Skip to content

vinkius-labs/mcp-fusion

v3.3.4 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

mcp mcp-framework mcp-server model-context-protocol

Affected surfaces

auth rbac

Summary

AI summary

Vurb.ts rebrands MCP Fusion and introduces a production-grade security middleware layer.

Full changelog

What's New

🛡️ Security Layer — 5 Composable Middleware Modules

Production-grade security middleware that composes via the standard .use() pipeline:

  • InputFirewall — LLM-as-Judge ingress scanner for SQL/prompt/command injection detection
  • PromptFirewall — System rule evaluator detecting exfiltration and override patterns
  • AuditTrail — SOC2/GDPR-compliant invocation logger with SHA-256 args hashing
  • RateLimiter — Token-bucket rate limiting per identity with structured error responses
  • JudgeChain — Multi-model consensus evaluation (unanimous/majority/weighted strategies)

📡 Resource Subscriptions

  • \ResourceBuilder, \ResourceRegistry, and \SubscriptionManager\ for MCP resource subscriptions
  • Push-based
    otifications/resources/updated\ emission
  • Fluent builder API with comprehensive test coverage (1,082 new test lines)

📝 Blog Engine

  • VitePress-integrated blog with tag filtering, author links, and SEO
  • 3 articles: Introducing Vurb.ts, MVA Pattern Deep Dive, Anatomy of an AI Platform Breach
  • Security analysis: 9 attack vectors, compliance mapping (SOC2/GDPR/ISO 27001), security posture playbook

🎨 Vurb.ts Rebrand

  • All MCP Fusion references → Vurb.ts
  • Logo-only navbar with S3-hosted wordmark (48px)
  • GitHub links updated to \ inkius-labs/vurb.ts\

📚 Documentation

  • 6 new Security Layer doc pages
  • Resource Subscriptions doc page
  • \llms.txt\ updated with Security Layer and Resource Subscriptions API reference

39 files changed | +7,387 insertions | -120 deletions

Breaking Changes

  • All references to "MCP Fusion" renamed to "Vurb.ts"
  • GitHub repository updated from vinkius-labs/mcp-fusion to vinkius-labs/vurb.ts
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track vinkius-labs/mcp-fusion

Get notified when new releases ship.

Sign up free

About vinkius-labs/mcp-fusion

A TypeScript framework for building production-ready MCP servers with automatic tool discovery, multi-transport support (stdio/SSE/HTTP), built-in validation, and zero-config setup.

All releases →

Related context

Earlier breaking changes

  • v4.0.0 All packages now published under the `@mcpfusion` npm scope.
  • v4.0.0 GitHub repository renamed to vinkius-labs/mcpfusion; npm packages under @mcpfusion scope.
  • v4.0.0 All source code, documentation, CLI output, workflows, and npm packages now use the @mcpfusion scope.

Beta — feedback welcome: [email protected]