v0.1.11: Rate-limit and null-data fixes, mcp-ts-core ^0.10.14, supply-chain hardening
Rate-limit and null-data fixes, mcp-ts-core ^0.10.14, supply-chain hardening
Bug fixes for arrivals rate-limiting and null-response crashes, plus routine framework and dependency maintenance.
Added:
- Not-found discovery hints —
data.recovery.hintnames the tool to find a valid ID, keyed by contract reason (#17) - Supply-chain install guard —
bunfig.toml3-day release-age hold plus Socket security scanner on install .github/SECURITY.mddisclosure policy;.github/FUNDING.yml;.gitattributesLF/generated-file normalization
Changed:
- Dockerfile pins
oven/bun:1.3.14, adds BuildKit cache mounts, builds with--ignore-scripts package.jsonauthor normalized;packageManagerbun@1.3.2 → 1.3.14; LICENSE year 2025 → 2026
Fixed:
onebusaway_get_arrivalsrate-limit retries nowretryable: false— a single shared API key makes a 429 a global budget, not a per-caller quota (#16)- Null
resp.datacrashes across 8 ID-lookup methods now throw cleanNotFoundinstead of falling through toServiceUnavailable(#22)
Dependency bumps:
@cyanheads/mcp-ts-core^0.10.9 → ^0.10.14@socketsecurity/bun-security-scanner(new) ^1.1.2js-yaml3.14.2 → 3.15.0 (transitive) — clears GHSA-h67p-54hq-rp68bun(packageManager) 1.3.2 → 1.3.14
265 tests pass; bun run devcheck clean.