chore(release): 3.5.1 -> 3.5.2

CHANGELOG.md

@@ -44,6 +44,12 @@
 - [1.0.1-e-10Jan2023](#101-e-10jan2023)
 
 
+## v3.5.2 (2026-05-12)
+
+### Fix
+
+- MCP Server, config validation and cli (#339)
+
 ## v3.5.1 (2026-05-11)
 
 ### Fix

README.md

@@ -92,18 +92,18 @@ ASH v3 integrates multiple open-source security tools as scanners. Tools like Ba
 curl -sSfL https://astral.sh/uv/install.sh | sh
 
 # Create an alias for ASH
-alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1"
+alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2"
 ```
 
 ```powershell
 # Install uv on Windows with PowerShell if it isn't installed already
 irm https://astral.sh/uv/install.ps1 | iex
 
 # Create a function for ASH
-function ash { uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1 $args }
+function ash { uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2 $args }
 ```
 
-> **Floating tag `v3`**: We also maintain a `v3` floating tag that always points to the latest stable v3.x release. You can use `@v3` instead of `@v3.5.1` to stay up to date automatically. Pin a specific version (e.g., `@v3.5.1`) when you need reproducible builds.
+> **Floating tag `v3`**: We also maintain a `v3` floating tag that always points to the latest stable v3.x release. You can use `@v3` instead of `@v3.5.2` to stay up to date automatically. Pin a specific version (e.g., `@v3.5.2`) when you need reproducible builds.
 
 ### Other Installation Methods
 
@@ -130,13 +130,13 @@ ash --help
 #### Using `pip`
 
 ```bash
-pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 ```
 
 #### Clone the Repository
 
 ```bash
-git clone https://github.com/awslabs/automated-security-helper.git --branch v3.5.1
+git clone https://github.com/awslabs/automated-security-helper.git --branch v3.5.2
 cd automated-security-helper
 pip install .
 ```
@@ -225,7 +225,7 @@ The ASH MCP server provides:
     "ash": {
       "command": "uvx",
       "args": [
-        "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.1",
+        "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.2",
         "ash",
         "mcp"
       ],
@@ -243,7 +243,7 @@ The ASH MCP server provides:
     "ash-security": {
       "command": "uvx",
       "args": [
-        "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.1",
+        "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.2",
         "ash",
         "mcp"
       ]
@@ -259,7 +259,7 @@ The ASH MCP server provides:
     "ash": {
       "command": "uvx",
       "args": [
-        "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.1",
+        "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.2",
         "ash",
         "mcp"
       ],
@@ -359,7 +359,7 @@ Add this to your `.pre-commit-config.yaml`:
 ```yaml
 repos:
   - repo: https://github.com/awslabs/automated-security-helper
-    rev: v3.5.1
+    rev: v3.5.2
     hooks:
       - id: ash-simple-scan
 ```

automated_security_helper/schemas/AshAggregatedResults.json

@@ -21438,7 +21438,7 @@
                 "supportedTaxonomies": [],
                 "taxa": [],
                 "translationMetadata": null,
-                "version": "3.5.1"
+                "version": "3.5.2"
               },
               "extensions": [],
               "properties": null

docs/content/docs/advanced-usage.md

@@ -255,7 +255,7 @@ print(f"Found {results.summary_stats.total_findings} findings")
 
 ## CI/CD Integration
 
-> **Tip**: The examples below use pinned versions (`@v3.5.1`) for reproducibility. You can also use the `v3` floating tag (`@v3`) to always get the latest stable v3.x release, though pinned versions are recommended for CI/CD.
+> **Tip**: The examples below use pinned versions (`@v3.5.2`) for reproducibility. You can also use the `v3` floating tag (`@v3`) to always get the latest stable v3.x release, though pinned versions are recommended for CI/CD.
 
