v3.0.6

[3.0.6] - 2026-03-18

Security

• SSRF bypass in JWT OIDC discovery — JwtValidator::discover_jwks_uri and JwksCache::get_client_for_issuer now accept an optional SsrfValidator that validates URLs before any network I/O. Previously, reqwest::get() was called directly on user-controlled issuer claims, allowing SSRF against internal services. New constructors JwtValidator::new_with_ssrf() and JwksClient::with_ssrf_validator() enable SSRF-protected operation. The ssrf module is now unconditionally available (was previously gated behind mcp-ssrf feature).
• JWT audience field RFC 7519 compliance — StandardClaims.aud changed from Option<String> to Option<Vec<String>> using serde_with::OneOrMany, correctly handling both "aud": "single" and "aud": ["one", "two"] formats per RFC 7519 §4.1.3. Previously, tokens from enterprise IdPs (Google, Azure AD, Okta) using the array format would fail deserialization.
• JWKS response size limit — JwksClient::fetch_and_cache now enforces a 64KB response body limit before JSON parsing, preventing memory exhaustion from malicious JWKS endpoints.
• DPoP server nonce implementation — generate_proof_with_params now embeds server-provided nonces as the "nonce" claim in DPoP proofs per RFC 9449 §8. Previously, the nonce parameter was silently discarded.
• PKCE plain method removed in WASM — verify_pkce in the WASM auth provider now rejects the "plain" method, enforcing "S256" per RFC 7636 §4.2.
• Constant-time comparison hardened in WASM — Replaced hand-rolled branchless comparison with subtle::ConstantTimeEq to resist LLVM optimizer constant-time assumption violations.
• Internal error leakage in JSON-RPC responses — Error handler now generates an opaque UUID error ID for clients and logs the full internal error server-side, preventing reconnaissance via error messages.
• Unbounded rate limiter memory — Added max_tracked_ips (default: 100,000) to RateLimitConfig with automatic eviction of expired entries when capacity is reached, preventing OOM under IP spoofing attacks.
• lz4_flex upgraded to 0.11.6 — Fixes RUSTSEC-2026-0041 (HIGH 8.2): information leak from uninitialized memory during decompression of invalid data.
• quinn-proto upgraded to 0.11.14 — Fixes RUSTSEC-2026-0037 (HIGH 8.7): denial of service in Quinn endpoints via malformed QUIC packets.
• lru replaced with moka — Resolves RUSTSEC-2026-0002 (unsound IterMut). OAuth2 token cache now uses moka::future::Cache (thread-safe, lock-free, with TTL support).

Fixed

• no_std compliance in turbomcp-types — Added #![cfg_attr(not(feature = "std"), no_std)] and cfg-conditional HashMap/BTreeMap imports in content.rs, results.rs, protocol.rs. Changed std::fmt to core::fmt in traits.rs and protocol.rs. Layer 1 crates now correctly support no_std + alloc.
• biased added to shutdown-critical select! blocks — tokio::select! in the line transport main loop and client message dispatcher now uses biased; to ensure shutdown signals are always checked first.
• Production unwrap() removed from HTTP transport — HeaderValue::from_str().unwrap() on session IDs replaced with graceful fallback.
• Mutex poisoning risk eliminated — std::sync::Mutex in channel transport replaced with parking_lot::Mutex (never poisons).
• Unnecessary allocation in router — request.params.clone().unwrap_or_default() replaced with borrow pattern in the initialize handler.
• Dead code cleanup — Removed unused detect_server_initiated_type function. Changed unused SessionManager methods to pub(crate).
• Workspace dependency consistency — turbomcp-grpc now uses { workspace = true } for internal deps instead of inline path specifications.
• License compliance — Added OpenSSL and Zlib to deny.toml allowlist. Added advisory ignores for compile-time-only crates (paste, proc-macro-error).

Changed

• Fraudulent security tests replaced — Three tests in security_attack_scenarios.rs that asserted on test data (not SDK behavior) were rewritten with meaningful assertions against actual crate behavior.
• Vacuous tests fixed — test_dispatcher_smoke (zero assertions) replaced with test_bidirectional_types_compile with real assertions. test_oauth2_expired_authorization (sleep with no assertion) marked #[ignore] with documented implementation path.
• Trybuild test documentation — Disabled trybuild tests now have precise reason strings and documented TODO items for v3 compile-fail scenarios.

