Updates

​

Type Compatibility & Peer Dependency Alignment

• Fix: Resolved TypeScript nominal type conflicts when mcp-use is installed as multiple pnpm peer-variant copies — moved internal client-init tracking off class surface to avoid .d.ts incompatibilities
• Fix: Reverted stripInternal/@internal approach that degraded downstream tool handler type inference; keeps type safety while preserving consumer inference behavior
• Fix (@mcp-use/inspector): Moved mcp-use from dependencies to peerDependencies so consumers share a single mcp-use type instance (addresses TS2322 duplicate-type scenarios)
• Update (@mcp-use/inspector): Upgraded @mcp-ui/client to v7; replaced removed legacy renderer path with sandboxed iframe handling for ui:// resources and removed remote-dom usage
• Update: Updated @mcp-use/inspector to v0.26.0
• Update: Updated @mcp-use/cli to v2.21.1
• Update: Updated create-mcp-use-app to v0.14.7

​

CLI Organizations, Non-Interactive Deploy & Typed Middleware

• New (@mcp-use/cli): Organization commands — mcp-use org list, mcp-use org switch, mcp-use org current; login prompts for org selection when multiple; whoami shows active organization; org preference persisted in ~/.mcp-use/config.json
• Enhancement (@mcp-use/cli): Deploy to a specific org with mcp-use deploy --org <slug-or-id>; all org-scoped API requests include x-profile-id
• New (@mcp-use/cli): Non-interactive deploy with -y / --yes — skips confirmations; replaces “Press Enter” with polling; errors if not logged in (requires mcp-use login)
• Fix: Context propagation into tool handlers — singleton AsyncLocalStorage via globalThis, safe Hono context extraction, and forwarding middleware ctx.auth / ctx.state into enhanced tool context
• Fix: ctx.auth typing is now AuthInfo | undefined when OAuth isn’t configured (enables if (!ctx.auth) ... guards)
• Enhancement: Typed MCP middleware context — server.use("mcp:tools/call" | "mcp:resources/read" | "mcp:prompts/get", ...) now narrows ctx.params to method-specific shapes; mcp:* remains generic
• Enhancement: outputSchema tools can return response helpers (text(), markdown(), mix(), etc.) without type errors
• Enhancement: server.resourceTemplate() supports an optional Zod schema to type params as z.infer<schema>
• Enhancement: ErrorBoundary now supports fallback (node or (error) => node) and onError for reporting (default UI unchanged)
• Update: Updated @mcp-use/inspector to v0.25.1
• Update: Updated @mcp-use/cli to v2.21.0

​

Vite 8, MCP Middleware & Model Context

• New: MCP operation-level middleware — server.use("mcp:*", ...) and specific patterns (mcp:tools/call, mcp:tools/list, mcp:resources/read, mcp:resources/list, mcp:prompts/get, mcp:prompts/list) with typed MiddlewareContext (method, params, session, auth, state)
• New: useFiles React hook with isSupported and modelVisible for file attachments; ModelContext component and modelContext imperative API for server-side model context injection
• Enhancement: Vite 8.0 with Rolldown bundler and @vitejs/plugin-react 6 across packages, examples, and CLI/inspector tooling
• Enhancement: Conformance client — pass reconnectionOptions so SDK-level SSE reconnection behaves correctly when autoReconnect is disabled
• Fix: Elicit — map result.content to result.data for Zod validation; spec-compliant clients use content; backward-compatible fallback to data
• Fix: LangChainAdapter — tool name collisions when exposing resources/prompts as tools; reserveName resolves prefixed names with a numeric suffix when needed; prompt names sanitized like resource names
• Enhancement (@mcp-use/inspector): Start/stop the mcp-use dev tunnel from the Inspector (see inspector changelog)
• Update: Updated @mcp-use/inspector to v0.25.0
• Update: Updated @mcp-use/cli to v2.20.0

​

Zod Peer Dep, Esbuild Build & Windows Fix

• Fix: Move zod from dependencies to peerDependencies — prevents duplicate type trees when users have a different Zod v4 version; avoids type errors or OOM during mcp-use build
• Fix: TypeGen crash with Zod v4 enum schemas — zod-to-ts now handles Zod v4 ZodEnum (_def.entries), ZodDiscriminatedUnion; CLI reports success/failure of type generation instead of silently failing
• Fix (@mcp-use/cli): Windows crash in mcp-use dev and mcp-use generate-types — use file:// URL in tsImport instead of raw OS paths (fixes ERR_UNSUPPORTED_ESM_URL_SCHEME)
• Fix: Dependabot security alerts — updated flatted, tar, hono, express-rate-limit, dompurify, minimatch, rollup, form-data, lodash, and other transitive deps
• Enhancement (@mcp-use/cli): mcp-use build uses esbuild for transpilation instead of tsc — avoids OOM on complex type graphs (Zod v4, Prisma); type checking runs separately via tsc --noEmit; add --no-typecheck to skip type checking for faster builds
• Update: Updated @mcp-use/inspector to v0.24.5
• Update: Updated @mcp-use/cli to v2.19.0
• Update: Updated create-mcp-use-app to v0.14.6

​

Request Context, CLI Build & README Fixes

• Fix: ctx.auth and other request context properties were undefined in tool callbacks; mountMcp() now wraps transport.handleRequest() with runWithContext() so getRequestContext() is populated
• Fix (@mcp-use/cli): mcp-use build no longer hangs — add process.exit(0) on success (tsImport creates active handles)
• Fix: Update stale mcp-use-ts references in README badges, image URLs, eslint config to mcp-use monorepo
• Update: Updated @mcp-use/inspector to v0.24.4
• Update: Updated @mcp-use/cli to v2.18.3

​

Inspector Sandbox Host Fix

• Fix (@mcp-use/inspector): Sandbox host derivation for cloud-embedded pages — apex hosts (e.g. manufact.com) now resolve to sandbox-inspector.{domain} instead of sandbox-{domain}
• Update: Updated @mcp-use/inspector to v0.24.3
• Update: Updated @mcp-use/cli to v2.18.2

