@bryan-thompson/inspector-assessment-cli 1.22.0 → 1.22.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/assess-full.js +113 -3
- package/build/lib/jsonl-events.js +12 -0
- package/package.json +1 -1
package/build/assess-full.js
CHANGED
|
@@ -25,7 +25,26 @@ import { generatePolicyComplianceReport } from "../../client/lib/services/assess
|
|
|
25
25
|
import { compareAssessments } from "../../client/lib/lib/assessmentDiffer.js";
|
|
26
26
|
import { formatDiffAsMarkdown } from "../../client/lib/lib/reportFormatters/DiffReportFormatter.js";
|
|
27
27
|
import { AssessmentStateManager } from "./assessmentState.js";
|
|
28
|
-
import { emitServerConnected, emitToolDiscovered, emitToolsDiscoveryComplete, emitAssessmentComplete, emitTestBatch, emitVulnerabilityFound, emitAnnotationMissing, emitAnnotationMisaligned, emitAnnotationReviewRecommended, emitAnnotationAligned, } from "./lib/jsonl-events.js";
|
|
28
|
+
import { emitServerConnected, emitToolDiscovered, emitToolsDiscoveryComplete, emitAssessmentComplete, emitTestBatch, emitVulnerabilityFound, emitAnnotationMissing, emitAnnotationMisaligned, emitAnnotationReviewRecommended, emitAnnotationAligned, emitModulesConfigured, } from "./lib/jsonl-events.js";
|
|
29
|
+
// Valid module names derived from ASSESSMENT_CATEGORY_METADATA
|
|
30
|
+
const VALID_MODULE_NAMES = Object.keys(ASSESSMENT_CATEGORY_METADATA);
|
|
31
|
+
/**
|
|
32
|
+
* Validate module names from CLI input
|
|
33
|
+
*/
|
|
34
|
+
function validateModuleNames(input, flagName) {
|
|
35
|
+
const names = input
|
|
36
|
+
.split(",")
|
|
37
|
+
.map((n) => n.trim())
|
|
38
|
+
.filter(Boolean);
|
|
39
|
+
const invalid = names.filter((n) => !VALID_MODULE_NAMES.includes(n));
|
|
40
|
+
if (invalid.length > 0) {
|
|
41
|
+
console.error(`Error: Invalid module name(s) for ${flagName}: ${invalid.join(", ")}`);
|
|
42
|
+
console.error(`Valid modules: ${VALID_MODULE_NAMES.join(", ")}`);
|
|
43
|
+
setTimeout(() => process.exit(1), 10);
|
|
44
|
+
return [];
|
|
45
|
+
}
|
|
46
|
+
return names;
|
|
47
|
+
}
|
|
29
48
|
/**
|
|
30
49
|
* Load server configuration from Claude Code's MCP settings
|
|
31
50
|
*/
|
|
@@ -317,7 +336,8 @@ function buildConfig(options) {
|
|
|
317
336
|
enableSourceCodeAnalysis: !!options.sourceCodePath,
|
|
318
337
|
};
|
|
319
338
|
if (options.fullAssessment !== false) {
|
|
320
|
-
|
|
339
|
+
// Start with all modules enabled by default
|
|
340
|
+
const allModules = {
|
|
321
341
|
functionality: true,
|
|
322
342
|
security: true,
|
|
323
343
|
documentation: true,
|
|
@@ -335,7 +355,25 @@ function buildConfig(options) {
|
|
|
335
355
|
resources: true,
|
|
336
356
|
prompts: true,
|
|
337
357
|
crossCapability: true,
|
|
358
|
+
authentication: true,
|
|
338
359
|
};
|
|
360
|
+
// Apply --only-modules filter (whitelist mode)
|
|
361
|
+
if (options.onlyModules?.length) {
|
|
362
|
+
for (const key of Object.keys(allModules)) {
|
|
363
|
+
// Disable all modules except those in the whitelist
|
|
364
|
+
allModules[key] = options.onlyModules.includes(key);
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
