TKMD/ReftrixMCP

v0.2.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

accessibility claude core-web-vitals design-analysis gdpr layout-analysis

+14 more

mcp mcp-server motion-detection ollama onnx-runtime pgvector playwright reftrix responsive-design semantic-search typescript vector-db wcag web-design

Affected surfaces

auth

Summary

AI summary

Added unified cross‑component search, multimodal image search, automated SBOM generation with CycloneDX, and BullMQ job management UI.

Full changelog

v0.2.0 — Foundation Hardening + Killer Features

基盤強化とキラー機能を含むメジャーフィーチャーリリース。TPA三頂点評価（Product/Data&ML/Security）により12項目を選定・実装。

A major feature release with foundation hardening and killer features. 12 items selected and implemented via TPA three-vertex evaluation (Product/Data&ML/Security).

npm: npm install @reftrixmcp/[email protected]

Added / 追加

検索結果キャッシュ（LRU）: lru-cache v11、P95 500ms→50ms目標 / Search result cache (LRU): lru-cache v11, P95 latency 500ms → 50ms
横断検索 search.unified: 5サービス並列検索+similarity統合 / Cross-component search search.unified: 5-service parallel search with similarity aggregation
マルチモーダル検索 design.search_by_image: 画像→DINOv2→HNSW、RRF 3-source (40/30/30) / Multimodal search design.search_by_image: image → DINOv2 → HNSW, RRF 3-source (40/30/30)
sanitizeErrorMessage: CWE-209対策、47ファイル・28ツールに適用 / sanitizeErrorMessage: CWE-209 mitigation, applied to 47 files / 28 tools
SBOM自動生成: CycloneDX 1.6、pnpm sbom、CI統合（EU CRA対応） / Automated SBOM: CycloneDX 1.6, pnpm sbom, CI integration (EU CRA compliance)
BullMQジョブ管理UI: @bull-board/express、Basic Auth、ポート21080 / BullMQ job management UI: @bull-board/express, Basic Auth, port 21080
マイグレーション自動化 db-migrate-safe.sh: auto-backup + auto-rollback / Migration automation db-migrate-safe.sh: auto-backup + auto-rollback
Phase 1/3並列化: Promise.allで約40%高速化 / Phase 1/3 parallelization: ~40% speedup via Promise.all
スタンドアロンCLI: reftrix analyze <url>（MCP非依存） / Standalone CLI: reftrix analyze <url> (MCP-independent)
pgvector 0.8 iterative scan: ALTER ROLE SET + アプリ層SET / pgvector 0.8 iterative scan: via ALTER ROLE SET + application-layer SET
レート制限: Token Bucket + Redis Lua、3ティア（analysis 10RPM / search 120RPM / default 60RPM） / Rate limiting: Token Bucket + Redis Lua, 3 tiers
フィルタリング統一: industry/audience/tags共通スキーマ、6検索ツールに適用 / Filtering unification: common schema applied to 6 search tools

Changed / 変更

巨大ファイル4件を責務分割 / Split 4 large files by responsibility
MCPツール数表記を28に統一（37ファイル） / Unified MCP tool count to 28 across 37 files
QA一本化: E2Eランナー統一、CI全ファイル実行 / QA unification: E2E runner alignment, CI full coverage

Security / セキュリティ

isDevelopment() ガード全是正（本番エラーサイレント吸収を防止） / Remove all isDevelopment() guards in error paths
SEC 100/100, TDA 98/100, LCC PASS

Fixed / 修正

narrative.search フィルタ転送修正 / narrative.search filter forwarding fix
.ossfilter に db-migrate-safe.sh 追加 / Added db-migrate-safe.sh to .ossfilter

Tests / テスト

SEC/TDA/LCC監査テスト91件追加 / Added 91 SEC/TDA/LCC audit tests
全12,463ユニットテスト PASS / All 12,463 unit tests PASS

Full Changelog: https://github.com/TKMD/ReftrixMCP/compare/v0.1.7...v0.2.0

Security Fixes

Removed all isDevelopment() guards to prevent silent swallowing of errors in production (addresses insecure error handling)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track TKMD/ReftrixMCP

Get notified when new releases ship.

About TKMD/ReftrixMCP

Web design analysis MCP server with 26 tools for layout extraction, motion detection, quality scoring, and semantic search. Uses Playwright, pgvector HNSW, and Ollama Vision to turn web pages into searchable, structured design knowledge.

All releases →