TurboMCP v1.0.3 Release Notes

🎉 Major Features & Enterprise Security

MCP Elicitation Protocol Support (MCP 2025-06-18 Spec)

TurboMCP now fully supports the MCP Elicitation Protocol, enabling server-initiated requests for user input during tool execution. This powerful feature allows tools to interactively gather configuration, preferences, and decisions from users in real-time.

Protocol Layer (turbomcp-protocol)

• Complete elicitation schema system with type-safe builders
• Support for all primitive types: string, number, boolean, object, array, enum
• Rich validation constraints (min/max, patterns, required fields)
• Comprehensive schema builders with fluent API

Server Infrastructure (turbomcp-server)

• ElicitationCoordinator for managing server-side elicitation lifecycle
• Request/response correlation with timeout handling
• Retry logic with configurable attempts
• Priority-based request queuing
• Automatic cleanup of expired requests
• Full integration with transport layer

Client Support (turbomcp-client)

• ElicitationManager for client-side response handling
• Timeout management with configurable durations
• Concurrent request tracking
• Type-safe result extraction

Enhanced APIs (turbomcp) - NEW IN 1.0.3

• elicit! macro - Zero-complexity elicitation: elicit!(ctx, message, schema).await?
• ctx.create_message() - Ergonomic sampling API for bidirectional LLM communication
• Perfect Context delegation - ctx.user_id(), ctx.is_authenticated(), full RequestContext access
• Type-safe builders - ElicitationSchema::new().add_string_property() fluent API
• Zero Protocol Complexity - All MCP protocol details handled automatically

WebSocket Bidirectional Transport

• Full-duplex WebSocket communication for real-time elicitation
• Automatic reconnection with configurable retry strategies
• Connection state management
• Support for server-initiated requests
• Production-ready with comprehensive error handling

HTTP Server-Sent Events (SSE) Transport

• Server-push capabilities for elicitation responses
• Lightweight alternative to WebSocket for simpler deployments
• Automatic reconnection and error recovery
• Event stream parsing and handling

Roots Support (MCP Protocol Compliance)

• Comprehensive roots configuration - Multiple configuration methods for complete flexibility
• Builder API - Configure roots via ServerBuilder::root() and ServerBuilder::roots()
• Macro Integration - Declarative roots in #[server] macro: root = "file:///path:Name"
• OS-Aware Defaults - Automatic platform-specific roots (Linux: /, macOS: /, /Volumes, Windows: drive letters)
• Registry Management - Thread-safe roots storage with full CRUD operations
• MCP Compliance - Full support for roots/list method and RootsListChangedNotification
• Security First - Path validation and boundary enforcement (foundation for root-aware tools)

Sampling Support

• New sampling extensions for request context
• Client-side sampling configuration
• Server-side sampling metadata tracking
• Integration with elicitation for dynamic sampling decisions

Compile-Time Routing (Experimental)

• Zero-cost compile-time router generation
• Type-safe route matching at compile time
• Automatic handler registration through macros
• Performance optimization for high-throughput scenarios

🔧 Improvements & Enterprise Readiness

📦 Release Engineering Excellence

• Homepage Metadata - All 8 crates now include homepage = "https://turbomcp.org"
• crates.io Compliance - Complete metadata validation for all publication requirements
• Dependency Order Publishing - Proper release script with fail-safes and retry logic
• Version Consistency - Automated verification across workspace (all crates at 1.0.3)

Enhanced Context System

• Improved async handling in Context trait
• Better error propagation and handling
• Support for elicitation extensions
• Cleaner API for tool implementations

Example Reorganization

• New elicitation examples demonstrating real-world usage:
  • elicitation_simple.rs - Basic elicitation patterns
  • elicitation_websocket_demo.rs - WebSocket transport integration
  • feature_elicitation_server.rs - Production patterns
  • sampling_ai_code_assistant.rs - AI assistant with sampling
• Removed outdated and redundant examples
• Added comprehensive README for examples

Documentation

• Added complete documentation for all public APIs
• Comprehensive module-level documentation
• Updated examples to demonstrate best practices
• New README_EXAMPLES.md for example navigation

🐛 Bug Fixes & Code Quality

Infrastructure & Testing

• Integration Test Hardening - Fixed logging interference, timeout issues, and tool naming
• Performance Test Stability - Adjusted timeout from 15s to 20s for compilation + process startup overhead
• Test Timing Issues - Corrected async test coordination in ElicitationCoordinator
• Release Script Enhancement - Fixed outdated cargo login --list check, proper credentials validation

Code Quality

• Fixed missing Debug implementations for async types
• Resolved unused import warnings across the codebase
• Fixed dead code warnings in examples

📦 Dependencies

• Added uuid for request ID generation
• Updated tokio features for enhanced async support
• Added WebSocket and SSE dependencies for new transports

🚀 Migration Guide

Upgrading from 1.0.2

1. No Breaking Changes: This release maintains full backward compatibility

2. Enhanced Security: All security fixes are automatically applied - no action required

3. New Elicitation Features: To use elicitation in your tools:

use turbomcp::{elicit, elicitation_api::ElicitationResult};

#[tool("Interactive configuration")]
async fn configure(&self, ctx: Context) -> McpResult<String> {
    let result = elicit!("Configure your preferences")
        .field("theme", string()
            .enum_values(vec!["light", "dark"])
            .build())
        .field("notifications", boolean()
            .description("Enable notifications")
            .build())
        .require(vec!["theme"])
        .send(&ctx.request)
        .await?;
    
    match result {
        ElicitationResult::Accept(data) => {
            let theme = data.get::<String>("theme")?;
            Ok(format!("Configured with {} theme", theme))

1. WebSocket Transport: For bidirectional communication:

use turbomcp_transport::{WebSocketBidirectionalTransport, WebSocketBidirectionalConfig};

let config = WebSocketBidirectionalConfig {
    url: Some("ws://localhost:8080".to_string()),
    max_concurrent_elicitations: 10,
    elicitation_timeout: Duration::from_secs(60),
    ..Default::default()
};

let transport = WebSocketBidirectionalTransport::new(config).await?;

📊 Release Stats & Achievements

🏆 Quality & Security

• 349+ Tests Passing - Comprehensive test coverage maintained across entire workspace
• 4 Critical Vulnerabilities Fixed - JSON-RPC hanging, logic bomb, mutex poisoning, unsafe code gaps
• 100% Memory Safety - All 9 unsafe code locations documented with detailed SAFETY comments
• 0.003% Unsafe Code Density - Minimal, well-justified unsafe usage
• Zero Compilation Errors - Across all targets and features
• Enterprise Security Standards - Exceeds industry best practices

For detailed changes, see the full commit history.