​

Inspector Proxy Fix for Embedded Servers

• Fix (@mcp-use/inspector): Skip proxy when inspector is served from the MCP server itself — auto-connect no longer routes through missing /inspector/api/proxy on embedded servers
• Fix (@mcp-use/inspector): Detect proxy availability via runtime config injection; disable autoProxyFallback when no proxy is available
• Update: Updated @mcp-use/inspector to v0.24.2
• Update: Updated @mcp-use/cli to v2.18.1

​

Session Persistence & CLI Improvements

• Fix: Session recovery after restart returns 400 fix; distributed SSE stream routing via Redis Pub/Sub
• Enhancement (@mcp-use/cli): mcp-use build runs tool registry type generation before TypeScript compilation when server file exists
• Enhancement (@mcp-use/cli): --root-dir option for deploy command for monorepo support
• Fix (create-mcp-use-app): Remove flickering behaviour from npm i
• Update: Updated @mcp-use/inspector to v0.24.1
• Update: Updated @mcp-use/cli to v2.18.0
• Update: Updated create-mcp-use-app to v0.14.4

​

Proxy Servers & Client Completion

• New: MCPServer.proxy() for composing multiple MCP servers into a single aggregator — automatic orchestration, schema translation, namespacing, list-changed multiplexing
• New: Client-side completion support — complete() on BaseConnector, MCPSession, and useMcp; refreshResourceTemplates(); prompt argument and resource template URI autocomplete
• New: ctx.client.user() for per-invocation end-user metadata (subject, conversationId) from tools/call params
• Enhancement: ctx.client.supportsApps() now correctly returns true for MCP Apps clients (fixed ClientCapabilitiesSchema extensions stripping)
• Enhancement: autoReconnect options — configurable health check interval, reconnection delay, timeout via reconnectionOptions
• Enhancement: sendFollowUpMessage accepts MessageContentBlock arrays (text, image, resource blocks) per SEP-1865
• Enhancement: Host info and capabilities — hostInfo, hostCapabilities in useWidget; getHostInfo, getHostCapabilities on McpAppsBridge
• Fix: Express middleware types — proper TypeScript types for server.use() with Express middleware (auto-detected and adapted)
• Fix: Session isolation — findSessionContext no longer falls back to arbitrary session, preventing metadata leakage
• Fix: Remove deprecated @types/tar; update tar to latest (cli, create-mcp-use-app)
• Update: Updated @mcp-use/inspector to v0.24.0
• Update: Updated @mcp-use/cli to v2.17.0
• Update: Updated create-mcp-use-app to v0.14.3
• Documentation: Per-server elicitation and sampling callbacks examples; proxy servers section

​

CLI Tunnel Support

• New (@mcp-use/cli): Support for --tunnel flag with full ChatGPT HMR
• Update: Updated @mcp-use/inspector to v0.23.1
• Update: Updated @mcp-use/cli to v2.16.0

​

Inspector Embedded Chat

• Enhancement (@mcp-use/inspector): Improved embedded chat
• Update: Updated @mcp-use/inspector to v0.23.0
• Update: Updated @mcp-use/cli to v2.15.4

​

Inspector Standalone Deployment Fix

• Fix (@mcp-use/inspector): Standalone deployment was importing the version from the wrong path
• Update: Updated @mcp-use/inspector to v0.22.3
• Update: Updated @mcp-use/cli to v2.15.3

​

Health Monitoring & MCPAgentOptions

• Enhancement: getAuthHeaders parameter to startConnectionHealthMonitoring for customizable authentication headers during health checks; HEAD requests allowed without authentication
• Enhancement: exposeResourcesAsTools and exposePromptsAsTools options in MCPAgentOptions (both default to true); inspector chat tab sets both to false so agent only exposes actual MCP tools
• Update: Updated @mcp-use/inspector to v0.22.2
• Update: Updated @mcp-use/cli to v2.15.2

​

Widget Status Texts & CSP Handling

• New: invoking and invoked properties in widget metadata for customizable status messages during tool execution
• Breaking: McpUseProvider no longer includes BrowserRouter; add it explicitly if your widget uses react-router
• Enhancement: MCPAppsDebugControls CSP mode violation indicators; sandbox-proxy strips existing CSP meta tags before injecting permissive CSP
• Fix (create-mcp-use-app): Unify logo display across all CLI entry paths
• Update: Updated @mcp-use/inspector to v0.22.1
• Update: Updated @mcp-use/cli to v2.15.1

​

Widget Debug & CSP Improvements

• New: CLI update check notifies when a newer mcp-use release is available
• Fix: CLI TSC build uses node with increased heap; avoid npx installing wrong package
• Fix: CLI fallback MCP_URL when tunnel is unavailable
• New (create-mcp-use-app): @types/react and @types/react-dom in template devDependencies
• Enhancement: Slim down generated READMEs; improve mcp-apps template (Carousel, product-search-result widget); include .mcp-use in tsconfig; fix postinstall script
• Fix: create-mcp-use-app product-search-result template styling and CSP metadata
• Enhancement: Iframe Console with expandable logs, level filter, search, resizable height
• New: Widget debug context for chat; MCP Apps debug controls (tool props JSON view, required props hint, SEP-1865 semantics)
• New: CDN build for inspector; CSP violations panel with clear action; widget re-execution on CSP mode change; CSP mode for Apps SDK
• Fix: useSyncExternalStore first-render handling; reconnect logic; Tools tab only sends explicitly set fields; resource annotations include _meta
• Fix: mcp-use widget CSP fallback from tool metadata; protocol and mount-widgets-dev improvements
• Enhancement: useWidget merges props from toolInput and structuredContent per SEP-1865
• New: updateModelContext and useMcp clientOptions
• Fix: WorkOS subdomain config to accept full AuthKit domain (e.g., name.authkit.app)
• Update: Updated @mcp-use/inspector to v0.22.0
• Update: Updated @mcp-use/cli to v2.15.0

