@certscore/mcp 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/README.md +6 -34
- package/dist/certscore-mcp.mjs +4 -28
- package/package.json +9 -1
- package/server.json +4 -4
package/LICENSE
CHANGED
package/README.md
CHANGED
|
@@ -2,9 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
CertScore MCP exposes a focused Model Context Protocol server for CertScore Pulse workflows.
|
|
4
4
|
|
|
5
|
-
Status: public developer preview. The server is distributed for external MCP clients through
|
|
6
|
-
|
|
7
|
-
<!-- mcp-name: ai.certscore/mcp -->
|
|
5
|
+
Status: public developer preview. The server is distributed for external macOS MCP clients through Homebrew. Local WC01 development uses `pnpm mcp:certscore`.
|
|
8
6
|
|
|
9
7
|
Public docs:
|
|
10
8
|
|
|
@@ -27,34 +25,10 @@ Public docs:
|
|
|
27
25
|
- `get_latest_domain_scan` - Retrieve the latest eligible API v2 public-safe scan for a domain.
|
|
28
26
|
- `get_latest_domain_pre_consent_cookies_trackers` - Retrieve the public-safe Cookies & Trackers (Pre-consent) table from the latest eligible scan for a domain.
|
|
29
27
|
|
|
30
|
-
The initial MCP surface intentionally does not include account scan browsing
|
|
28
|
+
The initial MCP surface intentionally does not include account scan browsing, scan comparison tools, or the removed `create_scan` compatibility alias.
|
|
31
29
|
|
|
32
30
|
## Configuration
|
|
33
31
|
|
|
34
|
-
Recommended MCP client config:
|
|
35
|
-
|
|
36
|
-
```json
|
|
37
|
-
{
|
|
38
|
-
"mcpServers": {
|
|
39
|
-
"certscore": {
|
|
40
|
-
"command": "npx",
|
|
41
|
-
"args": ["-y", "@certscore/mcp"],
|
|
42
|
-
"env": {
|
|
43
|
-
"CERTSCORE_API_KEY": "YOUR_TOKEN",
|
|
44
|
-
"CERTSCORE_BASE_URL": "https://certscore.ai"
|
|
45
|
-
}
|
|
46
|
-
}
|
|
47
|
-
}
|
|
48
|
-
}
|
|
49
|
-
```
|
|
50
|
-
|
|
51
|
-
Install globally with npm if your MCP client requires a persistent command:
|
|
52
|
-
|
|
53
|
-
```bash
|
|
54
|
-
npm install -g @certscore/mcp
|
|
55
|
-
certscore-mcp --version
|
|
56
|
-
```
|
|
57
|
-
|
|
58
32
|
Install with Homebrew on macOS:
|
|
59
33
|
|
|
60
34
|
```bash
|
|
@@ -110,7 +84,7 @@ CERTSCORE_REQUEST_TIMEOUT_MS=300000
|
|
|
110
84
|
|
|
111
85
|
## API Key Access
|
|
112
86
|
|
|
113
|
-
MCP clients usually need `scan:read`, `scan:create`, and `mcp` scopes.
|
|
87
|
+
MCP clients usually need `scan:read`, `scan:create`, and `mcp` scopes. Request developer-preview access by emailing `support@certscore.ai` with your organization, MCP client, expected workflow, expected request volume, contact email, and requested scopes.
