Skip to content

v1.3 — Store/direct path detection, GitHub MCP Go binary, SecureString scripts

Choose a tag to compare

@JLay2026 JLay2026 released this 24 Apr 03:56

Corrects the Windows config-file path for Cowork 3P (Microsoft Store virtualization), adds a Local MCP server setup using GitHub's official Go binary, and introduces SecureString-based deployment scripts.

Added

  • Part 4 of README.md — "Connect a local GitHub MCP server". Uses the official github/github-mcp-server Go binary (not the deprecated npm package). Includes the Managed vs Local MCP appendix so users don't lose another hour to the enterpriseConfig.managedMcpServers red herring.
  • scripts/find-cowork-config.ps1 — resolves the real Cowork 3P config directory on Windows by inspecting the running Claude.exe process (--user-data-dir arg), with a filesystem-probe fallback covering both Microsoft Store and direct-install layouts. Emits a single-line path so it pipes cleanly.
  • scripts/deploy-config.ps1 — SecureString-based config deployer. Prompts for the Ask Sage key with masked input, renders the template, writes UTF-8 without BOM to the correct path, and runs a 10-check validation pass. Scrubs plaintext from memory via ZeroFreeBSTR + Remove-Variable + [GC]::Collect().
  • scripts/install-github-mcp.ps1 — downloads the GitHub MCP Go binary to %LOCALAPPDATA%\Programs\github-mcp-server\, prompts for a GitHub PAT as SecureString, and injects a top-level mcpServers.github entry into the Cowork config. Supports -Version to pin a release tag and -SkipConfigUpdate for download-only.
  • README.md — new troubleshooting table for GitHub MCP covering the top-level-vs-managed config mix-up, 60-second initialize timeout on the npm package, and PAT auth failures.

Changed

  • Part 1 / Step 3 of README.md rewritten around the two-location config-file reality on Windows: Microsoft Store builds live under %LOCALAPPDATA%\Packages\Claude_<suffix>\LocalCache\Roaming\Claude-3p\, direct-download builds live under %APPDATA%\Claude-3p\. Both folders are Claude-3p, not Claude — that's regular Claude Desktop, a different product.
  • claude_desktop_config.json template: removed deploymentOrganizationUuid. The field isn't required for individual 3P gateway setups, and leaving placeholder or wrong values in it caused silent provisioning failures. Step 3 of Part 1 no longer asks for a UUID.
  • plugins.md — new section clarifying that enterpriseConfig.managedMcpServers is admin-only (delivered via signed MDM policy) and the end-user key is top-level mcpServers. Includes the visual symptom users actually see (🔒 icon in the Managed panel).

Notes

  • Both new SecureString scripts produce UTF-8-no-BOM output via [System.IO.File]::WriteAllText with UTF8Encoding($false). Do not switch them to Set-Content -Encoding UTF8 — that emits a BOM, which Cowork's JSON parser rejects.
  • The deprecated @modelcontextprotocol/server-github npm package is still documented upstream in some places but should not be used with Cowork; cold npx -y starts time out against Cowork's 60-second MCP initialize handshake. The Go binary starts in under a second.
  • No changes to inference models, Ask Sage URL, auth scheme, or plugin list.