v0.12.12

What's Changed

• chore(deps): bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in #723
• chore(deps): bump i18next-fs-backend from 2.6.0 to 2.6.3 by @dependabot[bot] in #720
• chore(deps-dev): bump next from 16.1.7 to 16.2.2 by @dependabot[bot] in #717
• chore(deps-dev): bump jest from 30.2.0 to 30.3.0 by @dependabot[bot] in #719
• handle nullable fields like headers correctly by @samanhappy in #724
• chore(deps-dev): bump @tailwindcss/postcss from 4.1.17 to 4.2.2 by @dependabot[bot] in #718
• fix: use constant-time comparison for all secret/token checks by @spidershield-contrib in #687
• Add server-level embeddings to smart-routing tool search reranking by @Copilot in #727
• docs: update TDD Bug Resolution workflow to include documentation and review phases by @samanhappy in #730
• feat: add configurable bearer auth header name and JSON body size limit for MCP routing by @samanhappy in #731
• feat: add prompt and resource group visibility parity by @samanhappy in #733

New Contributors

• @spidershield-contrib made their first contribution in #687

Full Changelog: v0.12.11...v0.12.12

v0.12.11

What's Changed

• fix: update documentation links to new domain for consistency by @samanhappy in #712
• fix: persist passthroughHeaders in database mode by @samanhappy in #714
• feat: add configuration template export/import for team collaboration by @samanhappy in #716

Full Changelog: v0.12.10...v0.12.11

v0.12.10

What's Changed

• fix(logging): enhance error serialization in logs for better detail retention by @samanhappy in #700
• fix(smart-routing): harden embedding under low RPM limits and surface failures to users by @josepcrespo in #702
• fix(oauth): widen regex validation for scope, state, and code_challenge params by @geekdada in #704
• fix: enable trust proxy for correct HTTPS detection behind reverse proxies by @tempo22 in #706
• fix(vector-embeddings): prevent DB connection staleness, avoid redundant resync (fixes #695) by @josepcrespo in #705
• fix: replace hardcoded default admin password with random generation (CWE-1188) by @sebastiondev in #711

New Contributors

• @geekdada made their first contribution in #704
• @tempo22 made their first contribution in #706
• @sebastiondev made their first contribution in #711

Full Changelog: v0.12.9...v0.12.10

v0.12.9

What's Changed

• feat: add restore default option for server tool descriptions by @samanhappy in #684
• fix(smart-routing): prevent embedding sync failures with BAAI/bge-m3 in restricted networks (fixes #689) by @josepcrespo in #693
• chore(deps): bump kysely from 0.28.9 to 0.28.14 by @dependabot[bot] in #696
• fix: add degraded status to /health endpoint by @samanhappy in #697
• chore(deps-dev): bump next from 16.1.5 to 16.1.7 by @dependabot[bot] in #690
• fix(logging): stringify error objects in console logs for better readability by @samanhappy in #698

Full Changelog: v0.12.8...v0.12.9

v0.12.8

What's Changed

• Install Firefox in full Docker image for Playwright by @Copilot in #670
• feat: add passthrough headers support for upstream server requests by @samanhappy in #674
• fix(ui): mark OpenAI Base URL and Embedding Model as required fields in Smart Routing settings (#675) by @josepcrespo in #676
• Feature: token aware text truncation before creating embeddings by @josepcrespo in #672
• chore(deps): bump hono from 4.12.4 to 4.12.7 by @dependabot[bot] in #678
• Potential fix for code scanning alert no. 126: Reflected cross-site scripting by @samanhappy in #680
• chore(deps): bump undici from 7.18.2 to 7.24.0 by @dependabot[bot] in #682
• fix(settings): add required field validation for OpenAI smart routing configuration by @josepcrespo in #681

Full Changelog: v0.12.7...v0.12.8

v0.12.7

What's Changed

• feat: add basic Gemini embedding model support (#643) by @josepcrespo in #661
• chore(deps): bump hono from 4.11.10 to 4.12.4 by @dependabot[bot] in #663
• chore(deps): bump multer from 2.1.0 to 2.1.1 by @dependabot[bot] in #664
• feat: optimize better auth enable loogic by @samanhappy in #668
• chore: update code structure for improved readability and maintainability by @samanhappy in #669
• feat: display smartRoutingRequiredFields in Smart Routing settings UI by @samanhappy in #667

