Skip to content

Commit de2673f

Browse files
doublegateclaude
andcommitted
docs(release): final v1.5.0 documentation and configuration updates
- Update README.md with v1.5.0 feature documentation - Add Technical Highlights for observability features - Add 7 new environment variables to configuration section - Add debug logging configuration example - Create "Latest Enhancements (v1.5.0)" section - Update Project Roadmap: Phase 2 status to "v1.5.0 Released" - Add v1.5.0 release notes link to documentation index - Update all version references from v1.4.6 to v1.5.0 - Update .gitignore to exclude ref-proj/ directory v1.5.0 Features: - MCP Streaming Protocol for >1GB operations - Enhanced error handling with 8 error codes and recovery suggestions - Structured JSON logging with Pino and UUID request correlation - Automatic retry logic with exponential backoff and circuit breaker - 7 new environment variables for configuration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 337f057 commit de2673f

2 files changed

Lines changed: 64 additions & 28 deletions

File tree

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,3 +22,6 @@ tests/browser/output/*
2222
CLAUDE.local.md
2323
GEMINI.md
2424
WARP.md
25+
26+
# Reference projects (local development only)
27+
ref-proj/

README.md

Lines changed: 61 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ This project provides a **Model Context Protocol (MCP)** server interface for **
44

55
By running this server, you enable AI assistants (like Claude, Cursor AI, and others) to natively utilize CyberChef's extensive library of 463+ data manipulation operations—including encryption, encoding, compression, and forensic analysis—as executable tools.
66

7-
**Latest Release:** v1.4.6 | [Release Notes](docs/releases/v1.4.6.md) | [Security Policy](SECURITY.md) | [Security Fixes Report](SECURITY_FIX_REPORT.md)
7+
**Latest Release:** v1.5.0 | [Release Notes](docs/releases/v1.5.0.md) | [Security Policy](SECURITY.md) | [Security Fixes Report](SECURITY_FIX_REPORT.md)
88

99
![CyberChef MCP Banner](images/CyberChef-MCP_Banner-Logo.jpg)
1010

@@ -41,6 +41,7 @@ The server exposes CyberChef operations as MCP tools:
4141
* **Stdio Transport**: Communicates via standard input/output, making it easy to integrate with CLI-based MCP clients.
4242
* **Schema Validation**: All inputs are validated against schemas derived from CyberChef's internal type system using `zod`.
4343
* **Modern Node.js**: Fully compatible with Node.js v22+ with automated compatibility patches.
44+
* **Enhanced Observability** (v1.5.0): Structured JSON logging with Pino for production monitoring, comprehensive error handling with actionable recovery suggestions, automatic retry logic with exponential backoff, request correlation with UUID tracking, circuit breaker pattern for cascading failure prevention, and streaming infrastructure for progressive results on large operations. See [Release Notes](docs/releases/v1.5.0.md) for details.
4445
* **Performance Optimized** (v1.4.0): LRU cache for operation results (100MB default), automatic streaming for large inputs (10MB+ threshold), configurable resource limits (100MB max input, 30s timeout), memory monitoring, and comprehensive benchmark suite. See [Performance Tuning Guide](docs/architecture/performance-tuning.md) for configuration options.
4546
* **Upstream Sync Automation** (v1.3.0): Automated monitoring of upstream CyberChef releases every 6 hours, one-click synchronization workflow, comprehensive validation test suite with 465 tool tests, and emergency rollback mechanism.
4647
* **Security Hardened** (v1.4.5+): Chainguard distroless base image with zero-CVE baseline, non-root execution (UID 65532), automated Trivy vulnerability scanning with build-fail thresholds, dual SBOM strategy (Docker Scout attestations + CycloneDX), read-only filesystem support, SLSA Build Level 3 provenance, and 7-day SLA for critical CVE patches. Fixed 11 of 12 code scanning vulnerabilities including critical cryptographic randomness weakness and 7 ReDoS vulnerabilities. See [Security Policy](SECURITY.md) and [Security Fixes Report](SECURITY_FIX_REPORT.md) for details.
@@ -67,17 +68,17 @@ For environments without direct GHCR access, download the pre-built Docker image
6768
1. **Download the tarball** (approximately 90MB compressed):
6869
```bash
6970
# Download from GitHub Releases
70-
wget https://github.com/doublegate/CyberChef-MCP/releases/download/v1.4.6/cyberchef-mcp-v1.4.6-docker-image.tar.gz
71+
wget https://github.com/doublegate/CyberChef-MCP/releases/download/v1.5.0/cyberchef-mcp-v1.5.0-docker-image.tar.gz
7172
```
7273

