diff --git a/README.md b/README.md index d4a2f41..8d0c200 100644 --- a/README.md +++ b/README.md @@ -343,7 +343,7 @@ By default, `/config-audit` auto-detects scope from your git context. Override w | `settings-validator.mjs` | SET | Schema violations, unknown/deprecated keys, type mismatches, permission issues | | `hook-validator.mjs` | HKV | Invalid format, missing scripts, wrong event names, timeout risks | | `rules-validator.mjs` | RUL | Bad glob patterns, orphaned rules, deprecated fields, unscoped rules | -| `mcp-config-validator.mjs` | MCP | Invalid server types, missing trust levels, exposed env vars | +| `mcp-config-validator.mjs` | MCP | Invalid server types, exposed env vars, unknown fields | | `import-resolver.mjs` | IMP | Broken @imports, circular references, deep chains, tilde path issues | | `conflict-detector.mjs` | CNF | Settings contradictions across scopes, permission conflicts, hook duplicates | | `feature-gap-scanner.mjs` | GAP | 25 feature checks — shown as opportunities, not grades | diff --git a/docs/cc-2.1.x-gap-matrix.md b/docs/cc-2.1.x-gap-matrix.md index 78b7019..77c9d25 100644 --- a/docs/cc-2.1.x-gap-matrix.md +++ b/docs/cc-2.1.x-gap-matrix.md @@ -51,7 +51,7 @@ Netto-nytt scanner-arbeid (DIS param-bevissthet, PLH shadow-folder-check, permis | hook `MessageDisplay` «unknown event» | `hook-validator.mjs` | Legg i `VALID_EVENTS` + knowledge | | hook `post-session` «unknown» | `hook-validator.mjs` | Legg i `VALID_EVENTS` (kebab, ≠ SessionEnd) | | stale «26 total» hook-count | `hook-validator.mjs:137` + `hook-events-reference.md:3` | 26 → 28 i takt med de to nye | -| MCP `trust` oppfunnet/enforced (**VERIFISER FØRST**) | `mcp-config-validator.mjs` | Hvis feltet ikke finnes i offisiell schema: demote/fjern CA-MCP-001 + koordiner på tvers av 5 knowledge/humanizer-filer | +| ✅ MCP `trust` oppfunnet (VERIFISERT 2026-06-18: ikke i offisiell `.mcp.json`-schema) | `mcp-config-validator.mjs` | DONE — fjernet CA-MCP-001 + «Invalid trust level»; `trust` droppet fra `VALID_SERVER_FIELDS` (stray `trust` → unknown field); humanizer + 5 knowledge-filer + fixturer scrubbet. Godkjenning er dialog/settings-basert (`enableAllProjectMcpServers`/`enabledMcpjsonServers`/`disabledMcpjsonServers`), aldri et JSON-felt. | | `feature-evolution.md`/`capabilities.md` frosset v2.1.111 | `knowledge/*` | Opus 4.8 default + Fable 5; `/simplify`→`/code-review` | ## Quick wins (S-effort, høy verdi) diff --git a/docs/scanner-internals.md b/docs/scanner-internals.md index 414823f..5db38ec 100644 --- a/docs/scanner-internals.md +++ b/docs/scanner-internals.md @@ -14,7 +14,7 @@ Scanner CLI: `node scanners/scan-orchestrator.mjs [--global] [--full-mach | `settings-validator.mjs` | SET | Schema, unknown/deprecated keys, type mismatches, permissions | | `hook-validator.mjs` | HKV | Format, script existence, event validity, timeouts | | `rules-validator.mjs` | RUL | Glob matching, orphan rules, deprecated fields, unscoped rules | -| `mcp-config-validator.mjs` | MCP | Server types, trust levels, env vars, unknown fields | +| `mcp-config-validator.mjs` | MCP | Server types, env vars, unknown fields | | `import-resolver.mjs` | IMP | Broken @imports, circular refs, deep chains, tilde paths | | `conflict-detector.mjs` | CNF | Settings conflicts, permission contradictions, hook duplicates | | `feature-gap-scanner.mjs` | GAP | 25 feature checks across 4 tiers — shown as opportunities, not grades | diff --git a/examples/optimal-setup/.mcp.json b/examples/optimal-setup/.mcp.json index dddf5e0..bfd5fa2 100644 --- a/examples/optimal-setup/.mcp.json +++ b/examples/optimal-setup/.mcp.json @@ -2,8 +2,7 @@ "mcpServers": { "filesystem": { "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-filesystem", "."], - "trust": "local" + "args": ["-y", "@modelcontextprotocol/server-filesystem", "."] } } } diff --git a/knowledge/anti-patterns.md b/knowledge/anti-patterns.md index 751fd20..6d68c7d 100644 --- a/knowledge/anti-patterns.md +++ b/knowledge/anti-patterns.md @@ -27,11 +27,10 @@ | 21 | Rules file glob doesn't match any project files | CA-RUL-002 | low | Fix the glob pattern. `src/**/*.ts` won't match `./src/file.ts` — test actual paths. | | 22 | Deprecated frontmatter field in rules file | CA-RUL-003 | low | Remove/replace deprecated fields. Check official docs for current frontmatter schema. | | 23 | `.claude/rules/` directory missing entirely | CA-RUL-004 | medium | Create directory and split CLAUDE.md by domain. Path-specific rules dramatically reduce context overhead. | -| 24 | MCP server with no trust level set | CA-MCP-001 | medium | Set `"trust": "workspace"` or `"trusted"` explicitly. Default is untrusted/sandboxed; may cause unexpected failures. | -| 25 | User MCP servers in project `.mcp.json` | CA-MCP-002 | low | Move personal MCP servers to `~/.claude.json`. Project `.mcp.json` is for servers the whole team needs. | -| 26 | No custom skills when team has repeated workflows | CA-GAP-001 | medium | Create skills for `/deploy`, `/review-pr`, `/fix-issue`. Repeated multi-step workflows are the target. | -| 27 | Custom agents without `description` field | CA-GAP-002 | medium | Add a description explaining when to delegate to this agent. Without it, Claude never auto-invokes it. | -| 28 | No hooks configured at all | CA-GAP-003 | high | Add at minimum a `Stop` hook for session summaries. Zero hooks is the most common high-value gap. | +| 24 | User MCP servers in project `.mcp.json` | CA-MCP-002 | low | Move personal MCP servers to `~/.claude.json`. Project `.mcp.json` is for servers the whole team needs. | +| 25 | No custom skills when team has repeated workflows | CA-GAP-001 | medium | Create skills for `/deploy`, `/review-pr`, `/fix-issue`. Repeated multi-step workflows are the target. | +| 26 | Custom agents without `description` field | CA-GAP-002 | medium | Add a description explaining when to delegate to this agent. Without it, Claude never auto-invokes it. | +| 27 | No hooks configured at all | CA-GAP-003 | high | Add at minimum a `Stop` hook for session summaries. Zero hooks is the most common high-value gap. | --- diff --git a/knowledge/claude-code-capabilities.md b/knowledge/claude-code-capabilities.md index 03fad1d..28cbe04 100644 --- a/knowledge/claude-code-capabilities.md +++ b/knowledge/claude-code-capabilities.md @@ -228,7 +228,7 @@ paths: ["src/**/*.ts"] "type": "stdio|http", "command": "...", "args": [...], "url": "...", - "env": {}, "timeout": 30000, "trust": "workspace|trusted|untrusted" + "env": {}, "timeout": 30000 } } } @@ -236,7 +236,7 @@ paths: ["src/**/*.ts"] **Fully utilizing:** Team-shared MCP servers (GitHub, Jira, DBs); MCP resources via `@server:path`; MCP prompts as slash commands; `enableAllProjectMcpServers: true` for zero-friction team onboarding. -**Common gaps:** No `.mcp.json`; MCP only configured in `~/.claude.json` (not shared); trust levels not set; MCP resources not used. +**Common gaps:** No `.mcp.json`; MCP only configured in `~/.claude.json` (not shared); project servers not approved via `enableAllProjectMcpServers`/`enabledMcpjsonServers`; MCP resources not used. --- diff --git a/knowledge/configuration-best-practices.md b/knowledge/configuration-best-practices.md index 5c0ba02..7d631c1 100644 --- a/knowledge/configuration-best-practices.md +++ b/knowledge/configuration-best-practices.md @@ -56,7 +56,7 @@ 1. **Commit `.mcp.json` to git.