 ### GitHub Actions
 
@@ -278,7 +278,7 @@ jobs:
         with:
           python-version: '3.10'
       - name: Install ASH
-        run: pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+        run: pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
       - name: Run ASH scan
         run: ash --mode local
       - name: Upload scan results
@@ -294,7 +294,7 @@ jobs:
 ash-scan:
   image: python:3.10
   script:
-    - pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+    - pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
     - ash --mode local
   artifacts:
     paths:

docs/content/docs/installation-guide.md

@@ -33,7 +33,7 @@ ASH v3 uses UV's tool isolation system to automatically manage most scanner depe
 curl -sSf https://astral.sh/uv/install.sh | sh
 
 # Create an alias for ASH
-alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1"
+alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2"
 
 # Use as normal
 ash --help
@@ -45,22 +45,22 @@ ash --help
 irm https://astral.sh/uv/install.ps1 | iex
 
 # Create a function for ASH
-function ash { uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1 $args }
+function ash { uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2 $args }
 
 # Use as normal
 ash --help
 ```
 
 !!! tip "Floating tag `v3`"
-    We also maintain a `v3` floating tag that always points to the latest stable v3.x release. You can use `@v3` instead of a specific version to stay up to date automatically. Pin a specific version (e.g., `@v3.5.1`) when you need reproducible builds, such as in CI/CD pipelines.
+    We also maintain a `v3` floating tag that always points to the latest stable v3.x release. You can use `@v3` instead of a specific version to stay up to date automatically. Pin a specific version (e.g., `@v3.5.2`) when you need reproducible builds, such as in CI/CD pipelines.
 
 #### 2. Using `pipx`
 
 [`pipx`](https://pypa.github.io/pipx/) installs packages in isolated environments and makes their entry points available globally.
 
 ```bash
 # Works on Windows, macOS, and Linux
-pipx install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pipx install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 
 # Use as normal
 ash --help
@@ -72,7 +72,7 @@ Standard Python package installation:
 
 ```bash
 # Works on Windows, macOS, and Linux
-pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 
 # Use as normal
 ash --help
@@ -84,7 +84,7 @@ For development or if you want to modify ASH:
 
 ```bash
 # Works on Windows, macOS, and Linux
-git clone https://github.com/awslabs/automated-security-helper.git --branch v3.5.1
+git clone https://github.com/awslabs/automated-security-helper.git --branch v3.5.2
 cd automated-security-helper
 pip install .
 
@@ -134,7 +134,7 @@ To upgrade ASH to the latest version:
 ### If installed with `uvx`
 ```bash
 # Your alias will use the latest version when specified
-alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1"
+alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2"
 ```
 
 ### If installed with `pipx`
@@ -144,7 +144,7 @@ pipx upgrade automated-security-helper
 
 ### If installed with `pip`
 ```bash
-pip install --upgrade git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pip install --upgrade git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 ```
 
 ### If installed from repository

docs/content/docs/migration-guide.md

@@ -48,13 +48,13 @@ export PATH="${PATH}:/path/to/automated-security-helper"
 
 ```bash
 # Option 1: Using uvx (recommended) -- add to shell profile
-alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1"
+alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2"
 
 # Option 2: Using pipx
-pipx install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pipx install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 
 # Option 3: Using pip
-pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 ```
 
 > **Tip**: You can also use the `v3` floating tag (`@v3`) instead of a specific version to always get the latest stable v3.x release. Pin a specific version for CI/CD or reproducible environments.
@@ -236,7 +236,7 @@ reporters:
 ```yaml
 repos:
   - repo: https://github.com/awslabs/automated-security-helper
-    rev: v3.5.1
+    rev: v3.5.2
     hooks:
       - id: ash
 ```
@@ -248,7 +248,7 @@ repos:
 ```yaml
 repos:
   - repo: https://github.com/awslabs/automated-security-helper
-    rev: v3.5.1
+    rev: v3.5.2
     hooks:
       - id: ash-simple-scan
 ```

docs/content/docs/quick-start-guide.md

@@ -25,7 +25,7 @@ Prerequisites: Python 3.10+, [uv](https://docs.astral.sh/uv/getting-started/inst
 curl -sSf https://astral.sh/uv/install.sh | sh
 
 # Create an alias for ASH
-alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1"
+alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2"
 ```
 
 #### Windows PowerShell
@@ -34,25 +34,25 @@ alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5
 irm https://astral.sh/uv/install.ps1 | iex
 
 # Create a function for ASH
-function ash { uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1 $args }
+function ash { uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2 $args }
 ```
 
-> **Floating tag `v3`**: We also maintain a `v3` floating tag that always points to the latest stable v3.x release. You can use `@v3` instead of a specific version to stay up to date automatically. Pin a specific version (e.g., `@v3.5.1`) when you need reproducible builds.
+> **Floating tag `v3`**: We also maintain a `v3` floating tag that always points to the latest stable v3.x release. You can use `@v3` instead of a specific version to stay up to date automatically. Pin a specific version (e.g., `@v3.5.2`) when you need reproducible builds.
 
