UPinar/contrastapi

v1.33.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 19d MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents ai-security api claude cve security

+13 more

domain-recon email-security email-validation llm-tools mcp mitre-atlas mitre-d3fend model-context-protocol osint sigma-rules threat-intelligence vulnerability-management web-intel

Summary

AI summary

Added the tech_stack_cve_audit composite tool with tier-aware behavior and cost enforcement.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	`tech_stack_cve_audit` tool added for one-call CVE audit across tech stack. `tech_stack_cve_audit` tool added for one-call CVE audit across tech stack. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Product-name normalization invariant now covered by tests (case/alias). Product-name normalization invariant now covered by tests (case/alias). Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	'tech_stack_cve_audit' composite tool added for one‑call tech fingerprinting, CVE lookup, KEV cross‑ref, and exploit signals. 'tech_stack_cve_audit' composite tool added for one‑call tech fingerprinting, CVE lookup, KEV cross‑ref, and exploit signals. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Feature	Medium	Tier‑aware behavior: Pro audits deeper set, lighter tier omits 'exploit_findings'. Tier‑aware behavior: Pro audits deeper set, lighter tier omits 'exploit_findings'. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Dependency	Medium	No schema migration; no breaking changes introduced. No schema migration; no breaking changes introduced. Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Medium	Composite tool consumes exactly 10 credits, avoiding per-sub-call double charge. Composite tool consumes exactly 10 credits, avoiding per-sub-call double charge. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Smithery probe fast-path preserved and verified to short-circuit before cost gate. Smithery probe fast-path preserved and verified to short-circuit before cost gate. Source: llm_adapter@2026-05-21 Confidence: high	—
Refactor	Medium	Drift-guard test ensures every composite tool has explicit cost mapping. Drift-guard test ensures every composite tool has explicit cost mapping. Source: llm_adapter@2026-05-21 Confidence: high	—
Refactor	Low	Wrapper calls internal implementation directly (no HTTP self‑hop). Wrapper calls internal implementation directly (no HTTP self‑hop). Source: granite4.1:30b@2026-05-22-audit Confidence: low	—

Full changelog

v1.33.0 — Tech-Stack → CVE Composite Tool

New MCP tool: `tech_stack_cve_audit` (MCP-only)

One-call composite that chains tech fingerprinting → product-name CVE lookup → KEV cross-ref → exploit signals for a target domain. Returns a unified cves_by_tech / kev_findings / verdict / summary report instead of forcing the agent to orchestrate 4+ separate tool calls.

Cost: 10 credits, consumed exactly once (no per-sub-call double-charge).
Tier-aware: Pro audits a deeper candidate set; the lighter tier runs a reduced candidate set and omits the exploit_findings field entirely (absent from the wire via conditional serializer, not just nulled).
No HTTP self-hop: wrapper calls the internal impl directly (Pattern B).

Quality / hardening

Drift-guard test enforces every composite tool is present in the cost map (CI fails if a new composite ships without an explicit cost).
Product-name normalization invariant covered by tests (case/alias).
Cherry-picked cleanly onto v1.32.7 — Smithery probe fast-path (triggers/list / ai.smithery/events/list) preserved and verified to short-circuit before the cost gate (probes stay credit-free).

Counts

MCP tools: 52 → 53 · Resources: 7 (unchanged) · Prompts: 3 (unchanged)
Tests: 2404 → 2417 pytest (+13)

No schema migration. No breaking changes.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track UPinar/contrastapi

Get notified when new releases ship.

About UPinar/contrastapi

Security intelligence API with 31 MCP tools for CVE/EPSS/KEV lookup, domain recon (DNS/WHOIS/SSL/subdomains/CT logs), IOC/threat intel, OSINT (email/phone/username), and code security scanning (secrets, injection). Free 100 req/hr.

All releases →

Related context

Related tools

Earlier breaking changes

v1.33.11 `bulk_sigma_rule_lookup` now costs 1 credit per `rule_id`, changing from flat 1 credit/call.