@fprad0/skill-master-mcp 0.0.12 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (331) hide show
  1. package/CHANGELOG.md +96 -90
  2. package/README.md +472 -472
  3. package/VERSION.md +9 -9
  4. package/bin/lib/bootstrap-global-core.mjs +34 -0
  5. package/bin/lib/client-config.mjs +293 -293
  6. package/bin/lib/doctor-core.mjs +202 -0
  7. package/bin/lib/menu-core.mjs +1629 -1522
  8. package/bin/lib/operation-result.mjs +59 -0
  9. package/bin/lib/register-clients-core.mjs +247 -0
  10. package/bin/lib/skill-installation.mjs +215 -215
  11. package/bin/lib/update-cli-core.mjs +117 -0
  12. package/bin/skill-master-activation.mjs +163 -163
  13. package/bin/skill-master-bootstrap-global.mjs +61 -49
  14. package/bin/skill-master-configure-private-registry.mjs +3 -3
  15. package/bin/skill-master-doctor.mjs +239 -228
  16. package/bin/skill-master-eval-activation.mjs +32 -32
  17. package/bin/skill-master-install-global-skills.mjs +59 -59
  18. package/bin/skill-master-install-project-skills.mjs +97 -97
  19. package/bin/skill-master-menu.mjs +406 -405
  20. package/bin/skill-master-register-clients.mjs +232 -153
  21. package/bin/skill-master-success-skills.mjs +307 -307
  22. package/bin/skill-master-update.mjs +121 -72
  23. package/bin/skill-master.mjs +3 -3
  24. package/dist/activation.d.ts.map +1 -1
  25. package/dist/activation.js +12 -0
  26. package/dist/activation.js.map +1 -1
  27. package/dist/prompt-router.d.ts.map +1 -1
  28. package/dist/prompt-router.js +19 -0
  29. package/dist/prompt-router.js.map +1 -1
  30. package/dist/recommender.d.ts.map +1 -1
  31. package/dist/recommender.js +4 -1
  32. package/dist/recommender.js.map +1 -1
  33. package/docs/architecture/APRENDIZADO_DE_IMPLEMENTACOES_BEM_SUCEDIDAS.md +125 -125
  34. package/docs/architecture/ARQUITETURA_AUTO_UPDATE.md +9 -9
  35. package/docs/architecture/PLANO_MASTER_ACIONAMENTO_AUTOMATICO_E_APRENDIZADO.md +341 -341
  36. package/docs/architecture/REDE_SEGURA_DE_SKILLS.md +148 -148
  37. package/docs/operations/GUIA_MULTI_COMPUTADOR.md +262 -262
  38. package/docs/operations/GUIA_NPM_PRIVADO.md +294 -294
  39. package/docs/operations/GUIA_NPM_PUBLICO.md +147 -147
  40. package/docs/operations/MENU_VISUAL_EVIDENCE_2026-06-28.md +66 -66
  41. package/docs/operations/assets/menu-frame-compact.html +75 -75
  42. package/docs/operations/assets/menu-frame-large.html +83 -83
  43. package/docs/operations/assets/menu-frame-running.html +79 -79
  44. package/docs/operations/cross-platform-auth-transfer/ANALISE_COMPATIBILIDADE_MCP_2026-06-28.md +140 -140
  45. package/docs/operations/cross-platform-auth-transfer/README_TRANSFERENCIA.md +85 -85
  46. package/docs/operations/reborn-menu-cyberpunk-transfer/ANALISE_MENU_REBORN_CYBERPUNK_2026-06-28.md +174 -174
  47. package/docs/operations/reborn-menu-cyberpunk-transfer/HANDOFF_IMPLEMENTACAO_REBORN_CYBERPUNK_2026-06-28.md +119 -119
  48. package/docs/operations/reborn-menu-cyberpunk-transfer/ORDEM_DE_EXECUCAO_MENU_REBORN_CYBERPUNK.md +134 -134
  49. package/docs/operations/reborn-menu-cyberpunk-transfer/README_TRANSFERENCIA.md +84 -84
  50. package/docs/operations/reborn-menu-cyberpunk-transfer/README_TRANSFERENCIA_REBORN_PACKAGE.md +56 -56
  51. package/docs/operations/token-economy-transfer/ANALISE_AVANCADA_ECONOMIA_TOKENS_2026-06-30.md +141 -0
  52. package/docs/operations/token-economy-transfer/PLANO_DEV_SENIOR_MASTER_TOKEN_ECONOMY_2026-06-30.md +171 -0
  53. package/docs/operations/token-economy-transfer/README_TRANSFERENCIA_TOKEN_ECONOMY.md +31 -0
  54. package/docs/planning/MENU_RUNTIME_CORRECTION_PLAN_2026-06-30.md +551 -0
  55. package/docs/planning/V0_0_9_APROVACAO_CRITICA_MENSAGENS_DE_VENDA.md +85 -85
  56. package/docs/planning/V0_0_9_FONTES_E_CRITERIOS_DE_AUTORIDADE.md +139 -139
  57. package/docs/planning/V0_0_9_MATRIZ_SKILLS_MULTIDISCIPLINARES.md +105 -105
  58. package/docs/planning/V0_0_9_POLITICA_MORAL_CATOLICA_PARA_IA.md +181 -181
  59. package/docs/planning/V0_0_9_PROMPTS_EXECUCAO.md +59 -59
  60. package/docs/planning/V0_0_9_ROADMAP_DISCERNIMENTO_E_CONHECIMENTO_AMPLO.md +181 -181
  61. package/docs/prompt-tasks/PROMPT_TASK_001_BOOTSTRAP_SKILL_MASTER_MCP.md +6 -6
  62. package/docs/prompt-tasks/PROMPT_TASK_002_AUTO_UPDATE_LAUNCHER.md +6 -6
  63. package/docs/prompt-tasks/PROMPT_TASK_003_REMOTE_MANIFEST_AND_RELEASES.md +6 -6
  64. package/docs/prompt-tasks/PROMPT_TASK_004_MULTI_USER_DISTRIBUTION.md +6 -6
  65. package/docs/prompt-tasks/PROMPT_TASK_005_SECURITY_AND_QUALITY_GATE.md +6 -6
  66. package/docs/prompt-tasks/PROMPT_TASK_006_MASTER_ACIONAMENTO_APRENDIZADO.md +83 -83
  67. package/docs/prompt-tasks/PROMPT_TASK_007_PERSONA_ORQUESTRADORA.md +88 -88
  68. package/docs/prompt-tasks/PROMPT_TASK_008_PROMPT_ROUTER_MODOS_ATIVACAO.md +156 -156
  69. package/docs/prompt-tasks/PROMPT_TASK_009_PIPELINE_APRENDIZADO_SUCESSO.md +105 -105
  70. package/docs/prompt-tasks/PROMPT_TASK_010_EVALS_GOVERNANCA_ATIVACAO.md +119 -119
  71. package/docs/prompt-tasks/PROMPT_TASK_011_MENU_NOTIFICACOES_NOTION.md +120 -120
  72. package/docs/prompt-tasks/PROMPT_TASK_012_MENU_CYBERPUNK_PIXEL_FRAME.md +123 -123
  73. package/docs/prompt-tasks/PROMPT_TASK_013_MENU_FLUID_DNA_ANIMATION.md +114 -114
  74. package/docs/prompt-tasks/PROMPT_TASK_014_MENU_FUNCTIONAL_PARITY_QA.md +157 -157
  75. package/docs/prompt-tasks/PROMPT_TASK_015_TRANSFER_RELEASE_HANDOFF.md +127 -127
  76. package/docs/prompt-tasks/PROMPT_TASK_016_CROSS_PLATFORM_MCP_AUTH_REGISTRATION.md +107 -107
  77. package/docs/prompt-tasks/PROMPT_TASK_018_NPM_PUBLISH_2FA_SETUP.md +80 -80
  78. package/docs/prompt-tasks/PROMPT_TASK_019_TOKEN_ECONOMY_GLOBAL_SKILLS.md +56 -0
  79. package/docs/prompt-tasks/PROMPT_TASK_MASTER_EXECUTOR.md +6 -6
  80. package/docs/skill-candidates/v0.0.10/cli-creator/LICENSE.txt +201 -201
