Ryan Malloy
4090c788a2
Some checks failed
Security Scan / security-scan (push) Has been cancelled
The PII audit run before this publish caught three files that have been leaking operator-specific paths to PyPI in v2.1.6, v2.1.7, and v2.2.0: - claude_desktop_config.json (personal Claude Desktop config snapshot) - mcp-pdf-tools-launcher.sh (obsolete — uvx replaces it) - mcp-config-example.json (had hardcoded /home/rpm path + old package name) Fix: - Delete the personal config and obsolete launcher - Sanitize the example to use uvx with the [markdown] extra (matches docs) - Add [tool.hatch.build.targets.sdist] exclude block per ~/.claude/rules/python.md to prevent recurrence — covers dev artifacts, fixture PDFs, internal architecture notes, and CI scripts Side benefit: sdist size dropped from 2.4 MB to 304 KB (8× reduction), mostly from excluding examples/*.pdf and the tests/ fixture PDF. The /home/rpm leaks in prior versions are not credentials, just operator paths — not yanking. Going forward the unpacked-sdist grep is mandatory before each publish.
12 lines
206 B
JSON
12 lines
206 B
JSON
{
|
|
"mcpServers": {
|
|
"pdf-tools": {
|
|
"command": "uvx",
|
|
"args": ["--from", "mcp-pdf[markdown]", "mcp-pdf"],
|
|
"env": {
|
|
"PDF_TEMP_DIR": "/tmp/mcp-pdf-processing"
|
|
}
|
|
}
|
|
}
|
|
}
|