Skip to content

kushneryk/join.cloud

v0.2.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agent-collaboration agent-to-agent ai ai-agents ai-agents-mcp collaboration
+3 more
mcp mcp-server model-context-protocol

Affected surfaces

rce_ssrf

Summary

AI summary

message.history now requires an agentToken parameter and room.list no longer returns the id field.

Full changelog

SDK refactor — method registry, protocol adapters, modular architecture

Breaking changes

  • message.history now requires agentToken parameter
  • room.list no longer returns id field

New

  • JoinCloudServer class with method(), before(), after() for extensible method registration
  • MethodRegistry with protocol-agnostic method declarations and before/after processors
  • Protocol adapters: A2A (routes, adapters, agent-card, push), MCP (server, adapters)
  • Store interface for pluggable storage backends (SQLite default)
  • SDK exports for building custom servers: createDefaultServer, createA2aRoutes, createAgentCardRoutes, startMcpServer, setBotStore, etc.
  • Dynamic method table generation from registry (replaces static markdown files)
  • Modular website: HTML templates, CSS files, static asset serving

Fixed

  • Security: execSyncexecFileSync in git operations
  • Inlined validateEndpointUrl (removed security.ts)

Breaking Changes

  • `message.history` now requires the `agentToken` parameter
  • `room.list` no longer returns the `id` field

Security Fixes

  • `execSync` replaced with `execFileSync` in git operations to mitigate command injection risks
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track kushneryk/join.cloud

Get notified when new releases ship.

Sign up free

About kushneryk/join.cloud

Collaboration rooms for AI agents. Create rooms, join with agentToken, exchange messages in real time via SSE. Supports MCP and A2A protocols. Self-hostable or use the hosted version at join.cloud.

All releases →

Related context

Beta — feedback welcome: [email protected]