@fprad0/skill-master-mcp 0.0.11 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (337) hide show
  1. package/CHANGELOG.md +96 -83
  2. package/README.md +472 -443
  3. package/VERSION.md +9 -9
  4. package/bin/lib/bootstrap-global-core.mjs +34 -0
  5. package/bin/lib/client-config.mjs +293 -268
  6. package/bin/lib/doctor-core.mjs +202 -0
  7. package/bin/lib/menu-core.mjs +1629 -1154
  8. package/bin/lib/operation-result.mjs +59 -0
  9. package/bin/lib/register-clients-core.mjs +247 -0
  10. package/bin/lib/skill-installation.mjs +215 -0
  11. package/bin/lib/update-cli-core.mjs +117 -0
  12. package/bin/skill-master-activation.mjs +163 -163
  13. package/bin/skill-master-bootstrap-global.mjs +61 -49
  14. package/bin/skill-master-configure-private-registry.mjs +3 -3
  15. package/bin/skill-master-doctor.mjs +239 -181
  16. package/bin/skill-master-eval-activation.mjs +32 -32
  17. package/bin/skill-master-install-global-skills.mjs +59 -97
  18. package/bin/skill-master-install-project-skills.mjs +97 -0
  19. package/bin/skill-master-menu.mjs +406 -320
  20. package/bin/skill-master-register-clients.mjs +232 -98
  21. package/bin/skill-master-success-skills.mjs +307 -307
  22. package/bin/skill-master-update.mjs +121 -72
  23. package/bin/skill-master.mjs +3 -3
  24. package/dist/activation.d.ts.map +1 -1
  25. package/dist/activation.js +12 -0
  26. package/dist/activation.js.map +1 -1
  27. package/dist/prompt-router.d.ts.map +1 -1
  28. package/dist/prompt-router.js +19 -0
  29. package/dist/prompt-router.js.map +1 -1
  30. package/dist/recommender.d.ts.map +1 -1
  31. package/dist/recommender.js +4 -1
  32. package/dist/recommender.js.map +1 -1
  33. package/docs/architecture/APRENDIZADO_DE_IMPLEMENTACOES_BEM_SUCEDIDAS.md +125 -125
  34. package/docs/architecture/ARQUITETURA_AUTO_UPDATE.md +9 -9
  35. package/docs/architecture/PLANO_MASTER_ACIONAMENTO_AUTOMATICO_E_APRENDIZADO.md +341 -341
  36. package/docs/architecture/REDE_SEGURA_DE_SKILLS.md +148 -148
  37. package/docs/operations/GUIA_MULTI_COMPUTADOR.md +262 -255
  38. package/docs/operations/GUIA_NPM_PRIVADO.md +294 -294
  39. package/docs/operations/GUIA_NPM_PUBLICO.md +147 -147
  40. package/docs/operations/MENU_VISUAL_EVIDENCE_2026-06-28.md +66 -0
  41. package/docs/operations/assets/menu-frame-compact.html +76 -0
  42. package/docs/operations/assets/menu-frame-compact.png +0 -0
  43. package/docs/operations/assets/menu-frame-large.html +84 -0
  44. package/docs/operations/assets/menu-frame-large.png +0 -0
  45. package/docs/operations/assets/menu-frame-running.html +80 -0
  46. package/docs/operations/assets/menu-frame-running.png +0 -0
  47. package/docs/operations/cross-platform-auth-transfer/ANALISE_COMPATIBILIDADE_MCP_2026-06-28.md +140 -0
  48. package/docs/operations/cross-platform-auth-transfer/README_TRANSFERENCIA.md +85 -0
  49. package/docs/operations/reborn-menu-cyberpunk-transfer/ANALISE_MENU_REBORN_CYBERPUNK_2026-06-28.md +174 -0
  50. package/docs/operations/reborn-menu-cyberpunk-transfer/HANDOFF_IMPLEMENTACAO_REBORN_CYBERPUNK_2026-06-28.md +119 -0
  51. package/docs/operations/reborn-menu-cyberpunk-transfer/ORDEM_DE_EXECUCAO_MENU_REBORN_CYBERPUNK.md +134 -0
  52. package/docs/operations/reborn-menu-cyberpunk-transfer/README_TRANSFERENCIA.md +84 -0
  53. package/docs/operations/reborn-menu-cyberpunk-transfer/README_TRANSFERENCIA_REBORN_PACKAGE.md +56 -0
  54. package/docs/operations/reborn-menu-cyberpunk-transfer/references/cyan-hud-frame-sheet.jpg +0 -0
  55. package/docs/operations/reborn-menu-cyberpunk-transfer/references/cyberpunk-pattern-sheet.jpg +0 -0
  56. package/docs/operations/reborn-menu-cyberpunk-transfer/references/fluid-workflow-windows.gif +0 -0
  57. package/docs/operations/token-economy-transfer/ANALISE_AVANCADA_ECONOMIA_TOKENS_2026-06-30.md +141 -0
  58. package/docs/operations/token-economy-transfer/PLANO_DEV_SENIOR_MASTER_TOKEN_ECONOMY_2026-06-30.md +171 -0
  59. package/docs/operations/token-economy-transfer/README_TRANSFERENCIA_TOKEN_ECONOMY.md +31 -0
  60. package/docs/planning/MENU_RUNTIME_CORRECTION_PLAN_2026-06-30.md +551 -0
  61. package/docs/planning/V0_0_9_APROVACAO_CRITICA_MENSAGENS_DE_VENDA.md +85 -85
  62. package/docs/planning/V0_0_9_FONTES_E_CRITERIOS_DE_AUTORIDADE.md +139 -139
  63. package/docs/planning/V0_0_9_MATRIZ_SKILLS_MULTIDISCIPLINARES.md +105 -105
  64. package/docs/planning/V0_0_9_POLITICA_MORAL_CATOLICA_PARA_IA.md +181 -181
  65. package/docs/planning/V0_0_9_PROMPTS_EXECUCAO.md +59 -59
  66. package/docs/planning/V0_0_9_ROADMAP_DISCERNIMENTO_E_CONHECIMENTO_AMPLO.md +181 -181
  67. package/docs/prompt-tasks/PROMPT_TASK_001_BOOTSTRAP_SKILL_MASTER_MCP.md +6 -0
  68. package/docs/prompt-tasks/PROMPT_TASK_002_AUTO_UPDATE_LAUNCHER.md +6 -0
  69. package/docs/prompt-tasks/PROMPT_TASK_003_REMOTE_MANIFEST_AND_RELEASES.md +6 -0
  70. package/docs/prompt-tasks/PROMPT_TASK_004_MULTI_USER_DISTRIBUTION.md +6 -0
  71. package/docs/prompt-tasks/PROMPT_TASK_005_SECURITY_AND_QUALITY_GATE.md +6 -0
  72. package/docs/prompt-tasks/PROMPT_TASK_006_MASTER_ACIONAMENTO_APRENDIZADO.md +83 -0
  73. package/docs/prompt-tasks/PROMPT_TASK_007_PERSONA_ORQUESTRADORA.md +88 -0
  74. package/docs/prompt-tasks/PROMPT_TASK_008_PROMPT_ROUTER_MODOS_ATIVACAO.md +156 -0
  75. package/docs/prompt-tasks/PROMPT_TASK_009_PIPELINE_APRENDIZADO_SUCESSO.md +105 -0
  76. package/docs/prompt-tasks/PROMPT_TASK_010_EVALS_GOVERNANCA_ATIVACAO.md +119 -0
  77. package/docs/prompt-tasks/PROMPT_TASK_011_MENU_NOTIFICACOES_NOTION.md +120 -0
  78. package/docs/prompt-tasks/PROMPT_TASK_012_MENU_CYBERPUNK_PIXEL_FRAME.md +123 -0
  79. package/docs/prompt-tasks/PROMPT_TASK_013_MENU_FLUID_DNA_ANIMATION.md +114 -0
  80. package/docs/prompt-tasks/PROMPT_TASK_014_MENU_FUNCTIONAL_PARITY_QA.md +157 -0
  81. package/docs/prompt-tasks/PROMPT_TASK_015_TRANSFER_RELEASE_HANDOFF.md +127 -0