​

CLI Skills & Template Updates

• New (@mcp-use/cli): mcp-use skills add and mcp-use skills install commands to install AI agent skills (Cursor, Claude Code, Codex) from the mcp-use repository
• Enhancement (create-mcp-use-app): Add @types/react and @types/react-dom to template devDependencies
• Update: Updated @mcp-use/inspector to v0.21.1
• Update: Updated @mcp-use/cli to v2.14.0

​

Tool Schema & Type Testing Improvements

• Fix: Correctly convert nested input schema args for tools
• New: Added everything-server example for compile-time type regression testing
• Update: Updated @mcp-use/inspector to v0.21.0
• Update: Updated @mcp-use/cli to v2.13.10

​

MCPApps & Widget Loading Enhancements

• Enhancement: Improved MCPAppsRenderer loading logic with better state management
• Enhancement: Enhanced useWidget for iframe handling
• Update: Updated @mcp-use/inspector to v0.20.1
• Update: Updated @mcp-use/cli to v2.13.9

​

Client Conformance & Type Safety Improvements

• New: Client implementation is now 100% conformant with the MCP spec
• Enhancement: Node.js client handles stdio connector directly with command/argument configuration
• Fix: error() return type now compatible with tool callbacks using outputSchema
• Fix: Fixed TypedCallToolResult type inference with explicit properties instead of Omit
• Fix: Enhanced prompt() method generic type inference to match tool() pattern
• Enhancement: Console output routes through Logger class with improved consistency; added tests for logLevel
• Enhancement: Added support for additional Vitest file extensions in config
• Fix: Correct MIME type for mcp_apps resource counting; disabled telemetry in local tests
• Update: Updated @mcp-use/inspector to v0.20.0
• Update: Updated @mcp-use/cli to v2.13.8

​

@mcp-use/cli v2.13.8

• Enhancement: Improved loading states with spinner component
• Fix: Correct MIME type for mcp_apps resource counting

​

create-mcp-use-app v0.13.0

• New: Interactive prompts for optional skills installation (claude-code, cursor, codex)
• New: --install and --no-install CLI flags for non-interactive mode
• Fix: Corrected template reference in test-cli.sh

​

DNS Rebinding Protection & Deferred Client Callbacks

• New: allowedOrigins configuration on MCPServer for DNS rebinding protection and host validation; docs and example (curl tests) added
• Enhancement: McpClientProvider defers onServerAdded and onServerStateChange callbacks via queueMicrotask to avoid render-phase updates and improve stability
• Update: Updated @mcp-use/inspector to v0.19.0
• Update: Updated @mcp-use/cli to v2.13.7

​

Widget Resource Propagation & Log Noise Reduction

• Fix: Reduced noisy logs in the dev server
• Fix: Propagated widget resources and resource templates to already-connected MCP sessions during HMR to avoid Resource ui://widget/... not found errors without reconnecting
• Update: Updated @mcp-use/inspector to v0.18.9
• Update: Updated @mcp-use/cli to v2.13.6

​

Inspector Reliability Alignment

• Enhancement: Pulled in inspector fixes for widget readiness resets and safer iframe global update handling
• Update: Updated @mcp-use/inspector to v0.18.8
• Update: Updated @mcp-use/cli to v2.13.5

​

UI Resource Metadata & CSP Injection Fixes

• Fix: UI resource metadata enrichment now guarantees metadata initialization before applying origin-based updates
• Enhancement: Server origin is now consistently injected into widget CSP fields (resourceDomains, connectDomains, baseUriDomains)
• Update: Updated @mcp-use/inspector to v0.18.7
• Update: Updated @mcp-use/cli to v2.13.4

​

useWidget Type Inference Improvements

• Enhancement: UseWidgetResult now uses a discriminated union on isPending for more accurate TypeScript inference
• Enhancement: Added UseWidgetResultBase to separate shared fields from pending-state-specific props
• Update: Updated @mcp-use/inspector to v0.18.6
• Update: Updated @mcp-use/cli to v2.13.3

​

Resource Template Completion & Reverse Proxy Support

​

Resource Template Completion

• New: Resource template variable completion — templates can define callbacks.complete per variable (string array or callback) for client-side autocomplete of URI template variables
• New: toResourceTemplateCompleteCallbacks utility for normalizing completion definitions
• New: MCP servers now publish completion capabilities

​

HMR & Reverse Proxy Improvements

• New: Custom HTTP route HMR — routes registered via server.get(), server.post(), etc. now hot-swap without restart
• New: Widget tool protection during HMR — tools tagged with _meta["mcp-use/widget"] preserved during sync
• New: Dynamic widget creation — resources/ directory auto-created, dev server watches for new widgets even if none exist at startup
• New: Vite HMR WebSocket proxy for hot-reload through reverse proxies (ngrok, E2B, Cloudflare tunnels)
• New: MCP_URL environment variable can be pre-set by users for external proxy URLs; CLI will not overwrite it
• New: window.__mcpServerUrl global injected into widget HTML for dynamic API URL construction
• Enhancement: List-changed notifications now fire on removal, not just add/update
• Enhancement: Pre-initialized request handlers prevent -32601 Method not found errors on dynamic tool registration
• Enhancement: Widget type default changed to mcpApps (dual-protocol) instead of appsSdk

​

Dependencies

• Update: Updated @mcp-use/inspector to v0.18.5
• Update: Updated @mcp-use/cli to v2.13.2

​

HMR Improvements & Widget Enhancements

​

HMR & Server Improvements

• Fix: Tool schema preservation during HMR now uses Zod schemas directly instead of converting to params
• Fix: Empty schema changed from {} to z.object({}) to ensure safeParseAsync works correctly
• Enhancement: Prompts now support tool response helpers (text(), object(), image(), etc.) via automatic conversion to GetPromptResult
• Enhancement: Resources now support tool response helpers via automatic conversion to ReadResourceResult
• Enhancement: Widget resources (ui://widget/*) and resource templates preserved during HMR
• Enhancement: Enhanced prompt conversion to handle edge cases (single content objects, bare content items, mixed content arrays)

