Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mcp-use.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

v1.25.1
April 2026

OAuth error handling, Supabase endpoints & CLI bundling

Patch release fixing OAuth error redirects, Supabase OAuth 2.1 endpoints, CLI bundling for Node ESM, bun build compatibility, create-mcp-use-app dot-directory init, and Inspector 3.0.1 (see inspector changelog).
  • Fix: OAuth callback redirects back to the inspector with error parameters when authorization fails (user denies, server error) instead of surfacing a raw error page with stack traces; the inspector surfaces these as a persistent toast (#1381)
  • Fix: SupabaseOAuthProvider endpoint getters now return OAuth 2.1 paths (/auth/v1/oauth/authorize, /auth/v1/oauth/token) instead of the legacy /auth/v1/authorize and /auth/v1/token (#1422)
  • Fix (@mcp-use/cli): mcp-use build is non-fatal under the bun runtime — detects bun, skips tsx/esm/api type-generation with a warning, wraps the build in try/catch, and runs tsc via process.execPath instead of hardcoded node (#1382)
  • Fix (@mcp-use/cli): bundle each server entry with esbuild (bundle: true, packages: "external") so extensionless relative TypeScript imports resolve under plain Node ESM without ERR_MODULE_NOT_FOUND (#1357)
  • Fix (create-mcp-use-app): allow . as project name to initialize in the current directory; errors if the directory is not empty (#1413)
  • Enhancement (@mcp-use/inspector): OAuth single-tab redirect, session-storage reconnect, Hono duck-type detection, widget z-index, free-tier embed UI, managed LLM embed chrome (see inspector changelog)
  • Update: Updated @mcp-use/inspector to v3.0.1
  • Update: Updated @mcp-use/cli to v3.1.1
  • Update: Updated create-mcp-use-app to v0.14.10
v1.25.0
April 2026
Release 1.25.0

OAuth DCR-direct, Next.js drop-in & CLI 3.1

Minor release refactoring built-in OAuth providers to DCR-direct by default, adding a Next.js MCP drop-in via --mcp-dir, CLI 3.1 with better org and session handling, and Inspector 3.0 (see inspector changelog).
  • New: oauthProxy helper for building proxy-mode providers (Google, GitHub, or any upstream authorization server that does not support Dynamic Client Registration) — complements the new DCR-direct default (#1321)
  • New: jwksVerifier helper for JWKS-based token verification inside custom providers (#1321)
  • New: Auth0 OAuth proxy example under examples/server/oauth/auth0-proxy demonstrating the new proxy pattern
  • Update: Built-in providers (Auth0, WorkOS, Supabase, Keycloak, Better Auth) now only support DCR-direct — clients talk to upstream authorization servers directly, and provider configurations no longer accept clientId / clientSecret (#1321)
  • Update: verifyToken is now a required function on custom providers (#1321)
  • Fix: OAuth authenticate() preserves the pathname component (for example /api/auth) when the authorization server uses a basePath, instead of collapsing the URL to its origin (#1360)
  • New: Next.js drop-in — mcp-use dev/build/start --mcp-dir <dir> lets a Next.js app colocate an MCP server (default src/mcp/), share @/* aliases, Tailwind, and the app’s component library; the CLI auto-shims Next.js server-runtime modules (server-only, client-only, next/cache, next/headers, next/navigation, next/server) when next is detected, loads the Next.js env cascade in the MCP server process, and widget builds fail fast when a widget transitively imports a server-only module (#1332)
  • New (@mcp-use/cli): mcp-use login --org <slug|id|name> for non-interactive org selection; login fails fast without a TTY and no --org instead of hanging on stdin (#1379)
  • New (@mcp-use/cli): ORG column in mcp-use deployments list output (#1378)
  • Fix (@mcp-use/cli): mcp-use deploy --org <org> now respects the flag when .mcp-use/project.json links to a server in a different org — CLI warns and creates a new server in the requested org instead of silently redeploying to the linked one (#1380)
  • Fix (@mcp-use/cli): mcp-use login validates the stored API key against the backend before short-circuiting with “already logged in”; expired or revoked keys drop into device-auth automatically, and authenticated commands (whoami, org, servers, deployments, env) funnel 401s through a shared handler with a “session expired — run npx mcp-use login” hint (#1383)
  • Fix (@mcp-use/cli): mcp-use start auto-discovers an available port when the default port is in use (#1377)
  • Enhancement (@mcp-use/inspector): Inline elicitation in the chat thread, Open Graph and Twitter Card meta tags on the hosted inspector (see inspector changelog)
  • Enhancement (create-mcp-use-app): Only copy the mcp-apps-builder skill into new projects; skip the deprecated mcp-builder and chatgpt-app-builder skills (#1375)
  • Documentation: New oauth-proxy provider guide and refactored provider pages (Auth0, WorkOS, Supabase, Keycloak, Better Auth, custom); new Next.js drop-in guide; updated CLI reference
  • Update: Updated @mcp-use/inspector to v3.0.0
  • Update: Updated @mcp-use/cli to v3.1.0
  • Update: Updated create-mcp-use-app to v0.14.9
v1.24.2
April 2026
Patch release adding optional colorScheme on McpUseProvider, a server landing deeplink to the hosted inspector, stronger deploy behavior in @mcp-use/cli, cloud server environment-variable commands, and Inspector 2.2 (see inspector changelog).
  • New: colorScheme on McpUseProvider (default false) — when false, ThemeProvider does not set color-scheme on the document root so transparent iframe backgrounds stay transparent; opt in with true for native scrollbars / light-dark() in widgets
  • Fix: Server landing routes include a deeplink to open the MCP server in the hosted manufact inspector
  • New (@mcp-use/cli): mcp-use servers env subcommands to list, create, update, and delete environment variables on cloud servers (#1372)
  • Fix (@mcp-use/cli): mcp-use deploy surfaces failures from mutating git commands (init, commit, push), normalizes the default branch to main before push, verifies a commit exists, and shell-quotes commit messages (#1354)
  • Update (@mcp-use/cli): Deploy treats HTTP 401 as an invalid or expired API session and prompts re-authentication instead of misreporting GitHub App connection state (#1356)
  • Enhancement (@mcp-use/inspector): Hosted chat configuration, copy/export chat, inspector LLM stack without LangChain, OAuth popup close page, and related UX (see inspector changelog)
  • Update: Updated @mcp-use/inspector to v2.2.0
  • Update: Updated @mcp-use/cli to v3.0.2
v1.24.1
April 2026

OAuth fetch cleanup when switching transports

Patch release fixing OAuth in the embedded inspector when switching from Via Proxy to Direct — BrowserOAuthClientProvider restores window.fetch when useMcp unmounts so a stale proxy interceptor cannot break direct flows.
  • Fix: Restore the window.fetch interceptor installed by BrowserOAuthClientProvider when useMcp unmounts — resolves “Protected resource does not match” after switching from Via Proxy to Direct
  • Fix (@mcp-use/inspector): Same fetch lifecycle in the inspector client (see inspector changelog)
  • Update: Updated @mcp-use/inspector to v2.1.0
  • Update: Updated @mcp-use/cli to v3.0.1
v1.24.0
April 2026
Release 1.24.0

OAuth scopes, telemetry & CLI 3

Minor release for mcp-use with OAuth scope customization, telemetry, sub-path OAuth routing, and a Generative-AI JSON Schema fix; major @mcp-use/cli release with device-flow auth and manufact API alignment; Inspector 2.0 (see inspector changelog).
  • New: Configurable OAuth scopes — scopesSupported on shared OAuth config and built-in providers
  • Fix: CustomProviderConfig matches documented fields (jwksUrl, scopesSupported, userInfoEndpoint, clientId, clientSecret, mode, audience); optional getClientId(), getUserInfoEndpoint(), and getAudience() on OAuthProvider; OAuth routes use those accessors instead of unsafe casts
  • New: Telemetry support with browser and Node implementations and related dependency updates
  • New: defaultCallbackUrl on McpClientProvider so OAuth redirect URLs stay correct when the UI is mounted under a path basename (for example embedded inspector at /inspector)
  • Fix: Google provider tool schemas — use z.object({}).catchall() instead of z.record() so emitted JSON Schema omits propertyNames, which Google’s API rejects
  • Fix: Windows path handling in server and tooling code paths
  • Enhancement: Several internal log lines moved from info to debug to reduce noise in normal operation
  • Fix (@mcp-use/inspector): OAuth callback URL when the inspector basename is /inspector; thinking indicator after streamed assistant messages; tab persistence across refresh (see inspector changelog)
  • New (@mcp-use/cli): Device-flow authentication for login and session refresh against the cloud
  • Update (@mcp-use/cli): CLI refactored to new manufact cloud APIs across deploy, auth, organization, and server commands
  • Fix (@mcp-use/cli): Deployment flow when linking GitHub repositories (#1331)
  • Update: Updated @mcp-use/inspector to v2.0.0
  • Update: Updated @mcp-use/cli to v3.0.0
v1.23.1
April 2026

