fix(mcp-config-validator): remove invented trust field (verify-first)
`.mcp.json` has no per-server `trust` key — verified 2026-06-18 against code.claude.com/docs/en/mcp + /settings. MCP server approval is dialog/settings-based (enableAllProjectMcpServers / enabledMcpjsonServers / disabledMcpjsonServers), never a JSON field. The scanner's "Missing trust level" (CA-MCP-001, medium) and "Invalid trust level" (high) were false positives flagging a field that does not exist. - scanner: delete both trust checks + VALID_TRUST_LEVELS; drop `trust` from VALID_SERVER_FIELDS so a stray `trust` is now flagged as an unknown field - humanizer: remove the two trust-level entries - knowledge (5 files): point to the real approval mechanism, not a trust field - fixtures: scrub `trust` (incl. the invalid "local" in optimal-setup) - tests: flip assertions (no trust-level finding; stray trust -> unknown field) + add knowledge-staleness re-freeze guards - snapshots: reseed (marketplace-medium .mcp.json -8 tokens, hermetic) - gap-matrix: mark the trust verify-first item DONE Suite: 853/853 green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
This commit is contained in:
parent
624f5edabc
commit
b3c572ad46
22 changed files with 110 additions and 100 deletions
|
|
@ -343,7 +343,7 @@ By default, `/config-audit` auto-detects scope from your git context. Override w
|
|||
| `settings-validator.mjs` | SET | Schema violations, unknown/deprecated keys, type mismatches, permission issues |
|
||||
| `hook-validator.mjs` | HKV | Invalid format, missing scripts, wrong event names, timeout risks |
|
||||
| `rules-validator.mjs` | RUL | Bad glob patterns, orphaned rules, deprecated fields, unscoped rules |
|
||||
| `mcp-config-validator.mjs` | MCP | Invalid server types, missing trust levels, exposed env vars |
|
||||
| `mcp-config-validator.mjs` | MCP | Invalid server types, exposed env vars, unknown fields |
|
||||
| `import-resolver.mjs` | IMP | Broken @imports, circular references, deep chains, tilde path issues |
|
||||
| `conflict-detector.mjs` | CNF | Settings contradictions across scopes, permission conflicts, hook duplicates |
|
||||
| `feature-gap-scanner.mjs` | GAP | 25 feature checks — shown as opportunities, not grades |
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ Netto-nytt scanner-arbeid (DIS param-bevissthet, PLH shadow-folder-check, permis
|
|||
| hook `MessageDisplay` «unknown event» | `hook-validator.mjs` | Legg i `VALID_EVENTS` + knowledge |
|
||||
| hook `post-session` «unknown» | `hook-validator.mjs` | Legg i `VALID_EVENTS` (kebab, ≠ SessionEnd) |
|
||||
| stale «26 total» hook-count | `hook-validator.mjs:137` + `hook-events-reference.md:3` | 26 → 28 i takt med de to nye |
|
||||
| MCP `trust` oppfunnet/enforced (**VERIFISER FØRST**) | `mcp-config-validator.mjs` | Hvis feltet ikke finnes i offisiell schema: demote/fjern CA-MCP-001 + koordiner på tvers av 5 knowledge/humanizer-filer |
|
||||
| ✅ MCP `trust` oppfunnet (VERIFISERT 2026-06-18: ikke i offisiell `.mcp.json`-schema) | `mcp-config-validator.mjs` | DONE — fjernet CA-MCP-001 + «Invalid trust level»; `trust` droppet fra `VALID_SERVER_FIELDS` (stray `trust` → unknown field); humanizer + 5 knowledge-filer + fixturer scrubbet. Godkjenning er dialog/settings-basert (`enableAllProjectMcpServers`/`enabledMcpjsonServers`/`disabledMcpjsonServers`), aldri et JSON-felt. |
|
||||
| `feature-evolution.md`/`capabilities.md` frosset v2.1.111 | `knowledge/*` | Opus 4.8 default + Fable 5; `/simplify`→`/code-review` |
|
||||
|
||||
## Quick wins (S-effort, høy verdi)
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ Scanner CLI: `node scanners/scan-orchestrator.mjs <path> [--global] [--full-mach
|
|||
| `settings-validator.mjs` | SET | Schema, unknown/deprecated keys, type mismatches, permissions |
|
||||
| `hook-validator.mjs` | HKV | Format, script existence, event validity, timeouts |
|
||||
| `rules-validator.mjs` | RUL | Glob matching, orphan rules, deprecated fields, unscoped rules |
