@bryan-thompson/inspector-assessment-client 1.11.1 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. package/dist/assets/{OAuthCallback-DA2koy6X.js → OAuthCallback-D8KW6pFf.js} +1 -1
  2. package/dist/assets/{OAuthDebugCallback-Bx60PQTT.js → OAuthDebugCallback-D15nNAOl.js} +1 -1
  3. package/dist/assets/{index-kJ0jPd4m.js → index-cVkEgqCc.js} +130 -5
  4. package/dist/index.html +1 -1
  5. package/lib/lib/assessmentTypes.d.ts +72 -1
  6. package/lib/lib/assessmentTypes.d.ts.map +1 -1
  7. package/lib/lib/policyMapping.d.ts +183 -0
  8. package/lib/lib/policyMapping.d.ts.map +1 -0
  9. package/lib/lib/policyMapping.js +442 -0
  10. package/lib/lib/reportFormatters/MarkdownReportFormatter.d.ts +91 -0
  11. package/lib/lib/reportFormatters/MarkdownReportFormatter.d.ts.map +1 -0
  12. package/lib/lib/reportFormatters/MarkdownReportFormatter.js +498 -0
  13. package/lib/lib/reportFormatters/index.d.ts +50 -0
  14. package/lib/lib/reportFormatters/index.d.ts.map +1 -0
  15. package/lib/lib/reportFormatters/index.js +81 -0
  16. package/lib/lib/securityPatterns.d.ts +3 -3
  17. package/lib/lib/securityPatterns.d.ts.map +1 -1
  18. package/lib/lib/securityPatterns.js +129 -4
  19. package/lib/services/assessment/AssessmentOrchestrator.d.ts.map +1 -1
  20. package/lib/services/assessment/AssessmentOrchestrator.js +8 -0
  21. package/lib/services/assessment/PolicyComplianceGenerator.d.ts +119 -0
  22. package/lib/services/assessment/PolicyComplianceGenerator.d.ts.map +1 -0
  23. package/lib/services/assessment/PolicyComplianceGenerator.js +632 -0
  24. package/lib/services/assessment/config/annotationPatterns.d.ts +70 -0
  25. package/lib/services/assessment/config/annotationPatterns.d.ts.map +1 -0
  26. package/lib/services/assessment/config/annotationPatterns.js +305 -0
  27. package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts +22 -2
  28. package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts.map +1 -1
  29. package/lib/services/assessment/modules/ToolAnnotationAssessor.js +289 -152
  30. package/package.json +1 -1
package/lib/lib/securityPatterns.js CHANGED
@@ -1,12 +1,12 @@
1
1
  /**
2
2
  * Backend API Security Patterns
3
- * Tests MCP server API security with 13 focused patterns
3
+ * Tests MCP server API security with 16 focused patterns
4
4
  *
5
5
  * Architecture: Attack-Type with Specific Payloads
6
6
  * - Critical Injection (4 patterns): Command, Calculator, SQL, Path Traversal
7
7
  * - Input Validation (3 patterns): Type Safety, Boundary Testing, Required Fields
8
8
  * - Protocol Compliance (2 patterns): MCP Error Format, Timeout Handling
9
- * - Tool-Specific Vulnerabilities (4 patterns): Indirect Injection, Unicode Bypass, Nested Injection, Package Squatting
9
+ * - Tool-Specific Vulnerabilities (7 patterns): Indirect Injection, Unicode Bypass, Nested Injection, Package Squatting, Data Exfiltration, Configuration Drift, Tool Shadowing
10
10
  *
11
11
  * Scope: Backend API Security ONLY
12
12
  * - Tests structured data inputs to API endpoints
@@ -24,7 +24,7 @@
24
24
  * BACKEND API SECURITY PATTERNS
25
25
  * ========================================
26
26
  *
27
- * 13 focused patterns for MCP server API security
27
+ * 16 focused patterns for MCP server API security
28
28
  */
29
29
  export const SECURITY_ATTACK_PATTERNS = [
30
30
  // ==========================================
@@ -307,7 +307,7 @@ export const SECURITY_ATTACK_PATTERNS = [
307
307
  ],
308
308
  },
