Skip to content

CHANGELOG.md

Latest commit

 

History

History
38 lines (29 loc) · 2.28 KB

CHANGELOG.md

File metadata and controls

38 lines (29 loc) · 2.28 KB

Changelog

All notable changes to MCP Ambassador Server will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.9.0-beta.1] - 2026-04-03

Codename: Homelab Edition

Added

  • Getting started onboarding checklist on user dashboard with auto-completing steps and copy-paste config snippets for VS Code and Claude Desktop
  • Import from Registry button in MCP wizard pre-fills all fields from community registry entries
  • Marketplace icons rendered from icon_url with fallback, dynamic category filter pills with URL-persisted state
  • Tool preview on marketplace cards (expandable top 5) and full tool list with descriptions on detail page
  • Catalog preview dialog showing pending changes before applying (replaces disabled placeholder)
  • Client connection health on user Clients page: status badges (Active/Idle/Expired), last-seen timestamps, tool counts, reconnect instructions
  • Admin dashboard usage sparklines (7-day invocation trend, pure SVG) and sortable MCP usage table with zero-usage flagging
  • Command argument validation: all elements of MCP command array checked, configurable base command allowlist via MCP_ALLOWED_COMMANDS, dangerous eval pattern detection
  • Audit buffer size limit (default 1000 events) with oldest-first drop on overflow
  • Rate limit state cleanup timer (60s interval) and map size hard cap (10,000 entries)
  • Master key file hex format validation matching environment variable validation
  • Unit tests for command validation, master key validation, audit buffer overflow, rate limit cleanup

Changed

  • Initial credentials (admin key, recovery token, dev client key) written to file with 0600 permissions instead of logged to stdout
  • Core packages (audit-file, authz-local, core/db) use pino structured logger instead of console.*

Security

  • All MCP command array elements validated for shell metacharacters (previously only command[0])
  • Base command allowlist prevents execution of arbitrary binaries
  • Eval/exec argument patterns detected and rejected
  • Credentials no longer exposed in container log aggregators

[0.8.0-beta.2] - 2026-03-15

Initial public beta release. See README.md for feature overview.