Skip to content

v1.1.0 - MCP 2025-11-25 Protocol Compliance & Security Hardening #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
neverinfamous merged 48 commits into from
Jan 29, 2026
Merged

v1.1.0 - MCP 2025-11-25 Protocol Compliance & Security Hardening #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
e025f50
security: enhance log sanitization with stack trace handling and tain…
Jan 27, 2026
e3bcb50
feat: modernize tool registration and add progress notifications
Jan 27, 2026
4fec6ea
Add structured content (outputSchema) to all 20 core tools
Jan 27, 2026
64483d0
Fix output schema validation errors for pg_get_indexes and pg_analyze…
Jan 27, 2026
e8079f0
Add structured content (outputSchema) to transaction and codemode tools
Jan 27, 2026
7cf6437
feat(jsonb): add outputSchema to all 19 JSONB tools for MCP 2025-11-2…
Jan 28, 2026
c65355a
fix(jsonb): correct outputSchema for diff and merge tools to match ha…
Jan 28, 2026
3108abe
feat(text): add outputSchema to all 13 text tools for MCP 2025-11-25 …
Jan 28, 2026
98f6a1b
feat(performance): add outputSchema to all 20 performance tools for M…
Jan 28, 2026
e082ba5
feat(monitoring): add outputSchema to all 11 monitoring tools for MCP…
Jan 28, 2026
96f58f9
fix(monitoring): correct outputSchema validation for uptime, replicat…
Jan 28, 2026
3008b65
feat(backup): add outputSchema to all 9 backup tools for MCP 2025-11-…
Jan 28, 2026
1805459
feat(schema): add outputSchema to all 12 schema tools for MCP 2025-11…
Jan 28, 2026
54825e7
fix(schema): correct ListSchemasOutputSchema to accept string array
Jan 28, 2026
15df854
feat(partitioning): add outputSchema to all 6 partitioning tools for …
Jan 28, 2026
8d453f5
feat(stats): add outputSchema to all 8 stats tools for MCP 2025-11-25…
Jan 28, 2026
3a9fc87
feat(security): SQL injection remediation for WHERE, FTS config, and …
Jan 28, 2026
dbaacb1
fix(core): resolve pg_analyze_query_indexes output schema error and a…
Jan 28, 2026
d8cd975
fix(core): pg_create_index schema.table format parsing
Jan 28, 2026
a8e7f69
docs: clarify rowCount -1 and memoryUsedMb metrics behavior
Jan 28, 2026
7b065de
fix(transactions): quote savepoint identifiers and cleanup orphaned t…
Jan 28, 2026
d10f2cd
docs: clarify pg_transaction_rollback_to behavior for savepoint resto…
Jan 28, 2026
de6e433
fix(jsonb): Split Schema pattern for 6 JSONB tools + output schema bu…
Jan 28, 2026
e3d4a1d
fix(jsonb): Complete Split Schema remediation for 11 JSONB tools
Jan 28, 2026
9eee66d
fix: JSONB path parsing for negative indices and documentation
Jan 28, 2026
5684fe1
fix(jsonb): pg_jsonb_stats output validation for SQL NULL columns
Jan 28, 2026
e6e2984
docs: clarify soundex/metaphone are Code Mode wrappers, not direct MC…
Jan 28, 2026
e84c17e
fix: pg_cache_hit_ratio Zod output schema error - Remove .nullable() …
Jan 28, 2026
ffb6216
fix(admin): pg_set_config output schema validation error
Jan 28, 2026
35b98db
feat(stats): Add params support for parameterized WHERE clauses
Jan 29, 2026
fd70bec
fix(stats): Preserve params in StatsHypothesisSchema transform
Jan 29, 2026
b7ff721
fix(vector): Fix output schema validation and Split Schema for 3 vect…
Jan 29, 2026
331e7da
fix(vector): return user-friendly error for pg_vector_validate invali…
Jan 29, 2026
56f9e3c
fix: vector output schema validation bugs - pg_vector_aggregate field…
Jan 29, 2026
6c2e6a3
fix(vector): expose pg_vector_validate as direct MCP tool - Add Vecto…
Jan 29, 2026
3c5be21
docs: add large vector limitation warning to ServerInstructions
Jan 29, 2026
d92087c
fix(vector): expose pg_vector_validate as direct MCP tool
Jan 29, 2026
ba01ba1
docs: update vector tool count to 15
Jan 29, 2026
785d181
docs: update vector-dependent tool counts (ai-vector/ext-ai)
Jan 29, 2026
0125a2d
docs: update tool counts and add codemode clarification
Jan 29, 2026
a299361
docs: update tool counts and add codemode clarification
Jan 29, 2026
b9e999c
fix(cron): change jobId output schema type from number to string
Jan 29, 2026
89bd39d
perf(cron): reduce pg_cron_job_run_details default limit from 100 to 50
Jan 29, 2026
ec8ced3
chore(deps): update @types/node, globals, typescript-eslint
Jan 29, 2026
fb792b4
docs: update coverage badge to 84.5%
Jan 29, 2026
25672f7
fix(docker): Remediate CVE-2026-24842 in tar package (CVSS 8.2)
Jan 29, 2026
3266419
Add Wiki links to readmes.
Jan 29, 2026
a3fea6e
v1.1.0 - MCP 2025-11-25 Protocol Compliance & Security Hardening
Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,4 +48,3 @@ jobs:
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"

