npm - @bryan-thompson/inspector-assessment-cli - Versions diffs - 1.20.2 → 1.20.4 - Mend

@bryan-thompson/inspector-assessment-cli 1.20.2 → 1.20.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/build/assess-full.js +41 -5
package/build/lib/jsonl-events.js +157 -0
package/package.json +1 -1

package/build/assess-full.js CHANGED Viewed

@@ -25,6 +25,7 @@ import { generatePolicyComplianceReport } from "../../client/lib/services/assess
 import { compareAssessments } from "../../client/lib/lib/assessmentDiffer.js";
 import { formatDiffAsMarkdown } from "../../client/lib/lib/reportFormatters/DiffReportFormatter.js";
 import { AssessmentStateManager } from "./assessmentState.js";
+import { emitServerConnected, emitToolDiscovered, emitToolsDiscoveryComplete, emitAssessmentComplete, emitTestBatch, emitVulnerabilityFound, emitAnnotationMissing, emitAnnotationMisaligned, emitAnnotationReviewRecommended, } from "./lib/jsonl-events.js";
 /**
  * Load server configuration from Claude Code's MCP settings
  */
@@ -40,6 +41,19 @@ function loadServerConfig(serverName, configPath) {
         const config = JSON.parse(fs.readFileSync(tryPath, "utf-8"));
         if (config.mcpServers && config.mcpServers[serverName]) {
             const serverConfig = config.mcpServers[serverName];
+            // Check if serverConfig specifies http/sse transport
+            if (serverConfig.url ||
+                serverConfig.transport === "http" ||
+                serverConfig.transport === "sse") {
+                if (!serverConfig.url) {
+                    throw new Error(`Invalid server config: transport is '${serverConfig.transport}' but 'url' is missing`);
+                }
+                return {
+                    transport: serverConfig.transport || "http",
+                    url: serverConfig.url,
+                };
+            }
+            // Default to stdio transport
             return {
                 transport: "stdio",
                 command: serverConfig.command,
@@ -293,18 +307,17 @@ async function runFullAssessment(options) {
         console.log("✅ Server config loaded");
     }
     const client = await connectToServer(serverConfig);
+    emitServerConnected(options.serverName, serverConfig.transport || "stdio");
     if (!options.jsonOnly) {
         console.log("✅ Connected to MCP server");
     }
     const response = await client.listTools();
     const tools = response.tools || [];
-    // Always emit tool discovery events to stderr for audit-worker parsing
-    // Format: TOOL_DISCOVERED:name|description|param1,param2,... (works even with --json flag)
+    // Emit JSONL tool discovery events for audit-worker parsing
     for (const tool of tools) {
-        const description = tool.description || "";
-        const params = Object.keys(tool.inputSchema?.properties || {}).join(",");
-        console.error(`TOOL_DISCOVERED:${tool.name}|${description}|${params}`);
+        emitToolDiscovered(tool);
     }
+    emitToolsDiscoveryComplete(tools.length);
     if (!options.jsonOnly) {
         console.log(`🔧 Found ${tools.length} tool${tools.length !== 1 ? "s" : ""}`);
     }
@@ -483,12 +496,32 @@ async function runFullAssessment(options) {
             })),
         };
     };
+    // Progress callback to emit JSONL events for real-time monitoring
+    const onProgress = (event) => {
+        if (event.type === "test_batch") {
+            emitTestBatch(event.module, event.completed, event.total, event.batchSize, event.elapsed);
+        }
+        else if (event.type === "vulnerability_found") {
+            emitVulnerabilityFound(event.tool, event.pattern, event.confidence, event.evidence, event.riskLevel, event.requiresReview, event.payload);
+        }
+        else if (event.type === "annotation_missing") {
+            emitAnnotationMissing(event.tool, event.title, event.description, event.parameters, event.inferredBehavior);
+        }
+        else if (event.type === "annotation_misaligned") {
+            emitAnnotationMisaligned(event.tool, event.title, event.description, event.parameters, event.field, event.actual, event.expected, event.confidence, event.reason);
+        }
+        else if (event.type === "annotation_review_recommended") {
+            emitAnnotationReviewRecommended(event.tool, event.title, event.description, event.parameters, event.field, event.actual, event.inferred, event.confidence, event.isAmbiguous, event.reason);
+        }
+        // module_started and module_complete are handled by orchestrator directly
+    };
     const context = {
         serverName: options.serverName,
         tools,
         callTool: createCallToolWrapper(client),
         config,
         sourceCodePath: options.sourceCodePath,
+        onProgress,
         ...sourceFiles,
         // New capability assessment data
         resources,
@@ -502,6 +535,9 @@ async function runFullAssessment(options) {
         console.log("");
     }
     const results = await orchestrator.runFullAssessment(context);
+    // Emit assessment complete event
+    const defaultOutputPath = `/tmp/inspector-full-assessment-${options.serverName}.json`;
+    emitAssessmentComplete(results.overallStatus, results.totalTestsRun, results.executionTime, options.outputPath || defaultOutputPath);
     await client.close();
     return results;
 }

