v1.3.0

What's Changed

• Lint fixes in #58
• Update Prettier rules and code to remove trailing commas in #60
• Add a parameter to specify the location of the tool folder and a command line argument to specify the path to the config file in #61
• Implement isError to manage Tool Execution Errors in #63
• Update command-line arguments to launch the server and modify Dockerfile and README.md to reflect these changes in #64
• Remove the experimental local (stdio) server in #65
• Update README.md and config.json to enhance server configuration details in #66

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's Changed

• Improve access token validation by dynamically determining the algorithm from the token header in #40
• Refactor MCP request handling to properly support GET and DELETE methods for authenticated communication in #46
• Add ESLint and Prettier configuration files; update package.json for linting and formatting scripts; update package.json for miscellaneous minor improvements in #48
• Refactor code formatting and improve consistency across multiple files in #49
• Add support for DNS-rebinding attack protection in config.json and remote-server.ts in #55
• Add Docker containerization instructions to README.md in #56
• Change backend token name to be compliant with OAuth specifications in #57

Full Changelog: v1.1.0...v1.2.0

v1.1.0

What's Changed

• Improve README.md to clarify the scope of the project. in #32
• Add 'outputSchema' and 'structuredContent' to findProductById tool and add outputSchema to ToolDefinition to enhance tool response structure in #34
• Add TLS support and configuration to enable secure HTTPS mode in #35
• Fix audience verification in server-remote.ts in #37
• Make the token-exchange scope configurable in config.json in #38

Full Changelog: v1.0.0...v1.1.0

v1.0.0

Overview

This project provides a prototype implementation of a Model Context Protocol (MCP) server for Apache OFBiz® that:

• receives requests from an MCP client (usually hosted in a generative AI application such as Claude Desktop) and forwards those requests to a remote backend via RESTful API endpoints,
• exposes a template tool that invokes the findProductById OFBiz endpoint.
  This project can be used as a platform to implement your own tools and enable generative AI applications to interact with any backend system that exposes REST API endpoints, such as Apache OFBiz or Moqui.

The server is implemented in two versions, one that runs as a local MCP server (stdio transport) and one that runs as a remote MCP server (Streamable HTTP transport).

The project includes two alternative MCP servers:

• Local MCP server (src/server-local.ts) — communicates with the MCP client via stdio transport.
• Remote MCP server (src/server-remote.ts) — communicates with the MCP client via MCP Streamable HTTP transport.
  The servers dynamically discover MCP tools contained in the tools directory.

Each tool is defined and implemented in its own file. For example, the sample tool tools/findProductById.ts invokes an endpoint in Apache OFBiz to retrieve product information for a given product ID. This works with an out-of-the-box (OOTB) OFBiz instance with the rest-api plugin installed.

New tools can be published by simply including their definition files in the tools folder.

The remote server:

• is compliant with the latest MCP specifications
• supports authorization according to the MCP recommendations (OAuth Authorization Code Flow with support for Metadata discovery, Dynamic Client Registration, etc...)
• supports the token exchange OAuth flow in order to obtain a valid token for the backend system
• performs token validation with configurable scopes and audience verification
• provides rate limiting features to protect the MCP server and the backend server from denial of service attacks
  allows CORS restrictions

What's Changed

• Folder refactoring and minor improvements to the readme file in #1
• Correct local server path in the sample configuration file for Claude in #2
• Add Docker configuration files including Dockerfile, .dockerignore, and compose.yaml in #3
• Fix docker warnings in #4
• Refactor token management in #5
• Refactor update_token.sh to improve the token update logic for compatibility with container bind mounts in #6
• Initial OAuth implementation in #14
• Add settings for OAuth scopes in config.json in #15
• Audience validation in #17
• Merge verifyToken into validateAccessToken in #18
• Token exchange implementation in #20
• Improve configuration options in #22
• Rename local server file and update README in #24
• Improve readme.md to reflect the latest enhancements in #26

Full Changelog: https://github.com/jacopoc/mcp-server-for-apache-ofbiz/commits/v1.0.0