  82. package/docs/prompt-tasks/PROMPT_TASK_016_CROSS_PLATFORM_MCP_AUTH_REGISTRATION.md +107 -0
  83. package/docs/prompt-tasks/PROMPT_TASK_018_NPM_PUBLISH_2FA_SETUP.md +80 -0
  84. package/docs/prompt-tasks/PROMPT_TASK_019_TOKEN_ECONOMY_GLOBAL_SKILLS.md +56 -0
  85. package/docs/prompt-tasks/PROMPT_TASK_MASTER_EXECUTOR.md +6 -0
  86. package/docs/skill-candidates/v0.0.10/cli-creator/LICENSE.txt +201 -201
  87. package/docs/skill-candidates/v0.0.10/cli-creator/SKILL.md +160 -160
  88. package/docs/skill-candidates/v0.0.10/cli-creator/agents/openai.yaml +4 -4
  89. package/docs/skill-candidates/v0.0.10/cli-creator/references/agent-cli-patterns.md +154 -154
  90. package/docs/skill-candidates/v0.0.10/developer-workstation-ops/SKILL.md +32 -32
  91. package/docs/skill-candidates/v0.0.10/figma/LICENSE.txt +1 -1
  92. package/docs/skill-candidates/v0.0.10/figma/SKILL.md +42 -42
  93. package/docs/skill-candidates/v0.0.10/figma/agents/openai.yaml +14 -14
  94. package/docs/skill-candidates/v0.0.10/figma/assets/figma-small.svg +3 -3
  95. package/docs/skill-candidates/v0.0.10/figma/assets/icon.svg +28 -28
  96. package/docs/skill-candidates/v0.0.10/figma/references/figma-mcp-config.md +35 -35
  97. package/docs/skill-candidates/v0.0.10/figma/references/figma-tools-and-prompts.md +34 -34
  98. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/LICENSE.TXT +1 -1
  99. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/SKILL.md +349 -349
  100. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/agents/openai.yaml +14 -14
  101. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/assets/figma-small.svg +3 -3
  102. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/assets/icon.svg +28 -28
  103. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/references/mapping-checklist.md +7 -7
  104. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/scripts/normalize_node_id.py +25 -25
  105. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/LICENSE.TXT +1 -1
  106. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/SKILL.md +537 -537
  107. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/agents/openai.yaml +14 -14
  108. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/assets/figma-small.svg +3 -3
  109. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/assets/icon.svg +28 -28
  110. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/references/rule-template.md +15 -15
  111. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/scripts/check_agents_md.sh +9 -9
  112. package/docs/skill-candidates/v0.0.10/figma-generate-design/LICENSE.TXT +1 -1
  113. package/docs/skill-candidates/v0.0.10/figma-generate-design/SKILL.md +341 -341
  114. package/docs/skill-candidates/v0.0.10/figma-generate-design/agents/openai.yaml +14 -14
  115. package/docs/skill-candidates/v0.0.10/figma-generate-design/assets/figma-small.svg +3 -3
  116. package/docs/skill-candidates/v0.0.10/figma-generate-design/assets/icon.svg +28 -28
  117. package/docs/skill-candidates/v0.0.10/figma-generate-design/maintainers.yml +1 -1
  118. package/docs/skill-candidates/v0.0.10/figma-generate-library/LICENSE.TXT +1 -1
  119. package/docs/skill-candidates/v0.0.10/figma-generate-library/SKILL.md +314 -314
  120. package/docs/skill-candidates/v0.0.10/figma-generate-library/agents/openai.yaml +14 -14
  121. package/docs/skill-candidates/v0.0.10/figma-generate-library/assets/figma-small.svg +3 -3
  122. package/docs/skill-candidates/v0.0.10/figma-generate-library/assets/icon.svg +28 -28
  123. package/docs/skill-candidates/v0.0.10/figma-generate-library/maintainers.yml +3 -3
  124. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/code-connect-setup.md +260 -260
  125. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/component-creation.md +1014 -1014
  126. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/discovery-phase.md +518 -518
  127. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/documentation-creation.md +834 -834
  128. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/error-recovery.md +540 -540
  129. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/naming-conventions.md +527 -527
  130. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/token-creation.md +962 -962
  131. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/bindVariablesToComponent.js +110 -110
  132. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/cleanupOrphans.js +127 -127
  133. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createComponentWithVariants.js +148 -148
  134. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createDocumentationPage.js +139 -139
  135. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createSemanticTokens.js +108 -108
  136. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createVariableCollection.js +49 -49
  137. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/inspectFileStructure.js +121 -121
  138. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/rehydrateState.js +92 -92
  139. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/validateCreation.js +83 -83
  140. package/docs/skill-candidates/v0.0.10/figma-implement-design/LICENSE.txt +1 -1
  141. package/docs/skill-candidates/v0.0.10/figma-implement-design/SKILL.md +258 -258
  142. package/docs/skill-candidates/v0.0.10/figma-implement-design/agents/openai.yaml +14 -14
  143. package/docs/skill-candidates/v0.0.10/figma-implement-design/assets/figma-small.svg +3 -3
  144. package/docs/skill-candidates/v0.0.10/figma-implement-design/assets/icon.svg +28 -28
  145. package/docs/skill-candidates/v0.0.10/figma-use/LICENSE.TXT +1 -1
  146. package/docs/skill-candidates/v0.0.10/figma-use/SKILL.md +233 -233
  147. package/docs/skill-candidates/v0.0.10/figma-use/agents/openai.yaml +14 -14
  148. package/docs/skill-candidates/v0.0.10/figma-use/assets/figma-small.svg +3 -3
