Skip to content

0.8.164

Choose a tag to compare

@github-actions github-actions released this 01 Jul 04:50
v0.8.164
60cce16

Added

  • MCP HTTP transport now step-ups OAuth on a 403 insufficient_scope
    challenge, not just a 401.
    Per RFC 6750 §3.1, a 403 whose
    WWW-Authenticate: Bearer header carries error="insufficient_scope" means
    the presented token is valid but lacks a required scope. Harn now treats it
    like a 401: it emits mcp_auth_required (carrying the challenge's elevated
    scope) and re-runs the authorization flow, so a tool call that needs an
    additional scope recovers in place instead of dead-ending. A plain 403
    without an insufficient_scope challenge is still a hard denial and falls
    through unchanged.
  • MCP servers that announce a changed tool/resource/prompt list
    (notifications/*/list_changed) now emit an mcp_catalog_changed agent event,
    so a connected client re-fetches the catalog and surfaces newly added tools
    within the same session — no restart.

Fixed

  • Release binary publishing now treats Actions run-artifact uploads as
    best-effort.
    Official GitHub Release archives still publish through the
    hard gh release upload path, so transient artifact-store outages no longer
    block otherwise valid signed release artifacts before checksum and smoke gates
    can run.

Install / Upgrade

cargo install harn-cli

Full Changelog: v0.8.163...v0.8.164