Upgrade Zod to version 4.0.10 with breaking changes fixes

package.json

@@ -50,7 +50,7 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.16.0",
     "node-fetch": "^3.3.2",
-    "zod": "^3.25.67"
+    "zod": "^4.0.10"
   },
   "repository": {
     "type": "git",

src/tools/codeDefenderGetHeaderInventory.ts

@@ -94,15 +94,15 @@ export function registerCodeDefenderGetHeaderInventory(server: McpServer, codeDe
    - Executive reporting with quantifiable security metrics
 
 Response provides detailed security header intelligence optimized for PCI DSS compliance, security posture assessment, and operational governance with comprehensive policy validation and configuration analysis.`,
-            inputSchema: CodeDefenderHeaderInventoryInputSchema.shape,
-            outputSchema: makeStructuredResponseSchema(CodeDefenderGetHeaderInventoryOutputSchema).shape,
+            inputSchema: CodeDefenderHeaderInventoryInputSchema.shape as any,
+            outputSchema: makeStructuredResponseSchema(CodeDefenderGetHeaderInventoryOutputSchema).shape as any,
             annotations: {
                 title: 'HUMAN Get Code Defender Header Inventory',
                 readOnlyHint: true,
                 openWorldHint: true,
             },
         },
-        async (params: CodeDefenderHeaderInventoryParams) =>
-            mcpToolHandler(async () => codeDefenderService.getCodeDefenderHeaderInventory(params)),
+        (async (params: CodeDefenderHeaderInventoryParams, extra: any) =>
+            mcpToolHandler(async () => codeDefenderService.getCodeDefenderHeaderInventory(params))) as any,
     );
 }

src/tools/codeDefenderGetIncidents.ts

@@ -90,15 +90,15 @@ export function registerCodeDefenderGetIncidents(server: McpServer, codeDefender
    - Page type correlation for sensitive area protection validation
 
 Response provides detailed incident intelligence optimized for security operations, incident response, compliance monitoring, and forensic investigation with actionable threat indicators and comprehensive attack attribution.`,
-            inputSchema: CodeDefenderIncidentsInputSchema.shape,
-            outputSchema: makeStructuredResponseSchema(CodeDefenderGetIncidentsOutputSchema).shape,
+            inputSchema: CodeDefenderIncidentsInputSchema.shape as any,
+            outputSchema: makeStructuredResponseSchema(CodeDefenderGetIncidentsOutputSchema).shape as any,
             annotations: {
                 title: 'HUMAN Get Code Defender Incidents',
                 readOnlyHint: true,
                 openWorldHint: true,
             },
         },
-        async (params: CodeDefenderIncidentsParams) =>
-            mcpToolHandler(async () => codeDefenderService.getCodeDefenderIncidents(params)),
+        (async (params: CodeDefenderIncidentsParams, extra: any) =>
+            mcpToolHandler(async () => codeDefenderService.getCodeDefenderIncidents(params))) as any,
     );
 }

src/tools/codeDefenderGetScriptInventory.ts

@@ -94,15 +94,15 @@ export function registerCodeDefenderGetScriptInventory(server: McpServer, codeDe
    - Executive reporting with quantifiable security metrics
 
 Response provides detailed script intelligence optimized for PCI DSS compliance, supply chain security management, and operational governance with comprehensive risk assessment and vendor attribution.`,
-            inputSchema: CodeDefenderScriptInventoryInputSchema.shape,
-            outputSchema: makeStructuredResponseSchema(CodeDefenderGetScriptInventoryOutputSchema).shape,
+            inputSchema: CodeDefenderScriptInventoryInputSchema.shape as any,
+            outputSchema: makeStructuredResponseSchema(CodeDefenderGetScriptInventoryOutputSchema).shape as any,
             annotations: {
                 title: 'HUMAN Get Code Defender Script Inventory',
                 readOnlyHint: true,
                 openWorldHint: true,
             },
         },
-        async (params: CodeDefenderScriptInventoryParams) =>
-            mcpToolHandler(async () => codeDefenderService.getCodeDefenderScriptInventory(params)),
+        (async (params: CodeDefenderScriptInventoryParams, extra: any) =>
+            mcpToolHandler(async () => codeDefenderService.getCodeDefenderScriptInventory(params))) as any,
     );
 }

src/tools/getAccountInfo.ts

@@ -80,15 +80,15 @@ Key Features:
 • Sensitive transaction pattern analysis and fraud detection
 