​

CLI Build Improvements

• New: Build manifest with entryPoint tracking written to dist/mcp-use.json for reliable server location
• Enhancement: Support for multiple TypeScript output paths (dist/index.js, dist/src/index.js, custom paths)
• Enhancement: Start command reads entryPoint from manifest for accurate server location
• Enhancement: Clear error messages when no built server file is found, listing all attempted locations

​

Widget Improvements

• Fix: Widget pending state now correctly emulated to reflect ChatGPT behavior
• Enhancement: Immediate widget rendering during pending states
• Enhancement: Enhanced widget lifecycle management with better tool output handling
• New: Delayed weather tool example (get-weather-delayed) in conformance server for testing widget lifecycle

​

Dependencies

• Update: Updated @modelcontextprotocol/sdk to v1.26.0 (with Zod 4 compatibility patch)
• Update: Updated @mcp-use/inspector to v0.18.4
• Update: Updated @mcp-use/cli to v2.13.1
• Update: Updated create-mcp-use-app to v0.12.3

​

CLI Manufact Rebrand

​

CLI Rebrand

• Enhancement: Updated CLI branding from “mcp-use” to “Manufact”
• Enhancement: Changed default web URL from mcp-use.com to manufact.com for login flow
• Fix: Fixed 431 “Request Header Fields Too Large” error by increasing callback server header limit to 16KB
• Enhancement: Updated dashboard, inspector, and settings URLs to use manufact.com domain
• Enhancement: Gateway domain remains run.mcp-use.com for backward compatibility with existing deployments

​

Dependencies

• Update: Updated @mcp-use/cli to v2.13.0
• Update: Updated @mcp-use/inspector to v0.18.3

​

Widget Behavior Fix

• Fix: Widget pending state now correctly emulated to reflect ChatGPT behavior
• Update: Updated @mcp-use/inspector to v0.18.2
• Update: Updated @mcp-use/cli to v2.12.6

​

Widget CSP Enhancement

• Fix: Auto-inject server origin into connectDomains CSP
• Enhancement: Widgets can now make fetch/XHR/WebSocket calls back to the MCP server without explicitly declaring the domain
• Fix: Corrected oversight where CHANGELOG mentioned connectDomains injection but it was not implemented

​

Prompt Autocomplete & Dynamic CSP

​

New Features

• New: completable() helper for prompt argument autocomplete
• New: Dynamic CSP domain injection for widgets at tools/list time

​

Enhancements

• Enhancement: Request origin (from X-Forwarded-Host or Host header) now automatically added to connectDomains and resourceDomains in tool metadata
• Enhancement: Widgets now work correctly when accessed through proxies like ngrok, Cloudflare tunnels, or other reverse proxies
• Enhancement: Server origin automatically enriched in widget CSP metadata

​

Dependencies

• Update: Updated @mcp-use/inspector to v0.18.0
• Update: Updated @mcp-use/cli to v2.12.4

​

HMR & Theme Fixes

• Fix: HMR not working when server starts with 0 tools initially
• Fix: Dark mode can now be enabled through theme URL parameter
• Update: Updated @mcp-use/inspector to v0.17.3
• Update: Updated @mcp-use/cli to v2.12.3

​

HMR File Watcher Fix

• Fix: HMR file watcher exhausting inotify limits by properly ignoring node_modules
• Fix: Prevented ENOSPC errors in containerized environments caused by watching files inside node_modules/ despite ignore patterns
• Update: Updated @mcp-use/inspector to v0.17.2
• Update: Updated @mcp-use/cli to v2.12.2

​

CLI Deployment Enhancement

• Enhancement: CLI getMcpServerUrl() function for improved deployment URL handling
• Update: Updated @mcp-use/cli to v2.12.1
• Update: Updated @mcp-use/inspector to v0.17.1

​

MCP Apps Support & Landing Pages

​

MCP Apps Support

• New: Dual-protocol support enabling widgets to work with both MCP Apps and ChatGPT Apps SDK
• New: MCPAppsRenderer component for advanced debugging and visualization
• New: MCPAppsDebugControls component for widget debugging
• New: Sandboxed iframe support with console logging and safe area insets for isolated widget rendering
• New: Widget adapters (MCP Apps, Apps SDK) with protocol helpers for seamless cross-protocol compatibility
• New: MCP Apps documentation and example server

​

Landing Pages

• New: generateLandingPage() function that generates styled HTML landing pages for browser GET requests
• New: Connection instructions for Claude Code, Cursor, VS Code, VS Code Insiders, and ChatGPT on landing pages
• Enhancement: Browser host normalization for server connections in CLI

​

Bug Fixes & Security

• Fix: MCP server landing now shows the external URL instead of the internal URL
• Fix: Zod JIT compilation to prevent CSP violations in sandboxed environments
• Security: Fixed vulnerabilities in dependencies

​

Dependencies

• Update: Updated @mcp-use/inspector to v0.17.0
• Update: Updated @mcp-use/cli to v2.12.0

​

Widget Rendering & Session Management Improvements

​

Widget Rendering & Session Management

• Fix: Widget iframe reload by adding timestamp query parameter to force refresh when widget data changes
• Fix: Retry logic with exponential backoff for dev widget fetching to handle Vite dev server cold starts
• Fix: Default session idle timeout changed from 5 minutes to 1 day (86400000ms) to prevent premature session expiration
• Fix: Session lastAccessedAt tracking now updates both persistent store and in-memory map
• Fix: _meta merging now preserves existing fields (e.g., openai/outputTemplate) when updating tools and widgets
• Enhancement: Support for frame_domains and redirect_domains in widget CSP metadata

​

CLI Improvements

• Fix: Environment variables, build command, start command, and port configuration now properly passed during redeployment

​

Documentation

• Fix: Updated sessionIdleTimeoutMs default value documentation from 5 minutes to 1 day across multiple files