|
||||
| `mcp-config-validator.mjs` | MCP | Server types, trust levels, env vars, unknown fields |
|
||||
| `mcp-config-validator.mjs` | MCP | Server types, env vars, unknown fields |
|
||||
| `import-resolver.mjs` | IMP | Broken @imports, circular refs, deep chains, tilde paths |
|
||||
| `conflict-detector.mjs` | CNF | Settings conflicts, permission contradictions, hook duplicates |
|
||||
| `feature-gap-scanner.mjs` | GAP | 25 feature checks across 4 tiers — shown as opportunities, not grades |
|
||||
|
|
|
|||
|
|
@ -2,8 +2,7 @@
|
|||
"mcpServers": {
|
||||
"filesystem": {
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-filesystem", "."],
|
||||
"trust": "local"
|
||||
"args": ["-y", "@modelcontextprotocol/server-filesystem", "."]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,11 +27,10 @@
|
|||
| 21 | Rules file glob doesn't match any project files | CA-RUL-002 | low | Fix the glob pattern. `src/**/*.ts` won't match `./src/file.ts` — test actual paths. |
|
||||
| 22 | Deprecated frontmatter field in rules file | CA-RUL-003 | low | Remove/replace deprecated fields. Check official docs for current frontmatter schema. |
|
||||
| 23 | `.claude/rules/` directory missing entirely | CA-RUL-004 | medium | Create directory and split CLAUDE.md by domain. Path-specific rules dramatically reduce context overhead. |
|
||||
| 24 | MCP server with no trust level set | CA-MCP-001 | medium | Set `"trust": "workspace"` or `"trusted"` explicitly. Default is untrusted/sandboxed; may cause unexpected failures. |
|
||||
| 25 | User MCP servers in project `.mcp.json` | CA-MCP-002 | low | Move personal MCP servers to `~/.claude.json`. Project `.mcp.json` is for servers the whole team needs. |
|
||||
| 26 | No custom skills when team has repeated workflows | CA-GAP-001 | medium | Create skills for `/deploy`, `/review-pr`, `/fix-issue`. Repeated multi-step workflows are the target. |
|
||||
| 27 | Custom agents without `description` field | CA-GAP-002 | medium | Add a description explaining when to delegate to this agent. Without it, Claude never auto-invokes it. |
|
||||
| 28 | No hooks configured at all | CA-GAP-003 | high | Add at minimum a `Stop` hook for session summaries. Zero hooks is the most common high-value gap. |
|
||||
| 24 | User MCP servers in project `.mcp.json` | CA-MCP-002 | low | Move personal MCP servers to `~/.claude.json`. Project `.mcp.json` is for servers the whole team needs. |
|
||||
| 25 | No custom skills when team has repeated workflows | CA-GAP-001 | medium | Create skills for `/deploy`, `/review-pr`, `/fix-issue`. Repeated multi-step workflows are the target. |
|
||||
| 26 | Custom agents without `description` field | CA-GAP-002 | medium | Add a description explaining when to delegate to this agent. Without it, Claude never auto-invokes it. |
|
||||
| 27 | No hooks configured at all | CA-GAP-003 | high | Add at minimum a `Stop` hook for session summaries. Zero hooks is the most common high-value gap. |
|
||||
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -228,7 +228,7 @@ paths: ["src/**/*.ts"]
|
|||
"type": "stdio|http",
|
||||
"command": "...", "args": [...],
|
||||
"url": "...",
|
||||
"env": {}, "timeout": 30000, "trust": "workspace|trusted|untrusted"
|
||||
"env": {}, "timeout": 30000
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -236,7 +236,7 @@ paths: ["src/**/*.ts"]
|
|||
|
||||
**Fully utilizing:** Team-shared MCP servers (GitHub, Jira, DBs); MCP resources via `@server:path`; MCP prompts as slash commands; `enableAllProjectMcpServers: true` for zero-friction team onboarding.
|
||||
|
||||
**Common gaps:** No `.mcp.json`; MCP only configured in `~/.claude.json` (not shared); trust levels not set; MCP resources not used.
|
||||
**Common gaps:** No `.mcp.json`; MCP only configured in `~/.claude.json` (not shared); project servers not approved via `enableAllProjectMcpServers`/`enabledMcpjsonServers`; MCP resources not used.