 Response provides detailed account intelligence optimized for incident response, fraud investigation, customer support, and compliance auditing with actionable threat indicators and comprehensive security assessment.`,
-            inputSchema: CyberfraudAccountInfoInputSchema.shape,
-            outputSchema: makeStructuredResponseSchema(CyberfraudAccountInfoOutputSchema).shape,
+            inputSchema: CyberfraudAccountInfoInputSchema.shape as any,
+            outputSchema: makeStructuredResponseSchema(CyberfraudAccountInfoOutputSchema).shape as any,
             annotations: {
                 title: 'HUMAN Get Account Info',
                 readOnlyHint: true,
                 openWorldHint: true,
             },
         },
-        async (params: CyberfraudAccountInfoInput) =>
-            mcpToolHandler(async () => cyberfraudService.getAccountInfo(params)),
+        (async (params: CyberfraudAccountInfoInput, extra: any) =>
+            mcpToolHandler(async () => cyberfraudService.getAccountInfo(params))) as any,
     );
 }

src/tools/getAttackReportingOvertime.ts

@@ -94,15 +94,15 @@ export function registerCyberfraudGetAttackReportingOvertime(server: McpServer,
    - Correlate with external events or system changes
 
 Response provides time-series attack intelligence optimized for temporal analysis, incident response, and security operations center monitoring with quantifiable attack progression metrics.`,
-            inputSchema: CyberfraudOvertimeInputSchema.shape,
-            outputSchema: makeStructuredResponseSchema(CyberfraudOvertimeOutputSchema).shape,
+            inputSchema: CyberfraudOvertimeInputSchema.shape as any,
+            outputSchema: makeStructuredResponseSchema(CyberfraudOvertimeOutputSchema).shape as any,
             annotations: {
                 title: 'HUMAN Get Attack Reporting Overtime',
                 readOnlyHint: true,
                 openWorldHint: true,
             },
         },
-        async (params: CyberfraudOvertimeParams) =>
-            mcpToolHandler(async () => cyberfraudService.getAttackReportingOvertime(params)),
+        (async (params: CyberfraudOvertimeParams, extra: any) =>
+            mcpToolHandler(async () => cyberfraudService.getAttackReportingOvertime(params))) as any,
     );
 }

src/tools/getAttackReportingOverview.ts

@@ -80,15 +80,15 @@ export function registerCyberfraudGetAttackReportingOverview(server: McpServer,
 4. PAGINATE: Use page/pageSize to explore large datasets efficiently
 
 Response provides detailed cluster intelligence optimized for incident response, threat hunting, and security analysis with actionable threat indicators and comprehensive attack attribution.`,
-            inputSchema: CyberfraudOverviewInputSchema.shape,
-            outputSchema: makeStructuredResponseSchema(CyberfraudOverviewOutputSchema).shape,
+            inputSchema: CyberfraudOverviewInputSchema.shape as any,
+            outputSchema: makeStructuredResponseSchema(CyberfraudOverviewOutputSchema).shape as any,
             annotations: {
                 title: 'HUMAN Get Attack Reporting Overview',
                 readOnlyHint: true,
                 openWorldHint: true,
             },
         },
-        async (params: CyberfraudOverviewParams) =>
-            mcpToolHandler(async () => cyberfraudService.getAttackReportingOverview(params)),
+        (async (params: CyberfraudOverviewParams, extra: any) =>
+            mcpToolHandler(async () => cyberfraudService.getAttackReportingOverview(params))) as any,
     );
 }

src/tools/getCustomRules.ts

@@ -85,13 +85,13 @@ export function registerCyberfraudGetCustomRules(server: McpServer, cyberfraudSe
 
