Table of Contents
Release Overview
TurboMCP v1.0.5 represents a major milestone in our journey to provide the most comprehensive and performant MCP implementation available. This release introduces groundbreaking features that enable sophisticated AI interactions, enterprise-grade security, and production-ready infrastructure.
Key Highlights
- Elicitation Protocol: Server-initiated user input with rich form builders and type-safe responses
- Sampling Protocol: Bidirectional LLM communication for AI-powered assistance
- Axum Integration: Production web framework with advanced middleware and routing
- Enterprise Security: OAuth 2.0, CORS, rate limiting, security headers, and TLS 1.3
- Filesystem Roots: MCP-compliant boundaries with OS-aware defaults
Elicitation Protocol: Server-Initiated User Input
The elicitation protocol enables servers to request structured input from users during tool execution. This powerful feature allows for interactive workflows, configuration gathering, and dynamic decision-making.
World-Class Ergonomics
We've designed the elicitation API to be intuitive and type-safe, with builder patterns that make complex forms simple to create:
use turbomcp::prelude::*;
use turbomcp::elicitation_api::{elicit, text, checkbox, integer_field};
#[tool("Configure deployment")]
async fn deploy(&self, ctx: Context, project: String) -> McpResult<String> {
// Simple elicit macro for quick prompts
let confirmation = elicit!(ctx, "Deploy to production?")?;
// Advanced form with beautiful ergonomic builders
let config = elicit("Configure deployment")
.field("environment", text("Environment")
.options(&["dev", "staging", "production"]))
.field("auto_scale", checkbox("Enable Auto-scaling")
.default(true))
.field("replicas", integer_field("Replica Count")
.range(1.0, 10.0))
.require(vec!["environment"])
.send(&ctx.request)
.await?;
match config {
ElicitationResult::Accept(data) => {
let env = data.get::<String>("environment")?;
let replicas = data.get::<i64>("replicas").unwrap_or(1);
Ok(format!("Deployed {} to {} with {} replicas",
project, env, replicas))
}
_ => Err(mcp_error!("Deployment cancelled"))
}
}Simple Macro
- • Quick yes/no prompts
- • Minimal boilerplate
- • Type-safe responses
- • Automatic error handling
Advanced Forms
- • Multiple field types
- • Validation & defaults
- • Required fields
- • Rich metadata
Sampling Protocol: Bidirectional LLM Communication
The sampling protocol enables servers to request LLM assistance from the client, creating powerful AI-enhanced workflows. This bidirectional communication allows tools to leverage AI capabilities for code generation, analysis, and intelligent assistance.
use turbomcp::prelude::*;
#[tool("Get AI code review")]
async fn code_review(&self, ctx: Context, code: String) -> McpResult<String> {
// Build sampling request with ergonomic JSON
let request = serde_json::json!({
"messages": [{
"role": "user",
"content": {
"type": "text",
"text": format!("Please review this code:\n\n{}", code)
}
}],
"maxTokens": 500,
"systemPrompt": "You are a senior code reviewer."
});
// Request LLM assistance through the client
match ctx.create_message(request).await {
Ok(response) => {
ctx.info("AI review completed successfully").await?;
Ok(format!("AI Review: {:?}", response))
}
Err(_) => {
// Graceful fallback if sampling unavailable
let issues = code.matches("TODO").count();
Ok(format!("Static analysis: {} issues found", issues))
}
}
}Production Features
- • Multiple LLM provider support (OpenAI, Anthropic, local models)
- • Graceful fallback for unavailable sampling
- • Context-aware prompting with system messages
- • Token limit management and streaming support
- • Error recovery and timeout handling
Axum Integration: Production Web Framework
TurboMCP now provides first-class integration with Axum, Tokio's production-ready web framework. This enables seamless integration of MCP servers into existing web applications with enterprise features.
