking changes. All new pipelines (Sentry, OpenTelemetry) are opt-in; defaults unchanged.

v0.1.19 — Sprint 2: observability, CI gates, frontend polish

Choose a tag to compare

@keysersoft keysersoft released this 03 May 12:00
cce9ee1

Sprint 2 ships the observability + DX foundation that Sprint 1 was missing.

Highlights

  • Graceful shutdown (#121): `enableShutdownHooks` + SIGTERM/SIGINT handlers so in-flight tool invocations drain and Prisma/Redis disconnect cleanly during a rolling deploy.
  • CI is now actually a gate (#121): the previous workflow only ran on `workflow_dispatch` and pointed at a non-existent `working-directory: anythingmcp`. Now runs on push and PR, with backend+frontend lint, `tsc --noEmit`, jest, build, plus CodeQL and Trivy (filesystem + image) scanning. Both packages got proper flat ESLint configs.
  • Structured logging with Pino + correlation IDs (#122): replaces the default NestJS console logger. Every request carries a UUID echoed back as `X-Request-Id`; `userId` / `orgId` / `authMethod` propagated to every log line; auth headers and `password` / `token` / `apiKey` field names redacted. JSON in prod, pretty in dev.
  • Frontend error fallbacks + a11y (#123): `error.tsx` and `not-found.tsx` for App Router; `htmlFor` + `autoComplete` rewired across login, register, forgot-password, reset-password — fixes the broken label/input pairing for screen readers and password managers.
  • Pagination (#124): `?limit=&offset=` accepted on `/api/connectors` and `/api/mcp-servers` via a class-validator-checked DTO. Backwards compatible.
  • Toast system (#125): `@radix-ui/react-toast` was in deps but unused; `components/toast.tsx` exposes a global `ToastProvider` + `useToast()`. `forgot-password` migrated as the first consumer.
  • Type contracts for engine inputs (#126): `engine-types.ts` with discriminated `endpointMapping` unions per connector type plus a `ResponseMapping` interface.
  • Playwright e2e (#127): boots `next dev` and asserts the new label/input pairing, focus behaviour, and the branded 404. Wired into a dedicated CI workflow that uploads the report on failure.
  • Test fixes (#122): the 5 stale unit-test failures from before Sprint 1 are now green (1 deliberately skipped with a note).

Verification

`scripts/smoke-test/run.sh` against this commit: 12/12 passed — REST, SOAP, GraphQL, MySQL prepared statements, schema introspection, free-form SELECT, INSERT/UPDATE/DELETE/DDL, plus the explicit anti-injection assertion (`x'; DROP TABLE users;--` bound as a literal value).

Playwright e2e in CI: 3/3 passed.

Compatibility

No breaking changes. Same env vars, same API shape, same defaults.

v0.1.18 — Sprint 1 security hardening

Choose a tag to compare

@keysersoft keysersoft released this 02 May 20:10
f0d0237

First batch of security blockers from the full project review (#101).

Highlights

  • Secrets: removed hardcoded JWT_SECRET / ENCRYPTION_KEY fallbacks; the app refuses to start if either is missing or below 32 chars or matches a known placeholder.
  • SSRF guard: DNS-aware host check that blocks loopback, link-local (incl. 169.254.169.254 cloud metadata), RFC1918, CGNAT and IPv4-mapped IPv6 — applied to REST/GraphQL/SOAP/MCP-client engines, OAuth2 token service, mcp-oauth, and OpenAPI/Postman/GraphQL spec fetchers.
  • SQL injection: DatabaseEngine now compiles templates to driver-specific prepared statements ($1 pg, ? mysql/sqlite, @p0 mssql, :b0 oracle); user values are bound, never inlined.
  • Template injection: REST bodyTemplate rejects __proto__ / constructor / prototype keys and JSON-encodes interpolated values.
  • IDOR: tools update/delete pinned to connectorId; roles and users admin endpoints scoped to the requesting organization.
  • HTTP: Helmet middleware, HSTS in prod, CORS rejects '*' + credentials in production, per-endpoint rate limiting on auth flows.
  • Dependencies: npm audit fix brings vulnerabilities from 43 (1 critical, 22 high, 20 moderate) down to 11 (1 high, 10 moderate transitive); Dependabot config added.