​

Dependency Updates

• Update: Updated dependencies to @mcp-use/inspector v0.16.1 and @mcp-use/cli v2.11.1

​

Server Metadata & Widget Enhancements

​

Server Metadata & Configuration

• New: Server metadata support with title, websiteUrl, and icons fields in MCP server configuration
• New: Inspector UI displays server website URLs and icons for better branding
• Deprecated: autoCreateSessionOnInvalidId config option - use sessionStore for persistent sessions
• Enhancement: Dynamic project name support in server configurations

​

Widget & Development Experience

• Enhancement: HMR support for widget tool management - widgets update immediately without server restart
• Enhancement: Parallel widget building for improved development performance
• Enhancement: ReDoS attack prevention in widget name slugification with input length validation
• Enhancement: Improved widget lifecycle documentation with loading state guidance

​

CLI Improvements

• New: MCP_URL environment variable automatically set in server process for easy access to server URL
• Enhancement: Server process environment now includes MCP_URL in both development and production modes
• Enhancement: CLI now displays all 4 package versions (@mcp-use/cli, mcp-use, @mcp-use/inspector, create-mcp-use-app) in dev and build commands with mcp-use highlighted for clarity

​

API & Protocol

• New: HEAD request support in mountMcp function
• Enhancement: Improved input schema handling in tool registration with better defaults

​

MCP Proxy Middleware

• Enhancement: Improved error logging with better context for debugging
• Enhancement: Connection refused errors now logged as warnings instead of errors
• Enhancement: Error responses include target URL to help identify failing proxy requests
• Enhancement: More detailed error messages for proxy request failures

​

Bug Fixes

• Fix: Anthropic tool_use.id error resolved with LangChain package updates
• Fix: Telemetry shutdown method compatibility with posthog-node v5.22.0
• Fix: Input schema initialization now defaults to empty object when not provided

​

Dependencies

• Update: @langchain/anthropic to 1.3.10 (fixes tool_call ID generation)
• Update: @langchain/core to 1.1.15
• Update: langchain to 1.2.10
• Update: react-resizable-panels to 4.4.1

​

CLI Documentation Enhancement

• Enhancement: Added .gitignore file to CLI package to exclude .mcp-use directory from version control
• Enhancement: Added CLAUDE.md to CLI package with comprehensive guidance on usage, development commands, architecture details, and deployment instructions
• Enhancement: Improved CSRF protection in authentication flow
• Enhancement: Enhanced error handling for GitHub integration in deploy command

​

OAuth Proxy URL Handling Improvements

• Refactor: Changed connectionUrl from let to const to enforce immutability
• Enhancement: Enhanced logic for deriving oauthProxyUrl from callback URL, including handling cases where callback is at root path
• Enhancement: Updated comments to clarify distinction between oauthProxyUrl and connectionUrl
• Fix: Removed clearing of OAuth storage before connecting to maintain valid tokens across sessions

​

Telemetry & Inspector Enhancements

• Fix: Enhanced localStorage checks in Telemetry class to verify both existence and functional methods (getItem, setItem, removeItem)
• Enhancement: Added error handling to throw exception if localStorage is not available or functional
• Enhancement: Inspector now automatically prepends “https://” to URLs without protocol for better user experience
• Enhancement: Improved error handling for invalid URLs in Inspector dashboard and server connection modal
• Enhancement: Added localStorage clearing functionality in Inspector for troubleshooting

​

Dependency Updates & CLI Enhancements

• Fix: Updated dependency hono to 4.11.4
• Enhancement: CLI login command with improved error handling and user feedback
• Enhancement: CLI deployment command now prompts for login if not authenticated
• Enhancement: Added git uncommitted changes check before deployment
• Fix: Removed fromSource option from CLI deployment command
• Enhancement: Simplified authentication UI in Inspector

​

Edge Runtime Fix

• Fix: Enable JSON response in stateless mode for edge runtimes (Deno, Cloudflare Workers)
• Enhancement: Improved reliability of API in various deployment scenarios

​

Hot Module Reloading & OAuth Enhancements

​

Hot Module Reloading (HMR)

• New: HMR support for mcp-use dev command - tools, prompts, and resources update instantly without server restart
• New: Connected clients receive list_changed notifications and auto-refresh
• New: Syntax errors during reload caught gracefully without crashing server
• New: Comprehensive test suite for HMR functionality with integration tests
• Enhancement: CLI uses chokidar to watch file changes with automatic module re-import
• Enhancement: Session persistence during HMR - no client disconnections

​

OAuth & Client Info

• New: Enhanced OAuth proxy to support gateway/proxy scenarios (e.g., Supabase MCP servers)
• New: clientInfo configuration prop for OAuth registration with client metadata (name, version, icons, website)
• New: Server metadata caching with CachedServerMetadata interface for instant display on reconnect
• Enhancement: OAuth metadata URL rewriting from gateway URLs to actual server URLs
• Enhancement: Client info displayed on OAuth consent pages
• Enhancement: Extended StorageProvider interface with metadata methods

​

Inspector & Favicon

• Enhancement: Enhanced favicon detector to try all subdomain levels (e.g., mcp.supabase.com → supabase.com)
• Enhancement: Detection of default vs custom favicons using JSON API response
• Enhancement: Improved logging middleware for API routes
• Enhancement: X-Forwarded-Host support for proxy URL construction in dev

​

Bug Fixes

• Fix: Remove import from “mcp-use” which causes langchain import in server
• Fix: Enhanced synchronization for tools, prompts, and resources during HMR

​

Connection Fix

• Fix: Autoconnect now correctly parses config objects in addition to string URLs

​

Security Fixes & OAuth Improvements

​

Security Fixes

• Security: Fixed 13 vulnerabilities (3 moderate, 10 high)
• Security: Updated langchain to 1.2.3 (fixes serialization injection vulnerability)
• Security: Updated @langchain/core to 1.1.8 (fixes serialization injection vulnerability)
• Security: Updated react-router to 7.12.0 (fixes XSS and CSRF vulnerabilities)
• Security: Added override for qs to >=6.14.1 (fixes DoS vulnerability)
• Security: Added override for preact to >=10.28.2 (fixes JSON VNode injection)

