@bryan-thompson/inspector-assessment-cli 1.32.1 → 1.32.3

package/build/lib/assessment-runner/server-config.js

@@ -2,12 +2,15 @@
  * Server Configuration Loading
  *
  * Handles loading MCP server configuration from Claude Code settings.
+ * Uses Zod schemas for runtime validation (Issue #84).
  *
  * @module cli/lib/assessment-runner/server-config
  */
 import * as fs from "fs";
 import * as path from "path";
 import * as os from "os";
+import { ServerEntrySchema, isHttpSseConfig, isStdioConfig, } from "./server-configSchemas.js";
+import { formatZodError } from "../zodErrorFormatter.js";
 /**
  * Load server configuration from Claude Code's MCP settings
  *
@@ -24,55 +27,60 @@ export function loadServerConfig(serverName, configPath) {
     for (const tryPath of possiblePaths) {
         if (!fs.existsSync(tryPath))
             continue;
-        let config;
+        let rawConfig;
         try {
-            config = JSON.parse(fs.readFileSync(tryPath, "utf-8"));
+            rawConfig = JSON.parse(fs.readFileSync(tryPath, "utf-8"));
         }
         catch (e) {
             throw new Error(`Invalid JSON in config file: ${tryPath}\n${e instanceof Error ? e.message : String(e)}`);
         }
-        if (config.mcpServers && config.mcpServers[serverName]) {
-            const serverConfig = config.mcpServers[serverName];
-            // Check if serverConfig specifies http/sse transport
-            if (serverConfig.url ||
-                serverConfig.transport === "http" ||
-                serverConfig.transport === "sse") {
-                if (!serverConfig.url) {
-                    throw new Error(`Invalid server config: transport is '${serverConfig.transport}' but 'url' is missing`);
-                }
-                return {
-                    transport: serverConfig.transport || "http",
-                    url: serverConfig.url,
-                };
+        // Determine which config entry to validate
+        let serverEntry;
+        let configSource;
+        // Check for Claude Desktop format (mcpServers object)
+        if (typeof rawConfig === "object" &&
+            rawConfig !== null &&
+            "mcpServers" in rawConfig &&
+            typeof rawConfig.mcpServers === "object") {
+            const mcpServers = rawConfig
+                .mcpServers;
+            if (mcpServers && serverName in mcpServers) {
+                serverEntry = mcpServers[serverName];
+                configSource = `${tryPath} (mcpServers.${serverName})`;
             }
-            // Default to stdio transport
-            return {
-                transport: "stdio",
-                command: serverConfig.command,
-                args: serverConfig.args || [],
-                env: serverConfig.env || {},
-                cwd: serverConfig.cwd,
-            };
-        }
-        if (config.url ||
-            config.transport === "http" ||
-            config.transport === "sse") {
-            if (!config.url) {
-                throw new Error(`Invalid server config: transport is '${config.transport}' but 'url' is missing`);
+            else {
+                continue; // Server not in this file, try next path
             }
+        }
+        else {
+            // Standalone config format
+            serverEntry = rawConfig;
+            configSource = tryPath;
+        }
+        // Validate server entry with Zod schema
+        const validationResult = ServerEntrySchema.safeParse(serverEntry);
+        if (!validationResult.success) {
+            throw new Error(`Invalid server config in ${configSource}:\n${formatZodError(validationResult.error)}`);
+        }
+        const validatedEntry = validationResult.data;
+        // Convert to ServerConfig using type guards
+        if (isHttpSseConfig(validatedEntry)) {
             return {
-                transport: config.transport || "http",
-                url: config.url,
+                transport: validatedEntry.transport || "http",
+                url: validatedEntry.url,
             };
         }
-        if (config.command) {
+        if (isStdioConfig(validatedEntry)) {
             return {
                 transport: "stdio",
-                command: config.command,
-                args: config.args || [],
-                env: config.env || {},
+                command: validatedEntry.command,
+                args: validatedEntry.args || [],
+                env: validatedEntry.env || {},
+                cwd: validatedEntry.cwd,
             };
         }
+        // This should never happen due to schema validation, but TypeScript needs it
+        throw new Error(`Unable to determine transport type for config: ${configSource}`);
     }
     throw new Error(`Server config not found for: ${serverName}\nTried: ${possiblePaths.join(", ")}`);
 }

package/build/lib/assessment-runner/server-configSchemas.js

@@ -34,7 +34,10 @@ export { TransportTypeSchema };
  */
 export const HttpSseServerConfigSchema = z.object({
     transport: z.enum(["http", "sse"]).optional(),
-    url: z.string().url("url must be a valid URL"),
+    url: z
+        .string()
+        .min(1, "'url' is required for HTTP/SSE transport")
+        .url("url must be a valid URL"),
 });
 /**
  * Schema for stdio transport server configuration.

