mcp-scorecard 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/dist/audit/probe.js +23 -15
  3. package/dist/audit/probe.js.map +1 -1
  4. package/dist/constants.d.ts +1 -1
  5. package/dist/constants.js +2 -2
  6. package/dist/constants.js.map +1 -1
  7. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.1.1 — 2026-05-23
4
+
5
+ ### Fixed
6
+
7
+ - **`MUTATION_PATTERNS` now recognizes auth-flow mutations.** Added `exchange|revoke|grant|authorize|reset|clear|forget|destroy|wipe|logout|signout`. Previously tools like `whoop_exchange_code` and `whoop_revoke_access` were classified as reads, then incorrectly flagged in the annotations check for missing `readOnlyHint: true` (when they correctly had `readOnlyHint: false` because they DO mutate state).
8
+ - **Agent-manifest probe now prefers `structuredContent` over text content.** MCP servers that default to `response_format: "markdown"` return Markdown in `content[0].text`, not JSON. The probe was attempting `JSON.parse()` on markdown and falling into the catch branch, falsely reporting "agent_manifest returned an unusable shape" even when the structured manifest was correctly present at `structuredContent`. Now we read structuredContent first and fall back to text-as-JSON only if structured is absent.
9
+
10
+ ### Notes
11
+
12
+ - The smoke-test check (which warns when `scripts/smoke*.{mjs,js,ts}` is not in the npm tarball but `scripts.test` exists in package.json) is intentional behavior, not a bug. A WARN at score 7/10 reflects the honest tradeoff: dogfooders can't run your smoke test from the installed tarball. Repos that prefer to keep scripts/ out of the tarball can ignore this WARN — but visitors will still see the score drop.
13
+
14
+
3
15
  All notable changes to this project will be documented in this file.
4
16
 
5
17
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
package/dist/audit/probe.js CHANGED
@@ -102,21 +102,29 @@ export async function probeTarget(target) {
102
102
  if (manifestToolName) {
103
103
  try {
104
104
  const callRes = (await withTimeout(client.callTool({ name: manifestToolName, arguments: {} }), PROBE_TIMEOUT_MS, `call ${manifestToolName}`));
105
- // Most servers return a single JSON-encoded text content; try to parse.
106
- const text = callRes.content?.find((c) => c.type === 'text')?.text;
107
- if (text) {
108
- try {
109
- agentManifest = sanitizeManifestResponse(JSON.parse(text));
110
- }
111
- catch {
112
- // not JSON still record that it returned something
113
- agentManifest = {
114
- has_recommended_first_calls: false,
115
- recommended_first_calls_count: 0,
116
- has_standard_tools: false,
117
- standard_tools_count: 0,
118
- raw_keys: []
119
- };
105
+ // Prefer MCP 2025-06+ structuredContent (object-shaped) over text content,
106
+ // because many servers default to markdown text rendering — JSON.parse on
107
+ // markdown throws and we'd incorrectly flag the manifest as malformed.
108
+ if (callRes.structuredContent && typeof callRes.structuredContent === 'object') {
109
+ agentManifest = sanitizeManifestResponse(callRes.structuredContent);
110
+ }
111
+ else {
112
+ // Fall back to text content (most likely JSON-encoded for older servers).
