@socialneuron/mcp-server 1.3.2 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/README.md +13 -4
- package/dist/http.js +1234 -527
- package/dist/index.js +1074 -429
- package/package.json +4 -2
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,14 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to `@socialneuron/mcp-server` will be documented in this file.
|
|
4
4
|
|
|
5
|
+
## [1.4.0] - 2026-03-13
|
|
6
|
+
|
|
7
|
+
### Changed
|
|
8
|
+
- **Telemetry is now opt-IN**: No data is sent unless `SOCIALNEURON_TELEMETRY=1` is explicitly set. Previously telemetry was opt-out.
|
|
9
|
+
- **PostHog moved to optionalDependencies**: `posthog-node` is no longer a required runtime dependency. The package works fully without it installed. This reduces supply chain surface and resolves socket.dev security flags.
|
|
10
|
+
- **Dynamic import**: PostHog is loaded via `import()` at runtime, silently skipped if unavailable.
|
|
11
|
+
- `DO_NOT_TRACK=1` continues to override and disable telemetry in all cases.
|
|
12
|
+
|
|
5
13
|
## [1.3.2] - 2026-03-13
|
|
6
14
|
|
|
7
15
|
### Fixed
|
package/README.md
CHANGED
|
@@ -250,17 +250,26 @@ Each iteration produces smarter content as performance data feeds back into the
|
|
|
250
250
|
- SSRF protection on all URL parameters with DNS rebinding prevention
|
|
251
251
|
- Rate limiting per user with per-tool limits for expensive operations
|
|
252
252
|
- Agent loop detection prevents runaway automation
|
|
253
|
-
-
|
|
253
|
+
- Telemetry is off by default — opt in with `SOCIALNEURON_TELEMETRY=1`
|
|
254
254
|
|
|
255
255
|
See [SECURITY.md](./SECURITY.md) for our vulnerability disclosure policy and credential safety details.
|
|
256
256
|
|
|
257
257
|
## Telemetry
|
|
258
258
|
|
|
259
|
-
|
|
259
|
+
Telemetry is **off by default**. No data is collected unless you explicitly opt in.
|
|
260
260
|
|
|
261
|
-
**To
|
|
261
|
+
**To enable**: Set `SOCIALNEURON_TELEMETRY=1` in your environment.
|
|
262
262
|
|
|
263
|
-
|
|
263
|
+
**To disable**: `DO_NOT_TRACK=1` or `SOCIALNEURON_NO_TELEMETRY=1` always disables telemetry, even if `SOCIALNEURON_TELEMETRY=1` is set.
|
|
264
|
+
|
|
265
|
+
When enabled, the following anonymous metrics are collected via PostHog:
|
|
266
|
+
- Tool name invoked
|
|
267
|
+
- Success or failure status
|
|
268
|
+
- Invocation duration (ms)
|
|
269
|
+
|
|
270
|
+
No personal content, API keys, or request payloads are ever collected. Your user ID is hashed (SHA-256) before transmission.
|
|
271
|
+
|
|
272
|
+
`posthog-node` is an optional dependency — if it is not installed, telemetry is a silent no-op regardless of environment variables.
|
|
264
273
|
|
|
265
274
|
## Examples
|
|
266
275
|
|