Skip to content

SoapyRED/freightutils-mcp

v2.1.1 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 18d MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents freight logistics mcp model-context-protocol

Summary

AI summary

Updates Improved, UN, and regex/length/min/max across a mixed release.

Full changelog

Fixed

  • serverInfo.version was stuck at 1.0.8 in src/server.ts even after 1.1.0 / 2.0.0 / 2.1.0 published. Smithery's admin probe reads result.serverInfo.version from the initialize response; the wire-level identity has been silently lying about the package version since the 1.0.7 fix. Replaced the hard-coded literal with a runtime createRequire('../package.json') read so the wire version always matches the npm-published release. Now reports 2.1.1.
  • server.json description undercounted tools ("18 freight tools …"). Updated to "19 freight tools …, get_subscribe_link" to match the 19-tool surface shipped in 2.1.0.

Improved

  • Tighter Zod input constraints for better agent-side errors:
    • airline_lookup: iata.length(2), icao.length(3), prefix.regex(/^\d{3}$/), query/country min 2 chars.
    • adr_lookup, adr_exemption_calculator, adr_lq_eq_check: un_number.regex(/^(UN)?\d{4}$/i) (top-level and inside items[]).
    • unlocode_lookup: code.length(5).regex(/^[A-Z0-9]{5}$/i), country.length(2).regex(/^[A-Z]{2}$/i), limit.min(1).max(100).
    • uk_duty_calculator: commodity_code.regex(/^\d{6,10}$/), origin_country.length(2).regex(/^[A-Z]{2}$/i).
  • .strict() declared on every top-level tool schema — applied across all 19 tools at the source level. NOTE: this is a no-op at the wire today because the deprecated server.tool() overload passes only schema.shape to the SDK, which rebuilds the object in default strip mode (verified in @modelcontextprotocol/[email protected] mcp.js#getZodSchemaObject → objectFromShape). .strict() will become wire-effective once the planned migration to server.registerTool() ships (audit finding #4, slated for 2.2.0). Field-level constraints above (regex/length/min/max) DO take effect at the wire — verified by smoke test.

Notes

No tool-call wire breakage. All previously-valid inputs remain valid; the new field-level constraints only reject inputs that were already malformed (e.g., a 4-letter IATA code, a country name in an ISO-2 slot). Tool surface, names, descriptions, and annotations are unchanged.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track SoapyRED/freightutils-mcp

Get notified when new releases ship.

Sign up free

About SoapyRED/freightutils-mcp

17 freight calculation and reference tools — ADR dangerous goods, HS codes, LDM/CBM/chargeable weight calculators, duty estimation, airline codes, UN/LOCODE, and more. Free REST APIs + MCP server.

All releases →

Related context

Earlier breaking changes

  • v1.0.5 /api/mcp promoted as canonical Streamable HTTP transport URL.

Beta — feedback welcome: [email protected]