SmeltSecSmeltSec
    Features
    |Security
    |How It Works
    |Pricing
    |Docs
    |Blog
    |About
    npm
    Changelog

    Changelog

    Product updates and version history for SmeltSec.

    1. April 23, 2026

      v0.1.0 on npm

      Published @smeltsec/cli, @smeltsec/core, @smeltsec/proxy, and @smeltsec/sync to the npm registry. Install globally with `npm install -g @smeltsec/cli` or use via npx. Open source, MIT-licensed.

      What this means for you: CI pipelines can pin a version and run `smeltsec` like any other build tool. No Docker image, no hosted-only dependency — the whole pipeline runs on your laptop or your runners.

    2. April 8, 2026

      Security audit round 3

      110+ security fixes across 7 platforms (web, mobile, CLI, core, proxy, infra). 37 CRITICAL and 58 HIGH severity issues resolved across 3 audit rounds.

      What this means for you: the tool scanning your servers has itself been scanned three times. The supply chain underneath SmeltSec is smaller and harder to attack than the one you'd assemble manually.

    3. April 4, 2026

      AWS deployment via SST + OpenNext

      Migrated frontend from Vercel to AWS using SST + OpenNext. Lambda server functions, CloudFront CDN, DynamoDB ISR tag store.

      What this means for you: lower tail latency on the dashboard and API, regional failover for enterprise customers. No change to the CLI or the on-device generation path.

    4. March 30, 2026

      16-scanner security pipeline

      Gate 2 expanded to 16 scanners including Semgrep CE, Gitleaks, OSV-Scanner, MCP-Scan, custom rule engine, trojan source detection, typosquatting detection.

      What this means for you: every generated server goes through 16 checks before it ships. You get the combined signal without integrating 16 tools yourself.

    5. March 22, 2026

      Blog v1

      Launched the SmeltSec engineering blog with 10 inaugural posts covering MCP protocol, security, and developer tooling.

      What this means for you: if a rule fires and the message isn't obvious, there's a good chance the blog has the full context. Start with "Securing MCP in a Zero-Trust World" and "The Quality Gap Nobody Measures".

    6. March 15, 2026

      Multi-client config sync

      Sync daemon now supports Claude Desktop, Cursor, ChatGPT Desktop, Windsurf, VS Code.

      What this means for you: generate one server, get config entries written to every AI client on the machine. No hand-editing JSON files per client.

    7. March 8, 2026

      Quality scoring v1

      6-dimension quality scoring: correctness, security, performance, maintainability, docs, tests.

      What this means for you: every server gets a letter grade with an actionable fix list. You can reject a PR that drops below a threshold instead of arguing about "feels bad" in review.

    Product

    FeaturesSecurityPricingHow It WorksDocumentation

    Resources

    Quick StartAPI ReferenceCLI ReferenceLeaderboardBlogChangelogGitHubnpm (@smeltsec/cli)npm (@smeltsec/core)

    Company

    PrivacyTerms
    SmeltSec
    © 2026 SmeltSec. Open source CLI · Proprietary SaaS.
    PrivacyTerms