​

OAuth & Connection Improvements

• Fix: Resolved OAuth flow looping issue by removing duplicate fallback logic
• Enhancement: Simplified connection handling with consolidated state management
• Enhancement: Enhanced OAuth authentication flow with improved connection settings
• Enhancement: Improved auto-connect functionality with better proxy handling and error management
• Enhancement: Enhanced theme toggling with dropdown menu for better UX and accessibility

​

Automatic Proxy Fallback & API Improvements

​

Breaking Changes (with Deprecation Warnings)

• Breaking: Renamed customHeaders to headers across all APIs for consistency. Old name still works but shows deprecation warnings.
• Breaking: Renamed samplingCallback to onSampling for consistency with event handler patterns. Old name still works but shows deprecation warnings.
• Deprecated: clientConfig option in favor of deriving configuration from clientInfo

​

New Features

• New: Automatic Proxy Fallback - autoProxyFallback option automatically retries failed connections through proxy on CORS/4xx errors
• New: Provider-level proxy defaults with defaultProxyConfig and defaultAutoProxyFallback props in McpClientProvider
• New: OAuth Proxy Support - oauthProxyUrl configuration to route OAuth discovery and token requests through backend proxy
• New: Configurable clientInfo for MCP connection initialization with full metadata (name, title, version, description, icons, website URL)
• New: Reconnect functionality for failed connections with reconnect button in Inspector UI

​

Improvements

• Enhancement: Better detection of OAuth discovery failures, CORS errors, and connection issues
• Enhancement: OAuth provider uses original target URL for discovery, not proxy URL
• Enhancement: Improved session cleanup to avoid noisy warning logs
• Enhancement: Type safety with deprecation notices in TypeScript types
• Enhancement: Proxy header support - proxyConfig now accepts a headers field for custom headers

​

Bug Fixes

• Fix: Custom headers now correctly included when copying connection configuration from saved tiles
• Fix: HttpConnector automatic reconnection disabled, shifting responsibility to higher-level logic

​

Refactoring

• Refactor: Removed oauth-helper.ts (521 lines), consolidated into browser-provider.ts
• Refactor: Major useMcp hook refactor with automatic retry, better error handling, and proxy fallback support

​

Security Update

• Security: Updated @modelcontextprotocol/sdk to 1.25.2 (fixes ReDoS vulnerability in UriTemplate regex patterns)
• Fix: Updated building script to correctly export types for inspector/client components

​

Browser Compatibility & Multi-Server Support

​

Breaking Changes

• Breaking: Removed winston dependency. The logging system now uses a simple console logger that works in both browser and Node.js environments. See Server Logging for migration guide.

​

Browser Runtime Support

• New: Full browser compatibility - removed Node.js-specific dependencies from browser builds
• New: Enhanced browser.ts entry point with improved browser-specific utilities
• New: Browser utilities:
  • utils/favicon-detector.ts - Detect and extract favicons from URLs
  • utils/proxy-config.ts - Proxy configuration utilities for browser environments
  • utils/mcpClientUtils.ts - MCP client utilities moved from client package
• New: MCPAgent exported for browser usage with BrowserMCPClient instance or through RemoteAgent
• Enhancement: Comprehensive test suite to ensure mcp-use/react and mcp-use/browser do not import Node.js dependencies

​

Multi-Server Support

• New: McpClientProvider component to manage multiple MCP server connections in React applications
• New: Pluggable storage system with LocalStorageProvider and MemoryStorageProvider for flexible server configuration persistence
• New: Dynamic addition and removal of servers in React applications
• New: Multi-server React example demonstrating new capabilities
• Enhancement: Refactored useMcp hook for better multi-server support
• Enhancement: Removed obsolete McpContext (replaced with McpClientProvider)

​

Server Middleware

• New: MCP Proxy Middleware (server/middleware/mcp-proxy.ts) - Hono middleware for proxying MCP server requests with optional authentication and request validation

​

Inspector Enhancements

• Enhancement: Improved UI responsiveness with enhanced mobile and tablet layouts and adaptive component visibility
• Enhancement: Better server management with refactored server connection handling, improved icon display, and status tracking
• Enhancement: Enhanced debugging with detailed logging in Layout and useAutoConnect components for better monitoring of server connection states
• Enhancement: Simplified connection settings by removing deprecated transport types
• Enhancement: Enhanced inspector components for better browser compatibility
• Enhancement: Improved server icon support and component interactions
• Enhancement: Added embedded mode support
• Enhancement: Better configuration handling and MCP proxy integration

​

RPC Logging

• New: Enhanced RPC logging with new rpc-logger module and filtering capabilities to reduce noisy endpoint logging (telemetry, RPC streams). See Client Logging for usage.

​

Architecture Improvements

• Refactor: Separated telemetry into telemetry-browser.ts (browser) and telemetry-node.ts (Node.js) for better environment-specific implementations
• Refactor: Replaced Winston with SimpleConsoleLogger that works across all environments. See Server Logging for configuration details.
• Refactor: Updated tsup.config.ts to exclude Node.js-specific dependencies (winston, posthog-node) from browser builds
• Refactor: Updated components across inspector for cleaner architecture and imports

​

Bug Fixes

• Fix: Prevent rendering loop when autoretry is true in React hooks
• Fix: Respect options timeout in HTTP connector (reduced default timeout from 30 seconds to 10 seconds)
• Fix: Add client SDKs to add to client dropdown in inspector
• Fix: Server connection retrieval in OpenAIComponentRenderer to directly access connections array
• Fix: Linux patch for watch mode
• Fix: Query URL handling in built mode to preserve arguments
• Fix: Enhanced Zod version mapping in TypeScript PR preview workflow
• Fix: Pinned Zod version to 3.24.4 for compatibility with modelcontextprotocol/sdk
• Fix: Updated modelcontextprotocol-sdk references to new package name

​

Documentation

• New: Added troubleshooting section for Zod version conflicts in Supabase deployment
• Enhancement: Updated Supabase deployment documentation with improved compatibility information

​

Documentation Updates - Enhancement: Updated examples and documentation

​

Bug Fixes - Fix: Widget props not picked up when using Zod schemas

​

Session Management Architecture & CLI Client

​

Breaking Changes

• Breaking: WebSocket transport support removed. Use streamable HTTP or SSE transports instead.
• Breaking: LangChain adapter moved from main entry point to mcp-use/adapters subpath. @langchain/core and langchain are now optional peer dependencies.
• Deprecated: autoCreateSessionOnInvalidId server config option. Now follows MCP spec strictly (returns 404 for invalid sessions).