|
||||
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@
|
|||
|
||||
1. **Commit `.mcp.json` to git.** Team-shared MCP servers belong in `.mcp.json` at project root, not in individual `~/.claude.json` files. One commit, everyone gets the servers.
|
||||
2. **Set `enableAllProjectMcpServers: true` in project settings.json** for zero-friction team onboarding. New team members don't have to manually approve each server.
|
||||
3. **Set trust levels explicitly.** `"trust": "workspace"` for project-specific servers; `"trust": "trusted"` only for servers you fully control. Default is untrusted (sandboxed).
|
||||
3. **Approve servers via settings, not a `trust` field.** `.mcp.json` has no per-server `trust` key — approval is recorded by the workspace-trust and MCP-approval dialogs. For non-interactive, granular control set `enabledMcpjsonServers: ["memory", "github"]` / `disabledMcpjsonServers: [...]` in settings.json instead of approving each server by hand.
|
||||
4. **Use `@server:resource/path` for dynamic data.** `@github:repos/owner/repo/issues` pulls live data into context. More reliable than asking Claude to fetch and parse.
|
||||
5. **Deny MCP tools you don't want Claude to invoke.** `{"permissions": {"deny": ["mcp__filesystem__write_file"]}}` — even with a server connected, specific tools can be blocked.
|
||||
|
||||
|
|
|
|||
|
|
@ -73,8 +73,7 @@ Create `.mcp.json` at project root:
|
|||
"memory": {
|
||||
"type": "stdio",
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"],
|
||||
"trust": "workspace"
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -273,16 +273,6 @@ export const TRANSLATIONS = {
|
|||
description: 'The `type` field doesn\'t match one Claude Code knows how to start (typically `stdio`, `sse`, or `http`).',
|
||||
recommendation: 'Change the `type` to one of the supported values shown in the details.',
|
||||
},
|
||||
'Invalid trust level': {
|
||||
title: 'A connected service has an unrecognized trust setting',
|
||||
description: 'Trust controls whether Claude can use the service\'s tools without asking.',
|
||||
recommendation: 'Set the trust value to one of the accepted ones (see details).',
|
||||
},
|
||||
'Missing trust level': {
|
||||
title: 'A connected service has no trust setting',
|
||||
description: 'Without an explicit trust value, Claude has to ask before each tool use, which slows your work.',
|
||||
recommendation: 'Add a trust value to the entry. The details show the accepted values.',
|
||||
},
|
||||
'Unknown MCP server field': {
|
||||
title: 'A connected service has an unrecognized setting',
|
||||
description: 'The setting isn\'t one Claude Code reads, so it will be ignored.',
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/**
|
||||
* MCP Scanner — MCP Configuration Validator
|
||||
* Validates .mcp.json files: server types, trust levels, env vars, unknown fields.
|
||||
* Validates .mcp.json files: server types, env vars, unknown fields.
|
||||
* Finding IDs: CA-MCP-NNN
|
||||
*/
|
||||
|
||||
|
|
@ -13,9 +13,11 @@ import { truncate } from './lib/string-utils.mjs';
|
|||
const SCANNER = 'MCP';
|
||||
|
||||
const VALID_SERVER_TYPES = new Set(['stdio', 'http', 'sse']);
|
||||
const VALID_TRUST_LEVELS = new Set(['workspace', 'trusted', 'untrusted']);
|
||||
// No `trust` field: MCP server approval is dialog/settings-based
|
||||
// (enableAllProjectMcpServers / enabledMcpjsonServers / disabledMcpjsonServers),
|
||||
// not a per-server .mcp.json field. Verified against code.claude.com/docs 2026-06-18.
