npm - @yawlabs/mcp-compliance - Versions diffs - 0.2.1 → 0.3.0 - Mend

@yawlabs/mcp-compliance 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -1,13 +1,37 @@
 #!/usr/bin/env node
 // src/index.ts
-import { Command } from "commander";
-import chalk2 from "chalk";
 import { createRequire as createRequire2 } from "module";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import chalk2 from "chalk";
+import { Command } from "commander";
+// src/mcp/tools.ts
+import { z } from "zod";
 // src/runner.ts
-import { request } from "undici";
 import { createRequire } from "module";
+import { request } from "undici";
+// src/badge.ts
+function generateBadge(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    parsed = new URL("https://unknown");
+  }
+  const encoded = encodeURIComponent(parsed.href);
+  const imageUrl = `https://mcp.hosting/api/compliance/${encoded}/badge`;
+  const reportUrl = `https://mcp.hosting/compliance/${encoded}`;
+  return {
+    imageUrl,
+    reportUrl,
+    markdown: `[![MCP Compliant](${imageUrl})](${reportUrl})`,
+    html: `<a href="${reportUrl}"><img src="${imageUrl}" alt="MCP Compliant"></a>`
+  };
+}
 // src/grader.ts
 function computeGrade(score) {
@@ -44,77 +68,359 @@ function computeScore(tests) {
   };
 }
-// src/badge.ts
-function generateBadge(url) {
-  let parsed;
-  try {
-    parsed = new URL(url);
-  } catch {
-    parsed = new URL("https://unknown");
-  }
-  const encoded = encodeURIComponent(parsed.href);
-  const imageUrl = `https://mcp.hosting/api/compliance/${encoded}/badge`;
-  const reportUrl = `https://mcp.hosting/compliance/${encoded}`;
-  return {
-    imageUrl,
-    reportUrl,
-    markdown: `[![MCP Compliant](${imageUrl})](${reportUrl})`,
-    html: `<a href="${reportUrl}"><img src="${imageUrl}" alt="MCP Compliant"></a>`
-  };
-}
 // src/types.ts
 var TEST_DEFINITIONS = [
   // ── Transport (7 tests) ──────────────────────────────────────────
-  { id: "transport-post", name: "HTTP POST accepted", category: "transport", required: true, specRef: "basic/transports#streamable-http", description: "Verifies the server accepts HTTP POST requests and returns a 2xx status code. This is the fundamental transport requirement for Streamable HTTP MCP servers." },
-  { id: "transport-content-type", name: "Responds with JSON or SSE", category: "transport", required: true, specRef: "basic/transports#streamable-http", description: "Checks that the server responds with Content-Type application/json or text/event-stream. MCP servers must use one of these two content types." },
-  { id: "transport-notification-202", name: "Notification returns 202 Accepted", category: "transport", required: false, specRef: "basic/transports#streamable-http", description: "Verifies that sending a JSON-RPC notification (no id field) returns HTTP 202 Accepted with no body. Per spec, servers MUST return 202 for notifications." },
-  { id: "transport-session-id", name: "Enforces MCP-Session-Id after init", category: "transport", required: false, specRef: "basic/transports#streamable-http", description: "Tests that the server returns HTTP 400 when MCP-Session-Id header is missing on requests after initialization (when the server issued a session ID)." },
-  { id: "transport-get", name: "GET returns SSE stream or 405", category: "transport", required: false, specRef: "basic/transports#streamable-http", description: "Tests the GET endpoint for server-initiated messages. Server should return text/event-stream or 405 Method Not Allowed." },
-  { id: "transport-delete", name: "DELETE accepted or returns 405", category: "transport", required: false, specRef: "basic/transports#streamable-http", description: "Tests the DELETE endpoint for session termination. Server should accept the request or return 405 Method Not Allowed." },
-  { id: "transport-batch-reject", name: "Rejects JSON-RPC batch requests", category: "transport", required: true, specRef: "basic/transports#streamable-http", description: "Sends a JSON-RPC batch request (array of messages) and verifies the server rejects it with an error. MCP does not support JSON-RPC batch requests." },
+  {
+    id: "transport-post",
+    name: "HTTP POST accepted",
+    category: "transport",
+    required: true,
+    specRef: "basic/transports#streamable-http",
+    description: "Verifies the server accepts HTTP POST requests and returns a 2xx status code. This is the fundamental transport requirement for Streamable HTTP MCP servers."
+  },
+  {
+    id: "transport-content-type",
+    name: "Responds with JSON or SSE",
+    category: "transport",
+    required: true,
+    specRef: "basic/transports#streamable-http",
+    description: "Checks that the server responds with Content-Type application/json or text/event-stream. MCP servers must use one of these two content types."
+  },
+  {
+    id: "transport-notification-202",
+    name: "Notification returns 202 Accepted",
+    category: "transport",
+    required: false,
+    specRef: "basic/transports#streamable-http",
+    description: "Verifies that sending a JSON-RPC notification (no id field) returns HTTP 202 Accepted with no body. Per spec, servers MUST return 202 for notifications."
+  },
+  {
+    id: "transport-session-id",
+    name: "Enforces MCP-Session-Id after init",
+    category: "transport",
+    required: false,
+    specRef: "basic/transports#streamable-http",
+    description: "Tests that the server returns HTTP 400 when MCP-Session-Id header is missing on requests after initialization (when the server issued a session ID)."
+  },
+  {
+    id: "transport-get",
+    name: "GET returns SSE stream or 405",
+    category: "transport",
+    required: false,
+    specRef: "basic/transports#streamable-http",
+    description: "Tests the GET endpoint for server-initiated messages. Server should return text/event-stream or 405 Method Not Allowed."
+  },
+  {
+    id: "transport-delete",
+    name: "DELETE accepted or returns 405",
+    category: "transport",
+    required: false,
+    specRef: "basic/transports#streamable-http",
+    description: "Tests the DELETE endpoint for session termination. Server should accept the request or return 405 Method Not Allowed."
+  },
+  {
+    id: "transport-batch-reject",
+    name: "Rejects JSON-RPC batch requests",
+    category: "transport",
+    required: true,
+    specRef: "basic/transports#streamable-http",
+    description: "Sends a JSON-RPC batch request (array of messages) and verifies the server rejects it with an error. MCP does not support JSON-RPC batch requests."
+  },
   // ── Lifecycle (10 tests) ─────────────────────────────────────────
-  { id: "lifecycle-init", name: "Initialize handshake", category: "lifecycle", required: true, specRef: "basic/lifecycle#initialization", description: "Tests the initialize handshake by sending an initialize request with client capabilities. The server must return a result with protocolVersion." },
-  { id: "lifecycle-proto-version", name: "Returns valid protocol version", category: "lifecycle", required: true, specRef: "basic/lifecycle#version-negotiation", description: "Validates that the protocolVersion returned by the server matches the YYYY-MM-DD date format required by the spec." },
-  { id: "lifecycle-server-info", name: "Includes serverInfo", category: "lifecycle", required: false, specRef: "basic/lifecycle#initialization", description: "Checks that the server includes a serverInfo object with at least a name field in its initialize response. While recommended, this is not strictly required." },
-  { id: "lifecycle-capabilities", name: "Returns capabilities object", category: "lifecycle", required: true, specRef: "basic/lifecycle#capability-negotiation", description: "Verifies the server returns a capabilities object in its initialize response. An empty object is valid (no optional features declared)." },
-  { id: "lifecycle-jsonrpc", name: "Response is valid JSON-RPC 2.0", category: "lifecycle", required: true, specRef: "basic", description: 'Validates that the initialize response is a proper JSON-RPC 2.0 message with jsonrpc="2.0", an id field, and either a result or error field.' },
-  { id: "lifecycle-ping", name: "Responds to ping", category: "lifecycle", required: true, specRef: "basic/utilities#ping", description: "Tests that the server responds to the ping method with an empty result object. This is a required utility method." },
-  { id: "lifecycle-instructions", name: "Instructions field is valid", category: "lifecycle", required: false, specRef: "basic/lifecycle#initialization", description: "If the server includes an instructions field in the initialize response, validates it is a string. Instructions provide guidance for how the client should interact with the server." },
-  { id: "lifecycle-id-match", name: "Response ID matches request ID", category: "lifecycle", required: true, specRef: "basic", description: "Verifies that the JSON-RPC response id matches the request id sent by the client. This is a fundamental JSON-RPC 2.0 requirement." },
-  { id: "lifecycle-logging", name: "logging/setLevel accepted", category: "lifecycle", required: false, specRef: "server/utilities#logging", description: "If the server declares logging capability, tests that logging/setLevel method is accepted with a valid log level." },
-  { id: "lifecycle-completions", name: "completion/complete accepted", category: "lifecycle", required: false, specRef: "server/utilities#completion", description: "If the server declares completions capability, tests that the completion/complete method is accepted." },
+  {
+    id: "lifecycle-init",
+    name: "Initialize handshake",
+    category: "lifecycle",
+    required: true,
+    specRef: "basic/lifecycle#initialization",
+    description: "Tests the initialize handshake by sending an initialize request with client capabilities. The server must return a result with protocolVersion."
+  },
+  {
+    id: "lifecycle-proto-version",
+    name: "Returns valid protocol version",
+    category: "lifecycle",
+    required: true,
+    specRef: "basic/lifecycle#version-negotiation",
+    description: "Validates that the protocolVersion returned by the server matches the YYYY-MM-DD date format required by the spec."
+  },
+  {
+    id: "lifecycle-server-info",
+    name: "Includes serverInfo",
+    category: "lifecycle",
+    required: false,
+    specRef: "basic/lifecycle#initialization",
+    description: "Checks that the server includes a serverInfo object with at least a name field in its initialize response. While recommended, this is not strictly required."
+  },
+  {
+    id: "lifecycle-capabilities",
+    name: "Returns capabilities object",
+    category: "lifecycle",
+    required: true,
+    specRef: "basic/lifecycle#capability-negotiation",
+    description: "Verifies the server returns a capabilities object in its initialize response. An empty object is valid (no optional features declared)."
+  },
+  {
+    id: "lifecycle-jsonrpc",
+    name: "Response is valid JSON-RPC 2.0",
+    category: "lifecycle",
+    required: true,
+    specRef: "basic",
+    description: 'Validates that the initialize response is a proper JSON-RPC 2.0 message with jsonrpc="2.0", an id field, and either a result or error field.'
+  },
+  {
+    id: "lifecycle-ping",
+    name: "Responds to ping",
+    category: "lifecycle",
+    required: true,
+    specRef: "basic/utilities#ping",
+    description: "Tests that the server responds to the ping method with an empty result object. This is a required utility method."
+  },
+  {
+    id: "lifecycle-instructions",
+    name: "Instructions field is valid",
+    category: "lifecycle",
+    required: false,
+    specRef: "basic/lifecycle#initialization",
+    description: "If the server includes an instructions field in the initialize response, validates it is a string. Instructions provide guidance for how the client should interact with the server."
+  },
+  {
+    id: "lifecycle-id-match",
+    name: "Response ID matches request ID",
+    category: "lifecycle",
+    required: true,
+    specRef: "basic",
+    description: "Verifies that the JSON-RPC response id matches the request id sent by the client. This is a fundamental JSON-RPC 2.0 requirement."
+  },
+  {
+    id: "lifecycle-logging",
+    name: "logging/setLevel accepted",
+    category: "lifecycle",
+    required: false,
+    specRef: "server/utilities#logging",
+    description: "If the server declares logging capability, tests that logging/setLevel method is accepted with a valid log level."
+  },
+  {
+    id: "lifecycle-completions",
+    name: "completion/complete accepted",
+    category: "lifecycle",
+    required: false,
+    specRef: "server/utilities#completion",
+    description: "If the server declares completions capability, tests that the completion/complete method is accepted."
+  },
   // ── Tools (4 tests) ──────────────────────────────────────────────
-  { id: "tools-list", name: "tools/list returns valid response", category: "tools", required: false, specRef: "server/tools#listing-tools", description: "Calls tools/list and validates it returns an array of tool definitions. Required if the server declares tools capability." },
-  { id: "tools-call", name: "tools/call responds correctly", category: "tools", required: false, specRef: "server/tools#calling-tools", description: "Calls the first tool with empty arguments and verifies the response format. Accepts both successful results and InvalidParams errors." },
-  { id: "tools-pagination", name: "tools/list supports pagination", category: "tools", required: false, specRef: "server/tools#listing-tools", description: "Tests cursor-based pagination on tools/list. Validates nextCursor is a string if present and that fetching the next page returns a valid response." },
-  { id: "tools-content-types", name: "Tool content items have valid types", category: "tools", required: false, specRef: "server/tools#calling-tools", description: "Validates that content items returned by tools/call have a recognized type field (text, image, audio, resource, resource_link)." },
+  {
+    id: "tools-list",
+    name: "tools/list returns valid response",
+    category: "tools",
+    required: false,
+    specRef: "server/tools#listing-tools",
+    description: "Calls tools/list and validates it returns an array of tool definitions. Required if the server declares tools capability."
+  },
+  {
+    id: "tools-call",
+    name: "tools/call responds correctly",
+    category: "tools",
+    required: false,
+    specRef: "server/tools#calling-tools",
+    description: "Calls the first tool with empty arguments and verifies the response format. Accepts both successful results and InvalidParams errors."
+  },
+  {
+    id: "tools-pagination",
+    name: "tools/list supports pagination",
+    category: "tools",
+    required: false,
+    specRef: "server/tools#listing-tools",
+    description: "Tests cursor-based pagination on tools/list. Validates nextCursor is a string if present and that fetching the next page returns a valid response."
