Skip to content

v2.5.0

Choose a tag to compare

@github-actions github-actions released this 24 Jun 19:06
1c5027c

MCP Auth Bridge — ASAP Host/Agent JWT and capability grants as an opt-in
authorization layer for native stdio MCP tools/call (Mode A). Unprotected
MCPServer usage is unchanged. No wire-protocol or manifest schema breaking
changes.

Added

  • feat(adapters): MCP Auth Bridge (asap.adapters.mcp)
    • protect_server(server, config) — wraps MCPServer via
      ProtectedMCPServer; intercepts _handle_tools_call only (MCP-AUTH-006).
    • MCPAuthConfig (config.py) — host_store, agent_store,
      capability_registry, tool_capability_map, public_tools,
      enforce_grants, jwt_extractor, jti_replay_cache, expected_audience.
    • Token carriage (stdio) — Agent JWT in tools/call params
      _meta.asap_agent_jwt; optional dev-only ASAP_AGENT_JWT when
      allow_env_jwt_fallback=True.
    • Grant enforcementverify_agent_jwt + CapabilityRegistry.check_grant
      with constraint validation on tool arguments; MCP-safe asap:* error codes
      (asap:auth_required, asap:invalid_token, asap:capability_denied,
      asap:constraint_violation).
    • Tool → capability mapping — explicit tool_capability_map, register-time
      metadata, or default identity (tool name == capability); optional startup
      validation (validate_tools_at_startup).
    • Reference exampleexamples/mcp_auth_bridge/ (protected stdio server +
      client, smoke tests in tests/examples/test_mcp_auth_bridge_example.py).
    • DocsMCP Auth Bridge adapter;
      MCP integration distinguishes Mode A (native MCP +
      bridge) vs Mode B (MCP-over-ASAP envelope).
  • feat(compliance): mcp-auth-bridge profile (asap-compliance) — stdio MCP
    release gate: auth paths, grants, constraints, manifest tools ⊆ registered
    tools (MCP-DISC-003). Requires asap-protocol>=2.5.0.
  • test(adapters/mcp) — unit, grant, startup, and stdio integration coverage
    (≥90% on asap.adapters.mcp).

Deferred (not in v2.5.0)

  • hide_unauthorized_tools / tools/list filtering (MCP-MAP-004) — no
    standard JWT carriage on stdio tools/list today; see
    design lock.
  • initialize session-token handshake (PRD §4.3 SHOULD) — clients pass JWT
    on each protected tools/call in v2.5.0.

TypeScript

  • @asap-protocol/mcp-auth deferred to v2.5.0.1 — MCP-TS-001..003 (HTTP/SSE
    Bearer middleware) are SHOULD-scope; v2.5.0 ships the Python stdio bridge as the
    release gate. Rationale and implementation checklist:
    typescript-mcp-auth-spike.md;
    carry-over tracked in
    PRD v2.5.1 §3.
    Existing @asap-protocol/* npm packages remain at 2.4.1 until a separate
    publish.

Migration

  • v2.4.1 → v2.5.0: No breaking changes. MCP servers without
    protect_server behave as before. To enforce Agent JWT + capabilities on native
    MCP, wrap your server with protect_server and configure grants — see
    MCP Auth Bridge adapter.


Full Changelog: v0.1.0...v2.5.0