Skip to content

v1.2.0

Choose a tag to compare

@jmcerda jmcerda released this 27 Jun 15:54
d92868c

Minor release — widened content/developer security presets for full content building.

Changed

  • content-editor / write-plane now allow paragraph, block_content, menu_link_content, redirect, path_alias, and file (in addition to node/taxonomy_term/media).
  • config-editor (developer tier) additionally allows site-building config entities (node_type, paragraphs_type, block_content_type, media_type, field_config, field_storage_config, entity_form_display, entity_view_display, taxonomy_vocabulary) for read/introspection — content-model changes go through the governed config bridge / drush config:import, not JSON:API entity create.
  • Corrected the server-tool bridge tool names: Tool-API tools are exposed as tool_api.<id>, so the governed config tools are tool_api.mcp_sentinel_config_get / _list / _set.

Security

  • Deny-hardened all three presets: oauth2_token, key, consumer, encryption_profile, mcp_tool_config, and mcp_policy_profile are now in deniedEntityTypes alongside user. PII-bearing webform_submission and profile are intentionally left off the allowlists.

Full changelog: https://github.com/Wilkes-Liberty/drupal-mcp-connector/blob/master/CHANGELOG.md