Changelog

User-visible changes to Endara Relay and Endara Desktop, with links to the public PRs that shipped them. For the full per-binary release history, see the GitHub Releases pages linked at the bottom.

v0.1.10 Upcoming

Know at a glance when an organization needs re-authentication 0.1.10-rc.10

When an organization's identity-provider session expires, Endara now shows a full-width banner at the top of the app so you notice immediately instead of discovering it only when a server call fails. If a single organization is affected, the banner re-authenticates it in one click (opening your IdP and updating the status as soon as you finish); when multiple organizations need attention it takes you straight to Settings to manage them. The banner disappears on its own the moment every organization is signed in again.

Pull requests

Configure enterprise SSO credentials per server 0.1.10-rc.10

Enterprise-Managed Authorization now scopes its resource credentials to each MCP server (endpoint) rather than the whole organization, so servers that share an identity provider can still present their own resource client ID/secret and scopes. When adding or editing a server you can set these under the consolidated Advanced section, and after you re-authenticate an organization the Settings view now updates to Connected on its own once the relay finishes the sign-in — no manual refresh.

Pull requests

Dead plain-HTTP MCP servers now show as Unhealthy 0.1.10-rc.9

Plain HTTP MCP servers that had stopped responding used to keep showing a Healthy status until you manually refreshed them. Endara Relay now tracks transport failures reactively: when a server fails to answer normal requests several times in a row — connection refused, timeouts, or dropped responses — it is automatically demoted to Unhealthy, so the status you see reflects the server's real state. A server that starts responding again is promoted back to Healthy automatically.

Pull requests

MCP apps: resources & prompts now work through the relay 0.1.10-rc.8

Endara Relay previously proxied only tools. It now also proxies MCP resources and prompts across every connected upstream server, so MCP apps — clients that render interactive, resource-backed UI from those servers — and reusable prompt templates work through Endara just like tools do. resources/list, resources/templates/list, resources/read, prompts/list, and prompts/get are all aggregated across your connected servers.

Resource URIs and prompt names are automatically namespaced per server so multiple upstreams can't collide, and the namespacing is fully reversible and transparent — a resource you read is routed back to the right server with its original URI intact. When only a single server is connected, names and URIs pass through unchanged.

Pull requests

Faster, lighter Observability tab 0.1.10-rc.7

The Observability tab now transfers far less data as you browse it. The call list pages with a continuation token instead of a numeric offset, so scrolling deep with Load morestays fast and stable even while new calls are streaming in — no skipped or duplicated rows. Each row in the list now carries only the fields the table actually shows; the full request and response metadata is fetched on demand when you open a call's drill-through detail. The activity sparklines are also computed directly in the database, so opening the tab no longer pulls every call in the window across the wire. The tab looks and behaves exactly as before — it is just lighter and quicker.

Pull requests

Set up enterprise SSO servers with the Organizations onboarding flow 0.1.10-rc.6

Endara now models your identity provider as a reusable organizationinstead of per-server settings. Add an organization once, sign in through your IdP (for example Okta), and Endara probes which of your MCP servers accept that organization's credentials — then lets you review and connect them in a single step. A guided flow takes you from picking a provider, through SSO and automatic server detection, to choosing which detected servers to add. Manage connected organizations from Settings, where you can re-authenticate or remove them; every server sharing an organization draws from one pooled, silently-refreshed credential.

Pull requests

Enterprise SSO for MCP servers (Enterprise-Managed Authorization) 0.1.10-rc.6

Connect to MCP servers protected by your organization's identity provider (e.g. Okta). Sign in once through your IdP and Endara automatically obtains and silently refreshes a per-server access token on your behalf — the MCP server never has to pre-trust Endara. If your IdP session expires, Endara surfaces a clear re-authentication prompt. Configure it per endpoint with auth.type = "ema".

Pull requests

OAuth endpoints self-recover after a network blip 0.1.10-rc.5

When a transient network outage interrupted an OAuth MCP endpoint, the relay's proactive token refresh would retry once, fail, and leave the endpoint stuck Unhealthy— it only came back when you reopened the app or sent a request that hit a 401. The relay's periodic heartbeat now drives recovery on its own: while an endpoint is in the failed state, each heartbeat tick attempts a token refresh, so the endpoint returns to healthy within about one heartbeat interval once connectivity is restored — no app restart or manual action required.