package/build/lib/jsonl-events.js ADDED Viewed

@@ -0,0 +1,157 @@
+/**
+ * JSONL Event Emission Helpers for CLI
+ *
+ * These functions emit structured JSONL events to stderr for real-time
+ * machine parsing during CLI assessment runs.
+ *
+ * This is a CLI-local version that imports from the built client lib
+ * to avoid rootDir conflicts in TypeScript compilation.
+ */
+import { INSPECTOR_VERSION } from "../../../client/lib/lib/moduleScoring.js";
+// ============================================================================
+// Core Functions
+// ============================================================================
+/**
+ * Emit a JSONL event to stderr for real-time machine parsing.
+ * Automatically includes version field for compatibility checking.
+ */
+export function emitJSONL(event) {
+    console.error(JSON.stringify({ ...event, version: INSPECTOR_VERSION }));
+}
+/**
+ * Emit server_connected event after successful connection.
+ */
+export function emitServerConnected(serverName, transport) {
+    emitJSONL({ event: "server_connected", serverName, transport });
+}
+/**
+ * Extract parameter metadata from tool input schema.
+ */
+export function extractToolParams(schema) {
+    if (!schema || typeof schema !== "object")
+        return [];
+    const s = schema;
+    if (!s.properties || typeof s.properties !== "object")
+        return [];
+    const required = new Set(Array.isArray(s.required) ? s.required : []);
+    const properties = s.properties;
+    return Object.entries(properties).map(([name, prop]) => {
+        const param = {
+            name,
+            type: prop.type || "any",
+            required: required.has(name),
+        };
+        if (prop.description) {
+            param.description = prop.description;
+        }
+        return param;
+    });
+}
+/**
+ * Emit tool_discovered event for each tool found.
+ */
+export function emitToolDiscovered(tool) {
+    const params = extractToolParams(tool.inputSchema);
+    emitJSONL({
+        event: "tool_discovered",
+        name: tool.name,
+        description: tool.description || null,
+        params,
+    });
+}
+/**
+ * Emit tools_discovery_complete event after all tools discovered.
+ */
+export function emitToolsDiscoveryComplete(count) {
+    emitJSONL({ event: "tools_discovery_complete", count });
+}
+/**
+ * Emit assessment_complete event at the end of assessment.
+ */
+export function emitAssessmentComplete(overallStatus, totalTests, executionTime, outputPath) {
+    emitJSONL({
+        event: "assessment_complete",
+        overallStatus,
+        totalTests,
+        executionTime,
+        outputPath,
+    });
+}
+/**
+ * Emit test_batch event during assessment for real-time progress.
+ */
+export function emitTestBatch(module, completed, total, batchSize, elapsed) {
+    emitJSONL({
+        event: "test_batch",
+        module,
+        completed,
+        total,
+        batchSize,
+        elapsed,
+    });
+}
+/**
+ * Emit vulnerability_found event when security testing detects issues.
+ */
+export function emitVulnerabilityFound(tool, pattern, confidence, evidence, riskLevel, requiresReview, payload) {
+    emitJSONL({
+        event: "vulnerability_found",
+        tool,
+        pattern,
+        confidence,
+        evidence,
+        riskLevel,
+        requiresReview,
+        ...(payload && { payload }),
+    });
+}
+/**
+ * Emit annotation_missing event when a tool lacks required annotations.
+ */
+export function emitAnnotationMissing(tool, title, description, parameters, inferredBehavior) {
+    emitJSONL({
+        event: "annotation_missing",
+        tool,
+        ...(title && { title }),
+        ...(description && { description }),
+        parameters,
+        inferredBehavior,
+    });
+}
+/**
+ * Emit annotation_misaligned event when actual annotations contradict inferred behavior.
+ */
+export function emitAnnotationMisaligned(tool, title, description, parameters, field, actual, expected, confidence, reason) {
+    emitJSONL({
+        event: "annotation_misaligned",
+        tool,
+        ...(title && { title }),
+        ...(description && { description }),
+        parameters,
+        field,
+        actual,
+        expected,
+        confidence,
+        reason,
+    });
+}
+/**
+ * Emit annotation_review_recommended event for ambiguous patterns.
+ * This indicates human review is suggested but no automated penalty applied.
+ * Used for patterns like store_*, queue_*, cache_* where behavior varies.
+ */
+export function emitAnnotationReviewRecommended(tool, title, description, parameters, field, actual, inferred, confidence, isAmbiguous, reason) {
+    emitJSONL({
+        event: "annotation_review_recommended",
+        tool,
+        ...(title && { title }),
+        ...(description && { description }),
+        parameters,
+        field,
+        actual,
+        inferred,
+        confidence,
+        isAmbiguous,
+        reason,
+    });
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-cli",
-  "version": "1.20.2",
+  "version": "1.20.4",
   "description": "CLI for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",