mcp-stdio-guard 0.3.0 → 0.5.0

package/src/index.js

@@ -6,17 +6,36 @@ import { spawn, spawnSync } from 'node:child_process';
 function loadVersion() {
   try {
     const packageJson = JSON.parse(fs.readFileSync(new URL('../package.json', import.meta.url), 'utf8'));
-    return typeof packageJson.version === 'string' ? packageJson.version : '0.3.0';
+    return typeof packageJson.version === 'string' ? packageJson.version : '0.5.0';
   } catch {
-    return '0.3.0';
+    return '0.5.0';
   }
 }
 
 const DEFAULT_PROTOCOL = '2025-11-25';
 const DEFAULT_TIMEOUT = 5000;
+const DEFAULT_PROFILE = 'custom';
 const VERSION = loadVersion();
 const JSON_SCHEMA_VERSION = 1;
 const REDACTED = '<redacted>';
+const GUARD_PROFILES = Object.freeze({
+  custom: {
+    description: 'preserve explicit CLI flags and legacy defaults'
+  },
+  smoke: {
+    description: 'initialize only; skip advertised capability list probes'
+  },
+  registry: {
+    description: 'initialize, advertised list probes, fingerprint, and repeat consistency'
+  },
+  ci: {
+    description: 'stable JSON output with static findings treated as failures when scanned'
+  },
+  strict: {
+    description: 'deep deterministic checks with opt-in adversarial protocol probes'
+  }
+});
+const GUARD_PROFILE_NAMES = Object.keys(GUARD_PROFILES);
 const VERSION_PROBE_CACHE = new Map();
 const NODE_OPTIONS_WITH_VALUES = new Set([
   '--conditions',
@@ -70,6 +89,80 @@ const JSON_RPC_ISSUE_CODES = new Set([
   'stdout-invalid-json-rpc',
   'stdout-unexpected-request-id'
 ]);
+const CAPABILITY_DEFINITIONS = Object.freeze([
+  { name: 'tools', method: 'tools/list' },
+  { name: 'resources', method: 'resources/list' },
+  { name: 'prompts', method: 'prompts/list' }
+]);
+const ADVERSARIAL_OBSERVATION_MS = 150;
+const BUILTIN_ADVERSARIAL_PROBES = Object.freeze({
+  'invalid-method': {
+    name: 'invalid-method',
+    source: 'builtin',
+    method: 'mcp_stdio_guard/invalid_method',
+    params: { reason: 'adversarial-probe' },
+    expectation: 'error',
+    failureCode: 'adversarial-invalid-method-result',
+    description: 'invalid method requests return structured JSON-RPC errors',
+    risk: 'Sends one unknown JSON-RPC method after initialize; servers should answer with an error instead of crashing or returning success.'
+  },
+  'invalid-params': {
+    name: 'invalid-params',
+    source: 'builtin',
+    method: 'tools/list',
+    params: [],
+    expectation: 'error',
+    failureCode: 'adversarial-invalid-params-result',
+    description: 'invalid params return structured JSON-RPC errors',
+    risk: 'Sends deliberately invalid params to a common MCP method; tolerant servers may need to opt out of this stricter probe.'
+  },
+  notification: {
+    name: 'notification',
+    source: 'builtin',
+    method: 'notifications/mcp_stdio_guard_probe',
+    params: { reason: 'adversarial-probe' },
+    omitId: true,
+    expectation: 'no-response',
+    failureCode: 'adversarial-notification-response',
+    description: 'notifications do not receive responses',
+    risk: 'Sends one unknown JSON-RPC notification; servers should not reply to notifications even when the method is unknown.'
+  },
+  'malformed-json': {
+    name: 'malformed-json',
+    source: 'builtin',
+    method: '',
+    rawLine: '{"jsonrpc":"2.0","id":"mcp-stdio-guard-malformed","method":',
+    expectation: 'error-or-no-response',
+    failureCode: 'adversarial-malformed-json-result',
+    description: 'malformed JSON does not crash the server',
+    risk: 'Writes one malformed line to stdin; servers may return a structured parse error or ignore it, but should not crash.'
+  }
+});
+const BUILTIN_ADVERSARIAL_PROBE_NAMES = Object.freeze(Object.keys(BUILTIN_ADVERSARIAL_PROBES));
+const STRICT_ADVERSARIAL_PROBE_NAMES = BUILTIN_ADVERSARIAL_PROBE_NAMES;
+const SUPPORTED_ADVERSARIAL_EXPECTATIONS = new Set(['error', 'no-response', 'error-or-no-response']);
+const CAPABILITY_ISSUE_CODES = new Set([
+  'capability-list-error',
+  'capability-list-missing-response',
+  'capability-list-timeout',
+  'capability-list-unsupported'
+]);
+const ADVERSARIAL_ISSUE_CODES = new Set([
+  'adversarial-invalid-method-result',
+  'adversarial-invalid-params-result',
+  'adversarial-malformed-json-result',
+  'adversarial-notification-response',
+  'adversarial-probe-crash',
+  'adversarial-probe-invalid-stdout',
+  'adversarial-probe-timeout',
+  'adversarial-tool-call-result'
+]);
+const REPEAT_DRIFT_ISSUE_CODES = new Set([
+  'repeat-capability-drift',
+  'repeat-list-shape-drift',
+  'repeat-protocol-drift',
+  'repeat-tool-drift'
+]);
 const INITIALIZE_ISSUE_CODES = new Set([
   'initialize-error',
   'initialize-invalid-capabilities',
@@ -88,6 +181,15 @@ const OPERATION_ISSUE_CODES = new Set([
   'operation-missing-response',
   'operation-timeout'
 ]);
+const TOOL_SCHEMA_ISSUE_CODES = new Set([
+  'tool-description-missing',
+  'tool-input-schema-invalid',
+  'tool-input-schema-required-missing',
+  'tool-name-duplicate',
+  'tool-name-invalid',
+  'tools-list-invalid-result'
+]);
+const JSON_SCHEMA_TYPES = new Set(['array', 'boolean', 'integer', 'null', 'number', 'object', 'string']);
 const PROCESS_ISSUE_CODES = new Set([
   'server-crashed',
   'server-exited',
@@ -117,6 +219,28 @@ const ISSUE_CLASS_BY_CODE = new Map([
   ['initialize-missing-protocol-version', ISSUE_CLASSES.MCP_PROTOCOL],
   ['initialize-missing-server-info', ISSUE_CLASSES.MCP_PROTOCOL],
   ['operation-error', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['capability-list-error', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['capability-list-missing-response', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['capability-list-timeout', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['capability-list-unsupported', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['repeat-capability-drift', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['repeat-list-shape-drift', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['repeat-protocol-drift', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['repeat-tool-drift', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['tool-description-missing', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['tool-input-schema-invalid', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['tool-input-schema-required-missing', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['tool-name-duplicate', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['tool-name-invalid', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['tools-list-invalid-result', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['adversarial-invalid-method-result', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['adversarial-invalid-params-result', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['adversarial-malformed-json-result', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['adversarial-notification-response', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['adversarial-probe-crash', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['adversarial-probe-invalid-stdout', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['adversarial-probe-timeout', ISSUE_CLASSES.MCP_PROTOCOL],
+  ['adversarial-tool-call-result', ISSUE_CLASSES.MCP_PROTOCOL],
   ['notification-response', ISSUE_CLASSES.MCP_PROTOCOL],
   ['response-id-mismatch', ISSUE_CLASSES.MCP_PROTOCOL],
   ['response-id-type-mismatch', ISSUE_CLASSES.MCP_PROTOCOL],
@@ -142,13 +266,19 @@ export async function runCli(argv) {
   }
 
   const guardOptions = {
+    config: options.config,
+    profile: options.profile,
     protocol: options.protocol,
     timeoutMs: options.timeoutMs,
     cwd: options.cwd,
-    operation: options.requestMethod
+    env: options.env,
+    probeCapabilities: options.probeCapabilities,
+    adversarialProbes: options.adversarialProbes,
+    operations: options.operations,
+    operation: options.operations.length === 1
       ? {
-          method: options.requestMethod,
-          params: options.requestParams
+          method: options.operations[0].method,
+          params: options.operations[0].params
         }
       : null
   };
@@ -194,8 +324,17 @@ export async function runCli(argv) {
 export function parseArgs(argv) {
   const options = {
     command: [],
+    configPath: '',
+    config: defaultConfigMetadata(),
+    env: {},
+    operations: [],
+    configOperations: [],
+    adversarialProbeSpecs: [],
+    adversarialProbes: [],
     protocol: DEFAULT_PROTOCOL,
     timeoutMs: DEFAULT_TIMEOUT,
+    profile: DEFAULT_PROFILE,
+    probeCapabilities: true,
     scanPath: '',
     failOnStatic: false,
     requestMethod: '',
@@ -206,12 +345,14 @@ export function parseArgs(argv) {
     version: false,
     cwd: process.cwd()
   };
+  const specifiedOptions = new Set();
 
   for (let index = 0; index < argv.length; index += 1) {
     const arg = argv[index];
 
     if (arg === '--') {
       options.command = argv.slice(index + 1);
+      specifiedOptions.add('command');
       break;
     }
 
@@ -221,34 +362,66 @@ export function parseArgs(argv) {
       options.version = true;
     } else if (arg === '--json') {
       options.json = true;
+      specifiedOptions.add('json');
+    } else if (arg === '--config') {
+      options.configPath = path.resolve(readOptionValue(argv, index, arg));
+      specifiedOptions.add('configPath');
+      index += 1;
+    } else if (arg === '--profile') {
+      options.profile = readOptionValue(argv, index, arg);
+      specifiedOptions.add('profile');
+      index += 1;
     } else if (arg === '--fail-on-static') {
       options.failOnStatic = true;
+      specifiedOptions.add('failOnStatic');
     } else if (arg === '--request') {
       options.requestMethod = readOptionValue(argv, index, arg);
+      specifiedOptions.add('requestMethod');
       index += 1;
     } else if (arg === '--params') {
       options.requestParams = parseJsonOption(readOptionValue(argv, index, arg), arg);
+      specifiedOptions.add('requestParams');
+      index += 1;
+    } else if (arg === '--adversarial-probe' || arg === '--adversarial-probes') {
+      options.adversarialProbeSpecs.push(...expandAdversarialProbeList(readOptionValue(argv, index, arg), arg));
+      specifiedOptions.add('adversarialProbes');
       index += 1;
     } else if (arg === '--protocol') {
       options.protocol = readOptionValue(argv, index, arg);
+      specifiedOptions.add('protocol');
       index += 1;
     } else if (arg === '--timeout') {
       options.timeoutMs = Number(readOptionValue(argv, index, arg));
+      specifiedOptions.add('timeoutMs');
       index += 1;
     } else if (arg === '--repeat') {
       options.repeat = Number(readOptionValue(argv, index, arg));
+      specifiedOptions.add('repeat');
       index += 1;
     } else if (arg === '--scan') {
       options.scanPath = path.resolve(readOptionValue(argv, index, arg));
+      specifiedOptions.add('scanPath');
       index += 1;
     } else if (arg === '--cwd') {
       options.cwd = path.resolve(readOptionValue(argv, index, arg));
+      specifiedOptions.add('cwd');
       index += 1;
     } else {
       throw new Error(`Unknown option before --: ${arg}`);
     }
   }
 
+  if (options.help || options.version) {
+    return options;
+  }
+
+  if (options.configPath) {
+    applyConfigFile(options, loadConfigFile(options.configPath), specifiedOptions);
+  }
+  applyProfileDefaults(options, specifiedOptions);
+  options.operations = buildConfiguredOperations(options);
+  options.adversarialProbes = normalizeAdversarialProbeSpecs(options.adversarialProbeSpecs);
+
   if (!Number.isInteger(options.timeoutMs) || options.timeoutMs < 100) {
     throw new Error('--timeout must be an integer >= 100');
   }
@@ -264,9 +437,475 @@ export function parseArgs(argv) {
   return options;
 }
 
