@yawlabs/mcp-compliance 0.4.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -7
- package/dist/{chunk-KNOSZ3TD.js → chunk-QLFYT4I7.js} +1277 -62
- package/dist/index.js +1342 -105
- package/dist/mcp/server.js +8 -5
- package/dist/runner.d.ts +13 -3
- package/dist/runner.js +7 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
[](https://github.com/YawLabs/mcp-compliance/stargazers)
|
|
6
6
|
[](https://github.com/YawLabs/mcp-compliance/actions/workflows/ci.yml)
|
|
7
7
|
|
|
8
|
-
**Test any MCP server for spec compliance.**
|
|
8
|
+
**Test any MCP server for spec compliance.** 69-test suite covering transport, lifecycle, tools, resources, prompts, error handling, schema validation, and security against the [MCP specification](https://modelcontextprotocol.io/specification/2025-11-25). CLI, MCP server, and programmatic API.
|
|
9
9
|
|
|
10
10
|
Built and maintained by [Yaw Labs](https://yaw.sh).
|
|
11
11
|
|
|
@@ -15,7 +15,7 @@ MCP servers are multiplying fast — but most ship without compliance testing. B
|
|
|
15
15
|
|
|
16
16
|
This tool solves that:
|
|
17
17
|
|
|
18
|
-
- **
|
|
18
|
+
- **69 tests across 8 categories** — transport, lifecycle, tools, resources, prompts, error handling, schema validation, and security. No gaps.
|
|
19
19
|
- **Capability-driven** — tests adapt to what the server declares. If it says it supports tools, tool tests become required. No false failures for features the server doesn't claim.
|
|
20
20
|
- **Graded scoring** — A-F letter grade with a weighted score (required tests 70%, optional 30%). One number to communicate compliance.
|
|
21
21
|
- **CI-ready** — `--strict` mode exits with code 1 on required test failures. Drop it into any pipeline.
|
|
@@ -100,10 +100,10 @@ mcp-compliance badge https://my-server.com/mcp
|
|
|
100
100
|
|
|
101
101
|
Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https://mcp.hosting).
|
|
102
102
|
|
|
103
|
-
## What the
|
|
103
|
+
## What the 69 tests check
|
|
104
104
|
|
|
105
105
|
<details>
|
|
106
|
-
<summary><strong>Transport (
|
|
106
|
+
<summary><strong>Transport (10 tests)</strong></summary>
|
|
107
107
|
|
|
108
108
|
- **transport-post** — Server accepts HTTP POST requests (required)
|
|
109
109
|
- **transport-content-type** — Responds with application/json or text/event-stream (required)
|
|
@@ -112,11 +112,14 @@ Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https:
|
|
|
112
112
|
- **transport-get** — GET returns SSE stream or 405
|
|
113
113
|
- **transport-delete** — DELETE accepted or returns 405
|
|
114
114
|
- **transport-batch-reject** — Rejects JSON-RPC batch requests (required)
|
|
115
|
+
- **transport-content-type-init** — Initialize response has valid content type
|
|
116
|
+
- **transport-get-stream** — GET with session returns SSE or 405
|
|
117
|
+
- **transport-concurrent** — Handles concurrent requests
|
|
115
118
|
|
|
116
119
|
</details>
|
|
117
120
|
|
|
118
121
|
<details>
|
|
119
|
-
<summary><strong>Lifecycle (
|
|
122
|
+
<summary><strong>Lifecycle (12 tests)</strong></summary>
|
|
120
123
|
|
|
121
124
|
- **lifecycle-init** — Initialize handshake succeeds (required)
|
|
122
125
|
- **lifecycle-proto-version** — Returns valid YYYY-MM-DD protocol version (required)
|
|
@@ -128,6 +131,8 @@ Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https:
|
|
|
128
131
|
- **lifecycle-id-match** — Response ID matches request ID (required)
|
|
129
132
|
- **lifecycle-logging** — logging/setLevel accepted (required if logging capability declared)
|
|
130
133
|
- **lifecycle-completions** — completion/complete accepted (required if completions capability declared)
|
|
134
|
+
- **lifecycle-cancellation** — Handles cancellation notifications