Embedded inspector without LangChain

Patch release fixing embedded inspector when the agent graph is not installed, and clearer diagnostics when mounting the inspector UI fails.
  • Fix: Export telFetch from mcp-use/telemetry/tel-fetch (tsup build) so inspector server code does not import the root mcp-use entry, which eagerly loads the agent stack — fixes embedded inspector when langchain is not installed
  • Fix: Log inspector UI mount failures in development or when MCP_USE_DEBUG is set (production remains quiet)
  • Fix (@mcp-use/inspector): telFetch import uses the telemetry subpath (see inspector changelog)
  • Update: Updated @mcp-use/inspector to v1.0.1
  • Update: Updated @mcp-use/cli to v2.21.4
v1.23.0
April 2026
Release 1.23.0

Better Auth, server metadata & Inspector 1.0

Minor release adding a Better Auth OAuth provider, metadata-only client updates, dependency hardening, and a major Inspector release.
  • New: Better Auth OAuth provider for MCP servers — see authentication docs and examples/server/oauth/better-auth
  • New: updateServerMetadata() on McpClientProvider updates display metadata without reconnecting; connection-affecting changes still use updateServer()
  • Fix: Windows-compatible ESM import paths for dev and tooling
  • Enhancement (@mcp-use/inspector): Stream protocol in chat, disabledTools, editable server aliases with shared display-name resolution, tab persistence and URL sync, tool-invocation serialization and screenshots (see inspector changelog)
  • Update: Vite 8.0.5, Hono 4.12.12, @hono/node-server 1.19.13 across the TypeScript workspace
  • Fix: Tighter pnpm overrides and lockfile refresh for pnpm audit; lodash override in the mcp-apps scaffold template for standalone installs
  • Documentation: updateServerMetadata in the useMcpClient API reference; authentication overview links to the Better Auth guide
  • Update: Updated @mcp-use/inspector to v1.0.0
  • Update: Updated @mcp-use/cli to v2.21.3
  • Update: Updated create-mcp-use-app to v0.14.8
v1.22.3
March 2026

Inspector dependency & bundling alignment

Patch release adjusting how @mcp-use/inspector depends on mcp-use so bundling and shared types both work.
  • Fix (@mcp-use/inspector): Restore mcp-use as both a dependency and peerDependency — needed to bundle non-React subpaths (mcp-use/auth, mcp-use/browser) with transitive deps (e.g. LangChain), while peerDependency keeps mcp-use/react types aligned with the host app
  • Update: Updated @mcp-use/inspector to v0.26.1
  • Update: Updated @mcp-use/cli to v2.21.2
  • Update: Updated create-mcp-use-app to v0.14.7
v1.22.2
March 2026

Type Compatibility & Peer Dependency Alignment

Patch release focused on pnpm peer-variant type compatibility, inspector dependency alignment, and template dependency cleanup.
  • Fix: Resolved TypeScript nominal type conflicts when mcp-use is installed as multiple pnpm peer-variant copies — moved internal client-init tracking off class surface to avoid .d.ts incompatibilities
  • Fix: Reverted stripInternal/@internal approach that degraded downstream tool handler type inference; keeps type safety while preserving consumer inference behavior
  • Fix (@mcp-use/inspector): Moved mcp-use from dependencies to peerDependencies so consumers share a single mcp-use type instance (addresses TS2322 duplicate-type scenarios)
  • Update (@mcp-use/inspector): Upgraded @mcp-ui/client to v7; replaced removed legacy renderer path with sandboxed iframe handling for ui:// resources and removed remote-dom usage
  • Update: Updated @mcp-use/inspector to v0.26.0
  • Update: Updated @mcp-use/cli to v2.21.1
  • Update: Updated create-mcp-use-app to v0.14.7
v1.22.1
March 2026

CLI Organizations, Non-Interactive Deploy & Typed Middleware

Patch release with CLI org management, non-interactive deployments, improved middleware/tool context propagation, typed middleware ergonomics, and ErrorBoundary customization.
  • New (@mcp-use/cli): Organization commands — mcp-use org list, mcp-use org switch, mcp-use org current; login prompts for org selection when multiple; whoami shows active organization; org preference persisted in ~/.mcp-use/config.json
  • Enhancement (@mcp-use/cli): Deploy to a specific org with mcp-use deploy --org <slug-or-id>; all org-scoped API requests include x-profile-id
  • New (@mcp-use/cli): Non-interactive deploy with -y / --yes — skips confirmations; replaces “Press Enter” with polling; errors if not logged in (requires mcp-use login)
  • Fix: Context propagation into tool handlers — singleton AsyncLocalStorage via globalThis, safe Hono context extraction, and forwarding middleware ctx.auth / ctx.state into enhanced tool context
  • Fix: ctx.auth typing is now AuthInfo | undefined when OAuth isn’t configured (enables if (!ctx.auth) ... guards)
  • Enhancement: Typed MCP middleware context — server.use("mcp:tools/call" | "mcp:resources/read" | "mcp:prompts/get", ...) now narrows ctx.params to method-specific shapes; mcp:* remains generic
  • Enhancement: outputSchema tools can return response helpers (text(), markdown(), mix(), etc.) without type errors
  • Enhancement: server.resourceTemplate() supports an optional Zod schema to type params as z.infer<schema>
  • Enhancement: ErrorBoundary now supports fallback (node or (error) => node) and onError for reporting (default UI unchanged)
  • Update: Updated @mcp-use/inspector to v0.25.1
  • Update: Updated @mcp-use/cli to v2.21.0
v1.22.0
March 2026
Release 1.22.0

Vite 8, MCP Middleware & Model Context

Minor release with Vite 8 across tooling, MCP operation middleware, files and model context APIs, elicit and adapter fixes, and Inspector tunnel controls.
  • New: MCP operation-level middleware — server.use("mcp:*", ...) and specific patterns (mcp:tools/call, mcp:tools/list, mcp:resources/read, mcp:resources/list, mcp:prompts/get, mcp:prompts/list) with typed MiddlewareContext (method, params, session, auth, state)
  • New: useFiles React hook with isSupported and modelVisible for file attachments; ModelContext component and modelContext imperative API for server-side model context injection
  • Enhancement: Vite 8.0 with Rolldown bundler and @vitejs/plugin-react 6 across packages, examples, and CLI/inspector tooling
  • Enhancement: Conformance client — pass reconnectionOptions so SDK-level SSE reconnection behaves correctly when autoReconnect is disabled
  • Fix: Elicit — map result.content to result.data for Zod validation; spec-compliant clients use content; backward-compatible fallback to data
  • Fix: LangChainAdapter — tool name collisions when exposing resources/prompts as tools; reserveName resolves prefixed names with a numeric suffix when needed; prompt names sanitized like resource names
  • Enhancement (@mcp-use/inspector): Start/stop the mcp-use dev tunnel from the Inspector (see inspector changelog)
  • Update: Updated @mcp-use/inspector to v0.25.0
  • Update: Updated @mcp-use/cli to v2.20.0
v1.21.5
March 2026