 Response provides complete custom security rule inventory optimized for policy management, compliance auditing, security posture assessment, and operational monitoring with detailed rule metadata and configuration analysis.`,
             inputSchema: {},
-            outputSchema: makeStructuredResponseSchema(CyberfraudCustomRulesOutputSchema).shape,
+            outputSchema: makeStructuredResponseSchema(CyberfraudCustomRulesOutputSchema).shape as any,
             annotations: {
                 title: 'HUMAN Get Custom Rules',
                 readOnlyHint: true,
                 openWorldHint: true,
             },
         },
-        async () => mcpToolHandler(async () => cyberfraudService.getCustomRules()),
+        (async (extra: any) => mcpToolHandler(async () => cyberfraudService.getCustomRules())) as any,
     );
 }

src/tools/getTrafficData.ts

@@ -75,14 +75,15 @@ CORRECT USAGE:
 • "source": Platform filter (web/mobile)
 
 Response provides structured data optimized for security dashboards, threat analysis, and executive reporting with quantifiable metrics and actionable intelligence.`,
-            inputSchema: TrafficDataInputSchema.shape,
-            outputSchema: makeStructuredResponseSchema(TrafficDataOutputSchema).shape,
+            inputSchema: TrafficDataInputSchema.shape as any,
+            outputSchema: makeStructuredResponseSchema(TrafficDataOutputSchema).shape as any,
             annotations: {
                 title: 'HUMAN Get Traffic Data',
                 readOnlyHint: true,
                 openWorldHint: true,
             },
         },
-        async (params: TrafficDataInput) => mcpToolHandler(async () => cyberfraudService.getTrafficData(params)),
+        (async (params: TrafficDataInput, extra: any) =>
+            mcpToolHandler(async () => cyberfraudService.getTrafficData(params))) as any,
     );
 }

src/types/cyberfraud/customRules.ts

@@ -27,7 +27,7 @@ export const CyberfraudCustomRuleSchema = z
                 '📝 RULE DOCUMENTATION: Detailed explanation of rule purpose, business justification, and context. Critical for compliance auditing, knowledge transfer, and policy maintenance. May be empty for legacy rules.',
             ),
         conditions: z
-            .record(z.any())
+            .record(z.string(), z.unknown())
             .optional()
             .describe(
                 '🎯 MATCHING LOGIC: Complex conditional structure defining when rule applies. Contains operator-based logic ($and, $or, $eq, $in, $re) with conditionType specifications (socketIps, userAgent, path, domain, socketIpASN). Critical for understanding rule scope and impact analysis.',

src/types/cyberfraud/trafficData.ts

@@ -1,27 +1,28 @@
 import { z } from 'zod';
 import { DATE_FORMAT_EXAMPLE_END, DATE_FORMAT_EXAMPLE_START } from '../../utils/constants';
 
