Skip to content

fix(server): return errors instead of panicking in InitializeConfigs#3397

Merged
Yuan325 merged 21 commits into
mainfrom
feat/offline-configs-graceful-errors
Jun 18, 2026
Merged

fix(server): return errors instead of panicking in InitializeConfigs#3397
Yuan325 merged 21 commits into
mainfrom
feat/offline-configs-graceful-errors

Conversation

@twishabansal

@twishabansal twishabansal commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Description

InitializeOfflineConfigs previously called panic(err) when the instrumentation or logger could not be retrieved from the context. This changes those to graceful error returns (return nil, nil, fmt.Errorf(...)) so callers (e.g. skills-generate) get a clean error instead of a crash.

twishabansal and others added 14 commits June 8, 2026 12:39
…arameters

ToolConfig.Initialize no longer takes a sources map. Tool.Manifest and
Tool.GetParameters now take the sources map and return an error. Source
lookups that previously happened at init move to where the source is
actually needed: dynamic parameters and manifests resolve at request
time, and tools that captured source resources now acquire them in
Invoke. As a result, metadata endpoints and offline flows no longer
require live source credentials at init.
…fest

Validate-only tools now re-check source existence/compatibility lazily in
Manifest/GetParameters (via a shared validate helper) instead of dropping
the check, preserving fail-fast at metadata time. Add Toolset.BuildManifest
to build a toolset's manifest from its tools, replacing the inline loop in
toolsetHandler.
…nit-from-sources

# Conflicts:
#	internal/tools/cloudsqladmin/cloudsqladminexecutemany/cloudsqladminexecutemany.go
#	internal/tools/cloudsqladmin/cloudsqladminsqlmany/cloudsqladminsqlmany.go
#	internal/tools/cloudsqlpg/vectorassistdeletespec/vectorassistdeletespec.go
#	internal/tools/cloudsqlpg/vectorassistgetspec/vectorassistgetspec.go
#	internal/tools/cloudsqlpg/vectorassistimprovequeryrecall/vectorassistimprovequeryrecall.go
#	internal/tools/cloudsqlpg/vectorassistlistspecs/vectorassistlistspecs.go
#	internal/tools/datalineage/datalineagesearchlineage/datalineagesearchlineage.go
#	internal/tools/spanner/spannersearchcatalog/spannersearchcatalog.go
Dead code superseded by GetCompatibleSourceFromMap type-assertion
compatibility; the var _ compatibleSource assertions remain as the
real compile-time check.
Add server.InitializeOfflineConfigs, which initializes only tools and
toolsets and skips sources, auth services, and embedding models. Wire
skills-generate to it so skill generation no longer requires live DB
credentials.

To make offline metadata resolution safe, the dynamic-param tools now
fall back to the static parameter skeleton baked at Initialize when the
sources map is nil, while a named-but-missing source still fails fast.
Replace the per-tool resolveParams nil-guards with a single StaticManifest()
method on BaseTool (and the Tool interface) that returns the baked manifest
without source resolution. The skills generator calls StaticManifest() instead
of Manifest(nil), so the served path (Manifest(srcs)) is untouched and still
fails fast on a missing source.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
…onfigs

Replace panic(err) with graceful error returns for instrumentation and
logger context lookups so offline config initialization fails cleanly.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors the InitializeOfflineConfigs function in internal/server/server.go to return errors instead of panicking when failing to retrieve the instrumentation or logger from the context. There are no review comments, and I have no additional feedback to provide.