  81. package/docs/skill-candidates/v0.0.10/cli-creator/SKILL.md +160 -160
  82. package/docs/skill-candidates/v0.0.10/cli-creator/agents/openai.yaml +4 -4
  83. package/docs/skill-candidates/v0.0.10/cli-creator/references/agent-cli-patterns.md +154 -154
  84. package/docs/skill-candidates/v0.0.10/developer-workstation-ops/SKILL.md +32 -32
  85. package/docs/skill-candidates/v0.0.10/figma/LICENSE.txt +1 -1
  86. package/docs/skill-candidates/v0.0.10/figma/SKILL.md +42 -42
  87. package/docs/skill-candidates/v0.0.10/figma/agents/openai.yaml +14 -14
  88. package/docs/skill-candidates/v0.0.10/figma/assets/figma-small.svg +3 -3
  89. package/docs/skill-candidates/v0.0.10/figma/assets/icon.svg +28 -28
  90. package/docs/skill-candidates/v0.0.10/figma/references/figma-mcp-config.md +35 -35
  91. package/docs/skill-candidates/v0.0.10/figma/references/figma-tools-and-prompts.md +34 -34
  92. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/LICENSE.TXT +1 -1
  93. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/SKILL.md +349 -349
  94. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/agents/openai.yaml +14 -14
  95. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/assets/figma-small.svg +3 -3
  96. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/assets/icon.svg +28 -28
  97. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/references/mapping-checklist.md +7 -7
  98. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/scripts/normalize_node_id.py +25 -25
  99. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/LICENSE.TXT +1 -1
  100. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/SKILL.md +537 -537
  101. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/agents/openai.yaml +14 -14
  102. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/assets/figma-small.svg +3 -3
  103. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/assets/icon.svg +28 -28
  104. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/references/rule-template.md +15 -15
  105. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/scripts/check_agents_md.sh +9 -9
  106. package/docs/skill-candidates/v0.0.10/figma-generate-design/LICENSE.TXT +1 -1
  107. package/docs/skill-candidates/v0.0.10/figma-generate-design/SKILL.md +341 -341
  108. package/docs/skill-candidates/v0.0.10/figma-generate-design/agents/openai.yaml +14 -14
  109. package/docs/skill-candidates/v0.0.10/figma-generate-design/assets/figma-small.svg +3 -3
  110. package/docs/skill-candidates/v0.0.10/figma-generate-design/assets/icon.svg +28 -28
  111. package/docs/skill-candidates/v0.0.10/figma-generate-design/maintainers.yml +1 -1
  112. package/docs/skill-candidates/v0.0.10/figma-generate-library/LICENSE.TXT +1 -1
  113. package/docs/skill-candidates/v0.0.10/figma-generate-library/SKILL.md +314 -314
  114. package/docs/skill-candidates/v0.0.10/figma-generate-library/agents/openai.yaml +14 -14
  115. package/docs/skill-candidates/v0.0.10/figma-generate-library/assets/figma-small.svg +3 -3
  116. package/docs/skill-candidates/v0.0.10/figma-generate-library/assets/icon.svg +28 -28
  117. package/docs/skill-candidates/v0.0.10/figma-generate-library/maintainers.yml +3 -3
  118. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/code-connect-setup.md +260 -260
  119. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/component-creation.md +1014 -1014
  120. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/discovery-phase.md +518 -518
  121. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/documentation-creation.md +834 -834
  122. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/error-recovery.md +540 -540
  123. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/naming-conventions.md +527 -527
  124. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/token-creation.md +962 -962
  125. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/bindVariablesToComponent.js +110 -110
  126. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/cleanupOrphans.js +127 -127
  127. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createComponentWithVariants.js +148 -148
  128. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createDocumentationPage.js +139 -139
  129. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createSemanticTokens.js +108 -108
  130. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createVariableCollection.js +49 -49
  131. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/inspectFileStructure.js +121 -121
  132. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/rehydrateState.js +92 -92
  133. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/validateCreation.js +83 -83
  134. package/docs/skill-candidates/v0.0.10/figma-implement-design/LICENSE.txt +1 -1
  135. package/docs/skill-candidates/v0.0.10/figma-implement-design/SKILL.md +258 -258
  136. package/docs/skill-candidates/v0.0.10/figma-implement-design/agents/openai.yaml +14 -14
  137. package/docs/skill-candidates/v0.0.10/figma-implement-design/assets/figma-small.svg +3 -3
  138. package/docs/skill-candidates/v0.0.10/figma-implement-design/assets/icon.svg +28 -28
  139. package/docs/skill-candidates/v0.0.10/figma-use/LICENSE.TXT +1 -1
  140. package/docs/skill-candidates/v0.0.10/figma-use/SKILL.md +233 -233
  141. package/docs/skill-candidates/v0.0.10/figma-use/agents/openai.yaml +14 -14
  142. package/docs/skill-candidates/v0.0.10/figma-use/assets/figma-small.svg +3 -3
  143. package/docs/skill-candidates/v0.0.10/figma-use/assets/icon.svg +28 -28
  144. package/docs/skill-candidates/v0.0.10/figma-use/maintainers.yml +1 -1
  145. package/docs/skill-candidates/v0.0.10/figma-use/references/api-reference.md +301 -301
  146. package/docs/skill-candidates/v0.0.10/figma-use/references/common-patterns.md +512 -512