|
|
114
88
|
|
|
115
89
|
## Verify Install
|
|
116
90
|
|
|
@@ -146,8 +120,7 @@ Cursor config:
|
|
|
146
120
|
{
|
|
147
121
|
"mcpServers": {
|
|
148
122
|
"certscore": {
|
|
149
|
-
"command": "
|
|
150
|
-
"args": ["-y", "@certscore/mcp"],
|
|
123
|
+
"command": "certscore-mcp",
|
|
151
124
|
"env": {
|
|
152
125
|
"CERTSCORE_API_KEY": "YOUR_TOKEN",
|
|
153
126
|
"CERTSCORE_BASE_URL": "https://certscore.ai"
|
|
@@ -163,8 +136,7 @@ Windsurf or generic stdio MCP client config:
|
|
|
163
136
|
{
|
|
164
137
|
"mcpServers": {
|
|
165
138
|
"certscore": {
|
|
166
|
-
"command": "
|
|
167
|
-
"args": ["-y", "@certscore/mcp"],
|
|
139
|
+
"command": "certscore-mcp",
|
|
168
140
|
"env": {
|
|
169
141
|
"CERTSCORE_API_KEY": "YOUR_TOKEN",
|
|
170
142
|
"CERTSCORE_BASE_URL": "https://certscore.ai"
|
|
@@ -251,7 +223,7 @@ This verifies the Homebrew-installed `certscore-mcp` command against live `https
|
|
|
251
223
|
|
|
252
224
|
- Command not found: run the Homebrew install again and confirm Homebrew's bin directory is on `PATH`.
|
|
253
225
|
- Missing API key: set `CERTSCORE_API_KEY` in the MCP client environment and rerun `certscore-mcp doctor`.
|
|
254
|
-
- Bad token: rotate the key or request a
|
|
226
|
+
- Bad token: rotate the key or request a scoped API/MCP key from `support@certscore.ai`.
|
|
255
227
|
- API unreachable: check `CERTSCORE_BASE_URL` and verify `https://certscore.ai/api/v2/health`.
|
|
256
228
|
- Homebrew tap stale: run `brew update` and reinstall `certscore-mcp`.
|
|
257
229
|
- Old cached release: run `brew reinstall --cask certscore-mcp` after updating the tap.
|
package/dist/certscore-mcp.mjs
CHANGED
|
@@ -17846,7 +17846,7 @@ var pulseErrorSchema = external_exports.object({
|
|
|
17846
17846
|
var apiV2Disclaimer = "CertScore outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination.";
|
|
17847
17847
|
var apiV2ScanStatusSchema = external_exports.enum(["queued", "running", "finalizing", "completed", "completed_limited", "failed", "expired", "rate_limited"]);
|
|
17848
17848
|
var apiV2ScanFreshnessSchema = external_exports.enum(["latest", "refresh"]);
|
|
17849
|
-
var apiV2ScanFromSchema = external_exports.enum(["eu_ie"]);
|
|
17849
|
+
var apiV2ScanFromSchema = external_exports.enum(["eu_ie", "eu_de", "california"]);
|
|
17850
17850
|
var apiV2FindingCriticalitySchema = external_exports.enum(["critical", "high", "medium", "low", "info", "unknown"]);
|
|
17851
17851
|
var apiV2FindingConfidenceSchema = external_exports.enum(["strong", "good", "moderate", "weak", "unknown"]);
|
|
17852
17852
|
var apiV2EvidenceBasisSchema = external_exports.enum(["runtime_observation", "policy_surface_detection", "accessibility_check", "public_report_projection"]);
|
|
@@ -17982,8 +17982,6 @@ var apiV2PreConsentCookiesTrackersRowSchema = external_exports.object({
|
|
|
17982
17982
|
name: external_exports.string(),
|
|
17983
17983
|
vendor: external_exports.string().nullable().optional(),
|
|
17984
17984
|
host: external_exports.string().nullable().optional(),
|
|
17985
|
-
domains: external_exports.array(external_exports.string()).optional(),
|
|
17986
|
-
