webmcp-cli 1.2.2 → 1.2.3

package/dist/rules/description/DESC-006.js

@@ -0,0 +1,78 @@
+/**
+ * DESC-006: Description Positive Framing
+ *
+ * Checks that descriptions use positive instructions,
+ * not negative limitations ("do not", "don't", "never").
+ */
+import { createRuleResult } from '../runner.js';
+const NEGATIVE_PATTERNS = [
+    /\bdo\s+not\b/i,
+    /\bdon['']t\b/i,
+    /\bnever\b/i,
+    /\bavoid\b/i,
+    /\bshould\s+not\b/i,
+    /\bshouldn['']t\b/i,
+    /\bmust\s+not\b/i,
+    /\bmustn['']t\b/i,
+    /\bcannot\b/i,
+    /\bcan['']t\b/i,
+    /\bwill\s+not\b/i,
+    /\bwon['']t\b/i,
+    /\bnot\s+allowed\b/i,
+    /\bforbidden\b/i,
+    /\bprohibited\b/i,
+];
+export const DESC_006 = {
+    id: 'DESC-006',
+    category: 'description',
+    name: 'Description Positive Framing',
+    description: 'Descriptions should use positive instructions, not negative limitations',
+    severity: 'warning',
+    maxScore: 5,
+    async check(context) {
+        if (context.tools.length === 0) {
+            return createRuleResult('DESC-006', 5, {
+                passed: true,
+                score: 5,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        for (const tool of context.tools) {
+            const desc = tool.description ?? '';
+            if (!desc.trim())
+                continue;
+            const foundPatterns = [];
+            for (const pattern of NEGATIVE_PATTERNS) {
+                const match = desc.match(pattern);
+                if (match) {
+                    foundPatterns.push(match[0]);
+                }
+            }
+            if (foundPatterns.length > 0) {
+                violations.push({ name: tool.name, patterns: foundPatterns });
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('DESC-006', 5, {
+                passed: true,
+                score: 5,
+                message: 'All tool descriptions use positive framing',
+            });
+        }
+        return createRuleResult('DESC-006', 5, {
+            passed: false,
+            score: Math.max(0, 5 - violations.length * 2),
+            message: `${violations.length} tool(s) use negative framing in descriptions`,
+            details: violations.map((v) => `Tool "${v.name}" uses negative language: ${v.patterns.join(', ')}`),
+            suggestions: [
+                'Reframe negatives as positive instructions',
+                'Instead of "Don\'t use for bulk operations", say "Use for single-item operations"',
+                'Positive framing helps agents understand what to do, not just what to avoid',
+            ],
+            affectedTools: violations.map((v) => v.name),
+        });
+    },
+};
+export default DESC_006;
+//# sourceMappingURL=DESC-006.js.map

package/dist/rules/description/DESC-006.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DESC-006.js","sourceRoot":"","sources":["../../../src/rules/description/DESC-006.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,iBAAiB,GAAG;IACxB,eAAe;IACf,eAAe;IACf,YAAY;IACZ,YAAY;IACZ,mBAAmB;IACnB,mBAAmB;IACnB,iBAAiB;IACjB,iBAAiB;IACjB,aAAa;IACb,eAAe;IACf,iBAAiB;IACjB,eAAe;IACf,oBAAoB;IACpB,gBAAgB;IAChB,iBAAiB;CAClB,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,EAAE,EAAE,UAAU;IACd,QAAQ,EAAE,aAAa;IACvB,IAAI,EAAE,8BAA8B;IACpC,WAAW,EAAE,yEAAyE;IACtF,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA2C,EAAE,CAAC;QAE9D,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAE3B,MAAM,aAAa,GAAa,EAAE,CAAC;YACnC,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAClC,IAAI,KAAK,EAAE,CAAC;oBACV,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;YAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,4CAA4C;aACtD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;YAC7C,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,+CAA+C;YAC5E,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,SAAS,CAAC,CAAC,IAAI,6BAA6B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtE;YACD,WAAW,EAAE;gBACX,4CAA4C;gBAC5C,mFAAmF;gBACnF,6EAA6E;aAC9E;YACD,aAAa,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/dist/rules/description/DESC-007.d.ts