Full Changelog: v3.0.5...v3.0.6

v3.0.5

[3.0.5] - 2026-03-17

Fixed

• Cross-platform compilation in turbomcp-proxy — All Unix domain socket code (BackendTransport::Unix, BackendConfig::Unix, UnixFrontend, with_unix_backend(), UnixTransport import, std::path::PathBuf import) is now gated behind #[cfg(unix)]. This allows turbomcp-proxy to compile cleanly on Windows, where Unix sockets are unavailable. Unix-specific CLI branches (BackendType::Unix match arms) and tests are similarly gated. The prelude re-export of UnixFrontend/UnixFrontendConfig is now also conditional.

Full Changelog: v3.0.4...v3.0.5

v3.0.4

[3.0.4] - 2026-03-15

Added

• Progress notification handler — New ProgressHandler trait and ProgressNotification re-export in turbomcp-client. The client now routes notifications/progress to a registered handler instead of silently dropping them. Register via ClientBuilder::with_progress_handler() or Client::set_progress_handler().
• Cursor-based pagination for all list operations — list_tools(), list_resources(), list_resource_templates(), and list_prompts() now automatically follow next_cursor to collect all pages (capped at 1000 pages as a safety bound). New *_paginated(cursor) variants (list_tools_paginated, list_resources_paginated, list_resource_templates_paginated, list_prompts_paginated) expose manual pagination control with the full result type including next_cursor.

Full Changelog: v3.0.3...v3.0.4

v3.0.3

[3.0.3] - 2026-03-15

Breaking Changes

• Strict single-version protocol policy — TurboMCP v3 now targets MCP 2025-11-25 only. SUPPORTED_VERSIONS narrowed to a single entry; ProtocolConfig::default() sets allow_fallback: false; Version::stable() and VersionCompatibility::CompatibleWithWarnings removed.
• Uri, MimeType, Base64String promoted to newtypes — These were type Alias = String; they are now #[serde(transparent)] newtype structs with Deref<Target = str>, From<String>, From<&str>, AsRef<str>, Display, and PartialEq<&str> impls. Wire format is unchanged.
• Content type alias removed — Use ContentBlock directly. The pub type Content = ContentBlock alias is deleted.
• ClientBuilder consolidated — The separate client/builder.rs is removed; builder logic is inlined into turbomcp-client/src/lib.rs. Public API is unchanged.
• API key auth now validates against configured value — AuthConfig::api_key(header) without api_key_value returns HTTP 500 (fail-closed). Use with_api_key_auth_value(header, value) or set TURBOMCP_API_KEY_VALUE env var.

Security

• Constant-time API key comparison — API key validation now uses subtle::ConstantTimeEq to prevent timing side-channel attacks.
• JWT scope enforcement — Auth middleware validates required_scopes against token scope/scp claims.
• JWT audience validation — Validates aud claim against server_uri per RFC 8707 to prevent cross-service token reuse.
• SSRF hardening with DNS resolution — Proxy URL validation now resolves hostnames via tokio::net::lookup_host and validates all resolved IPs against private/loopback/metadata ranges.
• JWKS URI construction fixed — Uses Url::join() instead of string concatenation to avoid double-slash bugs with trailing-slash issuers.
• Bearer token log truncation — Revocation log now emits only an 8-character token prefix instead of the full token.

Fixed

• Response waiter memory leak — ProtocolClient now cleans up response waiters on send failure and timeout, preventing DashMap entry leaks.
• Spurious shutdown warnings — Client::Drop no longer warns when shutdown() was already called.
• Resilience settings silently ignored — ClientBuilder::build() now returns an error (and build_sync() panics) if resilience settings are configured but build_resilient() is not used.
• --all-features compilation — Fixed missing dpop_config field in auth tests and Uri type mismatch in WASM crate.

Changed

• Dead code removal — Deleted axum_integration.rs, etc.
• WebSocket long-running tests implemented — Three previously-stub #[ignore] tests now use a real WebSocketTestServer harness.
• Token lifecycle tests implemented — Refresh token rotation and revocation tests now use OAuth2Client instead of raw HTTP.

