0.8.164
Added
- MCP HTTP transport now step-ups OAuth on a
403 insufficient_scope
challenge, not just a401. Per RFC 6750 §3.1, a403whose
WWW-Authenticate: Bearerheader carrieserror="insufficient_scope"means
the presented token is valid but lacks a required scope. Harn now treats it
like a401: it emitsmcp_auth_required(carrying the challenge's elevated
scope) and re-runs the authorization flow, so a tool call that needs an
additional scope recovers in place instead of dead-ending. A plain403
without aninsufficient_scopechallenge is still a hard denial and falls
through unchanged. - MCP servers that announce a changed tool/resource/prompt list
(notifications/*/list_changed) now emit anmcp_catalog_changedagent event,
so a connected client re-fetches the catalog and surfaces newly added tools
within the same session — no restart.
Fixed
- Release binary publishing now treats Actions run-artifact uploads as
best-effort. Official GitHub Release archives still publish through the
hardgh release uploadpath, so transient artifact-store outages no longer
block otherwise valid signed release artifacts before checksum and smoke gates
can run.
Install / Upgrade
cargo install harn-cliFull Changelog: v0.8.163...v0.8.164