github ulsklyc/yuvomi v1.2.0

latest release: v1.2.1
3 hours ago

Added

  • API Tokens: optional per-module permission scopes. An admin can restrict a token to individual modules and access levels (<module>:read / <module>:write, where write implies read) instead of granting the creator's full access. This matters most for tokens handed to an off-device AI/MCP client — for example a token that may write the calendar but can never read the health module. Tokens created without scopes keep full role-based access, so existing tokens are unaffected.

Security

  • API Tokens: scoped tokens are enforced across both the REST API and the MCP endpoint. A scoped token can only reach modules on its allow-list — every other /api/v1 path is denied, tools/list hides MCP tools the token cannot use, out-of-scope tools/call is refused, and the OpenAPI bridge inherits the same limits because it loops back through the REST layer with the same token.

Don't miss a new yuvomi release

NewReleases is sending notifications on new releases.