Releases: cyanheads/wikidata-mcp-server
Release list
v0.1.15: Entity not-found classification, mul label fallback, format() disclosure
Entity not-found classification, mul label fallback, format() disclosure
Seven issue fixes across the REST service, tool definitions, and the entity resource, plus a framework and supply-chain maintenance pass.
Fixed:
- Out-of-range IDs leaked the raw REST URL and status from
wikidata_get_entity,wikidata_get_statements,wikidata_get_sitelinks, andwikidata://entity/{id}— the catch blocks testeddata.status, which nothing populates. All four now classify 404 and 400 alike asentity_not_found(#13) - One out-of-range ID no longer collapses a
wikidata_get_labelsbatch tofound: 0— the ID named in a top-levelno-such-entityrejection is dropped and the rest re-requested (#14) mul-only entities render their label instead of a bare QID —languagefallback=1on the MediaWiki path,resolveLangValue()on the REST path, which has no fallback parameter (#15)format()discloses the total when it cuts a language sample — thewikidata_get_labelslanguage list (#19), thewikidata_get_entitydescriptions and alias language list (#22)wikidata_get_statementsrejects a malformedpropertiesentry withinvalid_propertybefore the fetch instead of dropping it or leaking a raw 400 (#24)docs/design.mdper-tool Errors bullets reconciled to the declarederrors[]contracts (#23)
Added:
isEntityNotFoundError(err)andresolveLangValue(map, lang)exported fromwikidata-rest-service.tsinvalid_propertyerror contract onwikidata_get_statements
Changed:
- Installs gated behind a 3-day
minimumReleaseAgeand scanned by Socket;Dockerfilepinsoven/bun:1.3.14
Dependency bumps:
@cyanheads/mcp-ts-core^0.10.9 → ^0.10.14tsc-alias^1.8.17 → ^1.9.0@socketsecurity/bun-security-scanner^1.1.2 (new)js-yaml3.14.2 → 3.15.0 (transitive) — clears GHSA-h67p-54hq-rp68
171 tests pass; bun run devcheck clean.
v0.1.14: mcp-ts-core ^0.10.9 maintenance sync
mcp-ts-core ^0.10.9 maintenance sync
Framework-maintenance only — no source or behavior changes.
Added:
- check-dependency-specifiers.ts devcheck step — rejects floating specifiers (latest, *, pre-release dist-tags) in package.json dependency sections and bun.lock's workspaces map, so a bun update --latest can no longer re-resolve a dep past its package.json range (cyanheads/mcp-ts-core#246)
Changed:
- devcheck.config.json — packaging.pluginManifests: true opts lint-packaging into validating the .claude-plugin / .codex-plugin manifests
- Re-synced framework scripts (lint-packaging.ts, devcheck.ts, build-changelog.ts, check-framework-antipatterns.ts, check-skill-versions.ts) and bundled skill docs
Dependency bumps:
- @cyanheads/mcp-ts-core ^0.10.6 → ^0.10.9
- @types/node ^25.9.3 → ^26.0.0
127 tests pass; bun run devcheck clean.
v0.1.13: server instructions, plugin identity unscoping
server instructions, plugin identity unscoping
Adds a server-level instructions string to createApp() and finishes unscoping the agent-facing plugin identity keys to the bare repo name.
Added:
- createApp() instructions — onboarding guidance for the Wikidata graph: Q-ID/P-ID addressing, resolve-then-fetch via wikidata_search_entities, wikidata_resolve_external_id as the DOI/PMID/ORCID/OpenAlex entry point, and wikidata_sparql_query (SELECT only, rate-limited) paired with wikidata_get_labels
Changed:
- Plugin identity keys unscoped to wikidata-mcp-server: .claude-plugin/plugin.json name + mcpServers key, .codex-plugin/plugin.json name, .codex-plugin/mcp.json server key (install args keep the scoped @cyanheads/wikidata-mcp-server — the published package name is unchanged)
Dependency bumps:
- vitest ^4.1.8 → ^4.1.9
127 tests pass; bun run devcheck clean.
v0.1.12: mcp-ts-core ^0.10.6 adoption
mcp-ts-core ^0.10.6 adoption
Adopt @cyanheads/mcp-ts-core 0.10.x: server identity fields, truncation enrichment, and the packaging/tooling sync that ships with it.
Added:
- scripts/clean-mcpb.ts in the bundle flow — strips dependency-shipped agent docs (skills/, .claude/, .agents/, SKILL.md) under node_modules that root-anchored .mcpbignore patterns cannot reach
- Container HEALTHCHECK and org.opencontainers.image.version label (from APP_VERSION)
Changed:
- Server identity set to the unscoped name wikidata-mcp-server across createApp() name/title, manifest display_name, and plugin displayName fields
- wikidata_search_entities enrichment: resultCount renamed to shown; added cap and an optional truncated flag via ctx.enrich.truncated()
- .mcpbignore dev-dir patterns anchored with a leading slash
Dependency bumps:
- @cyanheads/mcp-ts-core ^0.9.21 → ^0.10.6
- @biomejs/biome ^2.4.16 → ^2.5.0
- @types/node ^25.9.1 → ^25.9.3
127 tests pass; bun run devcheck clean.
v0.1.11: Bug fixes — entity_not_found contract, SPARQL truncated detection
Bug fixes — entity_not_found contract, SPARQL truncated detection
Two handler bugs that left agents without actionable error signals.