package/build/lib/jsonl-events.js

@@ -6,6 +6,10 @@
  *
  * This is a CLI-local version that imports from the built client lib
  * to avoid rootDir conflicts in TypeScript compilation.
+ *
+ * NOTE: Phase 7 events (tool_test_complete, validation_summary, phase_started,
+ * phase_complete) are re-exported from scripts/lib/jsonl-events.ts to maintain
+ * a single source of truth. See Issue #88.
  */
 import { INSPECTOR_VERSION, SCHEMA_VERSION, } from "../../../client/lib/lib/moduleScoring.js";
 // Re-export for consumers of this module
@@ -196,3 +200,58 @@ export function emitModulesConfigured(enabled, skipped, reason) {
         reason,
     });
 }
+// ============================================================================
+// Phase 7 Events - Per-Tool Testing & Phase Lifecycle
+// ============================================================================
+/**
+ * Emit tool_test_complete event after all tests for a single tool finish.
+ * Provides per-tool summary for real-time progress in auditor UI.
+ */
+export function emitToolTestComplete(tool, module, scenariosPassed, scenariosExecuted, confidence, status, executionTime) {
+    emitJSONL({
+        event: "tool_test_complete",
+        tool,
+        module,
+        scenariosPassed,
+        scenariosExecuted,
+        confidence,
+        status,
+        executionTime,
+    });
+}
+/**
+ * Emit validation_summary event with per-tool input validation metrics.
+ * Tracks how tools handle invalid inputs (wrong types, missing required, etc.)
+ */
+export function emitValidationSummary(tool, wrongType, missingRequired, extraParams, nullValues, invalidValues) {
+    emitJSONL({
+        event: "validation_summary",
+        tool,
+        wrongType,
+        missingRequired,
+        extraParams,
+        nullValues,
+        invalidValues,
+    });
+}
+/**
+ * Emit phase_started event when an assessment phase begins.
+ * Used for high-level progress tracking (discovery, assessment, analysis).
+ */
+export function emitPhaseStarted(phase) {
+    emitJSONL({
+        event: "phase_started",
+        phase,
+    });
+}
+/**
+ * Emit phase_complete event when an assessment phase finishes.
+ * Includes duration for performance tracking.
+ */
+export function emitPhaseComplete(phase, duration) {
+    emitJSONL({
+        event: "phase_complete",
+        phase,
+        duration,
+    });
+}

package/build/lib/zodErrorFormatter.js

@@ -17,11 +17,42 @@ export function formatZodIssue(issue) {
 }
 /**
  * Format a ZodError into a readable string.
+ * Detects union validation failures and extracts the most specific error messages.
  *
  * @param error - Zod validation error
  * @returns Formatted error messages joined by newlines
  */
 export function formatZodError(error) {
+    // Check if this is a union validation error (code: invalid_union)
+    const unionErrors = error.errors.filter((e) => e.code === "invalid_union");
+    if (unionErrors.length > 0) {
+        // Extract detailed errors from union attempts
+        const detailedErrors = [];
+        for (const unionError of unionErrors) {
+            // Union errors have unionErrors property with detailed failures
+            if ("unionErrors" in unionError &&
+                Array.isArray(unionError.unionErrors)) {
+                for (const subError of unionError.unionErrors) {
+                    // Find the most specific error message (not "Required")
+                    const specificErrors = subError.errors.filter((e) => e.message !== "Required" && e.code !== "invalid_type");
+                    if (specificErrors.length > 0) {
+                        detailedErrors.push(...specificErrors.map(formatZodIssue));
+                    }
+                    else {
+                        // Fallback to any error from this branch
+                        detailedErrors.push(...subError.errors.map(formatZodIssue));
+                    }
+                }
+            }
+        }
+        // If we found detailed errors, use them; otherwise fall back to generic message
+        if (detailedErrors.length > 0) {
+            // Deduplicate errors and return all unique errors
+            const uniqueErrors = Array.from(new Set(detailedErrors));
+            return uniqueErrors.join("\n");
+        }
+    }
+    // Standard formatting for non-union errors
     return error.errors.map(formatZodIssue).join("\n");
 }
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-cli",
-  "version": "1.32.1",
+  "version": "1.32.3",
   "description": "CLI for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",