@@ -0,0 +1,9 @@
+/**
+ * DESC-007: Description Explains What
+ *
+ * Checks that tool descriptions explain what the tool does.
+ * A good description answers "what does this tool do?"
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const DESC_007: Rule;
+export default DESC_007;

package/dist/rules/description/DESC-007.js

@@ -0,0 +1,70 @@
+/**
+ * DESC-007: Description Explains What
+ *
+ * Checks that tool descriptions explain what the tool does.
+ * A good description answers "what does this tool do?"
+ */
+import { createRuleResult } from '../runner.js';
+/**
+ * Heuristic: a description that "explains what" typically contains an action verb
+ * and a noun describing the object of the action.
+ */
+const ACTION_PATTERNS = [
+    /\b(search|find|get|fetch|retrieve|list|query|lookup)\b.*\b(for|from|in|by)\b/i,
+    /\b(create|add|insert|generate|build|produce)\b.*\b\w+/i,
+    /\b(update|edit|modify|change|set|patch)\b.*\b\w+/i,
+    /\b(delete|remove|cancel|revoke|destroy)\b.*\b\w+/i,
+    /\b(send|submit|post|push|publish|broadcast|notify)\b.*\b\w+/i,
+    /\b(calculate|compute|convert|format|parse|validate|check|verify)\b/i,
+    /\b(download|upload|export|import|transfer|move|copy)\b/i,
+    /\b(book|reserve|schedule|order|purchase|subscribe)\b/i,
+    /\b(authenticate|authorize|login|register|sign)\b/i,
+];
+export const DESC_007 = {
+    id: 'DESC-007',
+    category: 'description',
+    name: 'Description Explains What',
+    description: 'Description should explain what the tool does',
+    severity: 'warning',
+    maxScore: 5,
+    async check(context) {
+        if (context.tools.length === 0) {
+            return createRuleResult('DESC-007', 5, {
+                passed: true,
+                score: 5,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        for (const tool of context.tools) {
+            const desc = tool.description?.trim() ?? '';
+            if (desc.length < 10)
+                continue; // Skip empty/trivial (handled by DESC-004)
+            const hasActionExplanation = ACTION_PATTERNS.some((p) => p.test(desc));
+            if (!hasActionExplanation) {
+                violations.push(tool.name);
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('DESC-007', 5, {
+                passed: true,
+                score: 5,
+                message: 'All tool descriptions explain what the tool does',
+            });
+        }
+        return createRuleResult('DESC-007', 5, {
+            passed: false,
+            score: Math.max(0, 5 - violations.length * 2),
+            message: `${violations.length} tool description(s) may not clearly explain what the tool does`,
+            details: violations.map((name) => `Tool "${name}" description lacks a clear action explanation`),
+            suggestions: [
+                'Start descriptions with an action verb: "Search for...", "Create a...", "Delete the..."',
+                'Clearly state the tool\'s primary action and its target',
+                'Example: "Search for available flights between two airports on a given date"',
+            ],
+            affectedTools: violations,
+        });
+    },
+};
+export default DESC_007;
+//# sourceMappingURL=DESC-007.js.map

package/dist/rules/description/DESC-007.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DESC-007.js","sourceRoot":"","sources":["../../../src/rules/description/DESC-007.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD;;;GAGG;AACH,MAAM,eAAe,GAAG;IACtB,+EAA+E;IAC/E,wDAAwD;IACxD,mDAAmD;IACnD,mDAAmD;IACnD,8DAA8D;IAC9D,qEAAqE;IACrE,yDAAyD;IACzD,uDAAuD;IACvD,mDAAmD;CACpD,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,EAAE,EAAE,UAAU;IACd,QAAQ,EAAE,aAAa;IACvB,IAAI,EAAE,2BAA2B;IACjC,WAAW,EAAE,+CAA+C;IAC5D,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE;gBAAE,SAAS,CAAC,2CAA2C;YAE3E,MAAM,oBAAoB,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACtD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YAEF,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,kDAAkD;aAC5D,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;YAC7C,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,iEAAiE;YAC9F,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,IAAI,gDAAgD,CACxE;YACD,WAAW,EAAE;gBACX,yFAAyF;gBACzF,yDAAyD;gBACzD,8EAA8E;aAC/E;YACD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/dist/rules/description/DESC-008.d.ts

