v2.1.1 — ChatGPT Desktop MCP Integration + Security Hardening
What's new in v2.1.1
ChatGPT Desktop macOS MCP Integration (E-66)
- Connect ChatGPT Desktop for macOS to DepthFusion's MCP server via the existing SSE transport at
https://mcp.tonracein.com - One-step install script:
curl -s https://raw.githubusercontent.com/gregdigittal/depthfusion/main/docs/chatgpt-install.sh | python3 - All 30 MCP tools available; 19 are immediately useful in a chat context
- Full setup guide:
docs/chatgpt-mcp-setup.md
Security Hardening
- Path confinement on
set_memory_scoreandpin_discoverytools — external callers (e.g. ChatGPT) cannot write to arbitrary server paths; restricted to~/.claude/shared/discoveries/ - Timing-safe Bearer token comparison via
secrets.compare_digestin bothhttp_server.pyandapi/auth.py(prevents token prefix leakage via short-circuit equality) - Token rotation after prior token was committed to public repo; install script now uses
getpass(no hardcoded secrets)
Server URL update
- Default server URL updated to
https://mcp.tonracein.com(port 7301 locally, nginx-proxied) - Tauri desktop app settings updated accordingly
Planning artifacts
docs/Account_synch/directory added with architecture/build planning documents
Full changelog: CHANGELOG.md