Pull requests

RFC 9728 discovery fallback + Client ID Metadata Document (CIMD) 0.1.10-rc.4

OAuth authorization-server discovery now falls back to the OpenID Connect path-appended /.well-known/openid-configuration location, so Okta-style authorization servers whose issuer URLs include a path segment are discovered correctly instead of failing to connect.

The relay can also now use a Client ID Metadata Document (CIMD): when an authorization server advertises support, the relay identifies itself with the hosted document at https://endara.ai/oauth/client-metadata.json as a zero-config public client — no client secret and no Dynamic Client Registration round-trip. An explicitly provided client ID still takes precedence.

Pull requests

OAuth re-auth fixed for servers without RFC 9207 iss 0.1.10-rc.3

Re-authorizing an OAuth MCP server that publishes standard authorization-server metadata but does not implement the optional RFC 9207 response issuer (iss) parameter previously failed with an Authorization response issuer mismatch error. The relay now only requires the iss parameter when the authorization server advertises support for it, so these servers (e.g. mcp.awardtravelfinder.com) authorize successfully again. Servers that do advertise iss support are still strictly validated, so mix-up protection is preserved.

Pull requests

Full support for the MCP 2026-07-28 protocol 0.1.10-rc.2

The relay now speaks the new MCP 2026-07-28 protocol end to end — both accepting requests from 2026 clients and talking to 2026 upstream servers — while staying fully backward-compatible with the older 2025-03-26 and 2024-11-05 protocols. Existing clients and servers behave exactly as before; nothing you have configured needs to change.

Under the new protocol, 2026 clients can call tools without a separate initialize handshake, the relay answers a stateless server/discover probe, and richer tool definitions pass through untouched — complex JSON Schema 2020-12 input schemas (with oneOf/anyOf/allOf and $ref) and W3C Trace Context headers are preserved in both directions. OAuth was also hardened for 2026: the relay validates the authorization-server issuer (RFC 9207) before exchanging a code, registers as a native app, and accumulates previously granted scopes across step-up logins so re-authorization never silently drops access.

Pull requests

Overlay call-card accent bar reflects call status 0.1.10-rc.1

The colored bar on the left edge of an overlay tool-call card now reflects the call's status instead of whether the tool is destructive. It is blue the entire time a call is in flight and red when the card has any failed call, and is hidden once every call has succeeded. Destructive tools are still flagged by their red destructive pill, so a destructive call that succeeds no longer looks like it failed.

Pull requests

Progress hint while turning a server on or off 0.1.10-rc.1

Toggling a server (MCP endpoint) on or off now shows an immediate Starting… / Stopping… hint that stays visible until the relay reports the endpoint is actually ready. Spinning a server up takes a few seconds — the relay launches the upstream process and discovers its tools — and previously the toggle flipped instantly and fired a premature “enabled” notification, so the wait looked frozen or already finished. The hint now appears the moment you click, the success notification is deferred until the server is genuinely Ready, and the detail header shows Initializing… instead of 0 tools while the server is starting up.

Pull requests

Overlay cards jump straight to the Observability row 0.1.10-rc.1

Clicking a tool-call card in the overlay now opens the main window on the Observabilitytab and filters the call list down to that exact call, instead of jumping to the raw Relay Logs feed. The tab shows a removable search pill for the call's request id and resets the other filters (server, tool, status, and time window) so the matching row is always visible — then selects it, scrolls it into view, and opens its drill-through detail panel. Clear the pill to return to the full list.

Pull requests

v0.1.9 — 2026-06-18

Observability: inspect every tool call

A new Observability tab records every proxied tools/call so you can see exactly what flows through the relay — the server and tool involved, which client made the request, how long it took, whether it succeeded or failed, and the request and response sizes. Search across calls and filter by server, tool, status, and time window, with latency sparklines to spot slow tools at a glance. Drill into any call for a detail view that shows the captured request and response payloads in a collapsible JSON viewer, complete with copy and a full-screen pop-out. A confirm-guarded Purge all data action clears the history when you need a clean slate, and capture, retention, and payload storage are all configurable under Settings → Observability — toggle capture on or off, set the retention window, cap the database size, and bound the payload budget.