@@ -0,0 +1,9 @@
+/**
+ * DESC-008: Description Explains When
+ *
+ * Checks that descriptions explain when to use the tool.
+ * A good description provides context for when the tool should be invoked.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const DESC_008: Rule;
+export default DESC_008;

package/dist/rules/description/DESC-008.js

@@ -0,0 +1,70 @@
+/**
+ * DESC-008: Description Explains When
+ *
+ * Checks that descriptions explain when to use the tool.
+ * A good description provides context for when the tool should be invoked.
+ */
+import { createRuleResult } from '../runner.js';
+/**
+ * Heuristic patterns that indicate a description mentions when/context for usage
+ */
+const WHEN_PATTERNS = [
+    /\bwhen\b/i,
+    /\bif\s+(the\s+)?(user|customer|client)\b/i,
+    /\buse\s+this\s+(tool\s+)?(to|for|when)\b/i,
+    /\bused?\s+(for|to|when)\b/i,
+    /\b(after|before|during|while)\b/i,
+    /\b(suitable|appropriate|ideal|best)\s+(for|when)\b/i,
+    /\b(in\s+case|in\s+the\s+event)\b/i,
+    /\b(to\s+help|to\s+assist|to\s+allow)\b/i,
+    /\b(enables?|allows?|permits?)\s+(the\s+)?(user|agent|you)\b/i,
+    /\b(for\s+)(searching|creating|updating|booking|checking|finding)\b/i,
+];
+export const DESC_008 = {
+    id: 'DESC-008',
+    category: 'description',
+    name: 'Description Explains When',
+    description: 'Description should explain when to use the tool',
+    severity: 'info',
+    maxScore: 3,
+    async check(context) {
+        if (context.tools.length === 0) {
+            return createRuleResult('DESC-008', 3, {
+                passed: true,
+                score: 3,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        for (const tool of context.tools) {
+            const desc = tool.description?.trim() ?? '';
+            if (desc.length < 20)
+                continue; // Skip short descriptions
+            const hasWhenContext = WHEN_PATTERNS.some((p) => p.test(desc));
+            if (!hasWhenContext) {
+                violations.push(tool.name);
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('DESC-008', 3, {
+                passed: true,
+                score: 3,
+                message: 'All tool descriptions provide usage context',
+            });
+        }
+        return createRuleResult('DESC-008', 3, {
+            passed: false,
+            score: Math.max(0, 3 - violations.length),
+            message: `${violations.length} tool description(s) don't explain when to use the tool`,
+            details: violations.map((name) => `Tool "${name}" description lacks usage context (when to invoke)`),
+            suggestions: [
+                'Include context for when the tool should be used',
+                'Example: "Search for flights when the user wants to travel between cities"',
+                'Agents need context to decide which tool to invoke for a given user intent',
+            ],
+            affectedTools: violations,
+        });
+    },
+};
+export default DESC_008;
+//# sourceMappingURL=DESC-008.js.map

package/dist/rules/description/DESC-008.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DESC-008.js","sourceRoot":"","sources":["../../../src/rules/description/DESC-008.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,WAAW;IACX,2CAA2C;IAC3C,2CAA2C;IAC3C,4BAA4B;IAC5B,kCAAkC;IAClC,qDAAqD;IACrD,mCAAmC;IACnC,yCAAyC;IACzC,8DAA8D;IAC9D,qEAAqE;CACtE,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,EAAE,EAAE,UAAU;IACd,QAAQ,EAAE,aAAa;IACvB,IAAI,EAAE,2BAA2B;IACjC,WAAW,EAAE,iDAAiD;IAC9D,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE;gBAAE,SAAS,CAAC,0BAA0B;YAE1D,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAE/D,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC;YACzC,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,yDAAyD;YACtF,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,IAAI,oDAAoD,CAC5E;YACD,WAAW,EAAE;gBACX,kDAAkD;gBAClD,4EAA4E;gBAC5E,4EAA4E;aAC7E;YACD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/dist/rules/description/DESC-009.d.ts

