From b3ca57aeb7240c1551a1127d4544ffabe0303946 Mon Sep 17 00:00:00 2001 From: Deivid Soto Date: Thu, 12 Feb 2026 22:48:14 +0100 Subject: [PATCH 1/7] chore: normalize package.json format --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index a18aab4..67722d9 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,7 @@ "description": "MCP server for TorrentClaw — search and discover movies and TV shows with torrent downloads, magnet links, streaming availability, and cast/crew metadata", "type": "module", "bin": { - "torrentclaw-mcp": "./build/index.js" + "torrentclaw-mcp": "build/index.js" }, "main": "./build/index.js", "files": [ @@ -48,7 +48,7 @@ "license": "MIT", "repository": { "type": "git", - "url": "https://github.com/torrentclaw/torrentclaw-mcp" + "url": "git+https://github.com/torrentclaw/torrentclaw-mcp.git" }, "homepage": "https://github.com/torrentclaw/torrentclaw-mcp#readme", "bugs": { From 964c111b7819be438a03d40176072506902d4556 Mon Sep 17 00:00:00 2001 From: Deivid Soto Date: Mon, 16 Feb 2026 22:01:58 +0100 Subject: [PATCH 2/7] feat: add glama.json and smithery.yaml for directory listings Add configuration files for Glama.ai and Smithery.ai MCP directories to enable automatic indexing and discovery. --- glama.json | 4 ++++ smithery.yaml | 1 + 2 files changed, 5 insertions(+) create mode 100644 glama.json create mode 100644 smithery.yaml diff --git a/glama.json b/glama.json new file mode 100644 index 0000000..2c089d5 --- /dev/null +++ b/glama.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://glama.ai/mcp/schemas/server.json", + "maintainers": ["torrentclaw"] +} diff --git a/smithery.yaml b/smithery.yaml new file mode 100644 index 0000000..322550e --- /dev/null +++ b/smithery.yaml @@ -0,0 +1 @@ +runtime: "typescript" From 08c67e6e9ee2aaf476f8e0c31fcaaeb73d2d2182 Mon Sep 17 00:00:00 2001 From: Deivid Soto Date: Mon, 16 Feb 2026 22:21:56 +0100 Subject: [PATCH 3/7] fix: update qs to 6.15.0 to resolve CVE denial of service vulnerability --- package-lock.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 993fc4f..2dc5a1f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { - "name": "torrentclaw-mcp", + "name": "@torrentclaw/mcp", "version": "0.2.1", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "torrentclaw-mcp", + "name": "@torrentclaw/mcp", "version": "0.2.1", "license": "MIT", "dependencies": { @@ -5003,9 +5003,9 @@ } }, "node_modules/qs": { - "version": "6.14.1", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", - "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", + "version": "6.15.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.0.tgz", + "integrity": "sha512-mAZTtNCeetKMH+pSjrb76NAM8V9a05I9aBZOHztWy/UqcJdQYNsf59vrRKWnojAT9Y+GbIvoTBC++CPHqpDBhQ==", "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0" From 635ad4ca424fce9fcb481b57959f58cb23f61bac Mon Sep 17 00:00:00 2001 From: Deivid Soto Date: Mon, 16 Feb 2026 22:22:52 +0100 Subject: [PATCH 4/7] chore(release): 0.2.2 --- CHANGELOG.md | 10 ++++++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79f9278..6b33366 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines. +## [0.2.2](https://github.com/torrentclaw/torrentclaw-mcp/compare/v0.2.1...v0.2.2) (2026-02-16) + +### Features + +- add glama.json and smithery.yaml for directory listings ([06865a2](https://github.com/torrentclaw/torrentclaw-mcp/commit/06865a2abda420567af7fb3d5046b29ea7de6060)) + +### Bug Fixes + +- update qs to 6.15.0 to resolve CVE denial of service vulnerability ([657910a](https://github.com/torrentclaw/torrentclaw-mcp/commit/657910ad357f14f651d1af1afec0c0cda64513f5)) + ## [0.2.1](https://github.com/torrentclaw/torrentclaw-mcp/compare/v0.2.0...v0.2.1) (2026-02-12) ## [0.2.0](https://github.com/torrentclaw/torrentclaw-mcp/compare/v0.1.0...v0.2.0) (2026-02-12) diff --git a/package-lock.json b/package-lock.json index 2dc5a1f..fdc30fa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@torrentclaw/mcp", - "version": "0.2.1", + "version": "0.2.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@torrentclaw/mcp", - "version": "0.2.1", + "version": "0.2.2", "license": "MIT", "dependencies": { "@modelcontextprotocol/sdk": "^1.12.0", diff --git a/package.json b/package.json index 67722d9..fdece01 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@torrentclaw/mcp", - "version": "0.2.1", + "version": "0.2.2", "description": "MCP server for TorrentClaw — search and discover movies and TV shows with torrent downloads, magnet links, streaming availability, and cast/crew metadata", "type": "module", "bin": { From f46cbc5156de37743f965aab2ccf9cc48144c79c Mon Sep 17 00:00:00 2001 From: Deivid Soto Date: Sat, 28 Mar 2026 12:00:21 +0100 Subject: [PATCH 5/7] chore: update maintainer info in LICENSE and glama.json --- LICENSE | 2 +- glama.