  149. package/docs/skill-candidates/v0.0.10/figma-use/assets/icon.svg +28 -28
  150. package/docs/skill-candidates/v0.0.10/figma-use/maintainers.yml +1 -1
  151. package/docs/skill-candidates/v0.0.10/figma-use/references/api-reference.md +301 -301
  152. package/docs/skill-candidates/v0.0.10/figma-use/references/common-patterns.md +512 -512
  153. package/docs/skill-candidates/v0.0.10/figma-use/references/component-patterns.md +488 -488
  154. package/docs/skill-candidates/v0.0.10/figma-use/references/effect-style-patterns.md +123 -123
  155. package/docs/skill-candidates/v0.0.10/figma-use/references/gotchas.md +599 -599
  156. package/docs/skill-candidates/v0.0.10/figma-use/references/maintainers.yml +12 -12
  157. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-patterns.md +513 -513
  158. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-standalone.d.ts +11293 -11293
  159. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-standalone.index.md +441 -441
  160. package/docs/skill-candidates/v0.0.10/figma-use/references/text-style-patterns.md +203 -203
  161. package/docs/skill-candidates/v0.0.10/figma-use/references/validation-and-recovery.md +109 -109
  162. package/docs/skill-candidates/v0.0.10/figma-use/references/variable-patterns.md +354 -354
  163. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/maintainers.yml +9 -9
  164. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components--creating.md +17 -17
  165. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components--using.md +17 -17
  166. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components.md +50 -50
  167. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-effect-styles.md +52 -52
  168. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-text-styles.md +90 -90
  169. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables--creating.md +13 -13
  170. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables--using.md +13 -13
  171. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables.md +64 -64
  172. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds.md +41 -41
  173. package/docs/skill-candidates/v0.0.10/frontend-design/LICENSE.txt +177 -177
  174. package/docs/skill-candidates/v0.0.10/frontend-design/SKILL.md +55 -55
  175. package/docs/skill-candidates/v0.0.10/frontend-ui-ux-systems/SKILL.md +32 -32
  176. package/docs/skill-candidates/v0.0.10/github/SKILL.md +74 -74
  177. package/docs/skill-candidates/v0.0.10/github/agents/openai.yaml +6 -6
  178. package/docs/skill-candidates/v0.0.10/github/assets/github-small.svg +3 -3
  179. package/docs/skill-candidates/v0.0.10/image-graphic-design-rendering/SKILL.md +28 -28
  180. package/docs/skill-candidates/v0.0.10/language-quality-pt-en-fr-it-ru/SKILL.md +28 -28
  181. package/docs/skill-candidates/v0.0.10/math-physics-reasoning/SKILL.md +28 -28
  182. package/docs/skill-candidates/v0.0.10/mcp-builder/LICENSE.txt +201 -201
  183. package/docs/skill-candidates/v0.0.10/mcp-builder/SKILL.md +236 -236
  184. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/evaluation.md +601 -601
  185. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/mcp_best_practices.md +249 -249
  186. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/node_mcp_server.md +969 -969
  187. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/python_mcp_server.md +718 -718
  188. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/connections.py +151 -151
  189. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/evaluation.py +373 -373
  190. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/example_evaluation.xml +22 -22
  191. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/requirements.txt +2 -2
  192. package/docs/skill-candidates/v0.0.10/mcp-client-readiness/SKILL.md +31 -31
  193. package/docs/skill-candidates/v0.0.10/openai-docs/LICENSE.txt +201 -201
  194. package/docs/skill-candidates/v0.0.10/openai-docs/SKILL.md +161 -161
  195. package/docs/skill-candidates/v0.0.10/openai-docs/agents/openai.yaml +14 -14
  196. package/docs/skill-candidates/v0.0.10/openai-docs/assets/openai-small.svg +3 -3
  197. package/docs/skill-candidates/v0.0.10/openai-docs/references/latest-model.md +37 -37
  198. package/docs/skill-candidates/v0.0.10/openai-docs/references/prompting-guide.md +244 -244
  199. package/docs/skill-candidates/v0.0.10/openai-docs/references/upgrade-guide.md +181 -181
  200. package/docs/skill-candidates/v0.0.10/openai-docs/scripts/fetch-codex-manual.mjs +598 -598
  201. package/docs/skill-candidates/v0.0.10/openai-docs/scripts/resolve-latest-model-info.js +147 -147
  202. package/docs/skill-candidates/v0.0.10/playwright/NOTICE.txt +14 -14
  203. package/docs/skill-candidates/v0.0.10/playwright/SKILL.md +147 -147
  204. package/docs/skill-candidates/v0.0.10/playwright/agents/openai.yaml +6 -6
  205. package/docs/skill-candidates/v0.0.10/playwright/assets/playwright-small.svg +3 -3
  206. package/docs/skill-candidates/v0.0.10/playwright/references/cli.md +116 -116
  207. package/docs/skill-candidates/v0.0.10/playwright/references/workflows.md +95 -95
  208. package/docs/skill-candidates/v0.0.10/playwright/scripts/playwright_cli.sh +25 -25
  209. package/docs/skill-candidates/v0.0.10/polyglot-backend-engineering/SKILL.md +32 -32
  210. package/docs/skill-candidates/v0.0.10/screenshot/LICENSE.txt +201 -201
  211. package/docs/skill-candidates/v0.0.10/screenshot/SKILL.md +267 -267
  212. package/docs/skill-candidates/v0.0.10/screenshot/agents/openai.yaml +6 -6
  213. package/docs/skill-candidates/v0.0.10/screenshot/assets/screenshot-small.svg +5 -5
  214. package/docs/skill-candidates/v0.0.10/screenshot/scripts/ensure_macos_permissions.sh +54 -54
  215. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_display_info.swift +22 -22
