@yawlabs/mcp-compliance 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +50 -9
- package/dist/{chunk-Z7VLPYIO.js → chunk-SELO4TOW.js} +1376 -27
- package/dist/index.js +1387 -35
- package/dist/mcp/server.js +5 -5
- package/dist/runner.d.ts +2 -2
- package/dist/runner.js +1 -1
- package/package.json +5 -1
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
[](https://github.com/YawLabs/mcp-compliance/stargazers)
|
|
6
6
|
[](https://github.com/YawLabs/mcp-compliance/actions/workflows/ci.yml)
|
|
7
7
|
|
|
8
|
-
**Test any MCP server for spec compliance.**
|
|
8
|
+
**Test any MCP server for spec compliance.** 78-test suite covering transport, lifecycle, tools, resources, prompts, error handling, schema validation, and security against the [MCP specification](https://modelcontextprotocol.io/specification/2025-11-25). CLI, MCP server, and programmatic API.
|
|
9
9
|
|
|
10
10
|
Built and maintained by [Yaw Labs](https://yaw.sh).
|
|
11
11
|
|
|
@@ -15,7 +15,7 @@ MCP servers are multiplying fast — but most ship without compliance testing. B
|
|
|
15
15
|
|
|
16
16
|
This tool solves that:
|
|
17
17
|
|
|
18
|
-
- **
|
|
18
|
+
- **78 tests across 8 categories** — transport, lifecycle, tools, resources, prompts, error handling, schema validation, and security. No gaps.
|
|
19
19
|
- **Capability-driven** — tests adapt to what the server declares. If it says it supports tools, tool tests become required. No false failures for features the server doesn't claim.
|
|
20
20
|
- **Graded scoring** — A-F letter grade with a weighted score (required tests 70%, optional 30%). One number to communicate compliance.
|
|
21
21
|
- **CI-ready** — `--strict` mode exits with code 1 on required test failures. Drop it into any pipeline.
|
|
@@ -100,23 +100,29 @@ mcp-compliance badge https://my-server.com/mcp
|
|
|
100
100
|
|
|
101
101
|
Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https://mcp.hosting).
|
|
102
102
|
|
|
103
|
-
## What the
|
|
103
|
+
## What the 78 tests check
|
|
104
104
|
|
|
105
105
|
<details>
|
|
106
|
-
<summary><strong>Transport (
|
|
106
|
+
<summary><strong>Transport (13 tests)</strong></summary>
|
|
107
107
|
|
|
108
108
|
- **transport-post** — Server accepts HTTP POST requests (required)
|
|
109
109
|
- **transport-content-type** — Responds with application/json or text/event-stream (required)
|
|
110
|
-
- **transport-notification-202** — Notifications return 202 Accepted
|
|
110
|
+
- **transport-notification-202** — Notifications return exactly 202 Accepted
|
|
111
|
+
- **transport-content-type-reject** — Rejects non-JSON request Content-Type
|
|
111
112
|
- **transport-session-id** — Enforces MCP-Session-Id after initialization
|
|
113
|
+
- **transport-session-invalid** — Returns 404 for unknown session ID
|
|
112
114
|
- **transport-get** — GET returns SSE stream or 405
|
|
113
115
|
- **transport-delete** — DELETE accepted or returns 405
|
|
114
116
|
- **transport-batch-reject** — Rejects JSON-RPC batch requests (required)
|
|
117
|
+
- **transport-content-type-init** — Initialize response has valid content type
|
|
118
|
+
- **transport-get-stream** — GET with session returns SSE or 405
|
|
119
|
+
- **transport-concurrent** — Handles concurrent requests
|
|
120
|
+
- **transport-sse-event-field** — SSE responses include required event: message field
|
|
115
121
|
|
|
116
122
|
</details>
|
|
117
123
|
|
|
118
124
|
<details>
|
|
119
|
-
<summary><strong>Lifecycle (
|
|
125
|
+
<summary><strong>Lifecycle (15 tests)</strong></summary>
|
|
120
126
|
|
|
121
127
|
- **lifecycle-init** — Initialize handshake succeeds (required)
|
|
122
128
|
- **lifecycle-proto-version** — Returns valid YYYY-MM-DD protocol version (required)
|
|
@@ -126,8 +132,13 @@ Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https:
|
|
|
126
132
|
- **lifecycle-ping** — Responds to ping method (required)
|
|
127
133
|
- **lifecycle-instructions** — Instructions field is valid string if present
|
|
128
134
|
- **lifecycle-id-match** — Response ID matches request ID (required)
|
|
135
|
+
- **lifecycle-string-id** — Supports string request IDs (JSON-RPC 2.0)
|
|
136
|
+
- **lifecycle-version-negotiate** — Handles unknown protocol version gracefully
|
|
137
|
+
- **lifecycle-reinit-reject** — Rejects second initialize request
|
|
129
138
|
- **lifecycle-logging** — logging/setLevel accepted (required if logging capability declared)
|
|
130
139
|
- **lifecycle-completions** — completion/complete accepted (required if completions capability declared)
|
|
140
|
+
- **lifecycle-cancellation** — Handles cancellation notifications
|
|
141
|
+
- **lifecycle-progress** — Handles progress notifications gracefully
|
|
131
142
|
|
|
132
143
|
</details>
|
|
133
144