+function applyProfileDefaults(options, specifiedOptions) {
+  if (!GUARD_PROFILE_NAMES.includes(options.profile)) {
+    throw new Error(`--profile must be one of: ${GUARD_PROFILE_NAMES.join(', ')}`);
+  }
+
+  if (options.profile === 'smoke') {
+    options.probeCapabilities = false;
+    return options;
+  }
+
+  options.probeCapabilities = true;
+
+  if (options.profile === 'registry' && !specifiedOptions.has('repeat')) {
+    options.repeat = 2;
+  }
+
+  if (options.profile === 'ci') {
+    options.json = true;
+    options.failOnStatic = true;
+  }
+
+  if (options.profile === 'strict') {
+    options.json = true;
+    options.failOnStatic = true;
+    if (!specifiedOptions.has('repeat')) {
+      options.repeat = 2;
+    }
+    if (!specifiedOptions.has('adversarialProbes')) {
+      options.adversarialProbeSpecs.push(...STRICT_ADVERSARIAL_PROBE_NAMES);
+    }
+  }
+
+  return options;
+}
+
+function loadConfigFile(configPath) {
+  let raw;
+  try {
+    raw = fs.readFileSync(configPath, 'utf8');
+  } catch (error) {
+    throw new Error(`Failed to read --config ${configPath}: ${error.message}`);
+  }
+
+  try {
+    const parsed = JSON.parse(raw);
+    if (!isObjectRecord(parsed)) {
+      throw new Error('top-level value must be an object');
+    }
+    return parsed;
+  } catch (error) {
+    throw new Error(`--config ${configPath} must be valid JSON: ${error.message}`);
+  }
+}
+
+function applyConfigFile(options, config, specifiedOptions) {
+  const configDir = path.dirname(options.configPath);
+  const command = normalizeConfigCommand(config);
+  const env = normalizeConfigEnv(config);
+  const requests = normalizeConfigRequests(config);
+  const safeToolCalls = normalizeSafeToolCalls(config);
+  const adversarialProbes = normalizeConfigAdversarialProbes(config);
+  const adversarialToolCalls = normalizeConfigAdversarialToolCalls(config);
+  const usesConfigCommand = command.length > 0 && !specifiedOptions.has('command');
+  const usesConfigCwd = typeof config.cwd === 'string' && !specifiedOptions.has('cwd');
+  const usesConfigOperations = !specifiedOptions.has('requestMethod') && !specifiedOptions.has('requestParams');
+  const usesConfigAdversarialProbes = !specifiedOptions.has('adversarialProbes')
+    && (Object.hasOwn(config, 'adversarialProbes') || Object.hasOwn(config, 'adversarialToolCalls'));
+
+  if (usesConfigCommand) {
+    options.command = command;
+  }
+
+  if (usesConfigCwd) {
+    options.cwd = resolveConfigPath(config.cwd, configDir);
+  } else if (config.cwd !== undefined && typeof config.cwd !== 'string') {
+    throw new Error('--config cwd must be a string');
+  }
+
+  if (config.protocol !== undefined && !specifiedOptions.has('protocol')) {
+    if (typeof config.protocol !== 'string' || !config.protocol) {
+      throw new Error('--config protocol must be a non-empty string');
+    }
+    options.protocol = config.protocol;
+  }
+
+  const timeoutField = Object.hasOwn(config, 'timeoutMs') ? 'timeoutMs' : 'timeout';
+  const timeoutValue = config[timeoutField];
+  if (timeoutValue !== undefined && !specifiedOptions.has('timeoutMs')) {
+    options.timeoutMs = normalizeConfigInteger(timeoutValue, timeoutField, 100);
+  }
+
+  if (config.repeat !== undefined && !specifiedOptions.has('repeat')) {
+    options.repeat = normalizeConfigInteger(config.repeat, 'repeat', 1);
+  }
+
+  if (config.profile !== undefined && !specifiedOptions.has('profile')) {
+    if (typeof config.profile !== 'string') {
+      throw new Error('--config profile must be a string');
+    }
+    options.profile = config.profile;
+  }
+
+  if (config.json !== undefined && !specifiedOptions.has('json')) {
+    if (typeof config.json !== 'boolean') {
+      throw new Error('--config json must be a boolean');
+    }
+    options.json = config.json;
+  }
+
+  const scanPath = config.scanPath ?? config.scan;
+  if (scanPath !== undefined && !specifiedOptions.has('scanPath')) {
+    if (typeof scanPath !== 'string') {
+      throw new Error('--config scan must be a string path');
+    }
+    options.scanPath = resolveConfigPath(scanPath, configDir);
+  }
+
+  if (config.failOnStatic !== undefined && !specifiedOptions.has('failOnStatic')) {
+    if (typeof config.failOnStatic !== 'boolean') {
+      throw new Error('--config failOnStatic must be a boolean');
+    }
+    options.failOnStatic = config.failOnStatic;
+  }
+
+  if (Object.keys(env).length) {
+    options.env = { ...env, ...options.env };
+  }
+
+  if (usesConfigOperations) {
+    options.configOperations = [...requests, ...safeToolCalls];
+  }
+
+  if (usesConfigAdversarialProbes) {
+    options.adversarialProbeSpecs = [...adversarialProbes, ...adversarialToolCalls];
+    specifiedOptions.add('adversarialProbes');
+  }
+
+  options.config = {
+    enabled: true,
+    path: options.configPath,
+    resolvedPath: options.configPath,
+    checks: {
+      command: usesConfigCommand,
+      cwd: usesConfigCwd,
+      envNames: Object.keys(env).sort(),
+      requests: usesConfigOperations ? requests.map((request) => request.method) : [],
+      safeToolCalls: usesConfigOperations ? safeToolCalls.map((request) => request.safeToolCallName) : [],
+      adversarialProbes: usesConfigAdversarialProbes ? adversarialProbes.map((probe) => probe.name ?? probe) : [],
+      adversarialToolCalls: usesConfigAdversarialProbes ? adversarialToolCalls.map((probe) => probe.safeToolCallName) : []
+    }
+  };
+}
+
+function normalizeConfigCommand(config) {
+  if (config.command === undefined && config.args === undefined) return [];
+
+  if (Array.isArray(config.command)) {
+    if (!config.command.every((entry) => typeof entry === 'string' && entry)) {
+      throw new Error('--config command array entries must be non-empty strings');
+    }
+    if (config.args !== undefined) {
+      throw new Error('--config args cannot be used when command is an array');
+    }
+    return config.command;
+  }
+
+  if (typeof config.command === 'string' && config.command) {
+    const args = config.args ?? [];
+    if (!Array.isArray(args) || !args.every((entry) => typeof entry === 'string')) {
+      throw new Error('--config args must be an array of strings');
+    }
+    return [config.command, ...args];
+  }
+
+  throw new Error('--config command must be a non-empty string or array of strings');
+}
+
+function normalizeConfigEnv(config) {
+  if (config.env === undefined) return {};
+  if (!isObjectRecord(config.env)) {
+    throw new Error('--config env must be an object');
+  }
+
+  return Object.fromEntries(Object.entries(config.env).map(([name, value]) => {
+    if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(name)) {
+      throw new Error(`--config env contains invalid variable name: ${name}`);
+    }
+    if (!['string', 'number', 'boolean'].includes(typeof value)) {
+      throw new Error(`--config env.${name} must be a string, number, or boolean`);
+    }
+    return [name, String(value)];
+  }));
+}
+
+function normalizeConfigInteger(value, field, minimum) {
+  const normalized = typeof value === 'string' && value.trim() !== '' ? Number(value) : value;
+  if (!Number.isInteger(normalized) || normalized < minimum) {
+    throw new Error(`--config ${field} must be an integer >= ${minimum}`);
+  }
+  return normalized;
+}
+
+function normalizeConfigRequests(config) {
+  const values = [];
+  if (config.request !== undefined) {
+    values.push(config.request);
+  }
+  if (config.requests !== undefined) {
+    if (!Array.isArray(config.requests)) {
+      throw new Error('--config requests must be an array');
+    }
+    values.push(...config.requests);
+  }
+
+  return values.map((request, index) => {
+    if (!isObjectRecord(request)) {
+      throw new Error(`--config requests[${index}] must be an object`);
+    }
+    if (typeof request.method !== 'string' || !request.method) {
+      throw new Error(`--config requests[${index}].method must be a non-empty string`);
+    }
+    return {
+      source: 'config-request',
+      method: request.method,
+      params: request.params
+    };
+  });
+}
+
+function normalizeSafeToolCalls(config) {
+  if (config.safeToolCalls === undefined) return [];
+  if (!Array.isArray(config.safeToolCalls)) {
+    throw new Error('--config safeToolCalls must be an array');
+  }
+
+  return config.safeToolCalls.map((call, index) => {
+    if (!isObjectRecord(call)) {
+      throw new Error(`--config safeToolCalls[${index}] must be an object`);
+    }
+    if (typeof call.name !== 'string' || !call.name) {
+      throw new Error(`--config safeToolCalls[${index}].name must be a non-empty string`);
+    }
+    const argumentsValue = call.arguments ?? {};
+    if (!isObjectRecord(argumentsValue)) {
+      throw new Error(`--config safeToolCalls[${index}].arguments must be an object`);
+    }
+    return {
+      source: 'safe-tool-call',
+      method: 'tools/call',
+      params: {
+        name: call.name,
+        arguments: argumentsValue
+      },
+      safeToolCallName: call.name
+    };
+  });
+}
+
+function normalizeConfigAdversarialProbes(config) {
+  if (config.adversarialProbes === undefined) return [];
+
+  if (config.adversarialProbes === true) {
+    return [...BUILTIN_ADVERSARIAL_PROBE_NAMES];
+  }
+
+  if (config.adversarialProbes === false) {
+    return [];
+  }
+
+  if (typeof config.adversarialProbes === 'string') {
+    return expandAndValidateAdversarialProbeList(config.adversarialProbes, '--config adversarialProbes');
+  }
+
+  if (!Array.isArray(config.adversarialProbes)) {
+    throw new Error('--config adversarialProbes must be a boolean, string, or array of strings');
+  }
+
+  return config.adversarialProbes.flatMap((probe, index) => {
+    if (typeof probe !== 'string') {
+      throw new Error(`--config adversarialProbes[${index}] must be a string`);
+    }
+    return expandAndValidateAdversarialProbeList(probe, `--config adversarialProbes[${index}]`);
+  });
+}
+
+function normalizeConfigAdversarialToolCalls(config) {
+  if (config.adversarialToolCalls === undefined) return [];
+  if (!Array.isArray(config.adversarialToolCalls)) {
+    throw new Error('--config adversarialToolCalls must be an array');
+  }
+
+  return config.adversarialToolCalls.map((call, index) => {
+    if (!isObjectRecord(call)) {
+      throw new Error(`--config adversarialToolCalls[${index}] must be an object`);
+    }
+    if (typeof call.name !== 'string' || !call.name) {
+      throw new Error(`--config adversarialToolCalls[${index}].name must be a non-empty string`);
+    }
+    const argumentsValue = call.arguments ?? {};
+    if (!isObjectRecord(argumentsValue)) {
+      throw new Error(`--config adversarialToolCalls[${index}].arguments must be an object`);
+    }
+    return {
+      name: `safe-tool-invalid-args:${call.name}`,
+      source: 'adversarial-tool-call',
+      method: 'tools/call',
+      params: {
+        name: call.name,
+        arguments: argumentsValue
+      },
+      safeToolCallName: call.name,
+      expectation: 'error',
+      failureCode: 'adversarial-tool-call-result',
+      description: `tools/call for ${call.name} with invalid arguments returns a structured error`,
+      risk: 'Calls a configured safe tool with intentionally invalid arguments; only use for idempotent tools.'
+    };
+  });
+}
+
+function buildConfiguredOperations(options) {
+  if (options.requestMethod) {
+    return [{
+      source: 'cli-request',
+      method: options.requestMethod,
+      params: options.requestParams
+    }];
+  }
+
+  return options.configOperations;
+}
+
+function normalizeGuardOperations(operations) {
+  return operations.map((operation) => ({
+    source: operation.source ?? 'request',
+    method: operation.method,
+    params: operation.params,
+    safeToolCallName: operation.safeToolCallName ?? ''
+  }));
+}
+
+function expandAdversarialProbeList(rawValue, option) {
+  const names = String(rawValue)
+    .split(',')
+    .map((name) => name.trim())
+    .filter(Boolean);
+
+  if (!names.length) {
+    throw new Error(`${option} requires at least one probe name`);
+  }
+
+  if (names.includes('none')) {
+    if (names.length > 1) {
+      throw new Error(`${option} cannot combine none with other probes`);
+    }
+    return [];
+  }
+
+  if (names.includes('all')) {
+    if (names.length > 1) {
+      throw new Error(`${option} cannot combine all with other probes`);
+    }
+    return [...BUILTIN_ADVERSARIAL_PROBE_NAMES];
+  }
+
+  return names;
+}
+
+function expandAndValidateAdversarialProbeList(rawValue, option) {
+  return expandAdversarialProbeList(rawValue, option).map((name) => validateAdversarialProbeName(name, option));
+}
+
+function validateAdversarialProbeName(name, option) {
+  if (!BUILTIN_ADVERSARIAL_PROBES[name]) {
+    throw new Error(`${option} must be one of: ${[...BUILTIN_ADVERSARIAL_PROBE_NAMES, 'all', 'none'].join(', ')}`);
+  }
+  return name;
+}
+
+function normalizeAdversarialProbeSpecs(specs) {
+  const probes = [];
+  const seenBuiltins = new Set();
+
+  for (const spec of specs ?? []) {
+    if (typeof spec === 'string') {
+      for (const name of expandAdversarialProbeList(spec, '--adversarial-probe')) {
+        const definition = BUILTIN_ADVERSARIAL_PROBES[validateAdversarialProbeName(name, '--adversarial-probe')];
+        if (seenBuiltins.has(name)) continue;
+        seenBuiltins.add(name);
+        probes.push({ ...definition });
+      }
+    } else if (isObjectRecord(spec)) {
+      probes.push(normalizeAdversarialProbeObject(spec, '--adversarial-probe'));
+    } else {
+      throw new Error('--adversarial-probe entries must be strings or configured adversarial tool calls');
+    }
+  }
+
+  return probes.map((probe, index) => ({
+    index,
+    safeToolCallName: '',
+    rawLine: '',
+    omitId: false,
+    ...probe
+  }));
+}
+
+function normalizeAdversarialProbeObject(spec, option) {
+  if (typeof spec.name !== 'string' || !spec.name.trim()) {
+    throw new Error(`${option}.name must be a non-empty string`);
+  }
+
+  if (typeof spec.expectation !== 'string' || !SUPPORTED_ADVERSARIAL_EXPECTATIONS.has(spec.expectation)) {
+    throw new Error(`${option}.expectation must be one of: ${[...SUPPORTED_ADVERSARIAL_EXPECTATIONS].join(', ')}`);
+  }
+
+  if (typeof spec.failureCode !== 'string' || !spec.failureCode) {
+    throw new Error(`${option}.failureCode must be a non-empty string`);
+  }
+
+  const rawLine = spec.rawLine ?? '';
+  if (typeof rawLine !== 'string') {
+    throw new Error(`${option}.rawLine must be a string when provided`);
+  }
+
+  const method = spec.method ?? '';
+  if (typeof method !== 'string') {
+    throw new Error(`${option}.method must be a string when provided`);
+  }
+  if (!rawLine && !method) {
+    throw new Error(`${option}.method must be a non-empty string when rawLine is not set`);
+  }
+
+  if (spec.source !== undefined && typeof spec.source !== 'string') {
+    throw new Error(`${option}.source must be a string when provided`);
+  }
+  if (spec.safeToolCallName !== undefined && typeof spec.safeToolCallName !== 'string') {
+    throw new Error(`${option}.safeToolCallName must be a string when provided`);
+  }
+  if (spec.description !== undefined && typeof spec.description !== 'string') {
+    throw new Error(`${option}.description must be a string when provided`);
+  }
+  if (spec.risk !== undefined && typeof spec.risk !== 'string') {
+    throw new Error(`${option}.risk must be a string when provided`);
+  }
+  if (spec.omitId !== undefined && typeof spec.omitId !== 'boolean') {
+    throw new Error(`${option}.omitId must be a boolean when provided`);
+  }
+  if (spec.quietMs !== undefined && (!Number.isInteger(spec.quietMs) || spec.quietMs < 1)) {
+    throw new Error(`${option}.quietMs must be an integer >= 1 when provided`);
+  }
+
+  return {
+    ...spec,
+    name: spec.name.trim(),
+    source: spec.source ?? 'custom',
+    method,
+    rawLine,
+    safeToolCallName: spec.safeToolCallName ?? ''
+  };
+}
+
+function resolveConfigPath(value, configDir) {
+  return path.resolve(configDir, value);
+}
+
 export async function guardRepeatedStdioServer(commandWithArgs, options = {}) {
   const startedAt = Date.now();
   const repeat = options.repeat ?? 1;
+  const adversarialProbes = normalizeAdversarialProbeSpecs(options.adversarialProbes ?? []);
   const runs = [];
   const issues = [];
 
