Skip to content

v4.3.0 — Architecture Audit: Type Safety, Security & Edge Hardening

Latest

Choose a tag to compare

@renatomarinho renatomarinho released this 18 Jun 17:57

What's Changed

31-file deep-dive audit — zero new features, pure stability hardening for type safety, runtime security, and Edge compatibility.

Type Safety

  • Eliminated all no-explicit-any casts across BuildPipeline, FluentToolBuilder, ServerAttachment, CursorCodec, MCPFusionClient, HandoffStateStore
  • Removed unnecessary no-unnecessary-condition suppressions in 5+ modules

Security

  • Prototype pollution guard in FluentToolBuilder middleware context enrichment (__proto__, constructor, prototype filtered via Object.hasOwn())
  • AsyncGeneratorFunction constructor guard in MiddlewareCompiler
  • Crypto availability guards in CursorCodec, CryptoAttestation, canonicalize

Edge Runtime Compatibility

  • Deterministic Promise.resolve() returns in startServer capability stubs
  • Explicit Promise wrapping in HandoffStateStore InMemoryStore
  • Bundle sanitizer string interpolation fix in deploy.ts

Observability

  • ExecuteWithRecoveryEvent telemetry type in TelemetryEvent union
  • Cached regex with lastIndex reset in ObservabilityHooks XML extraction

Test Suite

  • 333 test files, 6841 tests passing, 0 failed

Packages

All 16 @mcpfusion/* packages published to npm at 4.3.0.

Full Changelog: https://github.com/vinkius-labs/mcpfusion/blob/main/CHANGELOG.md