vinkius-labs/mcp-fusion

v3.1.11 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 3mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

mcp mcp-framework mcp-server model-context-protocol

Summary

AI summary

Fixed boolean coercion case‑sensitivity in PromptExecutionPipeline.

Full changelog

v3.1.11 — Final LOW Bug Fixes (#31–#36)

Last batch — all 36 bugs from the original audit are now fixed.

Fixed

Bug #31 — PromptExecutionPipeline: boolean coercion was case-sensitive ('True', 'TRUE', '1' → false). Now uses toLowerCase() comparison.
Bug #32 — DescriptionDecorator: leading space in description when tool.description is undefined. Conditional space insertion.
Bug #33 — ZodDescriptionExtractor: ZodPipeline inner schema (_def.in) was not unwrapped. Added to fallback chain.
Bug #34 — autoDiscover: all import errors silently swallowed. Added onError callback and strict option.
Bug #35 — edge-stub.ts: path functions (resolve, join, dirname, basename) returned '' silently. Now crash via CRASH() for consistency.
Bug #36 — TokenEconomics: endsWith('s') produced false positives (status, address, etc.). Replaced with specific plural regex + case-insensitive includes('list')/includes('items').

Stats

4466 tests passing across 168 test files
26 new regression tests for this batch
0 breaking changes

Audit Complete

| Severity | Count | Fixed |
|----------|-------|-------|
| Critical | 2 | ✅ v3.1.5 |
| High | 4 | ✅ v3.1.6 |
| Medium | 16 | ✅ v3.1.7–v3.1.9 |
| Low | 14 | ✅ v3.1.6, v3.1.10–v3.1.11 |
| Total | 36 | ✅ 36/36 |

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track vinkius-labs/mcp-fusion

Get notified when new releases ship.

About vinkius-labs/mcp-fusion

A TypeScript framework for building production-ready MCP servers with automatic tool discovery, multi-transport support (stdio/SSE/HTTP), built-in validation, and zero-config setup.

All releases →

Related context

Related tools

Earlier breaking changes

v4.0.0 All packages now published under the `@mcpfusion` npm scope.
v4.0.0 GitHub repository renamed to vinkius-labs/mcpfusion; npm packages under @mcpfusion scope.
v4.0.0 All source code, documentation, CLI output, workflows, and npm packages now use the @mcpfusion scope.