  216. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_permissions.swift +40 -40
  217. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_window_info.swift +126 -126
  218. package/docs/skill-candidates/v0.0.10/screenshot/scripts/take_screenshot.ps1 +163 -163
  219. package/docs/skill-candidates/v0.0.10/screenshot/scripts/take_screenshot.py +585 -585
  220. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/SKILL.md +62 -62
  221. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/agents/openai.yaml +4 -4
  222. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/activation-policy.md +77 -77
  223. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/human-approval-policy.md +83 -83
  224. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/persona-dev-senior-master.md +46 -46
  225. package/docs/skill-candidates/v0.0.10/terminal-menu-operations/SKILL.md +30 -30
  226. package/docs/skill-candidates/v0.0.10/terminal-pixel-art-tui/SKILL.md +43 -43
  227. package/docs/skill-candidates/v0.0.10/webapp-testing/LICENSE.txt +201 -201
  228. package/docs/skill-candidates/v0.0.10/webapp-testing/SKILL.md +95 -95
  229. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/console_logging.py +34 -34
  230. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/element_discovery.py +39 -39
  231. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/static_html_automation.py +32 -32
  232. package/docs/skill-candidates/v0.0.10/webapp-testing/scripts/with_server.py +105 -105
  233. package/docs/skill-candidates/v0.0.10/winui-app/LICENSE.txt +201 -201
  234. package/docs/skill-candidates/v0.0.10/winui-app/SKILL.md +94 -94
  235. package/docs/skill-candidates/v0.0.10/winui-app/agents/openai.yaml +5 -5
  236. package/docs/skill-candidates/v0.0.10/winui-app/config.yaml +50 -50
  237. package/docs/skill-candidates/v0.0.10/winui-app/references/_sections.md +96 -96
  238. package/docs/skill-candidates/v0.0.10/winui-app/references/accessibility-input-and-localization.md +51 -51
  239. package/docs/skill-candidates/v0.0.10/winui-app/references/build-run-and-launch-verification.md +72 -72
  240. package/docs/skill-candidates/v0.0.10/winui-app/references/community-toolkit-controls-and-helpers.md +57 -57
  241. package/docs/skill-candidates/v0.0.10/winui-app/references/controls-layout-and-adaptive-ui.md +84 -84
  242. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-environment-audit-and-remediation.md +82 -82
  243. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-setup-and-project-selection.md +67 -67
  244. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-template-first-recovery.md +62 -62
  245. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-winui-app-structure.md +62 -62
  246. package/docs/skill-candidates/v0.0.10/winui-app/references/motion-animations-and-polish.md +45 -45
  247. package/docs/skill-candidates/v0.0.10/winui-app/references/performance-diagnostics-and-responsiveness.md +46 -46
  248. package/docs/skill-candidates/v0.0.10/winui-app/references/sample-source-map.md +37 -37
  249. package/docs/skill-candidates/v0.0.10/winui-app/references/shell-navigation-and-windowing.md +67 -67
  250. package/docs/skill-candidates/v0.0.10/winui-app/references/styling-theming-materials-and-icons.md +71 -71
  251. package/docs/skill-candidates/v0.0.10/winui-app/references/testing-debugging-and-review-checklists.md +77 -77
  252. package/docs/skill-candidates/v0.0.10/winui-app/references/windows-app-sdk-lifecycle-notifications-and-deployment.md +52 -52
  253. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/SKILL.md +398 -398
  254. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/common-patterns.md +330 -330
  255. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/complete-examples.md +871 -871
  256. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/component-patterns.md +501 -501
  257. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/data-fetching.md +766 -766
  258. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/file-organization.md +501 -501
  259. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/loading-and-error-states.md +500 -500
  260. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/performance.md +405 -405
  261. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/routing-guide.md +363 -363
  262. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/styling-guide.md +427 -427
  263. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/typescript-standards.md +417 -417
  264. package/docs/skill-candidates/v0.0.11/git-version-control-ops/SKILL.md +34 -34
  265. package/docs/skill-candidates/v0.0.11/go-engineering/SKILL.md +34 -34
  266. package/docs/skill-candidates/v0.0.11/java-engineering/SKILL.md +34 -34
  267. package/docs/skill-candidates/v0.0.11/javascript-engineering/SKILL.md +34 -34
  268. package/docs/skill-candidates/v0.0.11/json-contract-design/SKILL.md +34 -34
  269. package/docs/skill-candidates/v0.0.11/multi-client-mcp-ops/SKILL.md +36 -36
  270. package/docs/skill-candidates/v0.0.11/nextjs/SKILL.md +745 -745
  271. package/docs/skill-candidates/v0.0.11/nextjs/agents/openai.yaml +3 -3
  272. package/docs/skill-candidates/v0.0.11/nextjs/references/app-router-files.md +94 -94
  273. package/docs/skill-candidates/v0.0.11/python-engineering/SKILL.md +34 -34
  274. package/docs/skill-candidates/v0.0.11/ruby-engineering/SKILL.md +34 -34
  275. package/docs/skill-candidates/v0.0.11/senior-fullstack/SKILL.md +209 -209
  276. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/architecture_patterns.md +103 -103
  277. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/development_workflows.md +103 -103
  278. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/tech_stack_guide.md +103 -103
  279. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/code_quality_analyzer.py +114 -114