Pull requests

Clickable overlay cards on macOS, end-to-end

Overlay cards on macOS are now fully interactive and reliably jump to the matching log row when clicked, regardless of which MCP client triggered the tool. In 0.1.9-rc.7 two issues remained: right-clicking an empty area of the overlay region opened the WebView devtools menu instead of falling through to the desktop, and cards spawned by direct /mcp/tools/call REST calls (including the execute_toolsJS-sandbox sub-calls) carried an empty log id, so clicking the card silently no-op'd. The overlay WebView is now click-through on macOS so the click-catcher panel is the only interactive layer, and the relay's direct-route wrappers mint the same per-request id the unified /mcpdispatch path does — so every card now resolves to its log row.

Pull requests

Recover failed OAuth servers without removing them

When an OAuth-protected MCP server lands in a Connection Failed state, the desktop Auth tab now surfaces recovery actions inline instead of leaving you stuck. If a refresh token is still on hand, a Refresh Now button attempts a silent token refresh; if a fresh sign-in is needed, a Re-authenticate button reopens the OAuth flow in your browser. Previously these actions were hidden for the connection_failed state, so the only way out was to delete and re-add the server.

Both actions share a single busy state, so triggering one disables the other while it runs — you can't kick off an overlapping token refresh and browser sign-in at the same time.

Pull requests

Just-in-time upstream OAuth sign-in for gated MCP servers

Endara now handles MCP servers that require you to sign in. When you add an http/sse server that advertises OAuth (for example Flightpoints), Endara detects it at add-time and offers to walk you through the OAuth setup wizard right away. Declining still saves a plain HTTP endpoint, unchanged.

At runtime, if a tool call hits a server that requires sign-in (an HTTP401 with a WWW-Authenticate challenge), the relay automatically starts the OAuth flow and hands your client a sign-in URL instead of a raw error. After you sign in through the loopback callback, retrying the tool call just works — and your AI client never sees the upstream 401 or any upstream credentials.

The desktop reauthorize bar also no longer flashes on freshly-added or just-restarted OAuth servers: a short stability gate suppresses the transient needs_login state until the status is genuinely settled.

Pull requests

Click anywhere outside an overlay card on macOS

The transparent panel that captures overlay-card clicks on macOS now lets every click outside a card pass straight through to whichever app is underneath, matching the existing behavior on Linux and Windows. In 0.1.9-rc.6 the panel could intercept clicks anywhere in its frame even when no card was visible, making it look like the desktop had stopped responding to clicks near where a card had recently appeared. The panel is now fully click-through by default and only activates over the exact reported card rect.

Pull requests

Reliable overlay click-routing, including across multiple MCP clients

Clicking a tool-call card in the overlay now reliably jumps you to that request in the Logs view, in both dev and production builds. Previously the overlay window was invisibly intercepting clicks (AppKit was redirecting them into app activation), so cards looked clickable but did nothing in shipped builds. The overlay now sits behind a transparent non-activating panel that captures clicks and routes them straight to the matching log row.

Click-routing also works correctly when multiple MCP clients (for example Cursor and Claude Desktop) are connected at the same time. Previously, if two clients both happened to send a request with the same JSON-RPC id (per-client, not globally unique), their log rows merged into one entry and clicking an overlay card highlighted both clusters at once. Each request now has a relay-minted unique key, so per-client rows stay distinct in the Logs view and overlay-card clicks land on exactly the right row.

Pull requests

Friendly client names in audit logs

Endara now normalizes the raw MCP clientInfo string into a clean, friendly client label. Connections that previously showed up as noisy identifiers like local-agent-mode-Endara Relay (via mcp-remote 0.1.37) now read as Claude Cowork, and other common clients map to Claude Desktop, Claude Code, Claude, and Cursor. Unknown clients pass through cleaned up, with a User-Agent fallback when no name is provided. The friendly label feeds the audit log's client-name field and is also exposed as an optional serialized labelfor overlay consumers.

