@certscore/mcp 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Proprietary. All rights reserved.
1
+ UNLICENSED
2
2
 
3
3
  Copyright (c) ErgoVeritas, LLC.
4
4
 
package/README.md CHANGED
@@ -2,9 +2,7 @@
2
2
 
3
3
  CertScore MCP exposes a focused Model Context Protocol server for CertScore Pulse workflows.
4
4
 
5
- Status: public developer preview. The server is distributed for external MCP clients through npm and Homebrew. Local WC01 development uses `pnpm mcp:certscore`.
6
-
7
- <!-- mcp-name: ai.certscore/mcp -->
5
+ Status: public developer preview. The server is distributed for external macOS MCP clients through Homebrew. Local WC01 development uses `pnpm mcp:certscore`.
8
6
 
9
7
  Public docs:
10
8
 
@@ -27,34 +25,10 @@ Public docs:
27
25
  - `get_latest_domain_scan` - Retrieve the latest eligible API v2 public-safe scan for a domain.
28
26
  - `get_latest_domain_pre_consent_cookies_trackers` - Retrieve the public-safe Cookies & Trackers (Pre-consent) table from the latest eligible scan for a domain.
29
27
 
30
- The initial MCP surface intentionally does not include account scan browsing or scan comparison tools.
28
+ The initial MCP surface intentionally does not include account scan browsing, scan comparison tools, or the removed `create_scan` compatibility alias.
31
29
 
32
30
  ## Configuration
33
31
 
34
- Recommended MCP client config:
35
-
36
- ```json
37
- {
38
- "mcpServers": {
39
- "certscore": {
40
- "command": "npx",
41
- "args": ["-y", "@certscore/mcp"],
42
- "env": {
43
- "CERTSCORE_API_KEY": "YOUR_TOKEN",
44
- "CERTSCORE_BASE_URL": "https://certscore.ai"
45
- }
46
- }
47
- }
48
- }
49
- ```
50
-
51
- Install globally with npm if your MCP client requires a persistent command:
52
-
53
- ```bash
54
- npm install -g @certscore/mcp
55
- certscore-mcp --version
56
- ```
57
-
58
32
  Install with Homebrew on macOS:
59
33
 