  280. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/fullstack_scaffolder.py +114 -114
  281. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/project_scaffolder.py +114 -114
  282. package/docs/skill-candidates/v0.0.11/shadcn/SKILL.md +573 -573
  283. package/docs/skill-candidates/v0.0.11/shadcn/agents/openai.yaml +3 -3
  284. package/docs/skill-candidates/v0.0.11/sql-postgresql-engineering/SKILL.md +34 -34
  285. package/docs/skill-candidates/v0.0.11/terminal-shell-ops/SKILL.md +34 -34
  286. package/docs/skill-candidates/v0.0.11/typescript-expert/SKILL.md +429 -429
  287. package/docs/skill-candidates/v0.0.11/typescript-expert/references/tsconfig-strict.json +91 -91
  288. package/docs/skill-candidates/v0.0.11/typescript-expert/references/typescript-cheatsheet.md +383 -383
  289. package/docs/skill-candidates/v0.0.11/typescript-expert/references/utility-types.ts +335 -335
  290. package/docs/skill-candidates/v0.0.11/typescript-expert/scripts/ts_diagnostic.py +203 -203
  291. package/docs/skill-candidates/v0.0.11/ui-component-primitives/SKILL.md +34 -34
  292. package/docs/skill-candidates/v0.0.11/web-mobile-design-systems/SKILL.md +34 -34
  293. package/docs/skill-candidates/v0.0.11/windows-linux-platform-ops/SKILL.md +34 -34
  294. package/docs/skill-candidates/v0.0.12/context-compression-handoff/SKILL.md +47 -0
  295. package/docs/skill-candidates/v0.0.12/csharp-senior-master-engineering/SKILL.md +32 -0
  296. package/docs/skill-candidates/v0.0.12/css-senior-master-engineering/SKILL.md +32 -0
  297. package/docs/skill-candidates/v0.0.12/go-senior-master-engineering/SKILL.md +32 -0
  298. package/docs/skill-candidates/v0.0.12/html-senior-master-engineering/SKILL.md +32 -0
  299. package/docs/skill-candidates/v0.0.12/javascript-senior-master-engineering/SKILL.md +32 -0
  300. package/docs/skill-candidates/v0.0.12/json-senior-master-engineering/SKILL.md +32 -0
  301. package/docs/skill-candidates/v0.0.12/prompt-budget-gate/SKILL.md +46 -0
  302. package/docs/skill-candidates/v0.0.12/python-senior-master-engineering/SKILL.md +32 -0
  303. package/docs/skill-candidates/v0.0.12/react-senior-master-engineering/SKILL.md +32 -0
  304. package/docs/skill-candidates/v0.0.12/ruby-senior-master-engineering/SKILL.md +32 -0
  305. package/docs/skill-candidates/v0.0.12/senior-master-code-optimizer/SKILL.md +48 -0
  306. package/docs/skill-candidates/v0.0.12/sql-senior-master-engineering/SKILL.md +31 -0
  307. package/docs/skill-candidates/v0.0.12/token-economy-orchestrator/SKILL.md +38 -0
  308. package/docs/skill-candidates/v0.0.12/typescript-senior-master-engineering/SKILL.md +35 -0
  309. package/docs/skill-candidates/v0.0.9/ai-ethics-human-dignity/SKILL.md +32 -32
  310. package/docs/skill-candidates/v0.0.9/broad-domain-router/SKILL.md +41 -41
  311. package/docs/skill-candidates/v0.0.9/catholic-moral-discernment/SKILL.md +31 -31
  312. package/docs/skill-candidates/v0.0.9/engineering-systems-master/SKILL.md +31 -31
  313. package/docs/skill-candidates/v0.0.9/language-quality-pt-en-fr/SKILL.md +28 -28
  314. package/docs/skill-candidates/v0.0.9/math-science-reasoning/SKILL.md +29 -29
  315. package/docs/skill-candidates/v0.0.9/philosophy-sociology-discernment/SKILL.md +28 -28
  316. package/docs/skill-candidates/v0.0.9/professional-boundary-triage/SKILL.md +40 -40
  317. package/docs/skill-candidates/v0.0.9/release-ethics-gate/SKILL.md +32 -32
  318. package/docs/skill-candidates/v0.0.9/source-authority-reviewer/SKILL.md +31 -31
  319. package/examples/client-configs/claude-code.commands.md +21 -17
  320. package/examples/client-configs/claude-code.project.mcp.json +18 -18
  321. package/examples/client-configs/claude-desktop.macos.json +18 -18
  322. package/examples/client-configs/claude-desktop.windows.json +20 -20
  323. package/examples/client-configs/codex.windows.toml +11 -11
  324. package/examples/client-configs/gemini-code-assist.intellij.mcp.json +18 -18
  325. package/examples/client-configs/gemini.linux.settings.json +21 -21
  326. package/examples/client-configs/gemini.windows.settings.json +23 -23
  327. package/examples/client-configs/generic-stdio.json +16 -16
  328. package/manifests/channels/beta.json +26 -26
  329. package/manifests/channels/stable.json +27 -27
  330. package/network/approved-skills.json +54 -54
  331. package/network/unapproved-skill-candidates.json +110 -110
  332. package/package.json +87 -78
  333. package/scripts/configure-private-registry.mjs +208 -208
  334. package/scripts/lib/private-registry.mjs +97 -97
  335. package/scripts/render-menu-evidence.mjs +130 -0
  336. package/scripts/verify-menu-actions.mjs +117 -115
  337. package/sources.json +11 -11
@@ -1,249 +1,249 @@
1
- # MCP Server Best Practices
2
-
3
- ## Quick Reference
4
-
5
- ### Server Naming
6
- - **Python**: `{service}_mcp` (e.g., `slack_mcp`)
7
- - **Node/TypeScript**: `{service}-mcp-server` (e.g., `slack-mcp-server`)
8
-
9
- ### Tool Naming
10
- - Use snake_case with service prefix
11
- - Format: `{service}_{action}_{resource}`
12
- - Example: `slack_send_message`, `github_create_issue`
13
-
14
- ### Response Formats
15
- - Support both JSON and Markdown formats
16
- - JSON for programmatic processing
17
- - Markdown for human readability
18
-
19
- ### Pagination
20
- - Always respect `limit` parameter
21
- - Return `has_more`, `next_offset`, `total_count`
22
- - Default to 20-50 items
23
-
24
- ### Transport
25
- - **Streamable HTTP**: For remote servers, multi-client scenarios
26
- - **stdio**: For local integrations, command-line tools
27
- - Avoid SSE (deprecated in favor of streamable HTTP)
28
-
29
- ---
30
-
31
- ## Server Naming Conventions
32
-
33
- Follow these standardized naming patterns:
34
-
35
- **Python**: Use format `{service}_mcp` (lowercase with underscores)
36
- - Examples: `slack_mcp`, `github_mcp`, `jira_mcp`
37
-
38
