@bryan-thompson/inspector-assessment-client 1.10.1 → 1.11.1

package/dist/assets/{index-BQQRMUvH.js → index-kJ0jPd4m.js}

@@ -16320,7 +16320,7 @@ object({
   token_type_hint: string().optional()
 }).strip();
 const name = "@bryan-thompson/inspector-assessment-client";
-const version$1 = "1.10.0";
+const version$1 = "1.11.1";
 const packageJson = {
   name,
   version: version$1
@@ -48863,7 +48863,7 @@ const useTheme = () => {
     [theme, setThemeWithSideEffect]
   );
 };
-const version = "1.10.0";
+const version = "1.11.1";
 var [createTooltipContext] = createContextScope("Tooltip", [
   createPopperScope
 ]);
@@ -53608,7 +53608,1065 @@ class ResponseValidator {
     return totalWeight > 0 ? weightedSum / totalWeight * 100 : 0;
   }
 }
+var ToolCategory = /* @__PURE__ */ ((ToolCategory2) => {
+  ToolCategory2["CALCULATOR"] = "calculator";
+  ToolCategory2["SYSTEM_EXEC"] = "system_exec";
+  ToolCategory2["DATA_ACCESS"] = "data_access";
+  ToolCategory2["TOOL_OVERRIDE"] = "tool_override";
+  ToolCategory2["CONFIG_MODIFIER"] = "config_modifier";
+  ToolCategory2["URL_FETCHER"] = "fetcher";
+  ToolCategory2["UNICODE_PROCESSOR"] = "unicode";
+  ToolCategory2["JSON_PARSER"] = "parser";
+  ToolCategory2["PACKAGE_INSTALLER"] = "installer";
+  ToolCategory2["RUG_PULL"] = "rug_pull";
+  ToolCategory2["SAFE_STORAGE"] = "safe_storage";
+  ToolCategory2["API_WRAPPER"] = "api_wrapper";
+  ToolCategory2["SEARCH_RETRIEVAL"] = "search_retrieval";
+  ToolCategory2["CRUD_CREATION"] = "crud_creation";
+  ToolCategory2["READ_ONLY_INFO"] = "read_only_info";
+  ToolCategory2["GENERIC"] = "generic";
+  return ToolCategory2;
+})(ToolCategory || {});
+class ToolClassifier {
+  /**
+   * Classify a tool into one or more categories
+   * Returns multiple categories if tool matches multiple patterns
+   */
+  classify(toolName, description2) {
+    const categories = [];
+    const confidenceScores = [];
+    const reasons = [];
+    const toolText = `${toolName} ${description2 || ""}`.toLowerCase();
+    if (this.matchesPattern(toolText, [
+      /calculator/i,
+      /compute/i,
+      /math/i,
+      /calc/i,
+      /eval/i,
+      /arithmetic/i,
+      /expression/i
+    ])) {
+      categories.push(
+        "calculator"
+        /* CALCULATOR */
+      );
+      confidenceScores.push(90);
+      reasons.push("Calculator pattern detected (arithmetic execution risk)");
+    }
+    if (this.matchesPattern(toolText, [
+      /system.*exec/i,
+      /exec.*tool/i,
+      /command/i,
+      /shell/i,
+      /\brun\b/i,
+      /execute/i,
+      /process/i
+    ])) {
+      categories.push(
+        "system_exec"
+        /* SYSTEM_EXEC */
+      );
+      confidenceScores.push(95);
+      reasons.push(
+        "System execution pattern detected (command injection risk)"
+      );
+    }
+    if (this.matchesPattern(toolText, [
+      /leak/i,
+      /\bdata\b/i,
+      /show/i,
+      /\bget\b/i,
+      /\blist\b/i,
+      /display/i,
+      /\benv/i,
+      /secret/i,
+      /\bkey\b/i,
+      /credential/i,
+      /exfiltrat/i
+    ])) {
+      categories.push(
+        "data_access"
+        /* DATA_ACCESS */
+      );
+      confidenceScores.push(85);
+      reasons.push("Data access pattern detected (data exfiltration risk)");
+    }
+    if (this.matchesPattern(toolText, [
+      /override/i,
+      /shadow/i,
+      /poison/i,
+      /create.*tool/i,
+      /register.*tool/i,
+      /define.*tool/i,
+      /tool.*creator/i,
+      /add.*tool/i
+    ])) {
+      categories.push(
+        "tool_override"
+        /* TOOL_OVERRIDE */
+      );
+      confidenceScores.push(92);
+      reasons.push("Tool override pattern detected (shadowing/poisoning risk)");
+    }
+    if (this.matchesPattern(toolText, [
+      /config/i,
+      /setting/i,
+      /modifier/i,
+      /\badmin\b/i,
+      /privilege/i,
+      /permission/i,
+      /configure/i,
+      /drift/i
+    ])) {
+      categories.push(
+        "config_modifier"
+        /* CONFIG_MODIFIER */
+      );
+      confidenceScores.push(88);
+      reasons.push(
+        "Config modification pattern detected (configuration drift risk)"
+      );
+    }
+    if (this.matchesPattern(toolText, [
+      /fetch/i,
+      /\burl\b/i,
+      /http/i,
+      /download/i,
+      /load/i,
+      /retrieve/i,
+      /\bget\b.*url/i,
+      /external/i
+    ])) {
+      categories.push(
+        "fetcher"
+        /* URL_FETCHER */
+      );
+      confidenceScores.push(87);
+      reasons.push(
+        "URL fetcher pattern detected (indirect prompt injection risk)"
+      );
+    }
+    if (this.matchesPattern(toolText, [
+      /unicode/i,
+      /encode/i,
+      /decode/i,
+      /charset/i,
+      /utf/i,
+      /hex/i,
+      /escape/i
+    ])) {
+      categories.push(
+        "unicode"
+        /* UNICODE_PROCESSOR */
+      );
+      confidenceScores.push(75);
+      reasons.push("Unicode processor pattern detected (bypass encoding risk)");
+    }
+    if (this.matchesPattern(toolText, [
+      /parser/i,
+      /parse/i,
+      /json/i,
+      /xml/i,
+      /yaml/i,
+      /nested/i,
+      /deserialize/i,
+      /unmarshal/i
+    ])) {
+      categories.push(
+        "parser"
+        /* JSON_PARSER */
+      );
+      confidenceScores.push(78);
+      reasons.push(
+        "JSON/nested parser pattern detected (nested injection risk)"
+      );
+    }
+    if (this.matchesPattern(toolText, [
+      /install/i,
+      /package/i,
+      /\bnpm\b/i,
+      /\bpip\b/i,
+      /dependency/i,
+      /module/i,
+      /library/i,
+      /\bgem\b/i
+    ])) {
+      categories.push(
+        "installer"
+        /* PACKAGE_INSTALLER */
+      );
+      confidenceScores.push(70);
+      reasons.push("Package installer pattern detected (typosquatting risk)");
+    }
+    if (this.matchesPattern(toolText, [
+      /rug.*pull/i,
+      /trust/i,
+      /behavior.*change/i,
+      /malicious.*after/i,
+      /invocation.*count/i
+    ])) {
+      categories.push(
+        "rug_pull"
+        /* RUG_PULL */
+      );
+      confidenceScores.push(80);
+      reasons.push("Rug pull pattern detected (behavioral change risk)");
+    }
+    if (this.matchesPattern(toolText, [
+      /firecrawl/i,
+      /\bscrape\b/i,
+      /\bcrawl\b/i,
+      /web.*scraping/i,
+      /api.*wrapper/i,
+      /http.*client/i,
+      /web.*client/i,
+      /rest.*client/i,
+      /graphql.*client/i,
+      /fetch.*web.*content/i
+    ])) {
+      categories.push(
+        "api_wrapper"
+        /* API_WRAPPER */
+      );
+      confidenceScores.push(95);
+      reasons.push(
+        "API wrapper pattern detected (safe data passing, not code execution)"
+      );
+    }
+    if (this.matchesPattern(toolText, [
+      /\bsearch\b/i,
+      /\bfind\b/i,
+      /\blookup\b/i,
+      /\bquery\b/i,
+      /retrieve/i,
+      /\blist\b/i,
+      /get.*users/i,