Full Changelog: v3.0.2...v3.0.3

v3.0.2

[3.0.2] - 2026-03-08

Changed

• Eliminated unsafe code in LockFreeStack - Replaced hand-rolled Treiber stack (using crossbeam::epoch raw pointers, ptr::read, defer_destroy) with safe crossbeam::queue::SegQueue-backed implementation. Zero unsafe blocks remain in application-level code.
• Fixed turbomcp-wire compilation with --all-features - Added missing #[cfg(feature = "std")] gate on tracing::warn! call in StreamingJsonDecoder::feed().
• Dependency updates - Updated all workspace dependencies to latest versions for security, performance, and correctness:
  • Major bumps: simd-json 0.13→0.17, jsonschema 0.17→0.44, config 0.14→0.15, flume 0.11→0.12
  • Runtime: tokio 1.49→1.50, hyper 1.0→1.8, reqwest 0.13→0.13.2, serde 1.0→1.0.228, serde_json 1.0→1.0.149
  • Observability: tracing 0.1→0.1.44, tracing-opentelemetry 0.32→0.32.1, metrics 0.24→0.24.3
  • Security: ring 0.17→0.17.14, jsonwebtoken 10.2→10.3, base64 0.22→0.22.1
  • Diagnostics: miette 7.0→7.6, anyhow 1.0→1.0.102, color-eyre 0.6→0.6.5
  • Testing: criterion 0.8.1→0.8.2, proptest 1.9→1.10, insta 1.34→1.46, testcontainers 0.25→0.27, wiremock 0.6→0.6.5, serial_test 3.0→3.4
  • Utilities: arc-swap 1.6→1.8, crossbeam 0.8→0.8.4, ahash 0.8→0.8.12, walkdir 2.4→2.5

Full Changelog: v3.0.1...v3.0.2

v3.0.1

[3.0.1] - 2026-03-05

Added

• In-process channel transport - Zero-overhead channel transport using tokio::sync::mpsc channels for same-process MCP communication. Eliminates line framing, flushing, and redundant JSON parsing. 1.4x faster than rmcp on tool call latency (14μs vs 19μs), 1.2x higher throughput (71k rps vs 59k rps).
• TransportType::Channel variant - Added Channel to both turbomcp-core and turbomcp-transport-traits TransportType enums, with is_local() classification and proper Display/serde support.
• RequestContext::channel() factory - Convenience constructor for channel transport contexts in turbomcp-server.
• channel feature flag - New feature on turbomcp-server and turbomcp crates, included in all-transports bundle.

Fixed

• Channel transport type identification - ChannelTransport::transport_type() now correctly returns TransportType::Channel instead of TransportType::Stdio.

Full Changelog: v3.0.0...v3.0.1

v3.0.0

TurboMCP v3.0.0 Release Notes

TurboMCP v3.0.0 is a ground-up architectural rewrite of the TurboMCP SDK. The result: a leaner codebase (-47,000 lines net), edge-native WASM support, modular transports, and a zero-boilerplate developer experience -- all backed by a comprehensive security audit.

Highlights

• Zero-boilerplate proc macros -- #[mcp_server], #[tool], #[resource], #[prompt] generate full MCP servers from plain Rust impl blocks
• Edge-native WASM -- First-class Cloudflare Workers support with Durable Objects, streaming transport, and WASM-native OAuth 2.1
• Modular transport crates -- STDIO, HTTP/SSE, WebSocket, TCP, and Unix socket each live in their own crate behind feature flags
• Unified McpHandler trait -- Write once, deploy to native and WASM targets
• Comprehensive security audit -- Critical-to-low fixes across 25 crates (JWT algorithm confusion, DPoP hardening, SSRF protection, TLS 1.3 default, and more)
• Integrated telemetry -- OpenTelemetry, Prometheus metrics, and structured logging via a single telemetry feature flag
• CLI tooling -- turbomcp new, turbomcp build, turbomcp dev, turbomcp deploy, turbomcp install

---

Zero-Boilerplate Server Development

Define an MCP server in a handful of lines:

use turbomcp::prelude::*;

#[derive(Clone)]
struct Calculator;

#[mcp_server(name = "calculator", version = "1.0.0")]
impl Calculator {
    #[tool(description = "Add two numbers")]
    async fn add(&self, a: i64, b: i64) -> i64 {
        a + b
    }
}

#[tokio::main]
async fn main() {
    Calculator.run_stdio().await.unwrap();
}

Schemas are generated at compile time. Transport methods (run_stdio(), run_tcp(), run_http(), run_unix()) are generated automatically. Tags, versioning, and context injection are all supported via attributes.

