drupal-mcp-connector 0.7.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/README.md +2 -2
- package/package.json +10 -10
- package/src/index.js +4 -4
- package/src/lib/config.js +5 -2
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [0.7.1] - 2026-06-08
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
- The connector now reports its real version — sourced from `package.json` at
|
|
14
|
+
runtime — in the MCP handshake, the `X-MCP-Client` identity header, and the
|
|
15
|
+
startup logs. A hardcoded version literal had drifted and under-reported it
|
|
16
|
+
(0.7.0 still announced itself as `0.6.0`).
|
|
17
|
+
|
|
18
|
+
### Documentation
|
|
19
|
+
- Corrected Node version references (18 → 20) in the README and getting-started
|
|
20
|
+
guide to match `engines.node >=20.0.0`, and updated the example startup banner
|
|
21
|
+
to the current version.
|
|
22
|
+
- Rewrote CONTRIBUTING.md: prerequisites, full dev-script list, a tests section,
|
|
23
|
+
accurate PR/CI gates, and the PR-then-tag release flow for protected `master`.
|
|
24
|
+
|
|
10
25
|
## [0.7.0] - 2026-06-08
|
|
11
26
|
|
|
12
27
|
### Added
|
|
@@ -108,6 +123,7 @@ The connector is now **dual-protocol**: every tool runs against an abstract back
|
|
|
108
123
|
- User tools gained explicit PII-access assertions.
|
|
109
124
|
- Whole tree lint-clean (`npm run lint`) with object-injection sinks rewritten to safe lookups.
|
|
110
125
|
|
|
126
|
+
[0.7.1]: https://github.com/Wilkes-Liberty/drupal-mcp-connector/releases/tag/v0.7.1
|
|
111
127
|
[0.7.0]: https://github.com/Wilkes-Liberty/drupal-mcp-connector/releases/tag/v0.7.0
|
|
112
128
|
[0.6.1]: https://github.com/Wilkes-Liberty/drupal-mcp-connector/releases/tag/v0.6.1
|
|
113
129
|
[0.6.0]: https://github.com/Wilkes-Liberty/drupal-mcp-connector/releases/tag/v0.6.0
|
package/README.md
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
> A secure, multi-site Model Context Protocol (MCP) connector for Drupal — dual-protocol JSON:API and GraphQL access, governed content tools, audit reports, and an SSH Drush bridge.
|
|
4
4
|
|
|
5
5
|
[](https://opensource.org/licenses/MIT)
|
|
6
|
-
[](https://nodejs.org)
|
|
7
7
|
[](https://drupal.org)
|
|
8
8
|
[](https://modelcontextprotocol.io)
|
|
9
9
|
|
|
@@ -98,7 +98,7 @@ Presets layer with entity allow/deny lists, per-bundle operation rules, and fiel
|
|
|
98
98
|
|
|
99
99
|
## Requirements
|
|
100
100
|
|
|
101
|
-
- **Node.js**
|
|
101
|
+
- **Node.js** 20+
|
|
102
102
|
- **Drupal** 10 or 11 (JSON:API ships in core)
|
|
103
103
|
- For the **GraphQL backend**: [GraphQL Compose](https://www.drupal.org/project/graphql_compose)
|
|
104
104
|
- For **token auth** (recommended): [Simple OAuth](https://www.drupal.org/project/simple_oauth)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "drupal-mcp-connector",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.1",
|
|
4
4
|
"description": "A secure, multi-site Model Context Protocol (MCP) connector for Drupal — dual-protocol JSON:API and GraphQL.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/index.js",
|
|
@@ -43,15 +43,15 @@
|
|
|
43
43
|
"node": ">=20.0.0"
|
|
44
44
|
},
|
|
45
45
|
"scripts": {
|
|
46
|
-
"start":
|
|
47
|
-
"start:https":
|
|
48
|
-
"start:dev":
|
|
49
|
-
"lint":
|
|
50
|
-
"lint:fix":
|
|
51
|
-
"test":
|
|
52
|
-
"test:watch":
|
|
53
|
-
"audit":
|
|
54
|
-
"check":
|
|
46
|
+