Zod Peer Dep, Esbuild Build & Windows Fix

Patch release with Zod peer dependency, esbuild transpilation, TypeGen Zod v4 fixes, and Windows path handling.
  • Fix: Move zod from dependencies to peerDependencies — prevents duplicate type trees when users have a different Zod v4 version; avoids type errors or OOM during mcp-use build
  • Fix: TypeGen crash with Zod v4 enum schemas — zod-to-ts now handles Zod v4 ZodEnum (_def.entries), ZodDiscriminatedUnion; CLI reports success/failure of type generation instead of silently failing
  • Fix (@mcp-use/cli): Windows crash in mcp-use dev and mcp-use generate-types — use file:// URL in tsImport instead of raw OS paths (fixes ERR_UNSUPPORTED_ESM_URL_SCHEME)
  • Fix: Dependabot security alerts — updated flatted, tar, hono, express-rate-limit, dompurify, minimatch, rollup, form-data, lodash, and other transitive deps
  • Enhancement (@mcp-use/cli): mcp-use build uses esbuild for transpilation instead of tsc — avoids OOM on complex type graphs (Zod v4, Prisma); type checking runs separately via tsc --noEmit; add --no-typecheck to skip type checking for faster builds
  • Update: Updated @mcp-use/inspector to v0.24.5
  • Update: Updated @mcp-use/cli to v2.19.0
  • Update: Updated create-mcp-use-app to v0.14.6
v1.21.4
March 2026

Request Context, CLI Build & README Fixes

Patch release fixing request context propagation, CLI build hang, and stale monorepo references.
  • Fix: ctx.auth and other request context properties were undefined in tool callbacks; mountMcp() now wraps transport.handleRequest() with runWithContext() so getRequestContext() is populated
  • Fix (@mcp-use/cli): mcp-use build no longer hangs — add process.exit(0) on success (tsImport creates active handles)
  • Fix: Update stale mcp-use-ts references in README badges, image URLs, eslint config to mcp-use monorepo
  • Update: Updated @mcp-use/inspector to v0.24.4
  • Update: Updated @mcp-use/cli to v2.18.3
v1.21.3
March 2026

Inspector Sandbox Host Fix

Patch release fixing sandbox host derivation for cloud-embedded inspector pages.
  • Fix (@mcp-use/inspector): Sandbox host derivation for cloud-embedded pages — apex hosts (e.g. manufact.com) now resolve to sandbox-inspector.{domain} instead of sandbox-{domain}
  • Update: Updated @mcp-use/inspector to v0.24.3
  • Update: Updated @mcp-use/cli to v2.18.2
v1.21.2
March 2026

Inspector Proxy Fix for Embedded Servers

Patch release fixing inspector auto-connect when served from MCP server (Python, etc.).
  • Fix (@mcp-use/inspector): Skip proxy when inspector is served from the MCP server itself — auto-connect no longer routes through missing /inspector/api/proxy on embedded servers
  • Fix (@mcp-use/inspector): Detect proxy availability via runtime config injection; disable autoProxyFallback when no proxy is available
  • Update: Updated @mcp-use/inspector to v0.24.2
  • Update: Updated @mcp-use/cli to v2.18.1
v1.21.1
March 2026

Session Persistence & CLI Improvements

Patch release with session recovery fix, CLI enhancements, and create-mcp-use-app install improvements.
  • Fix: Session recovery after restart returns 400 fix; distributed SSE stream routing via Redis Pub/Sub
  • Enhancement (@mcp-use/cli): mcp-use build runs tool registry type generation before TypeScript compilation when server file exists
  • Enhancement (@mcp-use/cli): --root-dir option for deploy command for monorepo support
  • Fix (create-mcp-use-app): Remove flickering behaviour from npm i
  • Update: Updated @mcp-use/inspector to v0.24.1
  • Update: Updated @mcp-use/cli to v2.18.0
  • Update: Updated create-mcp-use-app to v0.14.4
v1.21.0
March 2026
Release 1.21.0

Proxy Servers & Client Completion

Minor release with server composition, client-side completion, user context, and Express middleware types.
  • New: MCPServer.proxy() for composing multiple MCP servers into a single aggregator — automatic orchestration, schema translation, namespacing, list-changed multiplexing
  • New: Client-side completion support — complete() on BaseConnector, MCPSession, and useMcp; refreshResourceTemplates(); prompt argument and resource template URI autocomplete
  • New: ctx.client.user() for per-invocation end-user metadata (subject, conversationId) from tools/call params
  • Enhancement: ctx.client.supportsApps() now correctly returns true for MCP Apps clients (fixed ClientCapabilitiesSchema extensions stripping)
  • Enhancement: autoReconnect options — configurable health check interval, reconnection delay, timeout via reconnectionOptions
  • Enhancement: sendFollowUpMessage accepts MessageContentBlock arrays (text, image, resource blocks) per SEP-1865
  • Enhancement: Host info and capabilities — hostInfo, hostCapabilities in useWidget; getHostInfo, getHostCapabilities on McpAppsBridge
  • Fix: Express middleware types — proper TypeScript types for server.use() with Express middleware (auto-detected and adapted)
  • Fix: Session isolation — findSessionContext no longer falls back to arbitrary session, preventing metadata leakage
  • Fix: Remove deprecated @types/tar; update tar to latest (cli, create-mcp-use-app)
  • Update: Updated @mcp-use/inspector to v0.24.0
  • Update: Updated @mcp-use/cli to v2.17.0
  • Update: Updated create-mcp-use-app to v0.14.3
  • Documentation: Per-server elicitation and sampling callbacks examples; proxy servers section
v1.20.5
February 2026

CLI Tunnel Support

Patch release adding tunnel flag for ChatGPT HMR.
  • New (@mcp-use/cli): Support for --tunnel flag with full ChatGPT HMR
  • Update: Updated @mcp-use/inspector to v0.23.1
  • Update: Updated @mcp-use/cli to v2.16.0
v1.20.4
February 2026

Inspector Embedded Chat

Patch release with inspector embedded chat improvements.
  • Enhancement (@mcp-use/inspector): Improved embedded chat
  • Update: Updated @mcp-use/inspector to v0.23.0
  • Update: Updated @mcp-use/cli to v2.15.4
v1.20.3
February 2026

Inspector Standalone Deployment Fix

Patch release fixing inspector standalone deployment version import.
  • Fix (@mcp-use/inspector): Standalone deployment was importing the version from the wrong path
  • Update: Updated @mcp-use/inspector to v0.22.3
  • Update: Updated @mcp-use/cli to v2.15.3
v1.20.2
February 2026

Health Monitoring & MCPAgentOptions

Patch release with dynamic auth headers for health checks and MCPAgentOptions for chat agent.
  • Enhancement: getAuthHeaders parameter to startConnectionHealthMonitoring for customizable authentication headers during health checks; HEAD requests allowed without authentication
  • Enhancement: exposeResourcesAsTools and exposePromptsAsTools options in MCPAgentOptions (both default to true); inspector chat tab sets both to false so agent only exposes actual MCP tools
  • Update: Updated @mcp-use/inspector to v0.22.2
  • Update: Updated @mcp-use/cli to v2.15.2
v1.20.1
February 2026

Widget Status Texts & CSP Handling

Patch release with widget metadata enhancements and CSP improvements.
  • New: invoking and invoked properties in widget metadata for customizable status messages during tool execution
  • Breaking: McpUseProvider no longer includes BrowserRouter; add it explicitly if your widget uses react-router
  • Enhancement: MCPAppsDebugControls CSP mode violation indicators; sandbox-proxy strips existing CSP meta tags before injecting permissive CSP
  • Fix (create-mcp-use-app): Unify logo display across all CLI entry paths
  • Update: Updated @mcp-use/inspector to v0.22.1
  • Update: Updated @mcp-use/cli to v2.15.1
v1.20.0
February 2026
Release 1.20.0

Widget Debug & CSP Improvements

Minor release with Iframe Console enhancements, MCP Apps debug controls, and CSP handling.
  • New: CLI update check notifies when a newer mcp-use release is available
  • Fix: CLI TSC build uses node with increased heap; avoid npx installing wrong package
  • Fix: CLI fallback MCP_URL when tunnel is unavailable
  • New (create-mcp-use-app): @types/react and @types/react-dom in template devDependencies
  • Enhancement: Slim down generated READMEs; improve mcp-apps template (Carousel, product-search-result widget); include .mcp-use in tsconfig; fix postinstall script
  • Fix: create-mcp-use-app product-search-result template styling and CSP metadata
  • Enhancement: Iframe Console with expandable logs, level filter, search, resizable height
  • New: Widget debug context for chat; MCP Apps debug controls (tool props JSON view, required props hint, SEP-1865 semantics)
  • New: CDN build for inspector; CSP violations panel with clear action; widget re-execution on CSP mode change; CSP mode for Apps SDK
  • Fix: useSyncExternalStore first-render handling; reconnect logic; Tools tab only sends explicitly set fields; resource annotations include _meta
  • Fix: mcp-use widget CSP fallback from tool metadata; protocol and mount-widgets-dev improvements
  • Enhancement: useWidget merges props from toolInput and structuredContent per SEP-1865
  • New: updateModelContext and useMcp clientOptions
  • Fix: WorkOS subdomain config to accept full AuthKit domain (e.g., name.authkit.app)
  • Update: Updated @mcp-use/inspector to v0.22.0
  • Update: Updated @mcp-use/cli to v2.15.0
v1.19.3
February 2026

