You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
68 files changed — +4,264 / -1,341 lines across modules, server infrastructure, tests, and documentation.
Features
Domain-based module routing — Introduced 14 domain categories and 38 question types with auto-generated cross-reference routing tables from module metadata. The server instructions now dynamically build a routing table so the LLM knows which tools to use for any question type.
Expanded cross-reference routing — Added +38 routing hints across 21 modules, improving coverage for underserved question types like animal/vet drugs (3→5), tobacco/vaping (4→8), vehicle safety (3→5), and presidential comparison.
--list-modules CLI flag — New flag with domain grouping and --json output for programmatic module discovery.
ClinicalTrials.gov v2 overhaul — Expanded from 5 to 10 tools covering all API endpoints: metadata, enums, field values, field sizes, size stats, and geo-search. Added typed interfaces for all v2 response shapes.
NHTSA enhancements — New tools and improved descriptions for vehicle recalls, complaints, safety ratings, VIN decoding, and car seat inspection stations.
New analysis prompts — Added prompts for environmental justice, government contractors, water quality, and pharma pricing investigations.
HTML entity decoding — Integrated he library for proper HTML entity decoding across DOJ News, GovInfo, Congress, and other modules with HTML content.
picomatch 4.0.3 → 4.0.4 (method injection in POSIX character classes)
FDA error detection — Added checkError() to the FDA SDK to catch API errors returned as 200-OK-with-error-body.
Tests
Sandbox security test suite — 25 new tests validating WASM sandbox isolation: no filesystem/network/Node.js access, no state leakage between executions, timeout and memory limit enforcement, prototype pollution containment, and prompt injection resistance.
Module structure & instructions tests — Enhanced validation for domains, cross-references, clear_cache dispatch, and instruction builder output.
Total tests: 922 (up from ~600 in v2026.3.9)
Documentation
Updated architecture guide with domain taxonomy and routing table documentation
Improved getting-started and MCP usage guides
Updated adding-modules guide with new metadata fields
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
What's Changed
68 files changed — +4,264 / -1,341 lines across modules, server infrastructure, tests, and documentation.
Features
--list-modulesCLI flag — New flag with domain grouping and--jsonoutput for programmatic module discovery.helibrary for proper HTML entity decoding across DOJ News, GovInfo, Congress, and other modules with HTML content.Security
fast-xml-parser5.4.1 → 5.5.11 (2 CVEs — entity expansion bypass)hono4.12.8 → 4.12.12 (5 CVEs — path traversal, cookie handling, IP matching, middleware bypass)path-to-regexp8.3.0 → 8.4.2 (2 ReDoS)lodash-es4.17.23 → 4.18.1 (prototype pollution + code injection)picomatch4.0.3 → 4.0.4 (method injection in POSIX character classes)checkError()to the FDA SDK to catch API errors returned as 200-OK-with-error-body.Tests
Documentation
Full Changelog: v2026.3.9...v2026.4.11
This discussion was created from the release v2026.4.11.
Beta Was this translation helpful? Give feedback.
All reactions