@twishabansal twishabansal added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Jun 11, 2026
Apply the same graceful error handling for instrumentation and logger
context lookups in InitializeConfigs as in InitializeOfflineConfigs.
@twishabansal twishabansal changed the title fix(server): return errors instead of panicking in InitializeOfflineConfigs fix(server): return errors instead of panicking in InitializeConfigs Jun 11, 2026
Base automatically changed from feat/skills-generate-offline to main June 12, 2026 12:24
@google-cloud-build google-cloud-build Bot requested review from a team as code owners June 12, 2026 12:24
@google-cloud-build google-cloud-build Bot requested review from a team as code owners June 12, 2026 12:24
@twishabansal twishabansal removed the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Jun 12, 2026
@twishabansal twishabansal added the release candidate Use label to signal PR should be included in the next release. label Jun 15, 2026
@Yuan325 Yuan325 assigned Yuan325 and unassigned duwenxin99 Jun 18, 2026
@Yuan325 Yuan325 enabled auto-merge (squash) June 18, 2026 21:48
@Yuan325 Yuan325 merged commit f48b01d into main Jun 18, 2026
24 checks passed
@Yuan325 Yuan325 deleted the feat/offline-configs-graceful-errors branch June 18, 2026 22:15
@github-actions

Copy link
Copy Markdown
Contributor

🧨 Preview deployments removed.

Cloudflare Pages environments for pr-3397 have been deleted.

Yuan325 added a commit that referenced this pull request Jun 18, 2026
🤖 I have created a release *beep* *boop*
---


##
[1.5.0](v1.4.0...v1.5.0)
(2026-06-18)


### Features

* **auth/google:** Require audience or clientId for mcpEnabled
([#3450](#3450))
([59f7b6e](59f7b6e))
* Enable per source level flags for sql commenter
([#3465](#3465))
([ecce6b7](ecce6b7))
* **mcp:** Add URL parameter binding for HTTP transport
([#3112](#3112))
([0cc7b37](0cc7b37))
* **scylladb:** Adding support for ScyllaDB source and tool
([#3119](#3119))
([2dada83](2dada83))
* **server:** Add support for toolset filtering in prebuilt CLI flag
([#3245](#3245))
([7cc4f65](7cc4f65))
* **skills:** Generate skills offline without live source connections
([#3388](#3388))
([4c860b6](4c860b6))
* **skills:** Tolerate missing env vars during offline skills-generate
([#3399](#3399))
([ea5d3e5](ea5d3e5))
* **source/cloud-storage:** Restrict bucket and local path access
([#3454](#3454))
([2c3ca5d](2c3ca5d))
* **tools/bigquery:** Add per tool query label in BigQuery jobs
([#1975](#1975))
([3f6a49f](3f6a49f))
* **tools/dataplex:** Add tools to support metadata enrichment workflow
([#3270](#3270))
([05289aa](05289aa))
* **tools/mysql:** Add show-query-stats and list-all-locks tools for
MySQL and Cloud SQL MySQL source
([#2954](#2954))
([a9693bd](a9693bd))
* **tools:** Decouple tool initialization from sources
([#3355](#3355))
([32a24e3](32a24e3))


### Bug Fixes

* **auth/dataplex:** Fix failing source with service account credentials
([#3369](#3369))
([ba4deef](ba4deef))
* **bigquery:** Wire maximumBytesBilled into prebuilt config
([#3385](#3385))
([4abbf6e](4abbf6e))
* Bound MCP HTTP body size
([#3216](#3216))
([d4f4342](d4f4342))
* **config:** Add doc/line context to parse errors
([#2957](#2957))
([4b097da](4b097da))
* Escape delimiter characters in applyEscape to prevent SQL injection
([#2811](#2811))
([932519a](932519a))
* **npm:** Source binary version from cmd/version.txt
([#3417](#3417))
([6ffbdec](6ffbdec))
* **prebuilt/alloydb-omni:** Require password env var explicitly
([#3398](#3398))
([fcbe3e7](fcbe3e7))
* **server:** Fail if MCP auth is enabled together with enable-api
([#3435](#3435))
([a6ff910](a6ff910))
* **server:** Return errors instead of panicking in InitializeConfigs
([#3397](#3397))
([f48b01d](f48b01d))
* **source/cloudhealthcare:** Validate pageURL parameter to prevent SSRF
([#3453](#3453))
([9abf47d](9abf47d))
* **source/dataplex,source/datalineage:** Specify cloud-platform scope
for default credentials
([#3376](#3376))
([13e8c36](13e8c36))
* **source/http:** Implement SSRF guard
([#3448](#3448))
([24d7d29](24d7d29))
* **tool/bigquery-execute-sql:** Prevent dataset restriction bypass
([#3452](#3452))
([ca6d5e3](ca6d5e3))
* **tool/mysql-get-query-plan:** Prevent query execution bypass and
statement injection
([#3235](#3235))
([7ed1e7b](7ed1e7b))
* **tool/spanner-sql,tool/spanner-execute-sql:** Use read-only
annotations when readOnly is set
([#3338](#3338))
([8bde0ec](8bde0ec))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <[email protected]>
github-actions Bot pushed a commit that referenced this pull request Jun 18, 2026
🤖 I have created a release *beep* *boop*
---

