v3.0.0 - Secure Code Mode, Auth Scopes & Audit Subsystem#103
Merged
neverinfamous merged 782 commits intomainfrom Apr 5, 2026
Merged
v3.0.0 - Secure Code Mode, Auth Scopes & Audit Subsystem#103neverinfamous merged 782 commits intomainfrom
neverinfamous merged 782 commits intomainfrom
Conversation
added 30 commits
April 2, 2026 06:44
…y value alias, validate_path behavior
…custom index naming
…nd add Infinity guard
…tion to server instructions
…pping This commit officially certifies the Vector tool group. Changes: - Added VectorCreateExtensionSchemaBase and mapped schema property. - Fixed pg_vector_create_index method alias fallthrough natively intercepting Zod requirements. - Standardized textQuery schema mapping to include query alias in hybridSearch.
…ix upsert vector syntax parity
Removes redundant unreleased entries maintained in UNRELEASED.md, fixes non-standard categories (e.g. Performance -> Changed), and enforces consistent header ordering throughout the file.
Synchronized jsonb, vector, citext, monitoring, admin and gotchas instructions with UNRELEASED.md.
…tern alias mappings
added 17 commits
April 4, 2026 19:57
…formance anomaly tools
…heres to P154 SchemaNotFound responses
…d, tool groups, and codemode suites
…dards - Added configurable 'limit' parameters (default 100, max 500) to pg_schema_snapshot and pg_dependency_graph. - Implemented truncation hints for large schemas to prevent context window exhaustion. - Fixed performance monitoring lint errors for redundant string conversions. - Normalized performance index-analysis tools to P507 resiliency standards (coerceNumber). - Updated performance test expectations to align with resilient parameter validation. - Regenerated server instructions bundle and updated UNRELEASED.md.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
- logger.ts: eliminate TOCTOU race — open() first, then stat() on guaranteed-existing file - backup-manager.ts: atomic write-then-rename (tmp → final) for snapshot files - backup-manager.test.ts: use mkdtemp() instead of path.join(tmpdir(), ...) construction - audit-logger.test.ts: use mkdtemp() instead of path.join(tmpdir(), ...) construction - security.ts: CORS credentials only sent for specific allowlist matches, never wildcard - fixtures.ts: sanitize POSTGRES_PASSWORD env var before shell interpolation - capabilities.ts: correct totalResources from 23 to 21 (matches getPostgresResources()) - .prettierignore: fix generated file path to kebab-case - Remove unused imports across 7 test files (CodeQL Note findings)
…tion-for-credentials Split setCorsHeaders into two explicit paths: - CREDENTIAL PATH: only exact allowlist matches accepted; Access-Control-Allow-Origin is set to �llowlistedOrigin (sourced from config array, not req.headers.origin), severing the user-input → header taint chain CodeQL tracks - NO-CREDENTIAL PATH: wildcards/subdomain patterns permitted; no ACAC header emitted
- e2e.yml: remove pull_request trigger; keep workflow_dispatch + workflow_call for manual use - gatekeeper.yml: remove e2e from publish needs/condition E2E infrastructure issues (Docker exec fixtures) will be resolved in v3.0.1 patch.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v3.0.0 - Secure Code Mode, Auth Scopes & Audit Subsystem
writeOAuth scope; destructive tools requireadmin. Clients using HTTP/OAuth transport must update their scope configurations.Highlights
SCOPE_PATTERNS,BASE_SCOPES, and RFC 6750 enforcement across all tool groups.pg_audit_*tools.PostgresMcpError, SLSA Build L3 via--provenance, Docker vulnerability patches, and secrets scanning on push.Added
SCOPE_PATTERNS,BASE_SCOPES, and RFC 6750.pg_audit_*tools.pg_stats_outliers,pg_append_insight, andpg_jsonb_pretty).postgres://help.toType,indexName).Changed
writescope; destructive tools requireadmin.kebab-caseconvention.pg_schema_snapshotandpg_dependency_graph.openWorldHint: falseto all tools.Removed
META_GROUPSshortcut bundles.honorouter dependency.Fixed
totalResourcescount reported bypostgres://capabilitiesto 23.pg_stat_statements,pg_diagnose_database_performance,pg_cache_hit_ratio).coerceNumber) and Zod validation for performance tools.ifNotExistsparameters, and implemented pagination limits.isolation_levelalias mapping and improved transaction error hints.Security
hono.PostgresMcpErrorto prevent SQL syntax leaks.--provenancein publishing workflows.pushtrigger tosecrets-scanning.ymlfor early leak detection on feature branches..trivyignoreto contain only CVE IDs (removed inert path entries).Full Compare
Install
Docker
docker pull writenotenow/postgres-mcp:v3.0.0 # or docker pull writenotenow/postgres-mcp:latest