npm - mcpspec - Versions diffs - 1.2.1 → 1.2.2 - Mend

mcpspec 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +223 -267
package/package.json +4 -4

package/README.md CHANGED Viewed

@@ -5,7 +5,7 @@
 <h1 align="center">MCPSpec</h1>
 <p align="center">
-  <strong>The complete testing platform for MCP servers</strong>
+  <strong>Ship reliable MCP servers with confidence</strong>
 </p>
 <p align="center">
@@ -16,43 +16,205 @@
 </p>
 <p align="center">
-  Test collections, interactive inspection, security auditing, performance benchmarking, auto-generated docs, and quality scoring for <a href="https://modelcontextprotocol.io">Model Context Protocol</a> servers. Works from the CLI, in CI/CD, or through a full web UI.
+  Record sessions, generate mock servers, gate your CI pipeline, and catch Tool Poisoning — all without writing a single line of test code. The testing and reliability platform for <a href="https://modelcontextprotocol.io">Model Context Protocol</a> servers.
 </p>
 ---
-```bash
-mcpspec test ./collection.yaml        # Run tests
-mcpspec inspect "npx my-server"       # Interactive REPL
-mcpspec audit "npx my-server"         # Security scan (8 rules)
-mcpspec bench "npx my-server"         # Performance benchmark
-mcpspec score "npx my-server"         # Quality rating (0-100)
-mcpspec docs "npx my-server"          # Auto-generate documentation
-mcpspec record start "npx my-server"  # Record & replay sessions
-mcpspec mock my-recording             # Start mock server from recording
-mcpspec ci-init --platform github     # Generate CI pipeline config
-mcpspec ui                            # Launch web dashboard
-```
+## Why MCPSpec?
+**Deterministic.** Unlike LLM-based testing, MCPSpec runs are fast and repeatable. No flaky tests, no token costs. Ideal for CI.
+**Secure.** Catch [Tool Poisoning](#security-audit) (prompt injection in tool descriptions) and [Excessive Agency](#security-audit) (destructive tools without safeguards) before they reach production.
+**Collaborative.** Record server interactions once, share mock servers with your team. Frontend developers and CI pipelines can test against mocks — no API keys, no live dependencies.
+---
 ## Quick Start
 ```bash
-# 1. Install
+# Install
 npm install -g mcpspec
-# 2. Scaffold a project
-mcpspec init --template standard
+# Explore a server interactively
+mcpspec inspect "npx @modelcontextprotocol/server-filesystem /tmp"
+# Record a session — no test code needed
+mcpspec record start "npx my-server"
-# 3. Run tests
-mcpspec test
+# Generate a mock for your team
+mcpspec mock my-recording --generate ./mocks/server.js
-# 4. Add CI gating (optional)
+# Add CI gating in 30 seconds
 mcpspec ci-init
 ```
-## Features
+**Try it in 30 seconds** with a pre-built community collection — no setup required:
+```bash
+mcpspec test examples/collections/servers/filesystem.yaml
+mcpspec test examples/collections/servers/time.yaml --tag smoke
+```
+See all [70 community tests](#community-collections) for 7 popular MCP servers.
+---
+## Record & Mock
+Record a session once. Replay it to catch regressions. Mock it for CI. No API keys required.
+```bash
+# 1. Record a session against your real server
+mcpspec record start "npx my-server"
+mcpspec> .call get_user {"id": "1"}
+mcpspec> .call list_items {}
+mcpspec> .save my-api
+# 2. Replay against a new version — catch regressions instantly
+mcpspec record replay my-api "npx my-server-v2"
+# 3. Start a mock server — drop-in replacement, zero dependencies
+mcpspec mock my-api
+# 4. Generate a standalone .js file — commit to your repo
+mcpspec mock my-api --generate ./mocks/server.js
+node ./mocks/server.js
+```
+**Replay output** shows exactly what changed:
+```
+Replaying 3 steps...