##
[1.5.0](v1.4.0...v1.5.0)
(2026-06-18)

### Features

* **auth/google:** Require audience or clientId for mcpEnabled
([#3450](#3450))
([59f7b6e](59f7b6e))
* Enable per source level flags for sql commenter
([#3465](#3465))
([ecce6b7](ecce6b7))
* **mcp:** Add URL parameter binding for HTTP transport
([#3112](#3112))
([0cc7b37](0cc7b37))
* **scylladb:** Adding support for ScyllaDB source and tool
([#3119](#3119))
([2dada83](2dada83))
* **server:** Add support for toolset filtering in prebuilt CLI flag
([#3245](#3245))
([7cc4f65](7cc4f65))
* **skills:** Generate skills offline without live source connections
([#3388](#3388))
([4c860b6](4c860b6))
* **skills:** Tolerate missing env vars during offline skills-generate
([#3399](#3399))
([ea5d3e5](ea5d3e5))
* **source/cloud-storage:** Restrict bucket and local path access
([#3454](#3454))
([2c3ca5d](2c3ca5d))
* **tools/bigquery:** Add per tool query label in BigQuery jobs
([#1975](#1975))
([3f6a49f](3f6a49f))
* **tools/dataplex:** Add tools to support metadata enrichment workflow
([#3270](#3270))
([05289aa](05289aa))
* **tools/mysql:** Add show-query-stats and list-all-locks tools for
MySQL and Cloud SQL MySQL source
([#2954](#2954))
([a9693bd](a9693bd))
* **tools:** Decouple tool initialization from sources
([#3355](#3355))
([32a24e3](32a24e3))

### Bug Fixes

* **auth/dataplex:** Fix failing source with service account credentials
([#3369](#3369))
([ba4deef](ba4deef))
* **bigquery:** Wire maximumBytesBilled into prebuilt config
([#3385](#3385))
([4abbf6e](4abbf6e))
* Bound MCP HTTP body size
([#3216](#3216))
([d4f4342](d4f4342))
* **config:** Add doc/line context to parse errors
([#2957](#2957))
([4b097da](4b097da))
* Escape delimiter characters in applyEscape to prevent SQL injection
([#2811](#2811))
([932519a](932519a))
* **npm:** Source binary version from cmd/version.txt
([#3417](#3417))
([6ffbdec](6ffbdec))
* **prebuilt/alloydb-omni:** Require password env var explicitly
([#3398](#3398))
([fcbe3e7](fcbe3e7))
* **server:** Fail if MCP auth is enabled together with enable-api
([#3435](#3435))
([a6ff910](a6ff910))
* **server:** Return errors instead of panicking in InitializeConfigs
([#3397](#3397))
([f48b01d](f48b01d))
* **source/cloudhealthcare:** Validate pageURL parameter to prevent SSRF
([#3453](#3453))
([9abf47d](9abf47d))
* **source/dataplex,source/datalineage:** Specify cloud-platform scope
for default credentials
([#3376](#3376))
([13e8c36](13e8c36))
* **source/http:** Implement SSRF guard
([#3448](#3448))
([24d7d29](24d7d29))
* **tool/bigquery-execute-sql:** Prevent dataset restriction bypass
([#3452](#3452))
([ca6d5e3](ca6d5e3))
* **tool/mysql-get-query-plan:** Prevent query execution bypass and
statement injection
([#3235](#3235))
([7ed1e7b](7ed1e7b))
* **tool/spanner-sql,tool/spanner-execute-sql:** Use read-only
annotations when readOnly is set
([#3338](#3338))
([8bde0ec](8bde0ec))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <[email protected]> 45c0f86
github-actions Bot pushed a commit to renovate-bot/googleapis-_-genai-toolbox that referenced this pull request Jun 18, 2026
🤖 I have created a release *beep* *boop*
---

