v0.2.0
Umami Compass 0.2.0 — Decision-ready analytics
Umami Compass 0.2.0 moves beyond low-level API wrappers with bounded workflows that answer portfolio, traffic, release-impact, and tracking-health questions directly while preserving the read-only security model.
Important
The default toolsets change from core to core,insights, expanding the default surface from 7 to 12 aggregate tools. Set UMAMI_TOOLSETS=core to retain the previous default surface. All 35 available tools remain read-only.
Highlights
Five decision-ready workflows
resolve_website— resolve a UUID from a URL, domain, or name without guessing on ambiguous fuzzy matches.get_portfolio_overview— summarize visible websites, growth and decline leaders, stale data, failures, and anomalies.explain_traffic_change— compare equal periods and surface observed page, referrer, country, device, channel, and event changes without claiming causation.analyze_release_impact— assess equal pre/post windows across traffic and Core Web Vitals with explicit confidence and caveats.tracking_health_check— audit freshness, traffic drops, domains, expected events, recorder features, and permission failures.
Safer interpretation
- Add a common
metaenvelope withdataStatus, empty reason, website, requested range, timezone, and truncation state. - Use explicit equal-length baseline requests for portfolio and tracking comparisons.
- Treat missing rows outside a truncated top-N as unknown instead of inventing zero values.
- Require material Web Vital movement and sufficient samples before assigning a release-impact direction.
- Register guided prompts only when their required toolsets are enabled.
Stronger authorization
- Add
UMAMI_TEAM_IDSas a strict boundary for discovery and direct website/report access. - Exclude user-owned websites while a team allowlist is active unless they belong to an allowed team.
- Intersect
UMAMI_TEAM_IDSandUMAMI_WEBSITE_IDSwhen both are configured. - Enforce the boundary before direct website routes, typed reports, and saved-report execution.
Additional MCP improvements
- Add the sanitized
umami://capabilitiesresource for enabled toolsets, auth type, scope, and safety limits. - Add guided workflows for weekly portfolio briefings, traffic investigation, release impact, tracking health, and conversion audits.
- Expand the complete opt-in surface from 30 to 35 tools.
Upgrade
npx --yes --prefer-online umami-compass@latestPin this exact release when reproducibility matters:
npx --yes umami-compass@0.2.0Restart the MCP process or client after upgrading so it can discover the new tools and prompts.
Compatibility and verification
- Umami Cloud and self-hosted Umami 3.2+.
- Node.js 22 or newer.
- 79 automated tests plus lint, typecheck, build, package smoke testing, and CI on Node.js 22, 24, and 26.
- Independently reviewed twice; all identified P1/P2 code and logic findings were resolved before release.
- npm publication includes SLSA provenance.