Edge-Native WASM (turbomcp-wasm)

• Durable Objects -- Rate limiter, session store, state store, token store
• Streaming transport -- Streamable HTTP with SSE for edge servers
• Composite servers -- Multi-server composition with namespace isolation
• Rich middleware -- Auth, rate limiting, logging, CORS
• WASM-native auth -- Web Crypto API integration, PKCE, multi-provider OAuth 2.1, DPoP
• Worker error integration -- WorkerError newtype and WorkerResultExt for ergonomic ? with Workers APIs

New Crates

Crate	Purpose
turbomcp-core	no_std foundation types and McpHandler trait
turbomcp-transport-traits	Lean transport trait definitions
turbomcp-stdio	Extracted STDIO transport
turbomcp-http	Extracted HTTP/SSE client transport
turbomcp-websocket	Extracted WebSocket transport
turbomcp-tcp	Extracted TCP transport
turbomcp-unix	Extracted Unix domain socket transport
turbomcp-transport-streamable	MCP 2025-11-25 Streamable HTTP types
turbomcp-wasm	WASM server runtime for Cloudflare Workers
turbomcp-wasm-macros	Proc macros for WASM servers
turbomcp-openapi	OpenAPI 3.x to MCP conversion
turbomcp-telemetry	Integrated observability

Security Hardening

Critical

• JWT algorithm confusion prevention -- fail-closed validation, key-type/algorithm enforcement
• Secret redaction in serialization -- auth config secrets serialize as [REDACTED]
• DPoP proof replay protection with enhanced nonce validation
• TLS certificate validation bypass now requires explicit opt-in (TURBOMCP_ALLOW_INSECURE_TLS=1)
• Unified jsonwebtoken v10.2 with aws_lc_rs backend

High

• parking_lot::Mutex replaces std::sync::Mutex (no panic on poisoned lock)
• Bounded STDIO messages prevent unbounded memory allocation
• Session ID length validation (max 256 bytes)
• TLS 1.3 default, native-tls completely eliminated
• JWT algorithm allowlist (asymmetric only)
• Enhanced path traversal protection (URL-encoded, null byte, Unicode lookalike detection)

Medium

• SSRF protection (private networks, localhost, cloud metadata, link-local, multicast)
• RFC 8414 OpenID Connect Discovery for async JWKS resolution
• DPoP binding validation with thumbprint verification
• API key minimum length (32 characters)

Low

• EMA overflow protection, gRPC capability validation, Unix socket graceful shutdown
• CLI path validation, configurable HTTP User-Agent, improved macro error spans

CLI Enhancements

• turbomcp new -- Scaffold new projects from templates (WASM, native, hybrid)
• turbomcp build -- WASM-aware build pipeline with wasm-pack integration
• turbomcp dev -- Development server with hot reload and file watching
• turbomcp deploy -- Deploy to Cloudflare Workers
• turbomcp install -- Install servers to Claude Desktop and Cursor

Protocol & Transport

• MCP 2025-11-25 support (latest spec) with configurable version negotiation
• Protocol version presets -- latest(), compatible() (Claude Code), strict(version)
• Streamable HTTP transport -- Session management, SSE event streams, no_std support
• Child process STDIO -- StdioTransport::from_child() and StdioTransport::from_raw()
• Custom struct tool returns -- IntoToolResult for Json<T>
• CORS hardening -- Echoes request Origin instead of wildcard *, adds Vary: Origin