​

Session Management Features

• New: Pluggable session management architecture separating metadata storage (SessionStore) from active connections (StreamManager)
• New: RedisSessionStore for persistent, distributed session metadata storage
• New: RedisStreamManager for cross-server notifications via Redis Pub/Sub
• New: FileSystemSessionStore (dev mode default) persists sessions to .mcp-use/sessions.json for hot reload support
• New: InMemorySessionStore and InMemoryStreamManager (production defaults)
• New: Automatic 404 handling and re-initialization in clients per MCP spec
• New: Convenience methods: sendToolsListChanged(), sendResourcesListChanged(), sendPromptsListChanged()
• Enhancement: Auto-detection of stateless/stateful mode based on client Accept header
• Enhancement: Sessions survive server restarts in dev mode with filesystem storage
• Enhancement: Auto-cleanup of expired sessions (>24 hours)

​

CLI Client Features

• New: Full-featured CLI client for terminal MCP interactions (npx mcp-use client)
• New: Scoped commands for tools, resources, prompts, and session management
• New: Session persistence to ~/.mcp-use/cli-sessions.json across terminal sessions
• New: Interactive REPL mode for server exploration
• New: JSON output mode (--json) for scripting and automation
• New: Multi-session support with session switching
• New: HTTP and stdio server connection support
• New: Formatted output with colored tables for human readability
• New: Automatic session restoration and reconnection
• New: Shell script examples for automation workflows

​

Client Improvements

• New: Auto-refresh tools/resources/prompts when receiving list change notifications
• New: Manual refresh methods: refreshTools(), refreshResources(), refreshPrompts(), refreshAll()
• New: Automatic 404 handling and re-initialization per MCP spec
• Enhancement: Deprecated sse transport type in React (use http or auto)

​

Additional Features

• New: CommonJS module support - full compatibility with require() syntax
• New: Favicon support for widget pages with automatic serving and long-term caching
• New: Enhanced session methods: callTool() defaults args to empty object, new requireSession() method
• New: Session architecture documentation with ARCHITECTURE.md
• New: Comparison guide with other MCP implementations (tmcp, FastMCP, xmcp, official SDK)
• New: Comprehensive environments guide (Node.js, Browser, React, CLI)

​

Documentation

• New: Session Management guide with storage provider documentation (Memory, FileSystem, Redis)
• New: CLI Client documentation with usage examples and scripting patterns
• New: Environments guide explaining usage across different JavaScript runtimes
• New: Comparison documentation analyzing mcp-use vs other implementations
• Enhancement: Major documentation restructuring for better organization
• Enhancement: Removed/consolidated outdated guides (direct-tool-calls, sandbox, connection-types)
• Enhancement: Updated agent documentation with improved examples

​

Widget Improvements

• Enhancement: Automatic cleanup of stale widget directories in .mcp-use folder
• Enhancement: Dev mode watches for widget file/directory deletions and cleans up build artifacts
• Fix: Fixed widget styling isolation - widgets no longer pick up mcp-use styles
• Fix: Fixed favicon URL generator for proper asset resolution
• Fix: Fixed transport cleanup when session becomes idle

​

Testing & Quality

• New: Comprehensive test suite for session stores (498 lines)
• New: Stream managers test suite (478 lines)
• New: Widget data flow tests (496 lines)
• New: CLI integration tests (242 lines)
• New: CommonJS compatibility tests (256 lines)
• New: Documentation example tests (agent, prompts, tools)
• New: Client 404 re-initialization tests
• Enhancement: Improved test coverage across all major features

​

Dependencies & Compatibility

• Enhancement: Added support for Node.js >= 18
• Enhancement: CommonJS builds for all entry points
• Enhancement: Migrated from react-router-dom to react-router for better compatibility
• Enhancement: Repository metadata added to package.json
• Enhancement: Dependency updates and optimizations

​

Fixes

• Fix: Agent access to resources and prompts
• Fix: Import paths in CLI to avoid mixing dependencies
• Fix: UUID generation and URL handling improvements
• Fix: Various formatting and linting improvements

​

API Improvements & Session Management

​

Breaking Changes

• Breaking: Renamed createMCPServer() factory function to MCPServer class constructor. Factory function still available for backward compatibility but new code should use new MCPServer({ name, ... }).
• Breaking: Replaced session.connector.tools, session.connector.callTool(), etc. with direct session methods: session.tools, session.callTool(), session.listResources(), session.readResource(), etc.
• Breaking: Standardized OAuth environment variables to MCP_USE_OAUTH_* prefix (e.g., AUTH0_DOMAIN → MCP_USE_OAUTH_AUTH0_DOMAIN).