+  },
+  {
+    id: "tools-content-types",
+    name: "Tool content items have valid types",
+    category: "tools",
+    required: false,
+    specRef: "server/tools#calling-tools",
+    description: "Validates that content items returned by tools/call have a recognized type field (text, image, audio, resource, resource_link)."
+  },
   // ── Resources (5 tests) ──────────────────────────────────────────
-  { id: "resources-list", name: "resources/list returns valid response", category: "resources", required: false, specRef: "server/resources#listing-resources", description: "Calls resources/list and validates it returns an array. Required if the server declares resources capability." },
-  { id: "resources-read", name: "resources/read returns content", category: "resources", required: false, specRef: "server/resources#reading-resources", description: "Reads the first resource and validates the response contains a contents array with proper uri and text/blob fields." },
-  { id: "resources-templates", name: "resources/templates/list returns valid response", category: "resources", required: false, specRef: "server/resources#resource-templates", description: "Tests the resource templates endpoint. Accepts Method not found (-32601) since templates are optional." },
-  { id: "resources-pagination", name: "resources/list supports pagination", category: "resources", required: false, specRef: "server/resources#listing-resources", description: "Tests cursor-based pagination on resources/list. Validates nextCursor is a string if present and that fetching the next page works." },
-  { id: "resources-subscribe", name: "Resource subscribe/unsubscribe", category: "resources", required: false, specRef: "server/resources#subscriptions", description: "If the server declares resources.subscribe capability, tests that resources/subscribe and resources/unsubscribe methods are accepted." },
+  {
+    id: "resources-list",
+    name: "resources/list returns valid response",
+    category: "resources",
+    required: false,
+    specRef: "server/resources#listing-resources",
+    description: "Calls resources/list and validates it returns an array. Required if the server declares resources capability."
+  },
+  {
+    id: "resources-read",
+    name: "resources/read returns content",
+    category: "resources",
+    required: false,
+    specRef: "server/resources#reading-resources",
+    description: "Reads the first resource and validates the response contains a contents array with proper uri and text/blob fields."
+  },
+  {
+    id: "resources-templates",
+    name: "resources/templates/list returns valid response",
+    category: "resources",
+    required: false,
+    specRef: "server/resources#resource-templates",
+    description: "Tests the resource templates endpoint. Accepts Method not found (-32601) since templates are optional."
+  },
+  {
+    id: "resources-pagination",
+    name: "resources/list supports pagination",
+    category: "resources",
+    required: false,
+    specRef: "server/resources#listing-resources",
+    description: "Tests cursor-based pagination on resources/list. Validates nextCursor is a string if present and that fetching the next page works."
+  },
+  {
+    id: "resources-subscribe",
+    name: "Resource subscribe/unsubscribe",
+    category: "resources",
+    required: false,
+    specRef: "server/resources#subscriptions",
+    description: "If the server declares resources.subscribe capability, tests that resources/subscribe and resources/unsubscribe methods are accepted."
+  },
   // ── Prompts (3 tests) ────────────────────────────────────────────
-  { id: "prompts-list", name: "prompts/list returns valid response", category: "prompts", required: false, specRef: "server/prompts#listing-prompts", description: "Calls prompts/list and validates it returns an array. Required if the server declares prompts capability." },
-  { id: "prompts-get", name: "prompts/get returns valid messages", category: "prompts", required: false, specRef: "server/prompts#getting-a-prompt", description: "Gets the first prompt and validates the response contains a messages array with proper role and content fields." },
-  { id: "prompts-pagination", name: "prompts/list supports pagination", category: "prompts", required: false, specRef: "server/prompts#listing-prompts", description: "Tests cursor-based pagination on prompts/list. Validates nextCursor is a string if present and that fetching the next page works." },
+  {
+    id: "prompts-list",
+    name: "prompts/list returns valid response",
+    category: "prompts",
+    required: false,
+    specRef: "server/prompts#listing-prompts",
+    description: "Calls prompts/list and validates it returns an array. Required if the server declares prompts capability."
+  },
+  {
+    id: "prompts-get",
+    name: "prompts/get returns valid messages",
+    category: "prompts",
+    required: false,
+    specRef: "server/prompts#getting-a-prompt",
+    description: "Gets the first prompt and validates the response contains a messages array with proper role and content fields."
+  },
+  {
+    id: "prompts-pagination",
+    name: "prompts/list supports pagination",
+    category: "prompts",
+    required: false,
+    specRef: "server/prompts#listing-prompts",
+    description: "Tests cursor-based pagination on prompts/list. Validates nextCursor is a string if present and that fetching the next page works."
+  },
   // ── Error Handling (8 tests) ─────────────────────────────────────
-  { id: "error-unknown-method", name: "Returns JSON-RPC error for unknown method", category: "errors", required: true, specRef: "basic", description: "Sends an unknown method and verifies the server returns a JSON-RPC error. The spec requires error code -32601 (Method not found)." },
-  { id: "error-method-code", name: "Uses correct JSON-RPC error code for unknown method", category: "errors", required: false, specRef: "basic", description: "Checks the error code is specifically -32601 (Method not found) for unknown methods, as required by JSON-RPC 2.0." },
-  { id: "error-invalid-jsonrpc", name: "Handles malformed JSON-RPC", category: "errors", required: true, specRef: "basic", description: "Sends a malformed JSON-RPC message (missing required fields) and verifies the server returns an error or 4xx status." },
-  { id: "error-invalid-json", name: "Handles invalid JSON body", category: "errors", required: false, specRef: "basic", description: "Sends invalid JSON and verifies the server returns a parse error (-32700) or 4xx status code." },
-  { id: "error-missing-params", name: "Returns error for tools/call without name", category: "errors", required: false, specRef: "server/tools#error-handling", description: "Calls tools/call with an empty params object (missing required name field) and verifies an error is returned." },
-  { id: "error-parse-code", name: "Returns -32700 for invalid JSON", category: "errors", required: false, specRef: "basic", description: "Checks that the server returns the specific JSON-RPC error code -32700 (Parse error) when receiving invalid JSON, as required by the JSON-RPC 2.0 specification." },
-  { id: "error-invalid-request-code", name: "Returns -32600 for invalid request", category: "errors", required: false, specRef: "basic", description: "Checks that the server returns the specific JSON-RPC error code -32600 (Invalid Request) for malformed JSON-RPC messages missing required fields." },
-  { id: "tools-call-unknown", name: "Returns error for unknown tool name", category: "errors", required: false, specRef: "server/tools#error-handling", description: "Calls tools/call with a nonexistent tool name and verifies the server returns an error response." },
+  {
+    id: "error-unknown-method",
+    name: "Returns JSON-RPC error for unknown method",
+    category: "errors",
+    required: true,
+    specRef: "basic",
+    description: "Sends an unknown method and verifies the server returns a JSON-RPC error. The spec requires error code -32601 (Method not found)."
+  },
+  {
+    id: "error-method-code",
+    name: "Uses correct JSON-RPC error code for unknown method",
+    category: "errors",
+    required: false,
+    specRef: "basic",
+    description: "Checks the error code is specifically -32601 (Method not found) for unknown methods, as required by JSON-RPC 2.0."
+  },
+  {
+    id: "error-invalid-jsonrpc",
+    name: "Handles malformed JSON-RPC",
+    category: "errors",
+    required: true,
+    specRef: "basic",
+    description: "Sends a malformed JSON-RPC message (missing required fields) and verifies the server returns an error or 4xx status."
+  },
+  {
+    id: "error-invalid-json",
+    name: "Handles invalid JSON body",
+    category: "errors",
+    required: false,
+    specRef: "basic",
+    description: "Sends invalid JSON and verifies the server returns a parse error (-32700) or 4xx status code."
+  },
+  {
+    id: "error-missing-params",
+    name: "Returns error for tools/call without name",
+    category: "errors",
+    required: false,
+    specRef: "server/tools#error-handling",
+    description: "Calls tools/call with an empty params object (missing required name field) and verifies an error is returned."
+  },
+  {
+    id: "error-parse-code",
+    name: "Returns -32700 for invalid JSON",
+    category: "errors",
+    required: false,
+    specRef: "basic",
+    description: "Checks that the server returns the specific JSON-RPC error code -32700 (Parse error) when receiving invalid JSON, as required by the JSON-RPC 2.0 specification."
+  },
+  {
+    id: "error-invalid-request-code",
+    name: "Returns -32600 for invalid request",
+    category: "errors",
+    required: false,
+    specRef: "basic",
+    description: "Checks that the server returns the specific JSON-RPC error code -32600 (Invalid Request) for malformed JSON-RPC messages missing required fields."
+  },
+  {
+    id: "tools-call-unknown",
+    name: "Returns error for unknown tool name",
+    category: "errors",
+    required: false,
+    specRef: "server/tools#error-handling",
+    description: "Calls tools/call with a nonexistent tool name and verifies the server returns an error response."
+  },
   // ── Schema Validation (6 tests) ──────────────────────────────────
-  { id: "tools-schema", name: "All tools have name and inputSchema", category: "schema", required: false, specRef: "server/tools#data-types", description: 'Validates every tool has a valid name (1-128 chars, alphanumeric/underscore/hyphen/dot) and a required inputSchema of type "object".' },
-  { id: "tools-annotations", name: "Tool annotations are valid", category: "schema", required: false, specRef: "server/tools#annotations", description: "Validates tool annotation fields if present: readOnlyHint, destructiveHint, idempotentHint, openWorldHint should be booleans; title should be a string." },
-  { id: "tools-title-field", name: "Tools include title field", category: "schema", required: false, specRef: "server/tools#data-types", description: "Checks if tools include the optional title field for human-readable display names. Added in spec version 2025-11-25." },
-  { id: "tools-output-schema", name: "Tools with outputSchema are valid", category: "schema", required: false, specRef: "server/tools#structured-content", description: 'If tools declare an outputSchema, validates it is a valid JSON Schema object with type "object". Used for structured output validation.' },
-  { id: "prompts-schema", name: "Prompts have name field", category: "schema", required: false, specRef: "server/prompts#data-types", description: "Validates every prompt has a name and that any arguments array contains items with name fields." },
-  { id: "resources-schema", name: "Resources have uri and name", category: "schema", required: false, specRef: "server/resources#data-types", description: "Validates every resource has a valid URI (parseable as a URL) and a name field." }
+  {
+    id: "tools-schema",
+    name: "All tools have name and inputSchema",
+    category: "schema",
+    required: false,
+    specRef: "server/tools#data-types",
+    description: 'Validates every tool has a valid name (1-128 chars, alphanumeric/underscore/hyphen/dot) and a required inputSchema of type "object".'
+  },
+  {
+    id: "tools-annotations",
+    name: "Tool annotations are valid",
+    category: "schema",
+    required: false,
+    specRef: "server/tools#annotations",
+    description: "Validates tool annotation fields if present: readOnlyHint, destructiveHint, idempotentHint, openWorldHint should be booleans; title should be a string."
+  },
+  {
+    id: "tools-title-field",
+    name: "Tools include title field",
+    category: "schema",
+    required: false,
+    specRef: "server/tools#data-types",
+    description: "Checks if tools include the optional title field for human-readable display names. Added in spec version 2025-11-25."
+  },
+  {
+    id: "tools-output-schema",
+    name: "Tools with outputSchema are valid",
+    category: "schema",
+    required: false,
+    specRef: "server/tools#structured-content",
+    description: 'If tools declare an outputSchema, validates it is a valid JSON Schema object with type "object". Used for structured output validation.'
+  },
+  {
+    id: "prompts-schema",
+    name: "Prompts have name field",
+    category: "schema",
+    required: false,
+    specRef: "server/prompts#data-types",
+    description: "Validates every prompt has a name and that any arguments array contains items with name fields."
+  },
+  {
+    id: "resources-schema",
+    name: "Resources have uri and name",
+    category: "schema",
+    required: false,
+    specRef: "server/resources#data-types",
+    description: "Validates every resource has a valid URI (parseable as a URL) and a name field."
