Releases: ckalima/pipedrive-mcp-server
Releases · ckalima/pipedrive-mcp-server
Release list
v2.4.0
[2.4.0] - 2026-06-16
Added
- The
.mcpbdesktop bundle is now released automatically. Eachv*tag push attaches
the one-click.mcpbbundle (plus a.sha256) to the GitHub Release, and the MCP registry
entry now advertises a secondregistryType: "mcpb"package pointing at that asset so
desktop/registry clients can discover it. The registry entry (npm and mcpb packages) is
published in CI via OIDC instead of a manual step, with the mcpbfileSha256injected from
the exact attached bundle (the committed value is an all-zeros sentinel). Adds
npm run registry:publishas a back-publish/recovery fallback. No change to the server's
tools or runtime behavior. (#137)
v2.3.1
[2.3.1] - 2026-06-16
Fixed
- Circuit breaker hardened against concurrent load and wall-clock steps. Two
internal fixes to the per-process circuit breaker that protects the shared Pipedrive
rate limit; no configuration, API, or tool-surface change.- The Closed-state trip count is now a sliding window (the threshold of 5 trip
signals must fall within 30s) rather than a consecutive counter, so a success from an
interleaved concurrent request can no longer reset progress toward tripping mid-storm
(#134). - The breaker's window/cooldown arithmetic — and the retry budget/timeout arithmetic —
now key on a monotonic clock (performance.now()) instead ofDate.now(), so an
NTP/VM wall-clock step can no longer evict an in-progress window's signals or mis-time
the Open→HalfOpen cooldown (#135).
- The Closed-state trip count is now a sliding window (the threshold of 5 trip
v2.3.0
[2.3.0] - 2026-06-16
Changed
- Minimum supported Node.js is now 22 (was 20). Node 20 ("Iron") reached
end-of-life in April 2026; Node 22 ("Jod") is the oldest LTS still receiving
support.engines.nodeis advisory (npm only warns), so existing installs on
older Node keep working, but 22+ is what we test and support. CI now runs the
Node 22 (floor) and 24 (current LTS) lines;@types/nodeis aligned to the 22
floor so the build typechecks against the API surface we actually support, and
a.nvmrcpins local development to 22.
v2.2.0
[2.2.0] - 2026-06-16
Added
- Guided installer (
npx @ckalima/pipedrive-mcp-server init). A one-command
interactive setup that opens the Pipedrive API-settings page, validates a
pasted key against the live API, and writes a working MCP config for the chosen
host (Claude Desktop, Claude Code, Cursor, VS Code, Windsurf). It is a CLI
subcommand; the STDIO server path is unchanged.- The pasted key is masked as you type (never echoed to the terminal or
scrollback). - Config writes are non-destructive: an existing file is read, merged, and
backed up before an atomic0600write, with symlink/TOCTOU-safe handling. - For committed or shared targets (e.g. a project-scoped
.mcp.json), the
server entry uses an environment-variable indirection so a literal key never
lands in a shared file; the key is shown inline only under--print-only. - Flags:
--host,--scope, and--print-only. Unrecognized flags warn and
continue; a missing or flag-shaped value fails closed before any I/O. A
closed stdin (non-interactive/CI) cancels cleanly instead of hanging.
- The pasted key is masked as you type (never echoed to the terminal or
Added
- Server-enforced capability modes (
PIPEDRIVE_MODE). A new safety tier —
read-only,safe-write, orfull— governs which tools an agent can reach.
Out-of-mode tools are hidden fromtools/listand independently refused by a
dispatcher backstop before any handler runs, surfaced as a distinct
MODE_RESTRICTEDerror. Tiers derive from existing per-tool metadata, so no
new per-tool data is introduced. See "Capability modes" in the README.- Recommended for first-time setup and agent evaluation:
read-only.
- Recommended for first-time setup and agent evaluation:
- Automatic request resilience. Reads retry transient failures
(429/503/5xx/network) and writes retry 429s, using full-jitter backoff and a
per-process circuit breaker. A newCIRCUIT_OPENerror distinguishes a local
fast-fail from a fresh upstream 429. - v1 sunset safety. The four v1-only capabilities (notes, mail, users, leads
CRUD) route through a dedicated seam with lazy sunset/retirement detection; a
retired capability returns a clearCAPABILITY_RETIREDerror pointing to the
Pipedrive changelog rather than failing opaquely.
Changed
- Destructive operations are now gated by
PIPEDRIVE_MODE=full. The default
mode issafe-write, so out-of-box execution is unchanged (destructive tools
were already disabled). The one observable change at the default: the 31
destructive tools are now also hidden fromtools/listrather than
listed-then-refused, so the listed surface is 124, not 155. RATE_LIMITEDguidance softened, because 429s are now retried
automatically with backoff before the error can surface.
Deprecated
PIPEDRIVE_ENABLE_DESTRUCTIVEis superseded byPIPEDRIVE_MODE. It is
still honored: whenPIPEDRIVE_MODEis unset,truemaps tofulland
anything else tosafe-write. PreferPIPEDRIVE_MODE=full.
