Stu Mason
Stu Mason

Activity

StuMason/coolify-mcp
Pull Request Opened

PR #210 opened: chore: release v2.12.0 — list_resources essential projection + webhook secret masking (#206)

Release v2.12.0

Bumps version 2.11.0 → 2.12.0 and finalizes the CHANGELOG for the v2.12.0 release.

Tagged minor (not patch) per the in-PR review on #206: the typed signature change is "repairing a lie" (the prior Promise<ResourceListItem[]> was wrong-at-runtime), but the runtime payload shape shrinks ~143× by default. The include_full: true escape hatch keeps it sub-major.

What's in v2.12.0

Security

  • list_resources masks webhook secrets and basic-auth credentials by default (#204) — manual_webhook_secret_{github,gitlab,gitea,bitbucket} and http_basic_auth_password are replaced with '***' on the include_full: true path. Pass reveal: true to round-trip plaintext. Mirrors v2.9.0 env_vars masking.

Fixed

  • system list_resources essential projection by default (#203) — { uuid, name, type, status? } instead of the full ~95-field Coolify payload. Set include_full: true to opt into the raw response.
  • is_build_time typo bleed-in from #172 (#205) — test mock + CHANGELOG cleanup.
  • toResourceListItemEssential guards status with typeof — drops the unchecked as string cast; defensive against future Coolify shape changes.

Changed (breaking, typed-only)

  • listResources signaturePromise<ResourceListItem[]>Promise<ResourceListItem[] | ResourceListItemFull[]> with new optional options?: { include_full?: boolean; reveal?: boolean } param. The previous type was wrong-at-runtime, so any caller that worked end-to-end was already accommodating the bloated shape.

Added (types)

  • ResourceListItemFull typeResourceListItem & Record<string, unknown>. Forces consumers to narrow before reading non-essential fields.

All landed via #206 (thanks @kashik0i).

Test plan

  • npm test — 361 pass, 98.09% / 99.53% coverage
  • npm run lint — 0 errors, 4 pre-existing warnings (unchanged)
  • npm run format — clean
  • VERSION constant test passes (mcp-server.ts reads from package.json — confirmed 2.12.0 propagates)
  • Once merged: publish workflow auto-fires on package.json change, publishes @masonator/[email protected] to npm, tags v2.12.0, creates GitHub release with the CHANGELOG section as notes.

Follow-up tracking

  • #209 — audit list_resources include_full for other sensitive nested surfaces (env_vars[], db creds, etc.) — out of scope for this release.
+5
additions
-3
deletions
3
files changed
View on GitHub