Compatibility note

After upgrade you must set JWT_SECRET and ENCRYPTION_KEY to real values (≥32 chars, not the documented placeholders). Generate with openssl rand -base64 48. The app will refuse to boot otherwise — that is the fix.

v0.1.17 — Account & organization deletion UI

Choose a tag to compare

@keysersoft keysersoft released this 29 Apr 09:51
c15a09a

What's new

  • Account self-delete — Users can now delete their own account from /settings (Danger Zone). Requires password confirmation + typing DELETE. Audit logs are preserved without identifying information; OAuth artifacts and active MCP API keys are revoked atomically.
  • Organization delete — Org admins can delete the entire organization from /settings/organization (Danger Zone). Requires typing the org name. Cascade-removes all members, connectors, MCP servers, API keys, custom roles, invitations, and settings.

Behavior details

  • Sole-admin guardrail: self-delete is blocked when the user is the only admin of an org with other members; the dialog lists which orgs need attention.
  • Sole-occupant cleanup: orgs where the deleting user is the only member are removed in the same transaction.
  • Orphan migration: when an org is deleted, other members whose cached active org pointed to it are migrated to their oldest remaining membership; if none, their organizationId becomes null and the next request auto-resyncs.
  • Last-org safety net: deleting your last org auto-creates a fresh Personal Workspace and reissues a JWT, so admins are never stranded without a workspace.

Migration

User.organizationId is now nullable with onDelete: SetNull. Apply the included Prisma migration before deploying:

npm run db:migrate

v0.1.16

Choose a tag to compare

@keysersoft keysersoft released this 21 Apr 14:58
d9784e4

Adapter bug-fix pass + 13 new connectors

REST engine

  • mapParams recurses into nested objects/arrays (fixes FastBill-style nested bodies).
  • New QUERY_AUTH auth type for APIs that carry credentials in the URL (Destatis, Oxomi, HERE).
  • Embedded ${param} interpolation inside strings (e.g. OData filters).
  • Endpoint queryParams merge with auth-injected params instead of overwriting them.

Existing adapters (16) — bugs fixed

  • ${x}{x} in paths; ${x}$x in queryParams/bodyMapping/headers.
  • BASICBASIC_AUTH (FastBill, MFR).
  • bodybodyMapping/bodyTemplate (FastBill, Scopevisio, MFR link endpoints).
  • Destatis: credentials moved from queryParams to QUERY_AUTH authConfig.

New adapters (13)

  • Public data: vies-vat, handelsregister, deutsche-bahn, openplz
  • Baustoff/Wholesale: oxomi
  • Logistics: dpd-germany, gls-tracking, shipcloud, sendcloud
  • Other: xentral (ERP), shopware-6 (e-commerce), here-geocoding (mapping), personio (HR)

Catalog is now 29 adapters. All declare requiredEnvVars so the import UI auto-prompts for credentials.

Tests

275/275 passing across rest.engine.spec + catalog.spec (new parametrized catalog smoke test). TypeScript clean.

PRs: #96 (adapters), #97 (version bump).

v0.1.15 — Fix cloud password reset email

Choose a tag to compare

@keysersoft keysersoft released this 18 Apr 18:45
53fc3af

Bug Fixes

  • Fix password reset email silently dropped on cloud deployments without SMTP (#93). Password reset now falls back to the central Resend endpoint at anythingmcp.com/api/email/password-reset when SMTP is not configured, matching the existing pattern used by invite, welcome, and verification emails.

v0.1.14 — Fix cross-org MCP tool isolation

Choose a tag to compare

@keysersoft keysersoft released this 08 Apr 18:17
20e6484

What's Changed

Security Fix

  • Cross-org tool collision: ToolRegistry now uses tool ID (globally unique) as primary key instead of tool name. Prevents org A from accidentally executing org B's tool when both have tools with the same name.
  • Tool lookup scoped to connector IDs of the requesting MCP server.

Bug Fixes

  • Trial banner no longer shows on login/register pages
  • License status endpoint returns empty in cloud mode without auth
  • Email fallback finds license key from DB when site_settings is stale
  • Cloud registration correctly assigns ADMIN role to org creator

Improvements

  • Docker workflow now tags both version + latest in a single build (was two separate builds)