CLI Skills & Template Updates

Patch release with CLI skills commands and create-mcp-use-app template improvements.
  • New (@mcp-use/cli): mcp-use skills add and mcp-use skills install commands to install AI agent skills (Cursor, Claude Code, Codex) from the mcp-use repository
  • Enhancement (create-mcp-use-app): Add @types/react and @types/react-dom to template devDependencies
  • Update: Updated @mcp-use/inspector to v0.21.1
  • Update: Updated @mcp-use/cli to v2.14.0
v1.19.2
February 2026

Tool Schema & Type Testing Improvements

Patch release with nested input schema fixes and compile-time type regression testing.
  • Fix: Correctly convert nested input schema args for tools
  • New: Added everything-server example for compile-time type regression testing
  • Update: Updated @mcp-use/inspector to v0.21.0
  • Update: Updated @mcp-use/cli to v2.13.10
v1.19.1
February 2026

MCPApps & Widget Loading Enhancements

Patch release improving widget loading logic and iframe handling.
  • Enhancement: Improved MCPAppsRenderer loading logic with better state management
  • Enhancement: Enhanced useWidget for iframe handling
  • Update: Updated @mcp-use/inspector to v0.20.1
  • Update: Updated @mcp-use/cli to v2.13.9
v1.19.0
February 2026
Release 1.19.0

Client Conformance & Type Safety Improvements

Minor release with full MCP client conformance, direct stdio connector support, and type inference fixes.
  • New: Client implementation is now 100% conformant with the MCP spec
  • Enhancement: Node.js client handles stdio connector directly with command/argument configuration
  • Fix: error() return type now compatible with tool callbacks using outputSchema
  • Fix: Fixed TypedCallToolResult type inference with explicit properties instead of Omit
  • Fix: Enhanced prompt() method generic type inference to match tool() pattern
  • Enhancement: Console output routes through Logger class with improved consistency; added tests for logLevel
  • Enhancement: Added support for additional Vitest file extensions in config
  • Fix: Correct MIME type for mcp_apps resource counting; disabled telemetry in local tests
  • Update: Updated @mcp-use/inspector to v0.20.0
  • Update: Updated @mcp-use/cli to v2.13.8

@mcp-use/cli v2.13.8

  • Enhancement: Improved loading states with spinner component
  • Fix: Correct MIME type for mcp_apps resource counting

create-mcp-use-app v0.13.0

  • New: Interactive prompts for optional skills installation (claude-code, cursor, codex)
  • New: --install and --no-install CLI flags for non-interactive mode
  • Fix: Corrected template reference in test-cli.sh
v1.18.0
February 2026
Release 1.18.0

DNS Rebinding Protection & Deferred Client Callbacks

Minor release adding DNS rebinding protection and deferred React client callbacks.
  • New: allowedOrigins configuration on MCPServer for DNS rebinding protection and host validation; docs and example (curl tests) added
  • Enhancement: McpClientProvider defers onServerAdded and onServerStateChange callbacks via queueMicrotask to avoid render-phase updates and improve stability
  • Update: Updated @mcp-use/inspector to v0.19.0
  • Update: Updated @mcp-use/cli to v2.13.7
v1.17.4
February 2026

Widget Resource Propagation & Log Noise Reduction

Patch release improving HMR reliability for widget resources and reducing dev server log noise.
  • Fix: Reduced noisy logs in the dev server
  • Fix: Propagated widget resources and resource templates to already-connected MCP sessions during HMR to avoid Resource ui://widget/... not found errors without reconnecting
  • Update: Updated @mcp-use/inspector to v0.18.9
  • Update: Updated @mcp-use/cli to v2.13.6
v1.17.3
February 2026

Inspector Reliability Alignment

Patch release aligning TypeScript packages with the latest inspector reliability fixes.
  • Enhancement: Pulled in inspector fixes for widget readiness resets and safer iframe global update handling
  • Update: Updated @mcp-use/inspector to v0.18.8
  • Update: Updated @mcp-use/cli to v2.13.5
v1.17.2
February 2026

UI Resource Metadata & CSP Injection Fixes

Patch release improving server-origin metadata enrichment for UI resources.
  • Fix: UI resource metadata enrichment now guarantees metadata initialization before applying origin-based updates
  • Enhancement: Server origin is now consistently injected into widget CSP fields (resourceDomains, connectDomains, baseUriDomains)
  • Update: Updated @mcp-use/inspector to v0.18.7
  • Update: Updated @mcp-use/cli to v2.13.4
v1.17.1
February 2026

useWidget Type Inference Improvements

Patch release improving useWidget typing precision for pending vs ready states.
  • Enhancement: UseWidgetResult now uses a discriminated union on isPending for more accurate TypeScript inference
  • Enhancement: Added UseWidgetResultBase to separate shared fields from pending-state-specific props
  • Update: Updated @mcp-use/inspector to v0.18.6
  • Update: Updated @mcp-use/cli to v2.13.3
v1.17.0
February 2026
Release 1.17.0

Resource Template Completion & Reverse Proxy Support

Minor release adding resource template variable completion, custom route HMR, and comprehensive reverse proxy support.

Resource Template Completion

  • New: Resource template variable completion — templates can define callbacks.complete per variable (string array or callback) for client-side autocomplete of URI template variables
  • New: toResourceTemplateCompleteCallbacks utility for normalizing completion definitions
  • New: MCP servers now publish completion capabilities

HMR & Reverse Proxy Improvements

  • New: Custom HTTP route HMR — routes registered via server.get(), server.post(), etc. now hot-swap without restart
  • New: Widget tool protection during HMR — tools tagged with _meta["mcp-use/widget"] preserved during sync
  • New: Dynamic widget creation — resources/ directory auto-created, dev server watches for new widgets even if none exist at startup
  • New: Vite HMR WebSocket proxy for hot-reload through reverse proxies (ngrok, E2B, Cloudflare tunnels)
  • New: MCP_URL environment variable can be pre-set by users for external proxy URLs; CLI will not overwrite it
  • New: window.__mcpServerUrl global injected into widget HTML for dynamic API URL construction
  • Enhancement: List-changed notifications now fire on removal, not just add/update
  • Enhancement: Pre-initialized request handlers prevent -32601 Method not found errors on dynamic tool registration
  • Enhancement: Widget type default changed to mcpApps (dual-protocol) instead of appsSdk

Dependencies

  • Update: Updated @mcp-use/inspector to v0.18.5
  • Update: Updated @mcp-use/cli to v2.13.2
v1.16.4
February 2026
Release 1.16.4

HMR Improvements & Widget Enhancements

Patch release with Hot Module Reload improvements, widget lifecycle enhancements, and CLI build system improvements.

HMR & Server Improvements

  • Fix: Tool schema preservation during HMR now uses Zod schemas directly instead of converting to params
  • Fix: Empty schema changed from {} to z.object({}) to ensure safeParseAsync works correctly
  • Enhancement: Prompts now support tool response helpers (text(), object(), image(), etc.) via automatic conversion to GetPromptResult
  • Enhancement: Resources now support tool response helpers via automatic conversion to ReadResourceResult
  • Enhancement: Widget resources (ui://widget/*) and resource templates preserved during HMR
  • Enhancement: Enhanced prompt conversion to handle edge cases (single content objects, bare content items, mixed content arrays)

CLI Build Improvements

  • New: Build manifest with entryPoint tracking written to dist/mcp-use.json for reliable server location
  • Enhancement: Support for multiple TypeScript output paths (dist/index.js, dist/src/index.js, custom paths)
  • Enhancement: Start command reads entryPoint from manifest for accurate server location
  • Enhancement: Clear error messages when no built server file is found, listing all attempted locations

Widget Improvements

  • Fix: Widget pending state now correctly emulated to reflect ChatGPT behavior
  • Enhancement: Immediate widget rendering during pending states
  • Enhancement: Enhanced widget lifecycle management with better tool output handling
  • New: Delayed weather tool example (get-weather-delayed) in conformance server for testing widget lifecycle

Dependencies

  • Update: Updated @modelcontextprotocol/sdk to v1.26.0 (with Zod 4 compatibility patch)
  • Update: Updated @mcp-use/inspector to v0.18.4
  • Update: Updated @mcp-use/cli to v2.13.1
  • Update: Updated create-mcp-use-app to v0.12.3
v1.16.3
February 2026
Release 1.16.3

CLI Manufact Rebrand

Minor release with CLI branding updates and authentication improvements.