@@ -274,7 +913,7 @@ export async function guardRepeatedStdioServer(commandWithArgs, options = {}) {
     throw new Error('repeat must be an integer >= 1');
   }
 
-  const singleRunOptions = { ...options, repeat: 1 };
+  const singleRunOptions = { ...options, adversarialProbes, repeat: 1 };
 
   for (let index = 1; index <= repeat; index += 1) {
     const run = await guardStdioServer(commandWithArgs, singleRunOptions);
@@ -285,18 +924,29 @@ export async function guardRepeatedStdioServer(commandWithArgs, options = {}) {
     }
   }
 
+  const drift = buildRepeatDrift(runs);
+  for (const issue of repeatDriftIssues(drift)) {
+    issues.push(issue);
+  }
+
   const durationMs = Date.now() - startedAt;
   const result = {
     schemaVersion: JSON_SCHEMA_VERSION,
     ok: !issues.some((issue) => issue.severity === 'error'),
+    profile: options.profile ?? DEFAULT_PROFILE,
     command: commandWithArgs,
+    config: options.config ?? defaultConfigMetadata(),
     protocol: options.protocol ?? DEFAULT_PROTOCOL,
     repeat,
     runs,
     issues,
     checks: {},
+    capabilityProbes: options.probeCapabilities ?? true,
+    adversarial: aggregateRunAdversarial(runs, adversarialProbes),
+    drift,
     staticScan: defaultStaticScan(),
     staticFindings: [],
+    toolSchema: aggregateRunToolSchemaValidation(runs),
     durationMs,
     fingerprint: createFingerprint(commandWithArgs, options)
   };
@@ -310,7 +960,9 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
   const args = commandWithArgs.slice(1);
   const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT;
   const protocol = options.protocol ?? DEFAULT_PROTOCOL;
-  const operation = options.operation || null;
+  const operations = normalizeGuardOperations(options.operations ?? (options.operation ? [options.operation] : []));
+  const adversarialProbes = normalizeAdversarialProbeSpecs(options.adversarialProbes ?? []);
+  const probeCapabilities = options.probeCapabilities ?? true;
   const env = { ...process.env, ...(options.env ?? {}) };
   const issues = [];
   const frames = [];
@@ -319,36 +971,60 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
   let initialized = false;
   let endedByGuard = false;
   let initializeResponseAt = 0;
+  let currentRequest = null;
+  let requestQueue = [];
+  let nextRequestId = 2;
   let timer;
   let child;
 
   const result = {
     schemaVersion: JSON_SCHEMA_VERSION,
     ok: false,
+    profile: options.profile ?? DEFAULT_PROFILE,
     command: commandWithArgs,
+    config: options.config ?? defaultConfigMetadata(),
     protocol,
     negotiatedProtocol: '',
     initialized: false,
-    operation: operation
+    operation: operations.length === 1
       ? {
-          method: operation.method,
+          method: operations[0].method,
+          source: operations[0].source,
+          safeToolCallName: operations[0].safeToolCallName,
           responded: false,
           error: null
         }
       : null,
+    operations: operations.map((operation, index) => ({
+      index,
+      source: operation.source,
+      method: operation.method,
+      safeToolCallName: operation.safeToolCallName,
+      responded: false,
+      error: null
+    })),
     frames,
     issues,
     checks: {},
+    capabilityProbes: probeCapabilities,
+    capabilityKeys: [],
+    capabilityChecks: defaultCapabilityChecks(),
+    adversarial: defaultAdversarialResult(adversarialProbes),
     stderr: '',
     process: defaultProcessInfo(timeoutMs),
     staticScan: defaultStaticScan(),
     staticFindings: [],
+    toolSchema: defaultToolSchemaValidation(),
     durationMs: 0,
     fingerprint: createFingerprint(commandWithArgs, {
       protocol,
       timeoutMs,
       cwd: options.cwd,
-      operation,
+      config: options.config,
+      profile: options.profile,
+      probeCapabilities,
+      adversarialProbes,
+      operations,
       env: options.env
     })
   };
@@ -358,7 +1034,7 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
       issues.push({ ...details, severity, code, message });
     }
 
-    function armTimeout(code, message, timeoutPhase) {
+    function armTimeout(code, message, timeoutPhase, details = {}) {
       clearTimeout(timer);
       result.process.phase = timeoutPhase;
       timer = setTimeout(() => {
@@ -366,7 +1042,10 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
         result.process.timeoutCode = code;
         result.process.timeoutMs = timeoutMs;
         result.process.outcome = 'timeout';
-        addIssue('error', code, message, timeoutIssueDetails(code, timeoutMs, timeoutPhase));
+        addIssue('error', code, message, {
+          ...timeoutIssueDetails(code, timeoutMs, timeoutPhase),
+          ...details
+        });
         finish();
       }, timeoutMs);
     }
@@ -406,6 +1085,346 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
       child.stdin.write(`${JSON.stringify(message)}\n`);
     }
 