|
||||
const VALID_SERVER_FIELDS = new Set([
|
||||
'type', 'command', 'args', 'env', 'url', 'headers', 'timeout', 'trust',
|
||||
'type', 'command', 'args', 'env', 'url', 'headers', 'timeout',
|
||||
]);
|
||||
|
||||
// Match only bare ${IDENTIFIER} references. POSIX expansions like ${VAR%pattern}
|
||||
|
|
@ -92,28 +94,6 @@ export async function scan(targetPath, discovery) {
|
|||
}));
|
||||
}
|
||||
|
||||
// Check trust level
|
||||
if (!config.trust) {
|
||||
findings.push(finding({
|
||||
scanner: SCANNER,
|
||||
severity: SEVERITY.medium,
|
||||
title: 'Missing trust level',
|
||||
description: `${file.relPath}: Server "${name}" has no trust level configured.`,
|
||||
file: file.absPath,
|
||||
recommendation: 'Add "trust": "workspace"|"trusted"|"untrusted" to explicitly set the trust level.',
|
||||
}));
|
||||
} else if (!VALID_TRUST_LEVELS.has(config.trust)) {
|
||||
findings.push(finding({
|
||||
scanner: SCANNER,
|
||||
severity: SEVERITY.high,
|
||||
title: 'Invalid trust level',
|
||||
description: `${file.relPath}: Server "${name}" has invalid trust level "${config.trust}".`,
|
||||
file: file.absPath,
|
||||
evidence: `trust: "${config.trust}"`,
|
||||
recommendation: 'Use one of: workspace, trusted, untrusted.',
|
||||
}));
|
||||
}
|
||||
|
||||
// Check for env var references in args without env block
|
||||
if (Array.isArray(config.args)) {
|
||||
for (const arg of config.args) {
|
||||
|
|
|
|||
3
tests/fixtures/baseline-all-a/.mcp.json
vendored
3
tests/fixtures/baseline-all-a/.mcp.json
vendored
|
|
@ -3,8 +3,7 @@
|
|||
"memory": {
|
||||
"type": "stdio",
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"],
|
||||
"trust": "workspace"
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
6
tests/fixtures/healthy-project/.mcp.json
vendored
6
tests/fixtures/healthy-project/.mcp.json
vendored
|
|
@ -3,14 +3,12 @@
|
|||
"memory": {
|
||||
"type": "stdio",
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"],
|
||||
"trust": "workspace"
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"]
|
||||
},
|
||||
"filesystem": {
|
||||
"type": "stdio",
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-filesystem", "./docs"],
|
||||
"trust": "trusted"
|
||||
"args": ["-y", "@modelcontextprotocol/server-filesystem", "./docs"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
9
tests/fixtures/marketplace-large/.mcp.json
vendored
9
tests/fixtures/marketplace-large/.mcp.json
vendored
|
|
@ -3,20 +3,17 @@
|
|||
"memory": {
|
||||
"type": "stdio",
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"],
|
||||
"trust": "workspace"
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"]
|
||||
},
|
||||
"filesystem": {
|
||||
"type": "stdio",
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-filesystem", "./docs"],
|
||||
"trust": "trusted"
|
||||
"args": ["-y", "@modelcontextprotocol/server-filesystem", "./docs"]
|
||||
},
|
||||
"github": {
|
||||
"type": "stdio",
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-github"],
|
||||
"trust": "trusted"
|
||||
"args": ["-y", "@modelcontextprotocol/server-github"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
3
tests/fixtures/marketplace-medium/.mcp.json
vendored
3
tests/fixtures/marketplace-medium/.mcp.json
vendored
|
|
@ -3,8 +3,7 @@
|
|||
"memory": {
|
||||
"type": "stdio",
|
||||
"command": "npx",
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"],
|
||||
"trust": "workspace"
|
||||
"args": ["-y", "@modelcontextprotocol/server-memory"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -73,3 +73,22 @@ test('claude-code-capabilities.md documents /config key=value', () => {
|
|||
const md = read('claude-code-capabilities.md');
|
||||
assert.match(md, /\/config/, '/config key=value in-session settings (2.1.181)');
|
||||
});
|
||||
|
||||
// MCP `trust` is NOT a real .mcp.json field (verified 2026-06-18 against
|
||||
// code.claude.com/docs/en/mcp + /settings). Approval is dialog/settings-based.
|
||||
// These guards stop the corpus from re-fabricating the field.
