Releases: lidless-labs/jellyctrl
Releases · lidless-labs/jellyctrl
Release list
jellyctrl v0.4.3
Full Changelog: v0.4.2...v0.4.3
jellyfin-mcp v0.4.2
Full Changelog: v0.4.1...v0.4.2
v0.4.1
Patch release for jellyctrl.
- Adds repeatable npm publishing with audit and package payload checks.
- Updates dependency locks so full npm audit is clean.
- Keeps the existing jellyctrl and compatibility entrypoints intact.
v0.4.0
Added
- 10 new tools since the v0.3.0 npm publish (46 to 56 total):
- Continue Watching management:
jellyfin_preview_continue_watching_clear,
jellyfin_clear_continue_watching,jellyfin_clear_series_continue_watching,
jellyfin_clear_episode_continue_watching_except_latest - Resume state and history:
jellyfin_set_resume_position,
jellyfin_get_watch_history,jellyfin_get_user_item_data - Bulk session control:
jellyfin_pause_all_sessions,
jellyfin_stop_all_sessions,jellyfin_message_all_active_sessions
- Continue Watching management:
- MCP tool annotations on all 56 tools:
readOnlyHint: trueon read-only
tools,destructiveHint: trueon destructive ones (user deletion, password
reset, shutdown/restart, stopping sessions, resume-state clears, Quick
Connect authorization), so MCP clients can route destructive calls to human
approval. Theconfirm: truegate remains as a second layer.
Fixed
- Strip the draft-07
$schemathe MCP SDK stamps on tool schemas; Anthropic
rejects it when the full tool set is sent (e.g. on subagent spawns). JELLYFIN_TIMEOUTis validated: non-numeric, zero, or negative values now
warn on stderr and fall back to the 30s default instead of producing a NaN
that aborted every request after ~1ms.- Server name and version are derived from
package.jsoninstead of
duplicated literals, so the advertised MCP version can no longer drift from
the published package version.
Security
JELLYFIN_VERIFY_SSL=falsenow relaxes TLS certificate validation for the
Jellyfin connection only, via a per-request undici dispatcher, instead of
the process-globalNODE_TLS_REJECT_UNAUTHORIZEDwhich disabled validation
for every outbound TLS connection.- Upstream Jellyfin error response bodies are no longer returned to the MCP
client; results carry the status summary only and the full body is logged
to stderr for operators. jellyfin_set_user_passwordnow warns (tool description and README) that
the plaintext password transits the LLM conversation and provider logs.
Changed
- CI: the test step no longer uses
continue-on-error, so test failures fail
the build and gate the publish job.
v0.3.0 - discovery tools + Quick Connect
First tagged release. package.json is 0.3.0; tag catches GitHub up.
New in 0.3.0 (5 tools)
jellyfin_get_resume_items- in-progress items with resume position (sec)jellyfin_get_next_up- next unwatched episode per series (user-scoped)jellyfin_get_similar_items- built-in recommender with optional user contextjellyfin_quick_connect_status- server enabled flagjellyfin_quick_connect_authorize- approve a pending code (confirm-gated; one-time code never echoed back)
Also in this release
- CodeRabbit review follow-up: reject blank IDs, redact codes from
authorizeerror paths - Toolchain + SDK majors upgraded
- Item/UserItemData types tightened so discovery tools don't need structural casts
Since v0.2.0 recap
v0.2.0 added 16 tools (deeper playback, user-data writes, playlists, collections, confirm gates on destructive ops). Combined with v0.3.0 the server exposes the full set documented in the README.
Install
See the README for Claude Desktop, Claude Code, OpenClaw, Hermes Agent, and Codex CLI setup.
Tests
34 tests passing (client URL-encoding + tool-level handler tests including Quick Connect confirm gate and code-redaction).