  147. package/docs/skill-candidates/v0.0.10/figma-use/references/component-patterns.md +488 -488
  148. package/docs/skill-candidates/v0.0.10/figma-use/references/effect-style-patterns.md +123 -123
  149. package/docs/skill-candidates/v0.0.10/figma-use/references/gotchas.md +599 -599
  150. package/docs/skill-candidates/v0.0.10/figma-use/references/maintainers.yml +12 -12
  151. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-patterns.md +513 -513
  152. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-standalone.d.ts +11293 -11293
  153. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-standalone.index.md +441 -441
  154. package/docs/skill-candidates/v0.0.10/figma-use/references/text-style-patterns.md +203 -203
  155. package/docs/skill-candidates/v0.0.10/figma-use/references/validation-and-recovery.md +109 -109
  156. package/docs/skill-candidates/v0.0.10/figma-use/references/variable-patterns.md +354 -354
  157. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/maintainers.yml +9 -9
  158. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components--creating.md +17 -17
  159. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components--using.md +17 -17
  160. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components.md +50 -50
  161. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-effect-styles.md +52 -52
  162. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-text-styles.md +90 -90
  163. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables--creating.md +13 -13
  164. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables--using.md +13 -13
  165. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables.md +64 -64
  166. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds.md +41 -41
  167. package/docs/skill-candidates/v0.0.10/frontend-design/LICENSE.txt +177 -177
  168. package/docs/skill-candidates/v0.0.10/frontend-design/SKILL.md +55 -55
  169. package/docs/skill-candidates/v0.0.10/frontend-ui-ux-systems/SKILL.md +32 -32
  170. package/docs/skill-candidates/v0.0.10/github/SKILL.md +74 -74
  171. package/docs/skill-candidates/v0.0.10/github/agents/openai.yaml +6 -6
  172. package/docs/skill-candidates/v0.0.10/github/assets/github-small.svg +3 -3
  173. package/docs/skill-candidates/v0.0.10/image-graphic-design-rendering/SKILL.md +28 -28
  174. package/docs/skill-candidates/v0.0.10/language-quality-pt-en-fr-it-ru/SKILL.md +28 -28
  175. package/docs/skill-candidates/v0.0.10/math-physics-reasoning/SKILL.md +28 -28
  176. package/docs/skill-candidates/v0.0.10/mcp-builder/LICENSE.txt +201 -201
  177. package/docs/skill-candidates/v0.0.10/mcp-builder/SKILL.md +236 -236
  178. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/evaluation.md +601 -601
  179. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/mcp_best_practices.md +249 -249
  180. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/node_mcp_server.md +969 -969
  181. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/python_mcp_server.md +718 -718
  182. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/connections.py +151 -151
  183. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/evaluation.py +373 -373
  184. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/example_evaluation.xml +22 -22
  185. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/requirements.txt +2 -2
  186. package/docs/skill-candidates/v0.0.10/mcp-client-readiness/SKILL.md +31 -31
  187. package/docs/skill-candidates/v0.0.10/openai-docs/LICENSE.txt +201 -201
  188. package/docs/skill-candidates/v0.0.10/openai-docs/SKILL.md +161 -161
  189. package/docs/skill-candidates/v0.0.10/openai-docs/agents/openai.yaml +14 -14
  190. package/docs/skill-candidates/v0.0.10/openai-docs/assets/openai-small.svg +3 -3
  191. package/docs/skill-candidates/v0.0.10/openai-docs/references/latest-model.md +37 -37
  192. package/docs/skill-candidates/v0.0.10/openai-docs/references/prompting-guide.md +244 -244
  193. package/docs/skill-candidates/v0.0.10/openai-docs/references/upgrade-guide.md +181 -181
  194. package/docs/skill-candidates/v0.0.10/openai-docs/scripts/fetch-codex-manual.mjs +598 -598
  195. package/docs/skill-candidates/v0.0.10/openai-docs/scripts/resolve-latest-model-info.js +147 -147
  196. package/docs/skill-candidates/v0.0.10/playwright/NOTICE.txt +14 -14
  197. package/docs/skill-candidates/v0.0.10/playwright/SKILL.md +147 -147
  198. package/docs/skill-candidates/v0.0.10/playwright/agents/openai.yaml +6 -6
  199. package/docs/skill-candidates/v0.0.10/playwright/assets/playwright-small.svg +3 -3
  200. package/docs/skill-candidates/v0.0.10/playwright/references/cli.md +116 -116
  201. package/docs/skill-candidates/v0.0.10/playwright/references/workflows.md +95 -95
  202. package/docs/skill-candidates/v0.0.10/playwright/scripts/playwright_cli.sh +25 -25
  203. package/docs/skill-candidates/v0.0.10/polyglot-backend-engineering/SKILL.md +32 -32
  204. package/docs/skill-candidates/v0.0.10/screenshot/LICENSE.txt +201 -201
  205. package/docs/skill-candidates/v0.0.10/screenshot/SKILL.md +267 -267
  206. package/docs/skill-candidates/v0.0.10/screenshot/agents/openai.yaml +6 -6
  207. package/docs/skill-candidates/v0.0.10/screenshot/assets/screenshot-small.svg +5 -5
  208. package/docs/skill-candidates/v0.0.10/screenshot/scripts/ensure_macos_permissions.sh +54 -54
  209. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_display_info.swift +22 -22
  210. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_permissions.swift +40 -40
  211. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_window_info.swift +126 -126
  212. package/docs/skill-candidates/v0.0.10/screenshot/scripts/take_screenshot.ps1 +163 -163
  213. package/docs/skill-candidates/v0.0.10/screenshot/scripts/take_screenshot.py +585 -585
  214. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/SKILL.md +62 -62
