Releases: PreReason/mcp
Releases · PreReason/mcp
Release list
v0.3.1
v0.3.0
Added
- OAuth 2.1 support for automatic API key provisioning on MCP connection
- Server branding metadata (title, description, icons) for client connection cards
- Centered README hero layout with improved visual hierarchy
Security
- Harden OAuth proxy endpoints with input validation, rate limiting, and timeout handling
- Sanitize upstream error responses on token exchange
Fixed
- HEAD /api/mcp returning 405 instead of 200
- Metric count in README (38 -> 30)
- cli.js version mismatch with package.json
Full Changelog: v0.2.1...v0.3.0
v0.2.0
What's New
- Add Glama deployment support (Dockerfile build, inspection, release)
- Add build script for container image builds
- Add 6 MCP prompt templates (daily_market_briefing, risk_check, mining_profitability, macro_regime_check, correlation_scanner, weekly_recap)
- Add 2 MCP resource catalogs (briefing_catalog, metric_catalog)
Full Changelog: https://github.com/PreReason/mcp/blob/main/CHANGELOG.md
v0.1.13
Changes
- Add
mcpName: com.prereason/mcpfor Anthropic MCP Registry validation - Published to official Anthropic MCP Registry at
com.prereason/mcp - Built and signed with SLSA provenance
npm
npx @prereason/[email protected]v0.1.12
Changes
- Switch publish workflow to OIDC trusted publisher (no NPM_TOKEN needed)
- Trigger on tag push (
v*) instead of GitHub releases - Vocabulary alignment: "templates" → "briefings" throughout
- Update description: "pre-reasoned market briefings"
- Fix repository URL to canonical npm format
Full Changelog: v0.1.10...v0.1.12
v0.1.10
0.1.10 (2026-03-15)
- Enable SLSA provenance attestation via GitHub Actions publish workflow
- Add
workflow_dispatchtrigger for manual publish control - Sync all GitHub releases to match npm versions
v0.1.9
0.1.9 (2026-03-10)
- Expand
socket.ymlto suppress all known-safe transitive dependency alerts from@modelcontextprotocol/sdk
v0.1.8
0.1.8 (2026-03-05)
- Remove
createRequire/ dynamicrequire('../package.json')— hardcode version constants - Eliminates Socket.dev "Dynamic require" and "Filesystem access" findings from our code
- Add
socket.ymlfor GitHub PR alert suppression of expected behaviors
v0.1.7
What's Changed
- Pin SDK to 1.27.1 — fixes transitive CVEs in hono and qs (High + Medium severity)
- Metric count 26 → 30 — added 200D MA, distance from 200D MA, USDT market cap, USDT dominance
- Template descriptions updated:
btc.momentum: now reflects 200D MA support/resistancecross.regime: now reflects USDT.D risk sentiment
- package-lock.json committed for CI reproducibility
Full Changelog: v0.1.6...v0.1.7
v0.1.6
- Fix description wording: replace "trend signals" with "trend interpretation"
- Add SECURITY.md with vulnerability reporting policy
- Add GitHub Actions CI workflow for provenance-signed npm publishing
- Public source repo