##
[1.5.0](googleapis/mcp-toolbox@v1.4.0...v1.5.0)
(2026-06-18)

### Features

* **auth/google:** Require audience or clientId for mcpEnabled
([googleapis#3450](googleapis#3450))
([59f7b6e](googleapis@59f7b6e))
* Enable per source level flags for sql commenter
([googleapis#3465](googleapis#3465))
([ecce6b7](googleapis@ecce6b7))
* **mcp:** Add URL parameter binding for HTTP transport
([googleapis#3112](googleapis#3112))
([0cc7b37](googleapis@0cc7b37))
* **scylladb:** Adding support for ScyllaDB source and tool
([googleapis#3119](googleapis#3119))
([2dada83](googleapis@2dada83))
* **server:** Add support for toolset filtering in prebuilt CLI flag
([googleapis#3245](googleapis#3245))
([7cc4f65](googleapis@7cc4f65))
* **skills:** Generate skills offline without live source connections
([googleapis#3388](googleapis#3388))
([4c860b6](googleapis@4c860b6))
* **skills:** Tolerate missing env vars during offline skills-generate
([googleapis#3399](googleapis#3399))
([ea5d3e5](googleapis@ea5d3e5))
* **source/cloud-storage:** Restrict bucket and local path access
([googleapis#3454](googleapis#3454))
([2c3ca5d](googleapis@2c3ca5d))
* **tools/bigquery:** Add per tool query label in BigQuery jobs
([googleapis#1975](googleapis#1975))
([3f6a49f](googleapis@3f6a49f))
* **tools/dataplex:** Add tools to support metadata enrichment workflow
([googleapis#3270](googleapis#3270))
([05289aa](googleapis@05289aa))
* **tools/mysql:** Add show-query-stats and list-all-locks tools for
MySQL and Cloud SQL MySQL source
([googleapis#2954](googleapis#2954))
([a9693bd](googleapis@a9693bd))
* **tools:** Decouple tool initialization from sources
([googleapis#3355](googleapis#3355))
([32a24e3](googleapis@32a24e3))