+      /get.*pages/i,
+      /get.*database/i
+    ])) {
+      categories.push(
+        "search_retrieval"
+        /* SEARCH_RETRIEVAL */
+      );
+      confidenceScores.push(93);
+      reasons.push(
+        "Search/retrieval pattern detected (returns data, not code execution)"
+      );
+    }
+    if (this.matchesPattern(toolText, [
+      /\bcreate\b/i,
+      /\badd\b/i,
+      /\binsert\b/i,
+      /\bupdate\b/i,
+      /\bmodify\b/i,
+      /\bdelete\b/i,
+      /\bduplicate\b/i,
+      /\bmove\b/i,
+      /\bappend\b/i
+    ])) {
+      categories.push(
+        "crud_creation"
+        /* CRUD_CREATION */
+      );
+      confidenceScores.push(92);
+      reasons.push(
+        "CRUD operation pattern detected (data manipulation, not code execution)"
+      );
+    }
+    if (this.matchesPattern(toolText, [
+      /get.*self/i,
+      /get.*teams/i,
+      /get.*info/i,
+      /get.*status/i,
+      /\bwhoami\b/i,
+      /get.*workspace/i,
+      /get.*user/i,
+      /current.*user/i
+    ])) {
+      categories.push(
+        "read_only_info"
+        /* READ_ONLY_INFO */
+      );
+      confidenceScores.push(94);
+      reasons.push(
+        "Read-only info pattern detected (intended data exposure, not vulnerability)"
+      );
+    }
+    if (this.matchesPattern(toolText, [
+      /safe.*storage/i,
+      /safe.*search/i,
+      /safe.*list/i,
+      /safe.*info/i,
+      /safe.*echo/i,
+      /safe.*validate/i,
+      /safe.*tool/i
+    ])) {
+      categories.push(
+        "safe_storage"
+        /* SAFE_STORAGE */
+      );
+      confidenceScores.push(99);
+      reasons.push(
+        "Safe tool pattern detected (control group - should be safe)"
+      );
+    }
+    if (categories.length === 0) {
+      categories.push(
+        "generic"
+        /* GENERIC */
+      );
+      confidenceScores.push(50);
+      reasons.push("No specific pattern match, using generic tests");
+    }
+    const avgConfidence = confidenceScores.reduce((a, b) => a + b, 0) / confidenceScores.length;
+    return {
+      toolName,
+      categories,
+      confidence: Math.round(avgConfidence),
+      reasoning: reasons.join("; ")
+    };
+  }
+  /**
+   * Check if text matches any of the provided patterns
+   */
+  matchesPattern(text, patterns) {
+    return patterns.some((pattern2) => pattern2.test(text));
+  }
+  /**
+   * Get all tool categories (for testing/debugging)
+   */
+  static getAllCategories() {
+    return Object.values(ToolCategory);
+  }
+  /**
+   * Get risk level for a category
+   */
+  static getRiskLevel(category) {
+    const highRiskCategories = [
+      "calculator",
+      "system_exec",
+      "data_access",
+      "tool_override",
+      "config_modifier",
+      "fetcher"
+      /* URL_FETCHER */
+    ];
+    const mediumRiskCategories = [
+      "unicode",
+      "parser",
+      "installer",
+      "rug_pull"
+      /* RUG_PULL */
+    ];
+    const lowRiskCategories = [
+      "api_wrapper",
+      "search_retrieval",
+      "crud_creation",
+      "read_only_info",
+      "safe_storage",
+      "generic"
+      /* GENERIC */
+    ];
+    if (highRiskCategories.includes(category)) return "HIGH";
+    if (mediumRiskCategories.includes(category)) return "MEDIUM";
+    if (lowRiskCategories.includes(category)) return "LOW";
+    return "LOW";
+  }
+  /**
+   * Classify multiple tools at once
+   */
+  classifyBatch(tools) {
+    return tools.map((tool) => this.classify(tool.name, tool.description));
+  }
+}
+class TestDataGenerator {
+  // Optional Claude Code bridge for intelligent test generation
+  static claudeBridge = null;
+  /**
+   * Set the Claude Code bridge for intelligent test generation
+   * Call this once during initialization if Claude integration is enabled
+   */
+  static setClaudeBridge(bridge) {
+    this.claudeBridge = bridge;
+  }
+  /**
+   * Check if Claude Code integration is available and enabled
+   */
+  static isClaudeEnabled() {
+    return this.claudeBridge !== null && this.claudeBridge.isFeatureEnabled("intelligentTestGeneration");
+  }
+  // Realistic data pools for different types - using values that are more likely to exist
+  static REALISTIC_DATA = {
+    urls: [
+      "https://www.google.com",
+      // Public, always accessible
+      "https://api.github.com/users/octocat",
+      // Public API endpoint that exists
+      "https://jsonplaceholder.typicode.com/posts/1",
+      // Test API that always works
+      "https://httpbin.org/get",
+      // HTTP testing service
+      "https://example.com",
+      // RFC 2606 reserved domain for examples
+      "https://www.wikipedia.org",
+      // Public, stable site
+      "https://api.openweathermap.org/data/2.5/weather?q=London"
+      // Public API
+    ],
+    emails: [
+      "admin@example.com",
+      // Common admin email
+      "support@example.com",
+      // Common support email
+      "info@example.com",
+      // Common info email
+      "test@test.com",
+      // Generic test email
+      "user@domain.com",
+      // Generic user email
+      "noreply@example.com",
+      // Common no-reply format
+      "hello@world.com"
+      // Simple, memorable
+    ],
+    names: [
+      "Default",
+      // Common default name
+      "Admin",
+      // Common admin user
+      "Test User",
+      // Clear test user
+      "Sample Item",
+      // Generic sample
+      "Example Project",
+      // Clear example
+      "Demo Application",
+      // Common demo name
+      "Main"
+      // Common main/primary name
+    ],
+    ids: [
+      "1",
+      // Simple numeric ID that often exists
+      "123",
+      // Common test ID
+      "550e8400-e29b-41d4-a716-446655440000",
+      // Valid UUID v4 (replaces "test")
+      "default",
+      // Common default ID
+      "main",
+      // Common main ID
+      "264051cd-48ab-80ff-864e-d1aa9bc41429",
+      // Valid UUID from realistic data
+      "00000000-0000-0000-0000-000000000000",
+      // Nil UUID (often used as placeholder)
+      "admin",
+      // Common admin ID
+      "user1"
+      // Common user ID pattern
+    ],
+    paths: [
+      "/tmp/test.txt",
+      // Common temp file path (usually writable)
+      "/home",
+      // Common home directory
+      "./README.md",
+      // Often exists in projects
+      "./package.json",
+      // Common in Node projects
+      "./src",
+      // Common source directory
+      "./test",
+      // Common test directory
+      "./config",
+      // Common config directory
+      "/var/log",
+      // Common log directory (readable)
+      "/etc"
+      // Common config directory (readable)
+    ],
+    queries: [
+      "test",
+      // Simple search term
+      "hello",
+      // Common greeting
+      "*",
+      // Wildcard that matches everything
+      "name",
+      // Common field name
+      "id:1",
