Skip to content

v0.3.4

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 02 Nov 17:53
· 0 commits to main since this release
v0.3.4
This tag was signed with the committer’s verified signature.
Mossaka Jiaxiao Zhou
GPG key ID: C305CB59A1829214
Verified
Learn about vigilant mode.
e811bdd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • Component registry validation pipeline that automatically validates new or modified component URIs in component-registry.json on pull requests, ensuring all URIs can be successfully loaded by wassette before merging changes (#456)
  • Memory server example (examples/memory-js) demonstrating a knowledge graph storage system as a WebAssembly component, migrated from the MCP memory server with in-memory persistence, supporting entity and relation management, observations, and full-text search capabilities (#437)
  • arXiv research component (examples/arxiv-rs) in Rust that provides three functions: search-papers for searching arXiv with query, max results, date, and category filters; download-paper for downloading PDF files; and read-paper for fetching paper metadata and abstracts. The component uses the arXiv API and returns formatted markdown output (#436)
  • Comprehensive test coverage for component2json crate with example components added to testdata directory (fetch-rs, brave-search-rs, context7-rs under 1MB) to validate JSON schema generation across different language ecosystems (#429)
  • Added wassette inspect subcommand for debugging WebAssembly components, displaying their JSON schema for inputs and outputs. This provides a convenient way to inspect component metadata without loading them into the MCP server (#430)
  • Added just install command for convenient local installation to ~/.local/bin (#449)
  • Configurable bind address for HTTP-based transports (SSE and StreamableHttp) via CLI flag --bind-address, environment variable WASSETTE_BIND_ADDRESS, or configuration file field bind_address. Default remains 127.0.0.1:9001 for backward compatibility (#445)
  • Cookbook tutorial for publishing Wasm components to OCI registries (GHCR) using wkg CLI tool and GitHub Actions, including local development workflow, automated CI/CD publishing, signing with Cosign, version management strategies, and troubleshooting guide (#426)
  • Prepared policy crate for publication to crates.io with comprehensive README.md and complete package metadata (description, repository, documentation, homepage, keywords, categories, authors). The policy crate is now ready to be published as a standalone library for other projects like policy-mcp (#427)
  • Automated CHANGELOG synchronization with release pipeline: Release workflow extracts changelog content for release notes and automatically updates CHANGELOG.md post-release. Implemented using Python scripts with unit tests. The update-changelog job now checks that the release job succeeded before running. (#404)
  • Migration guide documentation for converting JavaScript-based MCP servers to Wassette WebAssembly components in the cookbook section, with step-by-step instructions, code examples, and a complete weather service migration walkthrough (#400)
  • Configuration Files reference documentation covering Wassette server configuration files (config.toml) and build/toolchain configuration files (Cargo.toml, rust-toolchain.toml, rustfmt.toml, etc.) with detailed schemas, examples, and best practices (#401)
  • Concepts documentation page explaining MCP fundamentals (server vs client, tools, prompts, resources), WebAssembly Component Model (components, WIT, bindings), how Wassette translates components to MCP tools, and the policy/capability model (#397)
  • Developer documentation section with comprehensive "Getting Started" guide covering prerequisites, building, testing, code formatting, development workflow, CI/CD, and project structure for contributors (#396)
  • Documentation reference for commonly used HTTP domains in network permissions, providing a comprehensive list of frequently needed domains organized by category (package registries, version control systems, cloud providers, container registries, AI/ML APIs, CDNs, documentation sites, and CI/CD services) to help users make informed decisions when granting network permissions (#368)
  • Added --disable-builtin-tools flag to the serve command that allows disabling all built-in tools (load-component, unload-component, list-components, get-policy, grant/revoke permissions, search-components, reset-permission). When enabled, only loaded component tools will be available through the MCP server (#374)
  • Comprehensive Docker documentation and Dockerfile for running Wassette in containers with enhanced security isolation, including examples for mounting components, secrets, configuration files, and production deployment patterns with Docker Compose (#369)
  • rust-toolchain.toml file specifying Rust 1.90 as the stable toolchain version, ensuring consistent Rust version across development environments and CI/CD pipelines (#371)
  • AI agent development guides (AGENTS.md and Claude.md) that consolidate development guidelines from .github/instructions/ into accessible documentation for AI agents working on the project (#360)
  • Comprehensive installation guide page consolidating all installation methods (one-liner script, Homebrew, Nix, WinGet) organized by platform (Linux, macOS, Windows) with verification steps and troubleshooting sections (#326)
  • Cookbook section in documentation with language-specific guides for building Wasm components in JavaScript/TypeScript, Python, Rust, and Go (#328)
  • Multi-version documentation support with version dropdown, hosting at /wassette/latest/ (main) and /wassette/vX.Y/ (tags) (#336)
  • Automated release preparation and package manifest update workflows to eliminate manual version bump PRs (#320)
  • User-focused permissions documentation under new "Using Wassette" section, providing practical how-to guides for managing permissions (#333)
  • Added $schema field to all policy YAML files referencing the policy-mcp schema for better IDE support and validation (#331)
  • Documentation for GitHub Agentic Workflows explaining how the repository uses @githubnext/gh-aw for automated issue triage and research tasks (#353)
  • Comprehensive documentation in RELEASE.md for releasing example component images to GHCR, including automatic publishing workflow, manual release process, and instructions for adding new examples (#362)
  • GitHub Actions workflow .github/workflows/copilot-setup-steps.yml that provides reusable setup steps for GitHub Copilot coding agents to prepare a complete development environment with Rust, just, protobuf, wasm-tools, and other essential tools (#366)
  • Added rules/agent.md instruction file for AI agents emphasizing use of grant-xxx-permission tools instead of manually editing policy files, with installation instructions in the installation guide (#372)
  • Comprehensive documentation on wit-docs-inject usage for embedding WIT documentation into WASM components and translating it to AI agent tool descriptions (#411)
  • Agentic workflow for automatic CHANGELOG PR link addition: When PRs modify CHANGELOG.md, the workflow automatically adds PR links to new entries in the Unreleased section, ensuring consistent formatting and making it easier to track changes back to their source PRs (#442)
  • Release branch strategy to prevent development blockages: Release pipeline now creates and preserves dedicated release branches (e.g., release/vX.Y.Z) for the entire release process, ensuring that ongoing development on main is not blocked by release activities (#474)

