@kryptosai/mcp-observatory 0.20.3 → 0.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/COMMERCIAL.md +67 -0
  2. package/PRIVACY.md +52 -0
  3. package/README.md +100 -4
  4. package/TERMS.md +30 -0
  5. package/dist/src/checks/resources.js +9 -19
  6. package/dist/src/checks/resources.js.map +1 -1
  7. package/dist/src/checks/security-rules.js.map +1 -1
  8. package/dist/src/checks/security.js +33 -14
  9. package/dist/src/checks/security.js.map +1 -1
  10. package/dist/src/checks/tools-invoke.js.map +1 -1
  11. package/dist/src/checks/tools.js.map +1 -1
  12. package/dist/src/ci-issue.js +3 -1
  13. package/dist/src/ci-issue.js.map +1 -1
  14. package/dist/src/cli.js +48 -1
  15. package/dist/src/cli.js.map +1 -1
  16. package/dist/src/commands/ci-report.js +4 -0
  17. package/dist/src/commands/ci-report.js.map +1 -1
  18. package/dist/src/commands/enterprise-report.d.ts +12 -0
  19. package/dist/src/commands/enterprise-report.js +192 -0
  20. package/dist/src/commands/enterprise-report.js.map +1 -0
  21. package/dist/src/commands/init-ci.d.ts +17 -0
  22. package/dist/src/commands/init-ci.js +106 -0
  23. package/dist/src/commands/init-ci.js.map +1 -0
  24. package/dist/src/commands/scan.js +4 -0
  25. package/dist/src/commands/scan.js.map +1 -1
  26. package/dist/src/commands/score.js +2 -0
  27. package/dist/src/commands/score.js.map +1 -1
  28. package/dist/src/commands/telemetry.js +47 -2
  29. package/dist/src/commands/telemetry.js.map +1 -1
  30. package/dist/src/commands/test.js +11 -5
  31. package/dist/src/commands/test.js.map +1 -1
  32. package/dist/src/commercial.d.ts +5 -0
  33. package/dist/src/commercial.js +46 -0
  34. package/dist/src/commercial.js.map +1 -0
  35. package/dist/src/runner.js +1 -1
  36. package/dist/src/runner.js.map +1 -1
  37. package/dist/src/telemetry.d.ts +27 -0
  38. package/dist/src/telemetry.js +57 -3
  39. package/dist/src/telemetry.js.map +1 -1
  40. package/dist/src/types.d.ts +5 -0
  41. package/dist/src/validate.js +48 -5
  42. package/dist/src/validate.js.map +1 -1
  43. package/docs/architecture.md +32 -0
  44. package/docs/certification-campaign-template.md +167 -0
  45. package/docs/certification-distribution.md +125 -0
  46. package/docs/compatibility.md +164 -0
  47. package/docs/decisions.md +23 -0
  48. package/docs/demo.svg +59 -0
  49. package/docs/directory-listing-copy.md +78 -0
  50. package/docs/distribution-launch.md +76 -0
  51. package/docs/enterprise-outreach-playbook.md +83 -0
  52. package/docs/feishu-lark-mcp.md +65 -0
  53. package/docs/known-issues.md +27 -0
  54. package/docs/mcp-safety-report-latest.md +85 -0
  55. package/docs/project-case-study.md +106 -0
  56. package/docs/proof.md +68 -0
  57. package/docs/publish-readiness.md +73 -0
  58. package/package.json +31 -18
  59. package/schemas/diff-artifact.schema.json +62 -66
  60. package/schemas/run-artifact.schema.json +107 -142
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@kryptosai/mcp-observatory",
3
- "version": "0.20.3",
4
- "description": "Test your MCP servers for breaking changes. Checks capabilities, invokes tools, detects schema drift between versions.",
3
+ "version": "0.21.0",
4
+ "description": "Test, secure, and monitor MCP servers before agents depend on them.",