@@ -0,0 +1,8 @@
+/**
+ * DESC-009: Param Descriptions Exist
+ *
+ * Checks that every parameter in the schema has a description field.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const DESC_009: Rule;
+export default DESC_009;

package/dist/rules/description/DESC-009.js

@@ -0,0 +1,55 @@
+/**
+ * DESC-009: Param Descriptions Exist
+ *
+ * Checks that every parameter in the schema has a description field.
+ */
+import { createRuleResult } from '../runner.js';
+export const DESC_009 = {
+    id: 'DESC-009',
+    category: 'description',
+    name: 'Param Descriptions Exist',
+    description: 'Every parameter should have a description field',
+    severity: 'warning',
+    maxScore: 5,
+    async check(context) {
+        if (context.tools.length === 0) {
+            return createRuleResult('DESC-009', 5, {
+                passed: true,
+                score: 5,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        for (const tool of context.tools) {
+            if (!tool.inputSchema?.properties)
+                continue;
+            for (const [paramName, paramDef] of Object.entries(tool.inputSchema.properties)) {
+                if (!paramDef.description ||
+                    paramDef.description.trim() === '') {
+                    violations.push({ tool: tool.name, param: paramName });
+                }
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('DESC-009', 5, {
+                passed: true,
+                score: 5,
+                message: 'All parameters have descriptions',
+            });
+        }
+        return createRuleResult('DESC-009', 5, {
+            passed: false,
+            score: Math.max(0, 5 - violations.length),
+            message: `${violations.length} parameter(s) missing descriptions`,
+            details: violations.map((v) => `Parameter "${v.param}" in tool "${v.tool}" has no description`),
+            suggestions: [
+                'Add a description to every parameter in the schema',
+                'Descriptions help agents understand what each parameter expects',
+                'Example: { "origin": { "type": "string", "description": "IATA airport code for departure (e.g. LAX)" } }',
+            ],
+            affectedTools: [...new Set(violations.map((v) => v.tool))],
+        });
+    },
+};
+export default DESC_009;
+//# sourceMappingURL=DESC-009.js.map

package/dist/rules/description/DESC-009.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DESC-009.js","sourceRoot":"","sources":["../../../src/rules/description/DESC-009.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,EAAE,EAAE,UAAU;IACd,QAAQ,EAAE,aAAa;IACvB,IAAI,EAAE,0BAA0B;IAChC,WAAW,EAAE,iDAAiD;IAC9D,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAsC,EAAE,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU;gBAAE,SAAS;YAE5C,KAAK,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAChD,IAAI,CAAC,WAAW,CAAC,UAAU,CAC5B,EAAE,CAAC;gBACF,IACE,CAAC,QAAQ,CAAC,WAAW;oBACrB,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAClC,CAAC;oBACD,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC;YACzC,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,oCAAoC;YACjE,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC,IAAI,sBAAsB,CACvE;YACD,WAAW,EAAE;gBACX,oDAAoD;gBACpD,iEAAiE;gBACjE,0GAA0G;aAC3G;YACD,aAAa,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;SAC3D,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/dist/rules/description/DESC-010.d.ts

@@ -0,0 +1,9 @@
+/**
+ * DESC-010: Param Descriptions Explain Format
+ *
+ * Checks that parameter descriptions explain expected format
+ * (e.g., "IATA airport code", "ISO 8601 date", "email address").
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const DESC_010: Rule;
+export default DESC_010;

