Skip to content

v1.19.2

Choose a tag to compare

@github-actions github-actions released this 11 Jul 23:37
v1.19.2
a031f42

Fixed

  • Per-server credential storage-key namespacing. A server can now store its
    credential under a namespaced key (manifest secret_key, e.g. Bright Data's
    BRIGHTDATA_API_TOKEN) while the downstream process still receives the generic
    runtime env_var it reads (API_TOKEN). This removes the collision risk of
    two servers sharing a generic name like API_TOKEN in the flat secret store.
    Every credential path resolves through credential_lookup_keys (namespaced key
    first, legacy env_var as a backward-compatible fallback — no migration
    required): the auth_connect write path, the provision auth gate
    (check_api_key), manifest/configured/eager/lazy/refresh startup-config
    resolution, the install-and-run subprocess environment (adopted npx servers),
    and the connect/describe availability checks. Configured .mcp.json entries
    that match a manifest api-key server inherit the resolved credential (including
    dead ${VAR}/$VAR placeholders that local stdio env never expands), and the
    pmcp secrets check / pmcp init diagnostics are namespace-aware. (#95)