113
+ const text = callRes.content?.find((c) => c.type === 'text')?.text;
114
+ if (text) {
115
+ try {
116
+ agentManifest = sanitizeManifestResponse(JSON.parse(text));
117
+ }
118
+ catch {
119
+ // not JSON — record an unusable shape so the check can mention it
120
+ agentManifest = {
121
+ has_recommended_first_calls: false,
122
+ recommended_first_calls_count: 0,
123
+ has_standard_tools: false,
124
+ standard_tools_count: 0,
125
+ raw_keys: []
126
+ };
127
+ }
120
128
  }
121
129
  }
122
130
  }
package/dist/audit/probe.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"probe.js","sourceRoot":"","sources":["../../src/audit/probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAGpF,MAAM,gBAAgB,GAAG,MAAM,CAAC;AAEhC,SAAS,WAAW,CAAI,OAAmB,EAAE,EAAU,EAAE,KAAa;IACpE,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe,KAAK,qBAAqB,EAAE,IAAI,CAAC,CAAC,CAAC;QACrE,CAAC,EAAE,EAAE,CAAC,CAAC;QACP,OAAO,CAAC,IAAI,CACV,CAAC,KAAK,EAAE,EAAE;YACR,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC,EACD,CAAC,GAAG,EAAE,EAAE;YACN,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,oEAAoE;AACpE,SAAS,gBAAgB,CAAC,KAAqB;IAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,GAAY;IAC5C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACtD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,MAAM,GAAG,GAAG,GAAG,CAAC,uBAAuB,CAAC;IACxC,MAAM,GAAG,GAAG,GAAG,CAAC,cAAc,CAAC;IAC/B,OAAO;QACL,2BAA2B,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAC/C,6BAA6B,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAClE,kBAAkB,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QACtC,oBAAoB,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACzD,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAsB;IACtD,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACjD,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;IACD,GAAG,CAAC,cAAc,CAAC,GAAG,GAAG,CAAC;IAE1B,MAAM,SAAS,GAAG,IAAI,oBAAoB,CAAC;QACzC,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,GAAG;QACH,GAAG,EAAE,MAAM,CAAC,UAAU;KACvB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;IAEhF,MAAM,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAE1E,IAAI,QAAQ,GAA8B,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACxD,IAAI,YAAY,GAA8C,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IAChF,IAAI,UAAU,GAA0C,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACxE,IAAI,aAA6C,CAAC;IAClD,IAAI,UAAU,GAAgC,EAAE,CAAC;IAEjD,IAAI,CAAC;QACH,kEAAkE;QAClE,MAAM,EAAE,GAAG,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;QACvC,IAAI,EAAE,EAAE,CAAC;YACP,UAAU,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC;QACtD,CAAC;QAED,QAAQ,GAAG,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,gBAAgB,EAAE,WAAW,CAAC,CAE/E,CAAC;QAEF,0EAA0E;QAC1E,IAAI,CAAC;YACH,YAAY,GAAG,CAAC,MAAM,WAAW,CAC/B,MAAM,CAAC,aAAa,EAAE,EACtB,gBAAgB,EAChB,eAAe,CAChB,CAA8C,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;QACnC,CAAC;QAED,IAAI,CAAC;YACH,UAAU,GAAG,CAAC,MAAM,WAAW,CAC7B,MAAM,CAAC,WAAW,EAAE,EACpB,gBAAgB,EAChB,aAAa,CACd,CAA0C,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,UAAU,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC/B,CAAC;QAED,mEAAmE;QACnE,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,gBAAgB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAChC,MAAM,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,EAC1D,gBAAgB,EAChB,QAAQ,gBAAgB,EAAE,CAC3B,CAAyD,CAAC;gBAC3D,wEAAwE;gBACxE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,IAAI,CAAC;gBACnE,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC;wBACH,aAAa,GAAG,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;oBAC7D,CAAC;oBAAC,MAAM,CAAC;wBACP,qDAAqD;wBACrD,aAAa,GAAG;4BACd,2BAA2B,EAAE,KAAK;4BAClC,6BAA6B,EAAE,CAAC;4BAChC,kBAAkB,EAAE,KAAK;4BACzB,oBAAoB,EAAE,CAAC;4BACvB,QAAQ,EAAE,EAAE;yBACb,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,oEAAoE;gBACpE,8BAA8B;YAChC,CAAC;QACH,CAAC;IACH,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU;QACV,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,EAAE;QAC3B,SAAS,EAAE,YAAY,CAAC,SAAS,IAAI,EAAE;QACvC,OAAO