Countly
diff --git a/‎.github/workflows/docker-publish.yml‎
Lines changed: 0 additions & 83 deletions b/‎.github/workflows/docker-publish.yml‎
Lines changed: 0 additions & 83 deletions
diff --git a/‎.github/workflows/npm-publish.yml‎
Lines changed: 0 additions & 53 deletions b/‎.github/workflows/npm-publish.yml‎
Lines changed: 0 additions & 53 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 160 additions & 0 deletions b/‎.github/workflows/release.yml‎
Lines changed: 160 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 75 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 75 additions & 0 deletions
@@ -0,0 +1,160 @@
+name: Release (npm & Docker)
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release (e.g., 1.0.1)'
+        required: true
+        type: string
+      publish-npm:
+        description: 'Publish to npm'
+        required: false
+        type: boolean
+        default: true
+      publish-docker:
+        description: 'Publish to Docker Hub'
+        required: false
+        type: boolean
+        default: true
+
+env:
+  DOCKER_IMAGE: countly/countly-mcp-server
+  DOCKERHUB_USERNAME: countly
+
+permissions:
+  id-token: write  # Required for npm OIDC
+  contents: read
+
+jobs:
+  test-and-build:
+    runs-on: ubuntu-latest
+    name: Test & Build
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20.x'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build project
+        run: npm run build
+
+      - name: Run tests (with transport integration tests)
+        run: npm run test:ci
+        env:
+          COUNTLY_SERVER_URL: https://test.count.ly
+          COUNTLY_AUTH_TOKEN: test-token-for-ci
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: build
+          path: build/
+          retention-days: 1
+
+  publish-npm:
+    runs-on: ubuntu-latest
+    needs: test-and-build
+    name: Publish to npm
+    if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.publish-npm)
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org/'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: build/
+
+      - name: Update package.json version (manual trigger only)
+        if: github.event_name == 'workflow_dispatch'
+        run: npm version ${{ inputs.version }} --no-git-tag-version
+
+      - name: Publish to npm
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  publish-docker:
+    runs-on: ubuntu-latest
+    needs: test-and-build
+    name: Build & Push Docker Image
+    if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.publish-docker)
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract version from tag or input
+        id: meta
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            VERSION="${{ inputs.version }}"
+          elif [[ "$GITHUB_REF" == refs/tags/v* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          else
+            VERSION="dev-${GITHUB_SHA::8}"
+          fi
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Building version: $VERSION"
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}
+            ${{ env.DOCKER_IMAGE }}:latest
+          cache-from: type=registry,ref=${{ env.DOCKER_IMAGE }}:buildcache
+          cache-to: type=registry,ref=${{ env.DOCKER_IMAGE }}:buildcache,mode=max
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.version=${{ steps.meta.outputs.version }}
+            org.opencontainers.image.created=${{ github.event.head_commit.timestamp }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Update Docker Hub description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: ${{ env.DOCKER_IMAGE }}
+          readme-filepath: ./DOCKER.md
+          short-description: "MCP server for Countly Analytics - Access 40+ analytics tools via Model Context Protocol"
@@ -0,0 +1,75 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.1] - 2025-11-07
+
+### Added
+- **Transport Integration Tests**: Added comprehensive integration tests for both stdio and HTTP/SSE transports (`tests/transport.test.ts`)
+  - 13 new tests covering initialization, tool listing, health checks, CORS, and SSE streaming
+  - Tests validate both stdio and HTTP/SSE transport modes work correctly
+- **HTTP Header Authentication**: Added support for passing Countly credentials via custom HTTP headers
+  - `X-Countly-Server-Url` header for specifying server URL
+  - `X-Countly-Auth-Token` header for authentication token
+  - Headers are extracted and applied dynamically per request
+- **npm Publishing Workflow**: Added GitHub Actions workflow for automated npm package publishing on version tags
+
+### Changed
+- **Upgraded Transport Layer**: Migrated from deprecated `SSEServerTransport` to modern `StreamableHTTPServerTransport`
+  - Uses MCP protocol version 2025-03-26 (Streamable HTTP specification)
+  - Operates in stateless mode (`sessionIdGenerator: undefined`) for better client compatibility
+  - Eliminates "legacy SSE" warnings in VS Code and other MCP clients
+- **Enhanced Authentication Flexibility**: 
+  - Server URL is now optional in environment variables - can be provided via HTTP headers or client configuration
+  - Credentials fallback logic: metadata → args → config (from headers) → environment → file
+  - `getCredentials()` method now checks `this.config.authToken` as fallback (set from HTTP headers)
+- **Docker Configuration Improvements**:
+  - Updated documentation to reflect environment-based configuration
+  - Enhanced Dockerfile with proper build stages and health checks
+- **Documentation Updates**:
+  - Updated `.env.example` with clearer instructions for HTTP header-based authentication
+  - Enhanced `README.md` with transport configuration examples
+  - Updated `DOCKER.md` with secure configuration practices
+  - Updated VS Code MCP integration example (`examples/vscode-mcp.md`)
+
+### Fixed
+- **Security: ReDoS Vulnerability**: Fixed Regular Expression Denial of Service (ReDoS) vulnerability in URL normalization
+  - Replaced regex `/\/+$/` with iterative `while` loop approach
+  - Prevents potential DoS attacks via maliciously crafted URLs
+  - Applied fix in both `src/index.ts` and `src/lib/config.ts`
+- **Test Suite Improvements**:
+  - Updated authentication tests to reflect new priority order
+  - Fixed test expectations for optional server URL configuration
+  - Updated error messages in tests to match new authentication flow
+
+### Security
+- **ReDoS Mitigation**: Fixed Regular Expression Denial of Service vulnerability in URL normalization (CodeQL alert)
+
+## [1.0.0] - 2025-10-29
+
+Initial release of Countly MCP Server.
+
+### Features
+- Model Context Protocol (MCP) server for Countly analytics platform
+- Support for stdio and HTTP/SSE transport layers
+- Comprehensive Countly API integration:
+  - Analytics data retrieval (sessions, users, locations, events, etc.)
+  - Crash analytics
+  - App management
+  - Dashboard users management
+  - Alerts configuration
+  - Notes management
+  - Views analytics
+  - Database operations
+  - Event management
+  - App user management
+- Environment-based configuration
+- Docker support with multi-architecture builds
+- Comprehensive test suite
+- GitHub Actions CI/CD integration
+
+[1.0.1]: https://github.com/Countly/countly-mcp-server/compare/v1.0.0...v1.0.1
+[1.0.0]: https://github.com/Countly/countly-mcp-server/releases/tag/v1.0.0