- **Node/TypeScript**: Use format `{service}-mcp-server` (lowercase with hyphens)
39
- - Examples: `slack-mcp-server`, `github-mcp-server`, `jira-mcp-server`
40
-
41
- The name should be general, descriptive of the service being integrated, easy to infer from the task description, and without version numbers.
42
-
43
- ---
44
-
45
- ## Tool Naming and Design
46
-
47
- ### Tool Naming
48
-
49
- 1. **Use snake_case**: `search_users`, `create_project`, `get_channel_info`
50
- 2. **Include service prefix**: Anticipate that your MCP server may be used alongside other MCP servers
51
- - Use `slack_send_message` instead of just `send_message`
52
- - Use `github_create_issue` instead of just `create_issue`
53
- 3. **Be action-oriented**: Start with verbs (get, list, search, create, etc.)
54
- 4. **Be specific**: Avoid generic names that could conflict with other servers
55
-
56
- ### Tool Design
57
-
58
- - Tool descriptions must narrowly and unambiguously describe functionality
59
- - Descriptions must precisely match actual functionality
60
- - Provide tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint)
61
- - Keep tool operations focused and atomic
62
-
63
- ---
64
-
65
- ## Response Formats
66
-
67
- All tools that return data should support multiple formats:
68
-
69
- ### JSON Format (`response_format="json"`)
70
- - Machine-readable structured data
71
- - Include all available fields and metadata
72
- - Consistent field names and types
73
- - Use for programmatic processing
74
-
75
- ### Markdown Format (`response_format="markdown"`, typically default)
76
- - Human-readable formatted text
77
- - Use headers, lists, and formatting for clarity
78
- - Convert timestamps to human-readable format
79
- - Show display names with IDs in parentheses
80
- - Omit verbose metadata
81
-
82
- ---
83
-
84
- ## Pagination
85
-
86
- For tools that list resources:
87
-
88
- - **Always respect the `limit` parameter**
89
- - **Implement pagination**: Use `offset` or cursor-based pagination
90
- - **Return pagination metadata**: Include `has_more`, `next_offset`/`next_cursor`, `total_count`
91
- - **Never load all results into memory**: Especially important for large datasets
92
- - **Default to reasonable limits**: 20-50 items is typical
93
-
94
- Example pagination response:
95
- ```json
96
- {
97
- "total": 150,
98
- "count": 20,
99
- "offset": 0,
100
- "items": [...],
101
- "has_more": true,
102
- "next_offset": 20
103
- }
104
- ```
105
-
106
- ---
107
-
108
- ## Transport Options
109
-
110
- ### Streamable HTTP
111
-
112
- **Best for**: Remote servers, web services, multi-client scenarios
113
-
114
- **Characteristics**:
115
- - Bidirectional communication over HTTP
116
- - Supports multiple simultaneous clients
117
- - Can be deployed as a web service
118
- - Enables server-to-client notifications
119
-
120
- **Use when**:
121
- - Serving multiple clients simultaneously
122
- - Deploying as a cloud service
123
- - Integration with web applications
124
-
125
- ### stdio
126
-
127
- **Best for**: Local integrations, command-line tools
128
-
129
- **Characteristics**:
130
- - Standard input/output stream communication
131
- - Simple setup, no network configuration needed
132
- - Runs as a subprocess of the client
133
-
134
- **Use when**:
135
- - Building tools for local development environments
136
- - Integrating with desktop applications
137
- - Single-user, single-session scenarios
138
-
139
- **Note**: stdio servers should NOT log to stdout (use stderr for logging)
140
-
141
- ### Transport Selection
142
-
143
- | Criterion | stdio | Streamable HTTP |
144
- |-----------|-------|-----------------|
145
- | **Deployment** | Local | Remote |
146
- | **Clients** | Single | Multiple |
147
- | **Complexity** | Low | Medium |
148
- | **Real-time** | No | Yes |
149
-
150
- ---
151
-
152
- ## Security Best Practices
153
-
154
- ### Authentication and Authorization
155
-
156
- **OAuth 2.1**:
157
- - Use secure OAuth 2.1 with certificates from recognized authorities
158
- - Validate access tokens before processing requests
159
- - Only accept tokens specifically intended for your server
160
-
161
- **API Keys**:
162
- - Store API keys in environment variables, never in code
163
- - Validate keys on server startup
164
- - Provide clear error messages when authentication fails
165
-
166
- ### Input Validation
167
-
168
- - Sanitize file paths to prevent directory traversal
169
- - Validate URLs and external identifiers
170
- - Check parameter sizes and ranges
171
- - Prevent command injection in system calls
172
- - Use schema validation (Pydantic/Zod) for all inputs
173
-
174
- ### Error Handling
175
-
176
- - Don't expose internal errors to clients
177
- - Log security-relevant errors server-side
178
- - Provide helpful but not revealing error messages
179
- - Clean up resources after errors
180
-
181
- ### DNS Rebinding Protection
182
-
183
- For streamable HTTP servers running locally:
184
- - Enable DNS rebinding protection
185
- - Validate the `Origin` header on all incoming connections
186
- - Bind to `127.0.0.1` rather than `0.0.0.0`
187
-
188
- ---
189
-
190
- ## Tool Annotations
191
-
192
- Provide annotations to help clients understand tool behavior:
193
-
194
- | Annotation | Type | Default | Description |
195
- |-----------|------|---------|-------------|
196
- | `readOnlyHint` | boolean | false | Tool does not modify its environment |
197
- | `destructiveHint` | boolean | true | Tool may perform destructive updates |
198
- | `idempotentHint` | boolean | false | Repeated calls with same args have no additional effect |
199
- | `openWorldHint` | boolean | true | Tool interacts with external entities |
200
-
201
- **Important**: Annotations are hints, not security guarantees. Clients should not make security-critical decisions based solely on annotations.