+  }
 ];
 // src/runner.ts
@@ -165,7 +471,7 @@ async function mcpRequest(backendUrl, method, params, nextId, extraHeaders, time
   });
   const headers = {
     "Content-Type": "application/json",
-    "Accept": "application/json, text/event-stream",
+    Accept: "application/json, text/event-stream",
     ...extraHeaders
   };
   const res = await request(backendUrl, {
@@ -200,7 +506,7 @@ async function mcpRequest(backendUrl, method, params, nextId, extraHeaders, time
 async function mcpNotification(backendUrl, method, params, extraHeaders, timeout) {
   const headers = {
     "Content-Type": "application/json",
-    "Accept": "application/json, text/event-stream",
+    Accept: "application/json, text/event-stream",
     ...extraHeaders
   };
   const res = await request(backendUrl, {
@@ -252,7 +558,7 @@ async function runComplianceSuite(url, options = {}) {
     }
     return true;
   }
-  let serverInfo = {
+  const serverInfo = {
     protocolVersion: null,
     name: null,
     version: null,
@@ -290,94 +596,129 @@ async function runComplianceSuite(url, options = {}) {
     });
     options.onProgress?.(id, lastResult.passed, lastResult.details);
   }
-  await test("transport-post", "HTTP POST accepted", "transport", true, "basic/transports#streamable-http", async () => {
-    const res = await request(backendUrl, {
-      method: "POST",
-      headers: { "Content-Type": "application/json", "Accept": "application/json, text/event-stream", ...userHeaders },
-      body: JSON.stringify({ jsonrpc: "2.0", id: 99901, method: "ping" }),
-      signal: AbortSignal.timeout(timeout)
-    });
-    await res.body.text();
-    const passed = res.statusCode >= 200 && res.statusCode < 300;
-    const note = res.statusCode === 401 || res.statusCode === 403 ? " (auth required)" : "";
-    return { passed, details: `HTTP ${res.statusCode}${note}` };
-  });
-  await test("transport-content-type", "Responds with JSON or SSE", "transport", true, "basic/transports#streamable-http", async () => {
-    const res = await request(backendUrl, {
-      method: "POST",
-      headers: { "Content-Type": "application/json", "Accept": "application/json, text/event-stream", ...userHeaders },
-      body: JSON.stringify({ jsonrpc: "2.0", id: 99902, method: "ping" }),
-      signal: AbortSignal.timeout(timeout)
-    });
-    await res.body.text();
-    const rawCt = res.headers["content-type"];
-    const ct = (Array.isArray(rawCt) ? rawCt[0] : rawCt || "").toLowerCase();
-    const valid = ct.includes("application/json") || ct.includes("text/event-stream");
-    return { passed: valid, details: `Content-Type: ${ct}` };
-  });
-  await test("transport-get", "GET returns SSE stream or 405", "transport", false, "basic/transports#streamable-http", async () => {
-    const res = await request(backendUrl, {
-      method: "GET",
-      headers: { "Accept": "text/event-stream", ...userHeaders },
-      signal: AbortSignal.timeout(timeout)
-    });
-    await res.body.text();
-    const ct = (res.headers["content-type"] || "").toLowerCase();
-    if (res.statusCode === 405) {
-      return { passed: true, details: "HTTP 405 Method Not Allowed (acceptable)" };
-    }
-    if (ct.includes("text/event-stream")) {
-      return { passed: true, details: "Returns text/event-stream for SSE" };
-    }
-    if (res.statusCode >= 200 && res.statusCode < 300) {
-      return { passed: true, details: `HTTP ${res.statusCode} (accepted)` };
-    }
-    return { passed: false, details: `HTTP ${res.statusCode}, Content-Type: ${ct}` };
-  });
-  await test("transport-delete", "DELETE accepted or returns 405", "transport", false, "basic/transports#streamable-http", async () => {
-    const res = await request(backendUrl, {
-      method: "DELETE",
-      headers: { ...userHeaders },
-      signal: AbortSignal.timeout(timeout)
-    });
-    await res.body.text();
-    if (res.statusCode === 405) {
-      return { passed: true, details: "HTTP 405 Method Not Allowed (acceptable)" };
+  await test(
+    "transport-post",
+    "HTTP POST accepted",
+    "transport",
+    true,
+    "basic/transports#streamable-http",
+    async () => {
+      const res = await request(backendUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Accept: "application/json, text/event-stream", ...userHeaders },
+        body: JSON.stringify({ jsonrpc: "2.0", id: 99901, method: "ping" }),
+        signal: AbortSignal.timeout(timeout)
+      });
+      await res.body.text();
+      const passed = res.statusCode >= 200 && res.statusCode < 300;
+      const note = res.statusCode === 401 || res.statusCode === 403 ? " (auth required)" : "";
+      return { passed, details: `HTTP ${res.statusCode}${note}` };
     }
-    if (res.statusCode >= 200 && res.statusCode < 300) {
-      return { passed: true, details: `HTTP ${res.statusCode} (session termination supported)` };
+  );
+  await test(
+    "transport-content-type",
+    "Responds with JSON or SSE",
+    "transport",
+    true,
+    "basic/transports#streamable-http",
+    async () => {
+      const res = await request(backendUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Accept: "application/json, text/event-stream", ...userHeaders },
+        body: JSON.stringify({ jsonrpc: "2.0", id: 99902, method: "ping" }),
+        signal: AbortSignal.timeout(timeout)
+      });
+      await res.body.text();
+      const rawCt = res.headers["content-type"];
+      const ct = (Array.isArray(rawCt) ? rawCt[0] : rawCt || "").toLowerCase();
+      const valid = ct.includes("application/json") || ct.includes("text/event-stream");
+      return { passed: valid, details: `Content-Type: ${ct}` };
     }
-    if (res.statusCode === 400 || res.statusCode === 404) {
-      return { passed: true, details: `HTTP ${res.statusCode} (no active session, acceptable)` };
+  );
+  await test(
+    "transport-get",
+    "GET returns SSE stream or 405",
+    "transport",
+    false,
+    "basic/transports#streamable-http",
+    async () => {
+      const res = await request(backendUrl, {
+        method: "GET",
+        headers: { Accept: "text/event-stream", ...userHeaders },
+        signal: AbortSignal.timeout(timeout)
+      });
+      await res.body.text();
+      const ct = (res.headers["content-type"] || "").toLowerCase();
+      if (res.statusCode === 405) {
+        return { passed: true, details: "HTTP 405 Method Not Allowed (acceptable)" };
+      }
+      if (ct.includes("text/event-stream")) {
+        return { passed: true, details: "Returns text/event-stream for SSE" };
+      }
+      if (res.statusCode >= 200 && res.statusCode < 300) {
+        return { passed: true, details: `HTTP ${res.statusCode} (accepted)` };
+      }
+      return { passed: false, details: `HTTP ${res.statusCode}, Content-Type: ${ct}` };
     }
-    return { passed: false, details: `HTTP ${res.statusCode}` };
-  });
-  await test("transport-batch-reject", "Rejects JSON-RPC batch requests", "transport", true, "basic/transports#streamable-http", async () => {
-    const res = await request(backendUrl, {
-      method: "POST",
-      headers: { "Content-Type": "application/json", "Accept": "application/json, text/event-stream", ...userHeaders },
-      body: JSON.stringify([
-        { jsonrpc: "2.0", id: 99903, method: "ping" },
-        { jsonrpc: "2.0", id: 99904, method: "ping" }
-      ]),
-      signal: AbortSignal.timeout(timeout)
-    });
-    const text = await res.body.text();
-    if (res.statusCode >= 400 && res.statusCode < 500) {
-      return { passed: true, details: `HTTP ${res.statusCode} (batch rejected)` };
+  );
+  await test(
+    "transport-delete",
+    "DELETE accepted or returns 405",
+    "transport",
+    false,
+    "basic/transports#streamable-http",
+    async () => {
+      const res = await request(backendUrl, {
+        method: "DELETE",
+        headers: { ...userHeaders },
+        signal: AbortSignal.timeout(timeout)
+      });
+      await res.body.text();
+      if (res.statusCode === 405) {
+        return { passed: true, details: "HTTP 405 Method Not Allowed (acceptable)" };
+      }
+      if (res.statusCode >= 200 && res.statusCode < 300) {
+        return { passed: true, details: `HTTP ${res.statusCode} (session termination supported)` };
+      }
+      if (res.statusCode === 400 || res.statusCode === 404) {
+        return { passed: true, details: `HTTP ${res.statusCode} (no active session, acceptable)` };
+      }
+      return { passed: false, details: `HTTP ${res.statusCode}` };
     }
-    try {
-      const body = JSON.parse(text);
-      if (body?.error) {
-        return { passed: true, details: `JSON-RPC error: ${body.error.code} \u2014 ${body.error.message}` };
+  );
+  await test(
+    "transport-batch-reject",
+    "Rejects JSON-RPC batch requests",
+    "transport",
+    true,
+    "basic/transports#streamable-http",
+    async () => {
+      const res = await request(backendUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Accept: "application/json, text/event-stream", ...userHeaders },
+        body: JSON.stringify([
+          { jsonrpc: "2.0", id: 99903, method: "ping" },
+          { jsonrpc: "2.0", id: 99904, method: "ping" }
+        ]),
+        signal: AbortSignal.timeout(timeout)
+      });
+      const text = await res.body.text();
+      if (res.statusCode >= 400 && res.statusCode < 500) {
+        return { passed: true, details: `HTTP ${res.statusCode} (batch rejected)` };
       }
-      if (Array.isArray(body)) {
-        return { passed: false, details: "Server processed batch request (MCP forbids batch)" };
+      try {
+        const body = JSON.parse(text);
+        if (body?.error) {
+          return { passed: true, details: `JSON-RPC error: ${body.error.code} \u2014 ${body.error.message}` };
+        }
+        if (Array.isArray(body)) {
+          return { passed: false, details: "Server processed batch request (MCP forbids batch)" };
+        }
+      } catch {
       }
-    } catch {
+      return { passed: false, details: `HTTP ${res.statusCode} \u2014 expected error or 4xx for batch request` };
     }
-    return { passed: false, details: `HTTP ${res.statusCode} \u2014 expected error or 4xx for batch request` };
-  });
+  );
   let initRes = null;
   try {
     initRes = await rpc("initialize", {
@@ -401,35 +742,69 @@ async function runComplianceSuite(url, options = {}) {
     await mcpNotification(backendUrl, "notifications/initialized", void 0, buildHeaders(), timeout);
   } catch {
   }
-  await test("lifecycle-init", "Initialize handshake", "lifecycle", true, "basic/lifecycle#initialization", async () => {
-    if (!initRes) return { passed: false, details: "Initialize request failed" };
-    const result = initRes.body?.result;
-    if (!result) return { passed: false, details: "No result in response" };
-    return { passed: !!result.protocolVersion, details: `Protocol: ${result.protocolVersion || "missing"}` };
-  });
-  await test("lifecycle-proto-version", "Returns valid protocol version", "lifecycle", true, "basic/lifecycle#version-negotiation", async () => {
-    const version2 = initRes?.body?.result?.protocolVersion;
-    if (!version2) return { passed: false, details: "No protocolVersion" };
-    const valid = /^\d{4}-\d{2}-\d{2}$/.test(version2);
-    if (valid && version2 !== SPEC_VERSION) {
-      warnings.push(`Server negotiated protocol version ${version2} (latest is ${SPEC_VERSION})`);
+  await test(
+    "lifecycle-init",
+    "Initialize handshake",
+    "lifecycle",
+    true,
+    "basic/lifecycle#initialization",
+    async () => {
+      if (!initRes) return { passed: false, details: "Initialize request failed" };
+      const result = initRes.body?.result;
+      if (!result) return { passed: false, details: "No result in response" };
+      return { passed: !!result.protocolVersion, details: `Protocol: ${result.protocolVersion || "missing"}` };
     }
-    return { passed: valid, details: `Version: ${version2}` };
-  });
-  await test("lifecycle-server-info", "Includes serverInfo", "lifecycle", false, "basic/lifecycle#initialization", async () => {
-    const info = initRes?.body?.result?.serverInfo;
-    return { passed: !!info?.name, details: info ? `${info.name} v${info.version || "?"}` : "Missing serverInfo" };
-  });
-  await test("lifecycle-capabilities", "Returns capabilities object", "lifecycle", true, "basic/lifecycle#capability-negotiation", async () => {
-    const caps = initRes?.body?.result?.capabilities;
-    if (!caps || typeof caps !== "object") return { passed: false, details: "No capabilities object in response" };
-    const declared = Object.keys(caps).filter((k) => caps[k] !== void 0);
-    return { passed: true, details: declared.length > 0 ? `Capabilities: ${declared.join(", ")}` : "Empty capabilities (valid)" };
-  });
+  );
+  await test(
+    "lifecycle-proto-version",
+    "Returns valid protocol version",
+    "lifecycle",
+    true,
+    "basic/lifecycle#version-negotiation",
+    async () => {
+      const version2 = initRes?.body?.result?.protocolVersion;
+      if (!version2) return { passed: false, details: "No protocolVersion" };
+      const valid = /^\d{4}-\d{2}-\d{2}$/.test(version2);
+      if (valid && version2 !== SPEC_VERSION) {
+        warnings.push(`Server negotiated protocol version ${version2} (latest is ${SPEC_VERSION})`);
+      }
+      return { passed: valid, details: `Version: ${version2}` };
+    }
+  );
+  await test(
+    "lifecycle-server-info",
+    "Includes serverInfo",
+    "lifecycle",
+    false,
+    "basic/lifecycle#initialization",
+    async () => {
+      const info = initRes?.body?.result?.serverInfo;
+      return { passed: !!info?.name, details: info ? `${info.name} v${info.version || "?"}` : "Missing serverInfo" };
+    }
+  );
+  await test(
+    "lifecycle-capabilities",
+    "Returns capabilities object",
+    "lifecycle",
+    true,
+    "basic/lifecycle#capability-negotiation",
+    async () => {
+      const caps = initRes?.body?.result?.capabilities;
+      if (!caps || typeof caps !== "object") return { passed: false, details: "No capabilities object in response" };
+      const declared = Object.keys(caps).filter((k) => caps[k] !== void 0);
+      return {
+        passed: true,
+        details: declared.length > 0 ? `Capabilities: ${declared.join(", ")}` : "Empty capabilities (valid)"
+      };
+    }
+  );