CLI Rebrand

  • Enhancement: Updated CLI branding from “mcp-use” to “Manufact”
  • Enhancement: Changed default web URL from mcp-use.com to manufact.com for login flow
  • Fix: Fixed 431 “Request Header Fields Too Large” error by increasing callback server header limit to 16KB
  • Enhancement: Updated dashboard, inspector, and settings URLs to use manufact.com domain
  • Enhancement: Gateway domain remains run.mcp-use.com for backward compatibility with existing deployments

Dependencies

  • Update: Updated @mcp-use/cli to v2.13.0
  • Update: Updated @mcp-use/inspector to v0.18.3
v1.16.2
January 2026

Widget Behavior Fix

Patch release fixing widget pending state emulation.
  • Fix: Widget pending state now correctly emulated to reflect ChatGPT behavior
  • Update: Updated @mcp-use/inspector to v0.18.2
  • Update: Updated @mcp-use/cli to v2.12.6
v1.16.1
January 2026

Widget CSP Enhancement

Patch release fixing widget Content Security Policy configuration.
  • Fix: Auto-inject server origin into connectDomains CSP
  • Enhancement: Widgets can now make fetch/XHR/WebSocket calls back to the MCP server without explicitly declaring the domain
  • Fix: Corrected oversight where CHANGELOG mentioned connectDomains injection but it was not implemented
v1.16.0
January 2026
Release 1.16.0

Prompt Autocomplete & Dynamic CSP

Minor release introducing prompt argument autocomplete and dynamic CSP domain injection for widgets.

New Features

  • New: completable() helper for prompt argument autocomplete
  • New: Dynamic CSP domain injection for widgets at tools/list time

Enhancements

  • Enhancement: Request origin (from X-Forwarded-Host or Host header) now automatically added to connectDomains and resourceDomains in tool metadata
  • Enhancement: Widgets now work correctly when accessed through proxies like ngrok, Cloudflare tunnels, or other reverse proxies
  • Enhancement: Server origin automatically enriched in widget CSP metadata

Dependencies

  • Update: Updated @mcp-use/inspector to v0.18.0
  • Update: Updated @mcp-use/cli to v2.12.4
v1.15.3
January 2026

HMR & Theme Fixes

Patch release fixing Hot Module Reloading edge cases and theme functionality.
  • Fix: HMR not working when server starts with 0 tools initially
  • Fix: Dark mode can now be enabled through theme URL parameter
  • Update: Updated @mcp-use/inspector to v0.17.3
  • Update: Updated @mcp-use/cli to v2.12.3
v1.15.2
January 2026

HMR File Watcher Fix

Patch release fixing file watcher resource exhaustion in containerized environments.
  • Fix: HMR file watcher exhausting inotify limits by properly ignoring node_modules
  • Fix: Prevented ENOSPC errors in containerized environments caused by watching files inside node_modules/ despite ignore patterns
  • Update: Updated @mcp-use/inspector to v0.17.2
  • Update: Updated @mcp-use/cli to v2.12.2
v1.15.1
January 2026

CLI Deployment Enhancement

Patch release with CLI deployment improvements.
  • Enhancement: CLI getMcpServerUrl() function for improved deployment URL handling
  • Update: Updated @mcp-use/cli to v2.12.1
  • Update: Updated @mcp-use/inspector to v0.17.1
v1.15.0
January 2026
Release 1.15.0

MCP Apps Support & Landing Pages

Major release introducing MCP Apps support with dual-protocol widget rendering and HTML landing pages for MCP server endpoints.

MCP Apps Support

  • New: Dual-protocol support enabling widgets to work with both MCP Apps and ChatGPT Apps SDK
  • New: MCPAppsRenderer component for advanced debugging and visualization
  • New: MCPAppsDebugControls component for widget debugging
  • New: Sandboxed iframe support with console logging and safe area insets for isolated widget rendering
  • New: Widget adapters (MCP Apps, Apps SDK) with protocol helpers for seamless cross-protocol compatibility
  • New: MCP Apps documentation and example server

Landing Pages

  • New: generateLandingPage() function that generates styled HTML landing pages for browser GET requests
  • New: Connection instructions for Claude Code, Cursor, VS Code, VS Code Insiders, and ChatGPT on landing pages
  • Enhancement: Browser host normalization for server connections in CLI

Bug Fixes & Security

  • Fix: MCP server landing now shows the external URL instead of the internal URL
  • Fix: Zod JIT compilation to prevent CSP violations in sandboxed environments
  • Security: Fixed vulnerabilities in dependencies

Dependencies

  • Update: Updated @mcp-use/inspector to v0.17.0
  • Update: Updated @mcp-use/cli to v2.12.0
v1.14.2
January 2026

Widget Rendering & Session Management Improvements

Patch release with widget rendering fixes, session timeout adjustments, and CLI deployment enhancements.

Widget Rendering & Session Management

  • Fix: Widget iframe reload by adding timestamp query parameter to force refresh when widget data changes
  • Fix: Retry logic with exponential backoff for dev widget fetching to handle Vite dev server cold starts
  • Fix: Default session idle timeout changed from 5 minutes to 1 day (86400000ms) to prevent premature session expiration
  • Fix: Session lastAccessedAt tracking now updates both persistent store and in-memory map
  • Fix: _meta merging now preserves existing fields (e.g., openai/outputTemplate) when updating tools and widgets
  • Enhancement: Support for frame_domains and redirect_domains in widget CSP metadata

CLI Improvements

  • Fix: Environment variables, build command, start command, and port configuration now properly passed during redeployment

Documentation

  • Fix: Updated sessionIdleTimeoutMs default value documentation from 5 minutes to 1 day across multiple files
v1.14.1
January 2026

Dependency Updates

Patch release with dependency updates.
  • Update: Updated dependencies to @mcp-use/inspector v0.16.1 and @mcp-use/cli v2.11.1
v1.14.0
January 2026
Release 1.14.0

Server Metadata & Widget Enhancements

Release introducing server metadata configuration and enhanced widget development experience.

Server Metadata & Configuration

  • New: Server metadata support with title, websiteUrl, and icons fields in MCP server configuration
  • New: Inspector UI displays server website URLs and icons for better branding
  • Deprecated: autoCreateSessionOnInvalidId config option - use sessionStore for persistent sessions
  • Enhancement: Dynamic project name support in server configurations

Widget & Development Experience

  • Enhancement: HMR support for widget tool management - widgets update immediately without server restart
  • Enhancement: Parallel widget building for improved development performance
  • Enhancement: ReDoS attack prevention in widget name slugification with input length validation
  • Enhancement: Improved widget lifecycle documentation with loading state guidance

CLI Improvements

  • New: MCP_URL environment variable automatically set in server process for easy access to server URL
  • Enhancement: Server process environment now includes MCP_URL in both development and production modes
  • Enhancement: CLI now displays all 4 package versions (@mcp-use/cli, mcp-use, @mcp-use/inspector, create-mcp-use-app) in dev and build commands with mcp-use highlighted for clarity

API & Protocol

  • New: HEAD request support in mountMcp function
  • Enhancement: Improved input schema handling in tool registration with better defaults

MCP Proxy Middleware

  • Enhancement: Improved error logging with better context for debugging
  • Enhancement: Connection refused errors now logged as warnings instead of errors
  • Enhancement: Error responses include target URL to help identify failing proxy requests
  • Enhancement: More detailed error messages for proxy request failures

Bug Fixes

  • Fix: Anthropic tool_use.id error resolved with LangChain package updates
  • Fix: Telemetry shutdown method compatibility with posthog-node v5.22.0
  • Fix: Input schema initialization now defaults to empty object when not provided

