Skip to content

v2026.4.11

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Apr 22:56
· 1 commit to main since this release
v2026.4.11
c799c5b

What's Changed

Features

  • Domain-based module routing — Introduced 14 domain categories and 38 question types with auto-generated cross-reference routing tables from module metadata. The server instructions now dynamically build a routing table so the LLM knows which tools to use for any question type.
  • Expanded cross-reference routing — Added +38 routing hints across 21 modules, improving coverage for underserved question types like animal/vet drugs (3→5), tobacco/vaping (4→8), vehicle safety (3→5), and presidential comparison.
  • --list-modules CLI flag — New flag with domain grouping and --json output for programmatic module discovery.
  • ClinicalTrials.gov v2 overhaul — Expanded from 5 to 10 tools covering all API endpoints: metadata, enums, field values, field sizes, size stats, and geo-search. Added typed interfaces for all v2 response shapes.
  • NHTSA enhancements — New tools and improved descriptions for vehicle recalls, complaints, safety ratings, VIN decoding, and car seat inspection stations.
  • New analysis prompts — Added prompts for environmental justice, government contractors, water quality, and pharma pricing investigations.
  • HTML entity decoding — Integrated he library for proper HTML entity decoding across DOJ News, GovInfo, Congress, and other modules with HTML content.

Security

  • Patched 11 dependency vulnerabilities:
    • fast-xml-parser 5.4.1 → 5.5.11 (2 CVEs — entity expansion bypass)
    • hono 4.12.8 → 4.12.12 (5 CVEs — path traversal, cookie handling, IP matching, middleware bypass)
    • path-to-regexp 8.3.0 → 8.4.2 (2 ReDoS)
    • lodash-es 4.17.23 → 4.18.1 (prototype pollution + code injection)
    • picomatch 4.0.3 → 4.0.4 (method injection in POSIX character classes)
  • FDA error detection — Added checkError() to the FDA SDK to catch API errors returned as 200-OK-with-error-body.

Tests

  • Sandbox security test suite — 25 new tests validating WASM sandbox isolation: no filesystem/network/Node.js access, no state leakage between executions, timeout and memory limit enforcement, prototype pollution containment, and prompt injection resistance.
  • Module structure & instructions tests — Enhanced validation for domains, cross-references, clear_cache dispatch, and instruction builder output.
  • Total tests: 922 (up from ~600 in v2026.3.9)

Documentation

  • Updated architecture guide with domain taxonomy and routing table documentation
  • Improved getting-started and MCP usage guides
  • Updated adding-modules guide with new metadata fields

Full Changelog: v2026.3.9...v2026.4.11

Assets 2
Loading
0 Join discussion