`.mcp.json` has no per-server `trust` key — verified 2026-06-18 against code.claude.com/docs/en/mcp + /settings. MCP server approval is dialog/settings-based (enableAllProjectMcpServers / enabledMcpjsonServers / disabledMcpjsonServers), never a JSON field. The scanner's "Missing trust level" (CA-MCP-001, medium) and "Invalid trust level" (high) were false positives flagging a field that does not exist. - scanner: delete both trust checks + VALID_TRUST_LEVELS; drop `trust` from VALID_SERVER_FIELDS so a stray `trust` is now flagged as an unknown field - humanizer: remove the two trust-level entries - knowledge (5 files): point to the real approval mechanism, not a trust field - fixtures: scrub `trust` (incl. the invalid "local" in optimal-setup) - tests: flip assertions (no trust-level finding; stray trust -> unknown field) + add knowledge-staleness re-freeze guards - snapshots: reseed (marketplace-medium .mcp.json -8 tokens, hermetic) - gap-matrix: mark the trust verify-first item DONE Suite: 853/853 green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
221 lines
7.5 KiB
JavaScript
221 lines
7.5 KiB
JavaScript
import { describe, it, beforeEach, afterEach } from 'node:test';
|
|
import assert from 'node:assert/strict';
|
|
import { resolve, join } from 'node:path';
|
|
import { fileURLToPath } from 'node:url';
|
|
import { mkdtemp, writeFile, rm } from 'node:fs/promises';
|
|
import { tmpdir } from 'node:os';
|
|
import { resetCounter } from '../../scanners/lib/output.mjs';
|
|
import { discoverConfigFiles } from '../../scanners/lib/file-discovery.mjs';
|
|
import { scan } from '../../scanners/mcp-config-validator.mjs';
|
|
|
|
const __dirname = fileURLToPath(new URL('.', import.meta.url));
|
|
const FIXTURES = resolve(__dirname, '../fixtures');
|
|
|
|
describe('MCP scanner — healthy project', () => {
|
|
let result;
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'healthy-project'));
|
|
result = await scan(resolve(FIXTURES, 'healthy-project'), discovery);
|
|
});
|
|
|
|
it('returns status ok', () => {
|
|
assert.equal(result.status, 'ok');
|
|
});
|
|
|
|
it('reports scanner prefix MCP', () => {
|
|
assert.equal(result.scanner, 'MCP');
|
|
});
|
|
|
|
it('scans at least 1 file', () => {
|
|
assert.ok(result.files_scanned >= 1);
|
|
});
|
|
|
|
it('has no critical or high findings', () => {
|
|
assert.equal(result.counts.critical, 0);
|
|
assert.equal(result.counts.high, 0);
|
|
});
|
|
|
|
it('finding IDs match CA-MCP-NNN pattern', () => {
|
|
for (const f of result.findings) {
|
|
assert.match(f.id, /^CA-MCP-\d{3}$/);
|
|
}
|
|
});
|
|
|
|
it('has counts object with all severity levels', () => {
|
|
assert.ok('critical' in result.counts);
|
|
assert.ok('high' in result.counts);
|
|
assert.ok('medium' in result.counts);
|
|
assert.ok('low' in result.counts);
|
|
assert.ok('info' in result.counts);
|
|
});
|
|
});
|
|
|
|
describe('MCP scanner — broken project', () => {
|
|
let result;
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'broken-project'));
|
|
result = await scan(resolve(FIXTURES, 'broken-project'), discovery);
|
|
});
|
|
|
|
it('returns status ok', () => {
|
|
assert.equal(result.status, 'ok');
|
|
});
|
|
|
|
it('detects SSE server type', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('SSE')));
|
|
});
|
|
|
|
it('SSE recommendation is info severity', () => {
|
|
const sse = result.findings.find(f => f.title.includes('SSE'));
|
|
assert.equal(sse.severity, 'info');
|
|
});
|
|
|
|
it('detects unknown server type', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('Unknown MCP server type')));
|
|
});
|
|
|
|
it('unknown server type is high severity', () => {
|
|
const unknown = result.findings.find(f => f.title.includes('Unknown MCP server type'));
|
|
assert.equal(unknown.severity, 'high');
|
|
});
|
|
|
|
it('does NOT flag any trust level — `trust` is not a real .mcp.json field (CC docs verified 2026-06-18)', () => {
|
|
assert.ok(!result.findings.some(f => /trust level/i.test(f.title)),
|
|
'no "Missing trust level"/"Invalid trust level" findings: the field does not exist in the official schema');
|
|
});
|
|
|
|
it('detects unreferenced env vars in args', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('Unreferenced env var')));
|
|
});
|
|
|
|
it('detects unknown server fields', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('Unknown MCP server field')));
|
|
});
|
|
|
|
it('has multiple findings', () => {
|
|
assert.ok(result.findings.length >= 5);
|
|
});
|
|
});
|
|
|
|
describe('MCP scanner — stray `trust` field is an unknown field (verify-first, 2026-06-18)', () => {
|
|
let result;
|
|
let tmpRoot;
|
|
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
tmpRoot = await mkdtemp(join(tmpdir(), 'ca-mcp-trust-'));
|
|
// `trust` is NOT a field in the official .mcp.json schema (verified against
|
|
// code.claude.com/docs/en/mcp + /settings, 2026-06-18). Approval is
|
|
// dialog/settings-based (enableAllProjectMcpServers / enabledMcpjsonServers /
|
|
// disabledMcpjsonServers), never a per-server JSON field.
