Release Date: December 16, 2025 Type: Minor Release (Feature Addition) Status: Completed
Version 1.6.0 introduces comprehensive recipe management capabilities to the CyberChef MCP Server, transforming it from a simple operation executor into a powerful workflow automation platform. Users can now save, organize, share, and reuse multi-operation workflows with full import/export support and a curated library of 25+ example recipes.
Save and manage complex operation chains as reusable recipes:
- CRUD Operations: Create, read, update, and delete recipes
- Metadata: Names, descriptions, tags, author, and categories
- Versioning: Automatic semantic versioning on updates
- Validation: Pre-execution validation with complexity estimation
- Testing: Test recipes with sample inputs before deployment
- Backend: JSON file-based storage (
./recipes.jsonby default) - Performance: In-memory caching for fast retrieval
- Reliability: Atomic writes with automatic backup creation
- Capacity: Configurable limits (10,000 recipes by default)
- Persistence: Docker volume support for container deployments
Build complex workflows by nesting recipes within recipes:
- Modularity: Reference saved recipes as operations
- Reusability: Compose simple recipes into complex workflows
- Safety: Circular dependency detection
- Depth Control: Configurable nesting depth limits (5 levels by default)
Share recipes across teams and platforms:
- JSON: Native format with full metadata
- YAML: Human-readable format for version control
- URL: Base64-encoded shareable links (
cyberchef://recipe?data=...) - CyberChef: Compatibility with upstream CyberChef format
Curated collection of 25+ production-ready recipes across 5 categories:
- Cryptography (6 recipes): JWT decode, AES decrypt, RSA keys, hashing, TOTP, PGP
- Encoding (6 recipes): Base64/Hex conversion, URL parsing, HTML entities, Unicode
- Data Extraction (5 recipes): JSON/XML/CSV parsing, email/URL extraction
- Forensics (4 recipes): File metadata, strings extraction, entropy analysis
- Networking (5 recipes): IP parsing, User-Agent analysis, HTTP requests
Ten new tools for complete recipe lifecycle management:
| Tool | Purpose |
|---|---|
cyberchef_recipe_create |
Create new recipe |
cyberchef_recipe_get |
Retrieve recipe by ID |
cyberchef_recipe_list |
List recipes with filtering |
cyberchef_recipe_update |
Update existing recipe |
cyberchef_recipe_delete |
Delete recipe |
cyberchef_recipe_execute |
Execute saved recipe |
| Tool | Purpose |
|---|---|
cyberchef_recipe_export |
Export to JSON/YAML/URL/CyberChef |
cyberchef_recipe_import |
Import from various formats |
| Tool | Purpose |
|---|---|
cyberchef_recipe_validate |
Validate recipe structure |
cyberchef_recipe_test |
Test with sample inputs |
New environment variables for recipe management:
| Variable | Default | Description |
|---|---|---|
CYBERCHEF_RECIPE_STORAGE |
./recipes.json |
Storage file path |
CYBERCHEF_RECIPE_MAX_COUNT |
10000 |
Maximum number of recipes |
CYBERCHEF_RECIPE_MAX_OPERATIONS |
100 |
Max operations per recipe |
CYBERCHEF_RECIPE_MAX_DEPTH |
5 |
Max nesting depth |
await client.callTool({
name: 'cyberchef_recipe_create',
arguments: {
name: 'Decode and Parse JWT',
description: 'Decode JWT token and beautify JSON payload',
operations: [
{ op: 'JWT Decode', args: {} },
{ op: 'JSON Beautify', args: {} }
],
tags: ['jwt', 'decode', 'json', 'crypto'],
metadata: {
category: 'cryptography'
}
}
});await client.callTool({
name: 'cyberchef_recipe_execute',
arguments: {
id: '550e8400-e29b-41d4-a716-446655440000',
input: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
}
});// Create modular recipes
const decryptRecipe = await client.callTool({
name: 'cyberchef_recipe_create',
arguments: {
name: 'AES Decrypt',
operations: [{ op: 'AES Decrypt', args: {...} }]
}
});
const decompressRecipe = await client.callTool({
name: 'cyberchef_recipe_create',
arguments: {
name: 'Gunzip',
operations: [{ op: 'Gunzip', args: {} }]
}
});
// Compose into master workflow
await client.callTool({
name: 'cyberchef_recipe_create',
arguments: {
name: 'Decrypt and Decompress',
operations: [
{ recipe: decryptRecipe.id },
{ recipe: decompressRecipe.id }
]
}
});// Export as shareable URL
const url = await client.callTool({
name: 'cyberchef_recipe_export',
arguments: {
id: '550e8400-e29b-41d4-a716-446655440000',
format: 'url'
}
});
// Result: cyberchef://recipe?data=eyJ...