use turbomcp_transport::{AxumMcpExt, McpServerConfig};
use axum::Router;
// Production security configuration
let config = McpServerConfig::production()
.with_cors_origins(vec!["https://app.example.com"])
.with_custom_csp("default-src 'self'; connect-src 'self' wss:")
.with_rate_limit(120, 20) // 120 requests/minute, 20 burst
.with_jwt_auth("your-secret-key");
let app = Router::new()
.route("/api/status", get(status_handler))
.merge(Router::<()>::turbo_mcp_routes_for_merge(
mcp_service,
config
));Middleware
Composable middleware stack with authentication, logging, and metrics
Security
Built-in CORS, CSP headers, rate limiting, and JWT validation
Performance
Circuit breakers, connection pooling, and graceful shutdown
Enterprise Security Features
Version 1.0.5 introduces comprehensive security features designed for production deployments in enterprise environments:
OAuth 2.0 Authentication
- • Multiple providers (Google, GitHub, Microsoft)
- • Always-on PKCE security
- • All OAuth flows (Authorization Code, Client Credentials, Device Code)
- • Session management with automatic cleanup
Security Headers & CORS
- • Content Security Policy (CSP)
- • HTTP Strict Transport Security (HSTS)
- • X-Frame-Options and X-Content-Type-Options
- • Environment-aware CORS policies
Rate Limiting & Protection
- • Token bucket algorithm with burst capacity
- • Per-endpoint and per-user limits
- • DDoS protection
- • TLS 1.3 with modern cipher suites
Filesystem Roots & Boundaries
TurboMCP now supports MCP-compliant filesystem roots, allowing servers to declare and enforce filesystem boundaries for secure operations:
#[server(
name = "filesystem-server",
version = "1.0.0",
root = "file:///workspace:Project Workspace",
root = "file:///tmp:Temporary Files",
root = "file:///Users/shared:Shared Documents"
)]
impl FileSystemServer {
#[tool("List files in directory")]
async fn list_files(&self, ctx: Context, path: String)
-> McpResult<Vec<String>> {
// File operations are bounded by configured roots
ctx.info(&format!("Listing files in: {}", path)).await?;
Ok(list_directory(&path)?)
}
}OS-Aware Defaults
TurboMCP automatically configures platform-specific roots:
- • Linux: Root filesystem (/)
- • macOS: Root (/) and Volumes (/Volumes)
- • Windows: All available drive letters
Developer Experience Improvements
We've made significant improvements to developer ergonomics based on community feedback:
Enhanced Macros
- •
elicit!for user input - •
ctx_info!for logging - •
mcp_error!for errors - •
mcp_text!for responses
Context API
- •
ctx.user_id()authentication - •
ctx.roles()authorization - •
ctx.create_message()sampling - •
ctx.info()structured logging
Performance Enhancements
Version 1.0.5 includes several performance optimizations:
Circuit Breakers
- • Automatic failure detection
- • Exponential backoff retry
- • Health monitoring
- • Graceful degradation
Connection Pooling
- • Reusable connections
- • Automatic cleanup
- • Resource limits
- • Memory efficiency
Migration Guide
Upgrading from v1.0.2 to v1.0.5 is straightforward:
# Update your Cargo.toml
[dependencies]
turbomcp = "1.0.5"
# Or with specific features
turbomcp = { version = "1.0.5", features = ["simd", "oauth"] }Breaking Changes
- • None! We've maintained full backward compatibility
- • All new features are opt-in via feature flags or explicit usage
- • Existing code will continue to work without modifications
What's Next
We're excited about the future of TurboMCP. Here's what's coming:
v1.1.0: Advanced Features
Streaming responses, batch operations, and advanced caching strategies
v1.2.0: Observability
OpenTelemetry integration, distributed tracing, and comprehensive metrics
v2.0.0: Ecosystem
Plugin system, marketplace integration, and cloud-native deployments
Get Started with TurboMCP v1.0.5
Experience the power of enterprise-grade MCP with elicitation, sampling, and production features.
Related Posts
Introducing TurboMCP
How we built an MCP implementation that achieves 2-3x performance improvements.
Read moreBuilding with MCP
Best practices for building production MCP servers.
Coming soon