+  1/3 get_user (id=1)...       [OK] 42ms → {"name": "Alice"}
+  2/3 list_items...            [CHANGED] 38ms → {"items": [...]}
+  3/3 create_item (name=test)  [OK] 51ms → {"id": "abc"}
+Summary: 2 matched, 1 changed, 0 added, 0 removed
+```
+**Mock options:**
+| Option | Effect |
+|--------|--------|
+| `--mode match` (default) | Exact input match first, then next queued response per tool |
+| `--mode sequential` | Tape/cassette style — responses served in recorded order |
+| `--latency original` | Simulate original response times |
+| `--latency 100` | Fixed 100ms delay |
+| `--on-missing empty` | Return empty instead of error for unrecorded tools |
+| `--generate <path>` | Output standalone `.js` file (only needs `@modelcontextprotocol/sdk`) |
+**Manage recordings:**
+```bash
+mcpspec record list                    # List saved recordings
+mcpspec record delete my-session       # Delete a recording
+```
+---
+## CI/CD Integration
-### Test Collections
+`ci-init` generates ready-to-use pipeline configurations. Deterministic exit codes and JUnit/JSON/TAP reporters for seamless CI integration.
+```bash
+mcpspec ci-init                                 # Interactive wizard
+mcpspec ci-init --platform github               # GitHub Actions
+mcpspec ci-init --platform gitlab               # GitLab CI
+mcpspec ci-init --platform shell                # Shell script
+mcpspec ci-init --checks test,audit,score       # Choose checks
+mcpspec ci-init --fail-on medium                # Audit severity gate
+mcpspec ci-init --min-score 70                  # MCP Score threshold
+mcpspec ci-init --force                         # Overwrite/replace existing
+```
+Auto-detects platform from `.github/` or `.gitlab-ci.yml`. GitLab `--force` surgically replaces only the mcpspec job block, preserving other jobs.
+**GitHub Actions example** (generated by `mcpspec ci-init --platform github`):
+```yaml
+name: MCP Server Tests
+on: [push, pull_request]
+jobs:
+  mcpspec:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+      - run: npm install -g mcpspec
+      - name: Run tests
+        run: mcpspec test --ci --reporter junit --output results.xml
+      - name: Security audit
+        run: mcpspec audit "npx my-server" --fail-on high
+      - name: Quality gate
+        run: mcpspec score "npx my-server" --min-score 80
+      - uses: mikepenz/action-junit-report@v4
+        if: always()
+        with:
+          report_paths: results.xml
+```
+**Exit codes:**
+| Code | Meaning |
+|------|---------|
+| `0` | Success |
+| `1` | Test failure |
+| `2` | Runtime error |
+| `3` | Configuration error |
+| `4` | Connection error |
+| `5` | Timeout |
+| `6` | Security findings above threshold |
+| `7` | Validation error |
+| `130` | Interrupted (Ctrl+C) |
+**Reporters:** console (default), json, junit, html, tap.
+---
+## Security Audit
+Prevent Tool Poisoning. 8 security rules covering traditional vulnerabilities and LLM-specific threats. A safety filter auto-skips destructive tools, and `--dry-run` previews targets before scanning.
+```bash
+mcpspec audit "npx my-server"                        # Passive (safe)
+mcpspec audit "npx my-server" --mode active           # Active probing
+mcpspec audit "npx my-server" --fail-on medium        # CI gate
+mcpspec audit "npx my-server" --exclude-tools delete  # Skip tools
+mcpspec audit "npx my-server" --dry-run               # Preview targets
+```
+**Security rules:**
+| Rule | Mode | What it detects |
+|------|------|-----------------|
+| **Tool Poisoning** | Passive | LLM prompt injection in descriptions, hidden Unicode, cross-tool manipulation |
+| **Excessive Agency** | Passive | Destructive tools without confirmation params, arbitrary code execution |
+| Path Traversal | Passive | `../../etc/passwd` style directory escape attacks |
+| Input Validation | Passive | Missing constraints (enum, pattern, min/max) on tool inputs |
+| Info Disclosure | Passive | Leaked paths, stack traces, API keys in tool descriptions |
+| Resource Exhaustion | Active | Unbounded loops, large allocations, recursion |
+| Auth Bypass | Active | Missing auth checks, hardcoded credentials |
+| Injection | Active | SQL and command injection in tool inputs |
+**Scan modes:**
+- **Passive** (default) — 5 rules, analyzes metadata only, no tool calls. Safe for production.
+- **Active** — All 8 rules, sends test payloads. Requires confirmation prompt.
+- **Aggressive** — All 8 rules with more exhaustive probing. Requires confirmation prompt.
