v0.7.1

0.7.1 (2026-06-23)

Features

• auth: Implement MCP auth tool-level scopes validation (mcp-toolbox#​3049) (c528985) (1c03951)
• auth/google: Require audience or clientId for mcpEnabled (mcp-toolbox#​3450) (59f7b6e) (4d34e51)
• ci: Add support for windows/arm64 binary distribution (mcp-toolbox#​3231) (10abf3b) (1c03951)
• datalineage: Add Data Lineage integration (mcp-toolbox#​3285) (19353c3) (1c03951)
• looker: Propagate client IP from incoming MCP requests to downstream SDK calls (mcp-toolbox#​3253) (75da6c2) (1c03951)
• mcp: Add URL parameter binding for HTTP transport (mcp-toolbox#​3112) (0cc7b37) (4d34e51)
• scylladb: Adding support for ScyllaDB source and tool (mcp-toolbox#​3119) (2dada83) (4d34e51)
• server: Add support for toolset filtering in prebuilt CLI flag (mcp-toolbox#​3245) (7cc4f65) (4d34e51)
• server: Ignore unknown tools at startup with --ignore-unknown-tools flag (mcp-toolbox#​3353) (5f0304f) (1c03951)
• skills: Generate skills offline without live source connections (mcp-toolbox#​3388) (4c860b6) (4d34e51)
• skills: Tolerate missing env vars during offline skills-generate (mcp-toolbox#​3399) (ea5d3e5) (4d34e51)
• source/cloud-storage: Restrict bucket and local path access (mcp-toolbox#​3454) (2c3ca5d) (4d34e51)
• tool/cloudsqladmin: Add cloud-sql-admin-execute-sql-many and cloud-sql-admin-sql-many (mcp-toolbox#​3083) (ef300a8) (1c03951)
• tools: Decouple tool initialization from sources (mcp-toolbox#​3355) (32a24e3) (4d34e51)
• tools/bigquery: Add per tool query label in BigQuery jobs (mcp-toolbox#​1975) (3f6a49f) (4d34e51)
• tools/cloudsqlpg: Add remaining vector assist tools for Cloud SQL Postgres (mcp-toolbox#​3203) (b514cbd) (1c03951)
• tools/dataplex: Add tools to support metadata enrichment workflow (mcp-toolbox#​3270) (05289aa) (4d34e51)
• tools/mysql: Add show-query-stats and list-all-locks tools for MySQL and Cloud SQL MySQL source (mcp-toolbox#​2954) (a9693bd) (4d34e51)
• tools/spanner-search-catalog: Implement search_catalog tool (mcp-toolbox#​3140) (defc086) (1c03951)
• Enable per source level flags for sql commenter (mcp-toolbox#​3465) (ecce6b7) (4d34e51)
• Setup SQLCommenter and allow client metadata (mcp-toolbox#​3064) (9f1f9b3) (1c03951)

Bug Fixes

• auth: Separate Google and Generic MCP OAuth verification (mcp-toolbox#​3341) (dfd66ee) (1c03951)
• auth/dataplex: Fix failing source with service account credentials (mcp-toolbox#​3369) (ba4deef) (4d34e51)
• auth/generic: Enforce issuer presence in opaque token validation (mcp-toolbox#​3360) (1d8df0d) (1c03951)
• auth/generic: Fix generic auth expiration field and integration with authRequired (mcp-toolbox#​3251) (f4d16c0) (1c03951)
• bigquery: Wire maximumBytesBilled into prebuilt config (mcp-toolbox#​3385) (4abbf6e) (4d34e51)
• config: Add doc/line context to parse errors (mcp-toolbox#​2957) (4b097da) (4d34e51)
• mcp: Support annotations and metadata within Tools to earlier MCP schemas (mcp-toolbox#​3300) (9a88c72) (1c03951)
• npm: Source binary version from cmd/version.txt (mcp-toolbox#​3417) (6ffbdec) (4d34e51)
• oracle: Remove trailing semicolons from prebuilt tools (mcp-toolbox#​3215) (fcad02d) (1c03951)
• prebuilt/alloydb-omni: Require password env var explicitly (mcp-toolbox#​3398) (fcbe3e7) (4d34e51)
• server: Fail if MCP auth is enabled together with enable-api (mcp-toolbox#​3435) (a6ff910) (4d34e51)
• server: Return errors instead of panicking in InitializeConfigs (mcp-toolbox#​3397) (f48b01d) (4d34e51)
• server: Return null id for batch request rejection (mcp-toolbox#​3333) (0b18d58) (1c03951)
• server/auth: Centralize tool scopes validation (mcp-toolbox#​3335) (adce4ab) (1c03951)
• source/cloudhealthcare: Validate pageURL parameter to prevent SSRF (mcp-toolbox#​3453) (9abf47d) (4d34e51)
• source/dataplex,source/datalineage: Specify cloud-platform scope for default credentials (mcp-toolbox#​3376) (13e8c36) (4d34e51)
• source/dataplex: Limit search results to pageSize (mcp-toolbox#​3323) (905c1f6), closes mcp-toolbox#​3308 (1c03951)
• source/http: Implement SSRF guard (mcp-toolbox#​3448) (24d7d29) (4d34e51)
• telemetry: Allow GCP project override (mcp-toolbox#​2960) (3c83ba5) (1c03951)
• tool/bigquery-execute-sql: Prevent dataset restriction bypass (mcp-toolbox#​3452) (ca6d5e3) (4d34e51)
• tool/bigquery: Prevent allowedDatasets bypass in forecast query (mcp-toolbox#​3324) (45df461) (1c03951)
• tool/clickhouse: Handle ignored ProcessParameters error (mcp-toolbox#​3340) (ddfd887) (1c03951)
• tool/mysql-get-query-plan: Prevent query execution bypass and statement injection (mcp-toolbox#​3235) (7ed1e7b) (4d34e51)
• tool/spanner-sql,tool/spanner-execute-sql: Use read-only annotations when readOnly is set (mcp-toolbox#​3338) (8bde0ec) (4d34e51)
• tools: Initialize query result slices to empty array (mcp-toolbox#​3250) (60ddf48) (1c03951)
• tools/clickhouse,tools/bigquery: Validate identifier parameters to prevent injection (mcp-toolbox#​3219) (2f45f75) (1c03951)
• tools/http: Prevent path traversal and base path scope escape (mcp-toolbox#​3218) (80a6602) (1c03951)
• tools/looker: Escape filter values for unquoted parameters (mcp-toolbox#​3289) (1711156) (1c03951)
• tools/looker: Return a 401 error to MCP client when Looker returns a 401 (mcp-toolbox#​3233) (4f409a3) (1c03951)
• tools/looker: Strip wrapping quotes from filter values for unquoted parameters (mcp-toolbox#​3273) (1e3de96) (1c03951)
• Bound MCP HTTP body size (mcp-toolbox#​3216) (d4f4342) (4d34e51)
• Enforce toolset/promptset boundary on tools/call and prompts/get (mcp-toolbox#​3036) (c739b80) (1c03951)
• Escape delimiter characters in applyEscape to prevent SQL injection (mcp-toolbox#​2811) (932519a) (4d34e51)