cookieNames: external_exports.array(external_exports.string()).optional(),
|
|
17987
17985
|
registrableDomain: external_exports.string().nullable().optional(),
|
|
17988
17986
|
category: external_exports.string().nullable().optional(),
|
|
17989
17987
|
purpose: external_exports.string().nullable().optional(),
|
|
@@ -17994,12 +17992,6 @@ var apiV2PreConsentCookiesTrackersRowSchema = external_exports.object({
|
|
|
17994
17992
|
phase: apiV2PreConsentInventoryPhaseSchema,
|
|
17995
17993
|
observedBeforeConsent: external_exports.boolean(),
|
|
17996
17994
|
evidenceBasis: external_exports.literal("public_report_projection"),
|
|
17997
|
-
attributionEvidence: external_exports.object({
|
|
17998
|
-
signatureId: external_exports.string(),
|
|
17999
|
-
matchedOn: external_exports.enum(["cookie_name", "domain", "request_pattern", "id_sync"]),
|
|
18000
|
-
matchedValue: external_exports.string()
|
|
18001
|
-
}).strict().nullable().optional(),
|
|
18002
|
-
syncedIdentifiers: external_exports.array(external_exports.string()).optional(),
|
|
18003
17995
|
firstObservedAtMs: external_exports.number().int().min(0).nullable().optional(),
|
|
18004
17996
|
pageUrlHost: external_exports.string().nullable().optional()
|
|
18005
17997
|
}).strict();
|
|
@@ -18025,7 +18017,7 @@ var mcpPulseDetailSchema = external_exports.enum(["tiny", "quick", "standard", "
|
|
|
18025
18017
|
var mcpGptSafePulseDetailSchema = external_exports.enum(["tiny", "standard", "summary"]);
|
|
18026
18018
|
var mcpPulseFormatSchema = external_exports.enum(["json", "markdown"]);
|
|
18027
18019
|
var mcpPulseFreshnessSchema = external_exports.enum(["latest", "refresh"]);
|
|
18028
|
-
var mcpScanFromSchema = external_exports.enum(["eu_ie"]);
|
|
18020
|
+
var mcpScanFromSchema = external_exports.enum(["eu_ie", "eu_de", "california"]);
|
|
18029
18021
|
var mcpCreateScanInputSchema = {
|
|
18030
18022
|
url: external_exports.string().min(1).describe("Public URL or domain to scan."),
|
|
18031
18023
|
detail: mcpPulseDetailSchema.optional().describe("Pulse detail level. Defaults to summary."),
|
|
@@ -18075,7 +18067,7 @@ var mcpGetLatestDomainPreConsentCookiesTrackersInputSchema = {
|
|
|
18075
18067
|
};
|
|
18076
18068
|
var scanCreationAnnotations = {
|
|
18077
18069
|
readOnlyHint: false,
|
|
18078
|
-
destructiveHint:
|
|
18070
|
+
destructiveHint: true,
|
|
18079
18071
|
idempotentHint: false,
|
|
18080
18072
|
openWorldHint: true
|
|
18081
18073
|
};
|
|
@@ -18274,8 +18266,6 @@ var preConsentCookiesTrackersExample = {
|
|
|
18274
18266
|
name: "Example Analytics",
|
|
18275
18267
|
vendor: "Example Analytics",
|
|
18276
18268
|
host: "analytics.example.test",
|
|
18277
|
-
domains: ["analytics.example.test"],
|
|
18278
|
-
cookieNames: [],
|
|
18279
18269
|
registrableDomain: "example.test",
|
|
18280
18270
|
category: "Analytics",
|
|
18281
18271
|
purpose: "Analytics",
|
|
@@ -18286,23 +18276,15 @@ var preConsentCookiesTrackersExample = {
|
|
|
18286
18276
|
phase: "pre_consent",
|
|
18287
18277
|
observedBeforeConsent: true,
|
|
18288
18278
|
evidenceBasis: "public_report_projection",
|
|
18289
|
-
attributionEvidence: {
|
|
18290
|
-