+Active/aggressive modes auto-skip tools matching destructive patterns (`delete_*`, `drop_*`, `destroy_*`, etc.) and require explicit confirmation unless `--acknowledge-risk` is passed.
+Each finding includes severity (info/low/medium/high/critical), description, evidence, and remediation advice.
+---
+## Test Collections
 Write tests in YAML with 10 assertion types, environments, variable extraction, tags, retries, and parallel execution.
@@ -76,7 +238,7 @@ tests:
     expectError: true
 ```
-**Advanced features:**
+**Advanced features** — environments, tags, retries, variable extraction, expressions:
 ```yaml
 schemaVersion: "1.0"
@@ -171,10 +333,36 @@ mcpspec test --watch                   # Re-run on file changes
 mcpspec test --ci                      # CI mode (no colors)
 ```
-**Reporters:** console (default), json, junit, html, tap.
+---
+## MCP Score
+A 0-100 quality rating across 5 weighted categories with opinionated schema linting. Use as a CI gate or generate a badge for your README.
+```bash
+mcpspec score "npx my-server"
+mcpspec score "npx my-server" --badge badge.svg       # Generate SVG badge
+mcpspec score "npx my-server" --min-score 80          # Fail if below threshold
+```
+**Scoring categories:**
+| Category (weight) | What it measures |
+|--------------------|-----------------|
+| Documentation (25%) | Percentage of tools and resources with descriptions |
+| Schema Quality (25%) | Property types, descriptions, required fields, constraints (enum/pattern/min/max), naming conventions |
+| Error Handling (20%) | Structured error responses (`isError: true`) vs. crashes on bad input |
+| Responsiveness (15%) | Median latency: <100ms = 100, <500ms = 80, <1s = 60, <5s = 40 |
+| Security (15%) | Findings from passive security scan: 0 = 100, <=2 = 70, <=5 = 40 |
+Schema quality uses 6 sub-criteria: structure (20%), property types (20%), descriptions (20%), required fields (15%), constraints (15%), naming conventions (10%).
+The `--badge` flag generates a shields.io-style SVG badge for your README.
 ---
+## More Features
 ### Interactive Inspector
 Connect to any MCP server and explore its capabilities in a live REPL.
@@ -193,131 +381,6 @@ mcpspec inspect "npx @modelcontextprotocol/server-filesystem /tmp"
 | `.help` | Show help |
 | `.exit` | Disconnect and exit |
-```
-mcpspec> .tools
-  read_file        Read complete contents of a file
-  write_file       Create or overwrite a file
-  list_directory   List directory contents
-mcpspec> .call read_file {"path": "/tmp/test.txt"}
-{
-  "content": "Hello, world!"
-}
-```
----
-### Security Audit
-8 security rules covering traditional vulnerabilities and LLM-specific threats. A safety filter auto-skips destructive tools, and `--dry-run` previews targets before scanning.
-```bash
-mcpspec audit "npx my-server"                        # Passive (safe)
-mcpspec audit "npx my-server" --mode active           # Active probing
-mcpspec audit "npx my-server" --fail-on medium        # CI gate
-mcpspec audit "npx my-server" --exclude-tools delete  # Skip tools
-mcpspec audit "npx my-server" --dry-run               # Preview targets
-```
-**Security rules:**
-| Rule | Mode | What it detects |
-|------|------|-----------------|
-| Path Traversal | Passive | `../../etc/passwd` style directory escape attacks |
-| Input Validation | Passive | Missing constraints (enum, pattern, min/max) on tool inputs |
-| Info Disclosure | Passive | Leaked paths, stack traces, API keys in tool descriptions |
-| Tool Poisoning | Passive | LLM prompt injection in descriptions, hidden Unicode, cross-tool manipulation |
-| Excessive Agency | Passive | Destructive tools without confirmation params, arbitrary code execution |
-| Resource Exhaustion | Active | Unbounded loops, large allocations, recursion |
-| Auth Bypass | Active | Missing auth checks, hardcoded credentials |
-| Injection | Active | SQL and command injection in tool inputs |
-**Scan modes:**
-- **Passive** (default) — 5 rules, analyzes metadata only, no tool calls. Safe for production.
-- **Active** — All 8 rules, sends test payloads. Requires confirmation prompt.