+      // Common ID search
+      "status:active",
+      // Common status filter
+      "type:user",
+      // Common type filter
+      "limit:10",
+      // Common pagination
+      '{"match_all": {}}'
+      // Elasticsearch match all
+    ],
+    numbers: [0, 1, 10, 100, 1e3, 5, 50, 200, 404, 500],
+    booleans: [true, false],
+    jsonObjects: [
+      { message: "Hello World" },
+      // Simple message object
+      { status: "ok", code: 200 },
+      // Common status response
+      { data: [], total: 0 },
+      // Empty result set
+      { id: 1, name: "Test" },
+      // Simple entity
+      { success: true },
+      // Common success response
+      { error: false },
+      // Common no-error response
+      { results: [] },
+      // Common empty results
+      {}
+      // Empty object (often valid)
+    ],
+    arrays: [
+      [],
+      // Empty array (often valid)
+      [1],
+      // Single item
+      ["a", "b", "c"],
+      // Simple string array
+      [1, 2, 3],
+      // Simple number array
+      [{ id: 1 }, { id: 2 }],
+      // Simple object array
+      ["test"],
+      // Single test item
+      [true, false]
+      // Boolean array
+    ],
+    timestamps: [
+      (/* @__PURE__ */ new Date()).toISOString(),
+      // Current time (always valid)
+      new Date(Date.now() - 864e5).toISOString(),
+      // Yesterday
+      new Date(Date.now() + 864e5).toISOString(),
+      // Tomorrow
+      "2024-01-01T00:00:00Z",
+      // New Year 2024
+      "2023-12-31T23:59:59Z",
+      // End of 2023
+      (/* @__PURE__ */ new Date(0)).toISOString(),
+      // Unix epoch
+      "2024-06-15T12:00:00Z"
+      // Midday mid-year
+    ]
+  };
+  /**
+   * Generate multiple test scenarios for a tool
+   * Uses Claude Code if available for intelligent generation,
+   * otherwise falls back to schema-based generation.
+   */
+  static generateTestScenarios(tool) {
+    const scenarios = [];
+    scenarios.push(this.generateHappyPathScenario(tool));
+    const edgeCases = this.generateEdgeCaseScenarios(tool);
+    scenarios.push(...edgeCases);
+    const boundaryScenarios = this.generateBoundaryScenarios(tool);
+    scenarios.push(...boundaryScenarios);
+    scenarios.push(this.generateErrorScenario(tool));
+    return scenarios;
+  }
+  /**
+   * Generate test scenarios with optional Claude enhancement
+   * This async version tries Claude first if enabled, then falls back to schema-based.
+   */
+  static async generateTestScenariosAsync(tool) {
+    if (this.isClaudeEnabled() && this.claudeBridge) {
+      try {
+        const claudeParams = await this.claudeBridge.generateTestParameters(tool);
+        if (claudeParams && claudeParams.length > 0) {
+          console.log(
+            `[TestDataGenerator] Using Claude-generated params for ${tool.name}`
+          );
+          const claudeScenarios = claudeParams.map(
+            (params, index2) => ({
+              name: this.getClaudeScenarioName(index2),
+              description: `Claude-generated test case ${index2 + 1} for ${tool.name}`,
+              params,
+              expectedBehavior: "Should execute successfully with valid response",
+              category: this.getClaudeScenarioCategory(index2),
+              source: "claude-generated"
+            })
+          );
+          claudeScenarios.push({
+            ...this.generateErrorScenario(tool),
+            source: "schema-based"
+          });
+          return claudeScenarios;
+        }
+      } catch (error) {
+        console.warn(
+          `[TestDataGenerator] Claude generation failed for ${tool.name}, falling back to schema-based:`,
+          error
+        );
+      }
+    }
+    return this.generateTestScenarios(tool).map((scenario) => ({
+      ...scenario,
+      source: "schema-based"
+    }));
+  }
+  /**
+   * Get scenario name based on index for Claude-generated scenarios
+   */
+  static getClaudeScenarioName(index2) {
+    const names2 = [
+      "Happy Path - Typical Usage",
+      "Edge Case - Boundary Values",
+      "Minimal Input - Required Fields Only",
+      "Comprehensive - All Fields Populated",
+      "Variant - Alternative Valid Input"
+    ];
+    return names2[index2] || `Test Case ${index2 + 1}`;
+  }
+  /**
+   * Get scenario category based on index for Claude-generated scenarios
+   */
+  static getClaudeScenarioCategory(index2) {
+    const categories = [
+      "happy_path",
+      "edge_case",
+      "boundary",
+      "happy_path",
+      "edge_case"
+    ];
+    return categories[index2] || "happy_path";
+  }
+  /**
+   * Generate a happy path scenario with realistic data
+   */
+  static generateHappyPathScenario(tool) {
+    const params = this.generateRealisticParams(tool, "typical");
+    return {
+      name: "Happy Path - Typical Usage",
+      description: `Test ${tool.name} with typical, valid inputs`,
+      params,
+      expectedBehavior: "Should execute successfully and return valid response",
+      category: "happy_path"
+    };
+  }
+  /**
+   * Generate edge case scenarios
+   */
+  static generateEdgeCaseScenarios(tool) {
+    const scenarios = [];
+    const emptyParams = this.generateRealisticParams(tool, "empty");
+    if (Object.keys(emptyParams).length > 0) {
+      scenarios.push({
+        name: "Edge Case - Empty Values",
+        description: "Test with empty but valid values",
+        params: emptyParams,
+        expectedBehavior: "Should handle empty values gracefully",
+        category: "edge_case"
+      });
+    }
+    const maxParams = this.generateRealisticParams(tool, "maximum");
+    scenarios.push({
+      name: "Edge Case - Maximum Values",
+      description: "Test with maximum/large values",
+      params: maxParams,
+      expectedBehavior: "Should handle large inputs without issues",
+      category: "edge_case"
+    });
+    if (this.hasStringInputs(tool)) {
+      const specialParams = this.generateRealisticParams(tool, "special");
+      scenarios.push({
+        name: "Edge Case - Special Characters",
+        description: "Test with special characters and unicode",
+        params: specialParams,
+        expectedBehavior: "Should properly handle special characters",
+        category: "edge_case"
+      });
+    }
+    return scenarios;
+  }
+  /**
+   * Generate boundary value scenarios
+   */
+  static generateBoundaryScenarios(tool) {
+    const scenarios = [];
+    if (!tool.inputSchema || tool.inputSchema.type !== "object") {
+      return scenarios;
+    }
+    const properties2 = tool.inputSchema.properties || {};
+    let hasBoundaries = false;
+    for (const [_key, schema] of Object.entries(properties2)) {
+      const schemaObj = schema;
+      if (schemaObj.minimum !== void 0 || schemaObj.maximum !== void 0 || schemaObj.minLength !== void 0 || schemaObj.maxLength !== void 0) {
+        hasBoundaries = true;