|
||||
test('claude-code-capabilities.md does not resurrect the invented MCP `trust` field', () => {
|
||||
const md = read('claude-code-capabilities.md');
|
||||
assert.doesNotMatch(md, /"trust":\s*"workspace/,
|
||||
'the fabricated `trust` field must not return to the .mcp.json schema example');
|
||||
assert.match(md, /enableAllProjectMcpServers|enabledMcpjsonServers/,
|
||||
'must document the real MCP approval mechanism');
|
||||
});
|
||||
|
||||
test('configuration-best-practices.md recommends real MCP approval, not a `trust` field', () => {
|
||||
const md = read('configuration-best-practices.md');
|
||||
assert.match(md, /enabledMcpjsonServers|enableAllProjectMcpServers/,
|
||||
'must point to the real settings-based approval mechanism');
|
||||
assert.doesNotMatch(md, /Set trust levels explicitly/,
|
||||
'the invented "set trust levels" advice must be gone');
|
||||
});
|
||||
|
|
|
|||
|
|
@ -81,13 +81,9 @@ describe('MCP scanner — broken project', () => {
|
|||
assert.equal(unknown.severity, 'high');
|
||||
});
|
||||
|
||||
it('detects missing trust level', () => {
|
||||
assert.ok(result.findings.some(f => f.title.includes('Missing trust level')));
|
||||
});
|
||||
|
||||
it('missing trust is medium severity', () => {
|
||||
const trust = result.findings.find(f => f.title.includes('Missing trust level'));
|
||||
assert.equal(trust.severity, 'medium');
|
||||
it('does NOT flag any trust level — `trust` is not a real .mcp.json field (CC docs verified 2026-06-18)', () => {
|
||||
assert.ok(!result.findings.some(f => /trust level/i.test(f.title)),
|
||||
'no "Missing trust level"/"Invalid trust level" findings: the field does not exist in the official schema');
|
||||
});
|
||||
|
||||
it('detects unreferenced env vars in args', () => {
|
||||
|
|
@ -103,6 +99,43 @@ describe('MCP scanner — broken project', () => {
|
|||
});
|
||||
});
|
||||
|
||||
describe('MCP scanner — stray `trust` field is an unknown field (verify-first, 2026-06-18)', () => {
|
||||
let result;
|
||||
let tmpRoot;
|
||||
|
||||
beforeEach(async () => {
|
||||
resetCounter();
|
||||
tmpRoot = await mkdtemp(join(tmpdir(), 'ca-mcp-trust-'));
|
||||
// `trust` is NOT a field in the official .mcp.json schema (verified against
|
||||
// code.claude.com/docs/en/mcp + /settings, 2026-06-18). Approval is
|
||||
// dialog/settings-based (enableAllProjectMcpServers / enabledMcpjsonServers /
|
||||
// disabledMcpjsonServers), never a per-server JSON field.
|
||||
const mcp = {
|
||||
mcpServers: {
|
||||
legacy: { type: 'stdio', command: 'node', args: ['server.mjs'], trust: 'workspace' },
|
||||
},
|
||||
};
|
||||
await writeFile(join(tmpRoot, '.mcp.json'), JSON.stringify(mcp, null, 2) + '\n', 'utf8');
|
||||
const discovery = await discoverConfigFiles(tmpRoot);
|
||||
result = await scan(tmpRoot, discovery);
|
||||
});
|
||||
|
||||
afterEach(async () => {
|
||||
if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true });
|
||||
});
|
||||
|
||||
it('flags `trust` as an unknown MCP server field', () => {
|
||||
const f = result.findings.find(x => x.title.includes('Unknown MCP server field')
|
||||
&& /trust/.test(x.description || ''));
|
||||
assert.ok(f, 'a `trust` field must now be reported as an unknown field');
|
||||
});
|
||||
|
||||
it('emits no "trust level" findings at all', () => {
|
||||
assert.ok(!result.findings.some(x => /trust level/i.test(x.title)),
|
||||
'the invented trust-level checks must be gone');
|
||||
});
|
||||
});
|
||||
|
||||
describe('MCP scanner — env-var false positives (CC 2.1.139/2.1.142, Batch 1)', () => {
|
||||
let tmpRoot;
|
||||
let envFindings;
|
||||
|
|
@ -118,13 +151,11 @@ describe('MCP scanner — env-var false positives (CC 2.1.139/2.1.142, Batch 1)'
|
|||
// CLAUDE_PROJECT_DIR is auto-injected (CC 2.1.139); ${VAR%…}/${VAR:-…}
|
||||
// are POSIX expansions CC resolves (2.1.142) — none need an env block.