  215. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/agents/openai.yaml +4 -4
  216. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/activation-policy.md +77 -77
  217. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/human-approval-policy.md +83 -83
  218. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/persona-dev-senior-master.md +46 -46
  219. package/docs/skill-candidates/v0.0.10/terminal-menu-operations/SKILL.md +30 -30
  220. package/docs/skill-candidates/v0.0.10/terminal-pixel-art-tui/SKILL.md +43 -43
  221. package/docs/skill-candidates/v0.0.10/webapp-testing/LICENSE.txt +201 -201
  222. package/docs/skill-candidates/v0.0.10/webapp-testing/SKILL.md +95 -95
  223. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/console_logging.py +34 -34
  224. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/element_discovery.py +39 -39
  225. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/static_html_automation.py +32 -32
  226. package/docs/skill-candidates/v0.0.10/webapp-testing/scripts/with_server.py +105 -105
  227. package/docs/skill-candidates/v0.0.10/winui-app/LICENSE.txt +201 -201
  228. package/docs/skill-candidates/v0.0.10/winui-app/SKILL.md +94 -94
  229. package/docs/skill-candidates/v0.0.10/winui-app/agents/openai.yaml +5 -5
  230. package/docs/skill-candidates/v0.0.10/winui-app/config.yaml +50 -50
  231. package/docs/skill-candidates/v0.0.10/winui-app/references/_sections.md +96 -96
  232. package/docs/skill-candidates/v0.0.10/winui-app/references/accessibility-input-and-localization.md +51 -51
  233. package/docs/skill-candidates/v0.0.10/winui-app/references/build-run-and-launch-verification.md +72 -72
  234. package/docs/skill-candidates/v0.0.10/winui-app/references/community-toolkit-controls-and-helpers.md +57 -57
  235. package/docs/skill-candidates/v0.0.10/winui-app/references/controls-layout-and-adaptive-ui.md +84 -84
  236. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-environment-audit-and-remediation.md +82 -82
  237. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-setup-and-project-selection.md +67 -67
  238. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-template-first-recovery.md +62 -62
  239. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-winui-app-structure.md +62 -62
  240. package/docs/skill-candidates/v0.0.10/winui-app/references/motion-animations-and-polish.md +45 -45
  241. package/docs/skill-candidates/v0.0.10/winui-app/references/performance-diagnostics-and-responsiveness.md +46 -46
  242. package/docs/skill-candidates/v0.0.10/winui-app/references/sample-source-map.md +37 -37
  243. package/docs/skill-candidates/v0.0.10/winui-app/references/shell-navigation-and-windowing.md +67 -67
  244. package/docs/skill-candidates/v0.0.10/winui-app/references/styling-theming-materials-and-icons.md +71 -71
  245. package/docs/skill-candidates/v0.0.10/winui-app/references/testing-debugging-and-review-checklists.md +77 -77
  246. package/docs/skill-candidates/v0.0.10/winui-app/references/windows-app-sdk-lifecycle-notifications-and-deployment.md +52 -52
  247. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/SKILL.md +398 -398
  248. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/common-patterns.md +330 -330
  249. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/complete-examples.md +871 -871
  250. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/component-patterns.md +501 -501
  251. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/data-fetching.md +766 -766
  252. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/file-organization.md +501 -501
  253. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/loading-and-error-states.md +500 -500
  254. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/performance.md +405 -405
  255. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/routing-guide.md +363 -363
  256. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/styling-guide.md +427 -427
  257. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/typescript-standards.md +417 -417
  258. package/docs/skill-candidates/v0.0.11/git-version-control-ops/SKILL.md +34 -34
  259. package/docs/skill-candidates/v0.0.11/go-engineering/SKILL.md +34 -34
  260. package/docs/skill-candidates/v0.0.11/java-engineering/SKILL.md +34 -34
  261. package/docs/skill-candidates/v0.0.11/javascript-engineering/SKILL.md +34 -34
  262. package/docs/skill-candidates/v0.0.11/json-contract-design/SKILL.md +34 -34
  263. package/docs/skill-candidates/v0.0.11/multi-client-mcp-ops/SKILL.md +36 -36
  264. package/docs/skill-candidates/v0.0.11/nextjs/SKILL.md +745 -745
  265. package/docs/skill-candidates/v0.0.11/nextjs/agents/openai.yaml +3 -3
  266. package/docs/skill-candidates/v0.0.11/nextjs/references/app-router-files.md +94 -94
  267. package/docs/skill-candidates/v0.0.11/python-engineering/SKILL.md +34 -34
  268. package/docs/skill-candidates/v0.0.11/ruby-engineering/SKILL.md +34 -34
  269. package/docs/skill-candidates/v0.0.11/senior-fullstack/SKILL.md +209 -209
  270. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/architecture_patterns.md +103 -103
  271. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/development_workflows.md +103 -103
  272. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/tech_stack_guide.md +103 -103
  273. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/code_quality_analyzer.py +114 -114
  274. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/fullstack_scaffolder.py +114 -114
  275. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/project_scaffolder.py +114 -114
  276. package/docs/skill-candidates/v0.0.11/shadcn/SKILL.md +573 -573
  277. package/docs/skill-candidates/v0.0.11/shadcn/agents/openai.yaml +3 -3
