Bump version to 4.0.7

Author: gensecai-dev

CHANGELOG.md

@@ -5,6 +5,38 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.0.7] - 2026-02-25
+
+### Added
+- 19 new action/verification/rollback tools (48 tools total):
+  - 9 active response tools: block_ip, isolate_host, kill_process, disable_user, quarantine_file, active_response, firewall_drop, host_deny, restart
+  - 5 verification tools: check_blocked_ip, check_agent_isolation, check_process, check_user_status, check_file_quarantine
+  - 5 rollback tools: unisolate_host, enable_user, restore_file, firewall_allow, host_allow
+- Input validation for action tool parameters (IP addresses, file paths, usernames, AR commands)
+- Batch request size limit (MAX_BATCH_SIZE=100) to prevent resource exhaustion
+- SSE keepalive loop cancellation on client disconnect
+- `fastmcp>=2.14.0` added to pyproject.toml dependencies
+
+### Fixed
+- **Circuit breaker race condition**: State transitions now use asyncio.Lock for thread safety
+- **Retry on non-transient errors**: Narrowed retry scope to 5xx and connection errors only (was retrying 400/401/404)
+- **Circuit breaker monitoring always "unknown"**: Fixed `cb._state` → `cb.state.value` attribute mismatch
+- **Unbounded Prometheus metric cardinality**: Endpoint labels now normalized to fixed set
+- **JSONDecodeError crashes**: Added handling at all 5 `response.json()` call sites in wazuh_client.py and wazuh_indexer.py
+- **Wazuh Indexer init race condition**: Added asyncio.Lock with double-check pattern
+- **Non-deterministic cache keys**: Replaced `hash()` with `sorted()` for stable cross-process keys
+- **Premature metrics increment**: Removed hardcoded status_code=200 counter before request processing
+- **Session cleanup on every request**: Throttled to run at most every 60 seconds
+- **10 broken MCP tools** calling non-existent Wazuh Manager API endpoints
+- **get_wazuh_alerts** now queries Wazuh Indexer instead of non-existent Manager API endpoint
+- **3 broken endpoints**: `/manager/stats/all` → `/manager/stats`, `/cluster/health` → `/cluster/healthcheck`, `/manager/stats/logcollector` → `/manager/stats/analysisd`
+- **get_rules_summary** calling non-existent `/rules/summary` endpoint — now aggregates from `/rules`
+- **CI release workflow**: Removed `|| true` that silenced test failures
+- **CI security workflow**: Replaced `|| true` with `continue-on-error: true` for proper visibility
+
+### Removed
+- 4 dead-code methods with non-existent API endpoints (get_incidents, create_incident, update_incident, get_manager_version_check)
+
 ## [4.0.6] - 2025-02-14
 
 ### Added

Dockerfile

@@ -5,7 +5,7 @@
 
 ARG PYTHON_VERSION=3.13
 ARG BUILD_DATE
-ARG VERSION=4.0.6
+ARG VERSION=4.0.7
 
 # Stage 1: Build dependencies
 FROM python:${PYTHON_VERSION}-alpine AS builder

README.md

@@ -7,7 +7,7 @@
 
 **Production-ready MCP server connecting AI assistants to Wazuh SIEM.**
 
-> **Version 4.0.6** | Wazuh 4.8.0 - 4.14.3 | [Full Changelog](CHANGELOG.md)
+> **Version 4.0.7** | Wazuh 4.8.0 - 4.14.3 | [Full Changelog](CHANGELOG.md)
 
 ---
 

compose.yml

@@ -13,10 +13,10 @@ services:
       args:
         BUILD_DATE: ${BUILD_DATE}
         PYTHON_VERSION: ${PYTHON_VERSION:-3.13}
-        VERSION: ${VERSION:-4.0.6}
+        VERSION: ${VERSION:-4.0.7}
       target: production
 
-    image: wazuh-mcp-remote-server:${VERSION:-4.0.6}
+    image: wazuh-mcp-remote-server:${VERSION:-4.0.7}
     container_name: wazuh-mcp-remote-server
     hostname: wazuh-mcp-remote-server
 

deploy.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 """
-OS-Agnostic Deployment Script for Wazuh MCP Server v4.0.6
+OS-Agnostic Deployment Script for Wazuh MCP Server v4.0.7
 Works on Windows, macOS, and Linux with Docker installed.
 """
 
@@ -39,7 +39,7 @@ def print_header():
     """Print deployment header"""
     print(f"{Colors.CYAN}{'=' * 70}{Colors.NC}")
     print(f"{Colors.CYAN}   WAZUH MCP REMOTE SERVER - PRODUCTION DEPLOYMENT{Colors.NC}")
-    print(f"{Colors.CYAN}   Version: 4.0.6 | OS-Agnostic Docker Deployment{Colors.NC}")
+    print(f"{Colors.CYAN}   Version: 4.0.7 | OS-Agnostic Docker Deployment{Colors.NC}")
     print(f"{Colors.CYAN}{'=' * 70}{Colors.NC}\n")
 
 
@@ -182,7 +182,7 @@ def build_and_deploy():
 
     # Set build metadata
     os.environ['BUILD_DATE'] = datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ')
-    os.environ['VERSION'] = os.environ.get('VERSION', '4.0.6')
+    os.environ['VERSION'] = os.environ.get('VERSION', '4.0.7')
     os.environ['PYTHON_VERSION'] = os.environ.get('PYTHON_VERSION', '3.13')
 
     # Build with Docker Compose

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "wazuh-mcp-server"
-version = "4.0.6"
+version = "4.0.7"
 description = "Production-grade MCP remote server for Wazuh SIEM integration with SSE transport"
 readme = "README.md"
 license = {text = "MIT"}

requirements.txt

@@ -1,4 +1,4 @@
-# Wazuh MCP Server v4.0.6 - Production Grade
+# Wazuh MCP Server v4.0.7 - Production Grade
 # MCP-compliant remote server with comprehensive monitoring
 # Updated: February 2026
 

src/wazuh_mcp_server/__init__.py

@@ -4,5 +4,5 @@
 through the Model Context Protocol (MCP), enabling natural language security operations.
 """
 
-__version__ = "4.0.6"
+__version__ = "4.0.7"
 __all__ = ["__version__"]