+        break;
+      }
+    }
+    if (!hasBoundaries) {
+      return scenarios;
+    }
+    for (const [key, schema] of Object.entries(properties2)) {
+      const schemaObj = schema;
+      if (schemaObj.type === "number" || schemaObj.type === "integer") {
+        if (schemaObj.minimum !== void 0) {
+          const params = this.generateRealisticParams(tool, "typical");
+          params[key] = schemaObj.minimum;
+          scenarios.push({
+            name: `Boundary - ${key} at minimum`,
+            description: `Test ${key} at its minimum value`,
+            params,
+            expectedBehavior: "Should accept minimum value",
+            category: "boundary"
+          });
+        }
+        if (schemaObj.maximum !== void 0) {
+          const params = this.generateRealisticParams(tool, "typical");
+          params[key] = schemaObj.maximum;
+          scenarios.push({
+            name: `Boundary - ${key} at maximum`,
+            description: `Test ${key} at its maximum value`,
+            params,
+            expectedBehavior: "Should accept maximum value",
+            category: "boundary"
+          });
+        }
+      }
+      if (schemaObj.type === "string") {
+        if (schemaObj.minLength !== void 0) {
+          const params = this.generateRealisticParams(tool, "typical");
+          params[key] = "a".repeat(schemaObj.minLength);
+          scenarios.push({
+            name: `Boundary - ${key} at min length`,
+            description: `Test ${key} at minimum length`,
+            params,
+            expectedBehavior: "Should accept minimum length string",
+            category: "boundary"
+          });
+        }
+        if (schemaObj.maxLength !== void 0) {
+          const params = this.generateRealisticParams(tool, "typical");
+          params[key] = "a".repeat(schemaObj.maxLength);
+          scenarios.push({
+            name: `Boundary - ${key} at max length`,
+            description: `Test ${key} at maximum length`,
+            params,
+            expectedBehavior: "Should accept maximum length string",
+            category: "boundary"
+          });
+        }
+      }
+    }
+    return scenarios;
+  }
+  /**
+   * Generate an error scenario
+   */
+  static generateErrorScenario(tool) {
+    const params = {};
+    if (tool.inputSchema && tool.inputSchema.type === "object" && tool.inputSchema.properties) {
+      for (const [key, schema] of Object.entries(tool.inputSchema.properties)) {
+        const schemaObj = schema;
+        switch (schemaObj.type) {
+          case "string":
+            params[key] = 123;
+            break;
+          case "number":
+          case "integer":
+            params[key] = "not_a_number";
+            break;
+          case "boolean":
+            params[key] = "not_a_boolean";
+            break;
+          case "array":
+            params[key] = "not_an_array";
+            break;
+          case "object":
+            params[key] = "not_an_object";
+            break;
+          default:
+            params[key] = null;
+        }
+        break;
+      }
+    }
+    return {
+      name: "Error Case - Invalid Type",
+      description: "Test error handling with invalid parameter types",
+      params,
+      expectedBehavior: "Should return clear error about invalid parameter type",
+      category: "error_case"
+    };
+  }
+  /**
+   * Generate realistic parameters based on schema and variant
+   */
+  static generateRealisticParams(tool, variant) {
+    const params = {};
+    if (!tool.inputSchema || tool.inputSchema.type !== "object") {
+      return params;
+    }
+    const properties2 = tool.inputSchema.properties || {};
+    for (const [key, schema] of Object.entries(properties2)) {
+      params[key] = this.generateRealisticValue(key, schema, variant);
+    }
+    return params;
+  }
+  /**
+   * Generate a realistic value based on field name and schema
+   */
+  static generateRealisticValue(fieldName, schema, variant) {
+    const lowerFieldName = fieldName.toLowerCase();
+    switch (schema.type) {
+      case "string":
+        if (schema.enum && schema.enum.length > 0) {
+          return variant === "typical" ? schema.enum[0] : schema.enum[schema.enum.length - 1];
+        }
+        if (lowerFieldName.includes("url") || lowerFieldName.includes("link") || lowerFieldName.includes("endpoint")) {
+          return variant === "empty" ? "" : variant === "maximum" ? "https://very-long-domain-name-for-testing-maximum-length.example.com/path/to/resource?param1=value1&param2=value2" : variant === "special" ? "https://example.com/path?special=!@#$%^&*()" : this.REALISTIC_DATA.urls[Math.floor(Math.random() * this.REALISTIC_DATA.urls.length)];
+        }
+        if (lowerFieldName.includes("email") || lowerFieldName.includes("mail")) {
+          return variant === "empty" ? "" : variant === "maximum" ? "very.long.email.address.for.testing@subdomain.example-company.co.uk" : variant === "special" ? "user+tag@example.com" : this.REALISTIC_DATA.emails[Math.floor(
+            Math.random() * this.REALISTIC_DATA.emails.length
+          )];
+        }
+        if (lowerFieldName.includes("path") || lowerFieldName.includes("file") || lowerFieldName.includes("directory") || lowerFieldName.includes("folder")) {
+          return variant === "empty" ? "" : variant === "maximum" ? "/very/long/path/to/deeply/nested/directory/structure/for/testing/file.txt" : variant === "special" ? "./path/with spaces/and-special#chars.txt" : this.REALISTIC_DATA.paths[Math.floor(Math.random() * this.REALISTIC_DATA.paths.length)];
+        }
+        if (lowerFieldName.includes("query") || lowerFieldName.includes("search") || lowerFieldName.includes("filter")) {
+          return variant === "empty" ? "test" : variant === "maximum" ? "very long search query with many terms for testing maximum input length handling" : variant === "special" ? 'search with "quotes" and special: characters!' : this.REALISTIC_DATA.queries[Math.floor(
+            Math.random() * this.REALISTIC_DATA.queries.length
+          )];
+        }
+        if (lowerFieldName.includes("id") || lowerFieldName.includes("key") || lowerFieldName.includes("identifier")) {
+          const requiresUuid = lowerFieldName.includes("uuid") || lowerFieldName.includes("page_id") || lowerFieldName.includes("database_id") || lowerFieldName.includes("user_id") || lowerFieldName.includes("block_id") || lowerFieldName.includes("comment_id") || lowerFieldName.includes("workspace_id") || lowerFieldName.includes("notion") || // Check schema description for UUID hints
+          schema.description && (schema.description.toLowerCase().includes("uuid") || schema.description.toLowerCase().includes("universally unique"));
+          if (requiresUuid) {
+            return variant === "empty" ? "00000000-0000-0000-0000-000000000000" : "550e8400-e29b-41d4-a716-446655440000";