202
-
203
- ---
204
-
205
- ## Error Handling
206
-
207
- - Use standard JSON-RPC error codes
208
- - Report tool errors within result objects (not protocol-level errors)
209
- - Provide helpful, specific error messages with suggested next steps
210
- - Don't expose internal implementation details
211
- - Clean up resources properly on errors
212
-
213
- Example error handling:
214
- ```typescript
215
- try {
216
- const result = performOperation();
217
- return { content: [{ type: "text", text: result }] };
218
- } catch (error) {
219
- return {
220
- isError: true,
221
- content: [{
222
- type: "text",
223
- text: `Error: ${error.message}. Try using filter='active_only' to reduce results.`
224
- }]
225
- };
226
- }
227
- ```
228
-
229
- ---
230
-
231
- ## Testing Requirements
232
-
233
- Comprehensive testing should cover:
234
-
235
- - **Functional testing**: Verify correct execution with valid/invalid inputs
236
- - **Integration testing**: Test interaction with external systems
237
- - **Security testing**: Validate auth, input sanitization, rate limiting
238
- - **Performance testing**: Check behavior under load, timeouts
239
- - **Error handling**: Ensure proper error reporting and cleanup
240
-
241
- ---
242
-
243
- ## Documentation Requirements
244
-
245
- - Provide clear documentation of all tools and capabilities
246
- - Include working examples (at least 3 per major feature)
247
- - Document security considerations
248
- - Specify required permissions and access levels
249
- - Document rate limits and performance characteristics
1
+ # MCP Server Best Practices
2
+
3
+ ## Quick Reference
4
+
5
+ ### Server Naming
6
+ - **Python**: `{service}_mcp` (e.g., `slack_mcp`)
7
+ - **Node/TypeScript**: `{service}-mcp-server` (e.g., `slack-mcp-server`)
8
+
9
+ ### Tool Naming
10
+ - Use snake_case with service prefix
11
+ - Format: `{service}_{action}_{resource}`
12
+ - Example: `slack_send_message`, `github_create_issue`
13
+
14
+ ### Response Formats
15
+ - Support both JSON and Markdown formats
16
+ - JSON for programmatic processing
17
+ - Markdown for human readability
18
+
19
+ ### Pagination
20
+ - Always respect `limit` parameter
21
+ - Return `has_more`, `next_offset`, `total_count`
22
+ - Default to 20-50 items
23
+
24
+ ### Transport
25
+ - **Streamable HTTP**: For remote servers, multi-client scenarios
26
+ - **stdio**: For local integrations, command-line tools
27
+ - Avoid SSE (deprecated in favor of streamable HTTP)
28
+
29
+ ---
30
+
31
+ ## Server Naming Conventions
32
+
33
+ Follow these standardized naming patterns:
34
+
35
+ **Python**: Use format `{service}_mcp` (lowercase with underscores)
36
+ - Examples: `slack_mcp`, `github_mcp`, `jira_mcp`
37
+
38
+ **Node/TypeScript**: Use format `{service}-mcp-server` (lowercase with hyphens)
39
+ - Examples: `slack-mcp-server`, `github-mcp-server`, `jira-mcp-server`
40
+
41
+ The name should be general, descriptive of the service being integrated, easy to infer from the task description, and without version numbers.
42
+
43
+ ---
44
+
45
+ ## Tool Naming and Design
46
+
47
+ ### Tool Naming
48
+
49
+ 1. **Use snake_case**: `search_users`, `create_project`, `get_channel_info`
50
+ 2. **Include service prefix**: Anticipate that your MCP server may be used alongside other MCP servers
51
+ - Use `slack_send_message` instead of just `send_message`
52
+ - Use `github_create_issue` instead of just `create_issue`
53
+ 3. **Be action-oriented**: Start with verbs (get, list, search, create, etc.)
