github MotWakorb/enhancedchannelmanager v0.17.2
on GitHub

5 hours ago

Release v0.17.2

The v0.17.2 cut — a full MCP correctness + coverage cycle, plus low-severity security hardening.

Added

  • MCP: Stats v2 + media-server attribution now queryable through Claude (epic co5wh) — 8 new tools (get_provider_stats, get_user_watch_time, get_user_channel_breakdown, get_trending, get_channel_popularity, get_activity, get_channel_bandwidth, enriched get_channel_stats). 124 tools total.

Fixed

  • MCP broken/misbehaving-tool sweep (epic bd-1wq7z) — 21 fixes from a live test of all tools: static mcp_api_key auth accepted at the dependency layer, reorder/bulk-commit data-loss guards, response-envelope unwrap crashes, wrong result keys, and ~15 per-tool correctness fixes.
  • MCP display/data-rendering tail (epic lq38l) — get_journal now reads the backend results envelope (was always empty); plus a 12-item cosmetic cluster (channel-number .0 suffixes, provider/group name resolution, EPG grid [Unknown], auto-creation action descriptor, dry-run sample/count, top-watched views, empty-name export guard, dismiss-merge envelope, merge id types, probe empty-states, and two new create-rule params).

Deprecated

  • ECM_TELEMETRY_EXCLUDE_USERS — moot after the bd-gsn3r namespace fix; logs a one-time deprecation warning, slated for removal in v0.18.0 (bead ye075 / lbpl7).

Security

  • MCP static-key hardening (1wq7z.24 + i3axt) — constant-time hmac.compare_digest for the static-key compares in mcp-server/server.py and backend/main.py; self-mutation auth routes (PUT /api/auth/me, change-password) return a clean 403 for the transient MCP principal instead of 500; RFC 6750 Bearer parsing hardening; threat-model EP3 documents mcp_api_key admin-equivalence including user-account management.

Full detail in CHANGELOG.md[0.17.2].

MCP Release Verification (per docs/runbooks/mcp-release-verification.md)

This release touches mcp-server/, so the MCP checklist applies:

  • Static ?api_key= connection — verified live this session against ecm-ecm-mcp-1 (the configured static-key connection).
  • Tool call over static-key connection — verified live (get_journal, list_channels, get_top_watched, get_probe_results, cancel_probe all returned correctly post-deploy).
  • Settings panel smoke (MCP status, key generate/regenerate) — operator UI step; not automatable from the release executor. Recommend the PO confirm in Settings → MCP Integration before/after promotion.

Pre-Cut Gate Checklist

  • G1a: Zero open P0/P1 bugs at cut SHA (bd list --status open --priority 0|1 both empty)
  • G1b: Zero open HIGH/CRITICAL security findings (Code Scanning query returned 0)
  • G2: Backend Tests green (CI will verify)
  • G3: Frontend Tests green (CI will verify)
  • G4: CodeQL delta-zero vs. main (CI will verify)
  • G5: CHANGELOG [Unreleased] promoted to [0.17.2] (2026-05-23), fresh empty [Unreleased] above
  • G6: Version in frontend/package.json = 0.17.2 (matches release branch); all 3 touchpoints in sync
  • G7: No other release-cut or hotfix PR targeting main is open

Cut SHA: 87cd0487 (dev tip).

Check out latest releases or
releases around MotWakorb/enhancedchannelmanager v0.17.2

Don't miss a new enhancedchannelmanager release

NewReleases is sending notifications on new releases.

Get notifications