-- **Aggressive** — All 8 rules with more exhaustive probing. Requires confirmation prompt.
-Active/aggressive modes auto-skip tools matching destructive patterns (`delete_*`, `drop_*`, `destroy_*`, etc.) and require explicit confirmation unless `--acknowledge-risk` is passed.
-Each finding includes severity (info/low/medium/high/critical), description, evidence, and remediation advice.
----
-### Recording & Replay
-Record inspector sessions, save them, and replay against the same or different server versions. Diff output highlights regressions.
-```bash
-# Record a session
-mcpspec record start "npx my-server"
-mcpspec> .call get_user {"id": "1"}
-mcpspec> .call list_items {}
-mcpspec> .save my-session
-# Later: replay against new server version
-mcpspec record replay my-session "npx my-server-v2"
-```
-**Replay output:**
-```
-Replaying 3 steps against my-server-v2...
-  1/3 get_user............. [OK] 42ms
-  2/3 list_items........... [CHANGED] 38ms
-  3/3 create_item.......... [OK] 51ms
-Summary: 2 matched, 1 changed, 0 added, 0 removed
-```
-**Manage recordings:**
-```bash
-mcpspec record list                    # List saved recordings
-mcpspec record delete my-session       # Delete a recording
-```
-Recordings are stored in `~/.mcpspec/recordings/` and include tool names, inputs, outputs, timing, and error states for each step.
----
-### Mock Server
-Turn any recording into a mock MCP server — a drop-in replacement for the real server. Useful for CI/CD without real dependencies, offline development, and deterministic tests.
-```bash
-# Start mock server from a recording (stdio transport)
-mcpspec mock my-api
-# Use as a server in test collections
-mcpspec test --server "mcpspec mock my-api" ./tests.yaml
-# Generate standalone .js file (only needs @modelcontextprotocol/sdk)
-mcpspec mock my-api --generate ./mock-server.js
-node mock-server.js
-```
-**Matching modes:**
-| Mode | Behavior |
-|------|----------|
-| `match` (default) | Exact input match first, then next queued response per tool |
-| `sequential` | Tape/cassette style — responses served in recorded order |
-**Options:**
-```bash
-mcpspec mock my-api --mode sequential       # Tape-style matching
-mcpspec mock my-api --latency original      # Simulate original response times
-mcpspec mock my-api --latency 100           # Fixed 100ms delay
-mcpspec mock my-api --on-missing empty      # Return empty instead of error for unrecorded tools
-```
-The generated standalone file embeds the recording data and matching logic — commit it to your repo for portable, dependency-light mock servers.
----
 ### Performance Benchmarks
 Measure latency and throughput with statistical analysis across hundreds of iterations.
@@ -326,58 +389,10 @@ Measure latency and throughput with statistical analysis across hundreds of iter
 mcpspec bench "npx my-server"                         # 100 iterations
 mcpspec bench "npx my-server" --iterations 500
 mcpspec bench "npx my-server" --tool read_file
-mcpspec bench "npx my-server" --args '{"path":"/tmp/f"}'
 mcpspec bench "npx my-server" --warmup 10
 ```
-**Output:**
-```
-Benchmarking read_file (100 iterations, 5 warmup)...
-  Latency
-  ────────────────────────────
-  Min        12.34ms
-  Max        89.21ms
-  Mean       34.56ms
-  Median     31.22ms
-  P95        67.89ms
-  P99        82.45ms
-  Std Dev    15.23ms
-  Throughput: 28.94 calls/sec
-  Errors:     0
-```
-Warmup iterations (default: 5) are excluded from measurements. The profiler uses `performance.now()` for high-resolution timing.
----
-### MCP Score
-A 0-100 quality rating across 5 weighted categories with opinionated schema linting.
-```bash
-mcpspec score "npx my-server"
-mcpspec score "npx my-server" --badge badge.svg       # Generate SVG badge
-mcpspec score "npx my-server" --min-score 80          # Fail if below threshold
-```
-**Scoring categories:**
-| Category (weight) | What it measures |
-|--------------------|-----------------|
-| Documentation (25%) | Percentage of tools and resources with descriptions |
-| Schema Quality (25%) | Property types, descriptions, required fields, constraints (enum/pattern/min/max), naming conventions |
-| Error Handling (20%) | Structured error responses (`isError: true`) vs. crashes on bad input |
-| Responsiveness (15%) | Median latency: <100ms = 100, <500ms = 80, <1s = 60, <5s = 40 |
-| Security (15%) | Findings from passive security scan: 0 = 100, <=2 = 70, <=5 = 40 |
-Schema quality uses 6 sub-criteria: structure (20%), property types (20%), descriptions (20%), required fields (15%), constraints (15%), naming conventions (10%).