Pull requests

Containerized stdio MCP servers

Local (stdio) MCP servers now run inside their own per-endpoint container by default, for stronger isolation and clearer observability. Endara auto-detects a container runtime — docker or podman — and runs each server in a small mcp-runner image that ships with uvx and npx on the path, so the usual uvx ... and npx ... launch commands just work without installing anything on the host. If no runtime is detected, Endara gracefully falls back to spawning the server directly, exactly as before.

The endpoint detail panel now shows a status badge — CONTAINERIZED (docker) when the server runs in a container, or DIRECT when it falls back to a direct spawn — alongside live CPU, memory, and network stats for that container. The Config tab gained an isolation toggle and a volume-mount editor that takes Docker-style host:container pairs, so servers that need access to host paths (OAuth key files, Unix sockets, and the like) can be wired up straight from the UI.

The Logs tab now surfaces each container's stderr line by line, tagged [stderr], so a failure such as a missing credential shows the server's own error message instead of a cryptic exit code. When a server can't start, the crash banner now reads "Server failed to start. See Logs tab for details."

Pull requests

See which app is calling each tool

Endara now identifies the MCP client behind every tool call. The live overlay shows the calling app next to the server it routed to (for example Claude Desktop → Linear), and the Logs view appends the caller's name and version after the tool name (for example create_issue (claude-ai 0.1.0)). Identity comes from the client's own initialize handshake (with a User-Agent fallback) and is advisory.

The Logs view now consumes the relay's structured JSON output instead of scraping text, so endpoint names, multi-word values, and request detail rows (timing and request/response sizes) render reliably. The log filter dropdowns were also polished: only one opens at a time, and they dismiss on outside-click or Esc. A window-drag permission fix removes an error that could intermittently swallow a filter click.

Pull requests

Endpoint profiles now filter tools over their MCP URL

An endpoint profile served at its own URL — for example http://localhost:9400/mcp/<profile> — now correctly exposes only the tools from the endpoints in that profile when a client lists tools. Previously, a tools/listrequest over a profile's MCP URL returned the full catalog from every endpoint, even though the profile's allowlist was applied everywhere else (and the Profiles management view already showed the correct, filtered count). That defeated the whole point of using profiles to give different clients different tool sets.

Tool execution was already restricted to a profile's endpoints, so this change aligns the tools/list serving path with the same allowlist: pointing a client at /mcp/<profile> now lists exactly the tools that profile is allowed to call.

Pull requests

Relay starts out of the box on a fresh install

A fresh Endara Desktop install no longer gets stuck on "Endara Desktop couldn't start the relay." Previously the default ~/.endara/config.toml was written without a [relay] table, which the relay treated as a required field — so it failed to start and crash-looped until auto-restart was suspended. The relay now applies sensible defaults when the [relay] table is absent (deriving machine_name from your hostname), and the desktop now scaffolds a complete [relay] table on first launch. Installs that were stuck on this can simply update — no manual config editing required.

Pull requests

v0.1.8 — 2026-06-01

Transparent overlay window with a live MCP tool-call feed

Endara Desktop now ships an always-on-top, click-through overlay that surfaces every MCP tool call routed through the relay as a live card. Cards flash in-flight (blue), turn green on success, or red on failure, then dismiss after a short countdown so the overlay stays out of your way when nothing is happening.

Repeat calls to the same tool stack into a single card with rising counts and a rolling-average duration, so a burst of activity shows up as one card rather than a wall of toasts. Click a card to jump straight to that request in the desktop Logs view.

The overlay is enabled by default and configurable from the new Overlay section of Settings — corner placement (any of the four corners), maximum visible cards, and on/off all persist across launches. Because the overlay is click-through, it never steals focus from windows beneath it.

Powered by a new relay-side event bus exposed at GET /api/events/tool-calls (server-sent events) that the desktop app subscribes to via its sidecar — reconnects automatically if the relay restarts.

