Changelog

What shipped, when. Everything here is deployed, not planned.

July 6, 2026
The catalog now grows itself, adoption-gatedCatalog

Passport auto-nominates connectors from the official MCP Registry: domain-verified vendor namespaces are probed live, tool schemas are scanned for injection text, and each toolset is hash-pinned so a silently changed server is caught by the weekly re-verify. New entries only ship when the vendor shows real adoption. The public catalog gained tier filters and per-category counts.

July 3, 2026
Every AI client on the Clients page, one-click where possibleDesktop

Claude, Claude Code, Cursor, VS Code, Codex, ChatGPT, and Claude.ai are all first-class. Five install with one click (config written natively, or through the client's own CLI); ChatGPT and Claude.ai get everything short of the paste: the connector address lands on your clipboard and one button opens the right settings page. Desktop v0.2.10.

July 3, 2026
Per-workspace join policySecurity

Joining a workspace is now the workspace's decision: invite-only by default, with an opt-in company-domain policy. Emailed sign-in links are single-use and re-checked at redemption, so a link can never outrank the current policy.

July 3, 2026
Real workspaces only ever see real MCPsSecurity

Demo sandboxes are fully gated out of production deployments. Adding GitHub from the catalog connects the real GitHub MCP endpoint, never canned data. Covered by a dedicated end-to-end test in CI.

July 2, 2026
Self-serve front doorPlatform

Verified email sign-in (a typed address is a claim, not an identity), two-phase workspace signup, transactional email, Stripe billing with a free tier, and this public site, including the browsable MCP catalog with per-connector pages.

July 2, 2026
Real logos for every connectorCatalog

A tiered brand-asset pipeline (curated marks → vendor-published icons → normalized favicons) gives every catalog entry a real mark, bundled offline into the desktop app and served static on the web. CI fails if any connector regresses to a bare-letter tile.

July 2, 2026
Bridge credential rotation is multi-process safeDesktop

Cursor runs one bridge per window; all of them share a rotating single-use credential. Exchanges now serialize across processes and adopt a sibling's rotation instead of replaying it, fixing the 'phantom reconnect' loop.

July 2, 2026
One-paste ChatGPT connectGateway

Passport's gateway is a full OAuth 2.1 protected resource + authorization server: hosted clients connect by pasting one workspace URL, then approving in the browser. Grants are rotating and per-member; no static tokens to copy or leak.

July 1, 2026
Desktop auto-update + live tool refreshDesktop

The desktop app updates itself over a signed release feed (quiet in-app banner, one click). The bridge pushes toolset changes to running AI clients within ~15 seconds; no client restart when an admin approves a new MCP.

July 1, 2026
Observability and deploy safetyPlatform

Prometheus metrics, gateway error-rate paging, a load baseline, an ops runbook with a rehearsed 99-second rollback, and a CI security gate (secret scanning, dependency audit, SAST) on every change.

June 18, 2026
Official MCP Registry identities on catalog entriesCatalog

Connectors carry their domain-verified reverse-DNS identity, source repository, version, and declared credential inputs from the official registry's server.json, matched by endpoint URL so identity can't be spoofed by republishers.

June 12, 2026
Offboarding, backups, and release hardeningSecurity

Deactivating a person signs them out everywhere and drops their connected-account grants. Encrypted-at-rest key rotation with a rekey tool, backup + tested restore drills, SSRF guards on every admin-supplied URL, and shared rate limits across the public surface.

June 10, 2026
Passport goes livePlatform

Multi-tenant cloud on managed infrastructure: the governed gateway, per-member OAuth brokering (sign in once, brokered to every AI client), read-only passes, guardrails, audit trail, and the desktop app.