  278. package/docs/skill-candidates/v0.0.11/sql-postgresql-engineering/SKILL.md +34 -34
  279. package/docs/skill-candidates/v0.0.11/terminal-shell-ops/SKILL.md +34 -34
  280. package/docs/skill-candidates/v0.0.11/typescript-expert/SKILL.md +429 -429
  281. package/docs/skill-candidates/v0.0.11/typescript-expert/references/tsconfig-strict.json +91 -91
  282. package/docs/skill-candidates/v0.0.11/typescript-expert/references/typescript-cheatsheet.md +383 -383
  283. package/docs/skill-candidates/v0.0.11/typescript-expert/references/utility-types.ts +335 -335
  284. package/docs/skill-candidates/v0.0.11/typescript-expert/scripts/ts_diagnostic.py +203 -203
  285. package/docs/skill-candidates/v0.0.11/ui-component-primitives/SKILL.md +34 -34
  286. package/docs/skill-candidates/v0.0.11/web-mobile-design-systems/SKILL.md +34 -34
  287. package/docs/skill-candidates/v0.0.11/windows-linux-platform-ops/SKILL.md +34 -34
  288. package/docs/skill-candidates/v0.0.12/context-compression-handoff/SKILL.md +47 -0
  289. package/docs/skill-candidates/v0.0.12/csharp-senior-master-engineering/SKILL.md +32 -32
  290. package/docs/skill-candidates/v0.0.12/css-senior-master-engineering/SKILL.md +32 -32
  291. package/docs/skill-candidates/v0.0.12/go-senior-master-engineering/SKILL.md +32 -32
  292. package/docs/skill-candidates/v0.0.12/html-senior-master-engineering/SKILL.md +32 -32
  293. package/docs/skill-candidates/v0.0.12/javascript-senior-master-engineering/SKILL.md +32 -32
  294. package/docs/skill-candidates/v0.0.12/json-senior-master-engineering/SKILL.md +32 -32
  295. package/docs/skill-candidates/v0.0.12/prompt-budget-gate/SKILL.md +46 -0
  296. package/docs/skill-candidates/v0.0.12/python-senior-master-engineering/SKILL.md +32 -32
  297. package/docs/skill-candidates/v0.0.12/react-senior-master-engineering/SKILL.md +32 -32
  298. package/docs/skill-candidates/v0.0.12/ruby-senior-master-engineering/SKILL.md +32 -32
  299. package/docs/skill-candidates/v0.0.12/senior-master-code-optimizer/SKILL.md +48 -48
  300. package/docs/skill-candidates/v0.0.12/sql-senior-master-engineering/SKILL.md +31 -31
  301. package/docs/skill-candidates/v0.0.12/token-economy-orchestrator/SKILL.md +38 -0
  302. package/docs/skill-candidates/v0.0.12/typescript-senior-master-engineering/SKILL.md +35 -35
  303. package/docs/skill-candidates/v0.0.9/ai-ethics-human-dignity/SKILL.md +32 -32
  304. package/docs/skill-candidates/v0.0.9/broad-domain-router/SKILL.md +41 -41
  305. package/docs/skill-candidates/v0.0.9/catholic-moral-discernment/SKILL.md +31 -31
  306. package/docs/skill-candidates/v0.0.9/engineering-systems-master/SKILL.md +31 -31
  307. package/docs/skill-candidates/v0.0.9/language-quality-pt-en-fr/SKILL.md +28 -28
  308. package/docs/skill-candidates/v0.0.9/math-science-reasoning/SKILL.md +29 -29
  309. package/docs/skill-candidates/v0.0.9/philosophy-sociology-discernment/SKILL.md +28 -28
  310. package/docs/skill-candidates/v0.0.9/professional-boundary-triage/SKILL.md +40 -40
  311. package/docs/skill-candidates/v0.0.9/release-ethics-gate/SKILL.md +32 -32
  312. package/docs/skill-candidates/v0.0.9/source-authority-reviewer/SKILL.md +31 -31
  313. package/examples/client-configs/claude-code.commands.md +21 -21
  314. package/examples/client-configs/claude-code.project.mcp.json +18 -18
  315. package/examples/client-configs/claude-desktop.macos.json +18 -18
  316. package/examples/client-configs/claude-desktop.windows.json +20 -20
  317. package/examples/client-configs/codex.windows.toml +11 -11
  318. package/examples/client-configs/gemini-code-assist.intellij.mcp.json +18 -18
  319. package/examples/client-configs/gemini.linux.settings.json +21 -21
  320. package/examples/client-configs/gemini.windows.settings.json +23 -23
  321. package/examples/client-configs/generic-stdio.json +16 -16
  322. package/manifests/channels/beta.json +26 -26
  323. package/manifests/channels/stable.json +27 -27
  324. package/network/approved-skills.json +54 -54
  325. package/network/unapproved-skill-candidates.json +110 -110
  326. package/package.json +87 -86
  327. package/scripts/configure-private-registry.mjs +208 -208
  328. package/scripts/lib/private-registry.mjs +97 -97
  329. package/scripts/render-menu-evidence.mjs +130 -130
  330. package/scripts/verify-menu-actions.mjs +117 -117
  331. package/sources.json +11 -11
@@ -1,249 +1,249 @@
1
- # MCP Server Best Practices
2
-
3
- ## Quick Reference
4
-
5
- ### Server Naming
6
- - **Python**: `{service}_mcp` (e.g., `slack_mcp`)
7
- - **Node/TypeScript**: `{service}-mcp-server` (e.g., `slack-mcp-server`)
8
-
9
- ### Tool Naming
10
- - Use snake_case with service prefix
11
- - Format: `{service}_{action}_{resource}`
12
- - Example: `slack_send_message`, `github_create_issue`
13
-
14
- ### Response Formats
15
- - Support both JSON and Markdown formats
16
- - JSON for programmatic processing
17
- - Markdown for human readability
18
-
19
- ### Pagination
20
- - Always respect `limit` parameter
21
- - Return `has_more`, `next_offset`, `total_count`
22
- - Default to 20-50 items
23
-
24
- ### Transport
25
- - **Streamable HTTP**: For remote servers, multi-client scenarios
26
- - **stdio**: For local integrations, command-line tools
27
- - Avoid SSE (deprecated in favor of streamable HTTP)
28
-
29
- ---
30
-
31
- ## Server Naming Conventions
32
-
33
- Follow these standardized naming patterns:
34
-
35
- **Python**: Use format `{service}_mcp` (lowercase with underscores)
36
- - Examples: `slack_mcp`, `github_mcp`, `jira_mcp`
37
-
38
- **Node/TypeScript**: Use format `{service}-mcp-server` (lowercase with hyphens)
39
- - Examples: `slack-mcp-server`, `github-mcp-server`, `jira-mcp-server`
40
-
41
- The name should be general, descriptive of the service being integrated, easy to infer from the task description, and without version numbers.
