v0.12.0
v0.12.0: Static Analysis Engine + Auto-Fix
24 Lint Rules (was 10)
The lint command now has 24 rules that catch agent-breaking schema issues before runtime. 14 new rules added this release:
| Code | What it catches |
|---|---|
| E105 | Unconstrained strings flowing between tools (free text propagation) |
| E107 | Circular dependencies in tool graph (agents loop forever) |
| E112 | Sensitive parameters exposed (password, api_key, token) |
| E113 | Duplicate tool names |
| W107 | Non-deterministic output (same input, different results) |
| W108 | Hidden side effects (name says "create" but description doesn't acknowledge) |
| W109 | Missing examples on user-facing params (query, email, url) |
| W110 | Schema-description drift (>50% params not mentioned in description) |
| W111 | Description too short (<20 chars) or too long (>500 chars) |
| W112 | Server exposes >20 tools (LLM accuracy degrades) |
| W114 | Input schema nested >3 levels (LLMs struggle with deep nesting) |
| W115 | Single tool consumes >1000 tokens of context |
| W116 | Description doesn't mention what tool returns |
| (overloaded) | >3 action verbs in description (tool does too many things) |
Auto-Fix (--fix)
Generate schema improvement suggestions automatically:
mcp-assert lint --server "npx my-server" --fix
memory-server: 9 tools, 25 findings, 23 auto-fixable
E103 create_entities Add description: "The entities value (array)"
W109 search_nodes Add examples to "query": [search term]
W116 read_graph Append: "Returns the graph data as JSON."
23 fixes generated.Infers descriptions from tool names, formats from param patterns (email, uuid, date-time), examples from common names, and return clauses from verbs. JSON output with --fix --json.
--strict Mode
Promote all warnings to errors for CI gates:
mcp-assert lint --server "..." --strict
# 16 error(s), 0 warning(s)--detect-nondeterminism
Calls each tool 3x with identical inputs, compares output hashes. Flags tools that produce different results across runs.
Tool Dependency Graph
Infers data-flow dependencies between tools by matching parameter names, types, and description tokens. Powers E105 (free text propagation) and E107 (circular dependency). Generic parameters excluded to prevent false positives.
Unified Error Taxonomy
All commands now share a single error code registry. Audit output shows structured codes:
✓ read_query 1ms [E000] responds, returns content
✗ create_table 0ms [E201] internal error: panic: nil pointer...
Scorecard Validation
Tested on 6 servers: memory (92% fix rate), filesystem (72%), sqlite (94%), time (60%), antvis-chart, fetch (75%).
Full Changelog: v0.11.0...v0.12.0