v1.2.0
Minor release — widened content/developer security presets for full content building.
Changed
content-editor/write-planenow allowparagraph,block_content,menu_link_content,redirect,path_alias, andfile(in addition tonode/taxonomy_term/media).config-editor(developer tier) additionally allows site-building config entities (node_type,paragraphs_type,block_content_type,media_type,field_config,field_storage_config,entity_form_display,entity_view_display,taxonomy_vocabulary) for read/introspection — content-model changes go through the governed config bridge /drush config:import, not JSON:API entity create.- Corrected the server-tool bridge tool names: Tool-API tools are exposed as
tool_api.<id>, so the governed config tools aretool_api.mcp_sentinel_config_get/_list/_set.
Security
- Deny-hardened all three presets:
oauth2_token,key,consumer,encryption_profile,mcp_tool_config, andmcp_policy_profileare now indeniedEntityTypesalongsideuser. PII-bearingwebform_submissionandprofileare intentionally left off the allowlists.
Full changelog: https://github.com/Wilkes-Liberty/drupal-mcp-connector/blob/master/CHANGELOG.md