Skip to content

Commit dee0003

Browse files
author
Dev Agent Amelia
committed
fix: cleanup obsolete items O-01..O-09 + enrich server.json for MCP Registry
- README/CAPABILITIES/server.json: tool count 39/48 → 50, add missing tools - Remove dead redirectUri from schema, loader, config.example, tests - CI: fix branch trigger main/develop → master - PUBLISHING: fix stale ali-taggaz → codeurali - server.json: add icons, websiteUrl, all env vars with descriptions - Extract actions methods to dataverse-client.actions.ts (400-line limit) - Delete recreated Docker files v0.1.6
1 parent 649c4e9 commit dee0003

88 files changed

Lines changed: 7170 additions & 4858 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/ci.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@ name: CI
22

33
on:
44
push:
5-
branches: [main, develop]
5+
branches: [master]
66
pull_request:
7-
branches: [main]
7+
branches: [master]
88

99
jobs:
1010
ci:
@@ -18,8 +18,8 @@ jobs:
1818
- name: Setup Node.js
1919
uses: actions/setup-node@v4
2020
with:
21-
node-version: '20'
22-
cache: 'npm'
21+
node-version: "20"
22+
cache: "npm"
2323

2424
- name: Install dependencies
2525
run: npm ci

CAPABILITIES.md

Lines changed: 363 additions & 306 deletions
Large diffs are not rendered by default.

CHANGELOG.md

Lines changed: 30 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -8,18 +8,21 @@ Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) — [Semantic V
88
## [0.2.0] — Unreleased
99

1010
### Added
11+
1112
- `dataverse_assign` — assign a record to a different user or team owner via `ownerid@odata.bind`
1213
- `dataverse_list_teams` — list Dataverse teams with optional filter by team type (Owner / Access / Office / Security)
1314
- `dataverse_update` now accepts optional `etag` parameter for optimistic concurrency (`If-Match: <etag>`); when omitted, behaviour is unchanged (`If-Match: *`)
1415

1516
### Security
17+
1618
- MSAL token-cache file now written with `mode: 0o600` (owner read/write only) on POSIX systems
1719

1820
---
1921

2022
## [0.1.5] — 2026-02-21
2123

2224
### Removed
25+
2326
- Removed `Dockerfile` and `.dockerignore` — Docker adds unnecessary complexity for an stdio-based MCP server distributed via `npx`; PAC CLI auth (recommended) does not work in containers
2427
- Removed Docker section from README
2528

@@ -28,9 +31,11 @@ Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) — [Semantic V
2831
## [0.1.3] — 2025-06-22
2932

3033
### Fixed
34+
3135
- Server startup crash when installed via `npx` — incorrect `package.json` path resolution from `dist/` (was `../../package.json`, now `../package.json`)
3236

3337
### Security
38+
3439
- **[HIGH]** `entitySetName` now validated against a safe identifier regex (`/^[a-zA-Z_][a-zA-Z0-9_]*$/`) across all tools — prevents path traversal within same origin (F-01)
3540
- **[MEDIUM]** `relationshipName` and `relatedEntitySetName` now validated with the same safe identifier regex in relation tools (F-10)
3641
- Consolidated all inline OData single-quote escaping calls to use the centralized `esc()` utility for consistency (F-06)
@@ -40,33 +45,35 @@ Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) — [Semantic V
4045
## [0.1.0] — 2025-04-01
4146

4247
### Added
48+
4349
48 tools covering the full Microsoft Dataverse Web API surface:
4450