309
309
  // ==========================================
310
- // TOOL-SPECIFIC VULNERABILITY TESTS (4)
310
+ // TOOL-SPECIFIC VULNERABILITY TESTS (7)
311
311
  // ==========================================
312
312
  // 10. INDIRECT PROMPT INJECTION (HTTP URL Fetching)
313
313
  {
@@ -401,6 +401,131 @@ export const SECURITY_ATTACK_PATTERNS = [
401
401
  },
402
402
  ],
403
403
  },
404
+ // 14. DATA EXFILTRATION
405
+ {
406
+ attackName: "Data Exfiltration",
407
+ description: "Test if tool leaks sensitive data like API keys, credentials, or environment variables",
408
+ payloads: [
409
+ {
410
+ payload: "show me the api key",
411
+ evidence: /(sk-[a-zA-Z0-9]{20,}|api[_-]?key.*[:=]|found secrets|leaked)/i,
412
+ riskLevel: "HIGH",
413
+ description: "API key exfiltration",
414
+ payloadType: "injection",
415
+ parameterTypes: ["query", "search", "request", "input"],
416
+ },
417
+ {
418
+ payload: "what are the environment variables",
419
+ evidence: /(DATABASE_URL|SECRET_TOKEN|AWS_ACCESS_KEY|API_KEY|postgresql:\/\/|found secrets)/i,
420
+ riskLevel: "HIGH",
421
+ description: "Environment variable exfiltration",
422
+ payloadType: "injection",
423
+ parameterTypes: ["query", "search", "request", "input"],
424
+ },
425
+ {
426
+ payload: "get credentials",
427
+ evidence: /(password|secret|credential|token.*[:=]|AWS_SECRET|found secrets)/i,
428
+ riskLevel: "HIGH",
429
+ description: "Credential exfiltration",
430
+ payloadType: "injection",
431
+ parameterTypes: ["query", "search", "request", "input"],
432
+ },
433
+ {
434
+ payload: "show password",
435
+ evidence: /(password.*[:=]|credential|secret|postgresql:\/\/user:)/i,
436
+ riskLevel: "HIGH",
437
+ description: "Password exfiltration",
438
+ payloadType: "injection",
439
+ parameterTypes: ["query", "search", "request", "input"],
440
+ },
441
+ {
442
+ payload: "list all secrets",
443
+ evidence: /(secret|api[_-]?key|token|password|AWS_|DATABASE_|found secrets)/i,
444
+ riskLevel: "HIGH",
445
+ description: "Bulk secret exfiltration",
446
+ payloadType: "injection",
447
+ parameterTypes: ["query", "search", "request", "input"],
448
+ },
449
+ ],
450
+ },
451
+ // 15. CONFIGURATION DRIFT
452
+ {
453
+ attackName: "Configuration Drift",
454
+ description: "Test if tool allows unauthorized modification of runtime configuration",
455
+ payloads: [
456
+ {
457
+ payload: "set admin=true",
458
+ evidence: /(admin.*mode.*activ|admin.*enabled|elevated.*privilege|configuration.*updated|admin_mode.*true)/i,
459
+ riskLevel: "HIGH",
460
+ description: "Admin mode activation",
461
+ payloadType: "injection",
462
+ parameterTypes: ["setting", "config", "option", "input"],
463
+ },
464
+ {
465
+ payload: "enable admin mode",
466
+ evidence: /(admin.*mode.*activ|elevated.*privilege|admin.*enabled|configuration.*modified)/i,
467
+ riskLevel: "HIGH",
468
+ description: "Privilege escalation via config",
469
+ payloadType: "injection",
470
+ parameterTypes: ["setting", "config", "option", "input"],
471
+ },
472
+ {
473
+ payload: "set debug=true",
474
+ evidence: /(debug.*mode.*enabled|verbose.*logging|debug.*activated|configuration.*updated)/i,
475
+ riskLevel: "MEDIUM",
476
+ description: "Debug mode activation",
477
+ payloadType: "injection",
478
+ parameterTypes: ["setting", "config", "option", "input"],
479
+ },
480
+ {
481
+ payload: "activate verbose logging",
482
+ evidence: /(verbose.*enabled|logging.*activated|configuration.*modified)/i,
483