   await test("lifecycle-jsonrpc", "Response is valid JSON-RPC 2.0", "lifecycle", true, "basic", async () => {
     const body = initRes?.body;
     const valid = body?.jsonrpc === "2.0" && body?.id !== void 0 && (body?.result !== void 0 || body?.error !== void 0);
-    return { passed: valid, details: valid ? "Valid JSON-RPC 2.0 response" : `Missing fields: jsonrpc=${body?.jsonrpc}, id=${body?.id}` };
+    return {
+      passed: valid,
+      details: valid ? "Valid JSON-RPC 2.0 response" : `Missing fields: jsonrpc=${body?.jsonrpc}, id=${body?.id}`
+    };
   });
   await test("lifecycle-ping", "Responds to ping", "lifecycle", true, "basic/utilities#ping", async () => {
     const res = await rpc("ping");
@@ -438,149 +813,223 @@ async function runComplianceSuite(url, options = {}) {
     if (body?.result !== void 0) return { passed: true, details: "Ping responded successfully" };
     return { passed: false, details: "No result in ping response" };
   });
-  await test("lifecycle-instructions", "Instructions field is valid", "lifecycle", false, "basic/lifecycle#initialization", async () => {
-    const result = initRes?.body?.result;
-    if (!result) return { passed: false, details: "No init result" };
-    if (result.instructions === void 0) {
-      return { passed: true, details: "No instructions field (optional)" };
-    }
-    if (typeof result.instructions === "string") {
-      const preview = result.instructions.length > 80 ? result.instructions.slice(0, 80) + "..." : result.instructions;
-      return { passed: true, details: `Instructions: "${preview}"` };
+  await test(
+    "lifecycle-instructions",
+    "Instructions field is valid",
+    "lifecycle",
+    false,
+    "basic/lifecycle#initialization",
+    async () => {
+      const result = initRes?.body?.result;
+      if (!result) return { passed: false, details: "No init result" };
+      if (result.instructions === void 0) {
+        return { passed: true, details: "No instructions field (optional)" };
+      }
+      if (typeof result.instructions === "string") {
+        const preview = result.instructions.length > 80 ? result.instructions.slice(0, 80) + "..." : result.instructions;
+        return { passed: true, details: `Instructions: "${preview}"` };
+      }
+      return { passed: false, details: `instructions should be a string, got ${typeof result.instructions}` };
     }
-    return { passed: false, details: `instructions should be a string, got ${typeof result.instructions}` };
-  });
+  );
   await test("lifecycle-id-match", "Response ID matches request ID", "lifecycle", true, "basic", async () => {
     const res = await rpc("ping");
     const body = res.body;
     if (body?.id === void 0) return { passed: false, details: "No id in response" };
     const match = body.id === res.requestId;
-    return { passed: match, details: match ? `Request id=${res.requestId}, response id=${body.id} (match)` : `Request id=${res.requestId}, response id=${body.id} (MISMATCH)` };
+    return {
+      passed: match,
+      details: match ? `Request id=${res.requestId}, response id=${body.id} (match)` : `Request id=${res.requestId}, response id=${body.id} (MISMATCH)`
+    };
   });
   const hasLogging = !!serverInfo.capabilities.logging;
-  await test("lifecycle-logging", "logging/setLevel accepted", "lifecycle", hasLogging, "server/utilities#logging", async () => {
-    if (!hasLogging) return { passed: true, details: "Server does not declare logging capability (skipped)" };
-    const res = await rpc("logging/setLevel", { level: "info" });
-    if (res.body?.error) {
-      return { passed: false, details: `Error: ${res.body.error.code} \u2014 ${res.body.error.message}` };
+  await test(
+    "lifecycle-logging",
+    "logging/setLevel accepted",
+    "lifecycle",
+    hasLogging,
+    "server/utilities#logging",
+    async () => {
+      if (!hasLogging) return { passed: true, details: "Server does not declare logging capability (skipped)" };
+      const res = await rpc("logging/setLevel", { level: "info" });
+      if (res.body?.error) {
+        return { passed: false, details: `Error: ${res.body.error.code} \u2014 ${res.body.error.message}` };
+      }
+      return { passed: true, details: "logging/setLevel accepted" };
     }
-    return { passed: true, details: "logging/setLevel accepted" };
-  });
+  );
   const hasCompletions = !!serverInfo.capabilities.completions;
-  await test("lifecycle-completions", "completion/complete accepted", "lifecycle", hasCompletions, "server/utilities#completion", async () => {
-    if (!hasCompletions) return { passed: true, details: "Server does not declare completions capability (skipped)" };
-    const res = await rpc("completion/complete", {
-      ref: { type: "ref/prompt", name: "__test__" },
-      argument: { name: "test", value: "" }
-    });
-    if (res.body?.error) {
-      if (res.body.error.code === -32602) {
-        return { passed: true, details: "InvalidParams for test ref (acceptable)" };
+  await test(
+    "lifecycle-completions",
+    "completion/complete accepted",
+    "lifecycle",
+    hasCompletions,
+    "server/utilities#completion",
+    async () => {
+      if (!hasCompletions) return { passed: true, details: "Server does not declare completions capability (skipped)" };
+      const res = await rpc("completion/complete", {
+        ref: { type: "ref/prompt", name: "__test__" },
+        argument: { name: "test", value: "" }
+      });
+      if (res.body?.error) {
+        if (res.body.error.code === -32602) {
+          return { passed: true, details: "InvalidParams for test ref (acceptable)" };
+        }
+        return { passed: false, details: `Error: ${res.body.error.code} \u2014 ${res.body.error.message}` };
       }
-      return { passed: false, details: `Error: ${res.body.error.code} \u2014 ${res.body.error.message}` };
-    }
-    const values = res.body?.result?.completion?.values;
-    if (Array.isArray(values)) {
-      return { passed: true, details: `Returned ${values.length} completion(s)` };
-    }
-    return { passed: true, details: "completion/complete accepted" };
-  });
-  await test("transport-notification-202", "Notification returns 202 Accepted", "transport", false, "basic/transports#streamable-http", async () => {
-    const res = await request(backendUrl, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "Accept": "application/json, text/event-stream",
-        ...buildHeaders()
-      },
-      body: JSON.stringify({ jsonrpc: "2.0", method: "notifications/cancelled", params: { requestId: "nonexistent", reason: "compliance test" } }),
-      signal: AbortSignal.timeout(timeout)
-    });
-    await res.body.text();
-    if (res.statusCode === 202) {
-      return { passed: true, details: "HTTP 202 Accepted (correct)" };
-    }
-    if (res.statusCode >= 200 && res.statusCode < 300) {
-      return { passed: true, details: `HTTP ${res.statusCode} (accepted, but 202 is preferred)` };
-    }
-    return { passed: false, details: `HTTP ${res.statusCode} \u2014 expected 202 Accepted for notifications` };
-  });
-  await test("transport-session-id", "Enforces MCP-Session-Id after init", "transport", false, "basic/transports#streamable-http", async () => {
-    if (!sessionId) {
-      warnings.push("Server did not issue MCP-Session-Id header");
-      return { passed: true, details: "Server did not issue session ID (test not applicable)" };
-    }
-    const headersWithout = { ...userHeaders };
-    if (negotiatedProtocolVersion) headersWithout["mcp-protocol-version"] = negotiatedProtocolVersion;
-    const res = await mcpRequest(backendUrl, "ping", void 0, createIdCounter(99910), headersWithout, timeout);
-    if (res.statusCode === 400) {
-      return { passed: true, details: "HTTP 400 for missing session ID (correct)" };
+      const values = res.body?.result?.completion?.values;
+      if (Array.isArray(values)) {
+        return { passed: true, details: `Returned ${values.length} completion(s)` };
+      }
+      return { passed: true, details: "completion/complete accepted" };
     }
-    if (res.statusCode >= 200 && res.statusCode < 300) {
-      return { passed: false, details: `HTTP ${res.statusCode} \u2014 server should return 400 when session ID is missing` };
+  );
+  await test(
+    "transport-notification-202",
+    "Notification returns 202 Accepted",
+    "transport",
+    false,
+    "basic/transports#streamable-http",
+    async () => {
+      const res = await request(backendUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json, text/event-stream",
+          ...buildHeaders()
+        },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          method: "notifications/cancelled",
+          params: { requestId: "nonexistent", reason: "compliance test" }
+        }),
+        signal: AbortSignal.timeout(timeout)
+      });
+      await res.body.text();
+      if (res.statusCode === 202) {
+        return { passed: true, details: "HTTP 202 Accepted (correct)" };
+      }
+      if (res.statusCode >= 200 && res.statusCode < 300) {
+        return { passed: true, details: `HTTP ${res.statusCode} (accepted, but 202 is preferred)` };
+      }
+      return { passed: false, details: `HTTP ${res.statusCode} \u2014 expected 202 Accepted for notifications` };
     }
-    return { passed: false, details: `HTTP ${res.statusCode}` };
-  });
-  const hasTools = !!serverInfo.capabilities.tools;
-  let cachedToolsList = null;
-  await test("tools-list", "tools/list returns valid response", "tools", hasTools, "server/tools#listing-tools", async () => {
-    const res = await rpc("tools/list");
-    const tools = res.body?.result?.tools;
-    if (!Array.isArray(tools)) return { passed: false, details: "No tools array in result" };
-    cachedToolsList = tools;
-    toolCount = tools.length;
-    toolNames = tools.map((t) => t.name).filter(Boolean);
-    return { passed: true, details: `${toolCount} tool(s): ${toolNames.slice(0, 5).join(", ")}${toolCount > 5 ? "..." : ""}` };
-  });
-  await test("tools-schema", "All tools have name and inputSchema", "schema", hasTools, "server/tools#data-types", async () => {
-    const tools = cachedToolsList ?? (await rpc("tools/list")).body?.result?.tools ?? [];
-    const issues = [];
-    for (const tool of tools) {
-      if (!tool.name) {
-        issues.push("Tool missing name");
-        continue;
+  );
+  await test(
+    "transport-session-id",
+    "Enforces MCP-Session-Id after init",
+    "transport",
+    false,
+    "basic/transports#streamable-http",
+    async () => {
+      if (!sessionId) {
+        warnings.push("Server did not issue MCP-Session-Id header");
+        return { passed: true, details: "Server did not issue session ID (test not applicable)" };
       }
-      if (tool.name.length > 128 || !/^[A-Za-z0-9_.\-]+$/.test(tool.name)) {
-        issues.push(`${tool.name}: name format invalid`);
+      const headersWithout = { ...userHeaders };
+      if (negotiatedProtocolVersion) headersWithout["mcp-protocol-version"] = negotiatedProtocolVersion;
+      const res = await mcpRequest(backendUrl, "ping", void 0, createIdCounter(99910), headersWithout, timeout);
+      if (res.statusCode === 400) {
+        return { passed: true, details: "HTTP 400 for missing session ID (correct)" };
       }
-      if (!tool.description) warnings.push(`Tool "${tool.name}" missing description`);
-      if (!tool.inputSchema) {
-        issues.push(`${tool.name}: missing inputSchema (required)`);
-      } else if (typeof tool.inputSchema !== "object" || tool.inputSchema === null) {
-        issues.push(`${tool.name}: inputSchema must be a valid JSON Schema object`);
-      } else if (tool.inputSchema.type !== "object") {
-        issues.push(`${tool.name}: inputSchema.type must be "object" (got "${tool.inputSchema.type || "undefined"}")`);
+      if (res.statusCode >= 200 && res.statusCode < 300) {
+        return {
+          passed: false,
+          details: `HTTP ${res.statusCode} \u2014 server should return 400 when session ID is missing`
+        };
       }
+      return { passed: false, details: `HTTP ${res.statusCode}` };
     }
-    const detail = issues.length === 0 ? "All tools have valid schemas" : issues.join("; ");
-    return { passed: issues.length === 0, details: detail };
-  });
-  await test("tools-annotations", "Tool annotations are valid", "schema", false, "server/tools#annotations", async () => {
-    const tools = cachedToolsList ?? (await rpc("tools/list")).body?.result?.tools ?? [];
-    if (tools.length === 0) return { passed: true, details: "No tools to validate" };
-    const issues = [];
-    let annotatedCount = 0;
-    for (const tool of tools) {
-      const ann = tool.annotations;
-      if (!ann) continue;
-      annotatedCount++;
-      if (typeof ann !== "object" || ann === null) {
-        issues.push(`${tool.name}: annotations must be an object`);
-        continue;
-      }
-      const boolFields = ["readOnlyHint", "destructiveHint", "idempotentHint", "openWorldHint"];
-      for (const field of boolFields) {
-        if (ann[field] !== void 0 && typeof ann[field] !== "boolean") {
-          issues.push(`${tool.name}: annotations.${field} should be boolean, got ${typeof ann[field]}`);
+  );
+  const hasTools = !!serverInfo.capabilities.tools;
+  let cachedToolsList = null;
+  await test(
+    "tools-list",
+    "tools/list returns valid response",
+    "tools",
+    hasTools,
+    "server/tools#listing-tools",
+    async () => {
+      const res = await rpc("tools/list");
+      const tools = res.body?.result?.tools;
+      if (!Array.isArray(tools)) return { passed: false, details: "No tools array in result" };
+      cachedToolsList = tools;
+      toolCount = tools.length;
+      toolNames = tools.map((t) => t.name).filter(Boolean);
+      return {
+        passed: true,
+        details: `${toolCount} tool(s): ${toolNames.slice(0, 5).join(", ")}${toolCount > 5 ? "..." : ""}`
+      };
+    }
+  );
+  await test(
+    "tools-schema",
+    "All tools have name and inputSchema",
+    "schema",
+    hasTools,
+    "server/tools#data-types",
+    async () => {
+      const tools = cachedToolsList ?? (await rpc("tools/list")).body?.result?.tools ?? [];
+      const issues = [];
+      for (const tool of tools) {
+        if (!tool.name) {
+          issues.push("Tool missing name");
+          continue;
+        }