,EAAE,UAAU,CAAC,OAAO,IAAI,EAAE;QACjC,aAAa;KACd,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"probe.js","sourceRoot":"","sources":["../../src/audit/probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAGpF,MAAM,gBAAgB,GAAG,MAAM,CAAC;AAEhC,SAAS,WAAW,CAAI,OAAmB,EAAE,EAAU,EAAE,KAAa;IACpE,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe,KAAK,qBAAqB,EAAE,IAAI,CAAC,CAAC,CAAC;QACrE,CAAC,EAAE,EAAE,CAAC,CAAC;QACP,OAAO,CAAC,IAAI,CACV,CAAC,KAAK,EAAE,EAAE;YACR,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC,EACD,CAAC,GAAG,EAAE,EAAE;YACN,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,oEAAoE;AACpE,SAAS,gBAAgB,CAAC,KAAqB;IAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,GAAY;IAC5C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACtD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,MAAM,GAAG,GAAG,GAAG,CAAC,uBAAuB,CAAC;IACxC,MAAM,GAAG,GAAG,GAAG,CAAC,cAAc,CAAC;IAC/B,OAAO;QACL,2BAA2B,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAC/C,6BAA6B,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAClE,kBAAkB,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QACtC,oBAAoB,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACzD,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAsB;IACtD,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACjD,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;IACD,GAAG,CAAC,cAAc,CAAC,GAAG,GAAG,CAAC;IAE1B,MAAM,SAAS,GAAG,IAAI,oBAAoB,CAAC;QACzC,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,GAAG;QACH,GAAG,EAAE,MAAM,CAAC,UAAU;KACvB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;IAEhF,MAAM,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAE1E,IAAI,QAAQ,GAA8B,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACxD,IAAI,YAAY,GAA8C,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IAChF,IAAI,UAAU,GAA0C,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACxE,IAAI,aAA6C,CAAC;IAClD,IAAI,UAAU,GAAgC,EAAE,CAAC;IAEjD,IAAI,CAAC;QACH,kEAAkE;QAClE,MAAM,EAAE,GAAG,MAAM,CAAC,gBAAgB,EAAE,EAAE,CAAC;QACvC,IAAI,EAAE,EAAE,CAAC;YACP,UAAU,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC;QACtD,CAAC;QAED,QAAQ,GAAG,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,gBAAgB,EAAE,WAAW,CAAC,CAE/E,CAAC;QAEF,0EAA0E;QAC1E,IAAI,CAAC;YACH,YAAY,GAAG,CAAC,MAAM,WAAW,CAC/B,MAAM,CAAC,aAAa,EAAE,EACtB,gBAAgB,EAChB,eAAe,CAChB,CAA8C,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;QACnC,CAAC;QAED,IAAI,CAAC;YACH,UAAU,GAAG,CAAC,MAAM,WAAW,CAC7B,MAAM,CAAC,WAAW,EAAE,EACpB,gBAAgB,EAChB,aAAa,CACd,CAA0C,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,UAAU,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC/B,CAAC;QAED,mEAAmE;QACnE,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,gBAAgB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAChC,MAAM,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,EAC1D,gBAAgB,EAChB,QAAQ,gBAAgB,EAAE,CAC3B,CAGA,CAAC;gBACF,2EAA2E;gBAC3E,0EAA0E;gBAC1E,uEAAuE;gBACvE,IAAI,OAAO,CAAC,iBAAiB,IAAI,OAAO,OAAO,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;oBAC/E,aAAa,GAAG,wBAAwB,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;gBACtE,CAAC;qBAAM,CAAC;oBACN,0EAA0E;oBAC1E,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,IAAI,CAAC;oBACnE,IAAI,IAAI,EAAE,CAAC;wBACT,IAAI,CAAC;4BACH,aAAa,GAAG,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;wBAC7D,CAAC;wBAAC,MAAM,CAAC;4BACP,kEAAkE;4BAClE,aAAa,GAAG;gCACd,2BAA2B,EAAE,KAAK;gCAClC,6BAA6B,EAAE,CAAC;gCAChC,kBAAkB,EAAE,KAAK;gCACzB,oBAAoB,EAAE,CAAC;gCACvB,QAAQ,EAAE,EAAE;6BACb,CAAC;wBACJ,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,oEAAoE;gBACpE,8BAA8B;YAChC,CAAC;QACH,CAAC;IACH,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU;QACV,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,EAAE;QAC3B,SAAS,EAAE,YAAY,CAAC,SAAS,IAAI,EAAE;QACvC,OAAO,EAAE,UAAU,CAAC,OAAO,IAAI,EAAE;QACjC,aAAa;KACd,CAAC;AACJ,CAAC"}
package/dist/constants.d.ts CHANGED
@@ -3,7 +3,7 @@
3
3
  * same string. Bumping this without updating package.json is intentional during
4
4
  * dev (keep src as source of truth); a release script can sync them.
