v0.8.0

[0.8.0] - 2025-09-12

🚀 Features

feat: Configuration for disabling authorization token passthrough - @swcollard PR #336

A new optional new MCP Server configuration parameter, transport.auth.disable_auth_token_passthrough, which is false by default, that when true, will no longer pass through validated Auth tokens to the GraphQL API.

🛠 Maintenance

Configure Codecov with coverage targets - @DaleSeo PR #337

This PR adds codecov.yml to set up Codecov with specific coverage targets and quality standards. It helps define clear expectations for code quality. It also includes some documentation about code coverage in CONTRIBUTING.md and adds the Codecov badge to README.md.

Implement Test Coverage Measurement and Reporting - @DaleSeo PR #335

This PR adds the bare minimum for code coverage reporting using cargo-llvm-cov and integrates with Codecov. It adds a new coverage job to the CI workflow that generates and uploads coverage reporting in parallel with existing tests. The setup mirrors that of Router, except it uses nextest instead of the built-in test runner and CircleCI instead of GitHub Actions.

chore: update RMCP dependency - @nicholascioli PR #328

Update the RMCP dependency to the latest version, pulling in newer specification changes.

ci: Pin stable rust version - @nicholascioli PR #287

Pins the stable version of Rust to the current latest version to ensure backwards compatibility with future versions.

v0.8.0-rc.1

0.8.0-rc.1

v0.7.5

🐛 Fixes

fix: Validate ExecutableDocument in validate tool - @swcollard PR #329

Contains fixes for #327

The validate tool was parsing the operation passed in to it against the schema but it wasn't performing the validate function on the ExecutableDocument returned by the Parser. This led to cases where missing required arguments were not caught by the Tool.

This change also updates the input schema to the execute tool to make it more clear to the LLM that it needs to provide a valid JSON object

🛠 Maintenance

test: adding a basic manual e2e test for mcp server - @alocay PR #320

Adding some basic e2e tests using mcp-server-tester. Currently, the tool does not always exit (ctrl+c is sometimes needed) so this should be run manually.

How to run tests?

Added a script run_tests.sh (may need to run chmod +x to run it) to run tests. Basic usage found via ./run_tests.sh -h. The script does the following:

1. Builds test/config yaml paths and verifies the files exist.
2. Checks if release apollo-mcp-server binary exists. If not, it builds the binary via cargo build --release.
3. Reads in the template file (used by mcp-server-tester) and replaces all <test-dir> placeholders with the test directory value. Generates this test server config file and places it in a temp location.
4. Invokes the mcp-server-tester via npx.
5. On script exit the generated config is cleaned up.

Example run:

To run the tests for local-operations simply run ./run_tests.sh local-operations

Update snapshot format - @DaleSeo PR #313

Updates all inline snapshots in the codebase to ensure they are consistent with the latest insta format.

Hardcoded version strings in tests - @DaleSeo PR #305

The GraphQL tests have hardcoded version strings that we need to update manually each time we release a new version. Since this isn't included in the release checklist, it's easy to miss it and only notice the test failures later.

v0.7.5-rc.2

🐛 Fixes

fix: Validate ExecutableDocument in validate tool - @swcollard PR #329

Contains fixes for #327

The validate tool was parsing the operation passed in to it against the schema but it wasn't performing the validate function on the ExecutableDocument returned by the Parser. This led to cases where missing required arguments were not caught by the Tool.

This change also updates the input schema to the execute tool to make it more clear to the LLM that it needs to provide a valid JSON object

🛠 Maintenance

test: adding a basic manual e2e test for mcp server - @alocay PR #320

Adding some basic e2e tests using mcp-server-tester. Currently, the tool does not always exit (ctrl+c is sometimes needed) so this should be run manually.

How to run tests?

Added a script run_tests.sh (may need to run chmod +x to run it) to run tests. Basic usage found via ./run_tests.sh -h. The script does the following:

1. Builds test/config yaml paths and verifies the files exist.
2. Checks if release apollo-mcp-server binary exists. If not, it builds the binary via cargo build --release.
3. Reads in the template file (used by mcp-server-tester) and replaces all <test-dir> placeholders with the test directory value. Generates this test server config file and places it in a temp location.
4. Invokes the mcp-server-tester via npx.
5. On script exit the generated config is cleaned up.

Example run:

To run the tests for local-operations simply run ./run_tests.sh local-operations

Update snapshot format - @DaleSeo PR #313

Updates all inline snapshots in the codebase to ensure they are consistent with the latest insta format.

Hardcoded version strings in tests - @DaleSeo PR #305

The GraphQL tests have hardcoded version strings that we need to update manually each time we release a new version. Since this isn't included in the release checklist, it's easy to miss it and only notice the test failures later.

v0.7.5-rc.1

🛠 Maintenance

test: adding a basic manual e2e test for mcp server - @alocay PR #320

Adding some basic e2e tests using mcp-server-tester. Currently, the tool does not always exit (ctrl+c is sometimes needed) so this should be run manually.