// Import from URL
await client.callTool({
name: 'cyberchef_recipe_import',
arguments: {
data: url,
format: 'url'
}
});For persistent recipe storage in Docker:
docker run -i --rm \
-v ./recipes.json:/app/recipes.json \
-e CYBERCHEF_RECIPE_STORAGE=/app/recipes.json \
ghcr.io/doublegate/cyberchef-mcp_v1:1.6.0| Module | Purpose |
|---|---|
src/node/recipe-validator.mjs |
Zod schemas and validation logic |
src/node/recipe-storage.mjs |
JSON file backend with atomic writes |
src/node/recipe-manager.mjs |
Business logic and import/export |
src/node/recipes/recipe-library.json |
Curated recipe collection |
- Schema Validation: Zod-based type checking
- Operation Validation: Verify operation names against CyberChef config
- Argument Validation: Type checking for operation arguments
- Complexity Estimation: Automatic low/medium/high classification
- Circular Dependency Detection: Prevent infinite recursion
- Depth Limiting: Configurable maximum nesting depth
None. This release is fully backward compatible. All new features are additive.
No migration required. Recipe management is an optional new feature that doesn't affect existing workflows.
New and updated documentation:
- User Guide: docs/guides/recipe_management.md - Comprehensive recipe management guide
- CHANGELOG: Updated with v1.6.0 features
- README: Will be updated to highlight recipe management capabilities
- In-Memory Caching: Fast recipe retrieval without disk I/O
- Atomic Writes: Safe concurrent access to recipe storage
- Lazy Loading: Recipes loaded on-demand, not at startup
- Pagination: List operations support limit/offset for large collections
- Input Validation: All recipe fields validated with Zod schemas
- Path Sanitization: UUIDs prevent path traversal attacks
- Resource Limits: Configurable limits prevent resource exhaustion
- No Secrets: Recipes should not contain sensitive data (documented)
The following areas have been implemented and are ready for testing:
- Recipe CRUD operations
- Recipe execution with composition
- Import/export in all formats
- Validation and error handling
- Storage persistence and backup
- Circular dependency detection
- No GUI: Recipe management via MCP tools only
- Single Storage File: All recipes in one JSON file (may not scale to millions of recipes)
- No Access Control: All recipes accessible to all MCP clients
- No Search Index: Filtering is in-memory (may be slow for large collections)
These limitations are documented and may be addressed in future releases.
Planned for v1.7.0 and beyond:
- Batch Processing: Execute multiple recipes in parallel
- Recipe Templates: Parameterized recipes with variable substitution
- Recipe Marketplace: Share recipes publicly
- Search Index: Fast full-text search
- Access Control: User/team-based permissions
- SQLite Backend: Optional SQL storage for large-scale deployments
-
Update to v1.6.0:
docker pull ghcr.io/doublegate/cyberchef-mcp_v1:1.6.0
-
Optional: Configure recipe storage location:
export CYBERCHEF_RECIPE_STORAGE=/path/to/recipes.json -
Start using recipe tools immediately - no additional setup required.
If issues occur, rollback to v1.5.1:
docker pull ghcr.io/doublegate/cyberchef-mcp_v1:1.5.1Recipe data is stored separately and won't be affected by rollback.
- DoubleGate - Recipe management system design and implementation
For issues, questions, or feedback:
- GitHub Issues: https://github.com/doublegate/CyberChef-MCP/issues
- Documentation: https://github.com/doublegate/CyberChef-MCP/tree/master/docs
Release: v1.6.0 Date: December 16, 2025 Type: Minor (Feature Addition) Status: Completed