package/dist/rules/description/DESC-010.js

@@ -0,0 +1,92 @@
+/**
+ * DESC-010: Param Descriptions Explain Format
+ *
+ * Checks that parameter descriptions explain expected format
+ * (e.g., "IATA airport code", "ISO 8601 date", "email address").
+ */
+import { createRuleResult } from '../runner.js';
+/**
+ * Patterns that indicate a description includes format information
+ */
+const FORMAT_INDICATORS = [
+    /\b(e\.g\.|for example|such as|like)\b/i,
+    /\b(format|formatted)\b/i,
+    /\b(ISO|IATA|RFC|UTC|UUID|URL|URI)\b/,
+    /\b(YYYY|yyyy|MM|DD|dd)\b/,
+    /\b[A-Z]{3}\b.*\bcode\b/i,
+    /\b(code|ID|identifier)\b/i,
+    /\b(digits?|characters?|letters?|alphanumeric)\b/i,
+    /\b(email|phone|zip|postal)\b/i,
+    /\b(currency|unit|percent|decimal)\b/i,
+    /\b(between|from|to|range)\b.*\b\d/i,
+    /\b(max(imum)?|min(imum)?)\s+\d/i,
+    /\b\d+\s*(chars?|characters?|digits?|bytes?|bits?)\b/i,
+    /\b(pattern|regex|regexp)\b/i,
+    /\b(comma[- ]separated|space[- ]separated|pipe[- ]delimited)\b/i,
+];
+export const DESC_010 = {
+    id: 'DESC-010',
+    category: 'description',
+    name: 'Param Descriptions Explain Format',
+    description: 'Parameter descriptions should explain expected format',
+    severity: 'info',
+    maxScore: 3,
+    async check(context) {
+        if (context.tools.length === 0) {
+            return createRuleResult('DESC-010', 3, {
+                passed: true,
+                score: 3,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        let totalParams = 0;
+        for (const tool of context.tools) {
+            if (!tool.inputSchema?.properties)
+                continue;
+            for (const [paramName, paramDef] of Object.entries(tool.inputSchema.properties)) {
+                const desc = paramDef.description?.trim() ?? '';
+                if (!desc)
+                    continue; // Missing descriptions handled by DESC-009
+                totalParams++;
+                // Skip boolean params — format is inherently clear
+                if (paramDef.type === 'boolean')
+                    continue;
+                // Skip if schema already has format/pattern/enum hints
+                if (paramDef.format || paramDef.pattern || paramDef.enum)
+                    continue;
+                const hasFormatHint = FORMAT_INDICATORS.some((p) => p.test(desc));
+                if (!hasFormatHint) {
+                    violations.push({ tool: tool.name, param: paramName });
+                }
+            }
+        }
+        if (totalParams === 0) {
+            return createRuleResult('DESC-010', 3, {
+                passed: true,
+                score: 3,
+                message: 'No parameters with descriptions to check',
+            });
+        }
+        if (violations.length === 0) {
+            return createRuleResult('DESC-010', 3, {
+                passed: true,
+                score: 3,
+                message: 'All parameter descriptions include format hints',
+            });
+        }
+        return createRuleResult('DESC-010', 3, {
+            passed: false,
+            score: Math.max(0, 3 - Math.ceil(violations.length / 2)),
+            message: `${violations.length} parameter description(s) lack format information`,
+            details: violations.map((v) => `Parameter "${v.param}" in tool "${v.tool}" does not specify expected format`),
+            suggestions: [
+                'Include format hints: "IATA airport code (e.g. LAX)", "ISO 8601 date", "email address"',
+                'Agents need format information to provide correctly formatted values',
+            ],
+            affectedTools: [...new Set(violations.map((v) => v.tool))],
+        });
+    },
+};
+export default DESC_010;
+//# sourceMappingURL=DESC-010.js.map

package/dist/rules/description/DESC-010.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DESC-010.js","sourceRoot":"","sources":["../../../src/rules/description/DESC-010.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD;;GAEG;AACH,MAAM,iBAAiB,GAAG;IACxB,wCAAwC;IACxC,yBAAyB;IACzB,qCAAqC;IACrC,0BAA0B;IAC1B,yBAAyB;IACzB,2BAA2B;IAC3B,kDAAkD;IAClD,+BAA+B;IAC/B,sCAAsC;IACtC,oCAAoC;IACpC,iCAAiC;IACjC,sDAAsD;IACtD,6BAA6B;IAC7B,gEAAgE;CACjE,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,EAAE,EAAE,UAAU;IACd,QAAQ,EAAE,aAAa;IACvB,IAAI,EAAE,mCAAmC;IACzC,WAAW,EAAE,uDAAuD;IACpE,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAsC,EAAE,CAAC;QACzD,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU;gBAAE,SAAS;YAE5C,KAAK,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAChD,IAAI,CAAC,WAAW,CAAC,UAAU,CAC5B,EAAE,CAAC;gBACF,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;gBAChD,IAAI,CAAC,IAAI;oBAAE,SAAS,CAAC,2CAA2C;gBAEhE,WAAW,EAAE,CAAC;gBAEd,mDAAmD;gBACnD,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS;oBAAE,SAAS;gBAE1C,uDAAuD;gBACvD,IAAI,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI;oBAAE,SAAS;gBAEnE,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACjD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;gBAEF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,0CAA0C;aACpD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,iDAAiD;aAC3D,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACxD,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,mDAAmD;YAChF,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,cAAc,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC,IAAI,oCAAoC,CAChF;YACD,WAAW,EAAE;gBACX,wFAAwF;gBACxF,sEAAsE;aACvE;YACD,aAAa,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;SAC3D,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/dist/rules/description/DESC-011.d.ts