signatureId: "domain_owner:example_analytics:analytics.example.test",
|
|
18291
|
-
matchedOn: "domain",
|
|
18292
|
-
matchedValue: "analytics.example.test"
|
|
18293
|
-
},
|
|
18294
|
-
syncedIdentifiers: [],
|
|
18295
18279
|
firstObservedAtMs: 1234,
|
|
18296
18280
|
pageUrlHost: "example.com"
|
|
18297
18281
|
},
|
|
18298
18282
|
{
|
|
18299
|
-
id: "cookie:google:advertising:doubleclick-net
|
|
18283
|
+
id: "cookie:google:advertising:doubleclick-net",
|
|
18300
18284
|
kind: "cookie",
|
|
18301
18285
|
name: "Google",
|
|
18302
18286
|
vendor: "Google",
|
|
18303
18287
|
host: "doubleclick.net",
|
|
18304
|
-
domains: ["doubleclick.net"],
|
|
18305
|
-
cookieNames: ["_ga"],
|
|
18306
18288
|
registrableDomain: "doubleclick.net",
|
|
18307
18289
|
category: "Advertising",
|
|
18308
18290
|
purpose: "Advertising",
|
|
@@ -18313,12 +18295,6 @@ var preConsentCookiesTrackersExample = {
|
|
|
18313
18295
|
phase: "pre_consent",
|
|
18314
18296
|
observedBeforeConsent: true,
|
|
18315
18297
|
evidenceBasis: "public_report_projection",
|
|
18316
|
-
attributionEvidence: {
|
|
18317
|
-
signatureId: "cookie_google_ads_analytics",
|
|
18318
|
-
matchedOn: "cookie_name",
|
|
18319
|
-
matchedValue: "_ga"
|
|
18320
|
-
},
|
|
18321
|
-
syncedIdentifiers: [],
|
|
18322
18298
|
firstObservedAtMs: 512,
|
|
18323
18299
|
pageUrlHost: "example.com"
|
|
18324
18300
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@certscore/mcp",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.2",
|
|
4
4
|
"mcpName": "ai.certscore/mcp",
|
|
5
5
|
"private": false,
|
|
6
6
|
"description": "MCP server for CertScore public website risk-signal workflows.",
|
|
@@ -17,6 +17,14 @@
|
|
|
17
17
|
".": {
|
|
18
18
|
"types": "./dist/index.d.ts",
|
|
19
19
|
"import": "./dist/certscore-mcp.mjs"
|
|
20
|
+
},
|
|
21
|
+
"./server": {
|
|
22
|
+
"types": "./dist/server.d.ts",
|
|
23
|
+
"import": "./dist/server.js"
|
|
24
|
+
},
|
|
25
|
+
"./version": {
|
|
26
|
+
"types": "./dist/version.d.ts",
|
|
27
|
+
"import": "./dist/version.js"
|
|
20
28
|
}
|
|
21
29
|
},
|
|
22
30
|
"files": [
|
package/server.json
CHANGED
|
@@ -2,17 +2,17 @@
|
|
|
2
2
|
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
|
|
3
3
|
"name": "ai.certscore/mcp",
|
|
4
4
|
"title": "CertScore MCP",
|
|
5
|
-
"description": "
|
|
5
|
+
"description": "CertScore website risk-signal tools for scans, findings, evidence, and latest-domain lookups.",
|
|
6
6
|
"repository": {
|
|
7
7
|
"url": "https://github.com/ergoveritas1-alt/certscore.ai",
|
|
8
8
|
"source": "github"
|
|
9
9
|
},
|
|
10
|
-
"version": "0.2.
|
|
10
|
+
"version": "0.2.2",
|
|
11
11
|
"packages": [
|
|
12
12
|
{
|
|
13
13
|
"registryType": "npm",
|
|
14
14
|
"identifier": "@certscore/mcp",
|
|
15
|
-
"version": "0.2.
|
|
15
|
+
"version": "0.2.2",
|
|
16
16
|
"transport": {
|
|
17
17
|
"type": "stdio"
|
|
18
18
|
},
|
|
@@ -28,7 +28,7 @@
|
|
|
28
28
|
"name": "CERTSCORE_BASE_URL",
|
|
29
29
|
"description": "Optional CertScore API base URL. Defaults to https://certscore.ai.",
|
|
30
30
|
"isRequired": false,
|
|
31
|
-
"format": "
|
|
31
|
+
"format": "string",
|
|
32
32
|
"isSecret": false
|
|
33
33
|
}
|
|
34
34
|
]
|