This release adds 1 notable feature for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Summary
AI summaryUpdates Bundled, Verification, and clean across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Bugfix | Medium |
Restores missing sqlite-vec platform binaries in package-lock.json Restores missing sqlite-vec platform binaries in package-lock.json Source: llm_adapter@2026-05-31 Confidence: high |
— |
| Bugfix | Medium |
Prevents eval harness crash on ERRORED entries in report writer Prevents eval harness crash on ERRORED entries in report writer Source: llm_adapter@2026-05-31 Confidence: high |
— |
Full changelog
What's new in 1.6.6
Hot-fix for two CI-only issues surfaced by the 1.6.5 tag-push evals workflow, plus the long-promised MCP-completeness audit doc.
No engine code, MCP tool surface, platform, or env-var changes.
Why CI-only
The 1.6.5 release is functionally correct for end users — the npm tarball doesn't ship a lockfile, so anyone running `npm install [email protected]` gets sqlite-vec resolved freshly for their platform. The broken lockfile only affected our internal CI which uses `npm ci` against the committed lockfile, and the broken eval harness only affected our internal report rendering. No need to retract 1.6.5. 1.6.6 unblocks our publish gate for future releases.
Fixed
- `package-lock.json` was missing 4 of 5 `sqlite-vec` platform binaries. My 1.6.5 lockfile regeneration used `npm install --package-lock-only`, which silently dropped `sqlite-vec-darwin-x64`, `sqlite-vec-linux-arm64`, `sqlite-vec-linux-x64`, and `sqlite-vec-windows-x64` — keeping only the maintainer's `sqlite-vec-darwin-arm64`. `npm ci` on GitHub Actions' Ubuntu runners failed with `no such module: vec0` on the 4 memory/pack fixtures (`memory-pack-chunk-grounds-optimize`, `memory-search-ranks-pack-by-similarity`, `memory-remember-persists`, `memory-forget-invalidates`). Regenerated with a full `npm install` (not `--package-lock-only`) so all 5 platforms are back.
- Eval harness HTML report writer crashed on ERRORED entries at `evals/run.mjs:729`. Pre-existing renderer assumed every non-skipped, non-filtered run had `evaluation.checks`, but errored runs carry an `error` field instead. Added an explicit errored-status branch — harness now degrades gracefully and exits cleanly even when fixtures error.
Bundled
-
`docs/audits/mcp-completeness-2026-05.md` — diagnostic audit of the engine's MCP surface against the current SDK + spec. Contents:
- Tool-by-tool registration table (all 23 tools with suggested annotation tuples)
- Resource gap analysis (1 today vs ~6 natural fits not exposed)
- SDK feature delta (1.12 → 1.29 → 2.0-alpha) with breaking-change preview
- Capability declarations analysis (sampling, elicitation, tasks, completion, logging)
- Transport architecture + factory refactor sketch
- A2A feasibility note with sequential dependencies
- 7-step modernization roadmap with effort + value estimates and three coherent stopping points (#3 / #5 / #7)
Diagnostic only — no engine code changes prescribed inline. The artifact behind next-session planning around MCP modernization + A2A enablement.
Verification
- `npm install` (clean): all 5 sqlite-vec platforms back in `package-lock.json`
- `npm audit --production`: 0 vulnerabilities (unchanged from 1.6.5)
- `tsc` build: clean
- `node evals/run.mjs --quiet` locally: exit 0, no harness crash
Install
```bash
npm install -g [email protected]
```
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About LumabyteCo/clarifyprompt-mcp
MCP server for AI prompt optimization — transforms vague prompts into platform-optimized prompts for 58+ AI platforms across 7 categories (image, video, voice, music, code, chat, document).
Related context
Beta — feedback welcome: [email protected]