** Team-shared MCP servers belong in `.mcp.json` at project root, not in individual `~/.claude.json` files. One commit, everyone gets the servers. 2. **Set `enableAllProjectMcpServers: true` in project settings.json** for zero-friction team onboarding. New team members don't have to manually approve each server. -3. **Set trust levels explicitly.** `"trust": "workspace"` for project-specific servers; `"trust": "trusted"` only for servers you fully control. Default is untrusted (sandboxed). +3. **Approve servers via settings, not a `trust` field.** `.mcp.json` has no per-server `trust` key — approval is recorded by the workspace-trust and MCP-approval dialogs. For non-interactive, granular control set `enabledMcpjsonServers: ["memory", "github"]` / `disabledMcpjsonServers: [...]` in settings.json instead of approving each server by hand. 4. **Use `@server:resource/path` for dynamic data.** `@github:repos/owner/repo/issues` pulls live data into context. More reliable than asking Claude to fetch and parse. 5. **Deny MCP tools you don't want Claude to invoke.** `{"permissions": {"deny": ["mcp__filesystem__write_file"]}}` — even with a server connected, specific tools can be blocked. diff --git a/knowledge/gap-closure-templates.md b/knowledge/gap-closure-templates.md index 4e4fa91..efa4361 100644 --- a/knowledge/gap-closure-templates.md +++ b/knowledge/gap-closure-templates.md @@ -73,8 +73,7 @@ Create `.mcp.json` at project root: "memory": { "type": "stdio", "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-memory"], - "trust": "workspace" + "args": ["-y", "@modelcontextprotocol/server-memory"] } } } diff --git a/scanners/lib/humanizer-data.mjs b/scanners/lib/humanizer-data.mjs index f0a7eac..cc7feec 100644 --- a/scanners/lib/humanizer-data.mjs +++ b/scanners/lib/humanizer-data.mjs @@ -273,16 +273,6 @@ export const TRANSLATIONS = { description: 'The `type` field doesn\'t match one Claude Code knows how to start (typically `stdio`, `sse`, or `http`).', recommendation: 'Change the `type` to one of the supported values shown in the details.', }, - 'Invalid trust level': { - title: 'A connected service has an unrecognized trust setting', - description: 'Trust controls whether Claude can use the service\'s tools without asking.', - recommendation: 'Set the trust value to one of the accepted ones (see details).', - }, - 'Missing trust level': { - title: 'A connected service has no trust setting', - description: 'Without an explicit trust value, Claude has to ask before each tool use, which slows your work.', - recommendation: 'Add a trust value to the entry. The details show the accepted values.', - }, 'Unknown MCP server field': { title: 'A connected service has an unrecognized setting', description: 'The setting isn\'t one Claude Code reads, so it will be ignored.', diff --git a/scanners/mcp-config-validator.mjs b/scanners/mcp-config-validator.mjs index 20a84e0..010dfa3 100644 --- a/scanners/mcp-config-validator.mjs +++ b/scanners/mcp-config-validator.mjs @@ -1,6 +1,6 @@ /** * MCP Scanner — MCP Configuration Validator - * Validates .mcp.json files: server types, trust levels, env vars, unknown fields. + * Validates .mcp.json files: server types, env vars, unknown fields. * Finding IDs: CA-MCP-NNN */ @@ -13,9 +13,11 @@ import { truncate } from './lib/string-utils.mjs'; const SCANNER = 'MCP'; const VALID_SERVER_TYPES = new Set(['stdio', 'http', 'sse']); -const VALID_TRUST_LEVELS = new Set(['workspace', 'trusted', 'untrusted']); +// No `trust` field: MCP server approval is dialog/settings-based +// (enableAllProjectMcpServers / enabledMcpjsonServers / disabledMcpjsonServers), +// not a