release: 2.3.3-rc.1

[stainless-app]

Automated Release PR

2.3.3-rc.1 (2025-12-01)

Full Changelog: v2.3.2...v2.3.3-rc.1

Features

• api: Improve MCP tool descriptions (95aa714)
• mcp: add detail field to docs search tool (0c975f7)
• mcp: enable optional code execution tool on http mcp servers (cad37b7)

Bug Fixes

• client: incorrect offset pagination check (b7847ab)
• Fix linting errors. (#238) (12f49e6)
• mcpb: pin @anthropic-ai/mcpb version (43acbce)
• mcp: return tool execution error on jq failure (f833b8f)
• mcp: use raw responses for binary content (54da4f9)

Chores

• client: fix logger property type (20209b8)
• extract some types in mcp docs (de1e150)
• internal: codegen related update (35b1a8f)
• internal: codegen related update (5e30270)
• internal: grammar fix (it's -> its) (7dfbe17)
• internal: remove .eslintcache (f75e301)
• internal: use npm pack for build uploads (38c37a1)
• jsdoc: fix @link annotations to refer only to parts of the package‘s public interface (d227de6)
• mcp code tool explicit error message when missing a run function (16c1a44)
• mcp: add friendlier MCP code tool errors on incorrect method invocations (e6a4a0c)
• mcp: add line numbers to code tool errors (00af445)
• mcp: clarify http auth error (bd123e0)
• mcp: upgrade jq-web (9a0ac58)
• use structured error when code execution tool errors (e140047)

Documentation

• api: updates to API spec (69b36c9)
• mcp: add a README button for one-click add to Cursor (062b7d7)
• mcp: add a README link to add server to VS Code or Claude Code (bb1991a)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

[hackerone-code]

HackerOne Code Security Review

🟢 Scan Complete: 3 Issue(s)

Here's how the code changes were interpreted and info about the tools used for scanning.

📖 Summary of Changes

The update involves incrementing the version from 2.3.2 to 2.3.3 across multiple files. Significant changes include refactoring JSON schemas in various tool files to use $ref and $defs structures for more modular response definitions. Additional modifications include updating the upload artifact script to use npm pack and minor documentation improvements in source files.

File	Summary
.release-please-manifest.json	The version number in the file has been updated from 2.3.2 to 2.3.3, indicating a minor version increment.
CHANGELOG.md	The changelog has been updated with a new version 2.3.3, adding internal chores like extracting types, removing .eslintcache, using npm pack for build uploads, and fixing JSDoc link annotations.
package.json	The package version was incremented from 2.3.2 to 2.3.3, with no other changes observed in the package.json file.
packages/mcp-server/package.json	The package version was incremented from 2.3.2 to 2.3.3. No other changes were observed in the package.json file.
packages/mcp-server/src/server.ts	The version number in the newMcpServer function was updated from '2.3.2' to '2.3.3', which is the only observable change in this file. No other modifications were made to the code.
packages/mcp-server/src/tools/applications/jobs/create-applications-jobs.ts	The file's JSON schema description was updated to use a $ref and $defs structure for the response schema, introducing a more modular and reusable approach to defining the job creation response object.
packages/mcp-server/src/tools/applications/jobs/retry-applications-jobs.ts	The file's response schema description was updated to use a JSON schema reference ($ref) and added a $defs section with a job_retry_response definition, while maintaining the overall structure and content of the file.
packages/mcp-server/src/tools/applications/list-applications.ts	The file's JSON schema has been updated to use a $ref for the application list response, which simplifies the schema structure and reduces duplication by referencing a defined object type.
packages/mcp-server/src/tools/applications/retrieve-applications.ts	The file's JSON schema description was modified to use a $ref and $defs structure for the response schema, which introduces a more modular and reusable approach to defining the application retrieve response type.
packages/mcp-server/src/tools/files/delete-files.ts	The file's description schema was updated to include a $ref and $defs structure for the file delete response, adding more detailed JSON schema definition while maintaining the same overall content and functionality.
packages/mcp-server/src/tools/files/retry-files.ts	The file's description section in the tool object has been updated to include a more detailed JSON schema with $ref and $defs, specifically adding a nested definition for the file_retry_response with a structured object schema.
packages/mcp-server/src/tools/graphs/create-graphs.ts	The file's JSON schema description was updated to use a $ref and $defs structure for the graph_create_response, which provides a more modular and reusable schema definition while maintaining the same overall structure and content.
packages/mcp-server/src/tools/graphs/delete-graphs.ts	The file's description section was updated to include a more complex JSON schema with $ref and $defs, specifically adding a nested graph_delete_response definition while maintaining the same overall structure and content.
packages/mcp-server/src/tools/graphs/remove-file-from-graph-graphs.ts	The file's description section was updated to include a more complex JSON schema with $ref and $defs, specifically adding a nested definition for the graph_remove_file_from_graph_response object while maintaining the overall structure.
packages/mcp-server/src/tools/graphs/update-graphs.ts	The file's description section was modified to use a JSON schema reference ($ref) and introduce a new $defs section for the graph_update_response, which provides a more structured way of defining the response schema.
packages/mcp-server/src/tools/models/list-models.ts	The JSON response schema was updated to use a $ref and $defs structure, introducing a new nested definition for the model_list_response with a more complex JSON schema representation.
packages/mcp-server/src/tools/tools/ai-detect-tools.ts	The file's JSON schema description was updated to use a $ref and $defs structure for the response schema, introducing a more modular and reusable JSON schema definition for the AI detection response.
packages/mcp-server/src/tools/tools/comprehend/medical-tools-comprehend.ts	The primary change is in the tool's description schema, where the response structure now uses a JSON Schema $ref and $defs approach, introducing a more modular and reusable definition for the comprehend medical response.
packages/mcp-server/src/tools/tools/context-aware-splitting-tools.ts	The file's description schema was updated to use a JSON schema reference ($ref) and added a $defs section with a more structured response definition, while maintaining the overall structure and functionality of the code.
packages/mcp-server/src/tools/tools/parse-pdf-tools.ts	The changes involve updating the tool description's response schema to use a JSON Schema reference ($ref) and introduce a $defs section for the parse_pdf_response, while maintaining the overall structure and functionality of the file.
packages/mcp-server/src/tools/tools/web-search-tools.ts	The file's description schema was modified to use a JSON reference ($ref) and $defs for the response schema, introducing a more structured approach to defining the web search response type.
scripts/utils/upload-artifact.sh	The script now uses npm pack to create a tarball in the dist directory and uploads the packed tarball instead of using tar to create a compressed archive directly. The upload method for the artifact has been modified while maintaining the overall script structure.
src/internal/to-file.ts	The only change is a minor update to the JSDoc comment for the toFile function, replacing "an Uploadable" with "an Uploadable, BlobLikePart, or AsyncIterable of BlobLikeParts" for more precise documentation.
src/version.ts	The version number was incremented from '2.3.2' to '2.3.3' in the version constant export.

