@yawlabs/mcp-compliance 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +81 -26
  2. package/dist/chunk-SP24UFRC.js +987 -0
  3. package/dist/index.js +724 -87
  4. package/dist/mcp/server.js +12 -3
  5. package/dist/runner.d.ts +15 -1
  6. package/dist/runner.js +1 -1
  7. package/package.json +2 -2
  8. package/dist/chunk-4AQGMM2X.js +0 -513
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # @yawlabs/mcp-compliance
2
2
 
3
- CLI tool and MCP server that tests MCP servers for spec compliance. Runs a 24-test suite covering transport, lifecycle, tools, resources, prompts, error handling, and schema validation against the [MCP specification](https://modelcontextprotocol.io/specification/2025-11-25).
3
+ CLI tool and MCP server that tests MCP servers for spec compliance. Runs a 43-test suite covering transport, lifecycle, tools, resources, prompts, error handling, and schema validation against the [MCP specification](https://modelcontextprotocol.io/specification/2025-11-25).
4
4
 
5
5
  ## Install
6
6
 
@@ -27,8 +27,44 @@ mcp-compliance test https://my-server.com/mcp --format json
27
27
 
28
28
  # Strict mode — exits with code 1 on required test failure (for CI)
29
29
  mcp-compliance test https://my-server.com/mcp --strict
30
+
31
+ # With authentication
32
+ mcp-compliance test https://my-server.com/mcp --auth "Bearer tok123"
33
+
34
+ # Custom headers (repeatable)
35
+ mcp-compliance test https://my-server.com/mcp -H "Authorization: Bearer tok123" -H "X-Api-Key: abc"
36
+
37
+ # Custom timeout (default: 15000ms)
38
+ mcp-compliance test https://my-server.com/mcp --timeout 30000
39
+
40
+ # Retry failed tests
41
+ mcp-compliance test https://my-server.com/mcp --retries 2
42
+
43
+ # Only run specific categories or test IDs
44
+ mcp-compliance test https://my-server.com/mcp --only transport,lifecycle
45
+ mcp-compliance test https://my-server.com/mcp --only lifecycle-init,tools-list
46
+
47
+ # Skip specific categories or test IDs
48
+ mcp-compliance test https://my-server.com/mcp --skip prompts,resources
49
+
50
+ # Verbose mode — print each test result as it runs
51
+ mcp-compliance test https://my-server.com/mcp --verbose
30
52
  ```
31
53
 
54
+ ### Options
55
+
56
+ | Option | Description |
57
+ |--------|-------------|
58
+ | `--format <format>` | Output format: `terminal` or `json` (default: `terminal`) |
59
+ | `--strict` | Exit with code 1 on any required test failure (for CI) |
60
+ | `-H, --header <header>` | Add header to all requests, format `"Key: Value"` (repeatable) |
61
+ | `--auth <token>` | Shorthand for `-H "Authorization: <token>"` |
62
+ | `--timeout <ms>` | Request timeout in milliseconds (default: `15000`) |
63
+ | `--retries <n>` | Number of retries for failed tests (default: `0`) |
64
+ | `--only <items>` | Only run tests matching these categories or test IDs (comma-separated) |
65
+ | `--skip <items>` | Skip tests matching these categories or test IDs (comma-separated) |
66
+ | `--verbose` | Print each test result as it runs |
67
+
32
68
  ### Get badge markdown
33
69
 
34
70
  ```bash
@@ -37,46 +73,64 @@ mcp-compliance badge https://my-server.com/mcp
37
73
 
38
74
  Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https://mcp.hosting).
39
75
 
40
- ## What the 24 tests check
76
+ ## What the 43 tests check
41
77
 
42
- ### Transport (2 tests)
78
+ ### Transport (7 tests)
43
79
  - **transport-post** — Server accepts HTTP POST requests (required)
44
80
  - **transport-content-type** — Responds with application/json or text/event-stream (required)
81
+ - **transport-notification-202** — Notifications return 202 Accepted
82
+ - **transport-session-id** — Enforces MCP-Session-Id after initialization
83
+ - **transport-get** — GET returns SSE stream or 405
84
+ - **transport-delete** — DELETE accepted or returns 405
85
+ - **transport-batch-reject** — Rejects JSON-RPC batch requests (required)
45
86
 
46
- ### Lifecycle (6 tests)
87
+ ### Lifecycle (10 tests)
47
88
  - **lifecycle-init** — Initialize handshake succeeds (required)
48
89
  - **lifecycle-proto-version** — Returns valid YYYY-MM-DD protocol version (required)
49
90
  - **lifecycle-server-info** — Includes serverInfo with name
50
91
  - **lifecycle-capabilities** — Returns capabilities object (required)
51
92
  - **lifecycle-jsonrpc** — Response is valid JSON-RPC 2.0 (required)
52
93
  - **lifecycle-ping** — Responds to ping method (required)
94
+ - **lifecycle-instructions** — Instructions field is valid string if present
95
+ - **lifecycle-id-match** — Response ID matches request ID (required)
96
+ - **lifecycle-logging** — logging/setLevel accepted (required if logging capability declared)
97
+ - **lifecycle-completions** — completion/complete accepted (required if completions capability declared)
53
98
 
