v0.3.0 — Stack Files (Compose for MCP)
·
61 commits
to main
since this release
Immutable
release. Only release title and notes can be modified.
Stack Files — docker-compose for MCP servers
Declare your project's MCP servers in mcpm.yaml, lock versions with trust snapshots, and let every team member replicate the setup with one command.
mcpm export > mcpm.yaml # dump current setup
mcpm lock # resolve versions + trust snapshot
mcpm up # install everything
mcpm diff # compare installed vs declaredNew Commands
| Command | Description |
|---|---|
mcpm export |
Export installed servers as an mcpm.yaml stack file |
mcpm lock |
Resolve semver ranges, run trust assessment, write mcpm-lock.yaml |
mcpm up |
Batch install from mcpm.yaml with trust policy enforcement |
mcpm diff |
Compare installed state vs mcpm.yaml + lock file |
Trust Policy
Stack files include a policy: block that gates mcpm up. If a server's trust score drops below the threshold, installation is blocked.
version: "1"
policy:
minTrustScore: 60
blockOnScoreDrop: true
servers:
io.github.domdomegg/filesystem-mcp:
version: "^1.0.0"Key Features
- Semver resolution — caret (
^1.0.0) and tilde (~1.2.0) ranges resolved against the MCP registry - Trust snapshots — lock file captures trust score at lock time;
mcpm updetects score drops using normalized percentages (works even when MCP-Scan availability differs across machines) - Parallel resolution — registry fetches and trust scans run concurrently per server
- Per-server error isolation — one server failing doesn't block others
- CI mode —
mcpm up --ciexits nonzero on trust violations or missing env vars - Profile support —
mcpm up --profile devinstalls only servers tagged for that profile - Strict mode —
mcpm up --strict --yesremoves servers not in mcpm.yaml - Env var resolution — process.env → .env file → default → interactive prompt
- URL servers — direct HTTP remotes supported (Cursor only, warns for other clients)
- MCP tool —
mcpm_upexposed viamcpm servefor AI agent access
Security
- Path traversal protection on MCP tool input
- Prototype poisoning protection in .env parser
- Single backup snapshot before batch writes
- Secrets never exported in mcpm.yaml (keys only, values omitted)
- All file writes use mode 0o600
Stats
- 816 tests, 80%+ line coverage
- 8 commits since v0.2.2
Full Changelog: v0.2.2...v0.3.0