|
|
135
|
+
- **lifecycle-progress** — Accepts progress notifications
|
|
131
136
|
|
|
132
137
|
</details>
|
|
133
138
|
|
|
@@ -187,6 +192,33 @@ Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https:
|
|
|
187
192
|
|
|
188
193
|
</details>
|
|
189
194
|
|
|
195
|
+
<details>
|
|
196
|
+
<summary><strong>Security (21 tests)</strong></summary>
|
|
197
|
+
|
|
198
|
+
- **security-auth-required** — Rejects unauthenticated requests
|
|
199
|
+
- **security-auth-malformed** — Rejects malformed auth credentials
|
|
200
|
+
- **security-tls-required** — Enforces HTTPS/TLS
|
|
201
|
+
- **security-session-entropy** — Session IDs are high-entropy
|
|
202
|
+
- **security-session-not-auth** — Session ID does not bypass auth
|
|
203
|
+
- **security-oauth-metadata** — OAuth metadata endpoint exists
|
|
204
|
+
- **security-token-in-uri** — Rejects auth tokens in query string
|
|
205
|
+
- **security-cors-headers** — CORS headers are restrictive
|
|
206
|
+
- **security-command-injection** — Resists command injection in tool params
|
|
207
|
+
- **security-sql-injection** — Resists SQL injection in tool params
|
|
208
|
+
- **security-path-traversal** — Resists path traversal in tool params
|
|
209
|
+
- **security-ssrf-internal** — Resists SSRF to internal networks
|
|
210
|
+
- **security-oversized-input** — Handles oversized inputs gracefully
|
|
211
|
+
- **security-extra-params** — Rejects or ignores extra tool params
|
|
212
|
+
- **security-tool-schema-defined** — All tools define inputSchema
|
|
213
|
+
- **security-tool-rug-pull** — Tool definitions are stable across calls
|
|
214
|
+
- **security-tool-description-poisoning** — Tool descriptions free of injection patterns
|
|
215
|
+
- **security-tool-cross-reference** — Tools do not reference other tools by name
|
|
216
|
+
- **security-error-no-stacktrace** — Error responses do not leak stack traces
|
|
217
|
+
- **security-error-no-internal-ip** — Error responses do not leak internal IPs
|
|
218
|
+
- **security-rate-limiting** — Rate limiting is enforced
|
|
219
|
+
|
|
220
|
+
</details>
|
|
221
|
+
|
|
190
222
|
## Grading
|
|
191
223
|
|
|
192
224
|
| Grade | Score |
|
|
@@ -277,7 +309,7 @@ Restart your MCP client and approve the server when prompted.
|
|
|
277
309
|
|
|
278
310
|
### Tools
|
|
279
311
|
|
|
280
|
-
- **mcp_compliance_test** — Run the full
|
|
312
|
+
- **mcp_compliance_test** — Run the full 69-test suite against a URL. Supports auth, custom headers, timeout, retries, and category/test filtering. Returns grade, score, and detailed results.
|
|
281
313
|
- **mcp_compliance_badge** — Get the badge markdown/HTML for a server. Supports auth and custom headers.
|
|
282
314
|
- **mcp_compliance_explain** — Explain what a specific test ID checks and why it matters.
|
|
283
315
|
|
|
@@ -304,7 +336,7 @@ const report2 = await runComplianceSuite('https://my-server.com/mcp', {
|
|
|
304
336
|
|
|
305
337
|
The compliance testing methodology is published as an open specification:
|
|
306
338
|
|
|
307
|
-
- **[MCP Compliance Testing Specification](./MCP_COMPLIANCE_SPEC.md)** — test execution model, scoring algorithm, all
|
|
339
|
+
- **[MCP Compliance Testing Specification](./MCP_COMPLIANCE_SPEC.md)** — test execution model, scoring algorithm, all 69 test rules with pass/fail criteria (CC BY 4.0)
|
|
308
340
|
- **[Machine-readable rule catalog](./mcp-compliance-rules.json)** — JSON Schema-compliant catalog for programmatic consumption
|
|
309
341
|
|
|
310
342
|
These are complementary to (not competing with) the [official MCP specification](https://modelcontextprotocol.io/specification/2025-11-25). The MCP spec defines what servers must do; this spec defines how to verify compliance.
|