Skip to content

Commit 984f42c

Browse files
authored
docs(README): fix stale version + 'future' mobile-mcp wording (#118)
Two inaccuracies surfaced by an audit against the code: - Contributing section said "stable now (v0.1.x)" and "CONTRIBUTING.md will land alongside v0.2" — but the package is 0.2.1 (tags v0.2.0/ v0.2.1 exist) and the header already says "0.2.1 stable". Update to v0.2.x and drop the shipped-version reference. - Security section listed "the future mobile-mcp client" among scrubbed subprocesses, but mobile-mcp is already spawned with scrubbedEnv() (src/mobile.ts:89). Drop "future".
1 parent c858602 commit 984f42c

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -284,7 +284,7 @@ Report flags:
284284

285285
**Don't** paste a real key into shell history (`HISTFILE` captures it), commit a `.env`, or echo the key into a non-private channel.
286286

287-
The agent strips `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, and `NATIVEAPPTEMPLATE_AGENT_ANTHROPIC_KEY` from the environment of every subprocess it spawns — Ruby scripts, `git`, `psql`, `xcodebuild`, `gradlew`, the future mobile-mcp client. Keys are only seen by the Anthropic SDK in the Node process. Set spend limits on your API workspace as a backstop, and rotate the key if you suspect leak.
287+
The agent strips `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, and `NATIVEAPPTEMPLATE_AGENT_ANTHROPIC_KEY` from the environment of every subprocess it spawns — Ruby scripts, `git`, `psql`, `xcodebuild`, `gradlew`, the mobile-mcp client. Keys are only seen by the Anthropic SDK in the Node process. Set spend limits on your API workspace as a backstop, and rotate the key if you suspect leak.
288288

289289
## Project docs
290290

@@ -294,7 +294,7 @@ The agent strips `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, and `NATIVEAPPTEMP
294294

295295
## Contributing
296296

297-
Issues and PRs welcome. The repository is stable now (v0.1.x) — no more hackathon-pace rewrites. A `CONTRIBUTING.md` with detailed guidelines will land alongside v0.2.
297+
Issues and PRs welcome. The repository is stable now (v0.2.x) — no more hackathon-pace rewrites. A `CONTRIBUTING.md` with detailed guidelines is still to come.
298298

299299
For now, the simplest path is: open an issue describing what you're trying to do, and we'll figure out the right shape together before code lands. Bug reports with reproducible commands (and the `/tmp/<dir>/tmp/trace/` log) are especially welcome.
300300

0 commit comments

Comments
 (0)