### Bug Fixes

* **auth/dataplex:** Fix failing source with service account credentials
([googleapis#3369](googleapis#3369))
([ba4deef](googleapis@ba4deef))
* **bigquery:** Wire maximumBytesBilled into prebuilt config
([googleapis#3385](googleapis#3385))
([4abbf6e](googleapis@4abbf6e))
* Bound MCP HTTP body size
([googleapis#3216](googleapis#3216))
([d4f4342](googleapis@d4f4342))
* **config:** Add doc/line context to parse errors
([googleapis#2957](googleapis#2957))
([4b097da](googleapis@4b097da))
* Escape delimiter characters in applyEscape to prevent SQL injection
([googleapis#2811](googleapis#2811))
([932519a](googleapis@932519a))
* **npm:** Source binary version from cmd/version.txt
([googleapis#3417](googleapis#3417))
([6ffbdec](googleapis@6ffbdec))
* **prebuilt/alloydb-omni:** Require password env var explicitly
([googleapis#3398](googleapis#3398))
([fcbe3e7](googleapis@fcbe3e7))
* **server:** Fail if MCP auth is enabled together with enable-api
([googleapis#3435](googleapis#3435))
([a6ff910](googleapis@a6ff910))
* **server:** Return errors instead of panicking in InitializeConfigs
([googleapis#3397](googleapis#3397))
([f48b01d](googleapis@f48b01d))
* **source/cloudhealthcare:** Validate pageURL parameter to prevent SSRF
([googleapis#3453](googleapis#3453))
([9abf47d](googleapis@9abf47d))
* **source/dataplex,source/datalineage:** Specify cloud-platform scope
for default credentials
([googleapis#3376](googleapis#3376))
([13e8c36](googleapis@13e8c36))
* **source/http:** Implement SSRF guard
([googleapis#3448](googleapis#3448))
([24d7d29](googleapis@24d7d29))
* **tool/bigquery-execute-sql:** Prevent dataset restriction bypass
([googleapis#3452](googleapis#3452))
([ca6d5e3](googleapis@ca6d5e3))
* **tool/mysql-get-query-plan:** Prevent query execution bypass and
statement injection
([googleapis#3235](googleapis#3235))
([7ed1e7b](googleapis@7ed1e7b))
* **tool/spanner-sql,tool/spanner-execute-sql:** Use read-only
annotations when readOnly is set
([googleapis#3338](googleapis#3338))
([8bde0ec](googleapis@8bde0ec))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <[email protected]> 45c0f86
github-actions Bot pushed a commit to pepe57/genai-toolbox that referenced this pull request Jun 19, 2026
…Configs (googleapis#3397)

## Description

`InitializeOfflineConfigs` previously called `panic(err)` when the
instrumentation or logger could not be retrieved from the context. This
changes those to graceful error returns (`return nil, nil,
fmt.Errorf(...)`) so callers (e.g. `skills-generate`) get a clean error
instead of a crash.

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <[email protected]> f48b01d
github-actions Bot pushed a commit to rodineyw/mcp-toolbox that referenced this pull request Jun 19, 2026
🤖 I have created a release *beep* *boop*
---

##
[1.5.0](googleapis/mcp-toolbox@v1.4.0...v1.5.0)
(2026-06-18)

### Features

* **auth/google:** Require audience or clientId for mcpEnabled
([googleapis#3450](googleapis#3450))
([59f7b6e](googleapis@59f7b6e))
* Enable per source level flags for sql commenter
([googleapis#3465](googleapis#3465))
([ecce6b7](googleapis@ecce6b7))
* **mcp:** Add URL parameter binding for HTTP transport
([googleapis#3112](googleapis#3112))
([0cc7b37](googleapis@0cc7b37))
* **scylladb:** Adding support for ScyllaDB source and tool
([googleapis#3119](googleapis#3119))
([2dada83](googleapis@2dada83))
* **server:** Add support for toolset filtering in prebuilt CLI flag
([googleapis#3245](googleapis#3245))
([7cc4f65](googleapis@7cc4f65))
* **skills:** Generate skills offline without live source connections
([googleapis#3388](googleapis#3388))
([4c860b6](googleapis@4c860b6))
* **skills:** Tolerate missing env vars during offline skills-generate
([googleapis#3399](googleapis#3399))
([ea5d3e5](googleapis@ea5d3e5))
* **source/cloud-storage:** Restrict bucket and local path access
([googleapis#3454](googleapis#3454))
([2c3ca5d](googleapis@2c3ca5d))
* **tools/bigquery:** Add per tool query label in BigQuery jobs
([googleapis#1975](googleapis#1975))
([3f6a49f](googleapis@3f6a49f))
* **tools/dataplex:** Add tools to support metadata enrichment workflow
([googleapis#3270](googleapis#3270))
([05289aa](googleapis@05289aa))
* **tools/mysql:** Add show-query-stats and list-all-locks tools for
MySQL and Cloud SQL MySQL source
([googleapis#2954](googleapis#2954))
([a9693bd](googleapis@a9693bd))
* **tools:** Decouple tool initialization from sources
([googleapis#3355](googleapis#3355))
([32a24e3](googleapis@32a24e3))

