v0.0.3

What's Changed

Release v0.0.3 - Security Update

This patch release addresses security vulnerabilities in transitive dependencies and updates the Node.js version requirement.

🔒 Security Fixes

js-yaml: Prototype Pollution Vulnerability Patched

• Updated js-yaml from 4.1.0 to 4.1.1 to address CVE-2025-64718
• Severity: CVSS 5.3 (Moderate)
• Issue: Prototype pollution via proto in parsed YAML documents
• Impact: Eliminates potential for object prototype modification when parsing untrusted YAML
• All users are encouraged to update to clear this vulnerability from dependency trees

glob: Command Injection Vulnerability Mitigated

• Removed glob as transitive dependency by upgrading @vitest/coverage-v8 to v4.0.10
• Addresses: CVE-2025-64756 (High severity command injection in glob CLI)
• Impact: Eliminates potential attack surface from vulnerable glob versions (10.3.7 - 11.0.3)

📦 Dependency Updates

• vite: 7.1.10 → 7.2.2 (latest stable version, dev dependency only)
• @vitest/coverage-v8: 3.2.4 → 4.0.10

🔧 Infrastructure Changes

• Node.js version requirement updated to >=22.10.0
• Improved lint commands and CI consistency

Full Changelog: v0.0.2...v0.0.3

v0.0.2

What's Changed

New Features

• Add prompts support to SDK by @peteski22 in #4
• Add resources and resource templates support to SDK by @peteski22 in #5

Breaking Changes ⚠️

• Refactor SDK method names by @peteski22 in #6
  • getToolSchemas() → getTools() at server namespace level
  • Removed console logging which can cause issues if downstream SDK consumers are providing MCP servers
• Simplify SDK architecture - remove aggregation methods
  • REMOVED: client.getTools(), client.getToolSchemas()
  • Aggregation moved to mcpd-proxy
  • SDK now focuses on server-level operations via dynamic caller

Migration Guide

If using aggregation methods, either:

• Switch to mcpd-proxy for unified multi-server aggregation
• Use server-level methods: client.servers.<server>.getTools()

Full Changelog: v0.0.1...v0.0.2

v0.0.1

What's Changed

Initial release of the JavaScript/TypeScript SDK for mcpd, providing natural JavaScript syntax for MCP server management and tool execution.

Key Features

• Dynamic tool access - Call MCP tools with natural JavaScript syntax: client.servers.time.tools.get_current_time({ timezone: 'UTC' })
• AI framework integration - Generate callable functions for LangChain JS and Vercel AI SDK with getAgentTools()
• Type-safe - Full TypeScript support with generated type definitions from MCP tool schemas
• Dual module format - Ships both CommonJS and ESM for maximum compatibility
• Health-aware - Automatic health checking and filtering of unhealthy servers
• Comprehensive error handling - Typed exceptions for all failure modes

API

• client.listServers() - List all configured MCP servers
• client.getServerHealth(name?) - Get health status for servers
• client.servers.foo.tools.bar(args) - Direct tool invocation
• client.getAgentTools(options?) - Generate functions for AI frameworks
• client.getToolSchemas(options?) - Get schemas for tool aggregation

Examples

Includes working examples for:

• Basic usage
• LangChain JS integration
• Vercel AI SDK integration

Requirements

• Node.js 22+ (LTS)

Full Changelog: https://github.com/mozilla-ai/mcpd-sdk-javascript/commits/v0.0.1