42
-
43
- ---
44
-
45
- ## Tool Naming and Design
46
-
47
- ### Tool Naming
48
-
49
- 1. **Use snake_case**: `search_users`, `create_project`, `get_channel_info`
50
- 2. **Include service prefix**: Anticipate that your MCP server may be used alongside other MCP servers
51
- - Use `slack_send_message` instead of just `send_message`
52
- - Use `github_create_issue` instead of just `create_issue`
53
- 3. **Be action-oriented**: Start with verbs (get, list, search, create, etc.)
54
- 4. **Be specific**: Avoid generic names that could conflict with other servers
55
-
56
- ### Tool Design
57
-
58
- - Tool descriptions must narrowly and unambiguously describe functionality
59
- - Descriptions must precisely match actual functionality
60
- - Provide tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint)
61
- - Keep tool operations focused and atomic
62
-
63
- ---
64
-
65
- ## Response Formats
66
-
67
- All tools that return data should support multiple formats:
68
-
69
- ### JSON Format (`response_format="json"`)
70
- - Machine-readable structured data
71
- - Include all available fields and metadata
72
- - Consistent field names and types
73
- - Use for programmatic processing
74
-
75
- ### Markdown Format (`response_format="markdown"`, typically default)
76
- - Human-readable formatted text
77
- - Use headers, lists, and formatting for clarity
78
- - Convert timestamps to human-readable format
79
- - Show display names with IDs in parentheses
80
- - Omit verbose metadata
81
-
82
- ---
83
-
84
- ## Pagination
85
-
86
- For tools that list resources:
87
-
88
- - **Always respect the `limit` parameter**
89
- - **Implement pagination**: Use `offset` or cursor-based pagination
90
- - **Return pagination metadata**: Include `has_more`, `next_offset`/`next_cursor`, `total_count`
91
- - **Never load all results into memory**: Especially important for large datasets
92
- - **Default to reasonable limits**: 20-50 items is typical
93
-
94
- Example pagination response:
95
- ```json
96
- {
97
- "total": 150,
98
- "count": 20,
99
- "offset": 0,
100
- "items": [...],
101
- "has_more": true,
102
- "next_offset": 20
103
- }
104
- ```
105
-
106
- ---
107
-
108
- ## Transport Options
109
-
110
- ### Streamable HTTP
111
-
112
- **Best for**: Remote servers, web services, multi-client scenarios
113
-
114
- **Characteristics**:
115
- - Bidirectional communication over HTTP
116
- - Supports multiple simultaneous clients
117
- - Can be deployed as a web service
118
- - Enables server-to-client notifications
119
-
120
- **Use when**:
121
- - Serving multiple clients simultaneously
122
- - Deploying as a cloud service
123
- - Integration with web applications
124
-
125
- ### stdio
126
-
127
- **Best for**: Local integrations, command-line tools
128
-
129
- **Characteristics**:
130
- - Standard input/output stream communication
131
- - Simple setup, no network configuration needed
132
- - Runs as a subprocess of the client
133
-
134
- **Use when**:
135
- - Building tools for local development environments
136
- - Integrating with desktop applications
137
- - Single-user, single-session scenarios
138
-
139
- **Note**: stdio servers should NOT log to stdout (use stderr for logging)
140
-
141
- ### Transport Selection
142
-
143
- | Criterion | stdio | Streamable HTTP |
144
- |-----------|-------|-----------------|
145
- | **Deployment** | Local | Remote |
146
- | **Clients** | Single | Multiple |
147
- | **Complexity** | Low | Medium |
148
- | **Real-time** | No | Yes |
149
-
150
- ---
151
-
152
- ## Security Best Practices
153
-
154
- ### Authentication and Authorization
155
-
156
- **OAuth 2.1**:
157
- - Use secure OAuth 2.1 with certificates from recognized authorities
158
- - Validate access tokens before processing requests
159
- - Only accept tokens specifically intended for your server
160
-
161
- **API Keys**:
162
- - Store API keys in environment variables, never in code
163
- - Validate keys on server startup
164
- - Provide clear error messages when authentication fails
165
-
166
- ### Input Validation
167
-
168
- - Sanitize file paths to prevent directory traversal
169
- - Validate URLs and external identifiers
170
- - Check parameter sizes and ranges
171
- - Prevent command injection in system calls
172
- - Use schema validation (Pydantic/Zod) for all inputs
173
-
174
- ### Error Handling
175
-
176
- - Don't expose internal errors to clients
177
- - Log security-relevant errors server-side
178
- - Provide helpful but not revealing error messages
179
- - Clean up resources after errors
180
-
181
- ### DNS Rebinding Protection
182
-
183
- For streamable HTTP servers running locally:
184
- - Enable DNS rebinding protection
185
- - Validate the `Origin` header on all incoming connections
186
- - Bind to `127.0.0.1` rather than `0.0.0.0`
187
-
188
- ---
189
-
190
- ## Tool Annotations
191
-
192
- Provide annotations to help clients understand tool behavior:
193
-
194
- | Annotation | Type | Default | Description |
195
- |-----------|------|---------|-------------|
196
- | `readOnlyHint` | boolean | false | Tool does not modify its environment |
197
- | `destructiveHint` | boolean | true | Tool may perform destructive updates |
198
- | `idempotentHint` | boolean | false | Repeated calls with same args have no additional effect |
199
- | `openWorldHint` | boolean | true | Tool interacts with external entities |
200
-
201
- **Important**: Annotations are hints, not security guarantees. Clients should not make security-critical decisions based solely on annotations.
