Security hardening release. Everything below was already on main but had not
shipped to npm; this release delivers it.
Security
- Scoped TLS verification disable per request: when
*_VERIFY_SSL=false, the
relaxed TLS setting now applies only to that integration's requests via a
dedicated undici dispatcher, instead of disabling certificate validation
process-wide. - User-supplied IDs are now validated against strict allow-list patterns and
URL-encoded before being interpolated into SOC API paths (Wazuh, TheHive,
Cortex, MISP). - The three state-changing SOC tools (
mitre_misp_create_event,
mitre_thehive_create_case,mitre_cortex_run_analyzers) are now gated:
they dry-run by default and execute only with per-callconfirm: trueor
theMITRE_SOC_ALLOW_WRITESenvironment variable. - SOC API responses are parsed defensively by content type.
Changed
- The MCP server version is derived from
package.jsoninstead of a
hardcoded constant, so the version reported to clients can no longer drift. - CI now runs
./scripts/verify(typecheck, tests, build), and test failures
fail the build. Previously CI skipped typecheck and ignored test failures. - The npm publish job skips re-publishing when the version already exists.
- Refreshed npm dependencies.
Fixed
- Stripped a stray MCP schema marker from tool registration.
Added
AGENTS.mdrepository guidance and thescripts/verifysingle
verification entrypoint.- Content-guard pre-push hook to keep secrets and internal hosts out of
the public repo. - Security regression tests (
tests/soc-security.test.ts). - This changelog.
Docs
- Refreshed README banner and badges; sanitized SOC integration host
examples to*.example.internalplaceholders.