portel-dev/ncp

v2.3.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai-agents claude claude-desktop gemini mcp mcp-client

+4 more

mcp-server openai orchestrator vector-db

Summary

AI summary

Code-to-Photon workflow with permanent automation and state persistence.

Full changelog

Major Features

🎯 Photon-Core 2.9.4 Integration

PhotonWatcher - Battle-tested file monitoring with symlink resolution, debouncing, and automatic hot-reload

Replace chokidar with production-ready watcher
Symlink resolution for macOS compatibility
Temp file filtering and debouncing built-in

DaemonBroker - Cross-process event routing via Unix sockets

Photons emit events with await this.emit()
Subscribe with @notify-on annotations
Graceful fallback to local-only when daemon not running

InstanceStore - State persistence across execution sessions

Photons implement getState()/setState() for automatic persistence
State saved to ~/.photon/state/{photonName}/
State restored on load automatically

StatefulExecution - Execution tracking with runId and StateLog

Every code execution gets unique runId
JSONL logs stored at ~/.photon/runs/{runId}.jsonl
Foundation for Code-to-Photon workflow

🔄 Code-to-Photon Workflow

Three new MCP tools enable permanent automation:

code:run - Execute TypeScript with full MCP access
code:list-runs - List recent executions
code:get-run - Inspect execution details
code:save-as-photon - Convert code → .photon.ts file

Workflow: Write code → Execute → Success! → Save as Photon → Use forever

📱 MCP Apps Protocol Support

Groundwork for visual components in tool results. Detects client capabilities for future UI rendering.

Security

Applied 24 npm security fixes
Remaining 19 vulnerabilities are unfixable at npm level (mostly in devDependencies)
Upgraded mcp-server-kubernetes to 3.3.0 (fixes deprecated request package chain)

Documentation

Four comprehensive guides created:

Code-to-Photon - Workflow automation
Stateful Execution - State persistence
Daemon Integration - Event routing
NCP 2.3.0 Features - Feature overview

Testing

✅ 13/13 critical protocol tests pass
✅ 6/6 integration tests pass
✅ 4/4 DXT entry point tests pass

Installation

npm install -g @portel/[email protected]
# or
npm install @portel/[email protected]

Full changelog: See CHANGELOG.md

Security Fixes

Applied 24 npm security fixes

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track portel-dev/ncp

Get notified when new releases ship.

About portel-dev/ncp

Natural Context Provider (NCP). Your MCPs, supercharged. Find any tool instantly, load on demand, run on schedule, ready for any client. Smart loading saves tokens and energy.

All releases →