Skip to content

Releases: iamjameslennon/ddb-mcp

v2.10.1

Choose a tag to compare

@iamjameslennon iamjameslennon released this 22 Jun 10:43

ddb-mcp v2.10.1 — Release Notes

This is a maintenance and hardening release. Under the hood, ddb-mcp now validates the data it sends and receives more strictly and handles your D&D Beyond login session more reliably, so day-to-day use should feel a little more stable. There are no changes to the commands you already use.

Improvements

  • More reliable sessions. Login session handling has been reworked so your connection to D&D Beyond stays valid more consistently, meaning fewer "please log in again" interruptions while you're looking up characters, spells, or monsters.
  • Stricter data checks. ddb-mcp now formally validates the information passing through it. In practice this means cleaner, more predictable results and fewer odd failures when D&D Beyond returns unexpected data.
  • Up-to-date foundations. Refreshed the underlying tools and libraries that power the server (browser engine, validation, and testing components) to keep everything current and well-supported.

Security

  • Tightened browsing safeguards. The guardrails that keep the built-in browser from straying to unapproved sites have been reinforced and now have a dedicated set of automated tests, reducing the risk of the server being tricked into navigating somewhere it shouldn't. Safe download locations (your Downloads and Documents folders) are likewise verified by new tests.

No new features, bug fixes, or breaking changes in this release — everything you've set up will continue to work exactly as before.

v2.10.0

Choose a tag to compare

@iamjameslennon iamjameslennon released this 09 Jun 15:43

This release is all behind-the-scenes housekeeping — updated dependencies, a clearer README, and a smarter release script. There are no changes to how you use the tools at your table.

Improvements

  • Refreshed the README with clearer setup instructions for players and DMs.
  • The release process now keeps version numbers in the docs in sync automatically, so install instructions you copy from the README will always match the current release.
  • Updated several underlying libraries (MCP SDK, Node type definitions, tsx, hono) to their latest versions for better stability and security patches from upstream.

Security

  • Picked up a security fix for the hono dependency via Dependabot.

v2.9.2

Choose a tag to compare

@iamjameslennon iamjameslennon released this 02 Jun 16:25

This release is all behind-the-scenes maintenance — updated dependencies and security patches under the hood. There are no new features or changes to how you'll use ddb-mcp day to day; just keep it up to date and carry on with your campaigns.

Security

  • Patched a couple of low-level libraries (brace-expansion and qs) to pull in the latest security fixes.

Improvements

  • Refreshed the browser engine (Playwright) used for D&D Beyond login and book reading, which should make those flows a little smoother and more reliable.
  • Updated internal development tools (TypeScript, ESLint, Vitest) — no visible change for players or DMs, but it keeps the project healthy for future updates.

v2.9.1

Choose a tag to compare

@iamjameslennon iamjameslennon released this 02 Jun 08:43

This release improves how Half-Elf characters built with the 2014 rules get their ability score bonuses calculated, so your stats now match what your character sheet actually shows on D&D Beyond.

Bug Fixes

  • Half-Elf ability scores (2014 rules): Fixed how Half-Elf ability score bonuses are applied when viewing characters. Half-Elves built using the original 2014 Player's Handbook rules — who get +2 Charisma and +1 to two other abilities of their choice — now show the correct final ability scores in character summaries.

v2.9.0

Choose a tag to compare

@iamjameslennon iamjameslennon released this 19 May 10:36

ddb-mcp v2.9.0

This release is mostly about getting character sheet numbers right. We squashed a bunch of small bugs that were quietly producing the wrong AC, HP, speed, languages, darkvision, and initiative for certain builds — especially Monks, Bards, Rangers, Scouts, and anyone using manual overrides or 2024 rules. Under the hood, the character parser was rewritten into smaller pieces, which makes future fixes faster.

Bug Fixes

  • Monk class features now correctly turn off when you put on armor. Unarmored Movement and the Defense fighting style no longer light up while you're wearing a breastplate.
  • Languages are finally complete. Player-added languages, languages set via the new D&D Beyond picker, and the full catalogue of languages from every published sourcebook are now all collected and named correctly (no more "Language #47").
  • AC manual overrides are now respected. If you've typed an AC value directly into D&D Beyond, that number is what you'll see.
  • Hit points use D&D Beyond's "override" value when you've rolled HP or set them manually, instead of always recomputing from class averages.
  • Darkvision stacks correctly for Gloom Stalker Rangers — Umbral Sight now extends your race's darkvision (e.g. 60 ft + 30 ft = 90 ft) instead of replacing it.
  • Initiative now includes the Bard's Jack of All Trades bonus.
  • Speed bonuses from class and feat features now apply: Scout's roving movement, Barbarian's Fast Movement, the Roving feat, and Mobile all bump your speed as they should.
  • Remarkable Athlete (Champion Fighter) now adds the half-proficiency bonus to non-proficient Strength, Dexterity, and Constitution skill checks.
  • 2024 ability score increases from races are no longer double-counted. If you're using a 2024 character with a background-driven ASI, the race-side ASI is correctly ignored.
  • Ability scores cap at 20 when computed from ASIs, per the PHB rule (magic items like Belt of Giant Strength still raise the cap as expected).
  • Speed calculation no longer gets confused by leftover modifiers from optional class features you didn't actually take.
  • Library listings no longer show the same sourcebook twice.

Security

  • Tightened input validation across all tools and properly URL-encoded user-supplied IDs, so handcrafted requests can't sneak unexpected characters into D&D Beyond URLs.