+    function sendRaw(line) {
+      if (!child?.stdin?.writable) return;
+      child.stdin.write(`${line}\n`);
+    }
+
+    function enqueueRequest(request) {
+      const needsId = !request.omitId && !request.rawLine;
+      requestQueue.push({
+        ...request,
+        id: needsId ? nextRequestId : null
+      });
+      if (needsId) {
+        nextRequestId += 1;
+      }
+    }
+
+    function startNextRequest() {
+      if (result.durationMs || currentRequest) return;
+      currentRequest = requestQueue.shift() || null;
+      if (!currentRequest) {
+        result.process.phase = 'post-initialize';
+        finishSoon();
+        return;
+      }
+
+      result.process.phase = 'operation';
+      currentRequest.startedAt = Date.now();
+
+      if (currentRequest.kind === 'adversarial') {
+        result.process.phase = 'adversarial';
+        markAdversarialProbeRunning(currentRequest);
+        if (currentRequest.rawLine) {
+          sendRaw(currentRequest.rawLine);
+        } else {
+          const request = {
+            jsonrpc: '2.0',
+            method: currentRequest.method
+          };
+          if (!currentRequest.omitId) {
+            request.id = currentRequest.id;
+          }
+          if (currentRequest.params !== undefined) {
+            request.params = currentRequest.params;
+          }
+          send(request);
+        }
+        if (currentRequest.expectation === 'no-response' || currentRequest.expectation === 'error-or-no-response') {
+          armAdversarialQuietTimer(currentRequest);
+        } else {
+          armAdversarialTimeout(currentRequest);
+        }
+        return;
+      }
+
+      const request = {
+        jsonrpc: '2.0',
+        id: currentRequest.id,
+        method: currentRequest.method
+      };
+      if (currentRequest.params !== undefined) {
+        request.params = currentRequest.params;
+      }
+      send(request);
+      armTimeout(
+        currentRequest.timeoutCode,
+        currentRequest.timeoutMessage,
+        'operation',
+        currentRequest.timeoutDetails
+      );
+    }
+
+    function armAdversarialQuietTimer(request) {
+      clearTimeout(timer);
+      timer = setTimeout(() => {
+        completeAdversarialProbe(request, 'pass');
+        currentRequest = null;
+        startNextRequest();
+      }, request.quietMs);
+    }
+
+    function armAdversarialTimeout(request) {
+      clearTimeout(timer);
+      result.process.phase = 'adversarial';
+      timer = setTimeout(() => {
+        result.process.timedOut = true;
+        result.process.timeoutCode = 'adversarial-probe-timeout';
+        result.process.timeoutMs = timeoutMs;
+        result.process.outcome = 'timeout';
+        failAdversarialProbe(
+          request,
+          'adversarial-probe-timeout',
+          `${request.probeName} adversarial probe did not receive a structured error within ${timeoutMs}ms`,
+          {
+            detailCode: 'adversarial-probe-timeout',
+            phase: 'adversarial',
+            timeoutMs
+          }
+        );
+        finish();
+      }, timeoutMs);
+    }
+
+    function configureCapabilityChecks(capabilities) {
+      result.capabilityKeys = capabilityKeys(capabilities);
+      for (const definition of CAPABILITY_DEFINITIONS) {
+        const check = result.capabilityChecks[definition.name];
+        check.advertised = result.capabilityKeys.includes(definition.name);
+      }
+    }
+
+    function enqueuePostInitializeRequests() {
+      const operationCapabilities = new Set(operations.map((operation) => capabilityNameForMethod(operation.method)).filter(Boolean));
+      for (let operationIndex = 0; operationIndex < operations.length; operationIndex += 1) {
+        const operation = operations[operationIndex];
+        const operationCapability = capabilityNameForMethod(operation.method);
+        enqueueRequest({
+          kind: 'operation',
+          operationIndex,
+          capability: result.capabilityChecks[operationCapability]?.advertised ? operationCapability : '',
+          method: operation.method,
+          params: operation.params,
+          timeoutCode: 'operation-timeout',
+          timeoutMessage: `no ${operation.method} response within ${timeoutMs}ms`,
+          timeoutDetails: {}
+        });
+      }
+
+      if (probeCapabilities) {
+        for (const definition of CAPABILITY_DEFINITIONS) {
+          const check = result.capabilityChecks[definition.name];
+          if (!check.advertised || operationCapabilities.has(definition.name)) continue;
+          enqueueRequest({
+            kind: 'capability',
+            capability: definition.name,
+            method: definition.method,
+            timeoutCode: 'capability-list-timeout',
+            timeoutMessage: `${definition.method} did not receive a response for advertised ${definition.name} capability within ${timeoutMs}ms`,
+            timeoutDetails: {
+              capability: definition.name,
+              method: definition.method,
+              detailCode: 'capability-request-timeout'
+            }
+          });
+        }
+      }
+
+      for (let probeIndex = 0; probeIndex < adversarialProbes.length; probeIndex += 1) {
+        const probe = adversarialProbes[probeIndex];
+        enqueueRequest({
+          kind: 'adversarial',
+          probeIndex,
+          probeName: probe.name,
+          method: probe.method,
+          params: probe.params,
+          rawLine: probe.rawLine,
+          omitId: probe.omitId,
+          expectation: probe.expectation,
+          failureCode: probe.failureCode,
+          quietMs: Math.min(timeoutMs, probe.quietMs ?? ADVERSARIAL_OBSERVATION_MS)
+        });
+      }
+    }
+
+    function handleCurrentRequestResponse(message) {
+      clearTimeout(timer);
+      const request = currentRequest;
+      if (!isJsonRpcResponse(message)) {
+        addIssue('error', 'stdout-unexpected-request-id', `stdout frame with id ${request.id} is not a ${request.method} response`);
+        finish();
+        return;
+      }
+
+      if (request.kind === 'operation') {
+        const operationResult = result.operations[request.operationIndex];
+        operationResult.responded = true;
+        if (result.operation && request.operationIndex === 0) {
+          result.operation.responded = true;
+        }
+        if (message.error) {
+          operationResult.error = message.error;
+          if (result.operation && request.operationIndex === 0) {
+            result.operation.error = message.error;
+          }
+          addIssue('warning', 'operation-error', `${request.method} returned error: ${message.error.message || JSON.stringify(message.error)}`);
+        }
+      }
+
+      if (!message.error && request.method === 'tools/list') {
+        const validation = validateToolsListResult(message.result);
+        result.toolSchema = validation.summary;
+        for (const issue of validation.issues) {
+          addIssue(issue.severity, issue.code, issue.message, issue.details);
+        }
+      }
+
+      if (request.capability) {
+        recordCapabilityListShape(request, message.result);
+        handleCapabilityResponse(request, message);
+      }
+
+      currentRequest = null;
+      startNextRequest();
+    }
+
+    function handleCapabilityResponse(request, message) {
+      const check = result.capabilityChecks[request.capability];
+      check.responded = true;
+      if (!message.error) return;
+
+      check.error = message.error;
+      const unsupported = isUnsupportedMethodError(message.error);
+      const code = unsupported ? 'capability-list-unsupported' : 'capability-list-error';
+      const messageText = unsupported
+        ? `${request.capability} capability is advertised but ${request.method} returned Method not found`
+        : `${request.capability} capability is advertised but ${request.method} returned error: ${message.error.message || JSON.stringify(message.error)}`;
+      addIssue('error', code, messageText, {
+        capability: request.capability,
+        method: request.method,
+        errorCode: message.error.code ?? null
+      });
+    }
+
+    function markAdversarialProbeRunning(request) {
+      const probe = result.adversarial.probes[request.probeIndex];
+      if (!probe) return;
+      probe.status = 'running';
+      probe.started = true;
+    }
+
+    function completeAdversarialProbe(request, status, issueCodes = [], response = {}) {
+      const probe = result.adversarial.probes[request.probeIndex];
+      if (!probe) return;
+      probe.status = status;
+      probe.responded = Boolean(response.responded);
+      probe.error = response.error ?? null;
+      probe.issueCodes = [...new Set(issueCodes)].sort();
+      probe.durationMs = request.startedAt ? Date.now() - request.startedAt : null;
+    }
+
+    function failAdversarialProbe(request, code, message, details = {}, response = {}) {
+      completeAdversarialProbe(request, 'fail', [code], response);
+      addIssue('error', code, message, {
+        probe: request.probeName,
+        method: request.method || '',
+        ...details
+      });
+    }
+
+    function handleAdversarialFrame(message) {
+      clearTimeout(timer);
+      const request = currentRequest;
+
+      if (request.expectation === 'no-response') {
+        failAdversarialProbe(
+          request,
+          request.failureCode,
+          `${request.probeName} adversarial probe received a response to a notification`,
+          {},
+          { responded: true }
+        );
+        finish();
+        return;
+      }
+
+      if (!request.rawLine && !request.omitId && isResponseIdTypeMismatch(message, request.id)) {
+        failAdversarialProbe(
+          request,
+          'response-id-type-mismatch',
+          `${request.probeName} adversarial response id ${JSON.stringify(message.id)} does not exactly match request id ${request.id}`,
+          {},
+          { responded: true }
+        );
+        finish();
+        return;
+      }
+
+      if (!request.rawLine && !request.omitId && isResponseIdMismatch(message, request.id)) {
+        failAdversarialProbe(
+          request,
+          'response-id-mismatch',
+          `${request.probeName} adversarial response id ${JSON.stringify(message.id)} does not match request id ${request.id}`,
+          {},
+          { responded: true }
+        );
+        finish();
+        return;
+      }
+
+      if (!isJsonRpcResponse(message)) {
+        failAdversarialProbe(
+          request,
+          'adversarial-probe-invalid-stdout',
+          `${request.probeName} adversarial probe received a JSON-RPC frame that was not a response`,
+          {},
+          { responded: true }
+        );
+        finish();
+        return;
+      }
+
+      if (message.error) {
+        completeAdversarialProbe(request, 'pass', [], {
+          responded: true,
+          error: {
+            code: message.error.code,
+            message: message.error.message
+          }
+        });
+        currentRequest = null;
+        startNextRequest();
+        return;
+      }
+
+      failAdversarialProbe(
+        request,
+        request.failureCode,
+        `${request.probeName} adversarial probe returned success where a structured error was expected`,
+        {},
+        { responded: true }
+      );
+      finish();
+    }
+
+    function recordCapabilityListShape(request, responseResult) {
+      if (!isObjectRecord(responseResult)) return;
+      const check = result.capabilityChecks[request.capability];
+      const items = responseResult[request.capability];
+      if (check && Array.isArray(items)) {
+        check.itemCount = items.length;
+      }
+    }
+
+    function addCapabilityMissingResponseIssue(request) {
+      addIssue('error', 'capability-list-missing-response', `${request.method} did not receive a response before server exit`, {
+        capability: request.capability,
+        method: request.method,
+        detailCode: 'capability-missing-response'
+      });
+    }
+
     const pythonBufferingIssue = detectPythonBufferingIssue(commandWithArgs, env);
     if (pythonBufferingIssue) {
       addIssue('warning', 'python-buffered-stdio', pythonBufferingIssue);
@@ -462,8 +1481,10 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
       if (result.durationMs) return;
       clearTimeout(timer);
       const exitPhase = initialized
-        ? result.operation && !result.operation.responded
-          ? 'operation'
+        ? currentRequest
+          ? currentRequest.kind === 'adversarial'
+            ? 'adversarial'
+            : 'operation'
           : 'post-initialize'
         : 'initialize';
       result.process.phase = exitPhase;
@@ -473,8 +1494,29 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
       if (stdoutBuffer.trim()) {
         addIssue('error', 'stdout-without-newline', `stdout ended with an incomplete JSON-RPC frame: ${quote(stdoutBuffer)}`);
       }
-      if (!endedByGuard && initialized && result.operation && !result.operation.responded) {
-        addIssue('error', 'operation-missing-response', `${result.operation.method} did not receive a response before server exit`, exitIssueDetails('during-operation', code, signal));
+      if (!endedByGuard && initialized && currentRequest?.kind === 'adversarial') {
+        result.process.phase = 'adversarial';
+        failAdversarialProbe(
+          currentRequest,
+          'adversarial-probe-crash',
+          `server exited during ${currentRequest.probeName} adversarial probe (code ${code ?? 'null'}, signal ${signal ?? 'null'})`,
+          adversarialExitIssueDetails(code, signal)
+        );
+        finish();
+        return;
+      }
+      if (!endedByGuard && initialized && currentRequest?.kind === 'operation') {
+        const operationResult = result.operations[currentRequest.operationIndex];
+        if (operationResult && !operationResult.responded) {
+          addIssue('error', 'operation-missing-response', `${operationResult.method} did not receive a response before server exit`, {
+            ...exitIssueDetails('during-operation', code, signal),
+            operationIndex: currentRequest.operationIndex,
+            method: operationResult.method
+          });
+        }
+      }
+      if (!endedByGuard && initialized && currentRequest?.capability) {
+        addCapabilityMissingResponseIssue(currentRequest);
       }
       if (!endedByGuard && initialized && isAbnormalExit(code, signal)) {
         addIssue('error', 'server-crashed', `server exited after initialize (code ${code ?? 'null'}, signal ${signal ?? 'null'})`, exitIssueDetails('after-initialize', code, signal));
@@ -516,17 +1558,42 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
         message = JSON.parse(line);
       } catch {
         addIssue('error', 'stdout-non-json', `stdout line ${frames.length + 1} is not JSON-RPC: ${quote(line)}`);
+        if (currentRequest?.kind === 'adversarial') {
+          failAdversarialProbe(
+            currentRequest,
+            'adversarial-probe-invalid-stdout',
+            `${currentRequest.probeName} adversarial probe received non-JSON stdout`,
+            {},
+            { responded: true }
+          );
+          finish();
+        }
         return;
       }
 
       const validation = validateJsonRpc(message);
       if (validation) {
         addIssue('error', 'stdout-invalid-json-rpc', validation);
+        if (currentRequest?.kind === 'adversarial') {
+          failAdversarialProbe(
+            currentRequest,
+            'adversarial-probe-invalid-stdout',
+            `${currentRequest.probeName} adversarial probe received invalid JSON-RPC stdout`,
+            {},
+            { responded: true }
+          );
+          finish();
+        }
         return;
       }
 
       frames.push(message);
 