-export const TrafficDataSourceEnum = z.enum(['web', 'mobile'], {
-    description:
+export const TrafficDataSourceEnum = z
+    .enum(['web', 'mobile'])
+    .describe(
         'Platform filter: ["web"], ["mobile"], or ["web","mobile"]. NOTE: Mobile traffic may be minimal/absent in some environments (observed 99.999% web dominance). Use both for complete coverage, individual for platform-specific analysis.',
-});
-export const TrafficDataOvertimeEnum = z.enum(
-    ['legitimate', 'blocked', 'potentialBlock', 'whitelist', 'blacklist', 'goodKnownBots', 'captchaSolved'],
-    {
-        description:
-            'TIME-SERIES ANALYSIS: Returns intervals with ~20min timestamps for trend visualization. ❌ MUTUALLY EXCLUSIVE with "count" parameter. 🚨 CRITICAL: DO NOT combine with "tops" - causes misleading aggregation with all data front-loaded into first interval. ✅ BEST FOR: Attack timelines, trend charts, pattern detection. EXAMPLE: {"overtime": ["blocked"]} → Attack volume over time. COMBINE WITH: filters for focus, but NEVER with "tops".',
-    },
-);
-export const TrafficDataTopsEnum = z.enum(['incidents', 'path'], {
-    description:
+    );
+export const TrafficDataOvertimeEnum = z
+    .enum(['legitimate', 'blocked', 'potentialBlock', 'whitelist', 'blacklist', 'goodKnownBots', 'captchaSolved'])
+    .describe(
+        'TIME-SERIES ANALYSIS: Returns intervals with ~20min timestamps for trend visualization. ❌ MUTUALLY EXCLUSIVE with "count" parameter. 🚨 CRITICAL: DO NOT combine with "tops" - causes misleading aggregation with all data front-loaded into first interval. ✅ BEST FOR: Attack timelines, trend charts, pattern detection. EXAMPLE: {"overtime": ["blocked"]} → Attack volume over time. COMBINE WITH: filters for focus, but NEVER with "tops".',
+    );
+export const TrafficDataTopsEnum = z
+    .enum(['incidents', 'path'])
+    .describe(
         '🔄 RESPONSE TRANSFORMER: Completely changes response structure from aggregates to detailed breakdowns. 🚨 CRITICAL: DO NOT combine with "overtime" - causes misleading aggregation where all historical data appears in first interval with zeros after. ⚠️ CRITICAL INSIGHTS: "incidents" reveals attack classification (Bot Behavior, Spoof, Bad Reputation, etc.), "path" shows URL-specific targeting. WITHOUT tops: Aggregate totals. WITH tops: Individual breakdowns per category. ✅ SAFE USAGE: Combine with "count" only.',
-});
-export const TrafficDataTrafficEnum = z.enum(['blocked', 'blacklist', 'potentialBlock'], {
-    description:
+    );
+export const TrafficDataTrafficEnum = z
+    .enum(['blocked', 'blacklist', 'potentialBlock'])
+    .describe(
         'SECURITY-ONLY FILTER: Shows EXCLUSIVELY blocked/suspicious traffic. COMPLEMENTS count/overtime metrics, does NOT replace them. ✅ USE CASE: Pure security analysis, threat-focused reporting. EXCLUDES: All legitimate traffic. COMBINE WITH: Any count/overtime metrics for security-centric view.',
-});
-export const TrafficDataPageTypeEnum = z.enum(
-    [
+    );
+export const TrafficDataPageTypeEnum = z
+    .enum([
         'login',
         'login_attempt',
         'checkout',
@@ -32,14 +33,12 @@ export const TrafficDataPageTypeEnum = z.enum(
         'apiCall',
         'resource',
         'mobileUserAgents',
-    ],
-    {
-        description:
-            'PAGE TYPE FILTER: Focuses analysis on specific user journeys. ⚠️ SCOPE WARNING: Very restrictive (observed 87% data reduction). USE CASES: Login security analysis, checkout protection, API endpoint monitoring. COMBINE WITH: Security metrics for targeted threat analysis.',
-    },
-);
-export const TrafficDataCountEnum = z.enum(
-    [
+    ])
+    .describe(
+        'PAGE TYPE FILTER: Focuses analysis on specific user journeys. ⚠️ SCOPE WARNING: Very restrictive (observed 87% data reduction). USE CASES: Login security analysis, checkout protection, API endpoint monitoring. COMBINE WITH: Security metrics for targeted threat analysis.',
+    );
+export const TrafficDataCountEnum = z
+    .enum([
         'legitimate',
         'potentialBlock',
         'blocked',
@@ -49,12 +48,10 @@ export const TrafficDataCountEnum = z.enum(
         'captchaSolved',
         'mobile',
         'web',
-    ],
-    {
-        description:
-            'AGGREGATE ANALYSIS: Returns total counts across entire time range. ❌ MUTUALLY EXCLUSIVE with "overtime" parameter. ⚠️ LIMITATION: Will NOT return path breakdowns even with tops=["path"] - returns aggregate totals only. ✅ BEST FOR: Dashboards, KPIs, executive summaries. EXAMPLE: {"count": ["legitimate", "blocked"]} → Simple totals.',
-    },
-);
+    ])
+    .describe(
+        'AGGREGATE ANALYSIS: Returns total counts across entire time range. ❌ MUTUALLY EXCLUSIVE with "overtime" parameter. ⚠️ LIMITATION: Will NOT return path breakdowns even with tops=["path"] - returns aggregate totals only. ✅ BEST FOR: Dashboards, KPIs, executive summaries. EXAMPLE: {"count": ["legitimate", "blocked"]} → Simple totals.',
+    );
 
 export const TrafficDataMetricsEnrichmentSchema = z
     .object({