5
5
  "mcpName": "io.github.KryptosAI/mcp-observatory",
6
6
  "license": "MIT",
7
7
  "type": "module",
@@ -31,7 +31,11 @@
31
31
  "files": [
32
32
  "dist/src",
33
33
  "README.md",
34
+ "COMMERCIAL.md",
35
+ "PRIVACY.md",
36
+ "TERMS.md",
34
37
  "LICENSE",
38
+ "docs",
35
39
  "schemas"
36
40
  ],
37
41
  "scripts": {
@@ -47,7 +51,9 @@
47
51
  "test": "vitest run",
48
52
  "validate:artifacts": "tsx scripts/validate-artifacts.ts",
49
53
  "verify:packed-install": "node scripts/verify-packed-install.mjs",
50
- "smoke": "npm run cli -- run --target tests/fixtures/sample-target-config.json && npm run cli -- diff tests/fixtures/sample-run-a.json tests/fixtures/sample-run-b.json"
54
+ "smoke": "npm run cli -- run --target tests/fixtures/sample-target-config.json && npm run cli -- diff tests/fixtures/sample-run-a.json tests/fixtures/sample-run-b.json",
55
+ "telemetry:export": "tsx scripts/export-telemetry-d1.ts",
56
+ "telemetry:intelligence": "tsx scripts/telemetry-company-intelligence.ts --input telemetry-exports/events-flat-full.json --out-dir reports"
51
57
  },
52
58
  "keywords": [
53
59
  "mcp",
@@ -66,31 +72,38 @@
66
72
  "vcr",
67
73
  "mcp-testing",
68
74
  "security",
75
+ "mcp-security",
69
76
  "ci-cd",
77
+ "mcp-ci",
70
78
  "github-action",
79
+ "production-monitoring",
80
+ "enterprise",
81
+ "enterprise-report",
82
+ "feishu",
83
+ "lark",
71
84
  "schema-drift"
72
85
  ],
73
86
  "dependencies": {
74
- "@modelcontextprotocol/sdk": "^1.27.1",
87
+ "@modelcontextprotocol/sdk": "^1.29.0",
75
88
  "ci-info": "^4.4.0",
76
- "commander": "14.0.2",
89
+ "commander": "15.0.0",
77
90
  "update-notifier": "^7.3.1",
78
- "zod": "4.1.12"
91
+ "zod": "4.4.3"
79
92
  },
80
93
  "devDependencies": {
81
- "@eslint/js": "9.39.1",
94
+ "@eslint/js": "10.0.1",
82
95
  "@semantic-release/changelog": "^6.0.3",
83
96
  "@semantic-release/git": "^10.0.1",
84
- "@types/node": "24.10.1",
85
- "@typescript-eslint/eslint-plugin": "8.46.3",
86
- "@typescript-eslint/parser": "8.46.3",
87
- "ajv": "8.17.1",
88
- "eslint": "9.39.1",
89
- "globals": "16.5.0",
90
- "semantic-release": "^25.0.3",
91
- "tsx": "4.20.6",
92
- "typescript": "5.9.3",
93
- "typescript-eslint": "8.46.3",
94
- "vitest": "4.0.8"
97
+ "@types/node": "25.9.3",
98
+ "@typescript-eslint/eslint-plugin": "8.61.1",
99
+ "@typescript-eslint/parser": "8.61.1",
100
+ "ajv": "8.20.0",
101
+ "eslint": "10.5.0",
102
+ "globals": "17.6.0",
103
+ "semantic-release": "^25.0.5",
104
+ "tsx": "4.22.4",
105
+ "typescript": "6.0.3",
106
+ "typescript-eslint": "8.61.1",
107
+ "vitest": "4.1.9"
95
108
  }
96
109
  }
package/schemas/diff-artifact.schema.json CHANGED
@@ -19,113 +19,109 @@
19
19
  "removed"
20
20
  ],
21
21
  "properties": {
22
- "artifactType": {
23
- "const": "diff"
24
- },
25
- "schemaVersion": {
26
- "const": "1.0.0"
27
- },
28
- "gate": {
29
- "$ref": "#/definitions/gate"
30
- },
31
- "baseRunId": {
32
- "type": "string"
33
- },
34
- "headRunId": {
35
- "type": "string"
36
- },
37
- "createdAt": {
38
- "type": "string"
39
- },
40
- "summary": {
41
- "$ref": "#/definitions/diffSummary"
42
- },
22
+ "artifactType": { "const": "diff" },
23
+ "schemaVersion": { "const": "1.0.0" },
24
+ "gate": { "$ref": "#/definitions/gate" },