+      if (initialized && currentRequest?.kind === 'adversarial') {
+        handleAdversarialFrame(message);
+        return;
+      }
+
       if (!initialized && isResponseIdTypeMismatch(message, 1)) {
         clearTimeout(timer);
         addIssue('error', 'response-id-type-mismatch', `initialize response id ${JSON.stringify(message.id)} does not exactly match request id 1`);
@@ -566,50 +1633,26 @@ export async function guardStdioServer(commandWithArgs, options = {}) {
         }
 
         initialized = true;
-        result.process.phase = operation ? 'operation' : 'post-initialize';
+        configureCapabilityChecks(message.result.capabilities);
+        result.process.phase = 'post-initialize';
         result.negotiatedProtocol = message.result?.protocolVersion || '';
         send({ jsonrpc: '2.0', method: 'notifications/initialized' });
-        if (operation) {
-          const request = {
-            jsonrpc: '2.0',
-            id: 2,
-            method: operation.method
-          };
-          if (operation.params !== undefined) {
-            request.params = operation.params;
-          }
-          send(request);
-          armTimeout('operation-timeout', `no ${operation.method} response within ${timeoutMs}ms`, 'operation');
-        } else {
-          finishSoon();
-        }
-      } else if (initialized && !operation && isJsonRpcResponse(message)) {
+        enqueuePostInitializeRequests();
+        startNextRequest();
+      } else if (initialized && currentRequest && isResponseIdTypeMismatch(message, currentRequest.id)) {
         clearTimeout(timer);
-        addIssue('error', 'notification-response', 'server sent a JSON-RPC response after notifications/initialized without an outstanding request');
+        addIssue('error', 'response-id-type-mismatch', `${currentRequest.method} response id ${JSON.stringify(message.id)} does not exactly match request id ${currentRequest.id}`);
         finish();
-      } else if (initialized && operation && isResponseIdTypeMismatch(message, 2)) {
+      } else if (initialized && currentRequest && isResponseIdMismatch(message, currentRequest.id)) {
         clearTimeout(timer);
-        addIssue('error', 'response-id-type-mismatch', `${operation.method} response id ${JSON.stringify(message.id)} does not exactly match request id 2`);
+        addIssue('error', 'response-id-mismatch', `${currentRequest.method} response id ${JSON.stringify(message.id)} does not match request id ${currentRequest.id}`);
         finish();
-      } else if (initialized && operation && isResponseIdMismatch(message, 2)) {
+      } else if (initialized && currentRequest && message.id === currentRequest.id) {
+        handleCurrentRequestResponse(message);
+      } else if (initialized && !currentRequest && isJsonRpcResponse(message)) {
         clearTimeout(timer);
-        addIssue('error', 'response-id-mismatch', `${operation.method} response id ${JSON.stringify(message.id)} does not match request id 2`);
+        addIssue('error', 'notification-response', 'server sent a JSON-RPC response after notifications/initialized without an outstanding request');
         finish();
-      } else if (initialized && operation && message.id === 2) {
-        clearTimeout(timer);
-        if (!isJsonRpcResponse(message)) {
-          addIssue('error', 'stdout-unexpected-request-id', `stdout frame with id 2 is not a ${operation.method} response`);
-          finish();
-          return;
-        }
-
-        result.operation.responded = true;
-        result.process.phase = 'post-initialize';
-        if (message.error) {
-          result.operation.error = message.error;
-          addIssue('warning', 'operation-error', `${operation.method} returned error: ${message.error.message || JSON.stringify(message.error)}`);
-        }
-        finishSoon();
       }
     }
   });
@@ -655,12 +1698,41 @@ function defaultProcessInfo(timeoutMs) {
 
 function timeoutIssueDetails(code, timeoutMs, phase) {
   return {
-    detailCode: code === 'operation-timeout' ? 'request-timeout' : 'startup-timeout',
+    detailCode: code === 'operation-timeout'
+      ? 'request-timeout'
+      : code === 'capability-list-timeout'
+        ? 'capability-request-timeout'
+        : 'startup-timeout',
     phase,
     timeoutMs
   };
 }
 
+function defaultCapabilityChecks() {
+  return Object.fromEntries(CAPABILITY_DEFINITIONS.map((definition) => [
+    definition.name,
+    {
+      advertised: false,
+      method: definition.method,
+      responded: false,
+      itemCount: null,
+      error: null
+    }
+  ]));
+}
+
+function capabilityNameForMethod(method) {
+  return CAPABILITY_DEFINITIONS.find((definition) => definition.method === method)?.name ?? '';
+}
+
+function capabilityKeys(capabilities) {
+  return isObjectRecord(capabilities) ? Object.keys(capabilities).sort() : [];
+}
+
+function isUnsupportedMethodError(error) {
+  return error?.code === -32601 || /method not found/i.test(error?.message || '');
+}
+
 function exitIssueDetails(position, code, signal) {
   return {
     detailCode: exitDetailCode(position, code, signal),
@@ -674,6 +1746,15 @@ function exitIssueDetails(position, code, signal) {
   };
 }
 
+function adversarialExitIssueDetails(code, signal) {
+  return {
+    detailCode: exitDetailCode('during-adversarial', code, signal),
+    phase: 'adversarial',
+    exitCode: code,
+    signal
+  };
+}
+
 function exitDetailCode(position, code, signal) {
   if (signal) return `signal-exit-${position}`;
   if (code === 0) return `clean-exit-${position}`;
@@ -786,35 +1867,286 @@ function validateInitializeResult(result) {
     });
   }
 
-  if (!Object.hasOwn(result, 'capabilities')) {
-    issues.push({
-      severity: 'error',
-      code: 'initialize-missing-capabilities',
-      message: 'initialize result is missing capabilities'
-    });
-  } else if (!result.capabilities || typeof result.capabilities !== 'object' || Array.isArray(result.capabilities)) {
-    issues.push({
-      severity: 'error',
-      code: 'initialize-invalid-capabilities',
-      message: 'initialize result capabilities must be an object'
-    });
+  if (!Object.hasOwn(result, 'capabilities')) {
+    issues.push({
+      severity: 'error',
+      code: 'initialize-missing-capabilities',
+      message: 'initialize result is missing capabilities'
+    });
+  } else if (!result.capabilities || typeof result.capabilities !== 'object' || Array.isArray(result.capabilities)) {
+    issues.push({
+      severity: 'error',
+      code: 'initialize-invalid-capabilities',
+      message: 'initialize result capabilities must be an object'
+    });
+  }
+
+  if (!Object.hasOwn(result, 'serverInfo')) {
+    issues.push({
+      severity: 'warning',
+      code: 'initialize-missing-server-info',
+      message: 'initialize result is missing serverInfo'
+    });
+  } else if (!result.serverInfo || typeof result.serverInfo !== 'object' || Array.isArray(result.serverInfo)) {
+    issues.push({
+      severity: 'warning',
+      code: 'initialize-invalid-server-info',
+      message: 'initialize result serverInfo should be an object'
+    });
+  }
+
+  return issues;
+}
+
+function validateToolsListResult(result) {
+  const summary = {
+    ...defaultToolSchemaValidation(),
+    checked: true
+  };
+  const issues = [];
+
+  if (!isObjectRecord(result) || !Array.isArray(result.tools)) {
+    addToolSchemaIssue(issues, 'error', 'tools-list-invalid-result', 'tools/list result must be an object with a tools array');
+    summary.errorCount = 1;
+    return { summary, issues };
+  }
+
+  summary.toolCount = result.tools.length;
+  const seenNames = new Map();
+
+  for (let index = 0; index < result.tools.length; index += 1) {
+    const tool = result.tools[index];
+    let toolValid = true;
+
+    if (!isObjectRecord(tool)) {
+      addToolSchemaIssue(issues, 'error', 'tools-list-invalid-result', `tools[${index}] must be an object`, { toolIndex: index });
+      continue;
+    }
+
+    const name = validateToolName(tool, index, issues);
+    toolValid = Boolean(name);
+    if (name) {
+      summary.toolNames.push(name);
+      if (seenNames.has(name)) {
+        const firstToolIndex = seenNames.get(name);
+        toolValid = false;
+        summary.duplicateNames.push(name);
+        addToolSchemaIssue(
+          issues,
+          'error',
+          'tool-name-duplicate',
+          `tools/list returned duplicate tool name ${JSON.stringify(name)}`,
+          { toolIndex: index, firstToolIndex, toolName: name }
+        );
+      } else {
+        seenNames.set(name, index);
+      }
+    }
+
+    if (typeof tool.description !== 'string' || !tool.description.trim()) {
+      addToolSchemaIssue(
+        issues,
+        'warning',
+        'tool-description-missing',
+        name
+          ? `tool ${JSON.stringify(name)} is missing a non-empty description`
+          : `tools[${index}] is missing a non-empty description`,
+        { toolIndex: index, toolName: name || '' }
+      );
+    }
+
+    if (!Object.hasOwn(tool, 'inputSchema')) {
+      addToolSchemaIssue(
+        issues,
+        'error',
+        'tool-input-schema-invalid',
+        name
+          ? `tool ${JSON.stringify(name)} is missing inputSchema`
+          : `tools[${index}] is missing inputSchema`,
+        { toolIndex: index, toolName: name || '', schemaPath: 'inputSchema' }
+      );
+      toolValid = false;
+    } else {
+      toolValid = validateInputSchema(tool.inputSchema, {
+        toolIndex: index,
+        toolName: name || '',
+        schemaPath: 'inputSchema'
+      }, issues) && toolValid;
+    }
+
+    if (toolValid) {
+      summary.validToolCount += 1;
+    }
+  }
+
+  summary.duplicateNames = [...new Set(summary.duplicateNames)].sort();
+  summary.toolNames = [...new Set(summary.toolNames)].sort();
+  summary.errorCount = issues.filter((issue) => issue.severity === 'error').length;
+  summary.warningCount = issues.filter((issue) => issue.severity === 'warning').length;
+  return { summary, issues };
+}
+
+function validateToolName(tool, index, issues) {
+  if (typeof tool.name !== 'string' || !tool.name.trim() || tool.name !== tool.name.trim()) {
+    addToolSchemaIssue(issues, 'error', 'tool-name-invalid', `tools[${index}] name must be a stable non-empty string`, {
+      toolIndex: index,
+      toolName: typeof tool.name === 'string' ? tool.name : ''
+    });
+    return '';
+  }
+
+  return tool.name;
+}
+
+function validateInputSchema(schema, context, issues) {
+  return validateSchemaValue(schema, context, issues);
+}
+
+function validateSchemaValue(schema, context, issues) {
+  if (typeof schema === 'boolean') {
+    return true;
+  }
+
+  return validateSchemaObject(schema, context, issues);
+}
+
+function validateSchemaObject(schema, context, issues) {
+  if (!isObjectRecord(schema)) {
+    addToolSchemaIssue(issues, 'error', 'tool-input-schema-invalid', `${context.schemaPath} must be a JSON Schema object or boolean schema`, context);
+    return false;
+  }
+
+  let valid = true;
+
+  if (Object.hasOwn(schema, 'type') && !isValidJsonSchemaType(schema.type)) {
+    valid = false;
+    addToolSchemaIssue(issues, 'error', 'tool-input-schema-invalid', `${context.schemaPath}.type must be a string or array of strings`, context);
+  }
+
+  if (Object.hasOwn(schema, 'properties')) {
+    if (!isObjectRecord(schema.properties)) {
+      valid = false;
+      addToolSchemaIssue(issues, 'error', 'tool-input-schema-invalid', `${context.schemaPath}.properties must be an object`, context);
+    } else {
+      for (const [propertyName, propertySchema] of Object.entries(schema.properties)) {
+        valid = validateSchemaValue(propertySchema, {
+          ...context,
+          schemaPath: `${context.schemaPath}.properties.${propertyName}`
+        }, issues) && valid;
+      }
+    }
+  }
+
+  if (Object.hasOwn(schema, 'required')) {
+    valid = validateRequired(schema, context, issues) && valid;
+  }
+
+  if (Object.hasOwn(schema, 'items')) {
+    valid = validateSchemaValueOrArray(schema.items, {
+      ...context,
+      schemaPath: `${context.schemaPath}.items`
+    }, issues) && valid;
+  }
+
+  if (Object.hasOwn(schema, 'additionalProperties') && typeof schema.additionalProperties !== 'boolean') {
+    valid = validateSchemaObject(schema.additionalProperties, {
+      ...context,
+      schemaPath: `${context.schemaPath}.additionalProperties`
+    }, issues) && valid;
+  }
+
+  for (const keyword of ['allOf', 'anyOf', 'oneOf']) {
+    if (Object.hasOwn(schema, keyword)) {
+      valid = validateSchemaArray(schema[keyword], {
+        ...context,
+        schemaPath: `${context.schemaPath}.${keyword}`
+      }, issues) && valid;
+    }
+  }
+
+  if (Object.hasOwn(schema, 'enum') && !Array.isArray(schema.enum)) {
+    valid = false;
+    addToolSchemaIssue(issues, 'error', 'tool-input-schema-invalid', `${context.schemaPath}.enum must be an array`, context);
+  }
+
+  return valid;
+}
+
+function validateSchemaValueOrArray(value, context, issues) {
+  if (Array.isArray(value)) {
+    return validateSchemaArray(value, context, issues);
+  }
+
+  return validateSchemaValue(value, context, issues);
+}
+
+function validateSchemaArray(value, context, issues) {
+  if (!Array.isArray(value) || !value.length) {
+    addToolSchemaIssue(issues, 'error', 'tool-input-schema-invalid', `${context.schemaPath} must be a non-empty array of schemas`, context);
+    return false;
+  }
+
+  let valid = true;
+  for (let index = 0; index < value.length; index += 1) {
+    valid = validateSchemaValue(value[index], {
+      ...context,
+      schemaPath: `${context.schemaPath}[${index}]`
+    }, issues) && valid;
+  }
+  return valid;
+}
+
+function validateRequired(schema, context, issues) {
+  if (!Array.isArray(schema.required) || schema.required.some((entry) => typeof entry !== 'string' || !entry)) {
+    addToolSchemaIssue(issues, 'error', 'tool-input-schema-invalid', `${context.schemaPath}.required must be an array of non-empty strings`, context);
+    return false;
+  }
+
+  let valid = true;
+  const seen = new Set();
+  for (const propertyName of schema.required) {
+    if (seen.has(propertyName)) {
+      valid = false;
+      addToolSchemaIssue(issues, 'error', 'tool-input-schema-invalid', `${context.schemaPath}.required must not contain duplicate entries`, {
+        ...context,
+        propertyName
+      });
+    }
+    seen.add(propertyName);
+
+    if (!isObjectRecord(schema.properties) || !Object.hasOwn(schema.properties, propertyName)) {
+      valid = false;
+      addToolSchemaIssue(
+        issues,
+        'error',
+        'tool-input-schema-required-missing',
+        `${context.schemaPath}.required references missing property ${JSON.stringify(propertyName)}`,
+        { ...context, propertyName }
+      );
+    }
   }
 