+        if (tool.name.length > 128 || !/^[A-Za-z0-9_.\-]+$/.test(tool.name)) {
+          issues.push(`${tool.name}: name format invalid`);
+        }
+        if (!tool.description) warnings.push(`Tool "${tool.name}" missing description`);
+        if (!tool.inputSchema) {
+          issues.push(`${tool.name}: missing inputSchema (required)`);
+        } else if (typeof tool.inputSchema !== "object" || tool.inputSchema === null) {
+          issues.push(`${tool.name}: inputSchema must be a valid JSON Schema object`);
+        } else if (tool.inputSchema.type !== "object") {
+          issues.push(
+            `${tool.name}: inputSchema.type must be "object" (got "${tool.inputSchema.type || "undefined"}")`
+          );
         }
       }
-      if (ann.title !== void 0 && typeof ann.title !== "string") {
-        issues.push(`${tool.name}: annotations.title should be string`);
+      const detail = issues.length === 0 ? "All tools have valid schemas" : issues.join("; ");
+      return { passed: issues.length === 0, details: detail };
+    }
+  );
+  await test(
+    "tools-annotations",
+    "Tool annotations are valid",
+    "schema",
+    false,
+    "server/tools#annotations",
+    async () => {
+      const tools = cachedToolsList ?? (await rpc("tools/list")).body?.result?.tools ?? [];
+      if (tools.length === 0) return { passed: true, details: "No tools to validate" };
+      const issues = [];
+      let annotatedCount = 0;
+      for (const tool of tools) {
+        const ann = tool.annotations;
+        if (!ann) continue;
+        annotatedCount++;
+        if (typeof ann !== "object" || ann === null) {
+          issues.push(`${tool.name}: annotations must be an object`);
+          continue;
+        }
+        const boolFields = ["readOnlyHint", "destructiveHint", "idempotentHint", "openWorldHint"];
+        for (const field of boolFields) {
+          if (ann[field] !== void 0 && typeof ann[field] !== "boolean") {
+            issues.push(`${tool.name}: annotations.${field} should be boolean, got ${typeof ann[field]}`);
+          }
+        }
+        if (ann.title !== void 0 && typeof ann.title !== "string") {
+          issues.push(`${tool.name}: annotations.title should be string`);
+        }
       }
+      if (issues.length > 0) return { passed: false, details: issues.join("; ") };
+      return {
+        passed: true,
+        details: annotatedCount > 0 ? `${annotatedCount} tool(s) with valid annotations` : "No tools have annotations (optional)"
+      };
     }
-    if (issues.length > 0) return { passed: false, details: issues.join("; ") };
-    return { passed: true, details: annotatedCount > 0 ? `${annotatedCount} tool(s) with valid annotations` : "No tools have annotations (optional)" };
-  });
+  );
   await test("tools-title-field", "Tools include title field", "schema", false, "server/tools#data-types", async () => {
     const tools = cachedToolsList ?? (await rpc("tools/list")).body?.result?.tools ?? [];
     if (tools.length === 0) return { passed: true, details: "No tools to validate" };
@@ -597,211 +1046,319 @@ async function runComplianceSuite(url, options = {}) {
     }
     return { passed: true, details: `${withTitle.length}/${tools.length} tool(s) have title field` };
   });
-  await test("tools-output-schema", "Tools with outputSchema are valid", "schema", false, "server/tools#structured-content", async () => {
-    const tools = cachedToolsList ?? (await rpc("tools/list")).body?.result?.tools ?? [];
-    if (tools.length === 0) return { passed: true, details: "No tools to validate" };
-    const issues = [];
-    let withSchema = 0;
-    for (const tool of tools) {
-      if (tool.outputSchema === void 0) continue;
-      withSchema++;
-      if (typeof tool.outputSchema !== "object" || tool.outputSchema === null) {
-        issues.push(`${tool.name}: outputSchema must be a JSON Schema object`);
-      } else if (tool.outputSchema.type !== "object") {
-        issues.push(`${tool.name}: outputSchema.type must be "object" (got "${tool.outputSchema.type || "undefined"}")`);
+  await test(
+    "tools-output-schema",
+    "Tools with outputSchema are valid",
+    "schema",
+    false,
+    "server/tools#structured-content",
+    async () => {
+      const tools = cachedToolsList ?? (await rpc("tools/list")).body?.result?.tools ?? [];
+      if (tools.length === 0) return { passed: true, details: "No tools to validate" };
+      const issues = [];
+      let withSchema = 0;
+      for (const tool of tools) {
+        if (tool.outputSchema === void 0) continue;
+        withSchema++;
+        if (typeof tool.outputSchema !== "object" || tool.outputSchema === null) {
+          issues.push(`${tool.name}: outputSchema must be a JSON Schema object`);
+        } else if (tool.outputSchema.type !== "object") {
+          issues.push(
+            `${tool.name}: outputSchema.type must be "object" (got "${tool.outputSchema.type || "undefined"}")`
+          );
+        }
       }
+      if (issues.length > 0) return { passed: false, details: issues.join("; ") };
+      return {
+        passed: true,
+        details: withSchema > 0 ? `${withSchema} tool(s) with valid outputSchema` : "No tools have outputSchema (optional)"
+      };
     }
-    if (issues.length > 0) return { passed: false, details: issues.join("; ") };
-    return { passed: true, details: withSchema > 0 ? `${withSchema} tool(s) with valid outputSchema` : "No tools have outputSchema (optional)" };
-  });
+  );
   if (toolNames.length > 0) {
-    await test("tools-call", "tools/call responds correctly", "tools", false, "server/tools#calling-tools", async () => {
-      const res = await rpc("tools/call", { name: toolNames[0], arguments: {} });
-      const result = res.body?.result;
-      const error = res.body?.error;
-      if (error) {
-        const code = error.code;
-        if (code === -32602 || code === -32600) {
-          return { passed: true, details: `Invalid params error (acceptable): code ${code}` };
+    await test(
+      "tools-call",
+      "tools/call responds correctly",
+      "tools",
+      false,
+      "server/tools#calling-tools",
+      async () => {
+        const res = await rpc("tools/call", { name: toolNames[0], arguments: {} });
+        const result = res.body?.result;
+        const error = res.body?.error;
+        if (error) {
+          const code = error.code;
+          if (code === -32602 || code === -32600) {
+            return { passed: true, details: `Invalid params error (acceptable): code ${code}` };
+          }
+          return { passed: true, details: `Protocol error: code ${code} \u2014 ${error.message}` };
         }
-        return { passed: true, details: `Protocol error: code ${code} \u2014 ${error.message}` };
-      }
-      if (result?.content && Array.isArray(result.content)) {
-        const badItems = result.content.filter((c) => !c.type);
-        if (badItems.length > 0) return { passed: false, details: `${badItems.length} content item(s) missing 'type' field` };
-        return { passed: true, details: `Returned ${result.content.length} content item(s)` };
-      }
-      if (result?.isError && result?.content && Array.isArray(result.content)) {
-        return { passed: true, details: "Tool returned execution error with content (valid)" };
-      }
-      return { passed: false, details: "Response missing content array" };
-    });
-    await test("tools-content-types", "Tool content items have valid types", "tools", false, "server/tools#calling-tools", async () => {
-      const res = await rpc("tools/call", { name: toolNames[0], arguments: {} });
-      const result = res.body?.result;
-      const error = res.body?.error;
-      if (error) {
-        return { passed: true, details: `Tool returned error (content types not applicable): code ${error.code}` };
-      }
-      const content = result?.content;
-      if (!Array.isArray(content) || content.length === 0) {
-        return { passed: true, details: "No content items to validate" };
+        if (result?.content && Array.isArray(result.content)) {
+          const badItems = result.content.filter((c) => !c.type);
+          if (badItems.length > 0)
+            return { passed: false, details: `${badItems.length} content item(s) missing 'type' field` };
+          return { passed: true, details: `Returned ${result.content.length} content item(s)` };
+        }
+        if (result?.isError && result?.content && Array.isArray(result.content)) {
+          return { passed: true, details: "Tool returned execution error with content (valid)" };
+        }
+        return { passed: false, details: "Response missing content array" };
       }
-      const issues = [];
-      const types = /* @__PURE__ */ new Set();
-      for (const item of content) {
-        if (!item.type) {
-          issues.push("Content item missing type field");
-        } else if (!VALID_CONTENT_TYPES.includes(item.type)) {
-          issues.push(`Unknown content type: "${item.type}"`);
-        } else {
-          types.add(item.type);
+    );
+    await test(
+      "tools-content-types",
+      "Tool content items have valid types",
+      "tools",
+      false,
+      "server/tools#calling-tools",
+      async () => {
+        const res = await rpc("tools/call", { name: toolNames[0], arguments: {} });
+        const result = res.body?.result;
+        const error = res.body?.error;
+        if (error) {
+          return { passed: true, details: `Tool returned error (content types not applicable): code ${error.code}` };
+        }
+        const content = result?.content;
+        if (!Array.isArray(content) || content.length === 0) {
+          return { passed: true, details: "No content items to validate" };
+        }
+        const issues = [];
+        const types = /* @__PURE__ */ new Set();
+        for (const item of content) {
+          if (!item.type) {
+            issues.push("Content item missing type field");
+          } else if (!VALID_CONTENT_TYPES.includes(item.type)) {
+            issues.push(`Unknown content type: "${item.type}"`);
+          } else {
+            types.add(item.type);
+          }
         }
+        if (issues.length > 0) return { passed: false, details: issues.join("; ") };
+        return { passed: true, details: `Content types: ${[...types].join(", ")}` };
       }
-      if (issues.length > 0) return { passed: false, details: issues.join("; ") };
-      return { passed: true, details: `Content types: ${[...types].join(", ")}` };
-    });
+    );
   }
   if (hasTools) {
-    await test("tools-pagination", "tools/list supports pagination", "tools", false, "server/tools#listing-tools", async () => {
-      const res = await rpc("tools/list");
-      const result = res.body?.result;
-      if (!result) return { passed: false, details: "No result from tools/list" };
-      if (!Array.isArray(result.tools)) return { passed: false, details: "No tools array" };
-      if (result.nextCursor !== void 0) {
-        if (typeof result.nextCursor !== "string") {
-          return { passed: false, details: `nextCursor should be string, got ${typeof result.nextCursor}` };
-        }
-        const nextRes = await rpc("tools/list", { cursor: result.nextCursor });
-        const nextResult = nextRes.body?.result;
-        if (!nextResult || !Array.isArray(nextResult.tools)) {
-          return { passed: false, details: "Next page failed to return tools array" };
+    await test(
+      "tools-pagination",
+      "tools/list supports pagination",
+      "tools",
+      false,
+      "server/tools#listing-tools",
+      async () => {
+        const res = await rpc("tools/list");
+        const result = res.body?.result;
+        if (!result) return { passed: false, details: "No result from tools/list" };
+        if (!Array.isArray(result.tools)) return { passed: false, details: "No tools array" };
+        if (result.nextCursor !== void 0) {
+          if (typeof result.nextCursor !== "string") {
+            return { passed: false, details: `nextCursor should be string, got ${typeof result.nextCursor}` };
+          }
+          const nextRes = await rpc("tools/list", { cursor: result.nextCursor });
+          const nextResult = nextRes.body?.result;
+          if (!nextResult || !Array.isArray(nextResult.tools)) {
+            return { passed: false, details: "Next page failed to return tools array" };
+          }
+          return {
+            passed: true,
+            details: `Pagination works: page 1 had ${result.tools.length} tools, page 2 had ${nextResult.tools.length} tools`
+          };
         }
-        return { passed: true, details: `Pagination works: page 1 had ${result.tools.length} tools, page 2 had ${nextResult.tools.length} tools` };
+        return { passed: true, details: `${result.tools.length} tool(s), no nextCursor (single page)` };
       }
-      return { passed: true, details: `${result.tools.length} tool(s), no nextCursor (single page)` };
-    });
-    await test("tools-call-unknown", "Returns error for unknown tool name", "errors", false, "server/tools#error-handling", async () => {
-      const res = await rpc("tools/call", { name: "__nonexistent_tool_compliance_test__", arguments: {} });
-      const error = res.body?.error;
-      const isError = res.body?.result?.isError;
-      if (error) return { passed: true, details: `Error code: ${error.code} \u2014 ${error.message}` };
-      if (isError) return { passed: true, details: "Tool execution error with isError=true (valid)" };
-      return { passed: false, details: "No error returned for nonexistent tool" };
-    });
+    );
+    await test(
+      "tools-call-unknown",
+      "Returns error for unknown tool name",
+      "errors",
+      false,
+      "server/tools#error-handling",
+      async () => {
+        const res = await rpc("tools/call", { name: "__nonexistent_tool_compliance_test__", arguments: {} });
+        const error = res.body?.error;
+        const isError = res.body?.result?.isError;
+        if (error) return { passed: true, details: `Error code: ${error.code} \u2014 ${error.message}` };
+        if (isError) return { passed: true, details: "Tool execution error with isError=true (valid)" };
+        return { passed: false, details: "No error returned for nonexistent tool" };
+      }
+    );
   }
