Migration guide
Migrate an Aune connector to MCP v4
MCP v4 keeps the established Aune tool names and booking truth contract, while correcting authentication, privacy, schema, and action-label defects that could prevent safe connector review or account linking.
- Current contract
- aune_mcp_v4
- Superseded contract
- aune_mcp_v3
- New scope
- aune.requests.read
- Tool names changed
- No
- Reauthorization
- Required for request status
Who must migrate
- Rescan the production MCP endpoint if your client snapshots tool descriptions, input or output schemas, security schemes, annotations, or server instructions.
- Request a new delegated grant containing aune.requests.read before invoking get_request_status. Existing create-only grants intentionally cannot read customer-specific status.
- Update tests and generated clients that expected session_id, persistence_backend, provider_candidates, internal workflow states, or timestamps in MCP request responses.
Metadata changes
- Every tool now declares noauth or exact OAuth scopes through tool-level securitySchemes.
- Protected tools return mcp/www_authenticate with resource metadata, error, error_description, and scope when account linking or reauthorization is required.
- Every OpenAPI-derived MCP schema now carries local $defs; no tool descriptor contains an unresolved #/components/schemas reference.
- Tool descriptions begin with a narrow invocation condition. Option search is read-only with openWorldHint false, while provider-follow-up creation is a consequential write with destructiveHint true.
Request-status security and privacy
- get_request_status requires aune.requests.read and matches both the stored principal and OAuth client. Unknown and non-owned IDs return the same found:false shape.
- Request creation returns only the public request ID, public status, vertical, job type, customer next step, booking mode, and candidate count needed for the next action.
- Request status returns only public request and confirmed-booking truth. It omits contact data, provider packet text, session IDs, persistence details, internal workflow states, telemetry, and timestamps.
Migration sequence
- Fetch /mcp, initialize with the supported protocol version, and rerun tools/list against the production endpoint.
- Compile every advertised inputSchema and outputSchema as JSON Schema 2020-12 and update any generated bindings.
- Reconnect or reauthorize the user with only the scopes needed for the immediate workflow, including aune.requests.read only when request status is required.
- Rerun positive booking, no-option fallback, ownership isolation, invalid-token, insufficient-scope, and false-confirmation tests before production traffic.
Compatibility policy
The anonymous get_request_status behavior is removed immediately as a security and privacy correction under Aune's published exception for unsafe behavior. All other v3 tool names and booking semantics remain compatible, but v4 metadata is authoritative and connector snapshots must be refreshed.
Was this page useful?