Fixed:
wikidata_get_entity,wikidata_get_statements,wikidata://entity/{id}—entity_not_foundcontract never fired; catch blocks checkederr.data.statusCodebuthttpErrorFromResponsestores the status aterr.data.status. Updated all three sites. (#9)wikidata_sparql_query—truncatedfield unconditionally returnedfalse. Now returnsbindings.length >= 10_000as an inferred signal; description updated to reflect the heuristic. (#10)
127 tests pass; bun run devcheck clean.
v0.1.10: mcp-ts-core ^0.9.21 framework adoption, skills sync
mcp-ts-core ^0.9.21 framework adoption, skills sync
Adopts @cyanheads/mcp-ts-core ^0.9.16 → ^0.9.21. Notable framework changes:
Changed:
- HTTP transport per-request log context fix — per-request logs and traces carry fresh request + trace/span IDs instead of the frozen boot context.
- fetchWithTimeout strips query-string secrets (e.g. ?api_key=) from error messages and logs.
- withRetry fails fast on non-retryable errors; ctx.fail auto-populates the retryable flag.
Added:
- scripts/release-github.ts and release:github npm script for automated GitHub Release creation.
- scripts/check-skill-versions.ts and updated scripts/devcheck.ts synced from framework.
- skills/api-mirror and skills/orchestrations new skills; 8 updated skills synced from mcp-ts-core 0.9.21.
- README client-config server key normalized to full package name wikidata-mcp-server.
Dependencies:
@cyanheads/mcp-ts-core^0.9.16 -> ^0.9.21tsx^4.22.3 -> ^4.22.4vitest^4.1.7 -> ^4.1.8
126 tests pass; bun run devcheck clean.
v0.1.9: enrichment adoption on search_entities and sparql_query
enrichment adoption on search_entities and sparql_query
wikidata_search_entities and wikidata_sparql_query now surface query echoes,
result totals, and empty-result guidance in a typed enrichment block reaching
both structuredContent and content[].
Changed:
- wikidata_search_entities: effectiveQuery, searchType, language, resultCount,
and notice surface via ctx.enrich. no_results error contract removed — zero
results return normally with enrichment.notice instead of a JSON-RPC error.
structuredContent renames: output.query → enrichment.effectiveQuery,
output.type → enrichment.searchType, output.message → enrichment.notice. - wikidata_sparql_query: output.rowCount removed; row count now in
enrichment.totalCount; enrichment.notice added for empty-result guidance.
Dependency bumps:
- @cyanheads/mcp-ts-core ^0.9.13 → ^0.9.16
55 tests pass; bun run devcheck clean.
v0.1.8: mcp-ts-core ^0.9.9 → ^0.9.13: 413 body cap, session-init gate, quieter error logs
mcp-ts-core ^0.9.9 → ^0.9.13: 413 body cap, session-init gate, quieter error logs
Framework adoption (^0.9.9 → ^0.9.13) across four patch releases.
Changed:
MCP_HTTP_MAX_BODY_BYTES— configurable inbound body cap (default 1 MiB); oversized requests rejected with 413 before body parsing- HTTP session-init gate — non-initialize requests without Mcp-Session-Id now return 400
- Quieter expected client errors — 401/403/400/404 logged at warning instead of full error pipeline with stack traces
GET /mcpkeywords — package.json keywords surfaced on the HTTP status endpoint
Dependency bumps:
@cyanheads/mcp-ts-core^0.9.9 → ^0.9.13@biomejs/biome^2.4.15 → ^2.4.16
55 tests pass; bun run devcheck clean.
v0.1.7: Bug fixes, ValidationError codes, code simplification
Bug fixes, ValidationError codes, code simplification
Fixes a bug where external-id and url statement data types were collapsed to { type: 'string' }, losing the type discriminant in the StatementValue union. Corrects error codes from InvalidParams to ValidationError for caller-supplied bad input. Simplifies REST and SPARQL service internals.
Fixed:
- normalizeStatementValue — external-id and url now map to their own StatementValue union members instead of collapsing to { type: 'string' }
- Error codes — invalid_id, invalid_ids, not_an_item, invalid_property, parse_error changed from InvalidParams to ValidationError
Changed:
- Code simplification — isHtmlResponse helper, Object.fromEntries for label maps, chained SPARQL error extraction, single-regex SERVICE injection, extractQid helper, Map-based dedup
- mcp-ts-core ^0.9.7 → ^0.9.9
55 tests pass; bun run devcheck clean.
v0.1.6: Three field-test bug fixes
Three field-test bug fixes
SPARQL label SERVICE injection now handles queries with trailing solution modifiers
(LIMIT, OFFSET, ORDER BY, etc.) — previous regex only matched when } was the last
character. Search entity descriptions now read from the correct REST v1 field
('description', not 'display-description'). Out-of-range entity IDs (HTTP 400) are
caught alongside 404 and mapped to entity_not_found.
Fixed:
- SPARQL label SERVICE skipped when LIMIT follows closing brace (#6)
- wikidata_search_entities description always empty — wrong field name (#7)
- 400 for out-of-range IDs (e.g. Q9999999999) exposes internal URL instead of entity_not_found (#8)
55 tests pass; bun run devcheck clean.