Skip to content

smigolsmigol/llmkit

v0.6.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai ai-agents ai-gateway anthropic api-gateway budget-enforcement
+14 more
cloudflare-workers cost-estimation cost-tracking durable-objects llm llm-cost llm-observability llmkit mcp model-context-protocol openai python typescript vercel-ai-sdk

Affected surfaces

breaking_upgrade deps

Summary

AI summary

Dashboard now supports mobile responsiveness and expanded provider key links, fixing a path-to-regexp DoS vulnerability.

Full changelog

What's changed

AI SDK Provider 0.1.0

  • Tool calling, structured output, multimodal image support
  • Streaming tool deltas (tool-input-start/delta/end)
  • Full Vercel AI SDK v3 compatibility

Proxy

  • Tool calling passthrough for all 3 providers (Anthropic, OpenAI, Gemini)
  • Provider-specific body fields passed through (search_parameters, reasoning_effort, etc.)
  • Clear error message for missing provider key
  • path-to-regexp DoS vulnerability fixed

Dashboard

  • Mobile responsive (sidebar toggle, responsive grids, scrollable tables)
  • Landing page auth-aware CTAs (redirect to dashboard when logged in)
  • TypeScript snippets in key creation quickstart and docs page
  • Provider key links (OpenAI, Anthropic, Gemini, Groq, xAI console)
  • Per-user breakdown shows all accounts including zero-activity
  • 730+ models (was 45+), correct provider counts

CLI 0.0.8

  • xAI, DeepSeek, Mistral, Groq base URL routing fixed
  • Version reads from package.json at runtime

MCP Server 0.4.5

  • JSONL message.id deduplication (was inflating costs 3-5x)
  • Version fix in --help output

Security

  • OpenSSF Best Practices: passing
  • CodeQL SAST workflow
  • Docker images pinned by SHA
  • Artifact attestation in publish workflow
  • MCPB rebuilt v0.4.5

Python SDK 0.1.5

  • calculate_cost() exported publicly
  • CJS default exports on npm packages

Distribution

  • Cookbook PR on anthropics/claude-cookbooks (#476)
  • 12 awesome-list PRs (1 merged: awesome-cloudflare)
  • MCP Registry v0.4.5

Security Fixes

  • Fixed path-to-regexp DoS vulnerability in Proxy component
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track smigolsmigol/llmkit

Get notified when new releases ship.

Sign up free

About smigolsmigol/llmkit

AI API cost tracking and budget enforcement across 11 LLM providers. 6 tools for spend analytics, budget monitoring, session summaries, and key management.

All releases →

Related context

Beta — feedback welcome: [email protected]