   const hasResources = !!serverInfo.capabilities.resources;
   const hasSubscribe = !!serverInfo.capabilities.resources?.subscribe;
   if (hasResources) {
     let cachedResourcesList = null;
-    await test("resources-list", "resources/list returns valid response", "resources", true, "server/resources#listing-resources", async () => {
-      const res = await rpc("resources/list");
-      const resources = res.body?.result?.resources;
-      if (!Array.isArray(resources)) return { passed: false, details: "No resources array" };
-      cachedResourcesList = resources;
-      resourceCount = resources.length;
-      resourceNames = resources.map((r) => r.name).filter(Boolean);
-      return { passed: true, details: `${resourceCount} resource(s)` };
-    });
-    await test("resources-schema", "Resources have uri and name", "schema", true, "server/resources#data-types", async () => {
-      const resources = cachedResourcesList ?? (await rpc("resources/list")).body?.result?.resources ?? [];
-      const issues = [];
-      for (const r of resources) {
-        if (!r.uri) issues.push("Resource missing uri");
-        else {
-          try {
-            new URL(r.uri);
-          } catch {
-            issues.push(`${r.uri}: invalid URI format`);
+    await test(
+      "resources-list",
+      "resources/list returns valid response",
+      "resources",
+      true,
+      "server/resources#listing-resources",
+      async () => {
+        const res = await rpc("resources/list");
+        const resources = res.body?.result?.resources;
+        if (!Array.isArray(resources)) return { passed: false, details: "No resources array" };
+        cachedResourcesList = resources;
+        resourceCount = resources.length;
+        resourceNames = resources.map((r) => r.name).filter(Boolean);
+        return { passed: true, details: `${resourceCount} resource(s)` };
+      }
+    );
+    await test(
+      "resources-schema",
+      "Resources have uri and name",
+      "schema",
+      true,
+      "server/resources#data-types",
+      async () => {
+        const resources = cachedResourcesList ?? (await rpc("resources/list")).body?.result?.resources ?? [];
+        const issues = [];
+        for (const r of resources) {
+          if (!r.uri) issues.push("Resource missing uri");
+          else {
+            try {
+              new URL(r.uri);
+            } catch {
+              issues.push(`${r.uri}: invalid URI format`);
+            }
           }
+          if (!r.name) issues.push(`${r.uri || "?"}: missing name`);
+          if (!r.description) warnings.push(`Resource "${r.name || r.uri}" missing description`);
+          if (!r.mimeType) warnings.push(`Resource "${r.name || r.uri}" missing mimeType`);
         }
-        if (!r.name) issues.push(`${r.uri || "?"}: missing name`);
-        if (!r.description) warnings.push(`Resource "${r.name || r.uri}" missing description`);
-        if (!r.mimeType) warnings.push(`Resource "${r.name || r.uri}" missing mimeType`);
+        return {
+          passed: issues.length === 0,
+          details: issues.length === 0 ? "All resources valid" : issues.join("; ")
+        };
       }
-      return { passed: issues.length === 0, details: issues.length === 0 ? "All resources valid" : issues.join("; ") };
-    });
+    );
     if (resourceCount > 0) {
-      await test("resources-read", "resources/read returns content", "resources", false, "server/resources#reading-resources", async () => {
-        const resources = cachedResourcesList ?? (await rpc("resources/list")).body?.result?.resources ?? [];
-        const firstUri = resources[0]?.uri;
-        if (!firstUri) return { passed: false, details: "No resource URI to test" };
-        const readRes = await rpc("resources/read", { uri: firstUri });
-        const contents = readRes.body?.result?.contents;
-        if (!Array.isArray(contents)) return { passed: false, details: "No contents array" };
+      await test(
+        "resources-read",
+        "resources/read returns content",
+        "resources",
+        false,
+        "server/resources#reading-resources",
+        async () => {
+          const resources = cachedResourcesList ?? (await rpc("resources/list")).body?.result?.resources ?? [];
+          const firstUri = resources[0]?.uri;
+          if (!firstUri) return { passed: false, details: "No resource URI to test" };
+          const readRes = await rpc("resources/read", { uri: firstUri });
+          const contents = readRes.body?.result?.contents;
+          if (!Array.isArray(contents)) return { passed: false, details: "No contents array" };
+          const issues = [];
+          for (const c of contents) {
+            if (!c.uri) issues.push("Content item missing uri");
+            if (!c.text && !c.blob) issues.push(`Content item for ${c.uri || "?"} missing both text and blob`);
+          }
+          if (issues.length > 0) return { passed: false, details: issues.join("; ") };
+          return { passed: true, details: `Read ${contents.length} content item(s) from ${firstUri}` };
+        }
+      );
+    }
+    await test(
+      "resources-templates",
+      "resources/templates/list returns valid response",
+      "resources",
+      false,
+      "server/resources#resource-templates",
+      async () => {
+        const res = await rpc("resources/templates/list");
+        const error = res.body?.error;
+        if (error) {
+          if (error.code === -32601) return { passed: true, details: "Method not supported (acceptable)" };
+          return { passed: false, details: `Error: ${error.message}` };
+        }
+        const templates = res.body?.result?.resourceTemplates;
+        if (!Array.isArray(templates)) return { passed: false, details: "No resourceTemplates array" };
         const issues = [];
-        for (const c of contents) {
-          if (!c.uri) issues.push("Content item missing uri");
-          if (!c.text && !c.blob) issues.push(`Content item for ${c.uri || "?"} missing both text and blob`);
+        for (const t of templates) {
+          if (!t.uriTemplate) issues.push("Template missing uriTemplate");
+          if (!t.name) issues.push(`${t.uriTemplate || "?"}: missing name`);
         }
         if (issues.length > 0) return { passed: false, details: issues.join("; ") };
-        return { passed: true, details: `Read ${contents.length} content item(s) from ${firstUri}` };
-      });
-    }
-    await test("resources-templates", "resources/templates/list returns valid response", "resources", false, "server/resources#resource-templates", async () => {
-      const res = await rpc("resources/templates/list");
-      const error = res.body?.error;
-      if (error) {
-        if (error.code === -32601) return { passed: true, details: "Method not supported (acceptable)" };
-        return { passed: false, details: `Error: ${error.message}` };
+        return { passed: true, details: `${templates.length} resource template(s)` };
       }
-      const templates = res.body?.result?.resourceTemplates;
-      if (!Array.isArray(templates)) return { passed: false, details: "No resourceTemplates array" };
-      const issues = [];
-      for (const t of templates) {
-        if (!t.uriTemplate) issues.push("Template missing uriTemplate");
-        if (!t.name) issues.push(`${t.uriTemplate || "?"}: missing name`);
-      }
-      if (issues.length > 0) return { passed: false, details: issues.join("; ") };
-      return { passed: true, details: `${templates.length} resource template(s)` };
-    });
-    await test("resources-pagination", "resources/list supports pagination", "resources", false, "server/resources#listing-resources", async () => {
-      const res = await rpc("resources/list");
-      const result = res.body?.result;
-      if (!result) return { passed: false, details: "No result from resources/list" };
-      if (!Array.isArray(result.resources)) return { passed: false, details: "No resources array" };
-      if (result.nextCursor !== void 0) {
-        if (typeof result.nextCursor !== "string") {
-          return { passed: false, details: `nextCursor should be string, got ${typeof result.nextCursor}` };
-        }
-        const nextRes = await rpc("resources/list", { cursor: result.nextCursor });
-        const nextResult = nextRes.body?.result;
-        if (!nextResult || !Array.isArray(nextResult.resources)) {
-          return { passed: false, details: "Next page failed to return resources array" };
+    );
+    await test(
+      "resources-pagination",
+      "resources/list supports pagination",
+      "resources",
+      false,
+      "server/resources#listing-resources",
+      async () => {
+        const res = await rpc("resources/list");
+        const result = res.body?.result;
+        if (!result) return { passed: false, details: "No result from resources/list" };
+        if (!Array.isArray(result.resources)) return { passed: false, details: "No resources array" };
+        if (result.nextCursor !== void 0) {
+          if (typeof result.nextCursor !== "string") {
+            return { passed: false, details: `nextCursor should be string, got ${typeof result.nextCursor}` };
+          }
+          const nextRes = await rpc("resources/list", { cursor: result.nextCursor });
+          const nextResult = nextRes.body?.result;
+          if (!nextResult || !Array.isArray(nextResult.resources)) {
+            return { passed: false, details: "Next page failed to return resources array" };
+          }
+          return {
+            passed: true,
+            details: `Pagination works: page 1 had ${result.resources.length}, page 2 had ${nextResult.resources.length}`
+          };
         }
-        return { passed: true, details: `Pagination works: page 1 had ${result.resources.length}, page 2 had ${nextResult.resources.length}` };
+        return { passed: true, details: `${result.resources.length} resource(s), no nextCursor (single page)` };
       }
-      return { passed: true, details: `${result.resources.length} resource(s), no nextCursor (single page)` };
-    });
+    );
     if (hasSubscribe && resourceCount > 0) {
-      await test("resources-subscribe", "Resource subscribe/unsubscribe", "resources", true, "server/resources#subscriptions", async () => {
-        const resources = cachedResourcesList ?? (await rpc("resources/list")).body?.result?.resources ?? [];
-        const firstUri = resources[0]?.uri;
-        if (!firstUri) return { passed: false, details: "No resource URI for subscribe test" };
-        const subRes = await rpc("resources/subscribe", { uri: firstUri });
-        if (subRes.body?.error) {
-          return { passed: false, details: `Subscribe error: ${subRes.body.error.code} \u2014 ${subRes.body.error.message}` };
-        }
-        const unsubRes = await rpc("resources/unsubscribe", { uri: firstUri });
-        if (unsubRes.body?.error) {
-          return { passed: false, details: `Unsubscribe error: ${unsubRes.body.error.code} \u2014 ${unsubRes.body.error.message}` };
+      await test(
+        "resources-subscribe",
+        "Resource subscribe/unsubscribe",
+        "resources",
+        true,
+        "server/resources#subscriptions",
+        async () => {
+          const resources = cachedResourcesList ?? (await rpc("resources/list")).body?.result?.resources ?? [];
+          const firstUri = resources[0]?.uri;
+          if (!firstUri) return { passed: false, details: "No resource URI for subscribe test" };
+          const subRes = await rpc("resources/subscribe", { uri: firstUri });
+          if (subRes.body?.error) {
+            return {
+              passed: false,
+              details: `Subscribe error: ${subRes.body.error.code} \u2014 ${subRes.body.error.message}`
+            };
+          }
+          const unsubRes = await rpc("resources/unsubscribe", { uri: firstUri });
+          if (unsubRes.body?.error) {
+            return {
+              passed: false,
+              details: `Unsubscribe error: ${unsubRes.body.error.code} \u2014 ${unsubRes.body.error.message}`
+            };
+          }
+          return { passed: true, details: `Subscribe/unsubscribe for ${firstUri} succeeded` };
         }
-        return { passed: true, details: `Subscribe/unsubscribe for ${firstUri} succeeded` };
-      });
+      );
     }
   }
   const hasPrompts = !!serverInfo.capabilities.prompts;
   if (hasPrompts) {
     let cachedPromptsList = null;
-    await test("prompts-list", "prompts/list returns valid response", "prompts", true, "server/prompts#listing-prompts", async () => {
-      const res = await rpc("prompts/list");
-      const prompts = res.body?.result?.prompts;
-      if (!Array.isArray(prompts)) return { passed: false, details: "No prompts array" };
-      cachedPromptsList = prompts;
-      promptCount = prompts.length;
-      promptNames = prompts.map((p) => p.name).filter(Boolean);
-      return { passed: true, details: `${promptCount} prompt(s): ${promptNames.slice(0, 5).join(", ")}${promptCount > 5 ? "..." : ""}` };
-    });
+    await test(
+      "prompts-list",
+      "prompts/list returns valid response",
+      "prompts",
+      true,
+      "server/prompts#listing-prompts",
+      async () => {
+        const res = await rpc("prompts/list");
+        const prompts = res.body?.result?.prompts;
+        if (!Array.isArray(prompts)) return { passed: false, details: "No prompts array" };
+        cachedPromptsList = prompts;
+        promptCount = prompts.length;
+        promptNames = prompts.map((p) => p.name).filter(Boolean);
+        return {
+          passed: true,
+          details: `${promptCount} prompt(s): ${promptNames.slice(0, 5).join(", ")}${promptCount > 5 ? "..." : ""}`
+        };
+      }
+    );
     await test("prompts-schema", "Prompts have name field", "schema", true, "server/prompts#data-types", async () => {
       const prompts = cachedPromptsList ?? (await rpc("prompts/list")).body?.result?.prompts ?? [];
       const issues = [];
@@ -818,39 +1375,56 @@ async function runComplianceSuite(url, options = {}) {
       return { passed: issues.length === 0, details: issues.length === 0 ? "All prompts valid" : issues.join("; ") };
     });
     if (promptNames.length > 0) {
-      await test("prompts-get", "prompts/get returns valid messages", "prompts", false, "server/prompts#getting-a-prompt", async () => {