25
+ "baseRunId": { "type": "string" },
26
+ "headRunId": { "type": "string" },
27
+ "createdAt": { "type": "string" },
28
+ "summary": { "$ref": "#/definitions/diffSummary" },
43
29
  "regressions": {
44
30
  "type": "array",
45
- "items": {
46
- "$ref": "#/definitions/diffEntry"
47
- }
31
+ "items": { "$ref": "#/definitions/diffEntry" }
48
32
  },
49
33
  "recoveries": {
50
34
  "type": "array",
51
- "items": {
52
- "$ref": "#/definitions/diffEntry"
53
- }
35
+ "items": { "$ref": "#/definitions/diffEntry" }
54
36
  },
55
37
  "unchanged": {
56
38
  "type": "array",
57
- "items": {
58
- "$ref": "#/definitions/diffEntry"
59
- }
39
+ "items": { "$ref": "#/definitions/diffEntry" }
60
40
  },
61
41
  "added": {
62
42
  "type": "array",
63
- "items": {
64
- "$ref": "#/definitions/diffEntry"
65
- }
43
+ "items": { "$ref": "#/definitions/diffEntry" }
66
44
  },
67
45
  "removed": {
68
46
  "type": "array",
69
- "items": {
70
- "$ref": "#/definitions/diffEntry"
71
- }
47
+ "items": { "$ref": "#/definitions/diffEntry" }
48
+ },
49
+ "schemaDrift": {
50
+ "type": "array",
51
+ "items": { "$ref": "#/definitions/schemaDriftEntry" }
52
+ },
53
+ "responseChanges": {
54
+ "type": "array",
55
+ "items": { "$ref": "#/definitions/responseChangeEntry" }
72
56
  }
73
57
  },
74
58
  "definitions": {
75
- "gate": {
76
- "type": "string",
77
- "enum": ["pass", "fail"]
78
- },
59
+ "gate": { "type": "string", "enum": ["pass", "fail"] },
79
60
  "checkStatus": {
80
61
  "type": "string",
81
62
  "enum": ["pass", "fail", "partial", "unsupported", "flaky", "skipped"]
82
63
  },
83
64
  "checkId": {
84
65
  "type": "string",
85
- "enum": ["tools", "prompts", "resources"]
66
+ "enum": [
67
+ "tools",
68
+ "prompts",
69
+ "resources",
70
+ "tools-invoke",
71
+ "security",
72
+ "security-lite",
73
+ "conformance",
74
+ "schema-quality"
75
+ ]
86
76
  },
87
77
  "diffEntry": {
88
78
  "type": "object",
89
79
  "additionalProperties": false,
90
80
  "required": ["id", "capability", "message"],
91
81
  "properties": {
92
- "id": {
93
- "$ref": "#/definitions/checkId"
94
- },
95
- "capability": {
96
- "$ref": "#/definitions/checkId"
97
- },
98
- "fromStatus": {
99
- "$ref": "#/definitions/checkStatus"
100
- },
101
- "toStatus": {
102
- "$ref": "#/definitions/checkStatus"
103
- },
104
- "message": {
105
- "type": "string"
82
+ "id": { "$ref": "#/definitions/checkId" },
83
+ "capability": { "$ref": "#/definitions/checkId" },
84
+ "fromStatus": { "$ref": "#/definitions/checkStatus" },
85
+ "toStatus": { "$ref": "#/definitions/checkStatus" },
86
+ "message": { "type": "string" }
87
+ }
88
+ },
89
+ "schemaDriftEntry": {
90
+ "type": "object",
91
+ "additionalProperties": false,
92
+ "required": ["capability", "name", "changes"],
93
+ "properties": {
94
+ "capability": { "$ref": "#/definitions/checkId" },
95
+ "name": { "type": "string" },
96
+ "changes": {
97
+ "type": "array",
98
+ "items": { "type": "string" }
106
99
  }
107
100
  }
108
101
  },
102
+ "responseChangeEntry": {
103
+ "type": "object",
104
+ "additionalProperties": false,
105
+ "required": ["capability", "name", "change"],
106
+ "properties": {
107
+ "capability": { "$ref": "#/definitions/checkId" },
108
+ "name": { "type": "string" },
109