60
34
  ```bash
@@ -110,7 +84,7 @@ CERTSCORE_REQUEST_TIMEOUT_MS=300000
110
84
 
111
85
  ## API Key Access
112
86
 
113
- MCP clients usually need `scan:read`, `scan:create`, and `mcp` scopes. Sign in to CertScore, verify your email, then request a self-serve `cs_mcp_` key from `POST /api/v2/keys/request`. Self-serve keys include scan creation within the published rate limits. Email `support@certscore.ai` for higher limits or custom access.
87
+ MCP clients usually need `scan:read`, `scan:create`, and `mcp` scopes. Request developer-preview access by emailing `support@certscore.ai` with your organization, MCP client, expected workflow, expected request volume, contact email, and requested scopes.
114
88
 
115
89
  ## Verify Install
116
90
 
@@ -146,8 +120,7 @@ Cursor config:
146
120
  {
147
121
  "mcpServers": {
148
122
  "certscore": {
149
- "command": "npx",
150
- "args": ["-y", "@certscore/mcp"],
123
+ "command": "certscore-mcp",
151
124
  "env": {
152
125
  "CERTSCORE_API_KEY": "YOUR_TOKEN",
153
126
  "CERTSCORE_BASE_URL": "https://certscore.ai"
@@ -163,8 +136,7 @@ Windsurf or generic stdio MCP client config:
163
136
  {
164
137
  "mcpServers": {
165
138
  "certscore": {
166
- "command": "npx",
167
- "args": ["-y", "@certscore/mcp"],
139
+ "command": "certscore-mcp",
168
140
  "env": {
169
141
  "CERTSCORE_API_KEY": "YOUR_TOKEN",
170
142
  "CERTSCORE_BASE_URL": "https://certscore.ai"
@@ -251,7 +223,7 @@ This verifies the Homebrew-installed `certscore-mcp` command against live `https
251
223
 
252
224
  - Command not found: run the Homebrew install again and confirm Homebrew's bin directory is on `PATH`.
253
225
  - Missing API key: set `CERTSCORE_API_KEY` in the MCP client environment and rerun `certscore-mcp doctor`.
254
- - Bad token: rotate the key or request a fresh scoped API/MCP key.
226
+ - Bad token: rotate the key or request a scoped API/MCP key from `support@certscore.ai`.
255
227
  - API unreachable: check `CERTSCORE_BASE_URL` and verify `https://certscore.ai/api/v2/health`.
256
228
  - Homebrew tap stale: run `brew update` and reinstall `certscore-mcp`.
257
229
  - Old cached release: run `brew reinstall --cask certscore-mcp` after updating the tap.
@@ -17846,7 +17846,7 @@ var pulseErrorSchema = external_exports.object({
17846
17846
  var apiV2Disclaimer = "CertScore outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination.";
17847
17847
  var apiV2ScanStatusSchema = external_exports.enum(["queued", "running", "finalizing", "completed", "completed_limited", "failed", "expired", "rate_limited"]);
17848
17848
  var apiV2ScanFreshnessSchema = external_exports.enum(["latest", "refresh"]);
17849
- var apiV2ScanFromSchema = external_exports.enum(["eu_ie"]);
17849
+ var apiV2ScanFromSchema = external_exports.enum(["eu_ie", "eu_de", "california"]);
17850
17850
  var apiV2FindingCriticalitySchema = external_exports.enum(["critical", "high", "medium", "low", "info", "unknown"]);
17851
17851
  var apiV2FindingConfidenceSchema = external_exports.enum(["strong", "good", "moderate", "weak", "unknown"]);
17852
17852
  var apiV2EvidenceBasisSchema = external_exports.enum(["runtime_observation", "policy_surface_detection", "accessibility_check", "public_report_projection"]);
@@ -17982,8 +17982,6 @@ var apiV2PreConsentCookiesTrackersRowSchema = external_exports.object({
17982
17982
  name: external_exports.string(),
17983
17983
  vendor: external_exports.string().nullable().optional(),
17984
17984
  host: external_exports.string().nullable().optional(),
17985
- domains: external_exports.array(external_exports.string()).optional(),
17986
- cookieNames: external_exports.array(external_exports.string()).optional(),
17987
17985
  registrableDomain: external_exports.string().nullable().optional(),
17988
17986
  category: external_exports.string().nullable().optional(),
17989
17987
  purpose: external_exports.string().nullable().optional(),
@@ -17994,12 +17992,6 @@ var apiV2PreConsentCookiesTrackersRowSchema = external_exports.object({
17994
17992
  phase: apiV2PreConsentInventoryPhaseSchema,
17995
17993
  observedBeforeConsent: external_exports.boolean(),
17996
17994
  evidenceBasis: external_exports.literal("public_report_projection"),
17997
- attributionEvidence: external_exports.object({
17998
- signatureId: external_exports.string(),
17999
- matchedOn: external_exports.enum(["cookie_name", "domain", "request_pattern", "id_sync"]),
18000
- matchedValue: external_exports.string()
18001
- }).strict().nullable().optional(),
18002
- syncedIdentifiers: external_exports.array(external_exports.string()).optional(),
18003
17995
  firstObservedAtMs: external_exports.number().int().min(0).nullable().optional(),
