Releases: djtelicloud/grok-mcp-server
Release list
v0.6.0 - Hosted Contributor Control and Project Continuity
Summary
UniGrok MCP v0.6.0 adds a production, GitHub-authorized contributor control
plane without weakening the local-first product boundary. The stable MCP
gateway, xAI credential, Grok CLI OAuth session, task memory, and local
administration remain on the user's machine. The hosted surface exposes only
fresh, sanitized repository evidence to authorized contributors.
This release also makes Codex the explicit integration and release owner,
introduces project-scoped cross-chat handoffs, adds artifact-level Cloud Run CI,
and carries the adaptive routing, dual-plane model visibility, credential-plane
guidance, and telemetry improvements developed through the v0.5 series.
Highlights
- Production contributor control at
https://control.grokmcp.orgwith GitHub
App authorization and fresh repository-role verification. - Public
https://grokmcp.org/controlhandoff to the protected application. - Digest-pinned Cloud Run deployment behind managed TLS, load-balancer-only
ingress, preview Cloud Armor controls, and disabled raw service URLs. - Standalone container CI that validates public routes, non-root execution, and
fail-closed GitHub configuration. - Required project-scoped Codex active-work handoffs for reliable continuation
across new chats. - Clear separation between the stable local service, contributor workflows,
public project Site, and optional hosted control plane.
Compatibility
- Python 3.11 and 3.12 remain supported.
- The stable MCP endpoint remains
http://localhost:4765/mcp. - Existing API/CLI credential-plane behavior and local data remain compatible.
- Hosted contributor control is optional and does not make local MCP or Grok
credentials public.
Production Verification
- Full Python suite:
842 passedbefore the version-bump commit. - GitHub CI: all six jobs green, including
Control Cloud Run Image. - Managed TLS and DNS verified for
control.grokmcp.org. - Public project API returns
200; anonymous control access redirects to
GitHub; invalid OAuth state is rejected. - Authorized owner login returns fresh sanitized repository evidence.
- Cloud Run default URL is disabled and both raw hostnames return
404. - Public Site home and discovery routes remain healthy;
/controlredirects to
the production control origin.
v0.4.1 - Control Center Hardening and Public-Release Portability
Summary
UniGrok MCP v0.4.1 hardens the v0.4.0 Control Center and HTTP gateway for
public use. It improves streamed MCP response parsing, session continuity,
input bounds, restart gating, browser diagnostics, accessibility, and release
portability while keeping the public MCP endpoint and agent contract stable.
Highlights
- Hardened HTTP request, message, file, upload, and media input bounds.
- Bounded idle time for direct upstream xAI streams.
- Improved MCP stream parsing, UI session continuity, readiness polling,
authentication/rate-limit guidance, and live status rendering. - Added safer Control Center restart gating, CSP/CORS behavior, reduced-motion
support, and bounded OKF rendering. - Removed machine-specific paths and switched documentation assets to
repository-relative links. - Aligned package, runtime, and UI versions at
0.4.1. - Included the Control Center, OKF bundle, Grok adapter profiles, and
environment template in built wheels. - Corrected installed
unigrok-mcp initbehavior so.envis created in the
invoking project directory rather than the Python environment. - Added
SECURITY.mdand clarified that WebMCP support targets an experimental
W3C Community Group draft, not a W3C Standard.
Compatibility
- Python 3.11 and 3.12.
- Docker Compose remains loopback-only by default.
- Existing
/mcp,/v1, health, readiness, metrics, and UI routes remain
unchanged. - WebMCP features remain experimental and require a compatible browser build
or bridge exposingdocument.modelContext.
Release Checklist
- Full pytest suite passes (
631 passed). - Offline eval baseline passes (
12/12). - Source compilation and package build pass.
- Built wheel contains
mcp_ui/,docs/okf/,.grok/, andexample.env. - Docker Compose configuration and image health smoke test pass.
- Medium/high static security scan passes.
- Locked runtime dependency audit reports no known vulnerabilities.
- Current tree and reachable history reviewed for committed credentials.
- Repository visibility changed to public.
-
v0.4.1tag created from the verifiedmaincommit and pushed. - GitHub release published from these notes.