+ "change": { "type": "string" }
110
+ }
111
+ },
109
112
  "diffSummary": {
110
113
  "type": "object",
111
114
  "additionalProperties": false,
112
- "required": [
113
- "regressions",
114
- "recoveries",
115
- "unchanged",
116
- "added",
117
- "removed",
118
- "gate"
119
- ],
115
+ "required": ["regressions", "recoveries", "unchanged", "added", "removed", "gate"],
120
116
  "properties": {
121
117
  "regressions": { "type": "integer", "minimum": 0 },
122
118
  "recoveries": { "type": "integer", "minimum": 0 },
123
119
  "unchanged": { "type": "integer", "minimum": 0 },
124
120
  "added": { "type": "integer", "minimum": 0 },
125
121
  "removed": { "type": "integer", "minimum": 0 },
126
- "gate": {
127
- "$ref": "#/definitions/gate"
128
- }
122
+ "schemaDriftCount": { "type": "integer", "minimum": 0 },
123
+ "responseChangeCount": { "type": "integer", "minimum": 0 },
124
+ "gate": { "$ref": "#/definitions/gate" }
129
125
  }
130
126
  }
131
127
  }
package/schemas/run-artifact.schema.json CHANGED
@@ -17,92 +17,73 @@
17
17
  "checks"
18
18
  ],
19
19
  "properties": {
20
- "artifactType": {
21
- "const": "run"
22
- },
23
- "schemaVersion": {
24
- "const": "1.0.0"
25
- },
26
- "gate": {
27
- "$ref": "#/definitions/gate"
28
- },
29
- "runId": {
30
- "type": "string"
31
- },
32
- "createdAt": {
33
- "type": "string"
34
- },
35
- "toolVersion": {
36
- "type": "string"
37
- },
38
- "target": {
39
- "$ref": "#/definitions/targetSnapshot"
40
- },
41
- "environment": {
42
- "$ref": "#/definitions/environmentSnapshot"
43
- },
44
- "summary": {
45
- "$ref": "#/definitions/runSummary"
46
- },
20
+ "artifactType": { "const": "run" },
21
+ "schemaVersion": { "const": "1.0.0" },
22
+ "gate": { "$ref": "#/definitions/gate" },
23
+ "runId": { "type": "string" },
24
+ "createdAt": { "type": "string" },
25
+ "toolVersion": { "type": "string" },
26
+ "target": { "$ref": "#/definitions/targetSnapshot" },
27
+ "environment": { "$ref": "#/definitions/environmentSnapshot" },
28
+ "summary": { "$ref": "#/definitions/runSummary" },
47
29
  "checks": {
48
30
  "type": "array",
49
- "items": {
50
- "$ref": "#/definitions/checkResult"
51
- }
31
+ "items": { "$ref": "#/definitions/checkResult" }
52
32
  },
53
- "fatalError": {
54
- "type": "string"
55
- }
33
+ "healthScore": { "$ref": "#/definitions/healthScore" },
34
+ "performanceMetrics": { "$ref": "#/definitions/performanceMetrics" },
35
+ "fatalError": { "type": "string" }
56
36
  },
57
37
  "definitions": {
58
- "gate": {
59
- "type": "string",
60
- "enum": ["pass", "fail"]
61
- },
38
+ "gate": { "type": "string", "enum": ["pass", "fail"] },
62
39
  "checkStatus": {
63
40
  "type": "string",
64
41
  "enum": ["pass", "fail", "partial", "unsupported", "flaky", "skipped"]
65
42
  },
66
43
  "checkId": {
67
44
  "type": "string",
68
- "enum": ["tools", "prompts", "resources"]
45
+ "enum": [
46
+ "tools",
47
+ "prompts",
48
+ "resources",
49
+ "tools-invoke",
50
+ "security",
51
+ "security-lite",
52
+ "conformance",
53
+ "schema-quality"
54
+ ]
69
55
  },
70
56
  "evidenceSummary": {
71
57
  "type": "object",
72
58
  "additionalProperties": false,
73
- "required": [
74
- "endpoint",
75
- "advertised",
76
- "responded",
77
- "minimalShapePresent"
78
- ],
59
