unreal-engine-mcp-server 0.5.3 → 0.5.4

package/CHANGELOG.md

@@ -7,6 +7,72 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## 🏷️ [0.5.4] - 2025-12-27
+
+> [!IMPORTANT]
+> ### 🛡️ Security Release
+> This release focuses on **security hardening** and **defensive improvements** across the entire stack, including command injection prevention, network isolation, and resource management.
+
+### 🛡️ Security & Command Hardening
+
+<details>
+<summary><b>UBT Validation & Safe Execution</b></summary>
+
+| Feature | Description |
+|---------|-------------|
+| **UBT Argument Validation** | Added `validateUbtArgumentsString` and `tokenizeArgs` to block dangerous characters (`;`, `|`, backticks) |
+| **Safe Process Spawning** | Updated child process spawning to use `shell: false`, preventing shell injection attacks |
+| **Console Command Validation** | Implemented strict input validation for the Unreal Automation Bridge to block chained or multi-line commands |
+| **Argument Quoting** | Improved logging and execution logic to correctly quote arguments containing spaces |
+
+</details>
+
+### 🌐 Network & Host Binding
+
+<details>
+<summary><b>Localhost Default & Remote Configuration</b></summary>
+
+| Feature | Description |
+|---------|-------------|
+| **Localhost Default** | WebSocket, Metrics, and GraphQL servers now bind to `127.0.0.1` by default |
+| **Remote Exposure Prevention** | Prevents accidental remote exposure of services |
+| **GRAPHQL_ALLOW_REMOTE** | Added environment variable check for explicit remote binding configuration |
+| **Security Warnings** | Warnings logged for unsafe/permissive network settings |
+
+</details>
+
+### 🚦 Resource Management
+
+<details>
+<summary><b>Rate Limiting & Queue Management</b></summary>
+
+| Feature | Description |
+|---------|-------------|
+| **IP-Based Rate Limiting** | Implemented rate limiting on the metrics server |
+| **Queue Limits** | Introduced `maxQueuedRequests` to automation bridge to prevent memory exhaustion |
+| **Message Size Enforcement** | Enforced `MAX_WS_MESSAGE_SIZE_BYTES` for WebSocket connections to reject oversized payloads |
+
+</details>
+
+### 🧪 Testing & Cleanup
+
+<details>
+<summary><b>Test Updates & File Cleanup</b></summary>
+
+| Change | Description |
+|--------|-------------|
+| **Path Sanitization Tests** | Modified validation tests to verify path sanitization and expect errors for traversal attempts |
+| **Removed Legacy Tests** | Removed outdated test files (`run-unreal-tool-tests.mjs`, `test-asset-errors.mjs`) |
+| **Response Logging** | Implemented better response logging in the test runner |
+
+</details>
+
+### 🔄 Dependencies
+
+- **dependencies group**: Bumped 2 updates via @dependabot ([#33](https://github.com/ChiR24/Unreal_mcp/pull/33))
+
+---
+
 ## 🏷️ [0.5.3] - 2025-12-21
 
 > [!IMPORTANT]

package/dist/automation/bridge.d.ts

@@ -13,6 +13,7 @@ export declare class AutomationBridge extends EventEmitter {
     private readonly clientPort;
     private readonly serverLegacyEnabled;
     private readonly maxConcurrentConnections;
+    private readonly maxQueuedRequests;
     private connectionManager;
     private requestTracker;
     private handshakeHandler;