|
||||
args: ['${CLAUDE_PROJECT_DIR}/server.mjs', '--root', '${HOME%/}', '--cfg', '${CONFIG_DIR:-/etc}'],
|
||||
trust: 'workspace',
|
||||
},
|
||||
legacy: {
|
||||
type: 'stdio',
|
||||
command: 'node',
|
||||
args: ['${REAL_MISSING}'],
|
||||
trust: 'workspace',
|
||||
},
|
||||
},
|
||||
};
|
||||
|
|
|
|||
|
|
@ -481,7 +481,7 @@
|
|||
},
|
||||
{
|
||||
"source": ".mcp.json",
|
||||
"estimated_tokens": 53,
|
||||
"estimated_tokens": 45,
|
||||
"rank": 5,
|
||||
"recommendations": [
|
||||
"Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.",
|
||||
|
|
@ -490,7 +490,7 @@
|
|||
"path": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium/.mcp.json"
|
||||
}
|
||||
],
|
||||
"total_estimated_tokens": 809,
|
||||
"total_estimated_tokens": 801,
|
||||
"activeConfig": {
|
||||
"claudeMdEstimatedTokens": "<ANCESTOR_DERIVED>",
|
||||
"mcpServerCount": 1,
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"status": "ok",
|
||||
"files_scanned": 2,
|
||||
"duration_ms": 0,
|
||||
"total_estimated_tokens": 809,
|
||||
"total_estimated_tokens": 801,
|
||||
"hotspots": [
|
||||
{
|
||||
"source": "mcp:memory (.mcp.json)",
|
||||
|
|
@ -47,7 +47,7 @@
|
|||
},
|
||||
{
|
||||
"source": ".mcp.json",
|
||||
"estimated_tokens": 53,
|
||||
"estimated_tokens": 45,
|
||||
"rank": 5,
|
||||
"recommendations": [
|
||||
"Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.",
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
[CML] CLAUDE.md Linter: 1 finding(s) (14ms)
|
||||
[SET] Settings Validator: 0 finding(s) (1ms)
|
||||
[SET] Settings Validator: 0 finding(s) (2ms)
|
||||
[HKV] Hook Validator: 0 finding(s) (1ms)
|
||||
[RUL] Rules Validator: 0 finding(s) (1ms)
|
||||
[RUL] Rules Validator: 0 finding(s) (0ms)
|
||||
[MCP] MCP Config Validator: 0 finding(s) (0ms)
|
||||
[IMP] Import Resolver: 0 finding(s) (1ms)
|
||||
[IMP] Import Resolver: 0 finding(s) (2ms)
|
||||
[CNF] Conflict Detector: 0 finding(s) (1ms)
|
||||
[GAP] Feature Gap Scanner: 17 finding(s) (2ms)
|
||||
[TOK] Token Hotspots: 1 finding(s) (8ms)
|
||||
[CPS] Cache-Prefix Stability: 0 finding(s) (1ms)
|
||||
[DIS] Disabled-In-Schema: 0 finding(s) (0ms)
|
||||
[COL] Plugin Skill Collision: 0 finding(s) (1ms)
|
||||
[CPS] Cache-Prefix Stability: 0 finding(s) (0ms)
|
||||
[DIS] Disabled-In-Schema: 0 finding(s) (1ms)
|
||||
[COL] Plugin Skill Collision: 0 finding(s) (0ms)
|
||||
|
||||
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
||||
Config-Audit Health Score
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@
|
|||
"scannerEnvelope": {
|
||||
"meta": {
|
||||
"target": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium",
|
||||
"timestamp": "2026-06-18T11:03:14.339Z",
|
||||
"timestamp": "2026-06-18T12:19:30.125Z",
|
||||
"version": "2.2.0",
|
||||
"tool": "config-audit"
|
||||
},
|
||||
|
|
@ -145,7 +145,7 @@
|
|||
"scanner": "HKV",
|
||||
"status": "ok",
|
||||
"files_scanned": 1,
|
||||
"duration_ms": 1,
|
||||
"duration_ms": 2,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
"critical": 0,
|
||||
|
|
@ -187,7 +187,7 @@
|
|||
"scanner": "IMP",
|
||||
"status": "ok",
|
||||
"files_scanned": 1,
|
||||
"duration_ms": 1,
|
||||
"duration_ms": 2,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
"critical": 0,
|
||||
|
|
@ -201,7 +201,7 @@
|
|||
"scanner": "CNF",
|
||||
"status": "ok",
|
||||
"files_scanned": 2,
|
||||
"duration_ms": 0,
|
||||
"duration_ms": 1,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
"critical": 0,
|
||||
|
|
@ -451,7 +451,7 @@
|
|||
