v1.0.2
🎯 New Features
Server Access Control Enhancement
Added publicAccess field to provide granular control over default server access policies.
Key Changes:
- Database Schema: New publicAccess boolean field in Server table (defaults to false)
- Permission Logic: When users have no explicit permissions, access is now determined by the publicAccess field instead of defaulting to true
- API Support: Full CRUD support for publicAccess in server management endpoints (create/query/update)
- Scope: Applies to both public servers and user-configured servers
Real-time Notifications:
- Socket.IO notifications sent to affected users when publicAccess changes
- MCP protocol notifications (tool/resource/prompt list changes) sent to active sessions
- Smart filtering: Only notifies users without explicit permissions
Impact:
- Breaking Change: New servers default to publicAccess=false, requiring explicit user permission grants
- Existing servers: Automatically set to publicAccess=false after migration
🔧 Improvements
- Refactored public access change handling for better maintainability
- Enhanced user capability list filtering based on server access policies
📦 Database Migration
- Migration 20260109124027_add_public_access_to_server automatically applied on upgrade
📝 Commits
- refactor: Handle PublicAccess Change (ddbaf53)
- API that handles the impact of publicAccess, adjust the user's default capability list (17f2deb)
- feat: Based on the newly added publicAccess of the server, filter the user's permissions, notify the online sessions, and notify the online socket connections (3c1a87a)
- feat: add publicAccess field to control default server access policy (92cc190)
Full Changelog: v1.0.1...v1.0.2