package/dist/automation/bridge.js

@@ -1,7 +1,7 @@
 import { EventEmitter } from 'node:events';
 import { WebSocket } from 'ws';
 import { Logger } from '../utils/logger.js';
-import { DEFAULT_AUTOMATION_HOST, DEFAULT_AUTOMATION_PORT, DEFAULT_NEGOTIATED_PROTOCOLS, DEFAULT_HEARTBEAT_INTERVAL_MS, DEFAULT_MAX_PENDING_REQUESTS } from '../constants.js';
+import { DEFAULT_AUTOMATION_HOST, DEFAULT_AUTOMATION_PORT, DEFAULT_NEGOTIATED_PROTOCOLS, DEFAULT_HEARTBEAT_INTERVAL_MS, DEFAULT_MAX_PENDING_REQUESTS, DEFAULT_MAX_QUEUED_REQUESTS, MAX_WS_MESSAGE_SIZE_BYTES } from '../constants.js';
 import { createRequire } from 'node:module';
 import { ConnectionManager } from './connection-manager.js';
 import { RequestTracker } from './request-tracker.js';
@@ -31,6 +31,7 @@ export class AutomationBridge extends EventEmitter {
     clientPort;
     serverLegacyEnabled;
     maxConcurrentConnections;
+    maxQueuedRequests;
     connectionManager;
     requestTracker;
     handshakeHandler;
@@ -107,6 +108,7 @@ export class AutomationBridge extends EventEmitter {
             : 0;
         const maxPendingRequests = Math.max(1, options.maxPendingRequests ?? DEFAULT_MAX_PENDING_REQUESTS);
         const maxConcurrentConnections = Math.max(1, options.maxConcurrentConnections ?? 10);
+        this.maxQueuedRequests = Math.max(0, options.maxQueuedRequests ?? DEFAULT_MAX_QUEUED_REQUESTS);
         this.clientHost = options.clientHost ?? process.env.MCP_AUTOMATION_CLIENT_HOST ?? DEFAULT_AUTOMATION_HOST;
         this.clientPort = options.clientPort ?? sanitizePort(process.env.MCP_AUTOMATION_CLIENT_PORT) ?? DEFAULT_AUTOMATION_PORT;
         this.maxConcurrentConnections = maxConcurrentConnections;
@@ -137,10 +139,18 @@ export class AutomationBridge extends EventEmitter {
             const url = `ws://${this.clientHost}:${this.clientPort}`;
             this.log.info(`Connecting to Unreal Engine automation server at ${url}`);
             this.log.debug(`Negotiated protocols: ${JSON.stringify(this.negotiatedProtocols)}`);
-            const protocols = 'mcp-automation';
+            const protocols = this.negotiatedProtocols.length === 1
+                ? this.negotiatedProtocols[0]
+                : this.negotiatedProtocols;
             this.log.debug(`Using WebSocket protocols arg: ${JSON.stringify(protocols)}`);
+            const headers = this.capabilityToken
+                ? {
+                    'X-MCP-Capability': this.capabilityToken,
+                    'X-MCP-Capability-Token': this.capabilityToken
+                }
+                : undefined;
             const socket = new WebSocket(url, protocols, {
-                headers: this.capabilityToken ? { 'X-MCP-Capability': this.capabilityToken } : undefined,
+                headers,
                 perMessageDeflate: false
             });
             this.handleClientConnection(socket);
@@ -174,9 +184,54 @@ export class AutomationBridge extends EventEmitter {
                     port: this.clientPort,
                     protocol: socket.protocol || null
                 });
+                const getRawDataByteLength = (data) => {
+                    if (typeof data === 'string') {
+                        return Buffer.byteLength(data, 'utf8');
+                    }
+                    if (Buffer.isBuffer(data)) {
+                        return data.length;
+                    }
+                    if (Array.isArray(data)) {
+                        return data.reduce((total, item) => total + (Buffer.isBuffer(item) ? item.length : 0), 0);
+                    }
+                    if (data instanceof ArrayBuffer) {
+                        return data.byteLength;
+                    }
+                    if (ArrayBuffer.isView(data)) {
+                        return data.byteLength;
+                    }
+                    return 0;
+                };
+                const rawDataToUtf8String = (data, byteLengthHint) => {
+                    if (typeof data === 'string') {
+                        return data;
+                    }
+                    if (Buffer.isBuffer(data)) {
+                        return data.toString('utf8');
+                    }
+                    if (Array.isArray(data)) {
+                        const buffers = data.filter((item) => Buffer.isBuffer(item));
+                        const totalLength = typeof byteLengthHint === 'number'
+                            ? byteLengthHint
+                            : buffers.reduce((total, item) => total + item.length, 0);
+                        return Buffer.concat(buffers, totalLength).toString('utf8');
+                    }
+                    if (data instanceof ArrayBuffer) {
+                        return Buffer.from(data).toString('utf8');
+                    }
+                    if (ArrayBuffer.isView(data)) {
+                        return Buffer.from(data.buffer, data.byteOffset, data.byteLength).toString('utf8');
+                    }
+                    return '';
+                };
                 socket.on('message', (data) => {
                     try {
-                        const text = typeof data === 'string' ? data : data.toString('utf8');
+                        const byteLength = getRawDataByteLength(data);
+                        if (byteLength > MAX_WS_MESSAGE_SIZE_BYTES) {
+                            this.log.error(`Received oversized message (${byteLength} bytes, max: ${MAX_WS_MESSAGE_SIZE_BYTES}). Dropping.`);
+                            return;
+                        }
+                        const text = rawDataToUtf8String(data, byteLength);
                         this.log.debug(`[AutomationBridge Client] Received message: ${text.substring(0, 1000)}`);
                         const parsed = JSON.parse(text);
                         this.connectionManager.updateLastMessageTime();
@@ -350,6 +405,9 @@ export class AutomationBridge extends EventEmitter {
             throw new Error('Automation bridge not connected');
         }
         if (this.requestTracker.getPendingCount() >= this.requestTracker.getMaxPendingRequests()) {
+            if (this.queuedRequestItems.length >= this.maxQueuedRequests) {
+                throw new Error(`Automation bridge request queue is full (max: ${this.maxQueuedRequests}). Please retry later.`);
+            }
             return new Promise((resolve, reject) => {
                 this.queuedRequestItems.push({
                     resolve,

