v1.3 — Store/direct path detection, GitHub MCP Go binary, SecureString scripts
Corrects the Windows config-file path for Cowork 3P (Microsoft Store virtualization), adds a Local MCP server setup using GitHub's official Go binary, and introduces SecureString-based deployment scripts.
Added
- Part 4 of
README.md— "Connect a local GitHub MCP server". Uses the officialgithub/github-mcp-serverGo binary (not the deprecated npm package). Includes the Managed vs Local MCP appendix so users don't lose another hour to theenterpriseConfig.managedMcpServersred herring. scripts/find-cowork-config.ps1— resolves the real Cowork 3P config directory on Windows by inspecting the runningClaude.exeprocess (--user-data-dirarg), with a filesystem-probe fallback covering both Microsoft Store and direct-install layouts. Emits a single-line path so it pipes cleanly.scripts/deploy-config.ps1— SecureString-based config deployer. Prompts for the Ask Sage key with masked input, renders the template, writes UTF-8 without BOM to the correct path, and runs a 10-check validation pass. Scrubs plaintext from memory viaZeroFreeBSTR+Remove-Variable+[GC]::Collect().scripts/install-github-mcp.ps1— downloads the GitHub MCP Go binary to%LOCALAPPDATA%\Programs\github-mcp-server\, prompts for a GitHub PAT as SecureString, and injects a top-levelmcpServers.githubentry into the Cowork config. Supports-Versionto pin a release tag and-SkipConfigUpdatefor download-only.README.md— new troubleshooting table for GitHub MCP covering the top-level-vs-managed config mix-up, 60-secondinitializetimeout on the npm package, and PAT auth failures.
Changed
- Part 1 / Step 3 of
README.mdrewritten around the two-location config-file reality on Windows: Microsoft Store builds live under%LOCALAPPDATA%\Packages\Claude_<suffix>\LocalCache\Roaming\Claude-3p\, direct-download builds live under%APPDATA%\Claude-3p\. Both folders areClaude-3p, notClaude— that's regular Claude Desktop, a different product. claude_desktop_config.jsontemplate: removeddeploymentOrganizationUuid. The field isn't required for individual 3P gateway setups, and leaving placeholder or wrong values in it caused silent provisioning failures. Step 3 of Part 1 no longer asks for a UUID.plugins.md— new section clarifying thatenterpriseConfig.managedMcpServersis admin-only (delivered via signed MDM policy) and the end-user key is top-levelmcpServers. Includes the visual symptom users actually see (🔒 icon in the Managed panel).
Notes
- Both new SecureString scripts produce UTF-8-no-BOM output via
[System.IO.File]::WriteAllTextwithUTF8Encoding($false). Do not switch them toSet-Content -Encoding UTF8— that emits a BOM, which Cowork's JSON parser rejects. - The deprecated
@modelcontextprotocol/server-githubnpm package is still documented upstream in some places but should not be used with Cowork; coldnpx -ystarts time out against Cowork's 60-second MCP initialize handshake. The Go binary starts in under a second. - No changes to inference models, Ask Sage URL, auth scheme, or plugin list.