-        const res = await rpc("prompts/get", { name: promptNames[0] });
-        const error = res.body?.error;
-        if (error) return { passed: true, details: `Error (may need arguments): code ${error.code}` };
-        const messages = res.body?.result?.messages;
-        if (!Array.isArray(messages)) return { passed: false, details: "No messages array in result" };
-        const issues = [];
-        for (const msg of messages) {
-          if (!msg.role || !["user", "assistant"].includes(msg.role)) issues.push(`Invalid role: ${msg.role}`);
-          if (!msg.content) issues.push("Message missing content");
+      await test(
+        "prompts-get",
+        "prompts/get returns valid messages",
+        "prompts",
+        false,
+        "server/prompts#getting-a-prompt",
+        async () => {
+          const res = await rpc("prompts/get", { name: promptNames[0] });
+          const error = res.body?.error;
+          if (error) return { passed: true, details: `Error (may need arguments): code ${error.code}` };
+          const messages = res.body?.result?.messages;
+          if (!Array.isArray(messages)) return { passed: false, details: "No messages array in result" };
+          const issues = [];
+          for (const msg of messages) {
+            if (!msg.role || !["user", "assistant"].includes(msg.role)) issues.push(`Invalid role: ${msg.role}`);
+            if (!msg.content) issues.push("Message missing content");
+          }
+          if (issues.length > 0) return { passed: false, details: issues.join("; ") };
+          return { passed: true, details: `${messages.length} message(s) from ${promptNames[0]}` };
         }
-        if (issues.length > 0) return { passed: false, details: issues.join("; ") };
-        return { passed: true, details: `${messages.length} message(s) from ${promptNames[0]}` };
-      });
+      );
     }
-    await test("prompts-pagination", "prompts/list supports pagination", "prompts", false, "server/prompts#listing-prompts", async () => {
-      const res = await rpc("prompts/list");
-      const result = res.body?.result;
-      if (!result) return { passed: false, details: "No result from prompts/list" };
-      if (!Array.isArray(result.prompts)) return { passed: false, details: "No prompts array" };
-      if (result.nextCursor !== void 0) {
-        if (typeof result.nextCursor !== "string") {
-          return { passed: false, details: `nextCursor should be string, got ${typeof result.nextCursor}` };
-        }
-        const nextRes = await rpc("prompts/list", { cursor: result.nextCursor });
-        const nextResult = nextRes.body?.result;
-        if (!nextResult || !Array.isArray(nextResult.prompts)) {
-          return { passed: false, details: "Next page failed to return prompts array" };
+    await test(
+      "prompts-pagination",
+      "prompts/list supports pagination",
+      "prompts",
+      false,
+      "server/prompts#listing-prompts",
+      async () => {
+        const res = await rpc("prompts/list");
+        const result = res.body?.result;
+        if (!result) return { passed: false, details: "No result from prompts/list" };
+        if (!Array.isArray(result.prompts)) return { passed: false, details: "No prompts array" };
+        if (result.nextCursor !== void 0) {
+          if (typeof result.nextCursor !== "string") {
+            return { passed: false, details: `nextCursor should be string, got ${typeof result.nextCursor}` };
+          }
+          const nextRes = await rpc("prompts/list", { cursor: result.nextCursor });
+          const nextResult = nextRes.body?.result;
+          if (!nextResult || !Array.isArray(nextResult.prompts)) {
+            return { passed: false, details: "Next page failed to return prompts array" };
+          }
+          return {
+            passed: true,
+            details: `Pagination works: page 1 had ${result.prompts.length}, page 2 had ${nextResult.prompts.length}`
+          };
         }
-        return { passed: true, details: `Pagination works: page 1 had ${result.prompts.length}, page 2 had ${nextResult.prompts.length}` };
+        return { passed: true, details: `${result.prompts.length} prompt(s), no nextCursor (single page)` };
       }
-      return { passed: true, details: `${result.prompts.length} prompt(s), no nextCursor (single page)` };
-    });
+    );
   }
   await test("error-unknown-method", "Returns JSON-RPC error for unknown method", "errors", true, "basic", async () => {
     const res = await rpc("nonexistent/method");
@@ -862,16 +1436,23 @@ async function runComplianceSuite(url, options = {}) {
       details: `Error code: ${error.code}${correctCode ? " (correct: Method not found)" : " (expected -32601)"} \u2014 ${error.message}`
     };
   });
-  await test("error-method-code", "Uses correct JSON-RPC error code for unknown method", "errors", false, "basic", async () => {
-    const res = await rpc("nonexistent/method");
-    const error = res.body?.error;
-    if (!error) return { passed: false, details: "No error returned" };
-    return { passed: error.code === -32601, details: `Expected -32601, got ${error.code}` };
-  });
+  await test(
+    "error-method-code",
+    "Uses correct JSON-RPC error code for unknown method",
+    "errors",
+    false,
+    "basic",
+    async () => {
+      const res = await rpc("nonexistent/method");
+      const error = res.body?.error;
+      if (!error) return { passed: false, details: "No error returned" };
+      return { passed: error.code === -32601, details: `Expected -32601, got ${error.code}` };
+    }
+  );
   await test("error-invalid-jsonrpc", "Handles malformed JSON-RPC", "errors", true, "basic", async () => {
     const res = await request(backendUrl, {
       method: "POST",
-      headers: { "Content-Type": "application/json", "Accept": "application/json, text/event-stream", ...buildHeaders() },
+      headers: { "Content-Type": "application/json", Accept: "application/json, text/event-stream", ...buildHeaders() },
       body: JSON.stringify({ not: "a valid jsonrpc message" }),
       signal: AbortSignal.timeout(timeout)
     });
@@ -880,17 +1461,21 @@ async function runComplianceSuite(url, options = {}) {
       const body = JSON.parse(text);
       if (body?.error) {
         const correctCode = body.error.code === -32600;
-        return { passed: true, details: `Error code: ${body.error.code}${correctCode ? " (correct: Invalid Request)" : ""} \u2014 ${body.error.message}` };
+        return {
+          passed: true,
+          details: `Error code: ${body.error.code}${correctCode ? " (correct: Invalid Request)" : ""} \u2014 ${body.error.message}`
+        };
       }
     } catch {
     }
-    if (res.statusCode >= 400 && res.statusCode < 500) return { passed: true, details: `HTTP ${res.statusCode} (acceptable)` };
+    if (res.statusCode >= 400 && res.statusCode < 500)
+      return { passed: true, details: `HTTP ${res.statusCode} (acceptable)` };
     return { passed: false, details: `HTTP ${res.statusCode} \u2014 expected JSON-RPC error or 4xx status` };
   });
   await test("error-invalid-json", "Handles invalid JSON body", "errors", false, "basic", async () => {
     const res = await request(backendUrl, {
       method: "POST",
-      headers: { "Content-Type": "application/json", "Accept": "application/json, text/event-stream", ...buildHeaders() },
+      headers: { "Content-Type": "application/json", Accept: "application/json, text/event-stream", ...buildHeaders() },
       body: "{this is not valid json!!!",
       signal: AbortSignal.timeout(timeout)
     });
@@ -900,24 +1485,35 @@ async function runComplianceSuite(url, options = {}) {
       if (body?.error) return { passed: true, details: `Error code: ${body.error.code} \u2014 ${body.error.message}` };
     } catch {
     }
-    if (res.statusCode >= 400 && res.statusCode < 500) return { passed: true, details: `HTTP ${res.statusCode} (acceptable)` };
+    if (res.statusCode >= 400 && res.statusCode < 500)
+      return { passed: true, details: `HTTP ${res.statusCode} (acceptable)` };
     return { passed: false, details: `HTTP ${res.statusCode} \u2014 expected parse error or 4xx status` };
   });
-  await test("error-missing-params", "Returns error for tools/call without name", "errors", false, "server/tools#error-handling", async () => {
-    const res = await rpc("tools/call", {});
-    const error = res.body?.error;
-    const isError = res.body?.result?.isError;
-    if (error) {
-      const correctCode = error.code === -32602;
-      return { passed: true, details: `Error code: ${error.code}${correctCode ? " (correct: Invalid params)" : ""} \u2014 ${error.message}` };
+  await test(
+    "error-missing-params",
+    "Returns error for tools/call without name",
+    "errors",
+    false,
+    "server/tools#error-handling",
+    async () => {
+      const res = await rpc("tools/call", {});
+      const error = res.body?.error;
+      const isError = res.body?.result?.isError;
+      if (error) {
+        const correctCode = error.code === -32602;
+        return {
+          passed: true,
+          details: `Error code: ${error.code}${correctCode ? " (correct: Invalid params)" : ""} \u2014 ${error.message}`
+        };
+      }
+      if (isError) return { passed: true, details: "Tool execution error (valid)" };
+      return { passed: false, details: "No error for tools/call without name" };
     }
-    if (isError) return { passed: true, details: "Tool execution error (valid)" };
-    return { passed: false, details: "No error for tools/call without name" };
-  });
+  );
   await test("error-parse-code", "Returns -32700 for invalid JSON", "errors", false, "basic", async () => {
     const res = await request(backendUrl, {
       method: "POST",
-      headers: { "Content-Type": "application/json", "Accept": "application/json, text/event-stream", ...buildHeaders() },
+      headers: { "Content-Type": "application/json", Accept: "application/json, text/event-stream", ...buildHeaders() },
       body: "<<<not json>>>",
       signal: AbortSignal.timeout(timeout)
     });
@@ -940,7 +1536,7 @@ async function runComplianceSuite(url, options = {}) {
   await test("error-invalid-request-code", "Returns -32600 for invalid request", "errors", false, "basic", async () => {
     const res = await request(backendUrl, {
       method: "POST",
-      headers: { "Content-Type": "application/json", "Accept": "application/json, text/event-stream", ...buildHeaders() },
+      headers: { "Content-Type": "application/json", Accept: "application/json, text/event-stream", ...buildHeaders() },
       body: JSON.stringify({ jsonrpc: "2.0", id: 99999 }),
       signal: AbortSignal.timeout(timeout)
     });
@@ -985,6 +1581,171 @@ async function runComplianceSuite(url, options = {}) {
   };
 }
+// src/mcp/tools.ts
+function registerTools(server) {
+  server.tool(
+    "mcp_compliance_test",
+    "Run the full MCP compliance test suite against a server URL. Returns grade (A-F), score, and detailed results for all 43 tests covering transport, lifecycle, tools, resources, prompts, errors, and schema validation.",
+    {
+      url: z.string().url().describe("The MCP server URL to test (must be HTTP or HTTPS)"),
+      auth: z.string().optional().describe('Authorization header value (e.g., "Bearer tok123")'),
+      headers: z.record(z.string()).optional().describe('Additional headers to include on all requests (e.g., {"X-Api-Key": "abc"})'),
+      timeout: z.number().optional().describe("Request timeout in milliseconds (default: 15000)"),
+      retries: z.number().optional().describe("Number of retries for failed tests (default: 0)"),
+      only: z.array(z.string()).optional().describe("Only run tests matching these categories or test IDs"),
+      skip: z.array(z.string()).optional().describe("Skip tests matching these categories or test IDs")
+    },
+    {
+      title: "Run MCP Compliance Tests",
+      readOnlyHint: true,
+      destructiveHint: false,
+      idempotentHint: true,
+      openWorldHint: true
+    },
+    async ({ url, auth, headers: extraHeaders, timeout, retries, only, skip }) => {
+      try {
+        const headers = { ...extraHeaders };
+        if (auth) headers.Authorization = auth;
+        const report = await runComplianceSuite(url, {
+          headers: Object.keys(headers).length > 0 ? headers : void 0,
+          timeout,
+          retries,
+          only,
+          skip
+        });
+        const summary = [
+          `Grade: ${report.grade} (${report.score}%)`,
+          `Overall: ${report.overall}`,
+          `Tests: ${report.summary.passed}/${report.summary.total} passed (${report.summary.requiredPassed}/${report.summary.required} required)`,
+          "",
+          ...report.tests.map(
+            (t) => `${t.passed ? "PASS" : "FAIL"} ${t.name}${t.required ? " (required)" : ""} \u2014 ${t.details}`
+          )
+        ];
+        if (report.serverInfo.name) {
+          summary.unshift(`Server: ${report.serverInfo.name} v${report.serverInfo.version || "?"}`);
+        }
+        if (report.warnings.length > 0) {
+          summary.push("", `Warnings (${report.warnings.length}):`);
+          for (const w of report.warnings) {
+            summary.push(`  - ${w}`);
+          }
+        }
+        return {
+          content: [
+            { type: "text", text: summary.join("\n") },
+            { type: "text", text: `
+Full report:
+${JSON.stringify(report, null, 2)}` }
+          ]
+        };
+      } catch (err) {
+        return {
+          content: [{ type: "text", text: `Error running compliance test: ${err.message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.tool(
+    "mcp_compliance_badge",
+    "Get the badge markdown embed code for an MCP server. Runs the compliance test suite first to determine the grade.",
+    {
+      url: z.string().url().describe("The MCP server URL to test"),
+      auth: z.string().optional().describe('Authorization header value (e.g., "Bearer tok123")'),
+      headers: z.record(z.string()).optional().describe("Additional headers to include on all requests"),
+      timeout: z.number().optional().describe("Request timeout in milliseconds (default: 15000)")
+    },
+    {
+      title: "Get Compliance Badge",
+      readOnlyHint: true,
+      destructiveHint: false,
+      idempotentHint: true,
