Releases: tsouth89/toolport
Release list
v1.0.1
Toolport 1.0.1
A small follow-up to the 1.0.0 rename release.
Fixed
- Windows: upgraders now show "Toolport" in the Start menu. When you updated from
Conduit, the in-place update left the old "Conduit" shortcut and green icon behind
(the bundle identifier is intentionally unchanged so your servers and keychain secrets
carry over). This release removes that stale shortcut, so the Start-menu entry and icon
now match the app. Fresh installs were already correct. - Settings: clearer "Allow agent control" note. It now states that your
destructive-tool block always stays yours, rather than referencing a toggle by position.
Nothing else changed since 1.0.0. Existing users update in place via the built-in updater.
Full changelog: v1.0.0...v1.0.1
v1.0.0
Toolport 1.0.0
Conduit is now Toolport. Same local-first MCP gateway, new name and identity, and our first stable release.
Toolport is one local gateway for all your MCP servers, shared by every AI client (Claude, Cursor, Codex, and the rest). Set up and authenticate each server once; your keys stay in the OS keychain; and lazy discovery keeps your agent's context flat: up to ~90% fewer tokens at the same task success, graded for correct answers.
The rename
- Everything you see is now Toolport: the app, the window, and the meta-tools (
toolport_status,toolport_search_tools,toolport_call_tool, and the rest). The oldconduit_*names keep working as aliases, so nothing breaks. - Upgrading from Conduit is seamless. Internal identifiers (the
conduit-gatewaybinary, your data directory, keychain entries, andCONDUIT_*environment variables) are unchanged, so your servers and saved secrets carry over with zero reconfiguration.
Also in this release (since 0.9.4)
- Security: confidence scoring and new injection categories. The tool-poisoning and content-defense scanner now combines signals into a weighted confidence score and adds three detection categories: role-jailbreak, system-prompt exfiltration, and chat-template delimiter injection.
- Audit: per-client attribution. Every tool call in the audit log is now stamped with the client that made it.
- Live request/response inspection (opt-in) in Activity, so you can see the real bytes flowing through the gateway.
- stdio spawn-arg supply-chain guard, plus clearer error-vs-empty states in Activity.
Install
Grab the installer for your OS below. Windows and macOS builds are code-signed (macOS is also notarized); Linux ships as a .deb (recommended) and an AppImage. Already running an older build? The in-app updater will bring you to 1.0.0 in place.
Full changelog: v0.9.4...v1.0.0
v0.9.4
Highlights
Reliability: no more head-of-line blocking on rate limits
When one agent hit a downstream rate limit (HTTP 429), every other agent queued on that same server used to stall for the full backoff. The gateway now releases the per-server lock during the retry wait, so a slow or rate-limited server no longer blocks the others sharing it. A server-advertised Retry-After is also clamped so a misbehaving downstream can't pin a call indefinitely.
Your server list is now backed up
Conduit keeps a registry.json.bak of your last-known-good server list and automatically recovers from it if the main file is ever deleted or corrupted.
What's Changed
- [codex] Add Codex setup walkthrough by @leemeo3 in #68
- fix: release per-server Mutex during backoff sleep (head-of-line blocking) by @bradhallett in #66
- v0.9.4: clamp Retry-After + registry.json backup/recovery by @tsouth89 in #70
Full Changelog: v0.9.3...v0.9.4
v0.9.3
Highlights
macOS: no more keychain password prompts
Conduit's gateway used to trigger a macOS keychain password prompt whenever it read your saved secrets, and again after every app update. That is gone in 0.9.3.
Your secrets still live in the system keychain and never touch disk. The gateway is now a notarized helper that shares a secure, team-scoped keychain access group with the app, so it reads your secrets silently, including across updates. Existing secrets are migrated into the new store automatically on first launch.
Both Apple Silicon and Intel macOS builds are signed and notarized.
What's Changed
- fix(catalog): surface url_hint in ServerDialog for self-hosted servers by @bradhallett in #64
- fix(macos): zero-prompt keychain via data-protection keychain + nested signed gateway by @tsouth89 in #67
Full Changelog: v0.9.2...v0.9.3
v0.9.2
Teams
- Share any server type. Admins can now push local-command (stdio) and LAN servers, not just public HTTP. They sync but arrive off, each member sees the exact command and opts in, so a team config can never silently run code on a member's machine. Link-local / cloud-metadata URLs are blocked outright.
