David shipped: Deployed granular MCP security patches across four exploitable bugs in the draft→publish path

The MCP security patch work covered multiple files in the granular server, including approval-token.ts, approval-card.ts, drafts.ts, drafts/[id]/index.ts, and drafts/[id]/publish.ts. The commit message described patching four exploitable bugs in the draft→publish path.

This was part of a broader security and integrity push on the granular MCP connector — ensuring that AI tools could not be used to self-publish content without genuine user review, and that the approval token mechanism was resistant to replay or bypass. The OAuth scopes and provider configuration were also updated in the same patch set.