Trek_CN/server
jubnl 4b1286d53c
feat(admin): add OAuth sessions to MCP Access panel
Show active OAuth sessions (first) and static API tokens (second) in
the admin MCP Access tab. Admins can revoke any OAuth session, which
immediately terminates the live MCP transport for that client.

- Add admin-level listOAuthSessions / revokeOAuthSession in adminService
- Add GET /admin/oauth-sessions and DELETE /admin/oauth-sessions/:id routes
- Restructure AdminMcpTokensPanel into two sections; rename tab to MCP Access
- Fix stale writeAudit call in rotate-jwt-secret route (user_id → userId)
- Add admin.oauthSessions.* i18n keys across all 14 locale files
2026-04-10 06:47:35 +02:00
..
public chore(CRLF): normalize index.html line endings to LF 2026-04-05 04:35:17 +02:00
scripts feat: add encryption key migration script and document it in README 2026-04-01 09:35:32 +02:00
src feat(admin): add OAuth sessions to MCP Access panel 2026-04-10 06:47:35 +02:00
tests security(oauth): harden OAuth 2.1/MCP implementation (Critical + High + Medium findings) 2026-04-10 02:03:27 +02:00
.env.example feat(mcp): add MCP_MAX_SESSION_PER_USER env var and document it everywhere 2026-04-06 00:09:22 +02:00
package-lock.json feat(mcp): introduce OAuth 2.1 auth and enforce addon gating 2026-04-09 22:25:58 +02:00
package.json chore: bump version to 2.9.12 [skip ci] 2026-04-09 15:48:10 +00:00
reset-admin.js Stabilize core: better-sqlite3, versioned migrations, graceful shutdown 2026-03-22 17:52:24 +01:00
tsconfig.json some fixes 2026-03-30 06:59:24 +02:00
vitest.config.ts refactor(mcp): replace direct DB access with service layer calls 2026-04-04 18:12:53 +02:00