Trek_CN/server
jubnl cc2a2ddca3
remove(oauth): drop browser-initiated DCR registration flow
OAuthRegisterPage and its server routes (GET /api/oauth/register/validate,
POST /api/oauth/register) are superseded by the RFC 7591 machine-to-machine
DCR endpoint (POST /oauth/register). Claude.ai and compliant MCP clients
register via RFC 7591, then go through the standard /oauth/authorize consent
screen for scope selection.
2026-04-10 06:23:07 +02:00
..
public chore(CRLF): normalize index.html line endings to LF 2026-04-05 04:35:17 +02:00
scripts feat: add encryption key migration script and document it in README 2026-04-01 09:35:32 +02:00
src remove(oauth): drop browser-initiated DCR registration flow 2026-04-10 06:23:07 +02:00
tests security(oauth): harden OAuth 2.1/MCP implementation (Critical + High + Medium findings) 2026-04-10 02:03:27 +02:00
.env.example feat(mcp): add MCP_MAX_SESSION_PER_USER env var and document it everywhere 2026-04-06 00:09:22 +02:00
package-lock.json feat(mcp): introduce OAuth 2.1 auth and enforce addon gating 2026-04-09 22:25:58 +02:00
package.json chore: bump version to 2.9.12 [skip ci] 2026-04-09 15:48:10 +00:00
reset-admin.js Stabilize core: better-sqlite3, versioned migrations, graceful shutdown 2026-03-22 17:52:24 +01:00
tsconfig.json some fixes 2026-03-30 06:59:24 +02:00
vitest.config.ts refactor(mcp): replace direct DB access with service layer calls 2026-04-04 18:12:53 +02:00