ℹ️ Issues Detected

NOTE: These may not require action!

Below are unvalidated results from the Analysis Tools that ran during the latest scan for transparency. We investigate each of these for accuracy and relevance before surfacing them as a potential problem.

How will I know if something is a problem?
When validation completes, any concerns that warrant attention prior to merge will be posted as inline comments. These will show up in 2 ways:

• Expert review (most cases): Issues will be posted by experts who manually reviewed and validated them. These are real HackerOne engineers (not bots) reviewing through an integrated IDE-like tool. You can communicate with them like any other reviewer. They'll stay assigned and get notified with commit & comment updates.
• Automatically: In cases where our validation checks have highest confidence the problem is legitimate and urgent. These will include a description of contextual reasoning why & actionable next steps.

File & Line	Issue
CHANGELOG.md Line 3	This is a changelog file with no security vulnerabilities introduced in the changed lines. The changes are documentation updates and version information.
scripts/utils/upload-artifact.sh Line 15	The script has been modified to use npm pack to create a tarball in the dist directory, then upload that tarball directly. This introduces a potential security issue as the script no longer validates the content being uploaded. The previous version used tar with specific paths, which provided better control over what was included in the upload. The new version might include unintended files if the npm pack command packages more than expected.
src/internal/to-file.ts Line 76	The JSDoc comment on line 76 was modified to remove references to specific types (Uploadable, BlobLikePart, AsyncIterable). This change reduces type safety in documentation, which could lead to incorrect usage of the function. While not a direct security vulnerability, it increases the risk of runtime errors if developers rely on the documentation to understand parameter constraints.

🧰 Analysis tools

• [ ✅ ] HackerOne AI Code Analysis
• [ ✅ ] HackerOne AI Code Validation
• [ ✅ ] semgrep
• [ ✅ ] rubocop

⏱️ Latest scan covered changes up to commit fdb8c1c (latest)

[hackerone-code]

Due to inactivity, PullRequest has cancelled this review job. You can reactivate the code review job from the PullRequest dashboard.

[stainless-app]

Release version edited manually

The Pull Request version has been manually set to 2.3.3-rc.1 and will be used for the release.

If you instead want to use the version number 2.4.0 generated from conventional commits, just remove the label autorelease: custom version from this Pull Request.

[stainless-app]

🤖 Release is at https://github.com/writer/writer-node/releases/tag/v2.3.3-rc.1 🌻