// Apply --skip-modules filter (blacklist mode)
|
|
368
|
+
if (options.skipModules?.length) {
|
|
369
|
+
for (const module of options.skipModules) {
|
|
370
|
+
if (module in allModules) {
|
|
371
|
+
allModules[module] = false;
|
|
372
|
+
}
|
|
373
|
+
}
|
|
374
|
+
}
|
|
375
|
+
config.assessmentCategories =
|
|
376
|
+
allModules;
|
|
339
377
|
}
|
|
340
378
|
// Temporal/rug pull detection configuration
|
|
341
379
|
if (options.temporalInvocations) {
|
|
@@ -519,6 +557,25 @@ async function runFullAssessment(options) {
|
|
|
519
557
|
return {};
|
|
520
558
|
}
|
|
521
559
|
const config = buildConfig(options);
|
|
560
|
+
// Emit modules_configured event for consumer progress tracking
|
|
561
|
+
if (config.assessmentCategories) {
|
|
562
|
+
const enabled = [];
|
|
563
|
+
const skipped = [];
|
|
564
|
+
for (const [key, value] of Object.entries(config.assessmentCategories)) {
|
|
565
|
+
if (value) {
|
|
566
|
+
enabled.push(key);
|
|
567
|
+
}
|
|
568
|
+
else {
|
|
569
|
+
skipped.push(key);
|
|
570
|
+
}
|
|
571
|
+
}
|
|
572
|
+
const reason = options.onlyModules?.length
|
|
573
|
+
? "only-modules"
|
|
574
|
+
: options.skipModules?.length
|
|
575
|
+
? "skip-modules"
|
|
576
|
+
: "default";
|
|
577
|
+
emitModulesConfigured(enabled, skipped, reason);
|
|
578
|
+
}
|
|
522
579
|
const orchestrator = new AssessmentOrchestrator(config);
|
|
523
580
|
if (!options.jsonOnly) {
|
|
524
581
|
if (orchestrator.isClaudeEnabled()) {
|
|
@@ -825,6 +882,36 @@ function parseArgs() {
|
|
|
825
882
|
case "--skip-temporal":
|
|
826
883
|
options.skipTemporal = true;
|
|
827
884
|
break;
|
|
885
|
+
case "--skip-modules": {
|
|
886
|
+
const skipValue = args[++i];
|
|
887
|
+
if (!skipValue) {
|
|
888
|
+
console.error("Error: --skip-modules requires a comma-separated list");
|
|
889
|
+
setTimeout(() => process.exit(1), 10);
|
|
890
|
+
options.helpRequested = true;
|
|
891
|
+
return options;
|
|
892
|
+
}
|
|
893
|
+
options.skipModules = validateModuleNames(skipValue, "--skip-modules");
|
|
894
|
+
if (options.skipModules.length === 0 && skipValue) {
|
|
895
|
+
options.helpRequested = true;
|
|
896
|
+
return options;
|
|
897
|
+
}
|
|
898
|
+
break;
|
|
899
|
+
}
|
|
900
|
+
case "--only-modules": {
|
|
901
|
+
const onlyValue = args[++i];
|
|
902
|
+
if (!onlyValue) {
|
|
903
|
+
console.error("Error: --only-modules requires a comma-separated list");
|
|
904
|
+
setTimeout(() => process.exit(1), 10);
|
|
905
|
+
options.helpRequested = true;
|
|
906
|
+
return options;
|
|
907
|
+
}
|
|
908
|
+
options.onlyModules = validateModuleNames(onlyValue, "--only-modules");
|
|
909
|
+
if (options.onlyModules.length === 0 && onlyValue) {
|
|
910
|
+
options.helpRequested = true;
|
|
911
|
+
return options;
|
|
912
|
+
}
|
|
913
|
+
break;
|
|
914
|
+
}
|
|
828
915
|
case "--help":
|
|
829
916
|
case "-h":
|
|
830
917
|
printHelp();
|
|
@@ -845,6 +932,13 @@ function parseArgs() {
|
|
|
845
932
|
}
|
|
846
933
|
}
|
|
847
934
|
}
|
|
935
|
+
// Validate mutual exclusivity of --skip-modules and --only-modules
|
|
936
|
+