Improvements

  • Major internal rewrite of the character parser. Behaviour is unchanged for players, but the code is now organised by topic (stats, AC, defenses, features, weapons, spells, inventory, etc.), with snapshot tests against real characters to catch regressions. This is what made the long list of bug fixes above possible.

v2.8.0

Choose a tag to compare

@iamjameslennon iamjameslennon released this 13 May 14:18

ddb-mcp v2.8.0

This release makes ddb-mcp easier to get started with — there's a new step-by-step macOS install guide aimed at folks who've never touched a terminal before. It also adds a way to clear stale cached data when spells or items aren't showing up correctly, plus a diagnostic tool to help track down why.

New Features

  • Beginner-friendly macOS install guide. A new walkthrough (INSTALL-MACOS.md) takes you from "I just bought a Mac" to a working ddb-mcp setup, with no prior coding experience assumed. Linked from the README.
  • Clear the cache when things look wrong. A new ddb_clear_cache tool lets you wipe ddb-mcp's saved copies of spells, items, monsters, and character data. Useful when you've updated a character on D&D Beyond and want Claude to see the changes right away, or when a spell or item seems to be missing from results.

Improvements

  • Better spell and item lookup reliability. Under-the-hood changes to how the spell/item compendium is built make it more robust when D&D Beyond returns partial results. A new diagnostic script helps the maintainer track down problems quickly when players report missing content.

No breaking changes — existing setups will keep working as before.

v2.7.1

Choose a tag to compare

@iamjameslennon iamjameslennon released this 12 May 11:02

ddb-mcp v2.7.1

This release fixes character sheets that use the 2024 rules so subraces like High Elf, Wood Elf, and Hill Dwarf are recognized correctly. First-time setup is also smoother — Chromium now installs cleanly the first time you log in.

Bug Fixes

  • Character sheets built with the 2024 rules now show the correct race and subrace (e.g. Elf — High Elf, Dwarf — Hill Dwarf) instead of just the base lineage.

Improvements

  • Chromium (the browser used for D&D Beyond login) now installs more reliably the first time you run ddb_login, with clearer progress output if something goes wrong.

v2.7.0

Choose a tag to compare

@iamjameslennon iamjameslennon released this 11 May 13:59

ddb-mcp v2.7.0

This release brings proper Windows support — your D&D Beyond session now lives in the standard %APPDATA% folder instead of a Unix-style hidden directory — plus tighter protections against malicious content sneaking out of DDB pages (forum posts, party-member backstories, campaign notes) and steering Claude into doing something you didn't ask for. Linux setup is also documented more clearly, and a few quiet rough edges around saving sessions and downloads have been smoothed over.

New Features

  • Windows support is now first-class. Your session file is stored at %APPDATA%\ddb-mcp\session.json (the standard Windows location) instead of a Linux-style ~/.config folder. If you previously used ddb-mcp on Windows, you'll see a one-time notice on startup telling you to re-run ddb_login at the new location.
  • Linux setup instructions added to the README, including a note that Claude Desktop doesn't have an official Linux build — pointing Linux users toward Claude Code, Cursor, or other MCP clients instead.
  • Windows path help in the README — explains how to write Windows paths in the JSON config without backslash-escaping headaches.

Improvements

  • Safer clicks on DDB pages. Clicking a button via ddb_interact now requires the same explicit confirmation that filling a form already did. This protects against malicious page content (a poisoned forum post, a tampered campaign note) tricking Claude into deleting a character, leaving a campaign, or posting to a forum on your behalf. Screenshots remain unguarded since they're read-only.
  • Scraped DDB page content is now clearly labelled as untrusted. When Claude reads a DDB page, the page text is wrapped in tags so Claude can tell the difference between its own tools talking and random text that some other DDB user wrote — making prompt-injection attacks much harder to land.
  • Character downloads are more reliable. If your ~/Downloads or ~/Documents folder doesn't exist yet (common on minimal Linux installs), ddb-mcp now creates it for you instead of failing with a confusing error. Same for screenshots.

Security

  • Session file saves are now atomic and tamper-resistant. Your DDB cookies are written to a temp file and renamed into place, so a crash mid-save can never leave you with a half-written session file. On macOS and Linux, the file is also created with locked-down permissions from the very first byte (no brief window where another user could read it), and ddb-mcp refuses to follow a symbolic link planted at the session path.
  • Browser navigation locked down to www.dndbeyond.com specifically — no other DDB subdomains are accepted, even ones DDB might add later.
  • Selector validation in ddb_interact is stricter. A wider set of advanced Playwright selector syntaxes that could be abused by a malicious DDB page are now rejected up front.

v2.6.4

Choose a tag to compare

@iamjameslennon iamjameslennon released this 10 May 14:22

This release is mostly behind-the-scenes plumbing — tightening up our publishing pipeline so updates ship reliably. The one change you might notice is improved security around the browser-automation tools, which now validate inputs more carefully and clean up properly when Claude disconnects.

Security

  • The ddb_navigate and ddb_interact tools now validate page selectors before using them, reducing the risk of unexpected behavior if something tries to slip in malicious instructions through page content.
  • The browser session now closes cleanly when Claude disconnects, so stray Chrome windows don't linger after your session ends.

Improvements

  • More reliable npm publishing: when a new version is released, the publish step now correctly waits for all CI checks (across multiple Node.js versions) to pass before going live.
  • Updated minimum Node.js requirement to version 20. If you installed ddb-mcp recently you're already on a supported version; if you're on an older Node, you'll need to upgrade.
  • README now includes a security and privacy section explaining how your D&D Beyond session is stored and used.

v2.6.1

Choose a tag to compare

@iamjameslennon iamjameslennon released this 09 May 23:52

This release contains no player- or DM-facing changes. Both commits are internal maintenance: a fix to how releases are tagged and a metadata update to the package. Nothing about how you interact with D&D Beyond character sheets, spells, monsters, or campaigns has changed.

Improvements

  • Release process: Corrected how version tags are created during publishing, so future updates install and update more reliably via npm.