package/dist/automation/types.d.ts

@@ -11,6 +11,7 @@ export interface AutomationBridgeOptions {
     heartbeatIntervalMs?: number;
     maxPendingRequests?: number;
     maxConcurrentConnections?: number;
+    maxQueuedRequests?: number;
     clientMode?: boolean;
     clientHost?: string;
     clientPort?: number;

package/dist/constants.d.ts

@@ -5,6 +5,7 @@ export declare const DEFAULT_NEGOTIATED_PROTOCOLS: string[];
 export declare const DEFAULT_HEARTBEAT_INTERVAL_MS = 10000;
 export declare const DEFAULT_HANDSHAKE_TIMEOUT_MS = 5000;
 export declare const DEFAULT_MAX_PENDING_REQUESTS = 25;
+export declare const DEFAULT_MAX_QUEUED_REQUESTS = 100;
 export declare const DEFAULT_TIME_OF_DAY = 9;
 export declare const DEFAULT_SUN_INTENSITY = 10000;
 export declare const DEFAULT_SKYLIGHT_INTENSITY = 1;
@@ -16,4 +17,5 @@ export declare const LONG_RUNNING_OP_TIMEOUT_MS = 300000;
 export declare const CONSOLE_COMMAND_TIMEOUT_MS = 30000;
 export declare const ENGINE_QUERY_TIMEOUT_MS = 15000;
 export declare const CONNECTION_TIMEOUT_MS = 15000;
+export declare const MAX_WS_MESSAGE_SIZE_BYTES: number;
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.js

@@ -5,6 +5,7 @@ export const DEFAULT_NEGOTIATED_PROTOCOLS = ['mcp-automation'];
 export const DEFAULT_HEARTBEAT_INTERVAL_MS = 10000;
 export const DEFAULT_HANDSHAKE_TIMEOUT_MS = 5000;
 export const DEFAULT_MAX_PENDING_REQUESTS = 25;
+export const DEFAULT_MAX_QUEUED_REQUESTS = 100;
 export const DEFAULT_TIME_OF_DAY = 9;
 export const DEFAULT_SUN_INTENSITY = 10000;
 export const DEFAULT_SKYLIGHT_INTENSITY = 1;
@@ -16,4 +17,5 @@ export const LONG_RUNNING_OP_TIMEOUT_MS = 300000;
 export const CONSOLE_COMMAND_TIMEOUT_MS = 30000;
 export const ENGINE_QUERY_TIMEOUT_MS = 15000;
 export const CONNECTION_TIMEOUT_MS = 15000;
+export const MAX_WS_MESSAGE_SIZE_BYTES = 5 * 1024 * 1024;
 //# sourceMappingURL=constants.js.map

package/dist/graphql/server.d.ts

@@ -19,7 +19,6 @@ export declare class GraphQLServer {
     constructor(bridge: UnrealBridge, automationBridge: AutomationBridge, config?: GraphQLServerConfig);
     start(): Promise<void>;
     stop(): Promise<void>;
-    private setupShutdown;
     getConfig(): Required<GraphQLServerConfig>;
     isRunning(): boolean;
 }