54
+ 4. **Be specific**: Avoid generic names that could conflict with other servers
55
+
56
+ ### Tool Design
57
+
58
+ - Tool descriptions must narrowly and unambiguously describe functionality
59
+ - Descriptions must precisely match actual functionality
60
+ - Provide tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint)
61
+ - Keep tool operations focused and atomic
62
+
63
+ ---
64
+
65
+ ## Response Formats
66
+
67
+ All tools that return data should support multiple formats:
68
+
69
+ ### JSON Format (`response_format="json"`)
70
+ - Machine-readable structured data
71
+ - Include all available fields and metadata
72
+ - Consistent field names and types
73
+ - Use for programmatic processing
74
+
75
+ ### Markdown Format (`response_format="markdown"`, typically default)
76
+ - Human-readable formatted text
77
+ - Use headers, lists, and formatting for clarity
78
+ - Convert timestamps to human-readable format
79
+ - Show display names with IDs in parentheses
80
+ - Omit verbose metadata
81
+
82
+ ---
83
+
84
+ ## Pagination
85
+
86
+ For tools that list resources:
87
+
88
+ - **Always respect the `limit` parameter**
89
+ - **Implement pagination**: Use `offset` or cursor-based pagination
90
+ - **Return pagination metadata**: Include `has_more`, `next_offset`/`next_cursor`, `total_count`
91
+ - **Never load all results into memory**: Especially important for large datasets
92
+ - **Default to reasonable limits**: 20-50 items is typical
93
+
94
+ Example pagination response:
95
+ ```json
96
+ {
97
+ "total": 150,
98
+ "count": 20,
99
+ "offset": 0,
100
+ "items": [...],
101
+ "has_more": true,
102
+ "next_offset": 20
103
+ }
104
+ ```
105
+
106
+ ---
107
+
108
+ ## Transport Options
109
+
110
+ ### Streamable HTTP
111
+
112
+ **Best for**: Remote servers, web services, multi-client scenarios
113
+
114
+ **Characteristics**:
115
+ - Bidirectional communication over HTTP
116
+ - Supports multiple simultaneous clients
117
+ - Can be deployed as a web service
118
+ - Enables server-to-client notifications
119
+
120
+ **Use when**:
121
+ - Serving multiple clients simultaneously
122
+ - Deploying as a cloud service
123
+ - Integration with web applications
124
+
125
+ ### stdio
126
+
127
+ **Best for**: Local integrations, command-line tools
128
+
129
+ **Characteristics**:
130
+ - Standard input/output stream communication
131
+ - Simple setup, no network configuration needed
132
+ - Runs as a subprocess of the client
133
+
134
+ **Use when**:
135
+ - Building tools for local development environments
136
+ - Integrating with desktop applications
137
+ - Single-user, single-session scenarios
138
+
139
+ **Note**: stdio servers should NOT log to stdout (use stderr for logging)
140
+
141
+ ### Transport Selection
142
+
143
+ | Criterion | stdio | Streamable HTTP |
144
+ |-----------|-------|-----------------|
145
+ | **Deployment** | Local | Remote |
146
+ | **Clients** | Single | Multiple |
147
+ | **Complexity** | Low | Medium |
148
+ | **Real-time** | No | Yes |
149
+
150
+ ---
151
+
152
+ ## Security Best Practices
153
+
154
+ ### Authentication and Authorization
155
+
156
+ **OAuth 2.1**:
157
+ - Use secure OAuth 2.1 with certificates from recognized authorities
158
+ - Validate access tokens before processing requests
159
+ - Only accept tokens specifically intended for your server
160
+
161
+ **API Keys**:
162
+ - Store API keys in environment variables, never in code
163
+ - Validate keys on server startup
164
+ - Provide clear error messages when authentication fails
165
+
166
+ ### Input Validation
167
+
168
+ - Sanitize file paths to prevent directory traversal
169
+ - Validate URLs and external identifiers
170
+ - Check parameter sizes and ranges
171
+ - Prevent command injection in system calls
172
+ - Use schema validation (Pydantic/Zod) for all inputs
173
+
174
+ ### Error Handling
175
+
176
+ - Don't expose internal errors to clients
177
+ - Log security-relevant errors server-side
178
+ - Provide helpful but not revealing error messages
179
+ - Clean up resources after errors
180
+
181
+ ### DNS Rebinding Protection
182
+
183
+ For streamable HTTP servers running locally:
184
+ - Enable DNS rebinding protection
185
+ - Validate the `Origin` header on all incoming connections
186
+ - Bind to `127.0.0.1` rather than `0.0.0.0`
187
+
188
+ ---
189
+
190
+ ## Tool Annotations
191
+
192
+ Provide annotations to help clients understand tool behavior:
193
+
194
+ | Annotation | Type | Default | Description |
195
+ |-----------|------|---------|-------------|
196
+ | `readOnlyHint` | boolean | false | Tool does not modify its environment |
197
+ | `destructiveHint` | boolean | true | Tool may perform destructive updates |
198
+ | `idempotentHint` | boolean | false | Repeated calls with same args have no additional effect |
199
+ | `openWorldHint` | boolean | true | Tool interacts with external entities |
200
+
201
+ **Important**: Annotations are hints, not security guarantees. Clients should not make security-critical decisions based solely on annotations.
202
+
203
+ ---
204
+
205
+ ## Error Handling
206
+
207
+ - Use standard JSON-RPC error codes
208
+ - Report tool errors within result objects (not protocol-level errors)
209
+ - Provide helpful, specific error messages with suggested next steps
210
+ - Don't expose internal implementation details
211
+ - Clean up resources properly on errors
212
+
213
+ Example error handling:
214
+ ```typescript
215
+ try {
216
+ const result = performOperation();
217
+ return { content: [{ type: "text", text: result }] };
218
+ } catch (error) {
219
+ return {
220
+ isError: true,
221
+ content: [{
222
+ type: "text",
223
+ text: `Error: ${error.message}. Try using filter='active_only' to reduce results.`
224
+ }]
225
+ };
226
+ }
227
+ ```
228
+
229
+ ---
230
+
231
+ ## Testing Requirements
232
+
233
+ Comprehensive testing should cover:
234
+
235
+ - **Functional testing**: Verify correct execution with valid/invalid inputs
236
+ - **Integration testing**: Test interaction with external systems
237
+ - **Security testing**: Validate auth, input sanitization, rate limiting
238
+ - **Performance testing**: Check behavior under load, timeouts
239
+ - **Error handling**: Ensure proper error reporting and cleanup
240
+
241
+ ---
242
+
243
+ ## Documentation Requirements
244
+
245
+ - Provide clear documentation of all tools and capabilities
246
+ - Include working examples (at least 3 per major feature)
247
+ - Document security considerations
248
+ - Specify required permissions and access levels
249
+ - Document rate limits and performance characteristics