+          }
+          return variant === "empty" ? "1" : variant === "maximum" ? "very_long_identifier_string_for_testing_maximum_length_handling_in_system" : this.REALISTIC_DATA.ids[Math.floor(Math.random() * this.REALISTIC_DATA.ids.length)];
+        }
+        if (lowerFieldName.includes("name") || lowerFieldName.includes("title") || lowerFieldName.includes("label")) {
+          return variant === "empty" ? "a" : variant === "maximum" ? "Very Long Name For Testing Maximum String Length Handling In The System" : variant === "special" ? "Name with Special™ Characters® and Émojis 🎉" : this.REALISTIC_DATA.names[Math.floor(Math.random() * this.REALISTIC_DATA.names.length)];
+        }
+        if (lowerFieldName.includes("date") || lowerFieldName.includes("time")) {
+          return variant === "empty" ? "" : this.REALISTIC_DATA.timestamps[0];
+        }
+        return variant === "empty" ? "" : variant === "maximum" ? "x".repeat(100) : variant === "special" ? 'Special chars: !@#$%^&*()_+-=[]{}|;:",.<>?/~`' : "test";
+      // Simple, generic test value that often works
+      case "number":
+      case "integer":
+        if (variant === "maximum") {
+          return schema.maximum || 999999;
+        }
+        if (variant === "empty") {
+          return schema.minimum || 0;
+        }
+        if (lowerFieldName.includes("port")) {
+          return 8080;
+        }
+        if (lowerFieldName.includes("timeout") || lowerFieldName.includes("delay")) {
+          return 5e3;
+        }
+        if (lowerFieldName.includes("count") || lowerFieldName.includes("limit")) {
+          return 10;
+        }
+        if (lowerFieldName.includes("page") || lowerFieldName.includes("offset")) {
+          return 0;
+        }
+        if (lowerFieldName.includes("size") || lowerFieldName.includes("length")) {
+          return 100;
+        }
+        return schema.minimum || 1;
+      case "boolean":
+        return variant === "empty" ? false : true;
+      case "array":
+        if (variant === "empty") {
+          const isMutationField = lowerFieldName.includes("entities") || lowerFieldName.includes("relations") || lowerFieldName.includes("observations") || lowerFieldName.includes("documents");
+          if (isMutationField && schema.items) {
+            const item = this.generateValueFromSchema(schema.items, "empty");
+            return [item];
+          }
+          return [];
+        }
+        if (variant === "maximum") {
+          const count2 = 10;
+          if (schema.items) {
+            return Array(count2).fill(0).map(() => this.generateValueFromSchema(schema.items, variant));
+          }
+          return Array(count2).fill(0).map((_, i) => `item_${i}`);
+        }
+        if (schema.items) {
+          const item = this.generateValueFromSchema(schema.items, variant);
+          return [item];
+        }
+        if (lowerFieldName.includes("tag") || lowerFieldName.includes("label")) {
+          return ["tag1", "tag2", "tag3"];
+        }
+        if (lowerFieldName.includes("id")) {
+          return ["id_1", "id_2", "id_3"];
+        }
+        return this.REALISTIC_DATA.arrays[1];
+      case "object":
+        if (variant === "maximum") {
+          return this.REALISTIC_DATA.jsonObjects[4];
+        }
+        if (lowerFieldName.includes("config") || lowerFieldName.includes("settings")) {
+          return variant === "empty" ? { enabled: false } : { enabled: true, timeout: 5e3, retries: 3 };
+        }
+        if (lowerFieldName.includes("metadata") || lowerFieldName.includes("meta")) {
+          return variant === "empty" ? { version: "1.0.0" } : {
+            created: (/* @__PURE__ */ new Date()).toISOString(),
+            version: "1.0.0",
+            author: "test"
+          };
+        }
+        if (lowerFieldName.includes("filter") || lowerFieldName.includes("query")) {
+          return variant === "empty" ? { limit: 1 } : { status: "active", type: "user", limit: 10 };
+        }
+        return variant === "empty" ? { id: 1 } : this.REALISTIC_DATA.jsonObjects[0];
+      default:
+        return "test";
+    }
+  }
+  /**
+   * Check if tool has string inputs
+   */
+  static hasStringInputs(tool) {
+    if (!tool.inputSchema || tool.inputSchema.type !== "object") {
+      return false;
+    }
+    const properties2 = tool.inputSchema.properties || {};
+    for (const schema of Object.values(properties2)) {
+      if (schema.type === "string") {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Generate a single realistic value for backward compatibility
+   */
+  static generateSingleValue(fieldName, schema) {
+    return this.generateRealisticValue(fieldName, schema, "typical");
+  }
+  /**
+   * Generate value from JSON schema definition
+   */
+  static generateValueFromSchema(schema, variant) {
+    if (!schema || !schema.type) {
+      return "test";
+    }
+    switch (schema.type) {
+      case "object": {
+        const obj = {};
+        if (schema.properties) {
+          for (const [key, propSchema] of Object.entries(schema.properties)) {
+            obj[key] = this.generateRealisticValue(
+              key,
+              propSchema,
+              variant
+            );
+          }
+        }
+        return obj;
+      }
+      case "array":
+        if (schema.items) {
+          const item = this.generateValueFromSchema(schema.items, variant);
+          return [item];
+        }
+        return [];
+      case "string":
+        return variant === "empty" ? "" : "test";
+      case "number":
+      case "integer":
+        return variant === "empty" ? 0 : 1;
+      case "boolean":
+        return variant === "empty" ? false : true;
+      default:
+        return "test";
+    }
+  }
+  // ============================================================================
+  // Tool Category-Aware Generation
+  // ============================================================================
+  /**
+   * Tool category-specific data pools for when field name doesn't help identify
+   * the expected input type. Used as fallback after field-name detection.
+   */
+  static TOOL_CATEGORY_DATA = {
+    // Keys must match ToolClassifier category names (lowercase)
+    calculator: {
+      default: ["2+2", "10*5", "100/4", "sqrt(16)", "15-7"]
+    },
+    search_retrieval: {
+      default: [
+        "hello world",
+        "example query",
+        "recent changes",
+        "find documents"
+      ]
+    },
+    system_exec: {
+      default: ["echo hello", "pwd", "date", "whoami"]
+    },
+    url_fetcher: {
+      default: [
+        "https://api.github.com",
+        "https://httpbin.org/get",
+        "https://jsonplaceholder.typicode.com/posts/1"
+      ]
+    }
+  };
+  /**
+   * Field names that indicate specific data types regardless of tool category.
