Releases · arc-mcp/arc-1 · GitHub

16 Jun 15:40

v0.9.18 Latest

Latest

0.9.18 (2026-06-16)

Features

SAPRead: add action="diff" for server-side single-system version diff (#445) (7d603ef)
SAPTransport: add summary=true headers-only mode for list (#448) (3ac3619)

Bug Fixes

startup: quiet expected feature-probe log noise + deployment/onboarding docs (#444) (951cb38)

Assets 3

15 Jun 09:20

v0.9.17

0.9.17 (2026-06-15)

Features

transport: add SAPTransport remove_object to clean an object out of a request (#432) (fc4e7d4)

Bug Fixes

clearer guidance for cross-subaccount OAuth2UserTokenExchange (#436) (226c437), closes #434
http: handle 304/204/205 null-body status on Cloud Connector proxy path (#440) (9e3906e)

Assets 3

12 Jun 22:40

v0.9.16

0.9.16 (2026-06-12)

Bug Fixes

initialise class test include surgery (#429) (f076a67)

Assets 3

12 Jun 21:54

v0.9.15

0.9.15 (2026-06-12)

Features

one-step "Install in Claude" — Claude Code plugin, MCPB bundle, tool annotations (#425) (48013b7)

Bug Fixes

adt: make SRVB publish/unpublish content negotiation 758-proof (#403) (909f253)
cache: batch warmup writes in transactions (#417) (6a5ec76)
config: empty env values fall back to defaults (fail closed, not fail open) (#427) (cd32f54)
context: avoid SAPContext dependency convoy (#411) (f37373b)
docker: patch OpenSSL CVE-2026-45447 and harden release CVE gate (#400) (951ca09)
handlers: accept any maxResults number, floor+clamp at the sinks (#423) (1eb1758)
type-check the test suite + split intent.test.ts (#405) (5cb235c)
xml: make XML escaping single pass (#414) (df0c285)
xml: reuse parser array tag set (#412) (2d12d3d)

Tests

handlers: Zod↔JSON-Schema type-parity guard (#415) (0855e2c)
isolate concurrent integration/e2e runs, add teardown janitor, fix flake (#426) (5895a75)
rename dispatch-rate-limit test, featuresOff() sweep, strip intent.ts provenance (#410) (8a34886)
server: de-flake auth-rate-limit (one server per test) + diagnosable transport errors (#424) (96fb89d)

Performance Improvements

lint: memoize abaplint default configs (#413) (1e78acb)

Assets 3

11 Jun 08:04

v0.9.14

0.9.14 (2026-06-11)

Bug Fixes

enforce SRVB package gate (#394) (6b91dea)
harden SAPRead grep regex handling (#392) (9d23287)
ignore BTP service key files (#395) (ec7b6a9)
isolate PP cache state (#393) (3278eb8)
write: emit adtcore:language + masterLanguage on MSAG payloads (#397) (07f9a9c)

Assets 2

09 Jun 21:12

v0.9.13

0.9.13 (2026-06-09)

Bug Fixes

git: enforce package allowlist on abapGit pull/push (#389) (82cec9b)
limits: clamp unbounded result limits to prevent resource exhaustion (#388) (9656162)
oauth: match redirect-uri allowlist against parsed URL components (#387) (c795b53)
transport: delete requests holding locked objects via removeLockedObjects (#386) (e64b497)

Assets 2

09 Jun 14:39

v0.9.12

0.9.12 (2026-06-09)

Features

diagnose: SAPDiagnose action=cds_testcases — CDS test-case scaffolding (#351) (b54ccd0)
read: generic server-driven object read — SAPRead DESD/EVTB/DTSC/CSNM/EVTO/COTA (#356) (ce3dacc)
write: server-driven object write — SAPWrite create/update/delete + SAPActivate (DESD/EVTB/DTSC/CSNM/EVTO/COTA) (#362) (0c7f0a6)
xsuaa: raise default refresh-token-validity to 30 days (#383) (8e0ee71)

Bug Fixes

handlers: harden tool-arg validation against GPT/OpenAI schema pollution (#363) (138d89c)
security: close scope-router privilege escalation and bind OAuth state to client_id (#352) (ba0a21b)
security: enforce allowedPackages ceiling on activation and change_package (#357) (2a1135e)
security: XSUAA redirect-uri allowlist for the shared default client (#358) (d204eb8)
write: emit pak:recordChanges so transportable package creation works on SAP_BASIS 816 (#375) (00e4197)
write: thread logon user into adtcore:responsible (#380) (3f8dc12)

Tests

close slow baseline and server coverage gaps (#367) (3968296)
migrate SAP CI to A4H 2025 (#365) (d22392d)
split slow SAP test profiles (#364) (c63346d)
tighten integration skip hygiene (#353) (bdca845)
tighten live cleanup and skip telemetry (#359) (94551af)

Assets 2

05 Jun 07:53

v0.9.11

0.9.11 (2026-06-05)

Bug Fixes

lint: don't block writes on parse errors beyond abaplint's grammar (8xx / SAP_BASIS 816) (#350) (79b5687)
probe: repair broken probe CLI and validate ABAP Platform 2025 (SAP_BASIS 816) (#347) (6c307ec)

Assets 2

05 Jun 06:09

v0.9.10

0.9.10 (2026-06-05)

Bug Fixes

adt/client: copy tablWriteUrlCache in withSafety() clone (#335) (dbcd8a1)

Assets 2

04 Jun 21:39

v0.9.9

0.9.9 (2026-06-04)

Features

fugr: recursive include expansion for SAPRead(type=FUGR) — captures function module code (#341) (2f99335)
transport: set explicit transport target (TR_TARGET) on SAPTransport.create (#339) (95d6a9c)

Bug Fixes

atc: bind check variant via worklist so SAPDiagnose(atc) returns findings (#336) (5386465)
deps: bump express-rate-limit to 8.5.2 and key IPv6 by /56 subnet (#330) (1bb5e31)
fugr: non-expand SAPRead(FUGR) returns the real function-module list (objectstructure) (#342) (93b6c22)
surface XSUAA OAuth errors on /oauth/callback + don't prefix reserved scopes (#327) (f7418ed)
write: derive created-object master language from SAP_LANGUAGE (#344) (18672fd)

Assets 2