@bryan-thompson/inspector-assessment-cli 1.43.3 ā 1.43.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/lib/cli-parser.js +14 -1
- package/build/lib/cli-parserSchemas.js +1 -0
- package/build/lib/result-output.js +21 -0
- package/build/profiles.js +20 -0
- package/package.json +1 -1
package/build/lib/cli-parser.js
CHANGED
|
@@ -316,6 +316,11 @@ export function parseArgs(argv) {
|
|
|
316
316
|
// Issue #137: Stage B enrichment for Claude semantic analysis
|
|
317
317
|
options.stageBVerbose = true;
|
|
318
318
|
break;
|
|
319
|
+
case "--audit-mode":
|
|
320
|
+
// Reduced false positives for automated MCP auditing
|
|
321
|
+
options.auditMode = true;
|
|
322
|
+
options.profile = "audit";
|
|
323
|
+
break;
|
|
319
324
|
case "--static-only":
|
|
320
325
|
// Issue #213: Static-only assessment without server connection
|
|
321
326
|
options.staticOnly = true;
|
|
@@ -417,6 +422,13 @@ export function parseArgs(argv) {
|
|
|
417
422
|
options.helpRequested = true;
|
|
418
423
|
return options;
|
|
419
424
|
}
|
|
425
|
+
// Validate mutual exclusivity of --audit-mode with --profile (audit-mode sets profile internally)
|
|
426
|
+
if (options.auditMode && options.profile && options.profile !== "audit") {
|
|
427
|
+
console.error("Error: --audit-mode cannot be used with --profile (audit mode sets its own profile)");
|
|
428
|
+
setTimeout(() => process.exit(1), 10);
|
|
429
|
+
options.helpRequested = true;
|
|
430
|
+
return options;
|
|
431
|
+
}
|
|
420
432
|
// Validate mutual exclusivity of --module with orchestrator options (Issue #184)
|
|
421
433
|
if (options.singleModule &&
|
|
422
434
|
(options.skipModules?.length ||
|
|
@@ -547,7 +559,8 @@ Options:
|
|
|
547
559
|
--claude-http Enable Claude Code via HTTP transport (connects to mcp-auditor proxy)
|
|
548
560
|
--mcp-auditor-url <url> mcp-auditor URL for HTTP transport (default: http://localhost:8085)
|
|
549
561
|
--full Enable all assessment modules (default)
|
|
550
|
-
--
|
|
562
|
+
--audit-mode Reduced false positives for automated MCP auditing (sets --profile audit)
|
|
563
|
+
--profile <name> Use predefined module profile (quick, security, compliance, full, dev, audit)
|
|
551
564
|
--temporal-invocations <n> Number of invocations per tool for rug pull detection (default: 3)
|
|
552
565
|
--skip-temporal Skip temporal/rug pull testing (faster assessment)
|
|
553
566
|
--conformance Enable official MCP conformance tests (experimental, requires HTTP/SSE transport)
|
|
@@ -303,6 +303,27 @@ export function displaySummary(results) {
|
|
|
303
303
|
console.log(` ā¢ ${rec}`);
|
|
304
304
|
}
|
|
305
305
|
}
|
|
306
|
+
// Audit mode summary
|
|
307
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
308
|
+
const auditAnalysis = security?.auditAnalysis;
|
|
309
|
+
if (auditAnalysis) {
|
|
310
|
+
console.log("\nš AUDIT ANALYSIS (reduced false positives):");
|
|
311
|
+
if (auditAnalysis.highConfidenceVulnerabilities?.length > 0) {
|
|
312
|
+
console.log(` šØ High-confidence vulnerabilities: ${auditAnalysis.highConfidenceVulnerabilities.length}`);
|
|
313
|
+
for (const vuln of auditAnalysis.highConfidenceVulnerabilities.slice(0, 5)) {
|
|
314
|
+
console.log(` ā¢ ${vuln}`);
|
|
315
|
+
}
|
|
316
|
+
}
|
|
317
|
+
else {
|
|
318
|
+
console.log(" ā
No high-confidence vulnerabilities detected");
|
|
319
|
+
}
|
|
320
|
+
if (auditAnalysis.needsReview?.length > 0) {
|
|
321
|
+
console.log(` ā ļø Needs manual review: ${auditAnalysis.needsReview.length}`);
|
|
322
|
+
for (const item of auditAnalysis.needsReview.slice(0, 3)) {
|
|
323
|
+
console.log(` ā¢ ${item}`);
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
}
|
|
306
327
|
console.log("\n" + "=".repeat(70));
|
|
307
328
|
}
|
|
308
329
|
// ============================================================================
|
package/build/profiles.js
CHANGED
|
@@ -160,6 +160,20 @@ export const ASSESSMENT_PROFILES = {
|
|
|
160
160
|
* Includes: Tier 1-4 + opt-in (prohibitedLibraries, manifestValidation, etc.)
|
|
161
161
|
*/
|
|
162
162
|
all: [...ALL_MODULES],
|
|
163
|
+
/**
|
|
164
|
+
* Audit profile: Optimized for automated MCP auditing with reduced false positives
|
|
165
|
+
* Use when: --audit-mode flag, CI/CD pipeline audits
|
|
166
|
+
* Time: ~8-12 minutes
|
|
167
|
+
* Includes: Core security + compliance + capability + tool annotations
|
|
168
|
+
*/
|
|
169
|
+
audit: [
|
|
170
|
+
"functionality",
|
|
171
|
+
"security",
|
|
172
|
+
"errorHandling",
|
|
173
|
+
"protocolCompliance",
|
|
174
|
+
"aupCompliance",
|
|
175
|
+
"toolAnnotations",
|
|
176
|
+
],
|
|
163
177
|
};
|
|
164
178
|
export const PROFILE_METADATA = {
|
|
165
179
|
quick: {
|
|
@@ -214,6 +228,12 @@ export const PROFILE_METADATA = {
|
|
|
214
228
|
"Opt-In",
|
|
215
229
|
],
|
|
216
230
|
},
|
|
231
|
+
audit: {
|
|
232
|
+
description: "Automated MCP auditing with reduced false positives (--audit-mode)",
|
|
233
|
+
estimatedTime: "~8-12 minutes",
|
|
234
|
+
moduleCount: ASSESSMENT_PROFILES.audit.length,
|
|
235
|
+
tiers: ["Tier 1 (Core Security)", "Tier 2 (Compliance, partial)"],
|
|
236
|
+
},
|
|
217
237
|
};
|
|
218
238
|
/**
|
|
219
239
|
* Resolve module names, applying aliases for deprecated names.
|
package/package.json
CHANGED