Skip to content

vinkius-labs/mcp-fusion

v3.1.10 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 3mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

mcp mcp-framework mcp-server model-context-protocol

Affected surfaces

auth rbac

Summary

AI summary

Fixed .strict() overriding schema policy and other bug fixes.

Full changelog

v3.1.10 — LOW Bug Fixes (#24–#30)

Fixed

  • #24.strict() no longer overrides consumer's schema policy (.passthrough(), .strip()). Validation uses the original schema as-is.
  • #25retryAfter now validated: NaN, Infinity, negative, and zero values are silently omitted instead of producing invalid XML.
  • #26FusionClient.executeInternal() filters content blocks by type === 'text' before mapping, preventing "undefined" in error text for image/resource blocks.
  • #27EgressGuard appends truncation suffix when blocks are skipped at an exact byte boundary. Previously, the response appeared deceptively complete.
  • #28ContextDerivation replaced Object.assign with explicit Object.entries loop guarding against __proto__ injection. Added documentation warning about contextFactory returning fresh objects.
  • #29 — Duck-type ToolResponse detection now requires the object to have ONLY content/isError keys, preventing false positives from domain objects with coincidental content arrays.
  • #30ResponseBuilder uses data.length > 0 instead of data || 'OK' for explicit intent.

Stats

  • 7 source files modified, 3 existing tests updated, 21 new regression tests
  • 4440 tests passing across 167 test files (0 failures)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track vinkius-labs/mcp-fusion

Get notified when new releases ship.

Sign up free

About vinkius-labs/mcp-fusion

A TypeScript framework for building production-ready MCP servers with automatic tool discovery, multi-transport support (stdio/SSE/HTTP), built-in validation, and zero-config setup.

All releases →

Related context

Earlier breaking changes

  • v4.0.0 All packages now published under the `@mcpfusion` npm scope.
  • v4.0.0 GitHub repository renamed to vinkius-labs/mcpfusion; npm packages under @mcpfusion scope.
  • v4.0.0 All source code, documentation, CLI output, workflows, and npm packages now use the @mcpfusion scope.

Beta — feedback welcome: [email protected]