+      openWorldHint: true
+    },
+    async ({ url, auth, headers: extraHeaders, timeout }) => {
+      try {
+        const headers = { ...extraHeaders };
+        if (auth) headers.Authorization = auth;
+        const report = await runComplianceSuite(url, {
+          headers: Object.keys(headers).length > 0 ? headers : void 0,
+          timeout
+        });
+        const badge = report.badge;
+        return {
+          content: [
+            {
+              type: "text",
+              text: [
+                `Grade: ${report.grade} (${report.score}%)`,
+                "",
+                "Markdown:",
+                badge.markdown,
+                "",
+                "HTML:",
+                badge.html
+              ].join("\n")
+            }
+          ]
+        };
+      } catch (err) {
+        return {
+          content: [{ type: "text", text: `Error: ${err.message}` }],
+          isError: true
+        };
+      }
+    }
+  );
+  server.tool(
+    "mcp_compliance_explain",
+    "Explain what a specific compliance test ID checks and why it matters.",
+    {
+      testId: z.string().describe('The test ID to explain (e.g., "transport-post", "lifecycle-init", "tools-schema")')
+    },
+    {
+      title: "Explain Compliance Test",
+      readOnlyHint: true,
+      destructiveHint: false,
+      idempotentHint: true,
+      openWorldHint: false
+    },
+    async ({ testId }) => {
+      const def = TEST_DEFINITIONS.find((t) => t.id === testId);
+      if (!def) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: `Unknown test ID: "${testId}"
+Valid test IDs:
+${TEST_DEFINITIONS.map((t) => t.id).join(", ")}`
+            }
+          ],
+          isError: true
+        };
+      }
+      return {
+        content: [
+          {
+            type: "text",
+            text: [
+              `Test: ${def.id}`,
+              `Name: ${def.name}`,
+              `Category: ${def.category}`,
+              `Required: ${def.required ? "Yes" : "No"}`,
+              `Spec reference: https://modelcontextprotocol.io/specification/2025-11-25/${def.specRef}`,
+              "",
+              def.description
+            ].join("\n")
+          }
+        ]
+      };
+    }
+  );
+}
 // src/reporter.ts
 import chalk from "chalk";
 var CATEGORY_LABELS = {
@@ -1037,11 +1798,19 @@ function formatTerminal(report) {
   lines.push(chalk.dim(`Spec: ${report.specVersion}  |  Tool: v${report.toolVersion}  |  ${report.timestamp}`));
   lines.push(chalk.dim(`URL: ${report.url}`));
   if (report.serverInfo.name) {
-    lines.push(chalk.dim(`Server: ${report.serverInfo.name} v${report.serverInfo.version || "?"} (protocol ${report.serverInfo.protocolVersion || "?"})`));
+    lines.push(
+      chalk.dim(
+        `Server: ${report.serverInfo.name} v${report.serverInfo.version || "?"} (protocol ${report.serverInfo.protocolVersion || "?"})`
+      )
+    );
   }
   lines.push("");
-  lines.push(`  Grade: ${gradeColor(report.grade)}  Score: ${chalk.bold(String(report.score))}%  Overall: ${overallColor(report.overall)}`);
-  lines.push(`  Tests: ${chalk.green(String(report.summary.passed))} passed / ${chalk.red(String(report.summary.failed))} failed / ${report.summary.total} total`);
+  lines.push(
+    `  Grade: ${gradeColor(report.grade)}  Score: ${chalk.bold(String(report.score))}%  Overall: ${overallColor(report.overall)}`
+  );
+  lines.push(
+    `  Tests: ${chalk.green(String(report.summary.passed))} passed / ${chalk.red(String(report.summary.failed))} failed / ${report.summary.total} total`
+  );
   lines.push(`  Required: ${report.summary.requiredPassed}/${report.summary.required} passed`);
   const grouped = {};
   for (const t of report.tests) {
@@ -1067,13 +1836,25 @@ function formatTerminal(report) {
     lines.push(chalk.dim(`  Capabilities: ${declared.join(", ")}`));
   }
   if (report.toolCount > 0) {
-    lines.push(chalk.dim(`  Tools (${report.toolCount}): ${report.toolNames.slice(0, 10).join(", ")}${report.toolCount > 10 ? "..." : ""}`));
+    lines.push(
+      chalk.dim(
+        `  Tools (${report.toolCount}): ${report.toolNames.slice(0, 10).join(", ")}${report.toolCount > 10 ? "..." : ""}`
+      )
+    );
   }
   if (report.resourceCount > 0) {
-    lines.push(chalk.dim(`  Resources (${report.resourceCount}): ${report.resourceNames.slice(0, 10).join(", ")}${report.resourceCount > 10 ? "..." : ""}`));
+    lines.push(
+      chalk.dim(
+        `  Resources (${report.resourceCount}): ${report.resourceNames.slice(0, 10).join(", ")}${report.resourceCount > 10 ? "..." : ""}`
+      )
+    );
   }
   if (report.promptCount > 0) {
-    lines.push(chalk.dim(`  Prompts (${report.promptCount}): ${report.promptNames.slice(0, 10).join(", ")}${report.promptCount > 10 ? "..." : ""}`));
+    lines.push(
+      chalk.dim(
+        `  Prompts (${report.promptCount}): ${report.promptNames.slice(0, 10).join(", ")}${report.promptCount > 10 ? "..." : ""}`
+      )
+    );
   }
   if (report.warnings.length > 0) {
     lines.push("");
@@ -1092,127 +1873,6 @@ function formatJson(report) {
   return JSON.stringify(report, null, 2);
 }
-// src/index.ts
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-// src/mcp/tools.ts
-import { z } from "zod";
-function registerTools(server) {
-  server.tool(
-    "mcp_compliance_test",
-    "Run the full MCP compliance test suite against a server URL. Returns grade (A-F), score, and detailed results for all 43 tests covering transport, lifecycle, tools, resources, prompts, errors, and schema validation.",
-    {
-      url: z.string().url().describe("The MCP server URL to test (must be HTTP or HTTPS)")
-    },
-    async ({ url }) => {
-      try {
-        const report = await runComplianceSuite(url);
-        const summary = [
-          `Grade: ${report.grade} (${report.score}%)`,
-          `Overall: ${report.overall}`,
-          `Tests: ${report.summary.passed}/${report.summary.total} passed (${report.summary.requiredPassed}/${report.summary.required} required)`,
-          "",
-          ...report.tests.map(
-            (t) => `${t.passed ? "PASS" : "FAIL"} ${t.name}${t.required ? " (required)" : ""} \u2014 ${t.details}`
-          )
-        ];
-        if (report.serverInfo.name) {
-          summary.unshift(`Server: ${report.serverInfo.name} v${report.serverInfo.version || "?"}`);
-        }
-        if (report.warnings.length > 0) {
-          summary.push("", `Warnings (${report.warnings.length}):`);
-          for (const w of report.warnings) {
-            summary.push(`  - ${w}`);
-          }
-        }
-        return {
-          content: [
-            { type: "text", text: summary.join("\n") },
-            { type: "text", text: `
-Full report:
-${JSON.stringify(report, null, 2)}` }
-          ]
-        };
-      } catch (err) {
-        return {
-          content: [{ type: "text", text: `Error running compliance test: ${err.message}` }],
-          isError: true
-        };
-      }
-    }
-  );
-  server.tool(
-    "mcp_compliance_badge",
-    "Get the badge markdown embed code for an MCP server. Runs the compliance test suite first to determine the grade.",
-    {
-      url: z.string().url().describe("The MCP server URL to test")
-    },
-    async ({ url }) => {
-      try {
-        const report = await runComplianceSuite(url);
-        const badge = report.badge;
-        return {
-          content: [{
-            type: "text",
-            text: [
-              `Grade: ${report.grade} (${report.score}%)`,
-              "",
-              "Markdown:",
-              badge.markdown,
-              "",
-              "HTML:",
-              badge.html
-            ].join("\n")
-          }]
-        };
-      } catch (err) {
-        return {
-          content: [{ type: "text", text: `Error: ${err.message}` }],
-          isError: true
-        };
-      }
-    }
-  );
-  server.tool(
-    "mcp_compliance_explain",
-    "Explain what a specific compliance test ID checks and why it matters.",
-    {
-      testId: z.string().describe('The test ID to explain (e.g., "transport-post", "lifecycle-init", "tools-schema")')
-    },
-    async ({ testId }) => {
-      const def = TEST_DEFINITIONS.find((t) => t.id === testId);
-      if (!def) {
-        return {
-          content: [{
-            type: "text",
-            text: `Unknown test ID: "${testId}"
-Valid test IDs:
-${TEST_DEFINITIONS.map((t) => t.id).join(", ")}`
-          }],
-          isError: true
-        };
-      }
-      return {
-        content: [{
-          type: "text",
-          text: [
-            `Test: ${def.id}`,
-            `Name: ${def.name}`,
-            `Category: ${def.category}`,
-            `Required: ${def.required ? "Yes" : "No"}`,
-            `Spec reference: https://modelcontextprotocol.io/specification/2025-11-25/${def.specRef}`,
-            "",
-            def.description
-          ].join("\n")
-        }]
-      };
-    }
-  );
-}
 // src/index.ts
 var require2 = createRequire2(import.meta.url);
 var { version } = require2("../package.json");
@@ -1231,58 +1891,60 @@ function parseList(value) {
 }
 var program = new Command();
 program.name("mcp-compliance").description("Test MCP servers for spec compliance").version(version);
-program.command("test").description("Run the full compliance test suite against an MCP server").argument("<url>", "MCP server URL to test").option("--format <format>", "Output format: terminal or json", "terminal").option("--strict", "Exit with code 1 on any required test failure (for CI)").option("-H, --header <header>", 'Add header to all requests (format: "Key: Value", repeatable)', parseHeaderArg, {}).option("--auth <token>", 'Shorthand for -H "Authorization: <token>"').option("--timeout <ms>", "Request timeout in milliseconds", "15000").option("--retries <n>", "Number of retries for failed tests", "0").option("--only <items>", "Only run tests matching these categories or test IDs (comma-separated)", parseList).option("--skip <items>", "Skip tests matching these categories or test IDs (comma-separated)", parseList).option("--verbose", "Print each test result as it runs").action(async (url, opts) => {
-  try {
-    const headers = { ...opts.header };
-    if (opts.auth) headers["Authorization"] = opts.auth;
-    if (opts.format === "terminal") {
-      console.log(chalk2.dim(`
+program.command("test").description("Run the full compliance test suite against an MCP server").argument("<url>", "MCP server URL to test").option("--format <format>", "Output format: terminal or json", "terminal").option("--strict", "Exit with code 1 on any required test failure (for CI)").option("-H, --header <header>", 'Add header to all requests (format: "Key: Value", repeatable)', parseHeaderArg, {}).option("--auth <token>", 'Shorthand for -H "Authorization: <token>"').option("--timeout <ms>", "Request timeout in milliseconds", "15000").option("--retries <n>", "Number of retries for failed tests", "0").option("--only <items>", "Only run tests matching these categories or test IDs (comma-separated)", parseList).option("--skip <items>", "Skip tests matching these categories or test IDs (comma-separated)", parseList).option("--verbose", "Print each test result as it runs").action(
+  async (url, opts) => {
+    try {
+      const headers = { ...opts.header };
+      if (opts.auth) headers.Authorization = opts.auth;
+      if (opts.format === "terminal") {
+        console.log(chalk2.dim(`
 Testing ${url}...
 `));
-    }
-    const report = await runComplianceSuite(url, {
-      headers,
-      timeout: parseInt(opts.timeout, 10) || 15e3,
-      retries: parseInt(opts.retries, 10) || 0,
-      only: opts.only,
-      skip: opts.skip,
-      onProgress: opts.verbose ? (testId, passed, details) => {
-        const icon = passed ? chalk2.green("PASS") : chalk2.red("FAIL");
-        console.log(`  ${icon} ${testId} \u2014 ${details}`);
-      } : void 0
-    });
-    if (opts.verbose && opts.format === "terminal") {
-      console.log("");
-    }
-    if (opts.format === "json") {
-      console.log(formatJson(report));
-    } else {
-      console.log(formatTerminal(report));
-    }
-    if (opts.strict && report.overall === "fail") {
-      process.exit(1);
-    }
-  } catch (err) {
-    if (opts.format === "json") {
-      console.error(JSON.stringify({ error: err.message }));
-    } else {
-      console.error(chalk2.red(`
+      }
+      const report = await runComplianceSuite(url, {
+        headers,
+        timeout: Number.parseInt(opts.timeout, 10) || 15e3,
+        retries: Number.parseInt(opts.retries, 10) || 0,
+        only: opts.only,
+        skip: opts.skip,
+        onProgress: opts.verbose ? (testId, passed, details) => {
+          const icon = passed ? chalk2.green("PASS") : chalk2.red("FAIL");
+          console.log(`  ${icon} ${testId} \u2014 ${details}`);
+        } : void 0
+      });
+      if (opts.verbose && opts.format === "terminal") {
+        console.log("");
+      }
+      if (opts.format === "json") {
+        console.log(formatJson(report));
+      } else {
+        console.log(formatTerminal(report));
+      }
+      if (opts.strict && report.overall === "fail") {
+        process.exit(1);
+      }
+    } catch (err) {
+      if (opts.format === "json") {
+        console.error(JSON.stringify({ error: err.message }));
+      } else {
+        console.error(chalk2.red(`
 Error: ${err.message}
 `));
+      }
+      process.exit(1);
     }
-    process.exit(1);
   }
-});
+);
 program.command("badge").description("Run tests and output just the badge markdown embed code").argument("<url>", "MCP server URL to test").option("-H, --header <header>", 'Add header to all requests (format: "Key: Value", repeatable)', parseHeaderArg, {}).option("--auth <token>", 'Shorthand for -H "Authorization: <token>"').option("--timeout <ms>", "Request timeout in milliseconds", "15000").action(async (url, opts) => {
   try {
     const headers = { ...opts.header };
-    if (opts.auth) headers["Authorization"] = opts.auth;
+    if (opts.auth) headers.Authorization = opts.auth;
     console.log(chalk2.dim(`
 Testing ${url}...
 `));
     const report = await runComplianceSuite(url, {
       headers,
-      timeout: parseInt(opts.timeout, 10) || 15e3
+      timeout: Number.parseInt(opts.timeout, 10) || 15e3
     });
     console.log(`Grade: ${report.grade} (${report.score}%)
 `);