+ "required": ["endpoint", "advertised", "responded", "minimalShapePresent"],
79
60
  "properties": {
80
- "endpoint": {
81
- "type": "string"
82
- },
83
- "advertised": {
84
- "type": "boolean"
85
- },
86
- "responded": {
87
- "type": "boolean"
88
- },
89
- "minimalShapePresent": {
90
- "type": "boolean"
91
- },
92
- "itemCount": {
93
- "type": "integer",
94
- "minimum": 0
95
- },
61
+ "endpoint": { "type": "string" },
62
+ "advertised": { "type": "boolean" },
63
+ "responded": { "type": "boolean" },
64
+ "minimalShapePresent": { "type": "boolean" },
65
+ "itemCount": { "type": "integer", "minimum": 0 },
96
66
  "identifiers": {
97
67
  "type": "array",
98
- "items": {
99
- "type": "string"
100
- }
68
+ "items": { "type": "string" }
101
69
  },
102
70
  "diagnostics": {
71
+ "type": "array",
72
+ "items": { "type": "string" }
73
+ },
74
+ "schemas": {
75
+ "type": "object",
76
+ "additionalProperties": { "type": "object" }
77
+ },
78
+ "responseSnapshots": {
79
+ "type": "object",
80
+ "additionalProperties": true
81
+ },
82
+ "findings": {
103
83
  "type": "array",
104
84
  "items": {
105
- "type": "string"
85
+ "type": "object",
86
+ "additionalProperties": true
106
87
  }
107
88
  }
108
89
  }
@@ -110,51 +91,23 @@
110
91
  "checkResult": {
111
92
  "type": "object",
112
93
  "additionalProperties": false,
113
- "required": [
114
- "id",
115
- "capability",
116
- "status",
117
- "durationMs",
118
- "message",
119
- "evidence"
120
- ],
94
+ "required": ["id", "capability", "status", "durationMs", "message", "evidence"],
121
95
  "properties": {
122
- "id": {
123
- "$ref": "#/definitions/checkId"
124
- },
125
- "capability": {
126
- "$ref": "#/definitions/checkId"
127
- },
128
- "status": {
129
- "$ref": "#/definitions/checkStatus"
130
- },
131
- "durationMs": {
132
- "type": "number",
133
- "minimum": 0
134
- },
135
- "message": {
136
- "type": "string"
137
- },
96
+ "id": { "$ref": "#/definitions/checkId" },
97
+ "capability": { "$ref": "#/definitions/checkId" },
98
+ "status": { "$ref": "#/definitions/checkStatus" },
99
+ "durationMs": { "type": "number", "minimum": 0 },
100
+ "message": { "type": "string" },
138
101
  "evidence": {
139
102
  "type": "array",
140
- "items": {
141
- "$ref": "#/definitions/evidenceSummary"
142
- }
103
+ "items": { "$ref": "#/definitions/evidenceSummary" }
143
104
  }
144
105
  }
145
106
  },
146
107
  "statusCounts": {
147
108
  "type": "object",
148
109
  "additionalProperties": false,
149
- "required": [
150
- "total",
151
- "pass",
152
- "fail",
153
- "partial",
154
- "unsupported",
155
- "flaky",
156
- "skipped"
157
- ],
110
+ "required": ["total", "pass", "fail", "partial", "unsupported", "flaky", "skipped"],
158
111
  "properties": {
159
112
  "total": { "type": "integer", "minimum": 0 },
160
113
  "pass": { "type": "integer", "minimum": 0 },
@@ -168,16 +121,7 @@
168
121
  "runSummary": {
169
122
  "type": "object",
170
123
  "additionalProperties": false,
171
- "required": [
172
- "total",
173
- "pass",
174
- "fail",
175
- "partial",
176
- "unsupported",
177
- "flaky",
178
- "skipped",
179
- "gate"
180
- ],
124
+ "required": ["total", "pass", "fail", "partial", "unsupported", "flaky", "skipped", "gate"],
181
125
  "properties": {
182
126