-  if (!Object.hasOwn(result, 'serverInfo')) {
-    issues.push({
-      severity: 'warning',
-      code: 'initialize-missing-server-info',
-      message: 'initialize result is missing serverInfo'
-    });
-  } else if (!result.serverInfo || typeof result.serverInfo !== 'object' || Array.isArray(result.serverInfo)) {
-    issues.push({
-      severity: 'warning',
-      code: 'initialize-invalid-server-info',
-      message: 'initialize result serverInfo should be an object'
-    });
+  return valid;
+}
+
+function isValidJsonSchemaType(value) {
+  if (typeof value === 'string') {
+    return JSON_SCHEMA_TYPES.has(value);
   }
+  return Array.isArray(value) && value.length > 0 && value.every((entry) => typeof entry === 'string' && JSON_SCHEMA_TYPES.has(entry));
+}
 
-  return issues;
+function addToolSchemaIssue(issues, severity, code, message, details = {}) {
+  issues.push({
+    severity,
+    code,
+    message,
+    details
+  });
+}
+
+function isObjectRecord(value) {
+  return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
 }
 
 export function classifyIssueCode(code) {
@@ -823,7 +2155,8 @@ export function classifyIssueCode(code) {
 
 export function createFingerprint(commandWithArgs, options = {}) {
   const cwd = path.resolve(options.cwd ?? process.cwd());
-  const operation = options.operation || null;
+  const operations = normalizeGuardOperations(options.operations ?? (options.operation ? [options.operation] : []));
+  const adversarialProbes = normalizeAdversarialProbeSpecs(options.adversarialProbes ?? []);
 
   return {
     guard: {
@@ -841,14 +2174,32 @@ export function createFingerprint(commandWithArgs, options = {}) {
       exists: fs.existsSync(cwd)
     },
     protocol: options.protocol ?? DEFAULT_PROTOCOL,
+    config: options.config ?? defaultConfigMetadata(),
+    profile: options.profile ?? DEFAULT_PROFILE,
     timeoutMs: options.timeoutMs ?? DEFAULT_TIMEOUT,
     repeat: options.repeat ?? 1,
-    operation: operation
+    capabilityProbes: options.probeCapabilities ?? true,
+    adversarialProbes: adversarialProbes.map((probe) => ({
+      name: probe.name,
+      source: probe.source,
+      method: probe.method || '',
+      safeToolCallName: probe.safeToolCallName || '',
+      expectation: probe.expectation
+    })),
+    operation: operations.length === 1
       ? {
-          method: operation.method,
-          hasParams: operation.params !== undefined
+          method: operations[0].method,
+          hasParams: operations[0].params !== undefined,
+          source: operations[0].source,
+          safeToolCallName: operations[0].safeToolCallName
         }
       : null,
+    operations: operations.map((operation) => ({
+      method: operation.method,
+      hasParams: operation.params !== undefined,
+      source: operation.source,
+      safeToolCallName: operation.safeToolCallName
+    })),
     system: {
       platform: process.platform,
       arch: process.arch,
@@ -1171,9 +2522,22 @@ function isNpxCommand(base) {
 
 function finalizeResult(result) {
   result.schemaVersion = JSON_SCHEMA_VERSION;
+  result.config ??= defaultConfigMetadata();
+  result.profile ??= DEFAULT_PROFILE;
+  result.capabilityProbes ??= true;
+  result.adversarial ??= defaultAdversarialResult();
+  result.operations ??= result.operation ? [{
+    index: 0,
+    source: result.operation.source ?? 'request',
+    method: result.operation.method,
+    safeToolCallName: result.operation.safeToolCallName ?? '',
+    responded: Boolean(result.operation.responded),
+    error: result.operation.error ?? null
+  }] : [];
   result.staticScan ??= defaultStaticScan();
   result.staticFindings ??= [];
   result.issues = normalizeIssues(result.issues ?? []);
+  finalizeAdversarialResult(result);
   result.ok = !result.issues.some((issue) => issue.severity === 'error');
   result.checks = buildChecks(result);
   result.issueClasses = buildIssueClasses(result.issues);
@@ -1181,6 +2545,17 @@ function finalizeResult(result) {
   return result;
 }
 
+function finalizeAdversarialResult(result) {
+  if (!result.adversarial?.enabled) return;
+  for (const probe of result.adversarial.probes) {
+    if (probe.status === 'pending' || probe.status === 'running') {
+      probe.status = 'skipped';
+      probe.durationMs ??= null;
+    }
+    probe.issueCodes = [...new Set(probe.issueCodes ?? [])].sort();
+  }
+}
+
 function finalizeFingerprint(result) {
   if (!result.fingerprint) return;
   result.fingerprint.timings ??= {};
@@ -1216,6 +2591,15 @@ function buildChecks(result) {
     operation: repeated
       ? aggregateRunCheck(result, 'operation')
       : buildOperationCheck(result, issues),
+    capabilities: repeated
+      ? aggregateCapabilityChecks(result)
+      : buildCapabilityChecks(result, issues),
+    toolSchema: repeated
+      ? aggregateRunCheck(result, 'toolSchema')
+      : buildToolSchemaCheck(result, issues),
+    adversarial: repeated
+      ? aggregateRunCheck(result, 'adversarial')
+      : buildAdversarialCheck(result, issues),
     process: buildIssueCheck(issues, (issue) => PROCESS_ISSUE_CODES.has(issue.code)),
     pythonBuffering: buildIssueCheck(issues, (issue) => issue.code === 'python-buffered-stdio'),
     staticScan: buildStaticScanCheck(result, issues),
@@ -1241,7 +2625,13 @@ function buildInitializeCheck(result, issues) {
 }
 
 function buildOperationCheck(result, issues) {
-  if (!result.operation) {
+  const operations = result.operations?.length
+    ? result.operations
+    : result.operation
+      ? [result.operation]
+      : [];
+
+  if (!operations.length) {
     return makeCheck('skipped', []);
   }
 
@@ -1251,14 +2641,130 @@ function buildOperationCheck(result, issues) {
 
   const matched = issues.filter((issue) => (
     OPERATION_ISSUE_CODES.has(issue.code)
-    || (!result.operation.responded && STDOUT_ISSUE_CODES.has(issue.code))
-    || (!result.operation.responded && JSON_RPC_ISSUE_CODES.has(issue.code))
+    || (operations.some((operation) => !operation.responded) && STDOUT_ISSUE_CODES.has(issue.code))
+    || (operations.some((operation) => !operation.responded) && JSON_RPC_ISSUE_CODES.has(issue.code))
+  ));
+  if (matched.length) {
+    return makeCheck(statusFromIssues(matched), matched);
+  }
+
+  return makeCheck(operations.every((operation) => operation.responded) ? 'pass' : 'fail', []);
+}
+
+function buildToolSchemaCheck(result, issues) {
+  if (!result.toolSchema?.checked) {
+    return makeCheck('skipped', []);
+  }
+
+  const matched = issues.filter((issue) => TOOL_SCHEMA_ISSUE_CODES.has(issue.code));
+  if (matched.length) {
+    return makeCheck(statusFromIssues(matched), matched);
+  }
+
+  return makeCheck('pass', []);
+}
+
+function buildAdversarialCheck(result, issues) {
+  if (!result.adversarial?.enabled) {
+    return makeCheck('skipped', []);
+  }
+
+  const probeNames = new Set(result.adversarial.probes.map((probe) => probe.name));
+  const matched = issues.filter((issue) => (
+    ADVERSARIAL_ISSUE_CODES.has(issue.code)
+    || (probeNames.has(issue.probe) && issue.class === ISSUE_CLASSES.MCP_PROTOCOL)
   ));
   if (matched.length) {
     return makeCheck(statusFromIssues(matched), matched);
   }
 
-  return makeCheck(result.operation.responded ? 'pass' : 'fail', []);
+  const active = result.adversarial.probes.filter((probe) => probe.status !== 'skipped');
+  if (!result.initialized || !active.length) {
+    return makeCheck('skipped', []);
+  }
+
+  return makeCheck(active.every((probe) => probe.status === 'pass') ? 'pass' : 'fail', []);
+}
+
+function buildCapabilityChecks(result, issues) {
+  const checks = {};
+  for (const definition of CAPABILITY_DEFINITIONS) {
+    const state = result.capabilityChecks?.[definition.name] ?? defaultCapabilityChecks()[definition.name];
+    const matched = issues.filter((issue) => (
+      CAPABILITY_ISSUE_CODES.has(issue.code)
+      && issue.capability === definition.name
+    ));
+    if (!result.initialized || !state.advertised || result.capabilityProbes === false) {
+      checks[definition.name] = makeCapabilityCheck('skipped', matched, state);
+    } else if (matched.length) {
+      checks[definition.name] = makeCapabilityCheck(statusFromIssues(matched), matched, state);
+    } else {
+      checks[definition.name] = makeCapabilityCheck(state.responded ? 'pass' : 'fail', matched, state);
+    }
+  }
+
+  const active = Object.values(checks).filter((check) => check.status !== 'skipped');
+  const status = active.length
+    ? active.some((check) => check.status === 'fail')
+      ? 'fail'
+      : active.some((check) => check.status === 'warning')
+        ? 'warning'
+        : 'pass'
+    : 'skipped';
+  return {
+    status,
+    issueCodes: [...new Set(active.flatMap((check) => check.issueCodes))].sort(),
+    ...checks
+  };
+}
+
+function aggregateCapabilityChecks(result) {
+  const checks = {};
+  for (const definition of CAPABILITY_DEFINITIONS) {
+    const runChecks = result.runs
+      .map((run) => run.checks?.capabilities?.[definition.name])
+      .filter(Boolean);
+    const activeRunChecks = runChecks.filter((check) => check.status !== 'skipped');
+    const state = aggregateCapabilityState(definition, runChecks);
+    if (!activeRunChecks.length) {
+      checks[definition.name] = makeAggregatedCapabilityCheck('skipped', [], state);
+    } else {
+      const status = activeRunChecks.some((check) => check.status === 'fail')
+        ? 'fail'
+        : activeRunChecks.some((check) => check.status === 'warning')
+          ? 'warning'
+          : 'pass';
+      checks[definition.name] = makeAggregatedCapabilityCheck(status, activeRunChecks, state);
+    }
+  }
+
+  const active = Object.values(checks).filter((check) => check.status !== 'skipped');
+  const status = active.length
+    ? active.some((check) => check.status === 'fail')
+      ? 'fail'
+      : active.some((check) => check.status === 'warning')
+        ? 'warning'
+        : 'pass'
+    : 'skipped';
+  return {
+    status,
+    issueCodes: [...new Set(active.flatMap((check) => check.issueCodes))].sort(),
+    ...checks
+  };
+}
+
+function aggregateCapabilityState(definition, runChecks) {
+  const itemCounts = [...new Set(
+    runChecks
+      .map((check) => check.itemCount)
+      .filter((itemCount) => Number.isInteger(itemCount))
+  )];
+  return {
+    advertised: runChecks.some((check) => check.advertised),
+    method: definition.method,
+    responded: runChecks.some((check) => check.responded),
+    itemCount: itemCounts.length === 1 ? itemCounts[0] : null
+  };
 }
 
 function buildStaticScanCheck(result, issues) {
@@ -1284,8 +2790,16 @@ function buildRepeatCheck(result) {
   }
 
   const failedRuns = result.runs.filter((run) => !run.ok).map((run) => run.run);
+  const repeatIssues = (result.issues ?? []).filter((issue) => (
+    issue.run || REPEAT_DRIFT_ISSUE_CODES.has(issue.code)
+  ));
+  const status = failedRuns.length
+    ? 'fail'
+    : repeatIssues.some((issue) => issue.severity === 'warning')
+      ? 'warning'
+      : 'pass';
   return {
-    ...makeCheck(failedRuns.length ? 'fail' : 'pass', result.issues ?? []),
+    ...makeCheck(status, repeatIssues),
     runs: result.runs.length,
     passedRuns: result.runs.length - failedRuns.length,
     failedRuns
@@ -1327,6 +2841,102 @@ function makeCheck(status, issues) {
   };
 }
 
