Skip to content

v0.2.0 — remote transport + bearer-token auth

Choose a tag to compare

@fastrevmd-lab fastrevmd-lab released this 05 May 19:56

First public release with remote MCP transport. v0.1 features remain unchanged on the stdio path.

Highlights

  • Streamable-HTTP transport (rmcp 0.8.5) — --transport streamable-http -H <host> -p <port>
  • Bearer-token auth with per-token router/tool scopes — token add/list/revoke/rotate subcommand
  • Optional rustls TLS (default-on tls feature, ring crypto provider, no aws-lc-rs)
  • SIGHUP hot-reload of the token store via Arc<ArcSwap<TokenStore>>
  • CLI refusal matrix — refuses --allow-no-auth off-loopback; refuses plain HTTP off-loopback without --allow-insecure-bind
  • Stdio path is bit-for-bit unchanged from v0.1

Security

  • subtle::ConstantTimeEq for hash verify
  • Token plaintext shown exactly once on token add/rotate; never logged, no Debug impl on Secret
  • Atomic TokenStoreFile::save via NamedTempFile::persist — crash during rotate cannot lose tokens
  • Blocklist guardrails (v0.1.x) still gate every tool call regardless of token scope

Install

cargo install --git https://github.com/fastrevmd-lab/RustJunosMCP --tag v0.2.0

Or build from source — see README.md. Docker image and LXC tarball follow the same workflow as v0.1, with version tags now 0.2.

Operator quick-start

# Mint a token
cargo run -- token add --tokens-file tokens.json --name ops \
  --routers '*' --tools execute_junos_command,gather_device_facts

# Run with auth on loopback
cargo run -- --device-mapping devices.json --transport streamable-http \
  -H 127.0.0.1 -p 8765 --tokens-file tokens.json

# Hot-reload after rotate (sends SIGHUP automatically)
cargo run -- token rotate --tokens-file tokens.json --name ops --server-pid <pid>

See README's "Remote transport + auth (v0.2)" section for the full refusal matrix and TLS setup.

Plan & spec

  • Spec: docs/superpowers/specs/2026-05-05-remote-transport-auth-design.md
  • Plan: docs/superpowers/plans/2026-05-05-remote-transport-auth.md (16 tasks, all complete)
  • PR: #4

Diff

v0.1.0...v0.2.0: 27 files changed, +7227 / -67. 145 tests passing.