How to run tests?

Added a script run_tests.sh (may need to run chmod +x to run it) to run tests. Basic usage found via ./run_tests.sh -h. The script does the following:

1. Builds test/config yaml paths and verifies the files exist.
2. Checks if release apollo-mcp-server binary exists. If not, it builds the binary via cargo build --release.
3. Reads in the template file (used by mcp-server-tester) and replaces all <test-dir> placeholders with the test directory value. Generates this test server config file and places it in a temp location.
4. Invokes the mcp-server-tester via npx.
5. On script exit the generated config is cleaned up.

Example run:

To run the tests for local-operations simply run ./run_tests.sh local-operations

Update snapshot format - @DaleSeo PR #313

Updates all inline snapshots in the codebase to ensure they are consistent with the latest insta format.

Hardcoded version strings in tests - @DaleSeo PR #305

The GraphQL tests have hardcoded version strings that we need to update manually each time we release a new version. Since this isn't included in the release checklist, it's easy to miss it and only notice the test failures later.

v0.7.4

🐛 Fixes

Add missing token propagation for execute tool - @DaleSeo PR #298

The execute tool is not forwarding JWT authentication tokens to upstream GraphQL endpoints, causing authentication failures when using this tool with protected APIs. This PR adds missing token propagation for execute tool.

v0.7.4-rc.1

0.7.4-rc.1

v0.7.3

🐛 Fixes

Generate openAI-compatible json schemas for list types - @DaleSeo PR #272

The MCP server is generating JSON schemas that don't match OpenAI's function calling specification. It puts oneOf at the array level instead of using items to define the JSON schemas for the GraphQL list types. While some other LLMs are more flexible about this, it technically violates the JSON Schema specification that OpenAI strictly follows.

This PR updates the list type handling logic to move oneOf inside items for GraphQL list types.

v0.7.2

🚀 Features

Prevent server restarts while polling collections - @DaleSeo PR #261

Right now, the MCP server restarts whenever there's a connectivity issue while polling collections from GraphOS. This causes the entire server to restart instead of handling the error gracefully.

Error: Failed to create operation: Error loading collection: error sending request for url (https://graphql.api.apollographql.com/api/graphql)
Caused by:
    Error loading collection: error sending request for url (https://graphql.api.apollographql.com/api/graphql)

This PR prevents server restarts by distinguishing between transient errors and permanent errors.

🐛 Fixes

Keycloak OIDC discovery URL transformation - @DaleSeo PR #238

The MCP server currently replaces the entire path when building OIDC discovery URLs. This causes authentication failures for identity providers like Keycloak, which have path-based realms in the URL. This PR updates the URL transformation logic to preserve the existing path from the OAuth server URL.

fix: build error, let expressions unstable in while - @ThoreKoritzius #263

Fix unstable let expressions in while loop
Replaced the unstable while let = expr syntax with a stable alternative, ensuring the code compiles on stable Rust without requiring nightly features.

🛠 Maintenance

Address Security Vulnerabilities - @DaleSeo PR #264

This PR addresses the security vulnerabilities and dependency issues tracked in Dependency Dashboard #41 (https://osv.dev/vulnerability/RUSTSEC-2024-0388).

• Replaced the unmaintained derivate crate with the educe crate instead.
• Updated the tantivy crate.

v0.7.1

🚀 Features

feat: Pass remote-mcp mcp-session-id header along to GraphQL request - @damassi PR #236

This adds support for passing the mcp-session-id header through from remote-mcp via the MCP client config. This header originates from the underlying @modelcontextprotocol/sdk library, invoked from remote-mcp.

With this change it is possible to correlate requests from MCP clients through to the final GraphQL server destination.

🐛 Fixes

fix: Valid token fails validation with multiple audiences - @DaleSeo PR #244

Valid tokens are failing validation with the following error when the JWT tokens contain an audience claim as an array.

JSON error: invalid type: sequence, expected a string at line 1 column 97

According to RFC 7519 Section 4.1.3, the audience claim can be either a single string or an array of strings. However, our implementation assumes it will always be a string, which is causing this JSON parsing error.
This fix updates the Claims struct to use Vec<String> instead of String for the aud field, along with a custom deserializer to handle both string and array formats.

fix: Add custom deserializer to handle APOLLO_UPLINK_ENDPOINTS environment variable parsing - @swcollard PR #220

The APOLLO_UPLINK_ENDPOINTS environment variables has historically been a comma separated list of URL strings.
The move to yaml configuration allows us to more directly define the endpoints as a Vec.
This fix introduces a custom deserializer for the apollo_uplink_endpoints config field that can handle both the environment variable comma separated string, and the yaml-based list.