- A clear "needs review / blocked" notice when a team config lands.
App
- Onboarding now names what makes Conduit different: up to 91% fewer tokens at the same task success, plus the tool-integrity watch.
- Always-on "Protection active" indicator in Activity, so the rug-pull / content-defense watch is visible even when nothing's wrong.
Fixes
- Authenticating a server now refreshes the gateway live, no manual reconnect (thanks @bradhallett, #63).
- Self-hosted catalog test coverage (@bradhallett, #62).
v0.9.1
Conduit v0.9.1
Share a stack as a link. Turn the servers you've set up into a clean, shareable link, no more pasting blobs of JSON.
In the Share dialog, choose the servers you want to share and hit Create share link. You get a conduitmcp.app/s/... URL that:
- unfolds into a branded page listing the stack's servers (and which key each one needs),
- shows a rich preview card when pasted into Slack, X, Discord, or anywhere with link previews,
- has an Open in Conduit button that deep-links straight into the import review on the recipient's machine (with a copy-the-code fallback if Conduit isn't installed yet).
Secrets are never included in a shared stack; the recipient adds their own keys after importing. Copy-to-clipboard and save-to-file sharing still work for offline use.
Upgrading
Reconnect your clients after updating so they relaunch the new gateway.
Full changelog: see CHANGELOG.md.
v0.9.0
Conduit v0.9.0
The headline is Stacks. Instead of hunting through a catalog of 80 servers, pick what you work on and Conduit sets up a matching set in one click.
Stacks
Tell Conduit your focus (full-stack web, backend & data, infra & DevOps, AI & ML, product & design, founder, or research) and it adds a matching bundle of MCP servers in one click. Stacks lead the Catalog, and the first-run wizard now opens with a "What do you work on?" picker. Every server that needs a credential shows a direct "get key" link to the right token page, so setup is minutes, not an afternoon.
Also new
- Selective sharing. Share a chosen subset of your servers as a stack, not your whole setup. Secrets are stripped, and the recipient previews exactly what they're adding before importing.
- Roo Code plugin detection. Conduit now surfaces Roo Code's plugin-provided MCP servers (read-only), the same way it already does for Cursor. Thanks @leemeo3 (#50).
- New in the catalog: Linode (Akamai) cloud, and Qdrant (a vector store for RAG).
Fixed
- Dark-mode fix for the scoped-client scope picker in Settings (it rendered as a white dropdown).
Upgrading
Reconnect your clients after updating so they relaunch the new gateway.
Full changelog: see CHANGELOG.md.
v0.8.0
Conduit v0.8.0
The headline this release is a multi-tenant HTTP bridge: one Conduit can now serve many HTTP/OpenAPI clients at once, each with its own token and its own set of servers. Plus the Playground gains Resources and Prompts, and a round of security hardening.
Multi-tenant HTTP bridge (per-client scoping)
Register HTTP clients in Settings → Integrations, each with its own bearer token and profile. One bridge process serves them all and resolves every request's token to its own scope, so two Open WebUI instances (or any two OpenAPI clients) can see entirely different tools through the same Conduit. The bridge connects the union of every registered client's profile, then filters each request, tools/list, search, call, status, and the OpenAPI spec, down to exactly what that token is allowed to see. Nothing leaks across tenants.
Also new
- Resources & Prompts in the Playground. New Tools / Resources / Prompts tabs: list a server's resources and read one, or fill a prompt's arguments and render it. The full MCP surface Conduit proxies, not just tools.
- Per-client scope, persisted and editable. A connected client now shows its effective scope ("sees the 'Billing' profile, 3 servers"), and you can re-scope it in place without disconnecting.
- Test connection in the add/edit server dialog: verify a server (and its secrets) actually connects before saving, with per-transport validation and a duplicate-name warning.
- Activity error detail. Failed tool calls now record and show the failure message and per-call latency; click a failed row to see why it failed.
- Continue client support (
~/.continue/config.yaml). Thanks @BharadwajKanneveti (#49). - A complete OpenAPI spec: a
serversblock, abearerAuthsecurity scheme, and real error responses, so OpenAPI clients can model auth and failures.
Security
- Constant-time comparison for the bridge bearer token.
- CORS no longer reflects the caller's Origin or sends credentials, and cross-site browser requests are refused. Once a scoped client is registered, the bridge closes anonymous access.