package/dist/graphql/server.js

@@ -28,6 +28,21 @@ export class GraphQLServer {
             this.log.info('GraphQL server is disabled');
             return;
         }
+        const isLoopback = this.config.host === '127.0.0.1' ||
+            this.config.host === '::1' ||
+            this.config.host.toLowerCase() === 'localhost';
+        const allowRemote = process.env.GRAPHQL_ALLOW_REMOTE === 'true';
+        if (!isLoopback && !allowRemote) {
+            this.log.warn(`GraphQL server is configured to bind to non-loopback host '${this.config.host}'. GraphQL is for local debugging only. ` +
+                'To allow remote binding, set GRAPHQL_ALLOW_REMOTE=true. Aborting start.');
+            return;
+        }
+        if (!isLoopback && allowRemote) {
+            if (this.config.cors.origin === '*') {
+                this.log.warn("GraphQL server is binding to a remote host with permissive CORS origin '*'. " +
+                    'Set GRAPHQL_CORS_ORIGIN to specific origins for production. Using permissive CORS for now.');
+            }
+        }
         try {
             const schema = createGraphQLSchema(this.bridge, this.automationBridge);
             const yoga = createYoga({
@@ -67,7 +82,6 @@ export class GraphQLServer {
                     resolve();
                 });
             });
-            this.setupShutdown();
         }
         catch (error) {
             this.log.error('Failed to start GraphQL server:', error);
@@ -92,21 +106,6 @@ export class GraphQLServer {
             });
         });
     }
-    setupShutdown() {
-        const gracefulShutdown = async (signal) => {
-            this.log.info(`Received ${signal}, shutting down GraphQL server...`);
-            try {
-                await this.stop();
-                process.exit(0);
-            }
-            catch (error) {
-                this.log.error('Error during GraphQL server shutdown:', error);
-                process.exit(1);
-            }
-        };
-        process.on('SIGINT', () => gracefulShutdown('SIGINT'));
-        process.on('SIGTERM', () => gracefulShutdown('SIGTERM'));
-    }
     getConfig() {
         return this.config;
     }

package/dist/index.js

@@ -29,7 +29,7 @@ const DEFAULT_SERVER_NAME = typeof packageInfo.name === 'string' && packageInfo.
     : 'unreal-engine-mcp';
 const DEFAULT_SERVER_VERSION = typeof packageInfo.version === 'string' && packageInfo.version.trim().length > 0
     ? packageInfo.version
-    : '0.5.3';
+    : '0.5.4';
 function routeStdoutLogsToStderr() {
     if (!config.MCP_ROUTE_STDOUT_LOGS) {
         return;

package/dist/services/metrics-server.js

@@ -1,6 +1,5 @@
 import http from 'http';
 import { wasmIntegration } from '../wasm/index.js';
-import { DEFAULT_AUTOMATION_HOST } from '../constants.js';
 function formatPrometheusMetrics(options) {
     const { healthMonitor, automationBridge } = options;
     const m = healthMonitor.metrics;
@@ -61,6 +60,7 @@ export function startMetricsServer(options) {
         logger.debug('Metrics server disabled (set MCP_METRICS_PORT to enable Prometheus /metrics endpoint).');
         return null;
     }
+    const host = process.env.MCP_METRICS_HOST || '127.0.0.1';
     const RATE_LIMIT_WINDOW_MS = 60000;
     const RATE_LIMIT_MAX_REQUESTS = 60;
     const requestCounts = new Map();
@@ -114,8 +114,8 @@ export function startMetricsServer(options) {
                 res.end('Internal Server Error');
             }
         });
-        server.listen(port, () => {
-            logger.info(`Prometheus metrics server listening on http://${DEFAULT_AUTOMATION_HOST}:${port}/metrics`);
+        server.listen(port, host, () => {
+            logger.info(`Prometheus metrics server listening on http://${host}:${port}/metrics`);
         });
         server.on('error', (err) => {
             logger.warn('Metrics server error', err);