Changed

  • Improved CLI help text for transport flags: changed from "Enable XXX transport" to "Serving with XXX transport" for better clarity on what the flags do (#446)
  • Updated wasmtime dependencies from version 36 to 38.0.2 (wasmtime, wasmtime-wasi, wasmtime-wasi-http, wasmtime-wasi-config) (#433)
  • Refactored duplicated tool name string constants in src/main.rs by introducing centralized const definitions, eliminating duplication between TryFrom and AsRef implementations (#418)
  • Updated publish examples workflow to include new examples: brave-search-rs, context7-rs, and get-open-meteo-weather-js (#416)
  • Streamlined README.md by removing detailed sections on "Built-in Tools", "Building WebAssembly Components", "Community Components", and "Documentation" in favor of linking to comprehensive documentation pages (#408)
  • Removed duplicate built-in tools listing from docs/design/permission-system.md and replaced with reference link to docs/reference/built-in-tools.md (#414)
  • Removed duplicate built-in tools listing from docs/faq.md and replaced with reference link to docs/reference/built-in-tools.md (#414)
  • Added cross-references throughout documentation (docs/concepts.md, docs/overview.md, docs/faq.md) to link to detailed reference documentation for permissions and built-in tools, reducing content duplication while improving navigation (#414)
  • Simplified README "Installation" section to show only quick start and link to full installation guide (#408)
  • Updated "Using Wassette" section in README to remove installation instructions and focus on component loading workflow (#408)
  • Created new documentation pages: docs/reference/built-in-tools.md for tool reference and docs/reference/community-components.md for community projects (#408)
  • Removed redundant "Docker Deployment" section from README.md; users are directed to the comprehensive Docker deployment guide via the installation methods list (#393)
  • Moved permissions documentation from "Using Wassette" section to "Reference" section, placing it after CLI reference for better organization and discoverability (#370)
  • Reorganized documentation structure by moving CLI reference to a new reference section in the mdBook for better organization (#370)
  • BREAKING CHANGE: Release workflow no longer pushes CHANGELOG updates directly to main; instead creates a PR from the release branch for review and merging, preventing development blockages during release process (#474)
  • Updated README.md to reference the new dedicated installation guide for complete installation instructions (#326)
  • Removed separate homebrew.md, nix.md, and winget.md pages to eliminate duplication; all installation content is now consolidated in installation.md (#326)
  • Added tabbed interface for installation instructions organized by platform (Linux, macOS, Windows, Nix) using mdbook-tabs preprocessor (#326)
  • Updated README.md, docs/faq.md, and RELEASE.md to include all examples in the examples directory: brave-search-rs, context7-rs, eval-py, fetch-rs, filesystem-rs, get-open-meteo-weather-js, get-weather-js, gomodule-go, memory-js, and time-server-js (#376)
  • Configure prepare-release workflow to use RELEASE_TOKEN secret for creating pull requests, allowing custom PAT authentication (#387)

Fixed

  • Fixed post-release workflows not triggering properly: Release workflow now uses RELEASE_TOKEN instead of GITHUB_TOKEN to allow triggering downstream workflows, and Publish Examples workflow corrected event type from publish to published (#395)
  • Fixed invalid workflows permission in dependabot-automerge workflow file that caused GitHub Actions validation error (#322)
  • Fixed Mermaid sequence diagram rendering in documentation by adding mdbook-mermaid preprocessor configuration (#324)
  • Copyright check script now skips auto-generated bindings.rs files containing wit-bindgen markers, preventing incorrect license header additions to generated code while still checking custom bindings.rs files (#338)
  • Made dependabot automerge workflow non-blocking by adding continue-on-error: true to the auto-merge step, preventing workflow failures from blocking PRs when automerge cannot be enabled (#355)
  • Fixed release pipeline changelog extraction to support extracting from [Unreleased] section when version is not yet published, allowing releases to be created before the CHANGELOG is automatically updated by the release workflow (#472)

Security

  • Fixed RUSTSEC-2025-0095/RUSTSEC-2025-0111 (CVE-2025-62518) - tokio-tar PAX extended headers file smuggling vulnerability (#483)
  • Fixed RUSTSEC-2025-0112 - wasmtime host-to-wasm component intrinsics vulnerability (#480)

Downloads

Linux

macOS (Darwin)

Windows

Install

All Platforms (Shell Script)

curl -fsSL https://raw.githubusercontent.com/Mossaka/wassette/main/install.sh | bash

This will detect your platform and install the latest wassette binary to your $PATH.

Usage

# Start the MCP server
wassette serve --sse --policy-file policy.yaml
Assets 8
Loading