if (options.skipModules?.length && options.onlyModules?.length) {
|
|
937
|
+
console.error("Error: --skip-modules and --only-modules are mutually exclusive");
|
|
938
|
+
setTimeout(() => process.exit(1), 10);
|
|
939
|
+
options.helpRequested = true;
|
|
940
|
+
return options;
|
|
941
|
+
}
|
|
848
942
|
if (!options.serverName) {
|
|
849
943
|
console.error("Error: --server is required");
|
|
850
944
|
printHelp();
|
|
@@ -880,11 +974,23 @@ Options:
|
|
|
880
974
|
--full Enable all assessment modules (default)
|
|
881
975
|
--temporal-invocations <n> Number of invocations per tool for rug pull detection (default: 25)
|
|
882
976
|
--skip-temporal Skip temporal/rug pull testing (faster assessment)
|
|
977
|
+
--skip-modules <list> Skip specific modules (comma-separated)
|
|
978
|
+
--only-modules <list> Run only specific modules (comma-separated)
|
|
883
979
|
--json Output only JSON path (no console summary)
|
|
884
980
|
--verbose, -v Enable verbose logging
|
|
885
981
|
--help, -h Show this help message
|
|
886
982
|
|
|
887
|
-
|
|
983
|
+
Module Selection:
|
|
984
|
+
--skip-modules and --only-modules are mutually exclusive.
|
|
985
|
+
Use --skip-modules for faster runs by disabling expensive modules.
|
|
986
|
+
Use --only-modules to focus on specific areas (e.g., tool annotation PRs).
|
|
987
|
+
|
|
988
|
+
Valid module names:
|
|
989
|
+
functionality, security, documentation, errorHandling, usability,
|
|
990
|
+
mcpSpecCompliance, aupCompliance, toolAnnotations, prohibitedLibraries,
|
|
991
|
+
manifestValidation, portability, temporal, resources, prompts, crossCapability
|
|
992
|
+
|
|
993
|
+
Assessment Modules (16 total):
|
|
888
994
|
• Functionality - Tests all tools work correctly
|
|
889
995
|
• Security - Prompt injection & vulnerability testing
|
|
890
996
|
• Documentation - README completeness checks
|
|
@@ -905,6 +1011,10 @@ Examples:
|
|
|
905
1011
|
mcp-assess-full --server my-server --format markdown --include-policy
|
|
906
1012
|
mcp-assess-full --server my-server --compare ./baseline.json
|
|
907
1013
|
mcp-assess-full --server my-server --compare ./baseline.json --diff-only --format markdown
|
|
1014
|
+
|
|
1015
|
+
# Module selection examples:
|
|
1016
|
+
mcp-assess-full my-server --skip-modules security,aupCompliance # Fast CI run
|
|
1017
|
+
mcp-assess-full my-server --only-modules functionality,toolAnnotations # Annotation PR review
|
|
908
1018
|
`);
|
|
909
1019
|
}
|
|
910
1020
|
/**
|
|
@@ -178,3 +178,15 @@ export function emitAnnotationAligned(tool, confidence, annotations) {
|
|
|
178
178
|
annotations,
|
|
179
179
|
});
|
|
180
180
|
}
|
|
181
|
+
/**
|
|
182
|
+
* Emit modules_configured event to inform consumers which modules are enabled.
|
|
183
|
+
* Useful for accurate progress tracking when using --skip-modules or --only-modules.
|
|
184
|
+
*/
|
|
185
|
+
export function emitModulesConfigured(enabled, skipped, reason) {
|
|
186
|
+
emitJSONL({
|
|
187
|
+
event: "modules_configured",
|
|
188
|
+
enabled,
|
|
189
|
+
skipped,
|
|
190
|
+
reason,
|
|
191
|
+
});
|
|
192
|
+
}
|
package/package.json
CHANGED