per-server .mcp.json field. Verified against code.claude.com/docs 2026-06-18. const VALID_SERVER_FIELDS = new Set([ - 'type', 'command', 'args', 'env', 'url', 'headers', 'timeout', 'trust', + 'type', 'command', 'args', 'env', 'url', 'headers', 'timeout', ]); // Match only bare ${IDENTIFIER} references. POSIX expansions like ${VAR%pattern} @@ -92,28 +94,6 @@ export async function scan(targetPath, discovery) { })); } - // Check trust level - if (!config.trust) { - findings.push(finding({ - scanner: SCANNER, - severity: SEVERITY.medium, - title: 'Missing trust level', - description: `${file.relPath}: Server "${name}" has no trust level configured.`, - file: file.absPath, - recommendation: 'Add "trust": "workspace"|"trusted"|"untrusted" to explicitly set the trust level.', - })); - } else if (!VALID_TRUST_LEVELS.has(config.trust)) { - findings.push(finding({ - scanner: SCANNER, - severity: SEVERITY.high, - title: 'Invalid trust level', - description: `${file.relPath}: Server "${name}" has invalid trust level "${config.trust}".`, - file: file.absPath, - evidence: `trust: "${config.trust}"`, - recommendation: 'Use one of: workspace, trusted, untrusted.', - })); - } - // Check for env var references in args without env block if (Array.isArray(config.args)) { for (const arg of config.args) { diff --git a/tests/fixtures/baseline-all-a/.mcp.json b/tests/fixtures/baseline-all-a/.mcp.json index 1fd7642..dd6ff25 100644 --- a/tests/fixtures/baseline-all-a/.mcp.json +++ b/tests/fixtures/baseline-all-a/.mcp.json @@ -3,8 +3,7 @@ "memory": { "type": "stdio", "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-memory"], - "trust": "workspace" + "args": ["-y", "@modelcontextprotocol/server-memory"] } } } diff --git a/tests/fixtures/healthy-project/.mcp.json b/tests/fixtures/healthy-project/.mcp.json index 5fb0cb8..00f9323 100644 --- a/tests/fixtures/healthy-project/.mcp.json +++ b/tests/fixtures/healthy-project/.mcp.json @@ -3,14 +3,12 @@ "memory": { "type": "stdio", "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-memory"], - "trust": "workspace" + "args": ["-y", "@modelcontextprotocol/server-memory"] }, "filesystem": { "type": "stdio", "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-filesystem", "./docs"], - "trust": "trusted" + "args": ["-y", "@modelcontextprotocol/server-filesystem", "./docs"] } } } diff --git a/tests/fixtures/marketplace-large/.mcp.json b/tests/fixtures/marketplace-large/.mcp.json index 8bcdcbc..18cacad 100644 --- a/tests/fixtures/marketplace-large/.mcp.json +++ b/tests/fixtures/marketplace-large/.mcp.json @@ -3,20 +3,17 @@ "memory": { "type": "stdio", "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-memory"], - "trust": "workspace" + "args": ["-y", "@modelcontextprotocol/server-memory"] }, "filesystem": { "type": "stdio", "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-filesystem", "./docs"], - "trust": "trusted" + "args": ["-y", "@modelcontextprotocol/server-filesystem", "./docs"] }, "github": { "type": "stdio", "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-github"], - "trust": "trusted" + "args": ["-y", "@modelcontextprotocol/server-github"] } } } diff --git a/tests/fixtures/marketplace-medium/.mcp.json b/tests/fixtures/marketplace-medium/.mcp.json index 1fd7642..dd6ff25 100644 --- a/tests/fixtures/marketplace-medium/.mcp.json +++ b/tests/fixtures/marketplace-medium/.mcp.json @@ -3,8 +3,7 @@ "memory": { "type": "stdio", "command": "npx", - "args": ["-y", "@modelcontextprotocol/server-memory"], - "trust": "workspace" + "args": ["-y", "@modelcontextprotocol/server-memory"] } } } diff --git a/tests/knowledge/knowledge-staleness.test.mjs b/tests/knowledge/knowledge-staleness.test.mjs