6 changes: 3 additions & 3 deletions .github/workflows/dependabot-auto-merge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ name: Dependabot auto-merge
on:
pull_request:
paths:
- 'package*.json'
- '.github/workflows/dependabot-auto-merge.yml'
- "package*.json"
- ".github/workflows/dependabot-auto-merge.yml"

permissions:
pull-requests: write
Expand All @@ -19,7 +19,7 @@ jobs:
id: metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: '${{ secrets.GITHUB_TOKEN }}'
github-token: "${{ secrets.GITHUB_TOKEN }}"

- name: Enable auto-merge for Dependabot PRs
if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/docker-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Build and Push Docker Images
on:
# Only run after lint-and-test completes successfully
workflow_run:
workflows: ['Lint and Test']
workflows: ["Lint and Test"]
types: [completed]
branches: [master]

Expand Down Expand Up @@ -266,7 +266,7 @@ jobs:
password: ${{ secrets.DOCKER_PASSWORD }}
repository: ${{ env.IMAGE_NAME }}
readme-filepath: ./DOCKER_README.md
short-description: 'MCP Server with 203 tools, connection pooling, HTTP/SSE, OAuth 2.1, Code Mode, & tool filtering.'
short-description: "MCP Server with 203 tools, connection pooling, HTTP/SSE, OAuth 2.1, Code Mode, & tool filtering."

- name: Deployment Summary
if: github.ref == 'refs/heads/master'
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/lint-and-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache: "npm"

- name: Install dependencies
run: npm ci
Expand All @@ -50,8 +50,8 @@ jobs:
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24.x'
cache: 'npm'
node-version: "24.x"
cache: "npm"

- name: Install dependencies
run: npm ci
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/publish-npm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ on:
workflow_dispatch:
inputs:
version:
description: 'Version to publish (must match VERSION file or package.json)'
description: "Version to publish (must match VERSION file or package.json)"
required: false
default: ''
default: ""

permissions:
contents: read
Expand All @@ -30,9 +30,9 @@ jobs:
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24.x'
registry-url: 'https://registry.npmjs.org'
cache: 'npm'
node-version: "24.x"
registry-url: "https://registry.npmjs.org"
cache: "npm"

- name: Install dependencies
run: npm ci
Expand Down
40 changes: 20 additions & 20 deletions .github/workflows/security-update.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,20 @@ name: Security Update Check
on:
schedule:
# Run weekly on Sundays at 2 AM UTC
- cron: '0 2 * * 0'
- cron: "0 2 * * 0"
push:
branches: [master]
paths:
- 'Dockerfile'
- 'package.json'
- 'package-lock.json'
- '.trivyignore'
- "Dockerfile"
- "package.json"
- "package-lock.json"
- ".trivyignore"
pull_request:
branches: [master]
paths:
- 'Dockerfile'
- 'package.json'
- 'package-lock.json'
- "Dockerfile"
- "package.json"
- "package-lock.json"
workflow_dispatch:

permissions:
Expand Down Expand Up @@ -51,31 +51,31 @@ jobs:
uses: aquasecurity/trivy-action@0.33.1
with:
image-ref: security-test:latest
format: 'sarif'
output: 'trivy-results.sarif'
exit-code: '0'
format: "sarif"
output: "trivy-results.sarif"
exit-code: "0"
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
trivyignores: '.trivyignore'
skip-dirs: '/usr/local/lib/node_modules/npm'
severity: "CRITICAL,HIGH,MEDIUM"
trivyignores: ".trivyignore"
skip-dirs: "/usr/local/lib/node_modules/npm"

- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v4
if: always()
with:
sarif_file: 'trivy-results.sarif'
sarif_file: "trivy-results.sarif"

# Run table scan (blocking) after SARIF is uploaded
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.33.1
with:
image-ref: security-test:latest
format: 'table'
exit-code: '1'
format: "table"
exit-code: "1"
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
trivyignores: '.trivyignore'
skip-dirs: '/usr/local/lib/node_modules/npm'
severity: "CRITICAL,HIGH,MEDIUM"
trivyignores: ".trivyignore"
skip-dirs: "/usr/local/lib/node_modules/npm"

- name: Create security issue if vulnerabilities found
if: failure()
Expand Down
Loading
Loading