Full Changelog: v0.12.6...v0.12.7

v0.12.6

What's Changed

• fix: adjust header font size for server statistics on dashboard by @samanhappy in #652
• feat: add built-in resource and prompt management functionality by @samanhappy in #633
• fix: prevent vector_embeddings schema churn during startup by @NoeFabris in #644
• feat: use provider-neutral labels in Smart Routing settings UI by @josepcrespo in #653
• chore(deps-dev): bump autoprefixer from 10.4.21 to 10.4.27 by @dependabot[bot] in #651
• chore(deps): bump multer and @types/multer by @dependabot[bot] in #648
• chore(deps): bump @modelcontextprotocol/sdk from 1.25.3 to 1.27.1 by @dependabot[bot] in #650
• fix: pre-populate group from session context before bearer auth on /messages by @samanhappy in #657

New Contributors

• @NoeFabris made their first contribution in #644

Full Changelog: v0.12.5...v0.12.6

v0.12.5

What's Changed

• fix: implement base64 encoding support for embedding conversion by @samanhappy in #603
• fix: correct group tool count display for enabled tools (#631) by @samanhappy in #632
• feat: normalize whitespace and newline characters in text before generating embeddings by @josepcrespo in #645
• fix(smart-routing): trim whitespace from string settings to prevent hard-to-diagnose API failures by @josepcrespo in #646

New Contributors

• @josepcrespo made their first contribution in #645

Full Changelog: v0.12.4...v0.12.5

v0.12.4

What's Changed

• chore(deps): bump axios from 1.13.4 to 1.13.5 by @dependabot[bot] in #621
• chore(deps): bump hono from 4.11.7 to 4.11.10 by @dependabot[bot] in #623
• fix: dashboard separate disabled count and exclude disabled from offline by @samanhappy in #627
• fix: gracefully acknowledge session-less MCP notifications (#629) by @samanhappy in #630
• fix: resolve issue #626 server tools count, styling, notes, and page-size persistence by @samanhappy in #628

Full Changelog: v0.12.3...v0.12.4

v0.12.3

⚠️ Important Changes（重要变更）

🔐Security note（安全提示）：Starting from this version, MCP endpoints require authentication by default to prevent accidental exposure. To allow unauthenticated MCP access, disable Enable Bearer Authentication in the Keys section（从此版本开始，MCP 端点默认需要身份验证，以防止意外暴露。如需允许无需身份验证的 MCP 访问，请在 Keys 设置中关闭 Enable Bearer Authentication）。

What's Changed

• feat: sync vector embeddings when toggling server enabled status by @samanhappy in #596
• feat: add Bug Fixer Agent for diagnosing and fixing bugs using TDD approach by @samanhappy in #598
• Update mcp-settings.mdx by @hamiltont in #601
• feat: add TDD Bug Resolution Agent for structured bug diagnosis by @samanhappy in #604
• feat: rename DXT to MCPB and update related upload functionality by @samanhappy in #607
• chore(deps-dev): bump jest-environment-node from 30.0.5 to 30.2.0 by @dependabot[bot] in #609
• chore(deps-dev): bump react-router-dom from 7.12.0 to 7.13.0 by @dependabot[bot] in #608
• chore(deps-dev): bump @swc/core from 1.15.3 to 1.15.11 by @dependabot[bot] in #610
• chore(deps-dev): bump @vitejs/plugin-react from 4.7.0 to 5.1.2 by @dependabot[bot] in #611
• chore(deps): bump axios from 1.13.2 to 1.13.4 by @dependabot[bot] in #612
• chore(deps-dev): bump eslint from 8.57.1 to 9.26.0 by @dependabot[bot] in #613
• chore: update code structure for improved readability and maintainability by @samanhappy in #615
• feat: add documentation links to Header and LoginPage components by @samanhappy in #618
• feat: enhance auth check for mcp endpoints by @samanhappy in #617
• feat: enhance loading state management in Dashboard by @samanhappy in #620

New Contributors

• @hamiltont made their first contribution in #601

Full Changelog: v0.12.2...v0.12.3