|
|
|
@@ -162,7 +173,7 @@ Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https:
|
|
|
162
173
|
</details>
|
|
163
174
|
|
|
164
175
|
<details>
|
|
165
|
-
<summary><strong>Error Handling (
|
|
176
|
+
<summary><strong>Error Handling (10 tests)</strong></summary>
|
|
166
177
|
|
|
167
178
|
- **error-unknown-method** — Returns JSON-RPC error for unknown method (required)
|
|
168
179
|
- **error-method-code** — Uses correct -32601 error code
|
|
@@ -172,6 +183,8 @@ Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https:
|
|
|
172
183
|
- **error-parse-code** — Returns -32700 for invalid JSON
|
|
173
184
|
- **error-invalid-request-code** — Returns -32600 for invalid request
|
|
174
185
|
- **tools-call-unknown** — Returns error for nonexistent tool name
|
|
186
|
+
- **error-capability-gated** — Rejects methods for undeclared capabilities
|
|
187
|
+
- **error-invalid-cursor** — Handles invalid pagination cursor gracefully
|
|
175
188
|
|
|
176
189
|
</details>
|
|
177
190
|
|
|
@@ -187,6 +200,34 @@ Outputs the markdown embed for a compliance badge hosted at [mcp.hosting](https:
|
|
|
187
200
|
|
|
188
201
|
</details>
|
|
189
202
|
|
|
203
|
+
<details>
|
|
204
|
+
<summary><strong>Security (22 tests)</strong></summary>
|
|
205
|
+
|
|
206
|
+
- **security-auth-required** — Rejects unauthenticated requests
|
|
207
|
+
- **security-auth-malformed** — Rejects malformed auth credentials
|
|
208
|
+
- **security-tls-required** — Enforces HTTPS/TLS
|
|
209
|
+
- **security-session-entropy** — Session IDs are high-entropy
|
|
210
|
+
- **security-session-not-auth** — Session ID does not bypass auth
|
|
211
|
+
- **security-oauth-metadata** — Protected Resource Metadata endpoint exists (RFC 9728)
|
|
212
|
+
- **security-token-in-uri** — Rejects auth tokens in query string
|
|
213
|
+
- **security-cors-headers** — CORS headers are restrictive
|
|
214
|
+
- **security-origin-validation** — Validates Origin header for DNS rebinding protection
|
|
215
|
+
- **security-command-injection** — Resists command injection in tool params
|
|
216
|
+
- **security-sql-injection** — Resists SQL injection in tool params
|
|
217
|
+
- **security-path-traversal** — Resists path traversal in tool params
|
|
218
|
+
- **security-ssrf-internal** — Resists SSRF to internal networks
|
|
219
|
+
- **security-oversized-input** — Handles oversized inputs gracefully
|
|
220
|
+
- **security-extra-params** — Rejects or ignores extra tool params
|
|
221
|
+
- **security-tool-schema-defined** — All tools define inputSchema
|
|
222
|
+
- **security-tool-rug-pull** — Tool definitions are stable across calls
|
|
223
|
+
- **security-tool-description-poisoning** — Tool descriptions free of injection patterns
|
|
224
|
+
- **security-tool-cross-reference** — Tools do not reference other tools by name
|
|
225
|
+
- **security-error-no-stacktrace** — Error responses do not leak stack traces
|
|
226
|
+
- **security-error-no-internal-ip** — Error responses do not leak internal IPs
|
|
227
|
+
- **security-rate-limiting** — Rate limiting is enforced
|
|
228
|
+
|
|
229
|
+
</details>
|
|
230
|
+
|
|
190
231
|
## Grading
|
|
191
232
|
|
|
192
233
|
| Grade | Score |
|
|
@@ -277,7 +318,7 @@ Restart your MCP client and approve the server when prompted.
|
|
|
277
318
|
|
|
278
319
|
### Tools
|
|
279
320
|
|
|
280
|
-
- **mcp_compliance_test** — Run the full
|
|
321
|
+
- **mcp_compliance_test** — Run the full 78-test suite against a URL. Supports auth, custom headers, timeout, retries, and category/test filtering. Returns grade, score, and detailed results.
|
|
281
322
|
- **mcp_compliance_badge** — Get the badge markdown/HTML for a server. Supports auth and custom headers.
|
|
282
323
|
- **mcp_compliance_explain** — Explain what a specific test ID checks and why it matters.
|
|
283
324
|
|
|
@@ -304,7 +345,7 @@ const report2 = await runComplianceSuite('https://my-server.com/mcp', {
|
|
|
304
345
|
|
|
305
346
|
The compliance testing methodology is published as an open specification:
|
|
306
347
|
|
|
307
|
-
- **[MCP Compliance Testing Specification](./MCP_COMPLIANCE_SPEC.md)** — test execution model, scoring algorithm, all
|
|
348
|
+
- **[MCP Compliance Testing Specification](./MCP_COMPLIANCE_SPEC.md)** — test execution model, scoring algorithm, all 78 test rules with pass/fail criteria (CC BY 4.0)
|
|
308
349
|
- **[Machine-readable rule catalog](./mcp-compliance-rules.json)** — JSON Schema-compliant catalog for programmatic consumption
|
|
309
350
|
|
|
310
351
|
These are complementary to (not competing with) the [official MCP specification](https://modelcontextprotocol.io/specification/2025-11-25). The MCP spec defines what servers must do; this spec defines how to verify compliance.
|