Dependencies

  • Update: @langchain/anthropic to 1.3.10 (fixes tool_call ID generation)
  • Update: @langchain/core to 1.1.15
  • Update: langchain to 1.2.10
  • Update: react-resizable-panels to 4.4.1
v1.13.5
January 2026

CLI Documentation Enhancement

Patch release adding comprehensive CLI documentation.
  • Enhancement: Added .gitignore file to CLI package to exclude .mcp-use directory from version control
  • Enhancement: Added CLAUDE.md to CLI package with comprehensive guidance on usage, development commands, architecture details, and deployment instructions
  • Enhancement: Improved CSRF protection in authentication flow
  • Enhancement: Enhanced error handling for GitHub integration in deploy command
v1.13.4
January 2026

OAuth Proxy URL Handling Improvements

Patch release improving OAuth proxy URL handling and connection logic.
  • Refactor: Changed connectionUrl from let to const to enforce immutability
  • Enhancement: Enhanced logic for deriving oauthProxyUrl from callback URL, including handling cases where callback is at root path
  • Enhancement: Updated comments to clarify distinction between oauthProxyUrl and connectionUrl
  • Fix: Removed clearing of OAuth storage before connecting to maintain valid tokens across sessions
v1.13.3
January 2026

Telemetry & Inspector Enhancements

Patch release with telemetry improvements and inspector URL validation enhancements.
  • Fix: Enhanced localStorage checks in Telemetry class to verify both existence and functional methods (getItem, setItem, removeItem)
  • Enhancement: Added error handling to throw exception if localStorage is not available or functional
  • Enhancement: Inspector now automatically prepends “https://” to URLs without protocol for better user experience
  • Enhancement: Improved error handling for invalid URLs in Inspector dashboard and server connection modal
  • Enhancement: Added localStorage clearing functionality in Inspector for troubleshooting
v1.13.2
January 2026

Dependency Updates & CLI Enhancements

Minor release with dependency updates and CLI improvements for deployment workflows.
  • Fix: Updated dependency hono to 4.11.4
  • Enhancement: CLI login command with improved error handling and user feedback
  • Enhancement: CLI deployment command now prompts for login if not authenticated
  • Enhancement: Added git uncommitted changes check before deployment
  • Fix: Removed fromSource option from CLI deployment command
  • Enhancement: Simplified authentication UI in Inspector
v1.13.1
January 2026

Edge Runtime Fix

Patch release improving edge runtime compatibility.
  • Fix: Enable JSON response in stateless mode for edge runtimes (Deno, Cloudflare Workers)
  • Enhancement: Improved reliability of API in various deployment scenarios
v1.13.0
January 2026
Release 1.13.0

Hot Module Reloading & OAuth Enhancements

Release introducing Hot Module Reloading for development and enhanced OAuth capabilities.

Hot Module Reloading (HMR)

  • New: HMR support for mcp-use dev command - tools, prompts, and resources update instantly without server restart
  • New: Connected clients receive list_changed notifications and auto-refresh
  • New: Syntax errors during reload caught gracefully without crashing server
  • New: Comprehensive test suite for HMR functionality with integration tests
  • Enhancement: CLI uses chokidar to watch file changes with automatic module re-import
  • Enhancement: Session persistence during HMR - no client disconnections

OAuth & Client Info

  • New: Enhanced OAuth proxy to support gateway/proxy scenarios (e.g., Supabase MCP servers)
  • New: clientInfo configuration prop for OAuth registration with client metadata (name, version, icons, website)
  • New: Server metadata caching with CachedServerMetadata interface for instant display on reconnect
  • Enhancement: OAuth metadata URL rewriting from gateway URLs to actual server URLs
  • Enhancement: Client info displayed on OAuth consent pages
  • Enhancement: Extended StorageProvider interface with metadata methods

Inspector & Favicon

  • Enhancement: Enhanced favicon detector to try all subdomain levels (e.g., mcp.supabase.com → supabase.com)
  • Enhancement: Detection of default vs custom favicons using JSON API response
  • Enhancement: Improved logging middleware for API routes
  • Enhancement: X-Forwarded-Host support for proxy URL construction in dev

Bug Fixes

  • Fix: Remove import from “mcp-use” which causes langchain import in server
  • Fix: Enhanced synchronization for tools, prompts, and resources during HMR
v1.12.4
January 2026

Connection Fix

Patch release fixing autoconnect configuration parsing.
  • Fix: Autoconnect now correctly parses config objects in addition to string URLs
v1.12.3
January 2026

Security Fixes & OAuth Improvements

Patch release addressing multiple security vulnerabilities and fixing OAuth flow issues.

Security Fixes

  • Security: Fixed 13 vulnerabilities (3 moderate, 10 high)
  • Security: Updated langchain to 1.2.3 (fixes serialization injection vulnerability)
  • Security: Updated @langchain/core to 1.1.8 (fixes serialization injection vulnerability)
  • Security: Updated react-router to 7.12.0 (fixes XSS and CSRF vulnerabilities)
  • Security: Added override for qs to >=6.14.1 (fixes DoS vulnerability)
  • Security: Added override for preact to >=10.28.2 (fixes JSON VNode injection)

OAuth & Connection Improvements

  • Fix: Resolved OAuth flow looping issue by removing duplicate fallback logic
  • Enhancement: Simplified connection handling with consolidated state management
  • Enhancement: Enhanced OAuth authentication flow with improved connection settings
  • Enhancement: Improved auto-connect functionality with better proxy handling and error management
  • Enhancement: Enhanced theme toggling with dropdown menu for better UX and accessibility
v1.12.2
January 2026
Release 1.12.2

Automatic Proxy Fallback & API Improvements

Release with automatic proxy fallback, OAuth proxy support, and API naming improvements.

Breaking Changes (with Deprecation Warnings)

  • Breaking: Renamed customHeaders to headers across all APIs for consistency. Old name still works but shows deprecation warnings.
  • Breaking: Renamed samplingCallback to onSampling for consistency with event handler patterns. Old name still works but shows deprecation warnings.
  • Deprecated: clientConfig option in favor of deriving configuration from clientInfo

New Features

  • New: Automatic Proxy Fallback - autoProxyFallback option automatically retries failed connections through proxy on CORS/4xx errors
  • New: Provider-level proxy defaults with defaultProxyConfig and defaultAutoProxyFallback props in McpClientProvider
  • New: OAuth Proxy Support - oauthProxyUrl configuration to route OAuth discovery and token requests through backend proxy
  • New: Configurable clientInfo for MCP connection initialization with full metadata (name, title, version, description, icons, website URL)
  • New: Reconnect functionality for failed connections with reconnect button in Inspector UI

Improvements

  • Enhancement: Better detection of OAuth discovery failures, CORS errors, and connection issues
  • Enhancement: OAuth provider uses original target URL for discovery, not proxy URL
  • Enhancement: Improved session cleanup to avoid noisy warning logs
  • Enhancement: Type safety with deprecation notices in TypeScript types
  • Enhancement: Proxy header support - proxyConfig now accepts a headers field for custom headers

Bug Fixes

  • Fix: Custom headers now correctly included when copying connection configuration from saved tiles
  • Fix: HttpConnector automatic reconnection disabled, shifting responsibility to higher-level logic

Refactoring

  • Refactor: Removed oauth-helper.ts (521 lines), consolidated into browser-provider.ts
  • Refactor: Major useMcp hook refactor with automatic retry, better error handling, and proxy fallback support
v1.12.1
January 2026

Security Update

Patch release with security fixes and build improvements.
  • Security: Updated @modelcontextprotocol/sdk to 1.25.2 (fixes ReDoS vulnerability in UriTemplate regex patterns)
  • Fix: Updated building script to correctly export types for inspector/client components
v1.12.0
January 2026
Release 1.12.0

Browser Compatibility & Multi-Server Support

Release focusing on browser compatibility, multi-server management, and improved React architecture.

Breaking Changes

  • Breaking: Removed winston dependency. The logging system now uses a simple console logger that works in both browser and Node.js environments. See Server Logging for migration guide.