package/dist/tools/handlers/pipeline-handlers.js

@@ -3,6 +3,55 @@ import { executeAutomationRequest } from './common-handlers.js';
 import { spawn } from 'child_process';
 import path from 'path';
 import fs from 'fs';
+function validateUbtArgumentsString(extraArgs) {
+    if (!extraArgs || typeof extraArgs !== 'string') {
+        return;
+    }
+    const forbiddenChars = ['\n', '\r', ';', '|', '`', '&&', '||', '>', '<'];
+    for (const char of forbiddenChars) {
+        if (extraArgs.includes(char)) {
+            throw new Error(`UBT arguments contain forbidden character(s) and are blocked for safety. Blocked: ${JSON.stringify(char)}.`);
+        }
+    }
+}
+function tokenizeArgs(extraArgs) {
+    if (!extraArgs) {
+        return [];
+    }
+    const args = [];
+    let current = '';
+    let inQuotes = false;
+    let escapeNext = false;
+    for (let i = 0; i < extraArgs.length; i++) {
+        const ch = extraArgs[i];
+        if (escapeNext) {
+            current += ch;
+            escapeNext = false;
+            continue;
+        }
+        if (ch === '\\') {
+            escapeNext = true;
+            continue;
+        }
+        if (ch === '"') {
+            inQuotes = !inQuotes;
+            continue;
+        }
+        if (!inQuotes && /\s/.test(ch)) {
+            if (current.length > 0) {
+                args.push(current);
+                current = '';
+            }
+        }
+        else {
+            current += ch;
+        }
+    }
+    if (current.length > 0) {
+        args.push(current);
+    }
+    return args;
+}
 export async function handlePipelineTools(action, args, tools) {
     switch (action) {
         case 'run_ubt': {
@@ -13,6 +62,7 @@ export async function handlePipelineTools(action, args, tools) {
             if (!target) {
                 throw new Error('Target is required for run_ubt');
             }
+            validateUbtArgumentsString(extraArgs);
             let ubtPath = 'UnrealBuildTool';
             const enginePath = process.env.UE_ENGINE_PATH || process.env.UNREAL_ENGINE_PATH;
             if (enginePath) {
@@ -41,15 +91,17 @@ export async function handlePipelineTools(action, args, tools) {
                     throw new Error(`Could not read project directory: ${projectPath}`);
                 }
             }
+            const projectArg = `-Project="${uprojectFile}"`;
+            const extraTokens = tokenizeArgs(extraArgs);
             const cmdArgs = [
                 target,
                 platform,
                 configuration,
-                `-Project="${uprojectFile}"`,
-                extraArgs
-            ].filter(Boolean);
+                projectArg,
+                ...extraTokens
+            ];
             return new Promise((resolve) => {
-                const child = spawn(ubtPath, cmdArgs, { shell: true });
+                const child = spawn(ubtPath, cmdArgs, { shell: false });
                 const MAX_OUTPUT_SIZE = 20 * 1024;
                 let stdout = '';
                 let stderr = '';
@@ -73,12 +125,13 @@ export async function handlePipelineTools(action, args, tools) {
                     const truncatedNote = (stdout.length >= MAX_OUTPUT_SIZE || stderr.length >= MAX_OUTPUT_SIZE)
                         ? '\n[Output truncated for response payload]'
                         : '';
+                    const quotedArgs = cmdArgs.map(arg => arg.includes(' ') ? `"${arg}"` : arg);
                     if (code === 0) {
                         resolve({
                             success: true,
                             message: 'UnrealBuildTool finished successfully',
                             output: stdout + truncatedNote,
-                            command: `${ubtPath} ${cmdArgs.join(' ')}`
+                            command: `${ubtPath} ${quotedArgs.join(' ')}`
                         });
                     }
                     else {
@@ -88,16 +141,17 @@ export async function handlePipelineTools(action, args, tools) {
                             message: `UnrealBuildTool failed with code ${code}`,
                             output: stdout + truncatedNote,
                             errorOutput: stderr + truncatedNote,
-                            command: `${ubtPath} ${cmdArgs.join(' ')}`
+                            command: `${ubtPath} ${quotedArgs.join(' ')}`
                         });
                     }
                 });
                 child.on('error', (err) => {
+                    const quotedArgs = cmdArgs.map(arg => arg.includes(' ') ? `"${arg}"` : arg);
                     resolve({
                         success: false,
                         error: 'SPAWN_FAILED',
                         message: `Failed to spawn UnrealBuildTool: ${err.message}`,
-                        command: `${ubtPath} ${cmdArgs.join(' ')}`
+                        command: `${ubtPath} ${quotedArgs.join(' ')}`
                     });
                 });
             });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unreal-engine-mcp-server",
-  "version": "0.5.3",
+  "version": "0.5.4",
   "mcpName": "io.github.ChiR24/unreal-engine-mcp",
   "description": "A comprehensive Model Context Protocol (MCP) server that enables AI assistants to control Unreal Engine via native automation bridge. Built with TypeScript and designed for game development automation.",
   "type": "module",

package/plugins/McpAutomationBridge/Source/McpAutomationBridge/Private/McpAutomationBridge_EnvironmentHandlers.cpp