|
|
const mcp = {
|
|
mcpServers: {
|
|
legacy: { type: 'stdio', command: 'node', args: ['server.mjs'], trust: 'workspace' },
|
|
},
|
|
};
|
|
await writeFile(join(tmpRoot, '.mcp.json'), JSON.stringify(mcp, null, 2) + '\n', 'utf8');
|
|
const discovery = await discoverConfigFiles(tmpRoot);
|
|
result = await scan(tmpRoot, discovery);
|
|
});
|
|
|
|
afterEach(async () => {
|
|
if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true });
|
|
});
|
|
|
|
it('flags `trust` as an unknown MCP server field', () => {
|
|
const f = result.findings.find(x => x.title.includes('Unknown MCP server field')
|
|
&& /trust/.test(x.description || ''));
|
|
assert.ok(f, 'a `trust` field must now be reported as an unknown field');
|
|
});
|
|
|
|
it('emits no "trust level" findings at all', () => {
|
|
assert.ok(!result.findings.some(x => /trust level/i.test(x.title)),
|
|
'the invented trust-level checks must be gone');
|
|
});
|
|
});
|
|
|
|
describe('MCP scanner — env-var false positives (CC 2.1.139/2.1.142, Batch 1)', () => {
|
|
let tmpRoot;
|
|
let envFindings;
|
|
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
tmpRoot = await mkdtemp(join(tmpdir(), 'ca-mcp-env-'));
|
|
const mcp = {
|
|
mcpServers: {
|
|
proj: {
|
|
type: 'stdio',
|
|
command: 'node',
|
|
// CLAUDE_PROJECT_DIR is auto-injected (CC 2.1.139); ${VAR%…}/${VAR:-…}
|
|
// are POSIX expansions CC resolves (2.1.142) — none need an env block.
|
|
args: ['${CLAUDE_PROJECT_DIR}/server.mjs', '--root', '${HOME%/}', '--cfg', '${CONFIG_DIR:-/etc}'],
|
|
},
|
|
legacy: {
|
|
type: 'stdio',
|
|
command: 'node',
|
|
args: ['${REAL_MISSING}'],
|
|
},
|
|
},
|
|
};
|
|
await writeFile(join(tmpRoot, '.mcp.json'), JSON.stringify(mcp, null, 2) + '\n', 'utf8');
|
|
const discovery = await discoverConfigFiles(tmpRoot);
|
|
const result = await scan(tmpRoot, discovery);
|
|
envFindings = result.findings.filter(f => f.title === 'Unreferenced env var in args');
|
|
});
|
|
|
|
afterEach(async () => {
|
|
if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true });
|
|
});
|
|
|
|
it('does NOT flag ${CLAUDE_PROJECT_DIR} (auto-injected runtime var)', () => {
|
|
const f = envFindings.find(x => /CLAUDE_PROJECT_DIR/.test(x.description || ''));
|
|
assert.equal(f, undefined, 'CLAUDE_PROJECT_DIR must be allowlisted');
|
|
});
|
|
|
|
it('does NOT flag POSIX expansions ${VAR%…} / ${VAR:-…}', () => {
|
|
const f = envFindings.find(x => /HOME|CONFIG_DIR/.test(x.description || ''));
|
|
assert.equal(f, undefined, 'POSIX operator expansions are not env-var references');
|
|
});
|
|
|
|
it('STILL flags a genuine bare unreferenced var', () => {
|
|
assert.equal(envFindings.length, 1,
|
|
`expected exactly REAL_MISSING; got: ${envFindings.map(f => f.description).join(' | ')}`);
|
|
assert.match(envFindings[0].description || '', /REAL_MISSING/);
|
|
});
|
|
});
|
|
|
|
describe('MCP scanner — empty project', () => {
|
|
let result;
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'empty-project'));
|
|
result = await scan(resolve(FIXTURES, 'empty-project'), discovery);
|
|
});
|
|
|
|
it('returns skipped status', () => {
|
|
assert.equal(result.status, 'skipped');
|
|
});
|
|
|
|
it('has 0 findings', () => {
|
|
assert.equal(result.findings.length, 0);
|
|
});
|
|
});
|
|
|
|
describe('MCP scanner — minimal project', () => {
|
|
let result;
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'minimal-project'));
|
|
result = await scan(resolve(FIXTURES, 'minimal-project'), discovery);
|
|
});
|
|
|
|
it('returns skipped when no .mcp.json', () => {
|
|
assert.equal(result.status, 'skipped');
|
|
});
|
|
|
|
it('has 0 findings', () => {
|
|
assert.equal(result.findings.length, 0);
|
|
});
|
|
});
|