index cf7da42..20a5cb5 100644 --- a/tests/knowledge/knowledge-staleness.test.mjs +++ b/tests/knowledge/knowledge-staleness.test.mjs @@ -73,3 +73,22 @@ test('claude-code-capabilities.md documents /config key=value', () => { const md = read('claude-code-capabilities.md'); assert.match(md, /\/config/, '/config key=value in-session settings (2.1.181)'); }); + +// MCP `trust` is NOT a real .mcp.json field (verified 2026-06-18 against +// code.claude.com/docs/en/mcp + /settings). Approval is dialog/settings-based. +// These guards stop the corpus from re-fabricating the field. +test('claude-code-capabilities.md does not resurrect the invented MCP `trust` field', () => { + const md = read('claude-code-capabilities.md'); + assert.doesNotMatch(md, /"trust":\s*"workspace/, + 'the fabricated `trust` field must not return to the .mcp.json schema example'); + assert.match(md, /enableAllProjectMcpServers|enabledMcpjsonServers/, + 'must document the real MCP approval mechanism'); +}); + +test('configuration-best-practices.md recommends real MCP approval, not a `trust` field', () => { + const md = read('configuration-best-practices.md'); + assert.match(md, /enabledMcpjsonServers|enableAllProjectMcpServers/, + 'must point to the real settings-based approval mechanism'); + assert.doesNotMatch(md, /Set trust levels explicitly/, + 'the invented "set trust levels" advice must be gone'); +}); diff --git a/tests/scanners/mcp-config-validator.test.mjs b/tests/scanners/mcp-config-validator.test.mjs index 58ce5d8..95b971b 100644 --- a/tests/scanners/mcp-config-validator.test.mjs +++ b/tests/scanners/mcp-config-validator.test.mjs @@ -81,13 +81,9 @@ describe('MCP scanner — broken project', () => { assert.equal(unknown.severity, 'high'); }); - it('detects missing trust level', () => { - assert.ok(result.findings.some(f => f.title.includes('Missing trust level'))); - }); - - it('missing trust is medium severity', () => { - const trust = result.findings.find(f => f.title.includes('Missing trust level')); - assert.equal(trust.severity, 'medium'); + it('does NOT flag any trust level — `trust` is not a real .mcp.json field (CC docs verified 2026-06-18)', () => { + assert.ok(!result.findings.some(f => /trust level/i.test(f.title)), + 'no "Missing trust level"/"Invalid trust level" findings: the field does not exist in the official schema'); }); it('detects unreferenced env vars in args', () => { @@ -103,6 +99,43 @@ describe('MCP scanner — broken project', () => { }); }); +describe('MCP scanner — stray `trust` field is an unknown field (verify-first, 2026-06-18)', () => { + let result; + let tmpRoot; + + beforeEach(async () => { + resetCounter(); + tmpRoot = await mkdtemp(join(tmpdir(), 'ca-mcp-trust-')); + // `trust` is NOT a field in the official .mcp.json schema (verified against + // code.claude.com/docs/en/mcp + /settings, 2026-06-18). Approval is + // dialog/settings-based (enableAllProjectMcpServers / enabledMcpjsonServers / + // disabledMcpjsonServers), never a per-server JSON field. + const mcp = { + mcpServers: { + legacy: { type: 'stdio', command: 'node', args: ['server.mjs'], trust: 'workspace' }, + }, + }; + await writeFile(join(tmpRoot, '.mcp.json'), JSON.stringify(mcp, null, 2) + '\n', 'utf8'); + const discovery = await discoverConfigFiles(tmpRoot); + result = await scan(tmpRoot, discovery); + }); + + afterEach(async () => { + if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true }); + }); + + it('flags `trust` as an unknown MCP server field', () => { + const f = result.findings.find(x => x.title.includes('Unknown MCP server field') + && /trust/.test(x.description || '')); + assert.ok(f, 'a `trust` field must now be reported