- Peter Steinberger ships MCPorter 0.9.0 — per-server allow/block tool filters, a Windows OAuth URL-quoting fix, schema-aware string coercion, and tougher stdio child-process shutdowns.
- Small release, sharp edges removed for anyone calling MCP servers from TypeScript or the CLI.
TL;DR
MCPorter 0.9.0 (Apr 18, 2026) brings per-server tool filtering with allowedTools / blockedTools, a Windows OAuth fix that quotes browser URLs when launching cmd.exe, sturdier stdio shutdowns with timeout escalation, official OAuth config docs, and schema-declared string coercion so timestamp-shaped params no longer get silently corrupted. Maintenance + security release for the TypeScript runtime & CLI that lets you call any MCP server like a normal function.
What's new in 0.9.0
- Runtime per-server tool filtering. Add
allowedToolsorblockedToolsto any server entry — the runtime enforces it on every call, not just at codegen time. - Sturdier stdio child-process shutdowns. Timeout escalation prevents zombie subprocesses when an MCP server hangs on close.
- Windows OAuth fix. Browser URLs are now properly quoted when launching
cmd.exe, preserving query parameters that were getting eaten on Windows. - OAuth config docs + ergonomics:
mcporter config add <name> <url> --auth oauth. - Schema-declared string coercion. Numeric-looking parameters that the schema says are strings stay strings — fixes silent timestamp data loss in tool calls.
Why it matters
If you've tried to wire an MCP server into a real product, you've hit two things: (1) you only want the agent to see a subset of tools (read-only Slack, non-destructive filesystem), and (2) every OAuth-protected server has its own quirks per OS. 0.9.0 closes both loops. Filtering moves from a build-time codegen flag into the runtime, so the same server binary can expose different tool surfaces to different consumers — which is what you want in shared/multi-tenant setups. And the Windows OAuth fix unblocks a whole class of users who previously couldn't auth Notion / Linear / Vercel servers at all.
The string-coercion fix is smaller on the surface but solves a silent correctness bug: when an agent passes "1713417600" for a timestamp param the schema declares as string, prior versions would helpfully coerce it to a number, which then fails on the server or lands as the wrong value. Tool call correctness at the runtime edge is exactly where this kind of bug hides. Fixing it quietly is the right call.
Technical facts
| Property | Value |
|---|---|
| Version | 0.9.0 |
| Released | Apr 18, 2026 |
| Previous | 0.8.1 (Mar 29, 2026) |
| Total releases | 32 |
| Language | ~98% TypeScript |
| License | MIT |
| Transports | HTTP, SSE, stdio |
| Install | npx mcporter · pnpm add mcporter · brew install steipete/tap/mcporter |
Filtering config example:
{
"slack-readonly": { "allowedTools": ["channels_list", "conversations_history"] },
"filesystem-safe": { "blockedTools": ["write_file", "delete_file"] }
}Comparison vs 0.8.x
- 0.7.3 shipped tool filtering, but only at codegen time via
--include-tools/--exclude-tools. 0.9.0 makes filtering a runtime policy per server. - 0.8.0 hardened OAuth flow detection (separating auth errors from transport errors), excluded static auth headers when OAuth is active, fixed JSON output parseability, added object-valued flag parsing, and dedup'd concurrent daemon restarts.
- 0.8.1 was a one-line fix for
mcporter --versionin compiled binaries. - 0.9.0 builds on that OAuth groundwork — Windows quoting fix + docs — and adds the runtime filter + the string-coercion correctness fix.
Use cases
- Lock down an MCP server per consumer: read-only Slack for one agent, write-allowed for another, same server binary.
- Wrap any MCP server as a CLI:
npx mcporter call linear.create_comment issueId:ENG-123 body:'Looks good!'. - Call MCPs from TypeScript with typed clients via
createRuntime()+createServerProxy()— no JSON-RPC plumbing. - Cross-platform OAuth for Notion, Linear, Vercel, Supabase — now actually working on Windows.
- Daemon-backed stateful servers like chrome-devtools and mobile-mcp keep session state across invocations.
Limitations & pricing
Free and MIT-licensed. MCPorter is a client / runtime / CLI generator — not a server framework. OAuth still requires a one-time interactive browser flow per server. Daemon mode only auto-applies to a curated list of stateful servers (chrome-devtools, mobile-mcp). Filtering is exact-name only — no glob patterns yet.
What's next
The 0.7 → 0.8 → 0.9 trajectory shows a clear focus: cross-platform polish plus tighter security primitives (runtime filtering, OAuth ergonomics). Expect future releases to keep pushing on production-grade multi-server deployments — likely glob/regex tool filters, more daemon-eligible servers, and richer auth flows. 0.9.0 itself shipped with contributions from four developers (including @tonylampada, @cosminilie, and @Hamzaa6296), which is a healthy sign for a project that's only at 32 total releases.
If you're already running MCPorter, pnpm up mcporter is the whole upgrade. If you're not, the 10-second smoke test is npx mcporter list — it auto-discovers servers from Cursor, Claude, Codex, Windsurf, and VS Code configs and prints what's reachable. From there, npx mcporter call <server>.<tool> key:value is one curl-equivalent away from any MCP tool in your environment.
Sources: mcporter releases, steipete/mcporter on GitHub, mcporter on npm, @steipete announcement.
