v0.15.1 — MCP bearer-flow auth fix
Patch follow-up to 0.15.0 closing a silent auth failure on the headline flow: bearer profiles.
Fixed
- MCP bearer-flow auth profile resolution (
mcp_server/auth.py). Profiles declaringflow: bearerwithpassword_source: envsilently fell back to form-post:resolve_auth_profile_to_dictignoredprof.flowand returned aform_postdict for any password-source profile. Downstream POSTed form-encoded credentials to JSON-only endpoints like Juice Shop/rest/user/loginand the login silently failed withauth_profile '<name>' could not be resolved or login failed. Adds abearer_dynamicbranch on both sides of the resolver. Two integration tests cover the dict shape and the async POST→JWT path. Validated end-to-end against Juice Shop v19.2.1 (8 phases completed, 100 findings, same 43/68 catch set as the 0.15.0 deterministic baseline).
Install
pip install ptai==0.15.1PyPI: https://pypi.org/project/ptai/0.15.1/
Full notes in CHANGELOG.md.