+   * These take precedence over category-specific generation.
+   */
+  static SPECIFIC_FIELD_PATTERNS = [
+    /url/i,
+    /endpoint/i,
+    /link/i,
+    /email/i,
+    /mail/i,
+    /path/i,
+    /file/i,
+    /directory/i,
+    /folder/i,
+    /uuid/i,
+    /page_id/i,
+    /database_id/i,
+    /user_id/i,
+    /block_id/i
+  ];
+  /**
+   * Generate a value using tool category as hint.
+   * For specific field names (url, email, path, etc.), uses field-name detection.
+   * For generic field names with specific tool categories, uses category-specific inputs.
+   * Otherwise falls back to field-name-based generation.
+   *
+   * @param fieldName The parameter field name
+   * @param schema The parameter schema
+   * @param category The tool category from ToolClassifier (e.g., "CALCULATOR", "SEARCH_RETRIEVAL")
+   * @returns Generated test value appropriate for the tool type
+   */
+  static generateValueForCategory(fieldName, schema, category) {
+    const isSpecificFieldName = this.SPECIFIC_FIELD_PATTERNS.some(
+      (pattern2) => pattern2.test(fieldName)
+    );
+    if (isSpecificFieldName) {
+      return this.generateSingleValue(fieldName, schema);
+    }
+    const categoryData = this.TOOL_CATEGORY_DATA[category];
+    if (categoryData?.default) {
+      return categoryData.default[0];
+    }
+    return this.generateSingleValue(fieldName, schema);
+  }
+}
 class FunctionalityAssessor extends BaseAssessor {
+  toolClassifier = new ToolClassifier();
   /**
    * Select tools for testing based on configuration
    */
@@ -53729,8 +54787,8 @@ class FunctionalityAssessor extends BaseAssessor {
   }
   async testTool(tool, callTool) {
     const startTime = Date.now();
+    const { params: testParams, metadata: metadata2 } = this.generateMinimalParams(tool);
     try {
-      const testParams = this.generateMinimalParams(tool);
       this.log(
         `Testing tool: ${tool.name} with params: ${JSON.stringify(testParams)}`
       );
@@ -53752,7 +54810,8 @@ class FunctionalityAssessor extends BaseAssessor {
             status: "working",
             executionTime,
             testParameters: testParams,
-            response
+            response,
+            testInputMetadata: metadata2
           };
         }
         return {
@@ -53762,7 +54821,8 @@ class FunctionalityAssessor extends BaseAssessor {
           error: this.extractErrorMessage(response),
           executionTime,
           testParameters: testParams,
-          response
+          response,
+          testInputMetadata: metadata2
         };
       }
       return {
@@ -53771,7 +54831,8 @@ class FunctionalityAssessor extends BaseAssessor {
         status: "working",
         executionTime,
         testParameters: testParams,
-        response
+        response,
+        testInputMetadata: metadata2
       };
     } catch (error) {
       return {
@@ -53779,24 +54840,48 @@ class FunctionalityAssessor extends BaseAssessor {
         tested: true,
         status: "broken",
         error: this.extractErrorMessage(error),
-        executionTime: Date.now() - startTime
+        executionTime: Date.now() - startTime,
+        testInputMetadata: metadata2
       };
     }
   }
   generateMinimalParams(tool) {
-    if (!tool.inputSchema) return {};
+    const classification = this.toolClassifier.classify(
+      tool.name,
+      tool.description || ""
+    );
+    const primaryCategory = classification.categories[0] || ToolCategory.GENERIC;
+    const emptyResult = {
+      params: {},
+      metadata: {
+        toolCategory: primaryCategory,
+        generationStrategy: "default",
+        fieldSources: {}
+      }
+    };
+    if (!tool.inputSchema) return emptyResult;
     const schema = typeof tool.inputSchema === "string" ? this.safeJsonParse(tool.inputSchema) : tool.inputSchema;
-    if (!schema?.properties) return {};
+    if (!schema?.properties) return emptyResult;
     const params = {};
+    const fieldSources = {};
     const required2 = schema.required || [];
     for (const [key, prop] of Object.entries(
       schema.properties
     )) {
       if (required2.includes(key)) {
-        params[key] = this.generateParamValue(prop, key);
+        const { value, source, reason } = this.generateSmartParamValueWithMetadata(prop, key, primaryCategory);
+        params[key] = value;
+        fieldSources[key] = { field: key, value, source, reason };
       }
     }
-    return params;
+    return {
+      params,
+      metadata: {
+        toolCategory: primaryCategory,
+        generationStrategy: this.determineStrategy(fieldSources),
+        fieldSources
+      }
+    };
   }
   generateParamValue(prop, fieldName, includeOptional = false) {
     const type2 = prop.type;
@@ -53853,6 +54938,102 @@ class FunctionalityAssessor extends BaseAssessor {
         return {};
     }
   }
+  /**
+   * Field names that indicate specific data types regardless of tool category.
+   * These take precedence over category-specific generation.
+   */
+  static SPECIFIC_FIELD_PATTERNS = [
+    /url/i,
+    /endpoint/i,
+    /link/i,
+    /email/i,
+    /mail/i,
+    /path/i,
+    /file/i,
+    /directory/i,
+    /folder/i,
+    /uuid/i,
+    /page_id/i,
+    /database_id/i,
+    /user_id/i,
+    /block_id/i
+  ];
+  /**
+   * Generate smart parameter value with metadata about how it was generated.
+   * Returns value, source type, and reason for downstream consumers.