as an unknown field'); + }); + + it('emits no "trust level" findings at all', () => { + assert.ok(!result.findings.some(x => /trust level/i.test(x.title)), + 'the invented trust-level checks must be gone'); + }); +}); + describe('MCP scanner — env-var false positives (CC 2.1.139/2.1.142, Batch 1)', () => { let tmpRoot; let envFindings; @@ -118,13 +151,11 @@ describe('MCP scanner — env-var false positives (CC 2.1.139/2.1.142, Batch 1)' // CLAUDE_PROJECT_DIR is auto-injected (CC 2.1.139); ${VAR%…}/${VAR:-…} // are POSIX expansions CC resolves (2.1.142) — none need an env block. args: ['${CLAUDE_PROJECT_DIR}/server.mjs', '--root', '${HOME%/}', '--cfg', '${CONFIG_DIR:-/etc}'], - trust: 'workspace', }, legacy: { type: 'stdio', command: 'node', args: ['${REAL_MISSING}'], - trust: 'workspace', }, }, }; diff --git a/tests/snapshots/default-output/scan-orchestrator.json b/tests/snapshots/default-output/scan-orchestrator.json index d3c67b7..534c529 100644 --- a/tests/snapshots/default-output/scan-orchestrator.json +++ b/tests/snapshots/default-output/scan-orchestrator.json @@ -481,7 +481,7 @@ }, { "source": ".mcp.json", - "estimated_tokens": 53, + "estimated_tokens": 45, "rank": 5, "recommendations": [ "Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.", @@ -490,7 +490,7 @@ "path": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium/.mcp.json" } ], - "total_estimated_tokens": 809, + "total_estimated_tokens": 801, "activeConfig": { "claudeMdEstimatedTokens": "", "mcpServerCount": 1, diff --git a/tests/snapshots/default-output/token-hotspots.json b/tests/snapshots/default-output/token-hotspots.json index d7cd374..b2c5912 100644 --- a/tests/snapshots/default-output/token-hotspots.json +++ b/tests/snapshots/default-output/token-hotspots.json @@ -5,7 +5,7 @@ "status": "ok", "files_scanned": 2, "duration_ms": 0, - "total_estimated_tokens": 809, + "total_estimated_tokens": 801, "hotspots": [ { "source": "mcp:memory (.mcp.json)", @@ -47,7 +47,7 @@ }, { "source": ".mcp.json", - "estimated_tokens": 53, + "estimated_tokens": 45, "rank": 5, "recommendations": [ "Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.", diff --git a/tests/snapshots/v5.0.0-stderr/posture.txt b/tests/snapshots/v5.0.0-stderr/posture.txt index 4814745..167d420 100644 --- a/tests/snapshots/v5.0.0-stderr/posture.txt +++ b/tests/snapshots/v5.0.0-stderr/posture.txt @@ -1,15 +1,15 @@ [CML] CLAUDE.md Linter: 1 finding(s) (14ms) - [SET] Settings Validator: 0 finding(s) (1ms) + [SET] Settings Validator: 0 finding(s) (2ms) [HKV] Hook Validator: 0 finding(s) (1ms) - [RUL] Rules Validator: 0 finding(s) (1ms) + [RUL] Rules Validator: 0 finding(s) (0ms) [MCP] MCP Config Validator: 0 finding(s) (0ms) - [IMP] Import Resolver: 0 finding(s) (1ms) + [IMP] Import Resolver: 0 finding(s) (2ms) [CNF] Conflict Detector: 0 finding(s) (1ms) [GAP] Feature Gap Scanner: 17 finding(s) (2ms) [TOK] Token Hotspots: 1 finding(s) (8ms) - [CPS] Cache-Prefix Stability: 0 finding(s) (1ms) - [DIS] Disabled-In-Schema: 0 finding(s) (0ms) - [COL] Plugin Skill Collision: 0 finding(s) (1ms) + [CPS] Cache-Prefix Stability: 0 finding(s) (0ms) + [DIS] Disabled-In-Schema: 0 finding(s) (1ms) + [COL] Plugin Skill Collision: 0 finding(s) (0ms) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Config-Audit Health Score diff --git a/tests/snapshots/v5.0.0/posture.json b/tests/snapshots/v5.0.0/posture.json index cf709c4..9d897b2 100644 --- a/tests/snapshots/v5.0.0/posture.json +++ b/tests/snapshots/v5.0.0/posture.json @@ -94,7 +94,7 @@ "scannerEnvelope": { "meta": { "target": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium", - "timestamp": "2026-06-18T11:03:14.339Z", + "timestamp": "2026-06-18T12:19:30.125Z", "version": "2.2.0", "tool": "config-audit" }, @@ -145,7 +145,7 @@ "scanner": "HKV", "status": "ok", "files_scanned": 1, - "duration_ms": 1, + "duration_ms": 2, "findings": [], "counts": { "critical": 0, @@ -187,7 +187,7 @@ "scanner": "IMP", "status": "ok", "files_scanned": 1, - "duration_ms": 1, + "duration_ms": 2, "findings": [], "counts": { "critical": 0, @@ -201,7 +201,7 @@ "scanner": "CNF", "status": "ok", "files_scanned": 2, - "duration_ms": 0, + "duration_ms": 1, "findings": [], "counts": { "critical": 0, @@ -451,7 +451,7 @@ "scanner": "TOK", "status": "ok", "files_scanned": 2, - "duration_ms": 8, + "duration_ms": 7, "findings": [ { "id": "CA-TOK-001", @@ -515,7 +515,7 @@ }, { "source": ".mcp.json", - "estimated_tokens": 53, + "estimated_tokens": 45, "rank": 5, "recommendations": [ "Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.", @@ -524,7 +524,7 @@ "path": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium/.mcp.json" } ], - "total_estimated_tokens": 809, + "total_estimated_tokens": 801, "activeConfig": { "claudeMdEstimatedTokens": 1639, "mcpServerCount": 1, @@ -536,20 +536,6 @@ "scanner": "CPS", "status": "ok", "files_scanned": 1, - "duration_ms": 1, - "findings": [], - "counts": { - "critical": 0, - "high": 0, - "medium": 0, - "low": 0, - "info": 0 - } - }, - { - "scanner": "DIS", - "status": "ok", - "files_scanned": 1, "duration_ms": 0, "findings": [], "counts": { @@ -560,11 +546,25 @@ "info": 0 } }, + { + "scanner": "DIS", + "status": "ok", + "files_scanned": 1, + "duration_ms": 1, + "findings": [], + "counts": { + "critical": 0, + "high": 0, + "medium": 0, + "low": 0, + "info": 0 + } + }, { "scanner": "COL", "status": "ok", "files_scanned": 0, - "duration_ms": 1, + "duration_ms": 0, "findings": [], "counts": { "critical": 0, diff --git a/tests/snapshots/v5.0.0/scan-orchestrator.json b/tests/snapshots/v5.0.0/scan-orchestrator.json index 3b8f5eb..4163784 100644 --- a/tests/snapshots/v5.0.0/scan-orchestrator.json +++ b/tests/snapshots/v5.0.0/scan-orchestrator.json @@ -1,7 +1,7 @@ { "meta": { "target": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium", - "timestamp": "2026-06-18T11:03:14.159Z", + "timestamp": "2026-06-18T12:19:29.934Z", "version": "2.2.0", "tool": "config-audit" }, @@ -422,7 +422,7 @@ }, { "source": ".mcp.json", - "estimated_tokens": 53, + "estimated_tokens": 45, "rank": 5, "recommendations": [ "Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.", @@ -431,7 +431,7 @@ "path": "/Users/ktg/repos/ktg-plugin-marketplace/config-audit/tests/fixtures/marketplace-medium/.mcp.json" } ], - "total_estimated_tokens": 809, + "total_estimated_tokens": 801, "activeConfig": { "claudeMdEstimatedTokens": 1639, "mcpServerCount": 1, @@ -457,7 +457,7 @@ "scanner": "DIS", "status": "ok", "files_scanned": 1, - "duration_ms": 0, + "duration_ms": 1, "findings": [], "counts": { "critical": 0, @@ -471,7 +471,7 @@ "scanner": "COL", "status": "ok", "files_scanned": 0, - "duration_ms": 1, + "duration_ms": 0, "findings": [], "counts": { "critical": 0, diff --git a/tests/snapshots/v5.0.0/token-hotspots.json b/tests/snapshots/v5.0.0/token-hotspots.json index 587ea02..d896198 100644 --- a/tests/snapshots/v5.0.0/token-hotspots.json +++ b/tests/snapshots/v5.0.0/token-hotspots.json @@ -3,7 +3,7 @@ "status": "ok", "files_scanned": 2, "duration_ms": 9, - "total_estimated_tokens": 809, + "total_estimated_tokens": 801, "hotspots": [ { "source": "mcp:memory (.mcp.json)", @@ -45,7 +45,7 @@ }, { "source": ".mcp.json", - "estimated_tokens": 53, + "estimated_tokens": 45, "rank": 5, "recommendations": [ "Deduplicate overlapping entries — each duplicate inflates the per-turn schema payload.",