+function makeCapabilityCheck(status, issues, state) {
+  return {
+    ...makeCheck(status, issues),
+    advertised: Boolean(state.advertised),
+    method: state.method,
+    responded: Boolean(state.responded),
+    itemCount: Number.isInteger(state.itemCount) ? state.itemCount : null
+  };
+}
+
+function makeAggregatedCapabilityCheck(status, checks, state) {
+  return {
+    status,
+    issueCodes: [...new Set(checks.flatMap((check) => check.issueCodes ?? []))].sort(),
+    advertised: Boolean(state.advertised),
+    method: state.method,
+    responded: Boolean(state.responded),
+    itemCount: Number.isInteger(state.itemCount) ? state.itemCount : null
+  };
+}
+
+function defaultConfigMetadata() {
+  return {
+    enabled: false,
+    path: '',
+    resolvedPath: '',
+    checks: {
+      command: false,
+      cwd: false,
+      envNames: [],
+      requests: [],
+      safeToolCalls: [],
+      adversarialProbes: [],
+      adversarialToolCalls: []
+    }
+  };
+}
+
+function defaultAdversarialResult(probes = []) {
+  return {
+    enabled: probes.length > 0,
+    probes: probes.map((probe, index) => ({
+      index,
+      name: probe.name,
+      source: probe.source,
+      method: probe.method || '',
+      safeToolCallName: probe.safeToolCallName || '',
+      expectation: probe.expectation,
+      description: probe.description,
+      risk: probe.risk,
+      status: 'pending',
+      started: false,
+      responded: false,
+      error: null,
+      issueCodes: [],
+      durationMs: null
+    }))
+  };
+}
+
+function aggregateRunAdversarial(runs, probes = []) {
+  if (!probes.length) {
+    return defaultAdversarialResult();
+  }
+
+  return {
+    enabled: true,
+    probes: probes.map((probe, index) => {
+      const runProbes = runs
+        .map((run) => run.adversarial?.probes?.[index])
+        .filter(Boolean);
+      const active = runProbes.filter((runProbe) => runProbe.status !== 'skipped');
+      const status = active.length
+        ? active.some((runProbe) => runProbe.status === 'fail')
+          ? 'fail'
+          : active.every((runProbe) => runProbe.status === 'pass')
+            ? 'pass'
+            : 'warning'
+        : 'skipped';
+      return {
+        index,
+        name: probe.name,
+        source: probe.source,
+        method: probe.method || '',
+        safeToolCallName: probe.safeToolCallName || '',
+        expectation: probe.expectation,
+        description: probe.description,
+        risk: probe.risk,
+        status,
+        runs: runProbes.length,
+        issueCodes: [...new Set(runProbes.flatMap((runProbe) => runProbe.issueCodes ?? []))].sort()
+      };
+    })
+  };
+}
+
 function defaultStaticScan() {
   return {
     enabled: false,
@@ -1335,6 +2945,253 @@ function defaultStaticScan() {
   };
 }
 
+function defaultToolSchemaValidation() {
+  return {
+    checked: false,
+    toolCount: 0,
+    toolNames: [],
+    validToolCount: 0,
+    warningCount: 0,
+    errorCount: 0,
+    duplicateNames: []
+  };
+}
+
+function aggregateRunToolSchemaValidation(runs) {
+  const checkedRuns = runs.filter((run) => run.toolSchema?.checked);
+  if (!checkedRuns.length) {
+    return defaultToolSchemaValidation();
+  }
+
+  return {
+    checked: true,
+    runs: checkedRuns.length,
+    toolCount: checkedRuns.reduce((sum, run) => sum + run.toolSchema.toolCount, 0),
+    validToolCount: checkedRuns.reduce((sum, run) => sum + run.toolSchema.validToolCount, 0),
+    warningCount: checkedRuns.reduce((sum, run) => sum + run.toolSchema.warningCount, 0),
+    errorCount: checkedRuns.reduce((sum, run) => sum + run.toolSchema.errorCount, 0),
+    toolNames: [...new Set(checkedRuns.flatMap((run) => run.toolSchema.toolNames ?? []))].sort(),
+    duplicateNames: [...new Set(checkedRuns.flatMap((run) => run.toolSchema.duplicateNames))].sort()
+  };
+}
+
+function defaultRepeatDrift() {
+  return {
+    checked: false,
+    status: 'skipped',
+    issueCodes: [],
+    baselineRun: null,
+    comparedRuns: [],
+    negotiatedProtocol: driftSection(),
+    capabilities: driftSection(),
+    tools: driftSection(),
+    lists: {
+      resources: driftSection(),
+      prompts: driftSection()
+    }
+  };
+}
+
+function driftSection() {
+  return {
+    status: 'skipped',
+    issueCodes: [],
+    baseline: null,
+    values: [],
+    changedRuns: []
+  };
+}
+
+function buildRepeatDrift(runs) {
+  const drift = defaultRepeatDrift();
+  if (!Array.isArray(runs) || runs.length < 2) {
+    return drift;
+  }
+
+  drift.checked = true;
+  const comparableRuns = runs.filter((run) => run.initialized);
+  drift.comparedRuns = comparableRuns.map((run) => run.run);
+  if (comparableRuns.length < 2) {
+    return drift;
+  }
+
+  drift.baselineRun = comparableRuns[0].run;
+  drift.negotiatedProtocol = compareScalarDrift(
+    comparableRuns,
+    (run) => run.negotiatedProtocol || '',
+    'repeat-protocol-drift'
+  );
+  drift.capabilities = compareSetDrift(
+    comparableRuns,
+    (run) => run.capabilityKeys ?? advertisedCapabilityKeys(run.capabilityChecks),
+    'repeat-capability-drift'
+  );
+  drift.tools = compareToolDrift(comparableRuns);
+  drift.lists.resources = compareListShapeDrift(comparableRuns, 'resources');
+  drift.lists.prompts = compareListShapeDrift(comparableRuns, 'prompts');
+
+  const sections = [
+    drift.negotiatedProtocol,
+    drift.capabilities,
+    drift.tools,
+    drift.lists.resources,
+    drift.lists.prompts
+  ];
+  const active = sections.filter((section) => section.status !== 'skipped');
+  drift.status = active.length
+    ? active.some((section) => section.status === 'warning')
+      ? 'warning'
+      : 'pass'
+    : 'skipped';
+  drift.issueCodes = [...new Set(active.flatMap((section) => section.issueCodes))].sort();
+  return drift;
+}
+
+function compareScalarDrift(runs, valueForRun, issueCode) {
+  const section = driftSection();
+  section.values = runs.map((run) => ({
+    run: run.run,
+    value: valueForRun(run)
+  }));
+  section.baseline = section.values[0].value;
+  section.changedRuns = section.values
+    .slice(1)
+    .filter((entry) => entry.value !== section.baseline)
+    .map((entry) => ({
+      run: entry.run,
+      expected: section.baseline,
+      actual: entry.value
+    }));
+  section.status = section.changedRuns.length ? 'warning' : 'pass';
+  section.issueCodes = section.changedRuns.length ? [issueCode] : [];
+  return section;
+}
+
+function compareSetDrift(runs, valuesForRun, issueCode) {
+  const section = driftSection();
+  section.values = runs.map((run) => ({
+    run: run.run,
+    values: sortedUnique(valuesForRun(run))
+  }));
+  section.baseline = section.values[0].values;
+  section.changedRuns = section.values
+    .slice(1)
+    .map((entry) => ({
+      run: entry.run,
+      added: arrayDifference(entry.values, section.baseline),
+      removed: arrayDifference(section.baseline, entry.values)
+    }))
+    .filter((entry) => entry.added.length || entry.removed.length);
+  section.status = section.changedRuns.length ? 'warning' : 'pass';
+  section.issueCodes = section.changedRuns.length ? [issueCode] : [];
+  return section;
+}
+
+function compareToolDrift(runs) {
+  const checkedRuns = runs.filter((run) => run.toolSchema?.checked);
+  if (checkedRuns.length < 2) {
+    return driftSection();
+  }
+
+  const section = compareSetDrift(
+    checkedRuns,
+    (run) => run.toolSchema.toolNames ?? [],
+    'repeat-tool-drift'
+  );
+  section.values = checkedRuns.map((run) => ({
+    run: run.run,
+    count: run.toolSchema.toolCount,
+    values: sortedUnique(run.toolSchema.toolNames ?? [])
+  }));
+  section.baselineCount = section.values[0].count;
+  const countDrift = section.values
+    .slice(1)
+    .filter((entry) => entry.count !== section.baselineCount)
+    .map((entry) => ({
+      run: entry.run,
+      expected: section.baselineCount,
+      actual: entry.count
+    }));
+  if (countDrift.length) {
+    section.countChangedRuns = countDrift;
+    section.status = 'warning';
+    section.issueCodes = ['repeat-tool-drift'];
+  }
+  return section;
+}
+
+function compareListShapeDrift(runs, capability) {
+  const checkedRuns = runs.filter((run) => Number.isInteger(run.capabilityChecks?.[capability]?.itemCount));
+  if (checkedRuns.length < 2) {
+    return driftSection();
+  }
+
+  const section = compareScalarDrift(
+    checkedRuns,
+    (run) => run.capabilityChecks[capability].itemCount,
+    'repeat-list-shape-drift'
+  );
+  section.capability = capability;
+  return section;
+}
+
+function repeatDriftIssues(drift) {
+  if (!drift?.checked || drift.status !== 'warning') {
+    return [];
+  }
+
+  const issues = [];
+  if (drift.negotiatedProtocol.status === 'warning') {
+    issues.push(repeatDriftIssue('repeat-protocol-drift', 'negotiated protocol changed across repeat runs', {
+      drift: drift.negotiatedProtocol
+    }));
+  }
+  if (drift.capabilities.status === 'warning') {
+    issues.push(repeatDriftIssue('repeat-capability-drift', 'advertised capability keys changed across repeat runs', {
+      drift: drift.capabilities
+    }));
+  }
+  if (drift.tools.status === 'warning') {
+    issues.push(repeatDriftIssue('repeat-tool-drift', 'tools/list tool names or counts changed across repeat runs', {
+      drift: drift.tools
+    }));
+  }
+  for (const capability of ['resources', 'prompts']) {
+    if (drift.lists[capability].status === 'warning') {
+      issues.push(repeatDriftIssue('repeat-list-shape-drift', `${capability}/list item count changed across repeat runs`, {
+        capability,
+        drift: drift.lists[capability]
+      }));
+    }
+  }
+  return issues;
+}
+
+function repeatDriftIssue(code, message, details) {
+  return {
+    severity: 'warning',
+    code,
+    message,
+    ...details
+  };
+}
+
+function advertisedCapabilityKeys(capabilityChecks = {}) {
+  return Object.entries(capabilityChecks)
+    .filter(([, check]) => check?.advertised)
+    .map(([name]) => name)
+    .sort();
+}
+
+function sortedUnique(values) {
+  return [...new Set((values ?? []).filter((value) => typeof value === 'string'))].sort();
+}
+
+function arrayDifference(left, right) {
+  const rightSet = new Set(right);
+  return left.filter((value) => !rightSet.has(value));
+}
+
 export function scanSource(root) {
   const findings = [];
   const absoluteRoot = path.resolve(root);
@@ -1344,12 +3201,14 @@ export function scanSource(root) {
     const text = fs.readFileSync(file, 'utf8');
     const lines = text.split(/\r?\n/);
     for (let index = 0; index < lines.length; index += 1) {
-      const message = detectStdoutWrite(file, lines[index]);
-      if (message) {
+      const finding = detectStdoutRisk(file, lines[index]);
+      if (finding) {
         findings.push({
           file: path.relative(process.cwd(), file).split(path.sep).join('/'),
           line: index + 1,
-          message
+          language: finding.language,
+          reason: finding.reason,
+          message: finding.message
         });
       }
     }
@@ -1358,34 +3217,254 @@ export function scanSource(root) {
   return findings;
 }
 