"scanner": "TOK",
|
||||
"status": "ok",
|
||||
"files_scanned": 2,
|
||||
"duration_ms": 8,
|
||||
"duration_ms": 7,
|
||||
"findings": [
|
||||
{
|
||||
"id": "CA-TOK-001",
|
||||
|
|
@ -515,7 +515,7 @@
|
|||
},
|
||||
{
|
||||
"source": ".mcp.json",
|
||||
"estimated_tokens": 53,
|
||||
"estimated_tokens": 45,
|
||||
"rank": 5,
|
||||
"recommendations": [
|
||||
"Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.",
|
||||
|
|
@ -524,7 +524,7 @@
|
|||
"path": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium/.mcp.json"
|
||||
}
|
||||
],
|
||||
"total_estimated_tokens": 809,
|
||||
"total_estimated_tokens": 801,
|
||||
"activeConfig": {
|
||||
"claudeMdEstimatedTokens": 1639,
|
||||
"mcpServerCount": 1,
|
||||
|
|
@ -536,20 +536,6 @@
|
|||
"scanner": "CPS",
|
||||
"status": "ok",
|
||||
"files_scanned": 1,
|
||||
"duration_ms": 1,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
"critical": 0,
|
||||
"high": 0,
|
||||
"medium": 0,
|
||||
"low": 0,
|
||||
"info": 0
|
||||
}
|
||||
},
|
||||
{
|
||||
"scanner": "DIS",
|
||||
"status": "ok",
|
||||
"files_scanned": 1,
|
||||
"duration_ms": 0,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
|
|
@ -560,11 +546,25 @@
|
|||
"info": 0
|
||||
}
|
||||
},
|
||||
{
|
||||
"scanner": "DIS",
|
||||
"status": "ok",
|
||||
"files_scanned": 1,
|
||||
"duration_ms": 1,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
"critical": 0,
|
||||
"high": 0,
|
||||
"medium": 0,
|
||||
"low": 0,
|
||||
"info": 0
|
||||
}
|
||||
},
|
||||
{
|
||||
"scanner": "COL",
|
||||
"status": "ok",
|
||||
"files_scanned": 0,
|
||||
"duration_ms": 1,
|
||||
"duration_ms": 0,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
"critical": 0,
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"meta": {
|
||||
"target": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium",
|
||||
"timestamp": "2026-06-18T11:03:14.159Z",
|
||||
"timestamp": "2026-06-18T12:19:29.934Z",
|
||||
"version": "2.2.0",
|
||||
"tool": "config-audit"
|
||||
},
|
||||
|
|
@ -422,7 +422,7 @@
|
|||
},
|
||||
{
|
||||
"source": ".mcp.json",
|
||||
"estimated_tokens": 53,
|
||||
"estimated_tokens": 45,
|
||||
"rank": 5,
|
||||
"recommendations": [
|
||||
"Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.",
|
||||
|
|
@ -431,7 +431,7 @@
|
|||
"path": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium/.mcp.json"
|
||||
}
|
||||
],
|
||||
"total_estimated_tokens": 809,
|
||||
"total_estimated_tokens": 801,
|
||||
"activeConfig": {
|
||||
"claudeMdEstimatedTokens": 1639,
|
||||
"mcpServerCount": 1,
|
||||
|
|
@ -457,7 +457,7 @@
|
|||
"scanner": "DIS",
|
||||
"status": "ok",
|
||||
"files_scanned": 1,
|
||||
"duration_ms": 0,
|
||||
"duration_ms": 1,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
"critical": 0,
|
||||
|
|
@ -471,7 +471,7 @@
|
|||
"scanner": "COL",
|
||||
"status": "ok",
|
||||
"files_scanned": 0,
|
||||
"duration_ms": 1,
|
||||
"duration_ms": 0,
|
||||
"findings": [],
|
||||
"counts": {
|
||||
"critical": 0,
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
"status": "ok",
|
||||
"files_scanned": 2,
|
||||
"duration_ms": 9,
|
||||
"total_estimated_tokens": 809,
|
||||
"total_estimated_tokens": 801,
|
||||
"hotspots": [
|
||||
{
|
||||
"source": "mcp:memory (.mcp.json)",
|
||||
|
|
@ -45,7 +45,7 @@
|
|||
},
|
||||
{
|
||||
"source": ".mcp.json",
|
||||
"estimated_tokens": 53,
|
||||
"estimated_tokens": 45,
|
||||
"rank": 5,
|
||||
"recommendations": [
|
||||
"Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue