Trek_CN/server
jubnl 535c06bb3f
feat(mcp): granular OAuth scopes and per-client rate limiting
- Split `media:read` into `geo:read` and `weather:read` scopes
- Add dedicated `atlas:read/write` scopes (previously under `places`)
- Add dedicated `todos:read/write` scopes (previously under `collab`)
- Rate limiting now keyed by userId+clientId instead of userId alone
- Bind MCP sessions to the OAuth client that created them
- Log MCP tool calls to audit log with clientId
- Invalidate all MCP sessions on addon state change
- Reduce session sweep interval from 10min to 1min
- Update all translations with new scope labels
2026-04-11 02:06:32 +02:00
..
public chore(CRLF): normalize index.html line endings to LF 2026-04-05 04:35:17 +02:00
scripts feat: add encryption key migration script and document it in README 2026-04-01 09:35:32 +02:00
src feat(mcp): granular OAuth scopes and per-client rate limiting 2026-04-11 02:06:32 +02:00
tests feat(mcp): granular OAuth scopes and per-client rate limiting 2026-04-11 02:06:32 +02:00
.env.example feat(mcp): add MCP_MAX_SESSION_PER_USER env var and document it everywhere 2026-04-06 00:09:22 +02:00
package-lock.json feat(mcp): introduce OAuth 2.1 auth and enforce addon gating 2026-04-09 22:25:58 +02:00
package.json chore: bump version to 2.9.12 [skip ci] 2026-04-09 15:48:10 +00:00
reset-admin.js Stabilize core: better-sqlite3, versioned migrations, graceful shutdown 2026-03-22 17:52:24 +01:00
tsconfig.json some fixes 2026-03-30 06:59:24 +02:00
vitest.config.ts refactor(mcp): replace direct DB access with service layer calls 2026-04-04 18:12:53 +02:00