v1.3.1
Fixed
- The server-tool bridge client now performs the MCP Streamable-HTTP session handshake before calling governed config tools. It POSTs
initialize, reads theMcp-Session-Idresponse header, sendsnotifications/initialized, then issuestools/callcarrying that session id — caching the session per site and re-initialising transparently on server-side expiry. Previously it POSTed a baretools/callwith no session, which Drupal's session-mandatorymcp_serverrejected with-32600("A valid session id is REQUIRED for non-initialize requests"), sodrupal_config_get/_list/_setalways failed. Responses are now parsed for bothapplication/jsonandtext/event-stream(SSE) transports, and the request advertisesMCP-Protocol-Version: 2025-06-18. The existing 401 → token-refresh retry is preserved and layered with a single session re-init/replay.
Full Changelog: v1.3.0...v1.3.1