- The SSRF connect-guard now also blocks IPv6 link-local and cloud-metadata addresses (including the AWS IPv6 metadata address), not just IPv4 169.254.x.
- Client-config reads and backups reject non-regular files (devices, FIFOs) and cap size.
- Downstream HTTP calls retry safely on a connection failure or a 429 (honoring Retry-After), never on a 5xx.
Upgrading
After installing 0.8.0, reconnect your clients so they relaunch the updated gateway. The multi-tenant bridge needs the new binary.
Full changelog: see CHANGELOG.md.
v0.7.0
What's Changed
- fix(ui): show loading indicators on dialog async actions by @syf2211 in #43
- fix(clients): surface config parse errors with key and line context by @syf2211 in #42
- fix(ui): add Copy action to error toasts for bug reports by @syf2211 in #44
- test(clients): add cross-platform config path resolution tests by @syf2211 in #45
- fix(a11y): add aria-labels to status/transport pills and disabled cards by @syf2211 in #47
- fix(a11y): add focus-visible rings to sidebar nav and icon buttons by @syf2211 in #48
New Contributors
Full Changelog: v0.6.0...v0.7.0
v0.6.0
Conduit v0.6.0 is a big UI release. The server list and catalog are redesigned, the global discovery and security toggles moved into a dedicated Settings view, and the Activity page was reworked (collapsible security panel, errors-first call log), on top of confirmations before destructive actions, semantic color tokens for consistent accents, a full accessibility pass, and a cleaner README.
Changed
- The server list is a dense, scannable list now. The bulky three-column cards are
replaced by compact grouped rows: toggle, status, name, source, tool count, and
transport on one line, with the command and per-server actions (secrets, duplicate,
edit, remove) one click away in an expandable drawer. Needs-attention and disabled
servers get their own collapsible groups (disabled starts collapsed). Roughly 2-3x
denser at 20+ servers, and the row actions are real keyboard-reachable buttons now. - The catalog browse view is grouped by category. The default view organizes the
curated set into sections (Code & infrastructure, Databases, Search & knowledge, Web &
automation, Apps & productivity, Local tools) instead of a flat grid; search stays flat. - Consistent accent colors. Success, warning, info, and "yours" now come from four
semantic tokens (one shade each) instead of emerald/amber/violet/sky drifting across
300/400/500, so the same meaning renders identically in every view. - A calmer Activity page. The tool-security panel is collapsible and each notice can
be dismissed once reviewed; the raw call log is collapsed by default and filtered to
errors first, so the per-server stats table stays the headline. The "has secrets" key
icon on server rows is gone (it was a non-interactive indicator that looked clickable). - Global policy moved to a Settings view. Lazy discovery, Block destructive tools,
and Allow agent control now live in a dedicated Settings tab (grouped Discovery /
Security) instead of being buried atop the Playground, which is now a clean
tool-testing surface.
Added
- Three more catalog servers: Perplexity, Kubernetes, and Todoist.
- A confirmation step before destructive actions. Removing a server, deleting a
profile, disconnecting a client, or leaving a team now asks first and says what
survives (your secrets stay in the keychain, your own servers are untouched).
Fixed
- The manual Refresh always confirms now ("Refreshed"), even when a health probe is
already running, so the click is never silent. - Hardened the first-run wizard's resume-after-catalog flow against future regressions.
- A refresh failure no longer wipes a working server list; it keeps what's on screen and
toasts instead. The full-screen error is reserved for the initial-load failure. - The catalog browse view shows a loading skeleton and a retryable error state instead
of silently collapsing to "Catalog unavailable." - Dialogs cap their height and scroll, so a server with many env vars or secrets can't
push the Save and Cancel buttons off-screen. - Accessibility: screen readers now get the selected view (aria-current) and toggle
state (aria-pressed), the active sidebar item reads clearly, and long names truncate
instead of overflowing their rows. - Consistent transport pills across every server list, plural-correct labels ("1 tool"),
and several user-facing strings tidied up. - The server row no longer nests its toggle and Authenticate buttons inside a clickable
button. Mouse users still click anywhere on the row to expand; keyboard and screen
reader users get a dedicated chevron button with properaria-expanded.
Install: grab the installer for your platform below. Windows and macOS builds are code-signed (macOS notarized); on Linux prefer the .deb. See the README for details.