@@ -1,4 +1,4 @@
-#include "McpAutomationBridgeGlobals.h"
+#include "McpAutomationBridgeGlobals.h"
 #include "McpAutomationBridgeHelpers.h"
 #include "McpAutomationBridgeSubsystem.h"
 
@@ -1024,6 +1024,30 @@ bool UMcpAutomationBridgeSubsystem::HandleConsoleCommandAction(
     return true;
   }
 
+  // 4. Block line breaks
+  if (LowerCommand.Contains(TEXT("\n")) || LowerCommand.Contains(TEXT("\r"))) {
+    SendAutomationResponse(RequestingSocket, RequestId, false,
+                           TEXT("Multi-line commands are blocked for safety"),
+                           nullptr, TEXT("COMMAND_BLOCKED"));
+    return true;
+  }
+
+  // 5. Block semicolon and pipe
+  if (LowerCommand.Contains(TEXT(";")) || LowerCommand.Contains(TEXT("|"))) {
+    SendAutomationResponse(RequestingSocket, RequestId, false,
+                           TEXT("Command chaining with semicolon or pipe is blocked for safety"),
+                           nullptr, TEXT("COMMAND_BLOCKED"));
+    return true;
+  }
+
+  // 6. Block backticks
+  if (LowerCommand.Contains(TEXT("`"))) {
+    SendAutomationResponse(RequestingSocket, RequestId, false,
+                           TEXT("Commands containing backticks are blocked for safety"),
+                           nullptr, TEXT("COMMAND_BLOCKED"));
+    return true;
+  }
+
   // Execute the command
   try {
     UWorld *TargetWorld = nullptr;

package/plugins/McpAutomationBridge/Source/McpAutomationBridge/Private/McpBridgeWebSocket.cpp

@@ -446,6 +446,8 @@ uint32 FMcpBridgeWebSocket::RunServer() {
   TSharedRef<FInternetAddr> ListenAddr = SocketSubsystem->CreateInternetAddr();
 
   bool bResolvedHost = false;
+  bool bExplicitBindAll = false;
+
   if (!ListenHost.IsEmpty()) {
     FString HostToBind = ListenHost;
     if (HostToBind.Equals(TEXT("localhost"), ESearchCase::IgnoreCase)) {
@@ -457,10 +459,23 @@ uint32 FMcpBridgeWebSocket::RunServer() {
     if (bIsValidIp) {
       bResolvedHost = true;
     }
+
+    bExplicitBindAll = HostToBind.Equals(TEXT("0.0.0.0"), ESearchCase::IgnoreCase) ||
+                       HostToBind.Equals(TEXT("::"), ESearchCase::IgnoreCase);
   }
 
   if (!bResolvedHost) {
-    ListenAddr->SetAnyAddress();
+    if (!bExplicitBindAll) {
+      UE_LOG(LogMcpAutomationBridgeSubsystem, Warning,
+             TEXT("Invalid ListenHost '%s'. Falling back to 127.0.0.1 for safety. To bind all interfaces, explicitly set ListenHost=0.0.0.0."),
+             *ListenHost);
+
+      bool bFallbackIsValidIp = false;
+      ListenAddr->SetIp(TEXT("127.0.0.1"), bFallbackIsValidIp);
+      bResolvedHost = bFallbackIsValidIp;
+    } else {
+      ListenAddr->SetAnyAddress();
+    }
   }
 
   ListenAddr->SetPort(Port);

package/server.json

@@ -2,13 +2,13 @@
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
   "name": "io.github.ChiR24/unreal-engine-mcp",
   "description": "MCP server for Unreal Engine 5 with 17 tools for game development automation.",
-  "version": "0.5.3",
+  "version": "0.5.4",
   "packages": [
     {
       "registryType": "npm",
       "registryBaseUrl": "https://registry.npmjs.org",
       "identifier": "unreal-engine-mcp-server",
-      "version": "0.5.3",
+      "version": "0.5.4",
       "transport": {
         "type": "stdio"
       },