Skip to content

AnythingMCP

v0.1.19 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents anthropic api-gateway api-to-mcp chatgpt claude
+14 more
database gemini graphql llm-tools mcp mcp-gateway mcp-middleware mcp-proxy mcp-server model-context-protocol openapi rest self-hosted soap

Summary

AI summary

Structured logging with Pino and correlation IDs replaces the default NestJS console logger.

Full changelog

Sprint 2 ships the observability + DX foundation that Sprint 1 was missing.

Highlights

  • Graceful shutdown (#121): `enableShutdownHooks` + SIGTERM/SIGINT handlers so in-flight tool invocations drain and Prisma/Redis disconnect cleanly during a rolling deploy.
  • CI is now actually a gate (#121): the previous workflow only ran on `workflow_dispatch` and pointed at a non-existent `working-directory: anythingmcp`. Now runs on push and PR, with backend+frontend lint, `tsc --noEmit`, jest, build, plus CodeQL and Trivy (filesystem + image) scanning. Both packages got proper flat ESLint configs.
  • Structured logging with Pino + correlation IDs (#122): replaces the default NestJS console logger. Every request carries a UUID echoed back as `X-Request-Id`; `userId` / `orgId` / `authMethod` propagated to every log line; auth headers and `password` / `token` / `apiKey` field names redacted. JSON in prod, pretty in dev.
  • Frontend error fallbacks + a11y (#123): `error.tsx` and `not-found.tsx` for App Router; `htmlFor` + `autoComplete` rewired across login, register, forgot-password, reset-password — fixes the broken label/input pairing for screen readers and password managers.
  • Pagination (#124): `?limit=&offset=` accepted on `/api/connectors` and `/api/mcp-servers` via a class-validator-checked DTO. Backwards compatible.
  • Toast system (#125): `@radix-ui/react-toast` was in deps but unused; `components/toast.tsx` exposes a global `ToastProvider` + `useToast()`. `forgot-password` migrated as the first consumer.
  • Type contracts for engine inputs (#126): `engine-types.ts` with discriminated `endpointMapping` unions per connector type plus a `ResponseMapping` interface.
  • Playwright e2e (#127): boots `next dev` and asserts the new label/input pairing, focus behaviour, and the branded 404. Wired into a dedicated CI workflow that uploads the report on failure.
  • Test fixes (#122): the 5 stale unit-test failures from before Sprint 1 are now green (1 deliberately skipped with a note).

Verification

`scripts/smoke-test/run.sh` against this commit: 12/12 passed — REST, SOAP, GraphQL, MySQL prepared statements, schema introspection, free-form SELECT, INSERT/UPDATE/DELETE/DDL, plus the explicit anti-injection assertion (`x'; DROP TABLE users;--` bound as a literal value).

Playwright e2e in CI: 3/3 passed.

Compatibility

No breaking changes. Same env vars, same API shape, same defaults.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AnythingMCP

Get notified when new releases ship.

Sign up free

About AnythingMCP

All releases →

Related context

Beta — feedback welcome: [email protected]