"start": "node src/index.js",
|
|
47
|
+
"start:https": "MCP_TRANSPORT=https node src/index.js",
|
|
48
|
+
"start:dev": "MCP_TRANSPORT=https MCP_ALLOW_HTTP=1 MCP_PORT=3443 node src/index.js",
|
|
49
|
+
"lint": "eslint src/",
|
|
50
|
+
"lint:fix": "eslint src/ --fix",
|
|
51
|
+
"test": "vitest run",
|
|
52
|
+
"test:watch": "vitest",
|
|
53
|
+
"audit": "npm audit --audit-level=high",
|
|
54
|
+
"check": "npm run lint && npm run audit",
|
|
55
55
|
"syntax-check": "for f in src/lib/*.js src/tools/*.js src/index.js; do node --input-type=module --check < $f && echo \"$f ✓\"; done"
|
|
56
56
|
},
|
|
57
57
|
"dependencies": {
|
package/src/index.js
CHANGED
|
@@ -34,7 +34,7 @@ import { CallToolRequestSchema,
|
|
|
34
34
|
ListPromptsRequestSchema,
|
|
35
35
|
GetPromptRequestSchema } from "@modelcontextprotocol/sdk/types.js";
|
|
36
36
|
|
|
37
|
-
import { getSiteConfig, listSiteNames, getTlsConfig } from "./lib/config.js";
|
|
37
|
+
import { getSiteConfig, listSiteNames, getTlsConfig, CLIENT_VERSION } from "./lib/config.js";
|
|
38
38
|
import { makeBearerCheck } from "./lib/http-auth.js";
|
|
39
39
|
import { resolveSecurityConfig, assertNotReadOnly,
|
|
40
40
|
assertDestructiveAllowed, assertGraphqlMutationAllowed,
|
|
@@ -298,7 +298,7 @@ function getPromptMessages(name, args) {
|
|
|
298
298
|
// ---------------------------------------------------------------------------
|
|
299
299
|
|
|
300
300
|
const server = new Server(
|
|
301
|
-
{ name: "drupal-mcp-connector", version:
|
|
301
|
+
{ name: "drupal-mcp-connector", version: CLIENT_VERSION },
|
|
302
302
|
{ capabilities: { tools: {}, resources: {}, prompts: {} } }
|
|
303
303
|
);
|
|
304
304
|
|
|
@@ -368,7 +368,7 @@ if (transport === "stdio") {
|
|
|
368
368
|
const stdioTransport = new StdioServerTransport();
|
|
369
369
|
await server.connect(stdioTransport);
|
|
370
370
|
console.error(
|
|
371
|
-
|
|
371
|
+
`[drupal-mcp-connector v${CLIENT_VERSION}] stdio transport active. ` +
|
|
372
372
|
`${allDefinitions.length} tools · ${RESOURCES.length} resources · ${PROMPTS.length} prompts`
|
|
373
373
|
);
|
|
374
374
|
|
|
@@ -488,7 +488,7 @@ if (transport === "stdio") {
|
|
|
488
488
|
nodeServer.listen(port, bindHost, () => {
|
|
489
489
|
const proto = hasTls ? "https" : "http";
|
|
490
490
|
console.error(
|
|
491
|
-
`[drupal-mcp-connector
|
|
491
|
+
`[drupal-mcp-connector v${CLIENT_VERSION}] Listening on ${proto}://${bindHost}:${port}/mcp\n` +
|
|
492
492
|
` ${allDefinitions.length} tools · ${RESOURCES.length} resources · ${PROMPTS.length} prompts`
|
|
493
493
|
);
|
|
494
494
|
});
|
package/src/lib/config.js
CHANGED
|
@@ -13,8 +13,11 @@ import { validateBaseUrl } from "./validate.js";
|
|
|
13
13
|
import { SecurityError } from "./security.js";
|
|
14
14
|
import { getAccessToken } from "./oauth.js";
|
|
15
15
|
|
|
16
|
-
|
|
17
|
-
|
|
16
|
+
// eslint-disable-next-line security/detect-non-literal-fs-filename -- fixed path relative to this module (the package's own package.json), not user input
|
|
17
|
+
const pkg = JSON.parse(readFileSync(new URL("../../package.json", import.meta.url), "utf8"));
|
|
18
|
+
|
|
19
|
+
/** Connector version, sourced from package.json so it never drifts out of sync. */
|
|
20
|
+
export const CLIENT_VERSION = pkg.version;
|
|
18
21
|
|
|
19
22
|
/**
|
|
20
23
|
* Identity headers sent on every outbound Drupal request. Lets governance layers
|