18004
17996
  pageUrlHost: external_exports.string().nullable().optional()
18005
17997
  }).strict();
@@ -18025,7 +18017,7 @@ var mcpPulseDetailSchema = external_exports.enum(["tiny", "quick", "standard", "
18025
18017
  var mcpGptSafePulseDetailSchema = external_exports.enum(["tiny", "standard", "summary"]);
18026
18018
  var mcpPulseFormatSchema = external_exports.enum(["json", "markdown"]);
18027
18019
  var mcpPulseFreshnessSchema = external_exports.enum(["latest", "refresh"]);
18028
- var mcpScanFromSchema = external_exports.enum(["eu_ie"]);
18020
+ var mcpScanFromSchema = external_exports.enum(["eu_ie", "eu_de", "california"]);
18029
18021
  var mcpCreateScanInputSchema = {
18030
18022
  url: external_exports.string().min(1).describe("Public URL or domain to scan."),
18031
18023
  detail: mcpPulseDetailSchema.optional().describe("Pulse detail level. Defaults to summary."),
@@ -18274,8 +18266,6 @@ var preConsentCookiesTrackersExample = {
18274
18266
  name: "Example Analytics",
18275
18267
  vendor: "Example Analytics",
18276
18268
  host: "analytics.example.test",
18277
- domains: ["analytics.example.test"],
18278
- cookieNames: [],
18279
18269
  registrableDomain: "example.test",
18280
18270
  category: "Analytics",
18281
18271
  purpose: "Analytics",
@@ -18286,23 +18276,15 @@ var preConsentCookiesTrackersExample = {
18286
18276
  phase: "pre_consent",
18287
18277
  observedBeforeConsent: true,
18288
18278
  evidenceBasis: "public_report_projection",
18289
- attributionEvidence: {
18290
- signatureId: "domain_owner:example_analytics:analytics.example.test",
18291
- matchedOn: "domain",
18292
- matchedValue: "analytics.example.test"
18293
- },
18294
- syncedIdentifiers: [],
18295
18279
  firstObservedAtMs: 1234,
18296
18280
  pageUrlHost: "example.com"
18297
18281
  },
18298
18282
  {
18299
- id: "cookie:google:advertising:doubleclick-net:_ga",
18283
+ id: "cookie:google:advertising:doubleclick-net",
18300
18284
  kind: "cookie",
18301
18285
  name: "Google",
18302
18286
  vendor: "Google",
18303
18287
  host: "doubleclick.net",
18304
- domains: ["doubleclick.net"],
18305
- cookieNames: ["_ga"],
18306
18288
  registrableDomain: "doubleclick.net",
18307
18289
  category: "Advertising",
18308
18290
  purpose: "Advertising",
@@ -18313,12 +18295,6 @@ var preConsentCookiesTrackersExample = {
18313
18295
  phase: "pre_consent",
18314
18296
  observedBeforeConsent: true,
18315
18297
  evidenceBasis: "public_report_projection",
18316
- attributionEvidence: {
18317
- signatureId: "cookie_google_ads_analytics",
18318
- matchedOn: "cookie_name",
18319
- matchedValue: "_ga"
18320
- },
18321
- syncedIdentifiers: [],
18322
18298
  firstObservedAtMs: 512,
18323
18299
  pageUrlHost: "example.com"
18324
18300
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@certscore/mcp",
3
- "version": "0.2.0",
3
+ "version": "0.2.1",
4
4
  "mcpName": "ai.certscore/mcp",
5
5
  "private": false,
6
6
  "description": "MCP server for CertScore public website risk-signal workflows.",
@@ -17,6 +17,14 @@
17
17
  ".": {
18
18
  "types": "./dist/index.d.ts",
19
19
  "import": "./dist/certscore-mcp.mjs"
20
+ },
21
+ "./server": {
22
+ "types": "./dist/server.d.ts",
23
+ "import": "./dist/server.js"
24
+ },
25
+ "./version": {
26
+ "types": "./dist/version.d.ts",
27
+ "import": "./dist/version.js"
20
28
  }
21
29
  },
22
30
  "files": [
package/server.json CHANGED
@@ -2,17 +2,17 @@
2
2
  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
3
3
  "name": "ai.certscore/mcp",
4
4
  "title": "CertScore MCP",
5
- "description": "MCP server for CertScore public website risk-signal workflows, including scan creation, status checks, findings, bounded evidence, and latest-domain lookups. CertScore outputs are automated public-web observations for review, not legal advice, certification, or a compliance determination.",
5
+ "description": "CertScore website risk-signal tools for scans, findings, evidence, and latest-domain lookups.",
6
6
  "repository": {
7
7
  "url": "https://github.com/ergoveritas1-alt/certscore.ai",
8
8
  "source": "github"
9
9
  },
10
- "version": "0.2.0",
10
+ "version": "0.2.1",
11
11
  "packages": [
12
12
  {
13
13
  "registryType": "npm",
14
14
  "identifier": "@certscore/mcp",
15
- "version": "0.2.0",
15
+ "version": "0.2.1",
16
16
  "transport": {
17
17
  "type": "stdio"
18
18
  },
@@ -28,7 +28,7 @@
28
28
  "name": "CERTSCORE_BASE_URL",
29
29
  "description": "Optional CertScore API base URL. Defaults to https://certscore.ai.",
30
30
  "isRequired": false,
31
- "format": "uri",
31
+ "format": "string",
32
32
  "isSecret": false
33
33
  }
34
34
  ]