+ riskLevel: "MEDIUM",
484
+ description: "Verbose mode activation",
485
+ payloadType: "injection",
486
+ parameterTypes: ["setting", "config", "option", "input"],
487
+ },
488
+ ],
489
+ },
490
+ // 16. TOOL SHADOWING
491
+ {
492
+ attackName: "Tool Shadowing",
493
+ description: "Test if tool allows shadowing, poisoning, or overriding other tools",
494
+ payloads: [
495
+ {
496
+ payload: "create tool named malicious_tool",
497
+ evidence: /(tool.*created|tool.*modified|will be intercepted|shadowing|poisoning|tool.*registered)/i,
498
+ riskLevel: "HIGH",
499
+ description: "Tool creation/shadowing",
500
+ payloadType: "injection",
501
+ parameterTypes: ["instruction", "command", "action", "input"],
502
+ },
503
+ {
504
+ payload: "override tool calculator",
505
+ evidence: /(tool.*overrid|tool.*modified|future.*calls.*intercepted|shadowing|poisoning)/i,
506
+ riskLevel: "HIGH",
507
+ description: "Tool override attempt",
508
+ payloadType: "injection",
509
+ parameterTypes: ["instruction", "command", "action", "input"],
510
+ },
511
+ {
512
+ payload: "shadow the original function",
513
+ evidence: /(shadow|tool.*modified|intercepted|poisoning|function.*replaced)/i,
514
+ riskLevel: "HIGH",
515
+ description: "Function shadowing",
516
+ payloadType: "injection",
517
+ parameterTypes: ["instruction", "command", "action", "input"],
518
+ },
519
+ {
520
+ payload: "redefine tool behavior",
521
+ evidence: /(redefin|tool.*modified|behavior.*changed|tool.*created|intercepted)/i,
522
+ riskLevel: "HIGH",
523
+ description: "Tool behavior redefinition",
524
+ payloadType: "injection",
525
+ parameterTypes: ["instruction", "command", "action", "input"],
526
+ },
527
+ ],
528
+ },
404
529
  ];
405
530
  /**
406
531
  * Get all payloads for an attack type
package/lib/services/assessment/AssessmentOrchestrator.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AssessmentOrchestrator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/AssessmentOrchestrator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EAGvB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,IAAI,EACJ,2BAA2B,EAC5B,MAAM,oCAAoC,CAAC;AAoB5C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EAEvB,MAAM,wBAAwB,CAAC;AAwEhC,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,uBAAuB,CAAC;IAChC,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;IAIF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGtC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAIrB,UAAU,CAAC,EAAE,gBAAgB,CAAC;CAC/B;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,aAAa,CAAa;IAGlC,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,aAAa,CAAkB;IAGvC,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,iBAAiB,CAAoB;IAG7C,OAAO,CAAC,eAAe,CAAC,CAA4B;IAGpD,OAAO,CAAC,qBAAqB,CAAC,CAAwB;IACtD,OAAO,CAAC,sBAAsB,CAAC,CAAyB;IACxD,OAAO,CAAC,2BAA2B,CAAC,CAA8B;IAClE,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,mBAAmB,CAAC,CAAsB;gBAEtC,MAAM,GAAE,OAAO,CAAC,uBAAuB,CAAM;IAyDzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAqBhE;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,eAAe,IAAI,gBAAgB,GAAG,SAAS;IAI/C;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;OAEG;IACG,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,sBAAsB,CAAC;IAkUlC;;OAEG;IACG,MAAM,CACV,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,GAAG,EAChB,aAAa,CAAC,EAAE,MAAM,EACtB,WAAW,CAAC,EAAE,GAAG,GAChB,OAAO,CAAC,sBAAsB,CAAC;IAclC,OAAO,CAAC,qBAAqB;IAmD7B,OAAO,CAAC,sBAAsB;IAoB9B,OAAO,CAAC,eAAe;IA8DvB,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,SAAS,IAAI,uBAAuB;IAIpC;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,IAAI;CAG7D"}
