Skip to content

vinkius-labs/mcp-fusion

v3.8.0 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

mcp mcp-framework mcp-server model-context-protocol

Affected surfaces

auth rbac

Summary

AI summary

Adds the Federated Handoff Protocol (FHP) with zero‑trust HMAC delegation and new session governance features.

Full changelog

What's new in 3.8.0

@vurb/swarm — Federated Handoff Protocol (new package)

A new first-class package implementing the Federated Handoff Protocol (FHP): multi-agent orchestration with zero-trust delegation, namespace isolation, and a bidirectional MCP tunnel (B2BUA).

  • SwarmGateway — routes LLM sessions to specialist micro-servers and back, with zero context loss
  • UpstreamMcpClient — outbound MCP tunnel with connect timeout, idle timeout, and AbortSignal cascade
  • NamespaceRewriter — transparent tool prefix/unprefix per domain (listInvoicesfinance.listInvoices)
  • ReturnTripInjector — virtual gateway.return_to_triage escape tool + anti-IPI sanitiser
  • Zero-trust HMAC-SHA256 delegation tokens with Claim-Check pattern for large state
  • W3C Trace Context (traceparent) generated per handoff and propagated to upstream
  • Dual transport: SSE or Streamable HTTP (auto-detected; edge-compatible)
  • Session governance: configurable maxSessions cap, idle timeout, zombie prevention

@vurb/core — FHP security hardening

  • EXPIRED_DELEGATION_TOKEN thrown on replay or expired Claim-Check state (previously: silent failure)
  • HandoffStateStore atomic getAndDelete interface — one-shot guarantee under concurrency
  • InMemoryHandoffStateStore included as default single-instance store

@vurb/cloudflare + @vurb/vercel

  • test script added; existing tests now run in npm test --workspaces

Security

  • One-shot Claim-Check enforcement (atomic read+delete; replay → EXPIRED_DELEGATION_TOKEN)
  • Anti-IPI boundary on return summaries (<upstream_report trusted="false"> envelope)
  • Session limit counts connecting + active to prevent bypass attacks

Full changelog: CHANGELOG.md

Security Fixes

  • One‑shot Claim‑Check enforcement via atomic read+delete; replay now raises `EXPIRED_DELEGATION_TOKEN`.
  • Anti‑IPI boundary added to return summaries with whitespace envelope.
  • Session limit counting includes both `connecting` and `active` sessions to block bypass attacks.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track vinkius-labs/mcp-fusion

Get notified when new releases ship.

Sign up free

About vinkius-labs/mcp-fusion

A TypeScript framework for building production-ready MCP servers with automatic tool discovery, multi-transport support (stdio/SSE/HTTP), built-in validation, and zero-config setup.

All releases →

Related context

Earlier breaking changes

  • v4.0.0 All packages now published under the `@mcpfusion` npm scope.
  • v4.0.0 GitHub repository renamed to vinkius-labs/mcpfusion; npm packages under @mcpfusion scope.
  • v4.0.0 All source code, documentation, CLI output, workflows, and npm packages now use the @mcpfusion scope.

Beta — feedback welcome: [email protected]