Skip to content

v0.5.0

Choose a tag to compare

View all tags
@methylone methylone released this 07 Jun 03:25
· 13 commits to main since this release
v0.5.0
822a798

v0.5.0

Read-only mode and version single-source-of-truth.

  • Read-only mode (READ_ONLY=true): withholds the four account-writing tools (create_events / update_event / delete_event / delete_events). Local-only tools (clear_cache / set_cache_enabled) stay available. Applied identically to the MCP server and the CLI via a single getActiveTools() filter so the two surfaces can't diverge.
  • Version single-source-of-truth: serverInfo.version now reads package.json at runtime (src/version.ts), ending the hard-coded "0.1.0" drift.
  • MCPB user_config: new read_only and cache_enabled toggles; the api_key field now links to SECURITY.md.
  • Secret-scan guard: opt-in .githooks/pre-push runs gitleaks (default ruleset) on the commits being pushed. Enable with git config core.hooksPath .githooks.
  • PII config externalized to pii-guard.config.json (allowlists for placeholder home paths and RFC 2606 example domains).

Verification

  • npm test: passed (194 tests)
  • npm run build: passed
  • npm run mcpb:pack (prod-only node_modules): passed
  • node scripts/check-mcpb-pii.mjs intervals-mcp-with-stryd.mcpb: passed — 0 findings (structural + deny-list deep check)

SHA-256

Verify the downloaded bundle (see SECURITY.md):

ddc74dfb99bef7f24e3d89dd96a1940a7e138ebb8400e9c12e805cd80fec3d6f  intervals-mcp-with-stryd.mcpb
Assets 3
Loading