This release includes 1 security fix for security teams reviewing exposed deployments.
Published 2mo
MCP Developer Tools
✓ No known CVEs patched
This release patches 1 known CVE
Topics
ai
ai-agents
ai-gateway
anthropic
api-gateway
budget-enforcement
+14 more
cloudflare-workers
cost-estimation
cost-tracking
durable-objects
llm
llm-cost
llm-observability
llmkit
mcp
model-context-protocol
openai
python
typescript
vercel-ai-sdk
Summary
AI summaryRemoved source maps that posed a security vulnerability similar to the Claude Code leak.
Full changelog
What's new
- Margin calculator: x-llmkit-revenue header for DePIN/Web3 agent economics. Real-time profit/margin per AI query.
- Framework integrations: LangChain, LlamaIndex, Pydantic AI callback handlers (Python SDK 0.1.8)
- Auto prompt caching: 90% Anthropic input cost savings, zero config
- Anthropic adapter: 16 gaps fixed (thinking, multi-turn tools, stream errors, abort, beta headers, PDF)
- 161 security tests: auth, ratelimit, validation (injection, traversal, XSS, prototype pollution)
- ClusterFuzzLite: 4 atheris fuzz targets for Python SDK
- OpenSSF Scorecard 8.3: ties Microsoft TypeScript, higher than React/Django/Kubernetes
- Dashboard UX: error handling on all pages, browser tab metadata, responsive fixes
- 3 providers live tested: OpenAI + Anthropic + xAI against real APIs
- Source maps removed: same vulnerability class as Claude Code leak, fixed
Signed with Sigstore via gitsign.
Breaking Changes
- Removed source maps feature
Security Fixes
- Removed source maps to address a vulnerability class comparable to the Claude Code leak
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About smigolsmigol/llmkit
AI API cost tracking and budget enforcement across 11 LLM providers. 6 tools for spend analytics, budget monitoring, session summaries, and key management.
Related context
Beta — feedback welcome: [email protected]