Pull requests

Endpoint profiles

Endara Relay now exposes endpoint profiles — named subsets of your MCP servers served under their own URL. A profile named work is reachable at http://localhost:9400/mcp/work, and a client pointed at that URL only sees the tools from the servers you added to that profile. Use this to give different agents or clients different slices of your catalog without running multiple relays.

Each profile owns its own JS Execution and TOON Output settings, independent of the toggles on the global Settings page — so one profile can serve raw JSON while another stays on TOON. Create and manage profiles from the new Profilestab in Endara Desktop, and toggle a server in or out of a profile from that server's Profiles sub-tab. The profile detail page also includes a copyable claude_desktop_config.json snippet using mcp-remote for clients like Claude Desktop.

Pull requests

Tray health indicator

The Endara tray icon now displays a small colored dot reflecting overall relay health at a glance — green when everything is healthy, yellow when one or more endpoints need attention (most commonly an OAuth sign-in), and red when the relay itself is failed, stopped, or unreachable. You can see whether anything wants you without opening the app.

The first item in the tray menu (and the tooltip on hover) now spells out a specific reason instead of a generic label. You'll see entries like Endara — Running when healthy, Endara — Sign in required for Todoist when a single OAuth endpoint needs sign-in, or Endara — N endpoints need sign-in, Endara — N endpoints unhealthy, and Endara — N endpoints need attention when multiple endpoints are degraded. Sidecar-level problems surface as Endara — Relay failed: {error}, Endara — Relay stopped, or Endara — Relay not reachable.

Pull requests

Atlassian (Jira, Confluence, Compass) in the OAuth catalog

Atlassian's Remote MCP server — covering Jira, Confluence, and Compass through a single endpoint — is now a one-click entry in the Add server modal in Endara Desktop. Picking Atlassian pre-fills https://mcp.atlassian.com/v1/mcp/authv2 and runs OAuth via RFC 9728 discovery and RFC 7591 Dynamic Client Registration; the initial catalog entry shipped with default scopes that Atlassian rejected, so a follow-up fix in v0.1.8-rc.8 cleared them and the OAuth flow now works end-to-end in v0.1.8 stable. Your Atlassian org admin still needs to have Rovo and Remote MCP enabled for the connection to succeed.

Pull requests

Streamable HTTP MCP servers stay connected after the first request

Strict spec-compliant Streamable HTTP MCP servers — Atlassian's Jira and Confluence endpoints among them — require clients to echo the Mcp-Session-Id header returned by initializeon every subsequent request. Endara Relay now captures that header from the initialize response and replays it on all post-initialize requests, so these servers no longer reject the second request with a 400 error citing a missing session ID. Streamable HTTP servers that don't emit a session ID are unaffected.

Pull requests

Logs parser polish

Endara Desktop's relay-log parser now handles endpoint names that contain spaces and quoted multi-word span values cleanly. The Logs view's Endpoint column attributes every line to the correct endpoint regardless of how the operator named it, and structured tracing events whose fields contain spaces (e.g. error="connection refused") parse without splitting on the embedded whitespace.

Pull requests

Endpoint column restored in the Logs view

The Logs view's Endpoint column now shows real endpoint names again. Earlier in the v0.1.8 cycle, the column displayed ---for every row because Endara Desktop's log parsers couldn't read the sidecar's new default log layout. Desktop now pins the relay sidecar to the layout the parsers expect and accepts quoted span values, restoring per-endpoint identification in the Logs tab.

Pull requests

Live tools catalog — also refreshes on relay-side changes

Endara Relay now emits notifications/tools/list_changed to connected MCP clients whenever its own tool catalog or any advertised tool description changes due to a relay-side mutation — adding or removing an MCP server, enabling or disabling a server or one of its tools, restarting an endpoint, picking up a config.tomledit via hot reload, or changing a profile's allowed-servers list. Previously the relay only forwarded notifications/tools/list_changed when an upstream server emitted one itself; relay-driven changes silently left clients with a stale catalog and stale Connected server types: … descriptions in search_tools, list_tools, and execute_tools. Clients that follow the MCP tools.listChanged capability will now refetch on every relay-side change automatically.