### Bug Fixes

* **auth/dataplex:** Fix failing source with service account credentials
([googleapis#3369](googleapis#3369))
([ba4deef](googleapis@ba4deef))
* **bigquery:** Wire maximumBytesBilled into prebuilt config
([googleapis#3385](googleapis#3385))
([4abbf6e](googleapis@4abbf6e))
* Bound MCP HTTP body size
([googleapis#3216](googleapis#3216))
([d4f4342](googleapis@d4f4342))
* **config:** Add doc/line context to parse errors
([googleapis#2957](googleapis#2957))
([4b097da](googleapis@4b097da))
* Escape delimiter characters in applyEscape to prevent SQL injection
([googleapis#2811](googleapis#2811))
([932519a](googleapis@932519a))
* **npm:** Source binary version from cmd/version.txt
([googleapis#3417](googleapis#3417))
([6ffbdec](googleapis@6ffbdec))
* **prebuilt/alloydb-omni:** Require password env var explicitly
([googleapis#3398](googleapis#3398))
([fcbe3e7](googleapis@fcbe3e7))
* **server:** Fail if MCP auth is enabled together with enable-api
([googleapis#3435](googleapis#3435))
([a6ff910](googleapis@a6ff910))
* **server:** Return errors instead of panicking in InitializeConfigs
([googleapis#3397](googleapis#3397))
([f48b01d](googleapis@f48b01d))
* **source/cloudhealthcare:** Validate pageURL parameter to prevent SSRF
([googleapis#3453](googleapis#3453))
([9abf47d](googleapis@9abf47d))
* **source/dataplex,source/datalineage:** Specify cloud-platform scope
for default credentials
([googleapis#3376](googleapis#3376))
([13e8c36](googleapis@13e8c36))
* **source/http:** Implement SSRF guard
([googleapis#3448](googleapis#3448))
([24d7d29](googleapis@24d7d29))
* **tool/bigquery-execute-sql:** Prevent dataset restriction bypass
([googleapis#3452](googleapis#3452))
([ca6d5e3](googleapis@ca6d5e3))
* **tool/mysql-get-query-plan:** Prevent query execution bypass and
statement injection
([googleapis#3235](googleapis#3235))
([7ed1e7b](googleapis@7ed1e7b))
* **tool/spanner-sql,tool/spanner-execute-sql:** Use read-only
annotations when readOnly is set
([googleapis#3338](googleapis#3338))
([8bde0ec](googleapis@8bde0ec))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <[email protected]> 45c0f86
github-actions Bot pushed a commit to Jaleel-zhu/genai-toolbox that referenced this pull request Jun 19, 2026
🤖 I have created a release *beep* *boop*
---

##
[1.5.0](googleapis/mcp-toolbox@v1.4.0...v1.5.0)
(2026-06-18)

### Features

* **auth/google:** Require audience or clientId for mcpEnabled
([googleapis#3450](googleapis#3450))
([59f7b6e](googleapis@59f7b6e))
* Enable per source level flags for sql commenter
([googleapis#3465](googleapis#3465))
([ecce6b7](googleapis@ecce6b7))
* **mcp:** Add URL parameter binding for HTTP transport
([googleapis#3112](googleapis#3112))
([0cc7b37](googleapis@0cc7b37))
* **scylladb:** Adding support for ScyllaDB source and tool
([googleapis#3119](googleapis#3119))
([2dada83](googleapis@2dada83))
* **server:** Add support for toolset filtering in prebuilt CLI flag
([googleapis#3245](googleapis#3245))
([7cc4f65](googleapis@7cc4f65))
* **skills:** Generate skills offline without live source connections
([googleapis#3388](googleapis#3388))
([4c860b6](googleapis@4c860b6))
* **skills:** Tolerate missing env vars during offline skills-generate
([googleapis#3399](googleapis#3399))
([ea5d3e5](googleapis@ea5d3e5))
* **source/cloud-storage:** Restrict bucket and local path access
([googleapis#3454](googleapis#3454))
([2c3ca5d](googleapis@2c3ca5d))
* **tools/bigquery:** Add per tool query label in BigQuery jobs
([googleapis#1975](googleapis#1975))
([3f6a49f](googleapis@3f6a49f))
* **tools/dataplex:** Add tools to support metadata enrichment workflow
([googleapis#3270](googleapis#3270))
([05289aa](googleapis@05289aa))
* **tools/mysql:** Add show-query-stats and list-all-locks tools for
MySQL and Cloud SQL MySQL source
([googleapis#2954](googleapis#2954))
([a9693bd](googleapis@a9693bd))
* **tools:** Decouple tool initialization from sources
([googleapis#3355](googleapis#3355))
([32a24e3](googleapis@32a24e3))