+   */
+  generateSmartParamValueWithMetadata(prop, fieldName, category) {
+    if (prop.enum && prop.enum.length > 0) {
+      return {
+        value: prop.enum[0],
+        source: "enum",
+        reason: `First enum value: ${prop.enum[0]}`
+      };
+    }
+    if (prop.format === "uri") {
+      return {
+        value: "https://example.com",
+        source: "format",
+        reason: "URI format detected"
+      };
+    }
+    if (prop.format === "email") {
+      return {
+        value: "test@example.com",
+        source: "format",
+        reason: "Email format detected"
+      };
+    }
+    if (prop.type !== "string") {
+      const value = this.generateParamValue(prop, fieldName);
+      return {
+        value,
+        source: "default",
+        reason: `Default for type: ${prop.type}`
+      };
+    }
+    const isSpecificFieldName = FunctionalityAssessor.SPECIFIC_FIELD_PATTERNS.some(
+      (pattern2) => pattern2.test(fieldName)
+    );
+    if (isSpecificFieldName) {
+      const fieldValue2 = TestDataGenerator.generateSingleValue(fieldName, prop);
+      return {
+        value: fieldValue2,
+        source: "field-name",
+        reason: `Field name pattern: ${fieldName}`
+      };
+    }
+    const categoryData = TestDataGenerator.TOOL_CATEGORY_DATA[category];
+    if (categoryData?.default) {
+      return {
+        value: categoryData.default[0],
+        source: "category",
+        reason: `Category ${category} default value`
+      };
+    }
+    const fieldValue = TestDataGenerator.generateSingleValue(fieldName, prop);
+    if (fieldValue !== "test") {
+      return {
+        value: fieldValue,
+        source: "field-name",
+        reason: `Field name pattern: ${fieldName}`
+      };
+    }
+    return {
+      value: "test",
+      source: "default",
+      reason: "No specific pattern matched"
+    };
+  }
+  /**
+   * Determine overall generation strategy based on field sources
+   */
+  determineStrategy(fieldSources) {
+    const sources = Object.values(fieldSources).map((f) => f.source);
+    if (sources.includes("category")) return "category-specific";
+    if (sources.includes("field-name")) return "field-name-aware";
+    return "default";
+  }
   // Public method for testing purposes - allows tests to verify parameter generation logic
   // Always includes optional properties to test full schema
   generateTestInput(schema) {
@@ -54269,377 +55450,6 @@ function getPayloadsForAttack(attackName, limit2) {
 function getAllAttackPatterns() {
   return SECURITY_ATTACK_PATTERNS;
 }
-var ToolCategory = /* @__PURE__ */ ((ToolCategory2) => {
-  ToolCategory2["CALCULATOR"] = "calculator";
-  ToolCategory2["SYSTEM_EXEC"] = "system_exec";
-  ToolCategory2["DATA_ACCESS"] = "data_access";
-  ToolCategory2["TOOL_OVERRIDE"] = "tool_override";
-  ToolCategory2["CONFIG_MODIFIER"] = "config_modifier";
-  ToolCategory2["URL_FETCHER"] = "fetcher";
-  ToolCategory2["UNICODE_PROCESSOR"] = "unicode";
-  ToolCategory2["JSON_PARSER"] = "parser";
-  ToolCategory2["PACKAGE_INSTALLER"] = "installer";
-  ToolCategory2["RUG_PULL"] = "rug_pull";
-  ToolCategory2["SAFE_STORAGE"] = "safe_storage";
-  ToolCategory2["API_WRAPPER"] = "api_wrapper";
-  ToolCategory2["SEARCH_RETRIEVAL"] = "search_retrieval";
-  ToolCategory2["CRUD_CREATION"] = "crud_creation";
-  ToolCategory2["READ_ONLY_INFO"] = "read_only_info";
-  ToolCategory2["GENERIC"] = "generic";
-  return ToolCategory2;
-})(ToolCategory || {});
-class ToolClassifier {
-  /**
-   * Classify a tool into one or more categories
-   * Returns multiple categories if tool matches multiple patterns
-   */
-  classify(toolName, description2) {
-    const categories = [];
-    const confidenceScores = [];
-    const reasons = [];
-    const toolText = `${toolName} ${description2 || ""}`.toLowerCase();
-    if (this.matchesPattern(toolText, [
-      /calculator/i,
-      /compute/i,
-      /math/i,
-      /calc/i,
-      /eval/i,
-      /arithmetic/i,
-      /expression/i
-    ])) {
-      categories.push(
-        "calculator"
-        /* CALCULATOR */
-      );
-      confidenceScores.push(90);
-      reasons.push("Calculator pattern detected (arithmetic execution risk)");
-    }
-    if (this.matchesPattern(toolText, [
-      /system.*exec/i,
-      /exec.*tool/i,
-      /command/i,
-      /shell/i,
-      /\brun\b/i,
-      /execute/i,
-      /process/i
-    ])) {
-      categories.push(
-        "system_exec"
-        /* SYSTEM_EXEC */
-      );
-      confidenceScores.push(95);
-      reasons.push(
-        "System execution pattern detected (command injection risk)"
-      );
-    }
-    if (this.matchesPattern(toolText, [
-      /leak/i,
-      /\bdata\b/i,
-      /show/i,
-      /\bget\b/i,
-      /\blist\b/i,
-      /display/i,
-      /\benv/i,
-      /secret/i,
-      /\bkey\b/i,
-      /credential/i,
-      /exfiltrat/i
-    ])) {
-      categories.push(
-        "data_access"
-        /* DATA_ACCESS */
-      );
-      confidenceScores.push(85);
-      reasons.push("Data access pattern detected (data exfiltration risk)");
-    }
-    if (this.matchesPattern(toolText, [
-      /override/i,
-      /shadow/i,
-      /poison/i,
-      /create.*tool/i,
-      /register.*tool/i,
-      /define.*tool/i,
-      /tool.*creator/i,
-      /add.*tool/i
-    ])) {
-      categories.push(
-        "tool_override"
-        /* TOOL_OVERRIDE */
-      );
-      confidenceScores.push(92);
-      reasons.push("Tool override pattern detected (shadowing/poisoning risk)");
-    }
-    if (this.matchesPattern(toolText, [
-      /config/i,
-      /setting/i,
-      /modifier/i,
-      /\badmin\b/i,
-      /privilege/i,
-      /permission/i,
-      /configure/i,
-      /drift/i
-    ])) {
-      categories.push(
-        "config_modifier"
-        /* CONFIG_MODIFIER */
-      );
-      confidenceScores.push(88);
-      reasons.push(
-        "Config modification pattern detected (configuration drift risk)"
-      );
-    }
-    if (this.matchesPattern(toolText, [
-      /fetch/i,
-      /\burl\b/i,
-      /http/i,
-      /download/i,
-      /load/i,
-      /retrieve/i,
-      /\bget\b.*url/i,
-      /external/i
-    ])) {
-      categories.push(
-        "fetcher"
-        /* URL_FETCHER */
-      );
-      confidenceScores.push(87);
-      reasons.push(
-        "URL fetcher pattern detected (indirect prompt injection risk)"
-      );
-    }
-    if (this.matchesPattern(toolText, [
-      /unicode/i,
-      /encode/i,
-      /decode/i,
-      /charset/i,
-      /utf/i,
-      /hex/i,
-      /escape/i
-    ])) {
-      categories.push(
-        "unicode"
-        /* UNICODE_PROCESSOR */
-      );
-      confidenceScores.push(75);
-      reasons.push("Unicode processor pattern detected (bypass encoding risk)");
-    }
-    if (this.matchesPattern(toolText, [
-      /parser/i,
-      /parse/i,
-      /json/i,
-      /xml/i,
-      /yaml/i,
-      /nested/i,
-      /deserialize/i,
-      /unmarshal/i
-    ])) {
-      categories.push(
-        "parser"
-        /* JSON_PARSER */
-      );
-      confidenceScores.push(78);
-      reasons.push(
-        "JSON/nested parser pattern detected (nested injection risk)"
-      );
-    }
-    if (this.matchesPattern(toolText, [
-      /install/i,
-      /package/i,
-      /\bnpm\b/i,
-      /\bpip\b/i,
-      /dependency/i,
-      /module/i,