-function detectStdoutWrite(file, line) {
-  const ext = path.extname(file);
+function detectStdoutRisk(file, line) {
+  const ext = path.extname(file).toLowerCase();
   const stripped = line.trim();
   if (!stripped || stripped.startsWith('//') || stripped.startsWith('#')) return '';
+  const code = normalizeSourceLine(line, ext);
+
+  if (isJavaScriptSource(ext)) {
+    if (/\bconsole\.(log|info)\s*\(/.test(code)) {
+      return staticFinding(
+        'javascript',
+        'javascript-console-stdout',
+        'console.log/info writes to stdout; use console.error for MCP stdio diagnostics'
+      );
+    }
+
+    if (/\bprocess\.stdout\.write\s*\(/.test(code)) {
+      return staticFinding(
+        'javascript',
+        'javascript-process-stdout-write',
+        'direct process.stdout.write can pollute MCP stdout unless it only writes JSON-RPC frames; route diagnostics to stderr'
+      );
+    }
+
+    if (/\bprocess\.stdout\.(clearLine|cursorTo|moveCursor)\s*\(/.test(code)) {
+      return staticFinding(
+        'javascript',
+        'javascript-stdout-terminal-control',
+        'process.stdout terminal control writes to stdout; keep MCP stdout reserved for JSON-RPC frames'
+      );
+    }
+
+    if (/\bdotenv\.config\s*\(\s*\{[^}]*\bdebug\s*:\s*true\b/.test(code)) {
+      return staticFinding(
+        'javascript',
+        'javascript-dotenv-debug-output',
+        'dotenv debug output can print during startup; keep MCP diagnostics on stderr'
+      );
+    }
 
-  if (['.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx'].includes(ext) && /\bconsole\.(log|info)\s*\(/.test(line)) {
-    return 'console.log/info writes to stdout; use console.error for MCP stdio diagnostics';
+    if (/\b(stream|file)\s*:\s*process\.stdout\b/.test(code)) {
+      return staticFinding(
+        'javascript',
+        'javascript-progress-stdout',
+        'progress or spinner output is configured for stdout; MCP stdout must stay JSON-RPC only'
+      );
+    }
   }
 
-  if (ext === '.py' && /(^|[^\w])print\s*\(/.test(line) && !/file\s*=\s*sys\.stderr/.test(line)) {
-    return 'print() writes to stdout; pass file=sys.stderr for MCP stdio diagnostics';
+  if (ext === '.py') {
+    if (/(^|[^\w.])print\s*\(/.test(code) && !/file\s*=\s*sys\.stderr/.test(code)) {
+      return staticFinding(
+        'python',
+        'python-print-stdout',
+        'print() writes to stdout; pass file=sys.stderr for MCP stdio diagnostics'
+      );
+    }
+
+    if (/\bsys\.stdout\.write\s*\(/.test(code)) {
+      return staticFinding(
+        'python',
+        'python-sys-stdout-write',
+        'direct sys.stdout.write can pollute MCP stdout unless it only writes JSON-RPC frames; route diagnostics to stderr'
+      );
+    }
+
+    if (/\blogging\.StreamHandler\s*\(\s*sys\.stdout\s*\)/.test(code)
+      || /\blogging\.basicConfig\s*\([^)]*\bstream\s*=\s*sys\.stdout\b/.test(code)) {
+      return staticFinding(
+        'python',
+        'python-logging-stdout-handler',
+        'Python logging is configured to write to stdout; route MCP diagnostics to stderr'
+      );
+    }
+
+    if (/\btqdm\s*\([^)]*\bfile\s*=\s*sys\.stdout\b/.test(code)) {
+      return staticFinding(
+        'python',
+        'python-progress-stdout',
+        'progress output is configured for stdout; MCP stdout must stay JSON-RPC only'
+      );
+    }
   }
 
-  if (ext === '.go' && /\bfmt\.(Print|Printf|Println)\s*\(/.test(line)) {
-    return 'fmt.Print* writes to stdout; use stderr for MCP stdio diagnostics';
+  if (ext === '.go' && /\bfmt\.(Print|Printf|Println)\s*\(/.test(code)) {
+    return staticFinding(
+      'go',
+      'go-fmt-stdout',
+      'fmt.Print* writes to stdout; use stderr for MCP stdio diagnostics'
+    );
   }
 
-  if (ext === '.rs' && /\bprintln!\s*\(/.test(line)) {
-    return 'println! writes to stdout; use eprintln! for MCP stdio diagnostics';
+  if (ext === '.rs' && /\bprintln!\s*\(/.test(code)) {
+    return staticFinding(
+      'rust',
+      'rust-println-stdout',
+      'println! writes to stdout; use eprintln! for MCP stdio diagnostics'
+    );
   }
 
-  if (['.java', '.kt'].includes(ext) && /System\.out\.print/.test(line)) {
-    return 'System.out writes to stdout; use stderr for MCP stdio diagnostics';
+  if (['.java', '.kt'].includes(ext) && /System\.out\.print/.test(code)) {
+    return staticFinding(
+      'jvm',
+      'jvm-system-out',
+      'System.out writes to stdout; use stderr for MCP stdio diagnostics'
+    );
   }
 
   return '';
 }
 
+function staticFinding(language, reason, message) {
+  return { language, reason, message };
+}
+
+function isJavaScriptSource(ext) {
+  return ['.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx'].includes(ext);
+}
+
+function normalizeSourceLine(line, ext) {
+  return stripInlineComment(maskStringLiterals(line), ext);
+}
+
+function stripInlineComment(line, ext) {
+  if (ext === '.py') {
+    return line.split('#')[0];
+  }
+
+  if (isJavaScriptSource(ext) || ['.go', '.rs', '.java', '.kt'].includes(ext)) {
+    return stripJavaScriptLikeInlineComment(line);
+  }
+
+  return line;
+}
+
+function stripJavaScriptLikeInlineComment(line) {
+  let inRegex = false;
+  let escaped = false;
+  let inCharClass = false;
+
+  for (let index = 0; index < line.length; index += 1) {
+    const char = line[index];
+    const next = line[index + 1];
+
+    if (inRegex) {
+      if (escaped) {
+        escaped = false;
+      } else if (char === '\\') {
+        escaped = true;
+      } else if (char === '[') {
+        inCharClass = true;
+      } else if (char === ']') {
+        inCharClass = false;
+      } else if (char === '/' && !inCharClass) {
+        inRegex = false;
+      }
+      continue;
+    }
+
+    if (char === '/' && next === '/') {
+      return line.slice(0, index);
+    }
+
+    if (char === '/' && next === '*') {
+      return line.slice(0, index);
+    }
+
+    if (char === '/' && canStartJavaScriptRegex(line, index)) {
+      inRegex = true;
+    }
+  }
+
+  return line;
+}
+
+function canStartJavaScriptRegex(line, index) {
+  const before = line.slice(0, index).trimEnd();
+  if (!before) return true;
+
+  const last = before[before.length - 1];
+  if ('=(:,[!&|?;{}>'.includes(last)) return true;
+
+  return /\b(await|case|delete|of|return|throw|typeof|void|yield)$/.test(before);
+}
+
+function maskStringLiterals(line) {
+  let quote = '';
+  let escaped = false;
+  let masked = '';
+  let templateExpressionDepth = 0;
+
+  for (let index = 0; index < line.length; index += 1) {
+    const char = line[index];
+    const next = line[index + 1];
+
+    if (quote) {
+      if (quote === '`' && char === '$' && next === '{') {
+        quote = '';
+        templateExpressionDepth += 1;
+        masked += '  ';
+        index += 1;
+        continue;
+      }
+
+      if (escaped) {
+        escaped = false;
+      } else if (char === '\\') {
+        escaped = true;
+      } else if (char === quote) {
+        quote = '';
+      }
+      masked += ' ';
+      continue;
+    }
+
+    if (templateExpressionDepth > 0) {
+      if (char === '"' || char === "'" || char === '`') {
+        quote = char;
+        masked += ' ';
+        continue;
+      }
+
+      if (char === '{') {
+        templateExpressionDepth += 1;
+      } else if (char === '}') {
+        templateExpressionDepth -= 1;
+        if (templateExpressionDepth === 0) {
+          quote = '`';
+          masked += ' ';
+          continue;
+        }
+      }
+
+      masked += char;
+      continue;
+    }
+
+    if (char === '"' || char === "'" || char === '`') {
+      quote = char;
+      masked += ' ';
+      continue;
+    }
+
+    masked += char;
+  }
+
+  return masked;
+}
+
 function listSourceFiles(root) {
   const ignored = new Set(['.git', 'node_modules', 'dist', 'build', 'coverage', '.next', '.cache']);
   const files = [];
@@ -1431,6 +3510,15 @@ function formatTextResult(result) {
     lines.push(`request: ${result.operation.method} ${state}`);
   }
 
+  if (result.toolSchema?.checked) {
+    lines.push(`tool schemas: ${result.toolSchema.validToolCount}/${result.toolSchema.toolCount} valid`);
+  }
+
+  if (result.adversarial?.enabled) {
+    const passedProbes = result.adversarial.probes.filter((probe) => probe.status === 'pass').length;
+    lines.push(`adversarial probes: ${passedProbes}/${result.adversarial.probes.length} passed`);
+  }
+
   if (result.staticFindings.length) {
     lines.push(`static findings: ${result.staticFindings.length}`);
     for (const finding of result.staticFindings.slice(0, 10)) {
@@ -1453,11 +3541,24 @@ function formatRepeatedTextResult(result) {
     `runs: ${passedRuns}/${result.runs.length} passed`
   ];
 
+  if (result.drift?.checked && result.drift.status !== 'skipped') {
+    const issueCodes = result.drift.issueCodes.length ? ` (${result.drift.issueCodes.join(', ')})` : '';
+    lines.push(`drift: ${result.drift.status}${issueCodes}`);
+  }
+
+  if (result.adversarial?.enabled) {
+    const passedProbes = result.adversarial.probes.filter((probe) => probe.status === 'pass').length;
+    lines.push(`adversarial probes: ${passedProbes}/${result.adversarial.probes.length} passed`);
+  }
+
   for (const run of result.runs) {
     const runStatus = run.ok ? 'PASS' : 'FAIL';
     const invalidFrames = run.issues.filter((issue) => issue.code.startsWith('stdout-')).length;
     const stderrLines = run.stderr ? run.stderr.trim().split(/\r?\n/).filter(Boolean).length : 0;
-    lines.push(`run ${run.run}: ${runStatus}, initialize ${run.initialized ? 'ok' : 'failed'}, frames ${run.frames.length} stdout / ${invalidFrames} invalid, stderr ${stderrLines} lines`);
+    const toolSchemas = run.toolSchema?.checked
+      ? `, tool schemas ${run.toolSchema.validToolCount}/${run.toolSchema.toolCount} valid`
+      : '';
+    lines.push(`run ${run.run}: ${runStatus}, initialize ${run.initialized ? 'ok' : 'failed'}, frames ${run.frames.length} stdout / ${invalidFrames} invalid, stderr ${stderrLines} lines${toolSchemas}`);
   }
 
   if (result.staticFindings.length) {
@@ -1505,6 +3606,8 @@ Usage:
   mcp-stdio-guard [options] -- <command> [args...]
 
 Options:
+  --config <path>        read JSON config for registry runs and safe tool calls
+  --profile <name>       guard profile: custom, smoke, registry, ci, strict
   --protocol <version>   MCP protocol version, default ${DEFAULT_PROTOCOL}
   --timeout <ms>         initialize and request timeout, default ${DEFAULT_TIMEOUT}
   --repeat <count>       run the guard multiple times, default 1
@@ -1512,6 +3615,10 @@ Options:
   --fail-on-static       fail when --scan finds risky stdout writes
   --request <method>     send one MCP request after initialize, e.g. tools/list
   --params <json>        JSON params for --request
+  --adversarial-probe <name>
+                         opt into strict probes: ${[...BUILTIN_ADVERSARIAL_PROBE_NAMES, 'all', 'none'].join(', ')}
+  --adversarial-probes <list>
+                         comma-separated form of --adversarial-probe
   --json                 print JSON output
   --cwd <path>           run command from this directory
   --version, -v          print version