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/LICENSE b/LICENSE index 9d044e4..ee27d08 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2026 buryni +Copyright (c) 2026 Deivid Soto Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/glama.json b/glama.json index 2c089d5..2b7ca25 100644 --- a/glama.json +++ b/glama.json @@ -1,4 +1,4 @@ { "$schema": "https://glama.ai/mcp/schemas/server.json", - "maintainers": ["torrentclaw"] + "maintainers": ["torrentclaw", "eividsoto"] } From ffac6fe22ad87e34fe7220f88fae216968d15e91 Mon Sep 17 00:00:00 2001 From: Deivid Soto Date: Wed, 27 May 2026 15:45:38 +0200 Subject: [PATCH 6/7] ci: port workflows from .github/ to .forgejo/ (Forgejo Actions) GitHub torrentclaw org is shadow-banned; CI is hosted at git.torrentclaw.com now. Move workflows into the runner's natively-watched .forgejo/workflows/ tree and adapt steps to run in the available 'docker'-labeled Forgejo runner without GitHub-only tooling (gh CLI, third-party marketplace actions). - Use container: image to ship the toolchain (no actions/setup-* needed). - Drop GitHub-only marketplace actions in favour of upstream installers invoked over curl/apt. - Where a workflow created a GitHub Release (release.yml), substitute the step with a curl call against the Forgejo Releases API (POST /repos///releases). --- {.github => .forgejo}/workflows/ci.yml | 22 ++++----- .forgejo/workflows/release.yml | 68 ++++++++++++++++++++++++++ .github/workflows/release.yml | 41 ---------------- 3 files changed, 79 insertions(+), 52 deletions(-) rename {.github => .forgejo}/workflows/ci.yml (68%) create mode 100644 .forgejo/workflows/release.yml delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/ci.yml b/.forgejo/workflows/ci.yml similarity index 68% rename from .github/workflows/ci.yml rename to .forgejo/workflows/ci.yml index c764d29..c1f6f9e 100644 --- a/.github/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -12,33 +12,33 @@ permissions: jobs: lint-commits: name: Lint commits - runs-on: ubuntu-latest + runs-on: docker + container: + image: docker.io/library/node:22 if: github.event_name == 'pull_request' steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: actions/setup-node@v4 - with: - node-version: "22" - - name: Install dependencies run: npm ci - name: Validate conventional commits - run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose + run: | + npx commitlint \ + --from ${{ github.event.pull_request.base.sha }} \ + --to ${{ github.event.pull_request.head.sha }} \ + --verbose build-and-test: name: Build & test - runs-on: ubuntu-latest + runs-on: docker + container: + image: docker.io/library/node:22 steps: - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: "22" - - name: Install dependencies run: npm ci diff --git a/.forgejo/workflows/release.yml b/.forgejo/workflows/release.yml new file mode 100644 index 0000000..145d200 --- /dev/null +++ b/.forgejo/workflows/release.yml @@ -0,0 +1,68 @@ +name: Release + +on: + push: + tags: + - "v*" + workflow_dispatch: + +permissions: + contents: write + +jobs: + release: + runs-on: docker + container: + image: docker.io/library/node:22 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install dependencies + run: npm ci + + - name: Build + run: npm run build + + - name: Test + run: npm test + + - name: Publish to npm + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: | + # Set authToken explicitly — actions/setup-node was the only consumer + # of registry-url + NODE_AUTH_TOKEN, and we dropped it for Forgejo + # compat. The literal npmjs registry stays the same. + cat > ~/.npmrc </dev/null || echo "") + if [ -n "$prev" ]; then + notes=$(git log --pretty=format:'- %s' "${prev}..${TAG}") + else + notes=$(git log --pretty=format:'- %s' "${TAG}") + fi + body=$(jq -n --arg t "$TAG" --arg n "$notes" \ + '{tag_name:$t, name:$t, body:$n, draft:false, prerelease:false}') + curl -sSf -X POST "$FORGEJO_API/repos/$REPO/releases" \ + -H "Authorization: token $FORGEJO_TOKEN" \ + -H "Content-Type: application/json" \ + -d "$body" >/dev/null || \ + echo "Release may already exist for $TAG" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 8a489af..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Release - -on: - push: - tags: - - "v*" - -permissions: - contents: write - -jobs: - release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - uses: actions/setup-node@v4 - with: - node-version: "22" - registry-url: "https://registry.npmjs.org" - - - name: Install dependencies - run: npm ci - - - name: Build - run: npm run build - - - name: Test - run: npm test - - - name: Publish to npm - run: npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: GitHub Release - uses: softprops/action-gh-release@v2 - with: - generate_release_notes: true From a5f867eeea393b0bbef41150c21ca7e235366e92 Mon Sep 17 00:00:00 2001 From: Deivid Soto Date: Wed, 27 May 2026 15:58:47 +0200 Subject: [PATCH 7/7] refactor(ci): point Forgejo URLs at torrentclaw org (post-transfer) Repos were transferred from the deivid user to a dedicated torrentclaw organisation; the workflows reference the org path. --- .forgejo/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/release.yml b/.forgejo/workflows/release.yml index 145d200..79737aa 100644 --- a/.forgejo/workflows/release.yml +++ b/.forgejo/workflows/release.yml @@ -46,7 +46,7 @@ jobs: env: FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }} FORGEJO_API: http://forgejo:3000/api/v1 - REPO: deivid/torrentclaw-mcp + REPO: torrentclaw/torrentclaw-mcp TAG: ${{ github.ref_name }} run: | set -euo pipefail