This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+2 more
Affected surfaces
ReleasePort's take
Light signalThe release adds corporate OAuth client IDs for Google and Microsoft Entra ID.
Why it matters: Enables secure enterprise authentication for the OAuth flow, expanding supported identity providers; confidence level is moderate (50).
Summary
AI summaryRepublish with corporate OAuth client IDs for Google and Microsoft Entra ID.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Adds corporate OAuth client IDs for Google and Microsoft Entra ID. Adds corporate OAuth client IDs for Google and Microsoft Entra ID. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Feature | Low |
Publishes via npm OIDC trusted publisher without using a static token. Publishes via npm OIDC trusted publisher without using a static token. Source: granite4.1:30b@2026-05-24-audit Confidence: low |
— |
Full changelog
Republish with corporate (Masse Labs Inc.) OAuth client IDs.
- Google device flow client:
491923400813-pr17m6kpin2rsbbes18jpb60j1s3qmv4... - Microsoft Entra ID client:
8b09c842-d7a8-4d9c-a6ea-46c797412bac - Published via npm OIDC trusted publisher (no static token).
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About zkproofport/proofport-ai
Zero-knowledge proof generation MCP server for AI agents. Lets agents prove identity claims (Coinbase KYC, Country, Google OIDC, Google Workspace, Microsoft 365) without revealing personal information. Server-side proving in AWS Nitro Enclave TEE, paid via x402 USDC on Base. Built on Noir circuits (Aztec) and ERC-8004 agent identity. Reference application OpenStoa won 1st place at The Synthesis Hackathon ("Agents That Keep Secrets" track).
Related context
Related tools
Beta — feedback welcome: [email protected]