 ### Option 2: Using pipx
 
 Prerequisites: Python 3.10+, [pipx](https://pipx.pypa.io/stable/installation/)
 
 ```bash
-pipx install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pipx install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 ```
 
 ### Option 3: Using pip
 
 Prerequisites: Python 3.10+
 
 ```bash
-pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 ```
 
 ## Basic Usage
@@ -189,7 +189,7 @@ Add this to your `.pre-commit-config.yaml`:
 ```yaml
 repos:
   - repo: https://github.com/awslabs/automated-security-helper
-    rev: v3.5.1
+    rev: v3.5.2
     hooks:
       - id: ash-simple-scan
 ```

docs/content/faq.md

@@ -23,25 +23,25 @@ No. ASH is designed to help identify common security issues early in the develop
 You have several options:
 ```bash
 # Using uvx (recommended)
-alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.1"
+alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3.5.2"
 
 # Using pipx
-pipx install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pipx install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 
 # Using pip
-pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.1
+pip install git+https://github.com/awslabs/automated-security-helper.git@v3.5.2
 ```
 
 ### What are the prerequisites for ASH v3?
 
 ### What is the `v3` floating tag?
-We maintain a `v3` Git tag that always points to the latest stable v3.x release. This means you can use `@v3` in your installation commands instead of a specific version like `@v3.5.1`:
+We maintain a `v3` Git tag that always points to the latest stable v3.x release. This means you can use `@v3` in your installation commands instead of a specific version like `@v3.5.2`:
 
 ```bash
 alias ash="uvx git+https://github.com/awslabs/automated-security-helper.git@v3"
 ```
 
-This is convenient for local development where you always want the latest version. For CI/CD pipelines or environments where reproducibility matters, we recommend pinning to a specific release tag (e.g., `@v3.5.1`).
+This is convenient for local development where you always want the latest version. For CI/CD pipelines or environments where reproducibility matters, we recommend pinning to a specific release tag (e.g., `@v3.5.2`).
 
 ### What are the prerequisites for ASH v3?
 - For local mode: Python 3.10 or later, UV package manager
@@ -165,7 +165,7 @@ Add this to your `.pre-commit-config.yaml`:
 ```yaml
 repos:
   - repo: https://github.com/awslabs/automated-security-helper
-    rev: v3.5.1
+    rev: v3.5.2
     hooks:
       - id: ash-simple-scan
 ```
@@ -260,7 +260,7 @@ Model Context Protocol (MCP) is a standardized way for AI applications to access
        "ash": {
          "command": "uvx",
          "args": [
-           "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.1",
+           "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.2",
            "ash",
            "mcp"
          ],
@@ -278,7 +278,7 @@ Model Context Protocol (MCP) is a standardized way for AI applications to access
        "ash-security": {
          "command": "uvx",
          "args": [
-           "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.1",
+           "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.2",
            "ash",
            "mcp"
          ]
@@ -294,7 +294,7 @@ Model Context Protocol (MCP) is a standardized way for AI applications to access
        "ash": {
          "command": "uvx",
          "args": [
-           "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.1",
+           "--from=git+https://github.com/awslabs/automated-security-helper@v3.5.2",
            "ash",
            "mcp"
          ],
@@ -355,16 +355,16 @@ MCP dependencies are included by default in ASH v3. If you're still getting erro
 2. **Check Python version**: Ensure Python 3.10+ is available: `uv python list`
 3. **Test the MCP server**: Try running the server directly:
    ```bash
-   uvx --from=git+https://github.com/awslabs/automated-security-helper@v3.5.1 ash mcp --help
+   uvx --from=git+https://github.com/awslabs/automated-security-helper@v3.5.2 ash mcp --help
    ```
 
 ### How do I test the ASH MCP server?
 ```bash
 # Test MCP server startup
-uvx --from=git+https://github.com/awslabs/automated-security-helper@v3.5.1 ash mcp --debug
+uvx --from=git+https://github.com/awslabs/automated-security-helper@v3.5.2 ash mcp --debug
 
 # Check ASH version
-uvx --from=git+https://github.com/awslabs/automated-security-helper@v3.5.1 ash --version
+uvx --from=git+https://github.com/awslabs/automated-security-helper@v3.5.2 ash --version
 ```
 
 ### How do I monitor MCP server performance?