v22.2.0

What's new

• MCP namespace — MCP.createServer factory plus a mountable MCP.Router with Streamable HTTP transport. Surfaces resources (static and templated), prompts, and tools. Session lifecycle controls (idleTimeoutMs, maxAgeMs, max concurrent) prevent leaked sessions in long-lived deployments.
• Rate limit middleware — in-memory or pluggable store, returns 429 with Retry-After.
• CSRF middleware — cookie-bound token; GET seeds, mutating verbs verify.
• WebSocket authentication — per-route AuthenticationProvider, plus an app-level wsAuth fallback gated by wsAuthTimeoutMs so a hung provider can't hold sockets open.
• Error sink — unified hook for surfacing internal middleware errors (cookie/auth parse, WS upgrade write, provider failures).

Security

• CORS no longer reflects the raw Origin under wildcard + credentials. Construction now throws on the unsafe combination; array allowlists return the validated entry, regex paths require a whole-string match. Closes the Snyk advisory on reflected origins.

Fixes

• WebSocket auth-denied upgrade now closes with FIN instead of RST. Linux clients no longer surface ECONNRESET on the leftover ClientRequest socket after ws hands it off via unexpected-response.
• Cloudflared tunnel readiness gated on a captured connected event and response.ok from the HTTPS probe. ready no longer fires on a tunnel with no connections or a degraded data plane returning 530.

Internal

• src/index.ts split: re-exports moved to src/exports.ts, options helper to src/helpers/options.ts.