Skip to content

TKMD/ReftrixMCP

v0.1.6 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

accessibility claude core-web-vitals design-analysis gdpr layout-analysis
+14 more
mcp mcp-server motion-detection ollama onnx-runtime pgvector playwright reftrix responsive-design semantic-search typescript vector-db wcag web-design

Affected surfaces

deps

Summary

AI summary

Added DINOv2 ViT-B/14 visual embeddings, Playwright screenshots with fallbacks and processing rules.

Full changelog

What's Changed

Added

  • Section Visual Embedding -- DINOv2 ViT-B/14 section-level visual embedding (768D L2-normalized vectors) with PII protection and graceful degradation
  • Section Screenshot Fallback -- Playwright-based individual section screenshots for out-of-range sections, with batch processing and type-aware duplicate detection (cosine > 0.995)
  • Section Merge/Split Post-Processor -- 4 rules: same-type merge (3+), empty absorption, same-heading merge, oversized split (>10,000px)
  • Blank Image Detection + Dynamic Fallback -- Detects lazy-loading unrendered sections and re-captures via Playwright
  • Lazy Loading Scroll -- Pre-scrolls pages before screenshot to trigger IntersectionObserver-based lazy loading
  • Multi-Tile Capture -- Splits large sections (>viewport height) into tiles for complete visual coverage (default 20 tiles, max 100)
  • Type-aware dedup helper -- Extracted shouldSkipDuplicateVision() with 7 tests

Fixed

  • onnxruntime-node ABI mismatch -- Pinned version to fix Node.js ABI crash
  • isBlankImage dark theme false positive -- Dual-condition check (stddev + mean brightness)
  • Pre-Return Pause race condition -- Fixed planned worker restart timing
  • Dynamic Fallback 3 bug fixes -- isBlank logic inversion, buffer release, excludeIds for Rule 3
  • undici 7.18.2→7.24.3 -- Resolved 6 vulnerabilities (3 high, 3 medium)
  • flatted >=3.4.0 -- Resolved DoS vulnerability via pnpm override

Changed

  • Fallback viewport unified to 1920x1080

New Environment Variables (all optional)

| Variable | Default | Description |
|----------|---------|-------------|
| MAX_TILES_PER_SECTION | 20 (max 100) | Max tiles per section for multi-tile capture |
| BLANK_IMAGE_STDDEV_THRESHOLD | 5.0 | Blank image detection stddev threshold |
| DUPLICATE_VECTOR_THRESHOLD | 0.995 | Vision embedding dedup cosine threshold |
| EMBEDDING_IDLE_TIMEOUT_MS | 30000 | ONNX Worker VRAM auto-release timer |
| ENABLE_SECTION_SCREENSHOT_FALLBACK | true | Enable section screenshot fallback |
| ENABLE_SECTION_MERGE_POSTPROCESSOR | true | Enable section merge post-processor |
| ENABLE_SECTION_SPLIT_POSTPROCESSOR | true | Enable section split post-processor |

Full Changelog: https://github.com/TKMD/ReftrixMCP/compare/v0.1.5...v0.1.6

Security Fixes

  • undici upgraded from 7.18.2 to 7.24.3 – resolved 6 vulnerabilities (3 high, 3 medium)
  • flatted updated to >=3.4.0 – fixed DoS vulnerability via pnpm override
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track TKMD/ReftrixMCP

Get notified when new releases ship.

Sign up free

About TKMD/ReftrixMCP

Web design analysis MCP server with 26 tools for layout extraction, motion detection, quality scoring, and semantic search. Uses Playwright, pgvector HNSW, and Ollama Vision to turn web pages into searchable, structured design knowledge.

All releases →

Related context

Beta — feedback welcome: [email protected]