5
5
  */
6
- export declare const SERVER_VERSION = "0.1.0";
6
+ export declare const SERVER_VERSION = "0.1.1";
7
7
  /** Identifier used when the probe connects to a target MCP server. */
8
8
  export declare const PROBE_CLIENT_NAME = "mcp-scorecard";
9
9
  /** Env var set on the spawned target so MCP authors can detect we are probing
package/dist/constants.js CHANGED
@@ -3,7 +3,7 @@
3
3
  * same string. Bumping this without updating package.json is intentional during
4
4
  * dev (keep src as source of truth); a release script can sync them.
5
5
  */
6
- export const SERVER_VERSION = '0.1.0';
6
+ export const SERVER_VERSION = '0.1.1';
7
7
  /** Identifier used when the probe connects to a target MCP server. */
8
8
  export const PROBE_CLIENT_NAME = 'mcp-scorecard';
9
9
  /** Env var set on the spawned target so MCP authors can detect we are probing
@@ -15,7 +15,7 @@ export const PROBE_ENV_FLAG = 'MCP_PROBE';
15
15
  * not mention an explicit gate, it loses points.
16
16
  */
17
17
  export const MUTATION_PATTERNS = [
18
- /(^|_)(set|update|delete|create|pause|resume|enable|disable|cancel|publish|send|remove|add|insert|patch|put|post)(_|$)/i
18
+ /(^|_)(set|update|delete|create|pause|resume|enable|disable|cancel|publish|send|remove|add|insert|patch|put|post|exchange|revoke|grant|authorize|reset|clear|forget|destroy|wipe|logout|signout|sign_out)(_|$)/i
19
19
  ];
20
20
  /**
21
21
  * Words that, when present in a mutation tool's description, signal the author
package/dist/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC;AAEtC,sEAAsE;AACtE,MAAM,CAAC,MAAM,iBAAiB,GAAG,eAAe,CAAC;AAEjD;iEACiE;AACjE,MAAM,CAAC,MAAM,cAAc,GAAG,WAAW,CAAC;AAE1C;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAa;IACzC,wHAAwH;CACzH,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,UAAU;IACV,mBAAmB;IACnB,sBAAsB;IACtB,iBAAiB;IACjB,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;CACV,CAAC;AAEF,+EAA+E;AAC/E,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,mBAAmB;CACpB,CAAC;AAEF;;cAEc;AACd,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,aAAa;IACb,OAAO;IACP,OAAO;IACP,cAAc;IACd,eAAe;IACf,eAAe;IACf,iBAAiB;IACjB,SAAS;CACV,CAAC"}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC;AAEtC,sEAAsE;AACtE,MAAM,CAAC,MAAM,iBAAiB,GAAG,eAAe,CAAC;AAEjD;iEACiE;AACjE,MAAM,CAAC,MAAM,cAAc,GAAG,WAAW,CAAC;AAE1C;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAa;IACzC,gNAAgN;CACjN,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,UAAU;IACV,mBAAmB;IACnB,sBAAsB;IACtB,iBAAiB;IACjB,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;CACV,CAAC;AAEF,+EAA+E;AAC/E,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,mBAAmB;CACpB,CAAC;AAEF;;cAEc;AACd,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,aAAa;IACb,OAAO;IACP,OAAO;IACP,cAAc;IACd,eAAe;IACf,eAAe;IACf,iBAAiB;IACjB,SAAS;CACV,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mcp-scorecard",
3
- "version": "0.1.0",
3
+ "version": "0.1.1",
4
4
  "description": "Agent-readiness scorecard for any MCP server. Probes a target, runs 10 checks, outputs a 0-100 score with actionable findings.",
5
5
  "type": "module",
6
6
  "bin": {