Browser Runtime Support

  • New: Full browser compatibility - removed Node.js-specific dependencies from browser builds
  • New: Enhanced browser.ts entry point with improved browser-specific utilities
  • New: Browser utilities:
    • utils/favicon-detector.ts - Detect and extract favicons from URLs
    • utils/proxy-config.ts - Proxy configuration utilities for browser environments
    • utils/mcpClientUtils.ts - MCP client utilities moved from client package
  • New: MCPAgent exported for browser usage with BrowserMCPClient instance or through RemoteAgent
  • Enhancement: Comprehensive test suite to ensure mcp-use/react and mcp-use/browser do not import Node.js dependencies

Multi-Server Support

  • New: McpClientProvider component to manage multiple MCP server connections in React applications
  • New: Pluggable storage system with LocalStorageProvider and MemoryStorageProvider for flexible server configuration persistence
  • New: Dynamic addition and removal of servers in React applications
  • New: Multi-server React example demonstrating new capabilities
  • Enhancement: Refactored useMcp hook for better multi-server support
  • Enhancement: Removed obsolete McpContext (replaced with McpClientProvider)

Server Middleware

  • New: MCP Proxy Middleware (server/middleware/mcp-proxy.ts) - Hono middleware for proxying MCP server requests with optional authentication and request validation

Inspector Enhancements

  • Enhancement: Improved UI responsiveness with enhanced mobile and tablet layouts and adaptive component visibility
  • Enhancement: Better server management with refactored server connection handling, improved icon display, and status tracking
  • Enhancement: Enhanced debugging with detailed logging in Layout and useAutoConnect components for better monitoring of server connection states
  • Enhancement: Simplified connection settings by removing deprecated transport types
  • Enhancement: Enhanced inspector components for better browser compatibility
  • Enhancement: Improved server icon support and component interactions
  • Enhancement: Added embedded mode support
  • Enhancement: Better configuration handling and MCP proxy integration

RPC Logging

  • New: Enhanced RPC logging with new rpc-logger module and filtering capabilities to reduce noisy endpoint logging (telemetry, RPC streams). See Client Logging for usage.

Architecture Improvements

  • Refactor: Separated telemetry into telemetry-browser.ts (browser) and telemetry-node.ts (Node.js) for better environment-specific implementations
  • Refactor: Replaced Winston with SimpleConsoleLogger that works across all environments. See Server Logging for configuration details.
  • Refactor: Updated tsup.config.ts to exclude Node.js-specific dependencies (winston, posthog-node) from browser builds
  • Refactor: Updated components across inspector for cleaner architecture and imports

Bug Fixes

  • Fix: Prevent rendering loop when autoretry is true in React hooks
  • Fix: Respect options timeout in HTTP connector (reduced default timeout from 30 seconds to 10 seconds)
  • Fix: Add client SDKs to add to client dropdown in inspector
  • Fix: Server connection retrieval in OpenAIComponentRenderer to directly access connections array
  • Fix: Linux patch for watch mode
  • Fix: Query URL handling in built mode to preserve arguments
  • Fix: Enhanced Zod version mapping in TypeScript PR preview workflow
  • Fix: Pinned Zod version to 3.24.4 for compatibility with modelcontextprotocol/sdk
  • Fix: Updated modelcontextprotocol-sdk references to new package name

Documentation

  • New: Added troubleshooting section for Zod version conflicts in Supabase deployment
  • Enhancement: Updated Supabase deployment documentation with improved compatibility information
v1.11.2
December 2025

Documentation Updates - Enhancement: Updated examples and documentation

to use preferred methods and APIs
v1.11.1
December 2025

Bug Fixes - Fix: Widget props not picked up when using Zod schemas

v1.11.0
December 2025
Release 1.11.0

Session Management Architecture & CLI Client

Release introducing distributed session management with Redis support and a full-featured CLI client for terminal usage.

Breaking Changes

  • Breaking: WebSocket transport support removed. Use streamable HTTP or SSE transports instead.
  • Breaking: LangChain adapter moved from main entry point to mcp-use/adapters subpath. @langchain/core and langchain are now optional peer dependencies.
  • Deprecated: autoCreateSessionOnInvalidId server config option. Now follows MCP spec strictly (returns 404 for invalid sessions).

Session Management Features

  • New: Pluggable session management architecture separating metadata storage (SessionStore) from active connections (StreamManager)
  • New: RedisSessionStore for persistent, distributed session metadata storage
  • New: RedisStreamManager for cross-server notifications via Redis Pub/Sub
  • New: FileSystemSessionStore (dev mode default) persists sessions to .mcp-use/sessions.json for hot reload support
  • New: InMemorySessionStore and InMemoryStreamManager (production defaults)
  • New: Automatic 404 handling and re-initialization in clients per MCP spec
  • New: Convenience methods: sendToolsListChanged(), sendResourcesListChanged(), sendPromptsListChanged()
  • Enhancement: Auto-detection of stateless/stateful mode based on client Accept header
  • Enhancement: Sessions survive server restarts in dev mode with filesystem storage
  • Enhancement: Auto-cleanup of expired sessions (>24 hours)

CLI Client Features

  • New: Full-featured CLI client for terminal MCP interactions (npx mcp-use client)
  • New: Scoped commands for tools, resources, prompts, and session management
  • New: Session persistence to ~/.mcp-use/cli-sessions.json across terminal sessions
  • New: Interactive REPL mode for server exploration
  • New: JSON output mode (--json) for scripting and automation
  • New: Multi-session support with session switching
  • New: HTTP and stdio server connection support
  • New: Formatted output with colored tables for human readability
  • New: Automatic session restoration and reconnection
  • New: Shell script examples for automation workflows

Client Improvements

  • New: Auto-refresh tools/resources/prompts when receiving list change notifications
  • New: Manual refresh methods: refreshTools(), refreshResources(), refreshPrompts(), refreshAll()
  • New: Automatic 404 handling and re-initialization per MCP spec
  • Enhancement: Deprecated sse transport type in React (use http or auto)

Additional Features

  • New: CommonJS module support - full compatibility with require() syntax
  • New: Favicon support for widget pages with automatic serving and long-term caching
  • New: Enhanced session methods: callTool() defaults args to empty object, new requireSession() method
  • New: Session architecture documentation with ARCHITECTURE.md
  • New: Comparison guide with other MCP implementations (tmcp, FastMCP, xmcp, official SDK)
  • New: Comprehensive environments guide (Node.js, Browser, React, CLI)

Documentation

  • New: Session Management guide with storage provider documentation (Memory, FileSystem, Redis)
  • New: CLI Client documentation with usage examples and scripting patterns
  • New: Environments guide explaining usage across different JavaScript runtimes
  • New: Comparison documentation analyzing mcp-use vs other implementations
  • Enhancement: Major documentation restructuring for better organization
  • Enhancement: Removed/consolidated outdated guides (direct-tool-calls, sandbox, connection-types)
  • Enhancement: Updated agent documentation with improved examples

Widget Improvements

  • Enhancement: Automatic cleanup of stale widget directories in .mcp-use folder
  • Enhancement: Dev mode watches for widget file/directory deletions and cleans up build artifacts
  • Fix: Fixed widget styling isolation - widgets no longer pick up mcp-use styles
  • Fix: Fixed favicon URL generator for proper asset resolution
  • Fix: Fixed transport cleanup when session becomes idle

Testing & Quality

  • New: Comprehensive test suite for session stores (498 lines)
  • New: Stream managers test suite (478 lines)
  • New: Widget data flow tests (496 lines)
  • New: CLI integration tests (242 lines)
  • New: CommonJS compatibility tests (256 lines)
  • New: Documentation example tests (agent, prompts, tools)
  • New: Client 404 re-initialization tests
  • Enhancement: Improved test coverage across all major features

Dependencies & Compatibility

  • Enhancement: Added support for Node.js >= 18
  • Enhancement: CommonJS builds for all entry points
  • Enhancement: Migrated from react-router-dom to react-router for better compatibility
  • Enhancement: Repository metadata added to package.json
  • Enhancement: Dependency updates and optimizations

Fixes

  • Fix: Agent access to resources and prompts
  • Fix: Import paths in CLI to avoid mixing dependencies
  • Fix: UUID generation and URL handling improvements
  • Fix: Various formatting and linting improvements
v1.10.0
December 2025
Release 1.10.0

API Improvements & Session Management

Enhanced APIs with better type safety and improved session management capabilities.

