UPinar/contrastapi

v1.33.18 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 9d MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents ai-security api claude cve security

+13 more

domain-recon email-security email-validation llm-tools mcp mitre-atlas mitre-d3fend model-context-protocol osint sigma-rules threat-intelligence vulnerability-management web-intel

Summary

AI summary

Fixed outputSchema field‑type accuracy so primitive values are correctly typed and mixed unions emit a permissive schema.

Changes in this release

Type	Severity	Summary	CVE
Feature	Low	Adds 13 schema tests covering field-type, edge cases, and cycle detection. Adds 13 schema tests covering field-type, edge cases, and cycle detection. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Bugfix	Medium	Corrects `outputSchema` field types in MCP tools/list responses. Corrects `outputSchema` field types in MCP tools/list responses. Source: llm_adapter@2026-05-25 Confidence: low	—
Bugfix	Medium	Fixes inaccurate field-type reporting in MCP `outputSchema` for optional fields. Fixes inaccurate field-type reporting in MCP `outputSchema` for optional fields. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—

Full changelog

Fixes #38 — MCP `outputSchema` field-type accuracy

The lean outputSchema advertised in tools/list previously declared nearly every field as {"type":"object"}, regardless of the field's real value type, because optional fields (T | None) are encoded as anyOf in the source schema and the flattener only inspected a top-level type key. Strict MCP clients (e.g. opencode/dcp) rejected valid tool responses whose values were strings, arrays, numbers, or booleans.

Fix: resolve the real primitive type from the schema's non-null union arm (and one-hop $ref) while keeping the advertised schema flat (no $defs/$ref/anyOf). Fields with no single representable type (mixed-type unions or Any) now emit a permissive schema that validates any value instead of a wrong object type. Hardened against cyclic schema definitions.

Compatibility: wire-compatible — stricter clients now accept responses; lenient clients are unaffected. No tool or argument changes.

MCP surface unchanged: 53 tools, 7 Resources, 3 Prompts
Adds 13 schema tests (field-type + edge-case + cycle-guard); suite at 2486 passing

Follow-on patch to v1.33.17.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track UPinar/contrastapi

Get notified when new releases ship.

About UPinar/contrastapi

Security intelligence API with 31 MCP tools for CVE/EPSS/KEV lookup, domain recon (DNS/WHOIS/SSL/subdomains/CT logs), IOC/threat intel, OSINT (email/phone/username), and code security scanning (secrets, injection). Free 100 req/hr.

All releases →

Related context

Related tools

Earlier breaking changes

v1.33.11 `bulk_sigma_rule_lookup` now costs 1 credit per `rule_id`, changing from flat 1 credit/call.