Skip to content

v0.5.5

Choose a tag to compare

View all tags
@github-actions github-actions released this 15 May 16:49
· 6 commits to main since this release
v0.5.5
e0a3db9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

First-run UX overhaul plus the security and platform fixes accumulated since v0.5.3 (v0.5.4 was an internal rollup and was never released separately, so this release supersedes it).

Added

  • Interactive browser sign-in. First-time authentication now opens the system browser to the normal Microsoft sign-in (OAuth auth-code flow with a localhost loopback redirect) — no device code to copy out of the logs. Automatically falls back to the device-code flow on headless / no-browser hosts.
  • --AuthMode / BC_AUTH_MODEauto (default: interactive, device-code fallback), interactive, or device_code. Use device_code for headless/server installs.
  • Non-blocking tool discovery. tools/list now returns immediately while authentication is still pending instead of hanging past the client's ~30s request timeout. The proxy advertises tools.listChanged and emits notifications/tools/list_changed once the real tool set is available.
  • Python 3.14 (cp314) wheels added to the .dxt bundle build matrix.

Fixed

  • Device-code prompt no longer corrupts the MCP transport. It was being written to stdout (the JSON-RPC channel), producing Unexpected token 'T', "To sign in"... is not valid JSON and a disconnect. Now routed to stderr.
  • Whitespace in config values is stripped. A trailing space in BC_TENANT_ID / --TenantId (easy to paste from the Azure portal) previously caused LocalProtocolError: Illegal header value on the v28 host. Surrounding whitespace is now trimmed at the input boundary with a warning.

Security

Upgrade notes

  • Azure app registration: interactive sign-in requires http://localhost added under Authentication → Mobile and desktop applications. Existing app registrations that only have the broker redirect URI keep working (auto mode falls back to device-code), but won't get the browser UX until this is added. See README → Step 1.
  • First run on Claude Desktop: for the smoothest experience, run python -m bc_mcp_proxy setup once (pre-authenticate in a terminal) before launching Claude Desktop. Without it, the very first launch shows no tools until you sign in and toggle the extension off/on once; every launch after that is instant via the on-disk token + tools cache. (Claude Desktop does not currently re-request the tool list on notifications/tools/list_changed over stdio; other clients may.)
Assets 5
Loading