Dependency Upgrades

• reqwest 0.12 -> 0.13 (with OAuth2HttpClient adapter)
• tokio 1.47 -> 1.49
• axum 0.8.4 -> 0.8.8
• sonic-rs 0.3 -> 0.5
• opentelemetry 0.28 -> 0.31
• criterion 0.7 -> 0.8
• compact_str 0.8 -> 0.9
• native-tls completely eliminated from dependency tree

Breaking Changes

• JwtValidator::new() is now async with RFC 8414 discovery
• McpError::validation() renamed to McpError::invalid_params()
• TlsVersion::default() returns Tls13 instead of Tls12
• Legacy V2 macro modules removed (attrs, helpers, template, uri_template)
• Old handler system, elicitation module, multi-tenant config removed from turbomcp-server
• Removed injection, lifespan, registry, session, simd, sse_server modules from turbomcp

See MIGRATION.md for a complete migration guide.

By the Numbers

• 1,787 tests passing
• Zero clippy warnings with --all-features
• All transports verified: STDIO, TCP, HTTP, WebSocket, Unix socket, gRPC
• 25 crates audited
• -47,000 lines net code reduction
• Rust 1.89.0, MCP spec 2025-11-25

Full Changelog: v2.3.6...v3.0.0

TurboMCP v3.0.0-beta.5

[3.0.0-beta.5] - 2026-02-23

Security

• DPoP authentication hardening - Comprehensive DPoP (RFC 9449) implementation across turbomcp components with enhanced proof-of-possession validation, token binding, and authorization flows (turbomcp-auth, turbomcp-dpop, turbomcp-server)
• WASM authentication provider - Full OAuth 2.1 provider for WASM targets with Web Crypto API integration, secure token storage, and PKCE support (turbomcp-wasm)

Added

WASM Server Architecture (turbomcp-wasm, turbomcp-wasm-macros)

• Durable Objects support - Rate limiter, session store, state store, and token store durable objects for Cloudflare Workers
• Streaming transport - Streamable HTTP transport for edge-native WASM servers with SSE support
• Composite server - Multi-server composition with namespace isolation for WASM targets
• Rich context system - Enhanced request context with authentication, rate limiting, and middleware state
• Middleware stack - Typed middleware system for WASM servers (auth, rate limiting, logging, CORS)
• Testing utilities - Comprehensive test harness for WASM server implementations

CLI Enhancements (turbomcp-cli)

• turbomcp new command - Project scaffolding with templates for WASM, native, and hybrid servers
• turbomcp build command - WASM-aware build pipeline with wasm-pack integration
• turbomcp deploy command - Deploy scaffolding for Cloudflare Workers and other edge platforms

Streamable HTTP Transport (turbomcp-transport-streamable)

• New crate providing MCP 2025-11-25 Streamable HTTP transport types
• Session management with configurable timeouts and cleanup
• SSE event stream handling with proper connection lifecycle

MCP Content Types Enhancement (turbomcp-types, turbomcp-protocol)

• Metadata fields - Added metadata support to MCP content types for extensibility
• Polymorphic serialization - Robust SamplingContentBlock serialization supporting text, image, and audio content
• Role display implementation - Display trait for Role enum for human-readable output

Auth Tower Middleware (turbomcp-auth)

• Rate limiting middleware - Token bucket rate limiter as Tower middleware with configurable per-client limits
• Auth metrics - Observable authentication metrics (success/failure rates, latency histograms)
• Auth context - Request-scoped authentication context with claims, scopes, and DPoP binding

Changed

• Strict protocol compliance - Enhanced macro-generated code for stricter MCP protocol adherence across tool handlers and server initialization (turbomcp-macros, turbomcp-core)
• Error handling improvements - Extended McpError with additional error variants for protocol compliance
• Router enhancements - Improved handler routing with better error propagation (turbomcp-core)
• Client dispatcher - Refined client-server interaction patterns (turbomcp-client)

Fixed

• Protocol compliance - Fixed strict protocol compliance issues in server macro generation and tool handler dispatch (turbomcp-macros, turbomcp-core)
• Name alias resolution - Fixed crate name alias configuration

Internal

• Code cleanup and polish across workspace
• CI workflow improvements for WASM builds and performance testing
• Dependency version updates across all crates

Full Changelog: 3.0.0-beta.4...v3.0.0-beta.5

TurboMCP 3.0.0-beta.4

[3.0.0-beta.4] - 2026-02-17

Security

Comprehensive Security Audit Remediation

Full security audit across all 25 crates with fixes at all severity levels.

CRITICAL (turbomcp-auth, turbomcp-dpop, turbomcp-wasm)

• JWT algorithm confusion prevention - Fail-closed validation when algorithm list is empty
• Key-type/algorithm compatibility enforcement - RSA keys restricted to RS* algorithms, EC keys to ES* algorithms
• Secret redaction in serialization - Auth config secrets now serialize as [REDACTED] instead of plaintext
• DPoP proof replay protection - Enhanced nonce validation and proof binding checks
• WASM JWT hardening - Replaced window.atob() with standard base64 crate for universal WASM target support

HIGH (turbomcp-client, turbomcp-transport, turbomcp-protocol)

• Client mutex upgrade - Replaced std::sync::Mutex with parking_lot::Mutex (no panic on poisoned lock)
• Bounded STDIO messages - LinesCodec::new_with_max_length() prevents unbounded memory allocation
• Session ID length validation - SessionId rejects IDs longer than 256 bytes
• TCP strict mode - Configurable strict_mode for JSON parse error handling (disconnect vs log-and-continue)

MEDIUM (turbomcp-auth, turbomcp-protocol, turbomcp-websocket)

• SSRF protection hardening - Blocks private networks, localhost, cloud metadata, link-local, multicast
• RFC 8414 OpenID Connect Discovery - JWT validator supports async discovery of JWKS endpoints
• DPoP binding validation - AuthContext::validate_dpop_binding() for thumbprint verification
• Enhanced elicitation validation - Stricter input validation for elicitation request types

LOW (across workspace)

• EMA overflow protection - Saturating arithmetic in transport metrics prevents u64 overflow
• gRPC capability validation - validate_capabilities() builder method with tracing::warn!
• Unix socket graceful shutdown - Broadcast-based shutdown with JoinSet task lifecycle management
• CLI path validation - Absolute path verification before filesystem operations
• Macro error improvements - syn::Error span-based errors for better IDE integration
• Configurable HTTP User-Agent - Optional user_agent field to control fingerprinting

Added

New Crates

• turbomcp-openapi - OpenAPI 3.x to MCP conversion
  • GET endpoints → MCP Resources, POST/PUT/PATCH/DELETE → MCP Tools
  • Built-in SSRF protection, configurable timeouts, regex route mapping
• turbomcp-transport-streamable - Streamable HTTP transport types (MCP 2025-11-25)
  • Pure no-I/O SSE encoding/decoding, session management, no_std support

WASM Server Architecture (turbomcp-wasm)

• Durable Objects - DurableRateLimiter, DurableSessionStore, DurableStateStore, DurableTokenStore
• Streamable Transport - Session-based HTTP streaming with Server-Sent Events
• Enhanced Auth Provider - WASM-native crypto, multi-provider OAuth 2.1, DPoP, JWKS caching
• Rich Request Context - HTTP headers, method, path, query, correlation IDs, auth principal
• Middleware System - Request/response interception, rate limiting, logging hooks
• Visibility Control - Tool/resource/prompt visibility with user/role-based access
• Composite Servers - Compose multiple servers with automatic namespacing and secure CORS

WASM Procedural Macros (turbomcp-wasm-macros)

• #[server(name = "...", version = "...")] - Transform impl blocks into MCP servers
• #[tool("description")], #[resource("uri")], #[prompt("description")] - Handler registration
• Identical attribute syntax to native turbomcp-macros

Server Composition (turbomcp-server)

• Composite Server - Combine multiple servers with automatic prefixing
• Typed Middleware - Per-operation middleware hooks for all MCP operations
• Visibility/Access Control - Role-based resource access

CLI Enhancements (turbomcp-cli)

• turbomcp build - Build for native and WASM targets (Cloudflare Workers, Deno, generic wasm32)
• turbomcp dev - Development server with hot reload and file watching
• turbomcp install - Install servers to Claude Desktop and Cursor
• turbomcp deploy - Deploy to Cloudflare Workers
• turbomcp new - Create new MCP server projects from templates