Pull requests

Live tools catalog — refreshes when upstream servers change

Upstream Streamable HTTP MCP servers that emit notifications/tools/list_changed now cause Endara Relay to refresh its catalog automatically — no manual reconnect needed.

Connected MCP clients on /mcp/sse receive a forwarded notifications/tools/list_changedwhenever any upstream server signals a tool catalog change, so their own tool lists invalidate live. The relay's initialize response now advertises tools.listChanged: true so spec-compliant clients know to subscribe.

Pull requests

Faster relay startup

Endara Desktop's server list now appears almost immediately after the relay launches, instead of waiting tens of seconds for slow OAuth or remote HTTP servers to finish their initial probes. Adapters (stdio, SSE, HTTP, OAuth) now initialize in the background in parallel, so a single slow upstream no longer holds up the rest of the UI.

Endpoints that are still spinning up show an Initializing…label in their row, so it's clear which servers are mid-startup instead of looking empty or broken. A new [relay] startup_init_timeout_secs field in config.toml (default 60) caps how long the MCP HTTP listener waits for adapters to settle before binding port 9400 anyway — any still-pending adapters keep initializing in the background after the port comes up.

Pull requests

TOON tool-response hint now mentions the toon CLI

When the TOON tool-response format is enabled, the hint that Endara Relay advertises to connected models now tells them about the toonCLI. If a model's harness spills a large TOON response to disk, the model knows it can filter and query that file with toon — the TOON-native counterpart to jq for JSON — and can run toon --to-json to convert TOON back into JSON when a downstream tool needs JSON. The hint also points at toonformat.dev/cli so models can look up flags on their own.

Pull requests

Security policy and private vulnerability reporting

Both endara-relay and endara-desktop now publish a SECURITY.mdwith a documented reporting flow and response-time expectations (acknowledgement within 3 business days, status update within 7 business days). GitHub's private vulnerability reporting is enabled on both repositories, so the Report a vulnerability button on the Security tab now accepts submissions.

Pull requests

v0.1.7 — 2026-05-21

Toggle TOON output from the Settings page

The Settings page now has a "TOON Output Format" toggle directly below "JS Execution Mode". Flip it off to make the relay forward JSON tool-call responses unchanged, or flip it back on to restore the token-efficient TOON encoding. The toggle defaults to on (to match the relay's own default) and persists toconfig.toml as [relay] toon_output.

Changes take effect immediately — toggling the switch reloads the running relay sidecar in place, so you do not have to restart the app or the relay process.

Pull requests

Tool-call responses use a token-efficient TOON format

Endara Relay now re-encodes JSON-shaped tool-call responses to TOON (Token-Oriented Object Notation) before forwarding them to MCP clients. TOON is a text-based, indentation-driven serialization format with tabular array headers that produces roughly 40-60% fewer tokens than JSON on the structured/tabular shapes most MCP tools return, while remaining losslessly round-trippable. Connected models consume fewer context tokens per tool call without losing any data.

Conversion applies to both the native tools/callpath and the relay's list_tools, search_tools, and execute_tools meta-tool responses. Non-JSON text, scalar values, error responses, image/embedded resources, and structured content pass through unchanged. The search_tools description picks up a one-line TOON hint when the feature is on so models know to parse responses as TOON.

Enabled by default. Set [relay] toon_output = false in config.toml or pass --no-toon to endara-relay start to restore JSON pass-through.

Pull requests

Structured Logs view with per-level filtering and live per-endpoint streaming

The Logs tab now renders each relay log line in a structured row — timestamp, level pill (color-coded: ERROR red, WARN orange, INFO green, DEBUG blue, TRACE muted), endpoint chip, and message body. A filter bar above the list lets you toggle individual log levels, search by free-text, and pick endpoints from a multiselect; tool-call events are highlighted inline.

The per-endpoint Logs tab (opened from any endpoint detail view) seeds from the recent history for that endpoint and live-streams new lines as they arrive, scoped to that endpoint only. Levels are now extracted from the underlying log stream so the pill matches the actual level and the message column no longer duplicates the level prefix.

