Released on August 17, 2025, mcp-graphql-forge v0.7.0 introduces significant updates to how the server handles transport and authentication, making it more robust, secure, and easier to configure. This release marks a transition towards more standardized communication patterns and stricter configuration requirements to ensure stability across different environments.

What’s New

Streamable HTTP Transport

The previous SSE (Server-Sent Events) mode has been evolved into a Streamable HTTP transport mode. To reflect this change, the --sse flag has been replaced with the --http flag. This update provides a more reliable way to handle streaming data between the MCP client and the GraphQL backend.

Enhanced Configuration and Debugging

We’ve added new command-line flags to give you more direct control over the server:

  • --forgeConfig: Directly specify the configuration file path, overriding the FORGE_CONFIG environment variable.
  • --forgeDebug: Quickly toggle debug logging, overriding the FORGE_DEBUG environment variable.

Additionally, to prevent ambiguity and configuration errors, providing a configuration directory is now mandatory. The server will no longer default to the current working directory, ensuring that your setup is explicit and reproducible.

Smarter Authorization Handling

To simplify connectivity with a wider range of GraphQL APIs, the server now supports Auth Header Pass-through. When no token_command is configured, the server will automatically pass the Authorization header from the incoming MCP request directly to the GraphQL endpoint.

Hardened Security

Security is a priority. We have updated the debug logging for tokens to use SHA256 hashes instead of plain text. This ensures that while you can still track token usage for debugging purposes, sensitive credentials are never leaked into your logs.

Why it Matters

These changes collectively reduce the friction of deploying mcp-graphql-forge in production and development environments. By moving to Streamable HTTP and requiring explicit configuration, we are reducing “magic” behavior that can lead to hard-to-debug issues. The Authorization pass-through removes a significant barrier for users who already handle authentication at the proxy or client level, and the hashed logging ensures that your security posture remains strong even when debugging is enabled.

Getting Started and Upgrading

To upgrade to v0.7.0, update your installation to the latest version. Please note the following breaking changes to your startup commands:

  1. Update your transport flag: Change --sse to --http.
  2. Specify your config directory: Ensure you are explicitly passing the path to your configuration directory, as it is no longer optional.

For detailed installation steps, please refer to the official repository.

This post was AI-generated using the model unsloth/gemma-4-31B-it-GGUF:UD-Q5_K_XL on 2026-04-13, based on the mcp-graphql-forge v0.7.0 release. Author: release-storyteller