@@ -0,0 +1,9 @@
+/**
+ * DESC-011: Param Descriptions Explain Why
+ *
+ * Checks that enum/option descriptions explain the "why" not just "what".
+ * Per spec: "Use EXPRESS for next-day delivery" rather than just "EXPRESS".
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const DESC_011: Rule;
+export default DESC_011;

package/dist/rules/description/DESC-011.js

@@ -0,0 +1,81 @@
+/**
+ * DESC-011: Param Descriptions Explain Why
+ *
+ * Checks that enum/option descriptions explain the "why" not just "what".
+ * Per spec: "Use EXPRESS for next-day delivery" rather than just "EXPRESS".
+ */
+import { createRuleResult } from '../runner.js';
+export const DESC_011 = {
+    id: 'DESC-011',
+    category: 'description',
+    name: 'Param Descriptions Explain Why',
+    description: 'Enum descriptions should explain the "why", not just "what"',
+    severity: 'info',
+    maxScore: 3,
+    async check(context) {
+        if (context.tools.length === 0) {
+            return createRuleResult('DESC-011', 3, {
+                passed: true,
+                score: 3,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        let enumParamCount = 0;
+        for (const tool of context.tools) {
+            if (!tool.inputSchema?.properties)
+                continue;
+            for (const [paramName, paramDef] of Object.entries(tool.inputSchema.properties)) {
+                // Only check enum/oneOf params
+                if (!paramDef.enum && !paramDef.oneOf)
+                    continue;
+                enumParamCount++;
+                if (paramDef.oneOf) {
+                    // Check if oneOf entries have titles/descriptions
+                    const hasDescriptiveOneOf = paramDef.oneOf.every((opt) => opt['title'] || opt['description']);
+                    if (!hasDescriptiveOneOf) {
+                        violations.push({ tool: tool.name, param: paramName });
+                    }
+                }
+                else if (paramDef.enum) {
+                    // Plain enum without oneOf — no descriptions available
+                    const desc = paramDef.description ?? '';
+                    // Check if the parent description explains the options
+                    const enumValues = paramDef.enum.map(String);
+                    const mentionsValues = enumValues.some((v) => desc.toLowerCase().includes(v.toLowerCase()));
+                    if (!mentionsValues && enumValues.length > 1) {
+                        violations.push({ tool: tool.name, param: paramName });
+                    }
+                }
+            }
+        }
+        if (enumParamCount === 0) {
+            return createRuleResult('DESC-011', 3, {
+                passed: true,
+                score: 3,
+                message: 'No enum parameters found to check',
+            });
+        }
+        if (violations.length === 0) {
+            return createRuleResult('DESC-011', 3, {
+                passed: true,
+                score: 3,
+                message: 'All enum parameters have descriptive options',
+            });
+        }
+        return createRuleResult('DESC-011', 3, {
+            passed: false,
+            score: Math.max(0, 3 - violations.length),
+            message: `${violations.length} enum parameter(s) lack descriptive option explanations`,
+            details: violations.map((v) => `Parameter "${v.param}" in tool "${v.tool}" has enum values without explanations`),
+            suggestions: [
+                'Use oneOf with title and const for enum options',
+                'Example: { "oneOf": [{ "const": "EXPRESS", "title": "Express (next-day delivery)" }] }',
+                'Explain why/when to choose each option, not just label it',
+            ],
+            affectedTools: [...new Set(violations.map((v) => v.tool))],
+        });
+    },
+};
+export default DESC_011;
+//# sourceMappingURL=DESC-011.js.map