Pull requests

Google Drive OAuth tokens refresh reliably in the background

After a successful Google Drive login, the relay's proactive token refresh used to fail roughly 45 minutes later, leaving the endpoint marked Unhealthy until you re-authorized manually. The refresh now discovers the correct token endpoint via RFC 8414 at startup and propagates the discovered URL into the background refresher, so Google Drive stays connected across the full refresh-token lifetime without manual intervention.

Pull requests

Google Drive re-authorization fix

Re-authorizing Google Drive (and other OAuth servers added with a manual client_id + client_secret) now succeeds. A regression introduced before v0.1.6 caused the relay to omit the client_secret from the token-exchange request when the secret lived only in the DCR file, returning 400 client_secret is missing.from Google's token endpoint.

Pull requests

v0.1.6 — 2026-05-17

Relay advertises connected upstream MCP servers to the model

Endara Relay now advertises the set of connected upstream MCP servers to the model — via the initialize response's instructions field and the descriptions of the search_tools, list_tools, and execute_tools meta-tools. Connected clients (Claude Desktop, Cursor, Windsurf, etc.) can now route the model to the right server type without blind probing of search_tools.

The advertised list updates dynamically on hot reload and is filtered to Healthy adapters only, so disabled or failing endpoints are not suggested to the model.

Pull requests

Server type override (Advanced)

Endpoint config now supports a server_type_override that replaces what the relay advertises to MCP clients. Useful when an upstream MCP server reports a placeholder or unhelpful serverInfo.name(e.g. Google's hosted MCP servers, which all self-identify as statelessserver). Catalog entries for Gmail, Google Calendar, and Google Drive now ship with sensible defaults; the Add/Edit Server modal exposes the field under a new Advanced section.

Pull requests

Cleaner server names

Names ending in -mcp-server / _mcp_server / -mcp / _mcp are now stripped automatically before being advertised, so todoist-mcp-server shows up as todoist, linear-mcp-server as linear, etc. Saves prompt tokens and reads cleaner in tool prefixes.

Pull requests

Run dev and prod side-by-side

The management API socket now incorporates a stable hash of the data-dir, so the dev build (~/.endara-dev) and the installed production build (~/.endara) no longer collide on the same Unix-domain socket on macOS/Linux. Two Endara Desktop windows, one machine, one user.

Pull requests

Server type override in the Config tab

The per-endpoint server_type_override — which controls the tool prefix the relay advertises and the label that shows up in Connected server types: — is now editable inline in the Desktop Config tab. A new Advanced section surfaces the current value next to a Default (from server): <name> hint, plus a Reset button to fall back to whatever the upstream MCP server reports.

Pull requests

“Connected server types:” wording

The line the relay advertises to connected models — via InitializeResult.instructions and the search_tools description — now reads Connected server types: instead of Connected servers:. This matches list_tools's instance-count phrasing and makes clear that the listed names are server types (categories that prefix tool names), not individual server instances.

Pull requests

Don't lose your edits — discard-changes prompts

The Add Server modal now asks before closing if you've typed anything in the configure step. Pressing Escape, clicking the backdrop, or hitting Cancel pops a small “Discard changes?” confirm — pick Keep editing to stay, Discard to dismiss. The catalog browse step (before you've picked a server) still closes instantly.

The per-endpoint Config tab now guards every navigation away while you have unsaved edits: clicking a different server in the sidebar, switching to another inner tab (Tools / Logs / Auth), jumping to a top-level tab (Unified Catalog / Relay Logs / Settings), pressing Cmd+,, and the Unified Catalog's jump-to-endpoint icon all prompt before discarding. Saving the form clears the dirty state so subsequent navigation is unguarded until you edit again.

Pull requests

Keyboard accessibility in modals

Modals (Add Server, confirm dialogs) now trap focus correctly: Tab and Shift+Tab cycle within the modal instead of escaping to elements behind it, and the initial focus lands inside the dialog instead of staying on the trigger button. The trap stacks for nested modals — a confirm dialog opened from inside another modal traps focus within itself, and dismissing it returns the trap to the parent.