7374
2. **Load the image into Docker:**
7475
```bash
75-
docker load < cyberchef-mcp-v1.4.6-docker-image.tar.gz
76+
docker load < cyberchef-mcp-v1.5.0-docker-image.tar.gz
7677
```
7778

7879
3. **Tag for easier usage:**
7980
```bash
80-
docker tag ghcr.io/doublegate/cyberchef-mcp_v1:v1.4.6 cyberchef-mcp
81+
docker tag ghcr.io/doublegate/cyberchef-mcp_v1:v1.5.0 cyberchef-mcp
8182
```
8283

8384
4. **Run the server:**
@@ -178,29 +179,30 @@ Version 1.4.0 introduces comprehensive performance optimizations and configurabl
178179

179180
### Configuration Options
180181

181-
All performance features are configurable via environment variables:
182+
All features are configurable via environment variables:
182183

183184
```bash
184-
# Maximum input size (bytes)
185-
CYBERCHEF_MAX_INPUT_SIZE=104857600 # 100MB default
186-
187-
# Operation timeout (milliseconds)
188-
CYBERCHEF_OPERATION_TIMEOUT=30000 # 30s default
189-
190-
# Streaming threshold (bytes)
191-
CYBERCHEF_STREAMING_THRESHOLD=10485760 # 10MB default
192-
193-
# Enable/disable streaming
194-
CYBERCHEF_ENABLE_STREAMING=true # Enabled by default
195-
196-
# Enable/disable worker threads (infrastructure only in v1.4.0)
197-
CYBERCHEF_ENABLE_WORKERS=true # Enabled by default
198-
199-
# Cache maximum size (bytes)
200-
CYBERCHEF_CACHE_MAX_SIZE=104857600 # 100MB default
201-
202-
# Cache maximum items
203-
CYBERCHEF_CACHE_MAX_ITEMS=1000 # 1000 items default
185+
# Logging (v1.5.0+)
186+
LOG_LEVEL=info # Logging level: debug, info, warn, error, fatal
187+
188+
# Retry Logic (v1.5.0+)
189+
CYBERCHEF_MAX_RETRIES=3 # Maximum retry attempts for transient failures
190+
CYBERCHEF_INITIAL_BACKOFF=1000 # Initial backoff delay in milliseconds
191+
CYBERCHEF_MAX_BACKOFF=10000 # Maximum backoff delay in milliseconds
192+
CYBERCHEF_BACKOFF_MULTIPLIER=2 # Backoff multiplier for exponential backoff
193+
194+
# Streaming (v1.5.0+)
195+
CYBERCHEF_STREAM_CHUNK_SIZE=1048576 # Chunk size for streaming (1MB)
196+
CYBERCHEF_STREAM_PROGRESS_INTERVAL=10485760 # Progress reporting interval (10MB)
197+
198+
# Performance (v1.4.0+)
199+
CYBERCHEF_MAX_INPUT_SIZE=104857600 # Maximum input size (100MB)
200+
CYBERCHEF_OPERATION_TIMEOUT=30000 # Operation timeout in milliseconds (30s)
201+
CYBERCHEF_STREAMING_THRESHOLD=10485760 # Streaming threshold (10MB)
202+
CYBERCHEF_ENABLE_STREAMING=true # Enable streaming for large operations
203+
CYBERCHEF_ENABLE_WORKERS=true # Enable worker threads (infrastructure only)
204+
CYBERCHEF_CACHE_MAX_SIZE=104857600 # Cache maximum size (100MB)
205+
CYBERCHEF_CACHE_MAX_ITEMS=1000 # Cache maximum items
204206
```
205207