54
- ### Tools (3 tests)
99
+ ### Tools (4 tests)
55
100
  - **tools-list** — tools/list returns valid array (required if tools capability declared)
56
101
  - **tools-call** — tools/call responds with correct format
57
- - **tools-call-unknown** — Returns error for nonexistent tool name
102
+ - **tools-pagination** — tools/list supports cursor-based pagination
103
+ - **tools-content-types** — Tool content items have valid types
58
104
 
59
- ### Resources (4 tests)
105
+ ### Resources (5 tests)
60
106
  - **resources-list** — resources/list returns valid array (required if resources capability declared)
61
107
  - **resources-read** — resources/read returns content items
62
108
  - **resources-templates** — resources/templates/list works or returns method-not-found
63
- - **resources-schema** — Resources have valid uri and name (required if resources capability declared)
109
+ - **resources-pagination** — resources/list supports cursor-based pagination
110
+ - **resources-subscribe** — Resource subscribe/unsubscribe (required if subscribe capability declared)
64
111
 
65
112
  ### Prompts (3 tests)
66
113
  - **prompts-list** — prompts/list returns valid array (required if prompts capability declared)
67
- - **prompts-schema** — Prompts have name field (required if prompts capability declared)
68
114
  - **prompts-get** — prompts/get returns valid messages
115
+ - **prompts-pagination** — prompts/list supports cursor-based pagination
69
116
 
70
- ### Error Handling (4 tests)
117
+ ### Error Handling (8 tests)
71
118
  - **error-unknown-method** — Returns JSON-RPC error for unknown method (required)
72
119
  - **error-method-code** — Uses correct -32601 error code
73
120
  - **error-invalid-jsonrpc** — Handles malformed JSON-RPC (required)
74
121
  - **error-invalid-json** — Handles invalid JSON body
75
122
  - **error-missing-params** — Returns error for tools/call without name
123
+ - **error-parse-code** — Returns -32700 for invalid JSON
124
+ - **error-invalid-request-code** — Returns -32600 for invalid request
125
+ - **tools-call-unknown** — Returns error for nonexistent tool name
76
126
 
77
- ### Schema Validation (2 tests)
127
+ ### Schema Validation (6 tests)
78
128
  - **tools-schema** — All tools have valid name and inputSchema (required if tools capability declared)
129
+ - **tools-annotations** — Tool annotations are valid if present
130
+ - **tools-title-field** — Tools include title field (2025-11-25)
131
+ - **tools-output-schema** — Tools with outputSchema are valid (2025-11-25)
79
132
  - **prompts-schema** — Prompts have valid name field (required if prompts capability declared)
133
+ - **resources-schema** — Resources have valid uri and name (required if resources capability declared)
80
134
 
81
135
  ## Grading
82
136
 
@@ -106,6 +160,12 @@ Required tests are worth 70% of the score, optional tests 30%.
106
160
  cat compliance.json | jq '.grade'
107
161
  ```
108
162
 
163
+ ```yaml
164
+ # With retries for flaky network conditions
165
+ - name: MCP Compliance Check
166
+ run: npx @yawlabs/mcp-compliance test ${{ env.MCP_SERVER_URL }} --strict --retries 2 --timeout 30000
167
+ ```
168
+
109
169
  ## MCP Server (for Claude Code)
110
170
 
111
171
  This package also exposes an MCP server with 3 tools that can be used from Claude Code or any MCP client.
@@ -119,20 +179,7 @@ Add to your Claude Code MCP config:
119
179
  "mcpServers": {
120
180
  "mcp-compliance": {
121
181
  "command": "npx",
122
- "args": ["@yawlabs/mcp-compliance-server"]
123
- }
124
- }
125
- }
126
- ```
127
-
128
- Or if installed globally:
129
-
130
- ```json
131
- {
132
- "mcpServers": {
133
- "mcp-compliance": {
134
- "command": "node",
135
- "args": ["path/to/node_modules/@yawlabs/mcp-compliance/dist/mcp/server.js"]
182
+ "args": ["-y", "@yawlabs/mcp-compliance", "mcp"]
136
183
  }
137
184
  }
138
185
  }
@@ -140,7 +187,7 @@ Or if installed globally:
140
187
 
141
188
  ### Tools
142
189
 
143
- - **mcp_compliance_test** — Run the full 24-test suite against a URL. Returns grade, score, and detailed results.
190
+ - **mcp_compliance_test** — Run the full 43-test suite against a URL. Returns grade, score, and detailed results.
144
191
  - **mcp_compliance_badge** — Get the badge markdown/HTML for a server.
145
192
  - **mcp_compliance_explain** — Explain what a specific test ID checks and why it matters.
146
193
 
@@ -151,6 +198,14 @@ import { runComplianceSuite } from '@yawlabs/mcp-compliance';
151
198
 
152
199
  const report = await runComplianceSuite('https://my-server.com/mcp');
153
200
  console.log(`Grade: ${report.grade} (${report.score}%)`);
201
+
202
+ // With options
203
+ const report2 = await runComplianceSuite('https://my-server.com/mcp', {
204
+ headers: { 'Authorization': 'Bearer tok123' },
205
+ timeout: 30000,
206
+ retries: 1,
207
+ only: ['transport', 'lifecycle'],
208
+ });
154
209
  ```
155
210
 
156
211
  ## Links