-The `--badge` flag generates a shields.io-style SVG badge for your README.
----
+Output includes min/max/mean/median/P95/P99 latency, standard deviation, and throughput (calls/sec). Warmup iterations (default: 5) are excluded from measurements.
 ### Doc Generator
@@ -389,10 +404,6 @@ mcpspec docs "npx my-server" --format html      # HTML output
 mcpspec docs "npx my-server" --output ./docs    # Write to directory
 ```
-Generated docs include: server name/version/description, all tools with their input schemas, and all resources with URIs and descriptions.
----
 ### Web Dashboard
 A full React UI for managing servers, running tests, viewing audit results, and more. Dark mode included.
@@ -403,57 +414,7 @@ mcpspec ui --port 8080        # Custom port
 mcpspec ui --no-open          # Don't auto-open browser
 ```
-**Pages:**
-| Page | What it does |
-|------|-------------|
-| Dashboard | Overview of servers, collections, recent runs |
-| Servers | Connect and manage MCP server connections |
-| Collections | Create and edit YAML test collections |
-| Runs | View test run history and results |
-| Inspector | Interactive tool calling with schema forms and protocol logging |
-| Audit | Run security scans and view findings |
-| Benchmark | Performance profiling with charts |
-| Score | MCP Score visualization |
-| Docs | Generated server documentation |
-| Recordings | View, replay, and manage recorded sessions |
-Real-time WebSocket updates for running tests, live protocol logging in the inspector, and dark mode with localStorage persistence.
----
-### CI/CD Integration
-`ci-init` generates ready-to-use pipeline configurations. Deterministic exit codes and JUnit/JSON/TAP reporters for seamless CI integration.
-```bash
-mcpspec ci-init                                 # Interactive wizard
-mcpspec ci-init --platform github               # GitHub Actions
-mcpspec ci-init --platform gitlab               # GitLab CI
-mcpspec ci-init --platform shell                # Shell script
-mcpspec ci-init --checks test,audit,score       # Choose checks
-mcpspec ci-init --fail-on medium                # Audit severity gate
-mcpspec ci-init --min-score 70                  # MCP Score threshold
-mcpspec ci-init --force                         # Overwrite/replace existing
-```
-Auto-detects platform from `.github/` or `.gitlab-ci.yml`. GitLab `--force` surgically replaces only the mcpspec job block, preserving other jobs.
-**Exit codes:**
-| Code | Meaning |
-|------|---------|
-| `0` | Success |
-| `1` | Test failure |
-| `2` | Runtime error |
-| `3` | Configuration error |
-| `4` | Connection error |
-| `5` | Timeout |
-| `6` | Security findings above threshold |
-| `7` | Validation error |
-| `130` | Interrupted (Ctrl+C) |
----
+10 pages: Dashboard, Servers, Collections, Runs, Inspector, Recordings, Audit, Benchmark, Docs, Score.
 ### Baselines & Comparison
@@ -467,10 +428,6 @@ mcpspec compare --baseline main                 # Explicit comparison
 mcpspec compare <run-id-1> <run-id-2>           # Compare two runs
 ```
-Comparison output shows regressions (tests that now fail), fixes (tests that now pass), new tests, and removed tests.
----
 ### Transports
 MCPSpec supports 3 transport types for connecting to MCP servers:
@@ -498,27 +455,27 @@ server:
   url: http://localhost:3000/mcp
 ```
-Connection state machine with automatic reconnection: exponential backoff (1s, 2s, 4s, 8s) up to 30s max, 3 retry attempts.
