DollhouseMCP

# DollhouseMCP v1.2.0 Release Notes ## 🎉 Security & Reliability Update We're excited to announce the release of DollhouseMCP v1.2.0, which brings important security enhancements and improved reliability to the auto-update system. ## 🔒 Security Enhancements ### Rate Limiting (#72) - **Token bucket algorithm** prevents update check abuse - Default limits: 10 checks per hour with 30-second minimum delay between checks - Clear, helpful error messages showing wait times and reset information - Rate limit status integrated into server status display ### Signature Verification (#73) - **GPG signature verification** ensures release authenticity - Verifies git tag signatures during update checks - Shows signature status and signer information in update results - Configurable trusted key management - Development mode allows unsigned releases for testing ## 📋 Quality Improvements ### Comprehensive CI Testing (#92) - Added **44 new tests** across 3 test files - Environment variable validation - Shell compatibility verification - Path safety and traversal prevention - Total test count increased from 265 to 309 ### Documentation (#62) - Created comprehensive auto-update system architecture documentation - Detailed component descriptions: UpdateManager, BackupManager, UpdateChecker, RateLimiter, SignatureVerifier - Workflow diagrams and troubleshooting guides - Security implementation details ### NPM Publishing Ready (#40) - Package fully prepared for npm registry publication - Added proper metadata: "files", "publishConfig", and "funding" fields - Created .npmignore file for clean packages - Package size optimized to 278.8 kB ## 🐛 Bug Fixes - Fixed SignatureVerifier test mock setup for ESM modules - Fixed UpdateChecker error handling for non-Error objects - Improved path resolution for CI environments ## 📊 By the Numbers - **Tests**: 309 (up from 265) - **Security Tests**: 28+ dedicated security tests - **Package Size**: 278.8 kB (optimized) - **Default Rate Limit**: 10 update checks per hour ## 🚀 Upgrading To upgrade to v1.2.0: ```bash # Using the auto-update system 1. In Claude Desktop, use: check_for_updates 2. Then use: update_server true # Or manually git pull origin main npm install npm run build ``` ## 📝 Notes - All existing UpdateChecker security features from v1.1.0 remain in place - Rate limiting helps prevent accidental or malicious API abuse - Signature verification adds an extra layer of security for releases - The update system now provides better user feedback and error messages ## 🙏 Acknowledgments Thank you to the DollhouseMCP community for your continued support and feedback! ## 📚 Full Changelog See [CHANGELOG.md](https://github.com/DollhouseMCP/mcp-server/blob/main/CHANGELOG.md) for the complete list of changes. --- **DollhouseMCP v1.2.0** - Security & Reliability Update Released: July 7, 2025