202
-
203
- ---
204
-
205
- ## Error Handling
206
-
207
- - Use standard JSON-RPC error codes
208
- - Report tool errors within result objects (not protocol-level errors)
209
- - Provide helpful, specific error messages with suggested next steps
210
- - Don't expose internal implementation details
211
- - Clean up resources properly on errors
212
-
213
- Example error handling:
214
- ```typescript
215
- try {
216
- const result = performOperation();
217
- return { content: [{ type: "text", text: result }] };
218
- } catch (error) {
219
- return {
220
- isError: true,
221
- content: [{
222
- type: "text",
223
- text: `Error: ${error.message}. Try using filter='active_only' to reduce results.`
224
- }]
225
- };
226
- }
227
- ```
228
-
229
- ---
230
-
231
- ## Testing Requirements
232
-
233
- Comprehensive testing should cover:
234
-
235
- - **Functional testing**: Verify correct execution with valid/invalid inputs
236
- - **Integration testing**: Test interaction with external systems
237
- - **Security testing**: Validate auth, input sanitization, rate limiting
238
- - **Performance testing**: Check behavior under load, timeouts
239
- - **Error handling**: Ensure proper error reporting and cleanup
240
-
241
- ---
242
-
243
- ## Documentation Requirements
244
-
245
- - Provide clear documentation of all tools and capabilities
246
- - Include working examples (at least 3 per major feature)
247
- - Document security considerations
248
- - Specify required permissions and access levels
249
- - Document rate limits and performance characteristics
1
+ # MCP Server Best Practices
2
+
3
+ ## Quick Reference
4
+
5
+ ### Server Naming
6
+ - **Python**: `{service}_mcp` (e.g., `slack_mcp`)
7
+ - **Node/TypeScript**: `{service}-mcp-server` (e.g., `slack-mcp-server`)
8
+
9
+ ### Tool Naming
10
+ - Use snake_case with service prefix
11
+ - Format: `{service}_{action}_{resource}`
12
+ - Example: `slack_send_message`, `github_create_issue`
13
+
14
+ ### Response Formats
15
+ - Support both JSON and Markdown formats
16
+ - JSON for programmatic processing
17
+ - Markdown for human readability
18
+
19
+ ### Pagination
20
+ - Always respect `limit` parameter
21
+ - Return `has_more`, `next_offset`, `total_count`
22
+ - Default to 20-50 items
23
+
24
+ ### Transport
25
+ - **Streamable HTTP**: For remote servers, multi-client scenarios
26
+ - **stdio**: For local integrations, command-line tools
27
+ - Avoid SSE (deprecated in favor of streamable HTTP)
28
+
29
+ ---
30
+
31
+ ## Server Naming Conventions
32
+
33
+ Follow these standardized naming patterns:
34
+
35
+ **Python**: Use format `{service}_mcp` (lowercase with underscores)
36
+ - Examples: `slack_mcp`, `github_mcp`, `jira_mcp`
37
+
38
+ **Node/TypeScript**: Use format `{service}-mcp-server` (lowercase with hyphens)
39
+ - Examples: `slack-mcp-server`, `github-mcp-server`, `jira-mcp-server`
40
+
41
+ The name should be general, descriptive of the service being integrated, easy to infer from the task description, and without version numbers.
42
+
43
+ ---
44
+
45
+ ## Tool Naming and Design
46
+
47
+ ### Tool Naming
48
+
49
+ 1. **Use snake_case**: `search_users`, `create_project`, `get_channel_info`
50
+ 2. **Include service prefix**: Anticipate that your MCP server may be used alongside other MCP servers
51
+ - Use `slack_send_message` instead of just `send_message`
52
+ - Use `github_create_issue` instead of just `create_issue`
53
+ 3. **Be action-oriented**: Start with verbs (get, list, search, create, etc.)