Security
- Product-image
file_pathreads are now opt-in and confined. The
pipedrive_upload_product_imageandpipedrive_update_product_imagetools
previously read any caller-suppliedfile_paththe server process could
reach. Filesystem reads are now disabled by default; an operator must set
PIPEDRIVE_IMAGE_BASE_DIRto an allowed directory, and afile_pathmust
resolve within it. Reads are size-capped, and read failures no longer reflect
the resolved path or raw filesystem error back to the model.- Migration: if you relied on
file_path, setPIPEDRIVE_IMAGE_BASE_DIR
to the directory holding your images and pass paths under it. Callers that
cannot share the server's filesystem should usebase64_datainstead. When
afile_pathcall is rejected solely because reads are disabled, the server
logs a stderr hint naming the variable to set.
- Migration: if you relied on
- Untrusted CRM/backend data is labeled and bounded before it reaches the
model. Tool responses carry an untrusted-data marker, backend-authored error
text is redacted (secrets/tokens) and length-capped, and an oversized response
is withheld behind aRESPONSE_TOO_LARGEerror rather than flooding the
model's context window.
Backward compatibility
PIPEDRIVE_MODEis authoritative when set to a recognized value. A blank value
(e.g. an MCPB host substituting an empty string for an untouched optional
install field) is treated as unset and resolves to thesafe-writedefault; an
unrecognized value falls back toread-only. Existing installs keep their
execution behavior on upgrade.
v2.1.0
[2.1.0] - 2026-06-15
Added
- Server-enforced capability modes (
PIPEDRIVE_MODE). A new safety tier —
read-only,safe-write, orfull— governs which tools an agent can reach.
Out-of-mode tools are hidden fromtools/listand independently refused by a
dispatcher backstop before any handler runs, surfaced as a distinct
MODE_RESTRICTEDerror. Tiers derive from existing per-tool metadata, so no
new per-tool data is introduced. See "Capability modes" in the README.- Recommended for first-time setup and agent evaluation:
read-only.
- Recommended for first-time setup and agent evaluation:
- Automatic request resilience. Reads retry transient failures
(429/503/5xx/network) and writes retry 429s, using full-jitter backoff and a
per-process circuit breaker. A newCIRCUIT_OPENerror distinguishes a local
fast-fail from a fresh upstream 429. - v1 sunset safety. The four v1-only capabilities (notes, mail, users, leads
CRUD) route through a dedicated seam with lazy sunset/retirement detection; a
retired capability returns a clearCAPABILITY_RETIREDerror pointing to the
Pipedrive changelog rather than failing opaquely.
Changed
- Destructive operations are now gated by
PIPEDRIVE_MODE=full. The default
mode issafe-write, so out-of-box execution is unchanged (destructive tools
were already disabled). The one observable change at the default: the 31
destructive tools are now also hidden fromtools/listrather than
listed-then-refused, so the listed surface is 124, not 155. RATE_LIMITEDguidance softened, because 429s are now retried
automatically with backoff before the error can surface.
Deprecated
PIPEDRIVE_ENABLE_DESTRUCTIVEis superseded byPIPEDRIVE_MODE. It is
still honored: whenPIPEDRIVE_MODEis unset,truemaps tofulland
anything else tosafe-write. PreferPIPEDRIVE_MODE=full.
Security
- Product-image
file_pathreads are now opt-in and confined. The
pipedrive_upload_product_imageandpipedrive_update_product_imagetools
previously read any caller-suppliedfile_paththe server process could
reach. Filesystem reads are now disabled by default; an operator must set
PIPEDRIVE_IMAGE_BASE_DIRto an allowed directory, and afile_pathmust
resolve within it. Reads are size-capped, and read failures no longer reflect
the resolved path or raw filesystem error back to the model.- Migration: if you relied on
file_path, setPIPEDRIVE_IMAGE_BASE_DIR
to the directory holding your images and pass paths under it. Callers that
cannot share the server's filesystem should usebase64_datainstead. When
afile_pathcall is rejected solely because reads are disabled, the server
logs a stderr hint naming the variable to set.
- Migration: if you relied on
- Untrusted CRM/backend data is labeled and bounded before it reaches the
model. Tool responses carry an untrusted-data marker, backend-authored error
text is redacted (secrets/tokens) and length-capped, and an oversized response
is withheld behind aRESPONSE_TOO_LARGEerror rather than flooding the
model's context window.
Backward compatibility
PIPEDRIVE_MODEis authoritative when set to a recognized value. A blank value
(e.g. an MCPB host substituting an empty string for an untouched optional
install field) is treated as unset and resolves to thesafe-writedefault; an
unrecognized value falls back toread-only. Existing installs keep their
execution behavior on upgrade.
v2.0.0
[2.0.0] - 2026-06-12
First public release under the scoped name @ckalima/pipedrive-mcp-server,
published from GitHub Actions with build provenance.
No public 1.x exists under the scoped name. The line starts at
2.0.0
to disambiguate from the unrelated unscopedpipedrive-mcp-serverpackage
(owned by another author) and from pre-scope internal1.0.0artifacts. The
version jump is disambiguation, not a feature-count or maturity signal.
Added
- Scoped, provenance-signed npm package. Install with
npx -y @ckalima/pipedrive-mcp-server; the npm page shows a provenance badge
linking back to the GitHub Actions build. - 155 MCP tools across deals, persons, organizations, activities, notes,
leads, projects, products, tasks, boards, phases, mail, fields, pipelines,
and users. - v2-first API coverage (deals, persons, organizations, activities) with v1
fallback for notes, mail, fields, pipelines, and users. - Destructive operations gated behind the
PIPEDRIVE_ENABLE_DESTRUCTIVE=true
environment variable (disabled by default).