Skip to content

ignaciohermosillacornejo/copilot-money-mcp

v1.7.0 Breaking

This release includes 4 breaking changes for platform teams planning a safe upgrade.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

bun copilot-money leveldb mcp personal-finance typescript

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Published CLI now operates in read‑only mode, blocking all write tools.

Full changelog

Changed

  • Published CLI is now read-only. Copilot Money has restricted direct Firestore writes from third-party clients (403 PERMISSION_DENIED), so the 18 write tools can no longer succeed against the live backend. The copilot-money-mcp CLI shipped via npm and the .mcpb bundle now advertises only the 17 read tools; passing --write prints a notice and still starts read-only. Write tool source (src/tools/, FirestoreClient, auth) is preserved on main for a future GraphQL-based replacement.
  • manifest.json: only the 17 read tools are listed; mcp_config.args no longer includes --write.
  • scripts/sync-manifest.ts: writes only read tools into the manifest.
  • Marketing site (docs/index.html): stats row, install tabs, feature cards, and privacy banner reworked around the read-only surface; "Organize transactions" demo removed.

Breaking Changes

  • All write tools (18 total) are removed from `copilot-money-mcp` CLI; attempts to use them now return 403 PERMISSION_DENIED.
  • `manifest.json` no longer lists the 18 write tools, containing only the 17 read tools.
  • `mcp_config.args` in `manifest.json` removes the `--write` flag entry.
  • Marketing site (`docs/index.html`) has removed the "Organize transactions" demo and reworked related sections to reflect the read‑only surface.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ignaciohermosillacornejo/copilot-money-mcp

Get notified when new releases ship.

Sign up free

About ignaciohermosillacornejo/copilot-money-mcp

Read and manage Copilot Money personal finance data — 30 tools for transactions, budgets, accounts, recurring charges, investments, and goals. Reads are 100% local from the Firestore cache; opt-in writes (`--write`) go directly to Copilot's GraphQL API.

All releases →

Related context

Beta — feedback welcome: [email protected]