54
+ 4. **Be specific**: Avoid generic names that could conflict with other servers
55
+
56
+ ### Tool Design
57
+
58
+ - Tool descriptions must narrowly and unambiguously describe functionality
59
+ - Descriptions must precisely match actual functionality
60
+ - Provide tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint)
61
+ - Keep tool operations focused and atomic
62
+
63
+ ---
64
+
65
+ ## Response Formats
66
+
67
+ All tools that return data should support multiple formats:
68
+
69
+ ### JSON Format (`response_format="json"`)
70
+ - Machine-readable structured data
71
+ - Include all available fields and metadata
72
+ - Consistent field names and types
73
+ - Use for programmatic processing
74
+
75
+ ### Markdown Format (`response_format="markdown"`, typically default)
76
+ - Human-readable formatted text
77
+ - Use headers, lists, and formatting for clarity
78
+ - Convert timestamps to human-readable format
79
+ - Show display names with IDs in parentheses
80
+ - Omit verbose metadata
81
+
82
+ ---
83
+
84
+ ## Pagination
85
+
86
+ For tools that list resources:
87
+
88
+ - **Always respect the `limit` parameter**
89
+ - **Implement pagination**: Use `offset` or cursor-based pagination
90
+ - **Return pagination metadata**: Include `has_more`, `next_offset`/`next_cursor`, `total_count`
91
+ - **Never load all results into memory**: Especially important for large datasets
92
+ - **Default to reasonable limits**: 20-50 items is typical
93
+
94
+ Example pagination response:
95
+ ```json
96
+ {
97
+ "total": 150,
98
+ "count": 20,
99
+ "offset": 0,
100
+ "items": [...],
101
+ "has_more": true,
102
+ "next_offset": 20
103
+ }
104
+ ```
105
+
106
+ ---
107
+
108
+ ## Transport Options
109
+
110
+ ### Streamable HTTP
111
+
112
+ **Best for**: Remote servers, web services, multi-client scenarios
113
+
114
+ **Characteristics**:
115
+ - Bidirectional communication over HTTP
116
+ - Supports multiple simultaneous clients
117
+ - Can be deployed as a web service
118
+ - Enables server-to-client notifications
119
+
120
+ **Use when**:
121
+ - Serving multiple clients simultaneously
122
+ - Deploying as a cloud service
123
+ - Integration with web applications
124
+
125
+ ### stdio
126
+
127
+ **Best for**: Local integrations, command-line tools
128
+
129
+ **Characteristics**:
130
+ - Standard input/output stream communication
131
+ - Simple setup, no network configuration needed
132
+ - Runs as a subprocess of the client
133
+
134
+ **Use when**:
135
+ - Building tools for local development environments
136
+ - Integrating with desktop applications
137
+ - Single-user, single-session scenarios
138
+
139
+ **Note**: stdio servers should NOT log to stdout (use stderr for logging)
140
+
141
+ ### Transport Selection
142
+
143
+ | Criterion | stdio | Streamable HTTP |
144
+ |-----------|-------|-----------------|
145
+ | **Deployment** | Local | Remote |
146
+ | **Clients** | Single | Multiple |
147
+ | **Complexity** | Low | Medium |
148
+ | **Real-time** | No | Yes |
149
+
150
+ ---
151
+
152
+ ## Security Best Practices
153
+
154
+ ### Authentication and Authorization
155
+
156
+ **OAuth 2.1**:
157
+ - Use secure OAuth 2.1 with certificates from recognized authorities
158
+ - Validate access tokens before processing requests
159
+ - Only accept tokens specifically intended for your server
160
+
161
+ **API Keys**:
162
+ - Store API keys in environment variables, never in code
163
+ - Validate keys on server startup
164
+ - Provide clear error messages when authentication fails
165
+
166
+ ### Input Validation
167
+
168
+ - Sanitize file paths to prevent directory traversal
169
+ - Validate URLs and external identifiers
170
+ - Check parameter sizes and ranges
171
+ - Prevent command injection in system calls
172
+ - Use schema validation (Pydantic/Zod) for all inputs
173
+
174
+ ### Error Handling
175
+
176
+ - Don't expose internal errors to clients
177
+ - Log security-relevant errors server-side
178
+ - Provide helpful but not revealing error messages
179
+ - Clean up resources after errors
180
+
181
+ ### DNS Rebinding Protection
182
+
183
+ For streamable HTTP servers running locally:
184
+ - Enable DNS rebinding protection
185
+ - Validate the `Origin` header on all incoming connections
186
+ - Bind to `127.0.0.1` rather than `0.0.0.0`
187
+
188
+ ---
189
+
190
+ ## Tool Annotations
191
+
192
+ Provide annotations to help clients understand tool behavior:
193
+
194
+ | Annotation | Type | Default | Description |
195
+ |-----------|------|---------|-------------|
196
+ | `readOnlyHint` | boolean | false | Tool does not modify its environment |
197
+ | `destructiveHint` | boolean | true | Tool may perform destructive updates |
198
+ | `idempotentHint` | boolean | false | Repeated calls with same args have no additional effect |
199
+ | `openWorldHint` | boolean | true | Tool interacts with external entities |
200
+
201
+ **Important**: Annotations are hints, not security guarantees. Clients should not make security-critical decisions based solely on annotations.
202
+
203
+ ---
204
+
205
+ ## Error Handling
206
+
207
+ - Use standard JSON-RPC error codes
208
+ - Report tool errors within result objects (not protocol-level errors)
209
+ - Provide helpful, specific error messages with suggested next steps
210
+ - Don't expose internal implementation details
211
+ - Clean up resources properly on errors
212
+
213
+ Example error handling:
214
+ ```typescript
215
+ try {
216
+ const result = performOperation();
217
+ return { content: [{ type: "text", text: result }] };
218
+ } catch (error) {
219
+ return {
220
+ isError: true,
221
+ content: [{
222
+ type: "text",
223
+ text: `Error: ${error.message}. Try using filter='active_only' to reduce results.`
224
+ }]
225
+ };
226
+ }
227
+ ```
228
+
229
+ ---
230
+
231
+ ## Testing Requirements
232
+
233
+ Comprehensive testing should cover:
234
+
235
+ - **Functional testing**: Verify correct execution with valid/invalid inputs
236
+ - **Integration testing**: Test interaction with external systems
237
+ - **Security testing**: Validate auth, input sanitization, rate limiting
238
+ - **Performance testing**: Check behavior under load, timeouts
239
+ - **Error handling**: Ensure proper error reporting and cleanup
240
+
241
+ ---
242
+
243
+ ## Documentation Requirements
244
+
245
+ - Provide clear documentation of all tools and capabilities
246
+ - Include working examples (at least 3 per major feature)
247
+ - Document security considerations
248
+ - Specify required permissions and access levels
249
+ - Document rate limits and performance characteristics