+---
 ## Commands
 | Command | Description |
 |---------|-------------|
+| `mcpspec record start <server>` | Record an inspector session — `.call`, `.save`, `.steps` |
+| `mcpspec record replay <name> <server>` | Replay a recording and diff against original |
+| `mcpspec mock <recording>` | Mock server from recording — `--mode`, `--latency`, `--on-missing`, `--generate` |
 | `mcpspec test [collection]` | Run test collections with `--env`, `--tag`, `--parallel`, `--reporter`, `--watch`, `--ci` |
-| `mcpspec inspect <server>` | Interactive REPL — `.tools`, `.call`, `.schema`, `.resources`, `.info` |
 | `mcpspec audit <server>` | Security scan — `--mode`, `--fail-on`, `--exclude-tools`, `--dry-run` |
-| `mcpspec bench <server>` | Performance benchmark — `--iterations`, `--tool`, `--args`, `--warmup` |
 | `mcpspec score <server>` | Quality score (0-100) — `--badge badge.svg`, `--min-score` |
+| `mcpspec ci-init` | Generate CI config — `--platform github\|gitlab\|shell`, `--checks`, `--fail-on`, `--force` |
+| `mcpspec inspect <server>` | Interactive REPL — `.tools`, `.call`, `.schema`, `.resources`, `.info` |
+| `mcpspec bench <server>` | Performance benchmark — `--iterations`, `--tool`, `--args`, `--warmup` |
 | `mcpspec docs <server>` | Generate docs — `--format markdown\|html`, `--output <dir>` |
 | `mcpspec compare` | Compare test runs or `--baseline <name>` |
 | `mcpspec baseline save <name>` | Save/list baselines for regression detection |
-| `mcpspec record start <server>` | Record an inspector session — `.call`, `.save`, `.steps` |
-| `mcpspec record replay <name> <server>` | Replay a recording and diff against original |
 | `mcpspec record list` | List saved recordings |
 | `mcpspec record delete <name>` | Delete a saved recording |
-| `mcpspec mock <recording>` | Mock server from recording — `--mode`, `--latency`, `--on-missing`, `--generate` |
 | `mcpspec init [dir]` | Scaffold project — `--template minimal\|standard\|full` |
-| `mcpspec ci-init` | Generate CI config — `--platform github\|gitlab\|shell`, `--checks`, `--fail-on`, `--force` |
 | `mcpspec ui` | Launch web dashboard on `localhost:6274` |
 ## Community Collections
@@ -538,7 +495,6 @@ Pre-built test suites for popular MCP servers in [`examples/collections/servers/
 **70 tests** covering tool discovery, read/write operations, error handling, security edge cases, and latency.
 ```bash
-# Run community collections directly
 mcpspec test examples/collections/servers/filesystem.yaml
 mcpspec test examples/collections/servers/time.yaml --tag smoke
 ```
@@ -548,7 +504,7 @@ mcpspec test examples/collections/servers/time.yaml --tag smoke
 | Package | Description |
 |---------|-------------|
 | `@mcpspec/shared` | Types, Zod schemas, constants |
-| `@mcpspec/core` | MCP client, test runner, assertions, security scanner (8 rules), profiler, doc generator, scorer, recording/replay |
+| `@mcpspec/core` | MCP client, test runner, assertions, security scanner (8 rules), profiler, doc generator, scorer, recording/replay, mock server |
 | `@mcpspec/cli` | 13 CLI commands built with Commander.js |
 | `@mcpspec/server` | Hono HTTP server with REST API + WebSocket |
 | `@mcpspec/ui` | React SPA — TanStack Router, TanStack Query, Tailwind, shadcn/ui |
@@ -559,7 +515,7 @@ mcpspec test examples/collections/servers/time.yaml --tag smoke
 git clone https://github.com/light-handle/mcpspec.git
 cd mcpspec
 pnpm install && pnpm build
-pnpm test   # 329 tests across core + server
+pnpm test   # 334 tests across core + server
 ```
 ## License

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mcpspec",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "The definitive MCP server testing platform",
   "keywords": [
     "mcp",
@@ -29,9 +29,9 @@
     "@inquirer/prompts": "^7.0.0",
     "commander": "^12.1.0",
     "open": "^10.1.0",
-    "@mcpspec/core": "1.2.1",
-    "@mcpspec/shared": "1.2.1",
-    "@mcpspec/server": "1.2.1"
+    "@mcpspec/core": "1.2.2",
+    "@mcpspec/shared": "1.2.2",
+    "@mcpspec/server": "1.2.2"
   },
   "devDependencies": {
     "tsup": "^8.0.0",