package/dist/rules/description/DESC-011.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DESC-011.js","sourceRoot":"","sources":["../../../src/rules/description/DESC-011.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,EAAE,EAAE,UAAU;IACd,QAAQ,EAAE,aAAa;IACvB,IAAI,EAAE,gCAAgC;IACtC,WAAW,EAAE,6DAA6D;IAC1E,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAsC,EAAE,CAAC;QACzD,IAAI,cAAc,GAAG,CAAC,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU;gBAAE,SAAS;YAE5C,KAAK,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAChD,IAAI,CAAC,WAAW,CAAC,UAAU,CAC5B,EAAE,CAAC;gBACF,+BAA+B;gBAC/B,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK;oBAAE,SAAS;gBAChD,cAAc,EAAE,CAAC;gBAEjB,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;oBACnB,kDAAkD;oBAClD,MAAM,mBAAmB,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAC9C,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,CAC5C,CAAC;oBACF,IAAI,CAAC,mBAAmB,EAAE,CAAC;wBACzB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;oBACzD,CAAC;gBACH,CAAC;qBAAM,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACzB,uDAAuD;oBACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,IAAI,EAAE,CAAC;oBACxC,uDAAuD;oBACvD,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC7C,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC3C,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAC7C,CAAC;oBACF,IAAI,CAAC,cAAc,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC7C,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;oBACzD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,cAAc,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,mCAAmC;aAC7C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,8CAA8C;aACxD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC;YACzC,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,yDAAyD;YACtF,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,cAAc,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC,IAAI,wCAAwC,CACpF;YACD,WAAW,EAAE;gBACX,iDAAiD;gBACjD,wFAAwF;gBACxF,2DAA2D;aAC5D;YACD,aAAa,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;SAC3D,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/dist/rules/description/DESC-012.d.ts

@@ -0,0 +1,9 @@
+/**
+ * DESC-012: Description No Injection Patterns
+ *
+ * Checks that descriptions don't contain suspicious instruction-like text
+ * that could be prompt injection attempts.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const DESC_012: Rule;
+export default DESC_012;

package/dist/rules/description/DESC-012.js

@@ -0,0 +1,98 @@
+/**
+ * DESC-012: Description No Injection Patterns
+ *
+ * Checks that descriptions don't contain suspicious instruction-like text
+ * that could be prompt injection attempts.
+ */
+import { createRuleResult } from '../runner.js';
+const INJECTION_PATTERNS = [
+    /\bSYSTEM\s*:/i,
+    /\bIGNORE\s+(ALL\s+)?PREVIOUS\b/i,
+    /\bIGNORE\s+THE\s+ABOVE\b/i,
+    /\bIMPORTANT\s*:/i,
+    /\bINSTRUCTION\s*:/i,
+    /\bOVERRIDE\b/i,
+    /\bDISREGARD\b/i,
+    /\bFORGET\s+(ALL\s+)?PREVIOUS\b/i,
+    /\bYOU\s+ARE\s+(NOW|A)\b/i,
+    /\bACT\s+AS\b/i,
+    /\bPRETEND\b/i,
+    /\bROLE\s*:/i,
+    /\bJAILBREAK\b/i,
+    /\bBYPASS\b/i,
+    /\bDO\s+ANYTHING\s+NOW\b/i,
+    /\[\s*INST\s*\]/i,
+    /<<\s*SYS\s*>>/i,
+    // Base64 encoded instructions (simple heuristic for suspicious encoded content)
+    /(?:data:|base64)[,;]\s*[A-Za-z0-9+/=]{50,}/,
+    // Unusual unicode that could be used to hide instructions
+    /[\u200B-\u200F\u2028-\u202F\uFEFF]/,
+];
+export const DESC_012 = {
+    id: 'DESC-012',
+    category: 'description',
+    name: 'Description No Injection Patterns',
+    description: 'Descriptions must not contain prompt injection patterns',
+    severity: 'critical',
+    maxScore: 10,
+    async check(context) {
+        if (context.tools.length === 0) {
+            return createRuleResult('DESC-012', 10, {
+                passed: true,
+                score: 10,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        for (const tool of context.tools) {
+            const textsToCheck = [
+                tool.description ?? '',
+                tool.name ?? '',
+            ];
+            // Also check parameter descriptions
+            if (tool.inputSchema?.properties) {
+                for (const paramDef of Object.values(tool.inputSchema.properties)) {
+                    if (paramDef.description) {
+                        textsToCheck.push(paramDef.description);
+                    }
+                }
+            }
+            const foundPatterns = [];
+            for (const text of textsToCheck) {
+                for (const pattern of INJECTION_PATTERNS) {
+                    const match = text.match(pattern);
+                    if (match) {
+                        foundPatterns.push(match[0]);
+                    }
+                }
+            }
+            if (foundPatterns.length > 0) {
+                violations.push({
+                    tool: tool.name,
+                    patterns: [...new Set(foundPatterns)],
+                });
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('DESC-012', 10, {
+                passed: true,
+                score: 10,
+                message: 'No prompt injection patterns detected in descriptions',
+            });
+        }
+        return createRuleResult('DESC-012', 10, {
+            passed: false,
+            score: 0,
+            message: `${violations.length} tool(s) contain suspicious injection patterns`,
+            details: violations.map((v) => `Tool "${v.tool}" contains suspicious patterns: ${v.patterns.join(', ')}`),
+            suggestions: [
+                'Remove any instruction-like text from tool descriptions',
+                'Descriptions should only explain what the tool does, not give system-level instructions',
+                'Suspicious patterns include: SYSTEM:, IGNORE, OVERRIDE, encoded instructions',
+            ],
+            affectedTools: violations.map((v) => v.tool),
+        });
+    },
+};
+export default DESC_012;
+//# sourceMappingURL=DESC-012.js.map