### Bug Fixes

* **auth/dataplex:** Fix failing source with service account credentials
([googleapis#3369](googleapis#3369))
([ba4deef](googleapis@ba4deef))
* **bigquery:** Wire maximumBytesBilled into prebuilt config
([googleapis#3385](googleapis#3385))
([4abbf6e](googleapis@4abbf6e))
* Bound MCP HTTP body size
([googleapis#3216](googleapis#3216))
([d4f4342](googleapis@d4f4342))
* **config:** Add doc/line context to parse errors
([googleapis#2957](googleapis#2957))
([4b097da](googleapis@4b097da))
* Escape delimiter characters in applyEscape to prevent SQL injection
([googleapis#2811](googleapis#2811))
([932519a](googleapis@932519a))
* **npm:** Source binary version from cmd/version.txt
([googleapis#3417](googleapis#3417))
([6ffbdec](googleapis@6ffbdec))
* **prebuilt/alloydb-omni:** Require password env var explicitly
([googleapis#3398](googleapis#3398))
([fcbe3e7](googleapis@fcbe3e7))
* **server:** Fail if MCP auth is enabled together with enable-api
([googleapis#3435](googleapis#3435))
([a6ff910](googleapis@a6ff910))
* **server:** Return errors instead of panicking in InitializeConfigs
([googleapis#3397](googleapis#3397))
([f48b01d](googleapis@f48b01d))
* **source/cloudhealthcare:** Validate pageURL parameter to prevent SSRF
([googleapis#3453](googleapis#3453))
([9abf47d](googleapis@9abf47d))
* **source/dataplex,source/datalineage:** Specify cloud-platform scope
for default credentials
([googleapis#3376](googleapis#3376))
([13e8c36](googleapis@13e8c36))
* **source/http:** Implement SSRF guard
([googleapis#3448](googleapis#3448))
([24d7d29](googleapis@24d7d29))
* **tool/bigquery-execute-sql:** Prevent dataset restriction bypass
([googleapis#3452](googleapis#3452))
([ca6d5e3](googleapis@ca6d5e3))
* **tool/mysql-get-query-plan:** Prevent query execution bypass and
statement injection
([googleapis#3235](googleapis#3235))
([7ed1e7b](googleapis@7ed1e7b))
* **tool/spanner-sql,tool/spanner-execute-sql:** Use read-only
annotations when readOnly is set
([googleapis#3338](googleapis#3338))
([8bde0ec](googleapis@8bde0ec))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <[email protected]> 45c0f86
github-actions Bot pushed a commit to pepe57/genai-toolbox that referenced this pull request Jun 19, 2026
🤖 I have created a release *beep* *boop*
---

