v0.3.2

What's Changed

• Add MCP tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint) to all 15 tools
• Fix protobufjs RCE (GHSA-xq3m-2v4x-88gg) and hono XSS (GHSA-458j-xx4x-4375)

v0.3.1

Fix MCP Registry publish failure — description exceeded 100 character limit.

v0.3.0

CloudScope now supports Google Cloud Platform alongside Azure.

GCP Provider

• Cost queries via BigQuery billing export (standard + detailed)
• Recommendations and idle resource detection via GCP Recommender API
• Untagged resources via Cloud Asset Inventory API
• Budget monitoring via Billing Budgets API
• Client-side linear regression forecasting

Multi-Provider

• All 14 shared tools accept provider: 'azure' | 'gcp'
• Default provider auto-detected from configured credentials
• Dynamic server instructions reflect connected providers
• 5 prompts accept optional provider argument

New Tools

• list_projects — list accessible GCP projects
• get_cross_project_costs — cost breakdown across GCP projects

Security

• Raw SDK error messages no longer returned to clients
• BigQuery table name validated against SQL injection
• ESLint rules enforce console.error only (no console.log) and ban error.message in logs

Testing

• 280 unit tests, 29 Azure E2E tests, 18 GCP E2E tests
• npm run test:e2e / test:e2e:gcp / test:e2e:all

Setup

Azure works with az login (zero config). GCP requires BigQuery billing export — see
README for setup.

v0.2.0

What's New

Zero-config subscription discovery

If AZURE_SUBSCRIPTION_ID is not set, the server now auto-detects it from az login via @azure/arm-resources-subscriptions. Falls back gracefully when no credentials are available.

Cross-subscription cost queries

get_cross_subscription_costs fans out queries across multiple subscriptions using a single CostManagementClient with scope override. Handles partial failures.

5 new tools

• list_subscriptions — list all accessible Azure subscriptions
• get_cross_subscription_costs — compare costs across subscriptions
• get_cost_by_tag — break down costs by tag key
• find_idle_resources — detect underutilized resources via Resource Graph KQL
• find_untagged_resources — find resources missing required tags

New chargeback-report prompt

Cost allocation by tag key with tagged vs untagged split.

Updated prompts

• waste-audit now covers idle resources and untagged resources
• monthly-cost-review includes idle resource cleanup

Other

• README reorganized tools by category, updated install/config for optional subscription ID
• 209 tests passing

v0.1.5

Reliability

• Provider-level cache with request coalescing — duplicate Azure API calls from parallel tool invocations are now deduplicated. A /monthly-cost-review run drops from ~7 API calls to ~4.
• Column guards — queryCosts and forecastCosts throw a descriptive error naming the missing column instead of silently returning corrupt data.
• Recommendation filter fix — category filter now uses rec.impactedField resource type prefix instead of searching description text. Recommendations with missing metadata are included rather than
  dropped.

Cleanup

• Removed redundant tool-level cache from server.ts (provider cache handles it).
• Removed dead cacheTtlSeconds config and unused logLevel field.

v0.1.4

Fixes

• check_budgets no longer emits double-counted "Total spent" / "Total forecast" rows (Azure budgets can overlap in scope). Each row's Risk column still signals overage independently.

Reliability

• Azure Cost Management calls now rate-limited (2 in-flight) and retried on 429 with exponential backoff + ±25% jitter. Worst-case wait ~4s.
• New provider-agnostic src/utils/rate-limit.ts — reusable for future providers.

No breaking changes. Drop-in upgrade from 0.1.3.

Changelog: v0.1.3...v0.1.4

v0.1.3

Prompts

Four prompts are registered on the server, selectable as slash commands in MCP-compatible clients.

Prompt	Description
monthly-cost-review	Monthly FinOps report: spending, period-over-period comparison, anomalies, top resources, budgets, forecast, savings opportunities
waste-audit	Idle resources, Azure Advisor recommendations, at-risk budgets, aggregate potential savings
cost-spike-investigation	Root-cause analysis for a cost increase. Accepts optional days argument (default 7)
executive-summary	Brief non-technical cost summary for leadership

Tool orchestration

McpServer.instructions now provides the client LLM with guidance on tool usage — including the get_current_date hallucination mitigation pattern and recommended tool pairings for root-cause analysis and
savings prioritization.

Release infrastructure

GitHub Releases now publish to the official MCP Registry automatically via GitHub Actions OIDC. The mcp-publisher binary is version-pinned and SHA-256 verified. No long-lived tokens.

v0.1.2

Merge pull request #5 from alexpota/chore/mcp-registry-publishing

chore: add MCP Registry server.json

v0.1.1

Build

• Switched from tsc to tsup — single-file ESM bundle (77 → 7 published files, 112 KB → ~35 KB)
• Version injected at build time via define, no runtime package.json dependency

Improved

• Tool descriptions for detect_anomalies, get_cost_forecast, list_recommendations, get_cost_summary — richer output format, error behavior, and usage guidance for higher Glama quality scores

Internal

• tsconfig.json set to noEmit: true (tsc is type-check only, tsup owns emit)
• Added typecheck script, threaded into validate and prepublishOnly
• Dynamic version assertion in CLI tests

v0.1.0

chore: bump harden-runner to 2.16.1, @types/node to 25.5.2