Releases: AKzar1el/mcp-gsc
Releases · AKzar1el/mcp-gsc
Release list
v0.3.1
v0.3.0
v0.2.0
Added
get_capabilitiestool — returns the tool catalog and a non-destructive auth-status probe for better first-run discovery in lazy-loading clients.- Pagination for
query_search_analytics: newstart_rowparameter (Google'sstartRow), plus anext_start_rowfield in the response whenever a full page came back. - Parameter descriptions on every tool input — including the
sc-domain:vs URL-prefix property format trap, the YYYY-MM-DD date format, and the 2–3 day GSC data lag — so MCP clients make correct calls on the first try. - MCP tool annotations: all five tools now declare
readOnlyHint: trueand human-readable titles. - Offline unit tests (
npm run test:unit, 15 tests): crypto roundtrip/tamper checks, OAuth URL construction, refresh-token error mapping, and Search Console request encoding — no deployment needed. - GitHub Actions CI: typecheck + unit tests on every push and pull request.
SECURITY.mdwith a private-reporting channel and a full data-handling inventory.
Changed
query_search_analyticsnow returns compact JSON shaped as{ row_count, start_row, rows, next_start_row? }instead of a pretty-printed bare array — roughly 3× fewer tokens for the same data.- Default
row_limitlowered from 1000 to 100. Most conversational questions need far fewer rows; bulk consumers can still request up to 25,000 and paginate. - Input validation tightened: dates must be
YYYY-MM-DD,row_limitmust be an integer in 1–25000. - Error messages no longer hardcode Claude.ai — they now say "your MCP client (e.g. Claude.ai → Settings → Connectors)".
- The version reported by the MCP server and
get_capabilitiesis now read frompackage.json(single source of truth). - A failure inside the OAuth provider's
completeAuthorizationnow returns a clean 500 instead of an unhandled exception.
Fixed
- Server name: the MCP server now identifies as
mcp-gsc(in theMcpServername and theGET /response body) to match the repo, package, and worker name — it was previouslyhosted-gsc-mcp. - A transient Google error no longer deletes a user's stored credentials.
refreshAccessTokennow treats only a definitiveinvalid_grantas a revocation; other non-OK responses (bare 400/401, 5xx, network) propagate as plain errors, so a temporary blip can no longer triggerdeleteUser.