##
[1.5.0](googleapis/mcp-toolbox@v1.4.0...v1.5.0)
(2026-06-18)

### Features

* **auth/google:** Require audience or clientId for mcpEnabled
([googleapis#3450](googleapis#3450))
([59f7b6e](googleapis@59f7b6e))
* Enable per source level flags for sql commenter
([googleapis#3465](googleapis#3465))
([ecce6b7](googleapis@ecce6b7))
* **mcp:** Add URL parameter binding for HTTP transport
([googleapis#3112](googleapis#3112))
([0cc7b37](googleapis@0cc7b37))
* **scylladb:** Adding support for ScyllaDB source and tool
([googleapis#3119](googleapis#3119))
([2dada83](googleapis@2dada83))
* **server:** Add support for toolset filtering in prebuilt CLI flag
([googleapis#3245](googleapis#3245))
([7cc4f65](googleapis@7cc4f65))
* **skills:** Generate skills offline without live source connections
([googleapis#3388](googleapis#3388))
([4c860b6](googleapis@4c860b6))
* **skills:** Tolerate missing env vars during offline skills-generate
([googleapis#3399](googleapis#3399))
([ea5d3e5](googleapis@ea5d3e5))
* **source/cloud-storage:** Restrict bucket and local path access
([googleapis#3454](googleapis#3454))
([2c3ca5d](googleapis@2c3ca5d))
* **tools/bigquery:** Add per tool query label in BigQuery jobs
([googleapis#1975](googleapis#1975))
([3f6a49f](googleapis@3f6a49f))
* **tools/dataplex:** Add tools to support metadata enrichment workflow
([googleapis#3270](googleapis#3270))
([05289aa](googleapis@05289aa))
* **tools/mysql:** Add show-query-stats and list-all-locks tools for
MySQL and Cloud SQL MySQL source
([googleapis#2954](googleapis#2954))
([a9693bd](googleapis@a9693bd))
* **tools:** Decouple tool initialization from sources
([googleapis#3355](googleapis#3355))
([32a24e3](googleapis@32a24e3))

### Bug Fixes

* **auth/dataplex:** Fix failing source with service account credentials
([googleapis#3369](googleapis#3369))
([ba4deef](googleapis@ba4deef))
* **bigquery:** Wire maximumBytesBilled into prebuilt config
([googleapis#3385](googleapis#3385))
([4abbf6e](googleapis@4abbf6e))
* Bound MCP HTTP body size
([googleapis#3216](googleapis#3216))
([d4f4342](googleapis@d4f4342))
* **config:** Add doc/line context to parse errors
([googleapis#2957](googleapis#2957))
([4b097da](googleapis@4b097da))
* Escape delimiter characters in applyEscape to prevent SQL injection
([googleapis#2811](googleapis#2811))
([932519a](googleapis@932519a))
* **npm:** Source binary version from cmd/version.txt
([googleapis#3417](googleapis#3417))
([6ffbdec](googleapis@6ffbdec))
* **prebuilt/alloydb-omni:** Require password env var explicitly
([googleapis#3398](googleapis#3398))
([fcbe3e7](googleapis@fcbe3e7))
* **server:** Fail if MCP auth is enabled together with enable-api
([googleapis#3435](googleapis#3435))
([a6ff910](googleapis@a6ff910))
* **server:** Return errors instead of panicking in InitializeConfigs
([googleapis#3397](googleapis#3397))
([f48b01d](googleapis@f48b01d))
* **source/cloudhealthcare:** Validate pageURL parameter to prevent SSRF
([googleapis#3453](googleapis#3453))
([9abf47d](googleapis@9abf47d))
* **source/dataplex,source/datalineage:** Specify cloud-platform scope
for default credentials
([googleapis#3376](googleapis#3376))
([13e8c36](googleapis@13e8c36))
* **source/http:** Implement SSRF guard
([googleapis#3448](googleapis#3448))
([24d7d29](googleapis@24d7d29))
* **tool/bigquery-execute-sql:** Prevent dataset restriction bypass
([googleapis#3452](googleapis#3452))
([ca6d5e3](googleapis@ca6d5e3))
* **tool/mysql-get-query-plan:** Prevent query execution bypass and
statement injection
([googleapis#3235](googleapis#3235))
([7ed1e7b](googleapis@7ed1e7b))
* **tool/spanner-sql,tool/spanner-execute-sql:** Use read-only
annotations when readOnly is set
([googleapis#3338](googleapis#3338))
([8bde0ec](googleapis@8bde0ec))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <[email protected]> 45c0f86
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release candidate Use label to signal PR should be included in the next release.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants