Skip to content

mcp-data-platform-v0.37.2

Choose a tag to compare

View all tags
@github-actions github-actions released this 09 Mar 06:44
· 286 commits to main since this release
v0.37.2
7bc3d00
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

Two bug fixes from #209: admin tool call authentication and asset viewer rendering.

Bug Fixes

Admin tool calls fail with "invalid API key" on browser sessions

Admin tool calls (Tools > Explore) were failing with "authentication failed: invalid API key" when using browser session auth. connectInternalSession was re-extracting the raw OIDC id_token from the session cookie and forcing it through the full MCP auth chain (OAuth JWT → OIDC → API Key). The OIDC authenticator could reject the token (e.g. expired id_token, JWKS cache stale), but ChainedAuthenticator only reports the last error — the unhelpful "invalid API key" from the API key authenticator.

Fix: connectInternalSession now calls BrowserAuth.AuthenticateHTTP(r) to get the already-validated UserInfo and passes it via WithPreAuthenticatedUser(). The MCP auth middleware checks for a pre-authenticated user before running the auth chain, skipping token validation while preserving the full authorization check (persona/role-based tool filtering).

Also adds per-authenticator slog.Debug logging to ChainedAuthenticator for diagnosability — previously only the last error was kept.

Files: pkg/admin/tools.go, pkg/middleware/mcp.go, pkg/middleware/context.go, pkg/auth/middleware.go

Asset viewer "No component found" flash on first render

The asset viewer showed a brief "No component found" error when loading JSX/TSX assets. editedContent initialized as "" while contentStr had the loaded content, so hasChanges evaluated true on first render, passing empty content to ContentRendererJsxRenderer.

Fix: Added a dirty state flag that is only set true when the user actually edits in the SourceEditor. hasChanges now requires dirty && editedContent !== contentStr, preventing the false-positive on initial render.

Files: ui/src/components/AssetViewer.tsx

Test Coverage

  • TestPreAuthenticatedUserContext — round-trip and nil-context for new context helpers
  • TestMCPToolCallMiddleware_PreAuthenticatedUser — pre-auth user bypasses auth chain, populates PlatformContext correctly
  • TestMCPToolCallMiddleware_PreAuthenticatedUser_AuthzDenied — pre-auth user still goes through authorization; denied users get error result

Stats

  • 7 files changed, 186 additions, 17 deletions

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v0.37.2

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_0.37.2_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_0.37.2_linux_amd64.tar.gz
Assets 25
Loading