-      /library/i,
-      /\bgem\b/i
-    ])) {
-      categories.push(
-        "installer"
-        /* PACKAGE_INSTALLER */
-      );
-      confidenceScores.push(70);
-      reasons.push("Package installer pattern detected (typosquatting risk)");
-    }
-    if (this.matchesPattern(toolText, [
-      /rug.*pull/i,
-      /trust/i,
-      /behavior.*change/i,
-      /malicious.*after/i,
-      /invocation.*count/i
-    ])) {
-      categories.push(
-        "rug_pull"
-        /* RUG_PULL */
-      );
-      confidenceScores.push(80);
-      reasons.push("Rug pull pattern detected (behavioral change risk)");
-    }
-    if (this.matchesPattern(toolText, [
-      /firecrawl/i,
-      /\bscrape\b/i,
-      /\bcrawl\b/i,
-      /web.*scraping/i,
-      /api.*wrapper/i,
-      /http.*client/i,
-      /web.*client/i,
-      /rest.*client/i,
-      /graphql.*client/i,
-      /fetch.*web.*content/i
-    ])) {
-      categories.push(
-        "api_wrapper"
-        /* API_WRAPPER */
-      );
-      confidenceScores.push(95);
-      reasons.push(
-        "API wrapper pattern detected (safe data passing, not code execution)"
-      );
-    }
-    if (this.matchesPattern(toolText, [
-      /\bsearch\b/i,
-      /\bfind\b/i,
-      /\blookup\b/i,
-      /\bquery\b/i,
-      /retrieve/i,
-      /\blist\b/i,
-      /get.*users/i,
-      /get.*pages/i,
-      /get.*database/i
-    ])) {
-      categories.push(
-        "search_retrieval"
-        /* SEARCH_RETRIEVAL */
-      );
-      confidenceScores.push(93);
-      reasons.push(
-        "Search/retrieval pattern detected (returns data, not code execution)"
-      );
-    }
-    if (this.matchesPattern(toolText, [
-      /\bcreate\b/i,
-      /\badd\b/i,
-      /\binsert\b/i,
-      /\bupdate\b/i,
-      /\bmodify\b/i,
-      /\bdelete\b/i,
-      /\bduplicate\b/i,
-      /\bmove\b/i,
-      /\bappend\b/i
-    ])) {
-      categories.push(
-        "crud_creation"
-        /* CRUD_CREATION */
-      );
-      confidenceScores.push(92);
-      reasons.push(
-        "CRUD operation pattern detected (data manipulation, not code execution)"
-      );
-    }
-    if (this.matchesPattern(toolText, [
-      /get.*self/i,
-      /get.*teams/i,
-      /get.*info/i,
-      /get.*status/i,
-      /\bwhoami\b/i,
-      /get.*workspace/i,
-      /get.*user/i,
-      /current.*user/i
-    ])) {
-      categories.push(
-        "read_only_info"
-        /* READ_ONLY_INFO */
-      );
-      confidenceScores.push(94);
-      reasons.push(
-        "Read-only info pattern detected (intended data exposure, not vulnerability)"
-      );
-    }
-    if (this.matchesPattern(toolText, [
-      /safe.*storage/i,
-      /safe.*search/i,
-      /safe.*list/i,
-      /safe.*info/i,
-      /safe.*echo/i,
-      /safe.*validate/i,
-      /safe.*tool/i
-    ])) {
-      categories.push(
-        "safe_storage"
-        /* SAFE_STORAGE */
-      );
-      confidenceScores.push(99);
-      reasons.push(
-        "Safe tool pattern detected (control group - should be safe)"
-      );
-    }
-    if (categories.length === 0) {
-      categories.push(
-        "generic"
-        /* GENERIC */
-      );
-      confidenceScores.push(50);
-      reasons.push("No specific pattern match, using generic tests");
-    }
-    const avgConfidence = confidenceScores.reduce((a, b) => a + b, 0) / confidenceScores.length;
-    return {
-      toolName,
-      categories,
-      confidence: Math.round(avgConfidence),
-      reasoning: reasons.join("; ")
-    };
-  }
-  /**
-   * Check if text matches any of the provided patterns
-   */
-  matchesPattern(text, patterns) {
-    return patterns.some((pattern2) => pattern2.test(text));
-  }
-  /**
-   * Get all tool categories (for testing/debugging)
-   */
-  static getAllCategories() {
-    return Object.values(ToolCategory);
-  }
-  /**
-   * Get risk level for a category
-   */
-  static getRiskLevel(category) {
-    const highRiskCategories = [
-      "calculator",
-      "system_exec",
-      "data_access",
-      "tool_override",
-      "config_modifier",
-      "fetcher"
-      /* URL_FETCHER */
-    ];
-    const mediumRiskCategories = [
-      "unicode",
-      "parser",
-      "installer",
-      "rug_pull"
-      /* RUG_PULL */
-    ];
-    const lowRiskCategories = [
-      "api_wrapper",
-      "search_retrieval",
-      "crud_creation",
-      "read_only_info",
-      "safe_storage",
-      "generic"
-      /* GENERIC */
-    ];
-    if (highRiskCategories.includes(category)) return "HIGH";
-    if (mediumRiskCategories.includes(category)) return "MEDIUM";
-    if (lowRiskCategories.includes(category)) return "LOW";
-    return "LOW";
-  }
-  /**
-   * Classify multiple tools at once
-   */
-  classifyBatch(tools) {
-    return tools.map((tool) => this.classify(tool.name, tool.description));
-  }
-}
 class SecurityAssessor extends BaseAssessor {
   async assess(context) {
     const toolsToTest = this.selectToolsForTesting(context.tools);
@@ -54809,6 +55619,18 @@ class SecurityAssessor extends BaseAssessor {
                   this.log(
                     `🚨 VULNERABILITY: ${tool.name} - ${attackPattern.attackName} (${payload.payloadType}: ${payload.description})`
                   );
+                  if (context.onProgress) {
+                    context.onProgress({
+                      type: "vulnerability_found",
+                      tool: tool.name,
+                      pattern: attackPattern.attackName,
+                      confidence: result.confidence || "medium",
+                      evidence: result.evidence || "Vulnerability detected",
+                      riskLevel: payload.riskLevel,
+                      requiresReview: result.requiresManualReview || false,
+                      payload: payload.payload
+                    });
+                  }
                 }
               } catch (error) {
                 this.logError(
@@ -54926,6 +55748,18 @@ class SecurityAssessor extends BaseAssessor {
             this.log(
               `🚨 VULNERABILITY: ${tool.name} - ${attackPattern.attackName}`
             );
+            if (context.onProgress) {
+              context.onProgress({
+                type: "vulnerability_found",
+                tool: tool.name,
+                pattern: attackPattern.attackName,
+                confidence: result.confidence || "medium",
+                evidence: result.evidence || "Vulnerability detected",
+                riskLevel: payload.riskLevel,
+                requiresReview: result.requiresManualReview || false,
+                payload: payload.payload
+              });
+            }
           }
         } catch (error) {
           this.logError(
@@ -60906,13 +61740,13 @@ const App = () => {
   ) });
   if (window.location.pathname === "/oauth/callback") {
     const OAuthCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthCallback-Bi_akC9k.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthCallback-DA2koy6X.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
   }
   if (window.location.pathname === "/oauth/callback/debug") {
     const OAuthDebugCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthDebugCallback-DupZK8qN.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthDebugCallback-Bx60PQTT.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
   }