Escape now closes the top modal in the stack via the focus-trap action itself, so a nested confirm dismisses just that confirm (not the whole stack). Toggle switches on the endpoint detail panel and the Tools tab also gained role="switch" + aria-checked so screen readers announce them correctly.

Pull requests

Polish: loading states, empty-state hints, clearer errors

Several small UX improvements landed together: the sidebar now shows a shimmer skeleton on first paint instead of a blank pane; the detail panel's empty state (no endpoint selected) hints toward the Add Server button instead of showing nothing; mutation failures (start, stop, delete, save, add endpoint) now surface as toast errors instead of failing silently; the Add Server form shows per-field validation errors with aria-invalid and inline messages so you can see exactly which input is wrong; and OAuth setup polling now uses exponential backoff (100ms → 2s cap) to reduce relay load during long browser-based flows.

Pull requests

Relay tracing & logging overhaul

Endara Relay's tracing/logging stack got a substantial upgrade. The `start` subcommand gains three new flags: --color (auto|always|never, default auto), --log-format (default flipped from text to compact; text and json still selectable), and --file-log-level so the rolling log file can run at a different verbosity than stdout. Stdout colorizes on a TTY and stays plain when piped (e.g. when run as the Desktop sidecar); the rolling file is always ANSI-free.

Every adapter (stdio, HTTP, SSE, OAuth) now carries a per-endpoint tracing span with endpoint, transport, and server_type fields, so log lines from background tasks (token refresh, heartbeats, hot reload) automatically inherit which endpoint they belong to. Each MCP request gets its own request span carrying method and id, and tool calls emit structured events with tool, status, duration_ms, and an errorfield on failure. The activity ring buffer that powers the Desktop's per-endpoint Logs tab is untouched.

Pull requests

Connected MCP servers stay visible even when temporarily unavailable

The relay now advertises every registered upstream MCP server to connected clients (Claude Desktop, Cursor, Windsurf, etc.) — not just those currently Healthy. Most clients cache tool descriptions and don't refresh them often, so a brief blip that flipped a server to Failed or Startingused to silently drop it from the model's view until the client next refreshed. Configured server_type_override values also appear immediately, before the first successful handshake, so a connected server is never invisible.

Pull requests

Relay auto-restarts if killed unexpectedly

If the relay sidecar exits unexpectedly (an external kill, OS-initiated termination, or a crash), Endara Desktop now restarts it automatically with bounded exponential backoff (1s, 2s, 4s, 8s, 16s, capped at 30s). The header dot turns amber and pulses with a “Relay restarting…” label during the gap, then flips back to green when the new relay is healthy. Previously the app would sit in a “stopped” state until the user clicked Restart.

After 5 consecutive failed restarts within a short window the supervisor backs off and shows “Relay crashed repeatedly; auto-restart suspended. Click Restart to retry.” so a crash loop never spams. A stable relay that crashes once an hour never hits the cap — the attempt counter resets after 60 seconds of healthy uptime. Intentional shutdowns (Quit, manual Restart, port conflict) never trigger auto-restart.

Pull requests

OAuth refresh self-heals stale token endpoints

Endara Relay now self-heals when an OAuth provider's token endpoint stored in config.toml is missing or stale. On a refresh-time 404, the relay re-runs OAuth discovery against the resource URL (RFC 9728 → RFC 8414), caches the discovered token endpoint in memory, and retries the refresh once. Subsequent refreshes use the cached endpoint directly. The most visible case this fixes is Google Drive, where older configs lacked a stored token_endpoint and the convention-based fallback resolved to https://accounts.google.com//token (404) — refresh would silently fail forever until the user hand-edited the config.

The Re-authorize button is fixed too: when an endpoint is configured with an oauth_server_url but no explicit endpoints, the relay now runs RFC 8414 discovery against that URL before falling back to the {base}/authorize / {base}/tokenconvention, so providers that don't honor the convention (again, Google) open the correct authorization URL in the browser instead of a 404.

Pull requests

Previous releases

Earlier versions are tracked per binary on GitHub Releases. Each release page lists the tag, the signed artifacts, and the auto- generated commit log.