Skip to content

v0.4.0

Choose a tag to compare

View all tags
@a-akimov a-akimov released this 09 Jun 23:16
· 13 commits to main since this release
v0.4.0
357d8b7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

[0.4.0] - 2026-06-10

Added

  • MCP initialize handshake verification during connect: a connection now only
    counts as established once the server completes the MCP handshake. Plain
    HTTPS endpoints that are not MCP servers are rejected with
    "Not a valid MCP server (handshake failed)" instead of a false success.
  • MCPClient.initialize() returns the handshake result cached at connect time
    instead of re-initializing the session.
  • TLS version probing: the auditor now reports the actually negotiated TLS
    version (e.g. TLSv1.3) instead of a hardcoded value.
  • CapabilityToolsPresentRule, ToolsNamesUniqueRule, and
    ToolsNamesValidFormatRule are now exported from mcpscore.rules.

Changed

  • Python 3.11+ is now supported (previously 3.13+ only). CI tests against
    3.11, 3.12, and 3.13 on Linux, macOS, and Windows.
  • SSETransportSupportRule replaced by StreamableHTTPTransportRule: the MCP
    specification deprecated standalone SSE in favor of Streamable HTTP, so the
    rule now rewards Streamable HTTP and flags SSE-only servers with migration
    advice (previously it did the opposite).
  • Tool schema validation aligned with the MCP specification / JSON Schema:
    title, properties, and required are optional (zero-argument tools are
    valid), top-level anyOf/oneOf/allOf/$ref schemas are accepted, and
    properties without a type (enum/$ref) are valid.
  • outputSchema is optional per the MCP specification: tools without one are
    no longer penalized; only declared output schemas are validated.
  • AuditData.transport_type is typed as MCPTransportType | None
    (previously str | None).

Fixed

  • Failed connection attempts are torn down immediately on their own exit
    stack; previously they leaked into the client lifecycle and could re-raise
    buffered transport errors during cleanup().
  • A CancelledError leaked by the MCP SDK transport's task group (e.g. when
    the endpoint is not an MCP server) is treated as a failed connection
    instead of escaping to the caller.
  • The CLI now always calls client.cleanup(), including when the audit
    raises (previously connections leaked on error paths).
Assets 4
Loading