206208
### Example Configurations
@@ -242,6 +244,14 @@ docker run -i --rm --memory=512m \
242244
}
243245
```
244246

247+
**Debug Logging for Troubleshooting (v1.5.0+)**
248+
```bash
249+
docker run -i --rm \
250+
-e LOG_LEVEL=debug \
251+
-e CYBERCHEF_MAX_RETRIES=5 \
252+
ghcr.io/doublegate/cyberchef-mcp_v1:latest
253+
```
254+
245255
For detailed performance tuning guidance, see the [Performance Tuning Guide](docs/architecture/performance-tuning.md).
246256

247257
### Performance Benchmarks
@@ -271,7 +281,29 @@ The benchmark suite tests 20+ operations across multiple input sizes (1KB, 10KB,
271281

272282
This project implements comprehensive security hardening with continuous improvements:
273283

274-
### Latest Security Enhancements (v1.4.6 Sprint 1)
284+
### Latest Enhancements (v1.5.0)
285+
* **Enhanced Error Handling**: Comprehensive error reporting for production debugging
286+
* **8 Error Codes**: Standardized error classification (INVALID_INPUT, MISSING_ARGUMENT, OPERATION_FAILED, TIMEOUT, OUT_OF_MEMORY, UNSUPPORTED_OPERATION, CACHE_ERROR, STREAMING_ERROR)
287+
* **Rich Context**: Detailed debugging information (input size, operation name, request ID, timestamp)
288+
* **Recovery Suggestions**: Actionable recommendations for common issues
289+
* **Retryable Classification**: Automatic distinction between transient and permanent failures
290+
* **Structured Logging with Pino**: Production-ready observability
291+
* **JSON Logs**: Machine-readable logs for monitoring tools (Datadog, Splunk, ELK)
292+
* **Request Correlation**: UUID-based request tracking across operations
293+
* **Performance Metrics**: Duration, throughput, cache hits, memory usage
294+
* **Configurable Levels**: debug, info, warn, error, fatal via LOG_LEVEL environment variable
295+
* **Automatic Retry Logic**: Resilience for transient failures
296+
* **Exponential Backoff**: 1s → 2s → 4s with jitter to prevent thundering herd
297+
* **Configurable Retries**: Default 3 attempts, customizable via CYBERCHEF_MAX_RETRIES
298+
* **Smart Detection**: Automatically retries timeouts, memory issues, network errors
299+
* **Circuit Breaker**: Opens after 5 consecutive failures to prevent cascading issues
300+
* **MCP Streaming Infrastructure**: Progressive results for large operations
301+
* **Chunked Processing**: Memory-efficient handling of 100MB+ inputs
302+
* **Progress Reporting**: Updates every 10MB for long-running operations
303+
* **14 Supported Operations**: Encoding (Base64, Hex), hashing (MD5, SHA family), text operations
304+
* **Configurable Thresholds**: Streaming chunk size and progress interval
305+
306+
### Security Hardening (v1.4.6)
275307
* **Chainguard Distroless Base Image**: Enterprise-grade container security
276308
* **Zero-CVE Baseline**: Daily security updates with 7-day SLA for critical patches
277309
* **70% Smaller Attack Surface**: Minimal OS footprint compared to traditional Alpine/Debian images
@@ -358,8 +390,8 @@ CyberChef MCP Server has a comprehensive development roadmap spanning **19 relea
358390

359391
| Phase | Releases | Timeline | Focus | Status |
360392
|-------|----------|----------|-------|--------|
361-
| **Phase 1: Foundation** | v1.2.0 - v1.4.6 | Q4 2025 - Q1 2026 | Security hardening, upstream sync, performance | **v1.4.6 Released** |
362-
| **Phase 2: Enhancement** | v1.5.0 - v1.7.0 | Q2 2026 | Streaming, recipe management, batch processing | Planned |
393+
| **Phase 1: Foundation** | v1.2.0 - v1.4.6 | Q4 2025 - Q1 2026 | Security hardening, upstream sync, performance | **Completed** |
394+
| **Phase 2: Enhancement** | v1.5.0 - v1.7.0 | Q2 2026 | Streaming, recipe management, batch processing | **v1.5.0 Released** |
363395
| **Phase 3: Maturity** | v1.8.0 - v2.0.0 | Q3 2026 | API stabilization, breaking changes, v2.0.0 | Planned |
364396
| **Phase 4: Expansion** | v2.1.0 - v2.3.0 | Q4 2026 | Multi-modal, advanced transports, plugins | Planned |
365397
| **Phase 5: Enterprise** | v2.4.0 - v2.6.0 | Q1 2027 | OAuth 2.1, RBAC, Kubernetes, observability | Planned |
@@ -399,6 +431,7 @@ Detailed documentation is organized in the [`docs/`](docs/) directory:
399431
* [**Security Audit**](docs/security/audit.md): Comprehensive security assessment
400432
* [**Security Fixes Report**](SECURITY_FIX_REPORT.md): Detailed report of 11 vulnerability fixes (ReDoS and cryptographic weaknesses)
401433
* [**Security Fixes Summary**](SECURITY_FIXES_SUMMARY.md): Quick reference for recent security improvements
434+
* [**Release Notes v1.5.0**](docs/releases/v1.5.0.md): Enhanced error handling, structured logging, automatic retry, streaming infrastructure
402435
* [**Release Notes v1.4.6**](docs/releases/v1.4.6.md): Sprint 1 Security Hardening - Chainguard distroless migration, zero-CVE baseline, read-only filesystem support
403436
* [**Release Notes v1.4.5**](docs/releases/v1.4.5.md): Supply chain attestations and documentation reorganization
404437
* [**Release Notes v1.4.4**](docs/releases/v1.4.4.md): Docker Hub build fix and 12 security vulnerability fixes

0 commit comments

Comments
 (0)