v1.10.10

Patch Changes

• #312 62516b5 - Remove fallback to build from source in publish workflow

  The NPM and GitHub Packages publish jobs now fail explicitly if pre-built artifacts are not found, instead of falling back to building from source. This ensures we always publish exactly what was tested and validated in the Main workflow, maintaining supply chain integrity.

v1.10.9

Patch Changes

• ac24e63 - Fix cross-workflow artifact downloads by adding run-id parameter

  The Publish workflow was unable to download artifacts from the Main workflow because the actions/download-artifact@v4 action defaults to only downloading artifacts from the current workflow run. Added the run-id and github-token parameters to all three download steps (NPM, GitHub Packages, and Docker) to enable cross-workflow artifact access.

v1.10.8

Patch Changes

• #311 323854c - Fix Docker artifact naming to match NPM pattern for consistent artifact resolution

  Changed Docker artifact naming from docker-image-{SHA} to docker-image-{VERSION} to match the NPM artifact pattern. This ensures the determine-artifact.sh script can find Docker artifacts using the same logic as NPM artifacts, eliminating the need for conditional logic based on artifact type.

v1.10.7

Patch Changes

• #310 e166a4e - Update lint-staged from 16.2.3 to 16.2.4

  This is a dev dependency update for the pre-commit hook tooling. No changes to production code or user-facing functionality.

• #310 e166a4e - Fix artifact name resolution in publish workflow by using full commit SHA

  The determine-artifact.sh script was incorrectly shortening the parent commit SHA to 7 characters when searching for artifacts, but the main workflow creates artifacts with the full SHA. This mismatch caused the publish workflow to fail when trying to locate Docker and NPM artifacts for publishing.

v1.10.6

Patch Changes

• b3befb7 - Fix race condition by generating attestations before creating release to ensure Main workflow completes before Publish workflow starts

v1.10.5

Patch Changes

• 8050985 - Fix artifact naming to use github.sha for consistency with publish workflow

v1.10.4

Patch Changes

• 0a14753 - Fix production install in release workflow by skipping prepare script that requires husky

v1.10.1

Patch Changes

• #296 2b46244 - Fix Docker build workflow ordering to ensure artifacts exist before release

  • Split version determination from release creation in main workflow
  • Build Docker image BEFORE creating GitHub release
  • Ensures Docker artifact exists when publish workflow is triggered
  • Prevents race condition where publish workflow can't find Docker artifacts

• 4ceaf1f - test: verify workflow fixes are working correctly

  Testing the prepare-release-assets workflow after refactoring

v1.10.0

Minor Changes

• #295 4ea3a14 - feat: add Docker build and Trivy security scanning to CI/CD pipeline
  • Add Docker image building and vulnerability scanning to PR workflow for shift-left security
  • Build multi-platform Docker images in main workflow and store as artifacts
  • Refactor publish workflow to use pre-built images from main for deterministic deployments
  • Create reusable Docker workflow for consistent build and scan process
  • Add Trivy container scanning with results uploaded to GitHub Security tab
  • Control Docker features via single ENABLE_DOCKER_RELEASE repository variable
  • Add .dockerignore to optimize build context
  • Support for linux/amd64 and linux/arm64 platforms

v1.9.0

Minor Changes

• #294 49fdac0 - feat: add HTTP transport support for MCP server

  Implements Streamable HTTP transport as an alternative to stdio, enabling:

  • Web service deployments and programmatic access via HTTP/REST
  • Session management with automatic lifecycle control
  • RESTful API endpoints for MCP operations
  • Server-sent events for real-time notifications
  • Security features including DNS rebinding protection and CORS configuration

  This change maintains full backward compatibility with the default stdio transport.