Skip to content

SoapyRED/freightutils-mcp

v2.3.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 3d MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents freight logistics mcp model-context-protocol

Affected surfaces

auth

Summary

AI summary

Pro users no longer get silently rate‑limited; env var FREIGHTUTILS_API_KEY now passes API keys through both HTTP and stdio transports.

Changes in this release

Feature Low

Adds support for `FREIGHTUTILS_API_KEY` env var to build Authorization header.

Adds support for `FREIGHTUTILS_API_KEY` env var to build Authorization header.

Source: llm_adapter@2026-05-31

Confidence: high
Feature Low

Updates `npx freightutils-mcp ping` diagnostic to report observed tier and auth status.

Updates `npx freightutils-mcp ping` diagnostic to report observed tier and auth status.

Source: llm_adapter@2026-05-31

Confidence: high
Bugfix Medium

Fixes silent rate‑limiting for Pro users on stdio transport by forwarding `FREIGHTUTILS_API_KEY`.

Fixes silent rate‑limiting for Pro users on stdio transport by forwarding `FREIGHTUTILS_API_KEY`.

Source: llm_adapter@2026-05-31

Confidence: low
Refactor Low

Removes outdated limitation note from README and adds `FREIGHTUTILS_API_KEY` setup instructions.

Removes outdated limitation note from README and adds `FREIGHTUTILS_API_KEY` setup instructions.

Source: llm_adapter@2026-05-31

Confidence: high
Full changelog

Added

  • FREIGHTUTILS_API_KEY env var support. apiGet / apiPost now build an Authorization: Bearer header from the env var on every outbound call when set. Backwards compatible — unset env var preserves the existing anonymous behaviour, so users running freely continue to work without code changes.

Fixed

  • Sytze pattern. Pro customers using the stdio transport were silently being rate-limited at the anonymous 25/day cap because the package was not forwarding the API key from the environment to the underlying /api/* HTTP calls. v2.3.0 closes this end-to-end — the same key honored by the remote /api/mcp transport now flows through the stdio path too.

Updated

  • npx freightutils-mcp ping diagnostic now reports observed tier. With FREIGHTUTILS_API_KEY set, the header now reads auth: ✓ Authenticated as Pro (or Free) after a successful /api/auth/whoami call; with the env var unset it reads auth: ⚠ Anonymous (25/day cap). Adds a fourth informational line at the diagnostic header without changing the existing 3-check exit semantics.
  • README — removed the "Known limitation: this npm package does not yet pass the API key through" wording from the Troubleshooting table; replaced with FREIGHTUTILS_API_KEY setup instructions. Added an "Authenticating with a Pro key" section under Installation with a stdio config example that wires FREIGHTUTILS_API_KEY into the env block of an MCP server entry.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track SoapyRED/freightutils-mcp

Get notified when new releases ship.

Sign up free

About SoapyRED/freightutils-mcp

17 freight calculation and reference tools — ADR dangerous goods, HS codes, LDM/CBM/chargeable weight calculators, duty estimation, airline codes, UN/LOCODE, and more. Free REST APIs + MCP server.

All releases →

Related context

Earlier breaking changes

  • v1.0.5 /api/mcp promoted as canonical Streamable HTTP transport URL.

Beta — feedback welcome: [email protected]