​

New Features

• New: Client Capabilities API with ctx.client.can() and ctx.client.capabilities() to check client capabilities in tool callbacks
• New: Session Notifications API with ctx.sendNotification() and ctx.sendNotificationToSession() for sending notifications from tool callbacks
• New: Session Info API with ctx.session.sessionId to access current session ID in tool callbacks
• New: Resource Template Flat Structure support with uriTemplate directly on definition (in addition to nested structure)
• New: Resource Template Callback Signatures now support multiple signatures: (), (uri), (uri, params), (uri, params, ctx)
• New: Type Exports for CallToolResult, Tool, ToolAnnotations, PromptResult, GetPromptResult types

​

Improvements

• Enhancement: Enhanced type inference for resource template callbacks with better overload support
• Enhancement: Server now captures and stores client capabilities during initialization
• Enhancement: Added convenience methods to MCPSession for all MCP operations (listResources, readResource, subscribeToResource, listPrompts, getPrompt, etc.)
• Enhancement: Major documentation refactoring and restructuring for better organization

​

Fixes (v1.10.1 - v1.10.6)

• Fix: Stateless mode for Deno runtime
• Fix: Added CORS support to getHandler() method
• Fix: Deno 5 compatibility improvements
• Fix: Deno 3 compatibility fixes
• Fix: Zod error handling improvements
• Fix: Zod import in official SDK
• Fix: Clear transport when session becomes idle
• Fix: Allow agent to access resources and prompts
• Enhancement: Added repository metadata in package.json

​

Elicitation Support

• New: Simplified API with ctx.elicit(message, zodSchema) and ctx.elicit(message, url) with automatic mode detection
• New: Form Mode for structured data collection with Zod schema validation and full TypeScript type inference
• New: URL Mode to direct users to external URLs for sensitive operations (OAuth, credentials)
• New: Server-side validation with automatic Zod validation and clear error messages
• New: Client support via elicitationCallback to MCPClient and onElicitation to React useMcp hook
• Enhancement: Type-safe return types automatically inferred from Zod schemas
• Enhancement: Configurable timeout with 5-minute default for user interactions
• Fix: Transport bug fixes

​

Sampling Support

• New: LLM sampling capabilities in inspector
• Fix: Long running sampling requests no longer timeout after 60 seconds
• Enhancement: Better handling of extended sampling operations

​

OAuth Authentication System

• New: Complete OAuth 2.0 authentication framework with built-in providers (Auth0, WorkOS, Supabase, Keycloak)
• New: OAuth middleware and routes for server-side OAuth flow handling with automatic token management
• New: OAuth callback component in inspector for authentication flows
• New: Context storage with async local storage for request-scoped context in servers
• New: Response helpers for standardized HTTP responses and error handling
• New: Runtime detection utilities for Node.js, Bun, and Deno environments
• New: Server authentication examples for Auth0, WorkOS, and Supabase
• Enhancement: Enhanced useMcp hook with improved connection management and OAuth support
• Enhancement: Enhanced inspector dashboard with OAuth configuration UI
• Enhancement: Better authentication flow handling with OAuth integration
• Enhancement: Enhanced HTTP connectors with OAuth token handling
• Fix: Dependency optimizations and AI SDK updates

​

Notifications & Sampling

• New: Bidirectional notification support between clients and servers with handler registration
• New: LLM sampling allowing MCP tools to request completions from connected clients
• New: Widget build ID support for cache busting in widget UI resources
• New: Inspector notifications tab with real-time display
• New: Server capabilities modal showing supported MCP features
• Enhancement: Refactored HTTP transport to reuse sessions across requests with configurable idle timeout
• Enhancement: Session management with tracking and automatic cleanup
• Enhancement: Roots support in connectors and session API
• Enhancement: Session event handling API for notification registration
• Enhancement: Server methods for session management and targeted notifications
• Enhancement: Enhanced search_tools with metadata (total_tools, namespaces, result_count)
• Enhancement: RPC message logging support in inspector

​

OpenAI Apps SDK Integration

• New: McpUseProvider component combining React setup (StrictMode, ThemeProvider, BrowserRouter, ErrorBoundary)
• New: WidgetControls component with debug overlay and view controls (fullscreen, PIP)
• New: useWidget hook for type-safe React adapter to OpenAI Apps SDK API
• New: ErrorBoundary component for graceful error handling
• New: Image component handling data URLs and public file paths
• New: ThemeProvider for consistent theme management
• New: WidgetInspectorControls for inspector-specific debugging
• New: Console proxy toggle for iframe console logs
• New: Product search result widget template with carousel and accordion components
• New: Folder-based widget support with automatic detection
• New: Public folder support for static assets
• Enhancement: Enhanced SSR configuration with proper Vite settings
• Enhancement: Improved OpenAI component renderer with better height calculation
• Enhancement: Enhanced tool result display with multiple content types
• Enhancement: Resizable panels with collapse support
• Enhancement: Better widget security headers and CSP configuration

​

Code Mode

• New: Code Mode feature allowing agents to execute code using MCP tools
• New: VMCodeExecutor for local execution environments
• New: E2BCodeExecutor for remote execution in cloud sandboxes
• New: CodeModeConnector for tool discovery and execution
• Enhancement: Enhanced MCPClient with code execution configuration
• Enhancement: Comprehensive tests for code execution functionality

​

Edge Runtime Support

• Major: Migrated from Express to Hono framework for edge runtime support (Cloudflare Workers, Deno Deploy, Supabase)
• New: Runtime detection for Deno and Node.js environments
• New: Connect middleware adapter for compatibility
• New: getHandler() method for edge deployment
• New: Supabase deployment documentation and templates
• Enhancement: Improved MCPAgent message detection with robust helpers for different LangChain formats
• Enhancement: Fixed server base URL handling for proper connection and routing
• Enhancement: Better auto-connection logic with error handling and retry mechanisms
• Enhancement: Enhanced useMcp hook with improved connection state management

​

LangChain 1.0.0 Support

• Major: Support for LangChain 1.0.0
• Fix: Model type compatibility for LangChain 1.0.0
• Fix: Apps SDK metadata setup from widget build
• Enhancement: Set CLI and inspector as dependencies

​

Apps SDK Initial Integration

• New: OpenAI Apps SDK integration with UI resource type
• New: Enhanced MCP-UI adapter for Apps SDK metadata
• New: Resource URI format supporting ui://widget/ scheme
• New: Tool definitions with Apps SDK-specific metadata
• Enhancement: Comprehensive test suite for Apps SDK resources
• Refactor: Renamed fn to cb in tool and prompt definitions for consistency
• Refactor: Updated resource definitions to use readCallback