package/dist/rules/description/DESC-012.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DESC-012.js","sourceRoot":"","sources":["../../../src/rules/description/DESC-012.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,kBAAkB,GAAG;IACzB,eAAe;IACf,iCAAiC;IACjC,2BAA2B;IAC3B,kBAAkB;IAClB,oBAAoB;IACpB,eAAe;IACf,gBAAgB;IAChB,iCAAiC;IACjC,0BAA0B;IAC1B,eAAe;IACf,cAAc;IACd,aAAa;IACb,gBAAgB;IAChB,aAAa;IACb,0BAA0B;IAC1B,iBAAiB;IACjB,gBAAgB;IAChB,gFAAgF;IAChF,4CAA4C;IAC5C,0DAA0D;IAC1D,oCAAoC;CACrC,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,EAAE,EAAE,UAAU;IACd,QAAQ,EAAE,aAAa;IACvB,IAAI,EAAE,mCAAmC;IACzC,WAAW,EAAE,yDAAyD;IACtE,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,EAAE;IAEZ,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,gBAAgB,CAAC,UAAU,EAAE,EAAE,EAAE;gBACtC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA2C,EAAE,CAAC;QAE9D,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG;gBACnB,IAAI,CAAC,WAAW,IAAI,EAAE;gBACtB,IAAI,CAAC,IAAI,IAAI,EAAE;aAChB,CAAC;YAEF,oCAAoC;YACpC,IAAI,IAAI,CAAC,WAAW,EAAE,UAAU,EAAE,CAAC;gBACjC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClE,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;wBACzB,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;oBAC1C,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,aAAa,GAAa,EAAE,CAAC;YACnC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;gBAChC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;oBACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAClC,IAAI,KAAK,EAAE,CAAC;wBACV,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;iBACtC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,UAAU,EAAE,EAAE,EAAE;gBACtC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,uDAAuD;aACjE,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC,UAAU,EAAE,EAAE,EAAE;YACtC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,CAAC;YACR,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,gDAAgD;YAC7E,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,SAAS,CAAC,CAAC,IAAI,mCAAmC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5E;YACD,WAAW,EAAE;gBACX,yDAAyD;gBACzD,yFAAyF;gBACzF,8EAA8E;aAC/E;YACD,aAAa,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,eAAe,QAAQ,CAAC"}