v0.1.5: mcp-ts-core ^0.10.9 maintenance

mcp-ts-core ^0.10.9 maintenance

Framework-maintenance refresh — re-synced scripts/ guards and devcheck wiring; no server source or behavior change.

Dependency bumps:

• @cyanheads/mcp-ts-core ^0.10.8 → ^0.10.9

Changed:

• scripts/check-dependency-specifiers.ts (new devcheck step) rejects floating specifiers (latest/*/dist-tags) in package.json + bun.lock's workspaces map, so a stray bun update --latest can't re-resolve a dep past its pin unnoticed (cyanheads/mcp-ts-core#246)
• scripts/lint-packaging.ts validates the Codex/Claude plugin marketplace manifests (descriptions, unscoped display name, full-scoped npx install arg); Packaging devcheck step now runs when a plugin manifest is present (cyanheads/mcp-ts-core#240)
• devcheck.config.json enables the plugin-manifest checks via packaging.pluginManifests

64 tests pass; bun run devcheck clean.

v0.1.4: mcp-ts-core ^0.10.8 adoption

mcp-ts-core ^0.10.8 adoption

Maintenance pass adopting the framework 0.10.7/0.10.8 releases — no server source changed.

Changed:

• Framework ^0.10.6 → ^0.10.8: ctx.content media collector (mcp-ts-core#239), canvas invalid_sql SQL-gate classification (mcp-ts-core#236), DuckdbProvider.describe() filter-qualification fix (mcp-ts-core#235), OTEL_SERVICE_NAME seeding doc correction (mcp-ts-core#233)
• Re-synced scripts/ fresh-scaffold guards — devcheck.ts, check-framework-antipatterns.ts, build-changelog.ts skip git-dependent checks when .git is absent; check-skill-versions.ts skips a worktree-deleted SKILL.md (mcp-ts-core#242, mcp-ts-core#243, mcp-ts-core#237)
• Re-synced agent skills to the 0.10.7 baseline (mcp-ts-core#238)
• devcheck.config.json — emptied the outdated allowlist now both deps are current

Dependencies:

• @cyanheads/mcp-ts-core ^0.10.6 → ^0.10.8
• @types/node 25.9.3 → 26.0.0

64 tests pass; bun run devcheck clean.

v0.1.3: Three bug fixes: uniform fuzzy-match floor, restored mirror-script output, and a screenNodes documentation correction.

Three bug fixes: uniform fuzzy-match floor, restored mirror-script output, and a screenNodes documentation correction.

Fixed:

• sanctions_screen_name: removed the phonetic-match bypass in runFuzzy so the minScore floor binds every fuzzy candidate (Jaro-Winkler, token, or phonetic) — no sub-floor hit is returned. (#1)
• Mirror lifecycle scripts emitted no output: bootstrap() now initializes the framework logger before any script logs, fixing mirror:init/refresh/verify/seed. (#3)
• Corrected every doc surface that named the sanctions_trace_ownership parameter as screen_nodes to the actual screenNodes — the old docs caused Zod to drop the key and silently skip ownership screening. (#2)

Dependency bumps:

• better-sqlite3 ^12.10.1 → ^12.11.1
• fast-xml-parser ^5.9.0 → ^5.9.3

64 tests pass; bun run devcheck clean.

v0.1.2: Public hosted endpoint

Public hosted endpoint

Server is now hosted at https://sanctions-screening.caseyjhand.com/mcp (Streamable HTTP, no installation required).

Added:

• remotes array in server.json for MCP Registry hosted-endpoint discovery
• Public Hosted Instance section in README with Streamable HTTP client config

Changed:

• fast-xml-parser ^5.8.0 → ^5.9.0
• vitest ^4.1.8 → ^4.1.9 (dev)

62 tests pass; bun run devcheck clean.

v0.1.1: Scope README title to npm name

Scope README title to npm name

The README

now reads @cyanheads/sanctions-screening-mcp-server, matching the published npm package name.

Changed:

• README

  scoped to the published package name.

Dependency bumps:

• better-sqlite3 ^12.4.1 → ^12.10.1

62 tests pass; bun run devcheck clean.

v0.1.0: Initial release — sanctions screening + GLEIF entity resolution, offline

Initial release — sanctions screening + GLEIF entity resolution, offline

Screen a name against the consolidated OFAC (SDN + Consolidated), EU, UK, and UN sanctions lists at once, and resolve legal entities against GLEIF with corporate-ownership tracing — served from two local SQLite + FTS5 mirrors, alias- and fuzzy-aware. A screening aid, not a compliance determination.

Added:

• Tools — sanctions_screen_name, sanctions_get_designation, sanctions_resolve_entity, sanctions_get_entity, sanctions_trace_ownership, sanctions_list_sources
• Resources — sanctions://designation/{source}/{entryId}, sanctions://entity/{lei}, sanctions://sources
• Prompt — sanctions_vet_counterparty (counterparty due-diligence workflow)
• Matching — strict (exact-normalized then all-tokens-present via FTS5) by default; fuzzy adds Jaro-Winkler + Double-Metaphone, labeled approximate with the raw 0-1 similarity score (never a fabricated confidence)
• MirrorService data path — OFAC/EU/UK/UN ingesters plus GLEIF golden-copy (L1 + L2); corpus loads out-of-band via mirror:init, with mirror:refresh/verify/seed for the lifecycle
• Decision-support framing in every screening tool's description and output — potential matches to verify, never a determination; an empty result is not a clearance

62 tests pass; bun run devcheck clean.