  "total": { "type": "integer", "minimum": 0 },
183
127
  "pass": { "type": "integer", "minimum": 0 },
@@ -186,9 +130,7 @@
186
130
  "unsupported": { "type": "integer", "minimum": 0 },
187
131
  "flaky": { "type": "integer", "minimum": 0 },
188
132
  "skipped": { "type": "integer", "minimum": 0 },
189
- "gate": {
190
- "$ref": "#/definitions/gate"
191
- }
133
+ "gate": { "$ref": "#/definitions/gate" }
192
134
  }
193
135
  },
194
136
  "targetSnapshot": {
@@ -196,36 +138,21 @@
196
138
  "additionalProperties": false,
197
139
  "required": ["targetId", "adapter", "command", "args"],
198
140
  "properties": {
199
- "targetId": {
200
- "type": "string"
201
- },
202
- "adapter": {
203
- "const": "local-process"
204
- },
205
- "command": {
206
- "type": "string"
207
- },
141
+ "targetId": { "type": "string" },
142
+ "adapter": { "type": "string", "enum": ["local-process", "http"] },
143
+ "command": { "type": "string" },
208
144
  "args": {
209
145
  "type": "array",
210
- "items": {
211
- "type": "string"
212
- }
213
- },
214
- "cwd": {
215
- "type": "string"
146
+ "items": { "type": "string" }
216
147
  },
148
+ "url": { "type": "string" },
149
+ "cwd": { "type": "string" },
217
150
  "metadata": {
218
151
  "type": "object",
219
- "additionalProperties": {
220
- "type": "string"
221
- }
222
- },
223
- "serverVersion": {
224
- "type": "string"
152
+ "additionalProperties": { "type": "string" }
225
153
  },
226
- "serverName": {
227
- "type": "string"
228
- }
154
+ "serverVersion": { "type": "string" },
155
+ "serverName": { "type": "string" }
229
156
  }
230
157
  },
231
158
  "environmentSnapshot": {
@@ -233,11 +160,49 @@
233
160
  "additionalProperties": false,
234
161
  "required": ["platform", "nodeVersion"],
235
162
  "properties": {
236
- "platform": {
237
- "type": "string"
238
- },
239
- "nodeVersion": {
240
- "type": "string"
163
+ "platform": { "type": "string" },
164
+ "nodeVersion": { "type": "string" }
165
+ }
166
+ },
167
+ "scoreDimension": {
168
+ "type": "object",
169
+ "additionalProperties": false,
170
+ "required": ["name", "weight", "score", "details"],
171
+ "properties": {
172
+ "name": { "type": "string" },
173
+ "weight": { "type": "number" },
174
+ "score": { "type": "number" },
175
+ "details": {
176
+ "type": "array",
177
+ "items": { "type": "string" }
178
+ }
179
+ }
180
+ },
181
+ "healthScore": {
182
+ "type": "object",
183
+ "additionalProperties": false,
184
+ "required": ["overall", "grade", "dimensions"],
185
+ "properties": {
186
+ "overall": { "type": "number" },
187
+ "grade": { "type": "string", "enum": ["A", "B", "C", "D", "F"] },
188
+ "dimensions": {
189
+ "type": "array",
190
+ "items": { "$ref": "#/definitions/scoreDimension" }
191
+ }
192
+ }
193
+ },
194
+ "performanceMetrics": {
195
+ "type": "object",
196
+ "additionalProperties": false,
197
+ "required": ["connectMs"],
198
+ "properties": {
199
+ "connectMs": { "type": "number", "minimum": 0 },
200
+ "toolsListMs": { "type": "number", "minimum": 0 },
201
+ "promptsListMs": { "type": "number", "minimum": 0 },
202
+ "resourcesListMs": { "type": "number", "minimum": 0 },
203
+ "toolInvokeMs": {
204
+ "type": "object",
205
+ "additionalProperties": { "type": "number", "minimum": 0 }
241
206
  }
242
207
  }
243
208
  }