45-
| Category | Tools |
46-
|---|---|
47-
| **Auth** | `dataverse_whoami` |
48-
| **Metadata** (7) | `dataverse_list_tables`, `dataverse_get_table_metadata`, `dataverse_get_relationships`, `dataverse_list_global_option_sets`, `dataverse_get_option_set`, `dataverse_get_entity_key`, `dataverse_get_attribute_option_set` |
49-
| **Query** (3) | `dataverse_query`, `dataverse_execute_fetchxml`, `dataverse_retrieve_multiple_with_paging` |
50-
| **CRUD** (5) | `dataverse_get`, `dataverse_create`, `dataverse_update`, `dataverse_delete`, `dataverse_upsert` |
51-
| **Relations** (2) | `dataverse_associate`, `dataverse_disassociate` |
52-
| **Actions / Functions** (6) | `dataverse_execute_action`, `dataverse_execute_function`, `dataverse_execute_bound_action`, `dataverse_execute_bound_function`, `dataverse_retrieve_dependencies_for_delete`, `dataverse_list_dependencies` |
53-
| **Batch** (1) | `dataverse_batch_execute` |
54-
| **Change Tracking** (1) | `dataverse_change_detection` |
55-
| **Solution** (3) | `dataverse_list_solutions`, `dataverse_solution_components`, `dataverse_publish_customizations` |
56-
| **Impersonation** (1) | `dataverse_impersonate` |
57-
| **Customization** (3) | `dataverse_list_custom_actions`, `dataverse_list_plugin_steps`, `dataverse_set_workflow_state` |
58-
| **Environment** (2) | `dataverse_get_environment_variable`, `dataverse_set_environment_variable` |
59-
| **Trace** (2) | `dataverse_get_plugin_trace_logs`, `dataverse_get_workflow_trace_logs` |
60-
| **Search** (1) | `dataverse_search` |
61-
| **Audit** (1) | `dataverse_get_audit_log` |
62-
| **Quality** (1) | `dataverse_detect_duplicates` |
63-
| **Annotations** (2) | `dataverse_get_annotations`, `dataverse_create_annotation` |
64-
| **Users** (2) | `dataverse_list_users`, `dataverse_get_user_roles` |
65-
| **Views** (1) | `dataverse_list_views` |
66-
| **Files** (2) | `dataverse_upload_file_column`, `dataverse_download_file_column` |
67-
| **Org** (1) | `dataverse_list_business_units` |
51+
| Category | Tools |
52+
| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
53+
| **Auth** | `dataverse_whoami` |
54+
| **Metadata** (7) | `dataverse_list_tables`, `dataverse_get_table_metadata`, `dataverse_get_relationships`, `dataverse_list_global_option_sets`, `dataverse_get_option_set`, `dataverse_get_entity_key`, `dataverse_get_attribute_option_set` |
55+
| **Query** (3) | `dataverse_query`, `dataverse_execute_fetchxml`, `dataverse_retrieve_multiple_with_paging` |
56+
| **CRUD** (5) | `dataverse_get`, `dataverse_create`, `dataverse_update`, `dataverse_delete`, `dataverse_upsert` |
57+
| **Relations** (2) | `dataverse_associate`, `dataverse_disassociate` |
58+
| **Actions / Functions** (6) | `dataverse_execute_action`, `dataverse_execute_function`, `dataverse_execute_bound_action`, `dataverse_execute_bound_function`, `dataverse_retrieve_dependencies_for_delete`, `dataverse_list_dependencies` |
59+
| **Batch** (1) | `dataverse_batch_execute` |
60+
| **Change Tracking** (1) | `dataverse_change_detection` |
61+
| **Solution** (3) | `dataverse_list_solutions`, `dataverse_solution_components`, `dataverse_publish_customizations` |
62+
| **Impersonation** (1) | `dataverse_impersonate` |
63+
| **Customization** (3) | `dataverse_list_custom_actions`, `dataverse_list_plugin_steps`, `dataverse_set_workflow_state` |
64+
| **Environment** (2) | `dataverse_get_environment_variable`, `dataverse_set_environment_variable` |
65+
| **Trace** (2) | `dataverse_get_plugin_trace_logs`, `dataverse_get_workflow_trace_logs` |
66+
| **Search** (1) | `dataverse_search` |
67+
| **Audit** (1) | `dataverse_get_audit_log` |
68+
| **Quality** (1) | `dataverse_detect_duplicates` |
69+
| **Annotations** (2) | `dataverse_get_annotations`, `dataverse_create_annotation` |
70+
| **Users** (2) | `dataverse_list_users`, `dataverse_get_user_roles` |
71+
| **Views** (1) | `dataverse_list_views` |
72+
| **Files** (2) | `dataverse_upload_file_column`, `dataverse_download_file_column` |
73+
| **Org** (1) | `dataverse_list_business_units` |
6874

6975
### Security
76+
7077
- AES-256-GCM encrypted PAC CLI token cache
7178
- SSRF protection on all outbound HTTP via URL allowlist
7279
- UUID validation on all record ID parameters

PUBLISHING.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,13 @@ The MCP server is distributed via **npm** and listed in the **MCP Registry** (wh
1515
### 1. Set your GitHub username
1616

1717
Replace `your-username` in these files:
18+
1819
- `package.json``mcpName` field
1920
- `server.json``name` and `repository.url`
2021

2122
The `mcpName` in `package.json` **must match** the `name` in `server.json`.
2223

23-
Format: `io.github.ali-taggaz/dataverse`
24+
Format: `io.github.codeurali/dataverse`
2425

2526
### 2. Set the real repository URL
2627

@@ -62,14 +63,15 @@ mcp-publisher publish
6263
### 7. Verify
6364

6465
```bash
65-
curl "https://registry.modelcontextprotocol.io/v0.1/servers?search=io.github.ali-taggaz/dataverse"
66+
curl "https://registry.modelcontextprotocol.io/v0.1/servers?search=io.github.codeurali/dataverse"
6667
```
6768

6869
The server should now appear in VS Code's `@mcp` gallery search.
6970

7071
## Updating
7172

7273
For each new version:
74+
7375
1. Bump `version` in `package.json`, `server.json`, and the `packages[0].version` in `server.json`
7476
2. `npm publish`
7577
3. `mcp-publisher publish`
@@ -87,6 +89,7 @@ Where the JSON config is: `{"name":"mcp-dataverse","command":"npx","args":["-y",
8789
## Architecture Note
8890

8991
The server runs **locally** on the user's machine via stdio transport. This is required because:
92+
9093
- PAC CLI authentication uses local device code flow
9194
- Credentials never leave the user's machine
9295
- VS Code launches the server as a subprocess and communicates via stdin/stdout

0 commit comments

Comments
 (0)