Child Process Support (turbomcp-stdio)

• StdioTransport::from_child(&mut Child) - Transport from spawned child process
• StdioTransport::from_raw<R, W>(reader, writer) - Custom AsyncRead/AsyncWrite streams

Custom Struct Tool Returns (turbomcp-core)

• IntoToolResult for Json<T> - Tool handlers can return custom structs wrapped in Json<T>

Macro Enhancements (turbomcp-macros)

• Tags and versioning - #[tool(tags = ["admin"], version = "2.0")] on tools, resources, prompts
• Type-based RequestContext detection - Detects by type, not parameter name
• Improved error messages - syn::Error span-based errors, better deprecated attribute guidance

Authentication (turbomcp-auth)

• AuthContext with requires_dpop() and validate_dpop_binding() methods
• JWT validator async creation with RFC 8414 discovery

Changed

Breaking

• JWT validator - JwtValidator::new() is now async with RFC 8414 discovery
• Error types - McpError::validation() → McpError::invalid_params() in auth validation

Improvements

• CORS hardening - Echoes request Origin header instead of wildcard *, adds Vary: Origin
• Prelude - Added Role to prelude for ergonomic PromptResult builder API
• parking_lot workspace dep - Standardized to 0.12.5 across workspace
• WASM builder API - .tool() replaces .with_tool() (deprecated), same for resources/prompts

Fixed

• JWT base64 decoding (turbomcp-wasm) - Cloudflare Workers compatibility (no window.atob())
• Property test (turbomcp-transport) - prop_cache_clear_works deduplicates IDs correctly
• Prompt context detection (turbomcp-macros) - Detects &RequestContext by type, not name
• Client semaphore handling (turbomcp-client) - Graceful degradation when handler semaphore closed
• Sampling handler (turbomcp-client) - Removed panic on poisoned lock

Documentation

• Macro syntax (docs/api/macros.md) - Corrected resource macro syntax, parameter descriptions
• McpHandler Clone bound (turbomcp-core) - Documented Arc pattern for shared state
• Wire codec (turbomcp-wire) - Send+Sync docs, MsgPackCodec security notes
• TelemetryGuard lifecycle (turbomcp-telemetry) - Drop behavior documentation
• CLI security warnings (turbomcp-cli) - STDIO risks, token exposure, permissions

Test Results

• 1,787 tests passing
• Zero clippy warnings with --all-features
• All transports verified: STDIO, TCP, HTTP, WebSocket, Unix socket, gRPC

Full Changelog: v3.0.0-beta.3...3.0.0-beta.4

TurboMCP v3.0.0-beta.3

[3.0.0-beta.3] - 2026-01-22

Security

JWT Algorithm Confusion Attack Prevention (turbomcp-wasm)

• Fail-Closed Algorithm Validation - Empty algorithm lists now return an error instead of bypassing validation
• Key-Type/Algorithm Compatibility - RSA keys can only be used with RS* algorithms, EC keys with ES* algorithms
• Removed Default for JwtConfig - Prevents accidental creation of insecure configurations
• HTTPS Enforcement for JWKS - JWKS URLs must use HTTPS (localhost exempt for development)
• Added allow_insecure_http() for development/testing only
• Added comprehensive security tests for algorithm confusion and HTTPS validation

Added

Worker Error Integration (turbomcp-wasm)

• WorkerError newtype wrapper - Enables worker::Error to ToolError conversion via .map_err(WorkerError)
• WorkerResultExt trait - Ergonomic .into_tool_result() method for worker::Result<T>
• Both approaches enable full ? operator support with Cloudflare Workers APIs (KV, Durable Objects, R2, D1, etc.)

Documentation

OAuth and Authentication (turbomcp-wasm)

• Comprehensive OAuth Protection Guide - Three authentication patterns documented:
  1. Cloudflare Access (recommended for production)
  2. Custom JWT Validation (for self-hosted OAuth/OIDC)
  3. Bearer Token (development only, with security warnings)
• Worker Error Integration Examples - Usage examples for WorkerError and WorkerResultExt
• Security Checklist - Production deployment checklist for authentication

Full Changelog: v3.0.0-beta.1...v3.0.0-beta.3