v0.1.2 — URL fragment cache bypass, queue cap, stripTags bound

Address Codex re-review findings against v0.1.1.

Fixes

Cache key bypass via fragment

fetchAllowed: strip target.hash before computing the cache key. Otherwise a client could append #foo, #bar, ... to the same URL to bypass both the 5-minute cache and the in-process inflight cap, and hammer the upstream API at full speed.

Queue length unbounded

enqueue: track queuedCount, refuse new lines once the chain exceeds QUEUE_MAX_PENDING (64). Refused lines emit a JSON-RPC -32603 reply ("Server is overloaded") and a stderr log. Previously a slow attacker could fill the chain indefinitely while inflight fetches drained, growing memory without bound.

stripTags CPU upper bound

Truncate input to STRIP_TAGS_MAX_INPUT (2 MiB) before regex passes. The 10 MiB response cap already bounded total bytes, but a single giant cell text could still drive regex CPU. 2 MiB is far above any legitimate Diet bill or speech length.

Reviewers: Claude Opus 4.7 (1M context), Codex (gpt-5.4)

v0.1.1 — defense-in-depth + JSON-RPC conformance

Address findings from a joint Claude + Codex security review of v0.1.0.

High-priority fixes

• fetchAllowed: change redirect: \"follow\" to \"error\" so a same-origin redirect cannot bounce the request to an unintended host.
• get_bill: validate proceedingURL against the chamber's allowed origin AND path prefix. Previously any same-origin path was accepted, allowing clients to steer GETs to arbitrary pages on shugiin.go.jp / sangiin.go.jp.
• search_bills: explicit runtime enum check on chamber.
• Per-field input validation: max length on string args, ISO date format on from/until, alnum-only pattern on issueID, enum check on chamber everywhere.

Robustness

• Shift_JIS decoding for shugiin pages (and any response that declares shift_jis / windows-31j / cp932 in Content-Type).
• 10 MiB cap on remote response bodies via streaming reader; aborts the fetch if exceeded.
• 5-minute TTL response cache (LRU-bounded to 64 entries) and a simple in-process inflight cap (max 4 concurrent fetches) to avoid hammering public government endpoints.

JSON-RPC conformance

• computeResponse() refactor that separates response computation from writing, enabling proper batch response handling: an array of requests now produces a single array response (was: separate writes per item).
• Stdin buffer cap of 1 MiB; oversize input is dropped with a stderr log.
• Serial promise-queue for line handling so requests are processed in receive order (was: concurrent firing).

Docs

• README: fix get_bill example to use { chamber, proceedingURL } matching the actual schema (was incorrectly { chamber, session, billNumber }).

Reviewers: Claude Opus 4.7 (1M context), Codex (gpt-5.4)

v0.1.0 — initial public release

First public release of @codeagentjp/houan-mcp — a local stdio MCP server that lets AI clients (Claude Desktop, Claude Code, Cursor) search Japanese Diet bills (衆参議案情報) and committee Q&A records via the NDL Kokkai API.

Sister to @codeagentjp/egov-law-mcp which covers the current rules side. houan-mcp covers the legislative process side.

Tools

• find_diet_qa — full-text search of Diet committee speeches via NDL Kokkai API
• get_meeting_record — full transcript of one meeting by issueID
• search_bills — 衆議院議案情報 / 参議院議案情報 keyword search
• get_bill — bill detail page parser (title, submitter, committee, timeline)

Install

{
  "mcpServers": {
    "houan": {
      "command": "npx",
      "args": ["-y", "@codeagentjp/houan-mcp"]
    }
  }
}

Design

Single-file .mjs, no build step, zero runtime dependencies, native fetch only. All tool results include the source URL and a retrievedAt timestamp so the calling LLM cannot drop attribution.

Documentation

• README
• ADR 0001 — MCP series strategy
• ADR 0002 — Data sources and tools
• ADR 0003 — Publishing and CI