Breaking Changes

  • Breaking: Renamed createMCPServer() factory function to MCPServer class constructor. Factory function still available for backward compatibility but new code should use new MCPServer({ name, ... }).
  • Breaking: Replaced session.connector.tools, session.connector.callTool(), etc. with direct session methods: session.tools, session.callTool(), session.listResources(), session.readResource(), etc.
  • Breaking: Standardized OAuth environment variables to MCP_USE_OAUTH_* prefix (e.g., AUTH0_DOMAINMCP_USE_OAUTH_AUTH0_DOMAIN).

New Features

  • New: Client Capabilities API with ctx.client.can() and ctx.client.capabilities() to check client capabilities in tool callbacks
  • New: Session Notifications API with ctx.sendNotification() and ctx.sendNotificationToSession() for sending notifications from tool callbacks
  • New: Session Info API with ctx.session.sessionId to access current session ID in tool callbacks
  • New: Resource Template Flat Structure support with uriTemplate directly on definition (in addition to nested structure)
  • New: Resource Template Callback Signatures now support multiple signatures: (), (uri), (uri, params), (uri, params, ctx)
  • New: Type Exports for CallToolResult, Tool, ToolAnnotations, PromptResult, GetPromptResult types

Improvements

  • Enhancement: Enhanced type inference for resource template callbacks with better overload support
  • Enhancement: Server now captures and stores client capabilities during initialization
  • Enhancement: Added convenience methods to MCPSession for all MCP operations (listResources, readResource, subscribeToResource, listPrompts, getPrompt, etc.)
  • Enhancement: Major documentation refactoring and restructuring for better organization

Fixes (v1.10.1 - v1.10.6)

  • Fix: Stateless mode for Deno runtime
  • Fix: Added CORS support to getHandler() method
  • Fix: Deno 5 compatibility improvements
  • Fix: Deno 3 compatibility fixes
  • Fix: Zod error handling improvements
  • Fix: Zod import in official SDK
  • Fix: Clear transport when session becomes idle
  • Fix: Allow agent to access resources and prompts
  • Enhancement: Added repository metadata in package.json
v1.9.0
December 2025
Release 1.9.0

Elicitation Support

Added comprehensive elicitation support following MCP specification, enabling servers to request user input through clients.
  • New: Simplified API with ctx.elicit(message, zodSchema) and ctx.elicit(message, url) with automatic mode detection
  • New: Form Mode for structured data collection with Zod schema validation and full TypeScript type inference
  • New: URL Mode to direct users to external URLs for sensitive operations (OAuth, credentials)
  • New: Server-side validation with automatic Zod validation and clear error messages
  • New: Client support via elicitationCallback to MCPClient and onElicitation to React useMcp hook
  • Enhancement: Type-safe return types automatically inferred from Zod schemas
  • Enhancement: Configurable timeout with 5-minute default for user interactions
  • Fix: Transport bug fixes
v1.8.0
November 2025
Release 1.8.0

Sampling Support

Added sampling support in inspector with improved timeout handling for long-running requests.
  • New: LLM sampling capabilities in inspector
  • Fix: Long running sampling requests no longer timeout after 60 seconds
  • Enhancement: Better handling of extended sampling operations
v1.7.0
November 2025
Release 1.7.0

OAuth Authentication System

Complete OAuth 2.0 support with built-in providers and enhanced server capabilities.
  • New: Complete OAuth 2.0 authentication framework with built-in providers (Auth0, WorkOS, Supabase, Keycloak)
  • New: OAuth middleware and routes for server-side OAuth flow handling with automatic token management
  • New: OAuth callback component in inspector for authentication flows
  • New: Context storage with async local storage for request-scoped context in servers
  • New: Response helpers for standardized HTTP responses and error handling
  • New: Runtime detection utilities for Node.js, Bun, and Deno environments
  • New: Server authentication examples for Auth0, WorkOS, and Supabase
  • Enhancement: Enhanced useMcp hook with improved connection management and OAuth support
  • Enhancement: Enhanced inspector dashboard with OAuth configuration UI
  • Enhancement: Better authentication flow handling with OAuth integration
  • Enhancement: Enhanced HTTP connectors with OAuth token handling
  • Fix: Dependency optimizations and AI SDK updates
v1.6.0
November 2025
Release 1.6.0

Notifications & Sampling

Bidirectional notification support and LLM sampling capabilities.
  • New: Bidirectional notification support between clients and servers with handler registration
  • New: LLM sampling allowing MCP tools to request completions from connected clients
  • New: Widget build ID support for cache busting in widget UI resources
  • New: Inspector notifications tab with real-time display
  • New: Server capabilities modal showing supported MCP features
  • Enhancement: Refactored HTTP transport to reuse sessions across requests with configurable idle timeout
  • Enhancement: Session management with tracking and automatic cleanup
  • Enhancement: Roots support in connectors and session API
  • Enhancement: Session event handling API for notification registration
  • Enhancement: Server methods for session management and targeted notifications
  • Enhancement: Enhanced search_tools with metadata (total_tools, namespaces, result_count)
  • Enhancement: RPC message logging support in inspector
v1.5.0
October 2025
Release 1.5.0

OpenAI Apps SDK Integration

Release with comprehensive OpenAI Apps SDK support and widget system.
  • New: McpUseProvider component combining React setup (StrictMode, ThemeProvider, BrowserRouter, ErrorBoundary)
  • New: WidgetControls component with debug overlay and view controls (fullscreen, PIP)
  • New: useWidget hook for type-safe React adapter to OpenAI Apps SDK API
  • New: ErrorBoundary component for graceful error handling
  • New: Image component handling data URLs and public file paths
  • New: ThemeProvider for consistent theme management
  • New: WidgetInspectorControls for inspector-specific debugging
  • New: Console proxy toggle for iframe console logs
  • New: Product search result widget template with carousel and accordion components
  • New: Folder-based widget support with automatic detection
  • New: Public folder support for static assets
  • Enhancement: Enhanced SSR configuration with proper Vite settings
  • Enhancement: Improved OpenAI component renderer with better height calculation
  • Enhancement: Enhanced tool result display with multiple content types
  • Enhancement: Resizable panels with collapse support
  • Enhancement: Better widget security headers and CSP configuration
v1.4.0
October 2025
Release 1.4.0

Code Mode

Introduced code execution capabilities for agents.
  • New: Code Mode feature allowing agents to execute code using MCP tools
  • New: VMCodeExecutor for local execution environments
  • New: E2BCodeExecutor for remote execution in cloud sandboxes
  • New: CodeModeConnector for tool discovery and execution
  • Enhancement: Enhanced MCPClient with code execution configuration
  • Enhancement: Comprehensive tests for code execution functionality
v1.3.0
October 2025
Release 1.3.0

Edge Runtime Support

Migrated to Hono framework for edge runtime compatibility.
  • Major: Migrated from Express to Hono framework for edge runtime support (Cloudflare Workers, Deno Deploy, Supabase)
  • New: Runtime detection for Deno and Node.js environments
  • New: Connect middleware adapter for compatibility
  • New: getHandler() method for edge deployment
  • New: Supabase deployment documentation and templates
  • Enhancement: Improved MCPAgent message detection with robust helpers for different LangChain formats
  • Enhancement: Fixed server base URL handling for proper connection and routing
  • Enhancement: Better auto-connection logic with error handling and retry mechanisms
  • Enhancement: Enhanced useMcp hook with improved connection state management
v1.2.0
October 2025
Release 1.2.0

LangChain 1.0.0 Support

Updated to support LangChain 1.0.0 with improved compatibility.
  • Major: Support for LangChain 1.0.0
  • Fix: Model type compatibility for LangChain 1.0.0
  • Fix: Apps SDK metadata setup from widget build
  • Enhancement: Set CLI and inspector as dependencies
v1.1.0
October 2025
Release 1.1.0

Apps SDK Initial Integration

First integration of OpenAI Apps SDK support.
  • New: OpenAI Apps SDK integration with UI resource type
  • New: Enhanced MCP-UI adapter for Apps SDK metadata
  • New: Resource URI format supporting ui://widget/ scheme
  • New: Tool definitions with Apps SDK-specific metadata
  • Enhancement: Comprehensive test suite for Apps SDK resources
  • Refactor: Renamed fn to cb in tool and prompt definitions for consistency
  • Refactor: Updated resource definitions to use readCallback