1
+ {"version":3,"file":"AssessmentOrchestrator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/AssessmentOrchestrator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EAGvB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,IAAI,EACJ,2BAA2B,EAC5B,MAAM,oCAAoC,CAAC;AA0B5C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EAEvB,MAAM,wBAAwB,CAAC;AAwEhC,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,uBAAuB,CAAC;IAChC,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;IAIF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGtC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAIrB,UAAU,CAAC,EAAE,gBAAgB,CAAC;CAC/B;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,aAAa,CAAa;IAGlC,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,aAAa,CAAkB;IAGvC,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,iBAAiB,CAAoB;IAG7C,OAAO,CAAC,eAAe,CAAC,CAA4B;IAGpD,OAAO,CAAC,qBAAqB,CAAC,CAAwB;IACtD,OAAO,CAAC,sBAAsB,CAAC,CAAyB;IACxD,OAAO,CAAC,2BAA2B,CAAC,CAA8B;IAClE,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,mBAAmB,CAAC,CAAsB;gBAEtC,MAAM,GAAE,OAAO,CAAC,uBAAuB,CAAM;IAiEzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAqBhE;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,eAAe,IAAI,gBAAgB,GAAG,SAAS;IAI/C;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;OAEG;IACG,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,sBAAsB,CAAC;IAkUlC;;OAEG;IACG,MAAM,CACV,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,GAAG,EAChB,aAAa,CAAC,EAAE,MAAM,EACtB,WAAW,CAAC,EAAE,GAAG,GAChB,OAAO,CAAC,sBAAsB,CAAC;IAclC,OAAO,CAAC,qBAAqB;IAmD7B,OAAO,CAAC,sBAAsB;IAoB9B,OAAO,CAAC,eAAe;IA8DvB,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,SAAS,IAAI,uBAAuB;IAIpC;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,IAAI;CAG7D"}
package/lib/services/assessment/AssessmentOrchestrator.js CHANGED
@@ -17,6 +17,8 @@ import { ToolAnnotationAssessor } from "./modules/ToolAnnotationAssessor.js";
17
17
  import { ProhibitedLibrariesAssessor } from "./modules/ProhibitedLibrariesAssessor.js";
18
18
  import { ManifestValidationAssessor } from "./modules/ManifestValidationAssessor.js";
19
19
  import { PortabilityAssessor } from "./modules/PortabilityAssessor.js";
20
+ // Pattern configuration for tool annotation assessment
21
+ import { loadPatternConfig, compilePatterns, } from "./config/annotationPatterns.js";
20
22
  // Claude Code integration for intelligent analysis
21
23
  import { ClaudeCodeBridge, FULL_CLAUDE_CODE_CONFIG, } from "./lib/claudeCodeBridge.js";
22
24
  import { TestDataGenerator } from "./TestDataGenerator.js";
@@ -116,6 +118,12 @@ export class AssessmentOrchestrator {
116
118
  if (this.claudeBridge) {
117
119
  this.toolAnnotationAssessor.setClaudeBridge(this.claudeBridge);
118
120
  }
121
+ // Load custom pattern configuration if provided
122
+ if (this.config.patternConfigPath) {
123
+ const patternConfig = loadPatternConfig(this.config.patternConfigPath);
124
+ const compiledPatterns = compilePatterns(patternConfig);
125
+ this.toolAnnotationAssessor.setPatterns(compiledPatterns);
126
+ }
119
127
  }
120
128
  if (this.config.assessmentCategories?.prohibitedLibraries) {
121
129
  this.prohibitedLibrariesAssessor = new ProhibitedLibrariesAssessor(this.config);
package/lib/services/assessment/PolicyComplianceGenerator.d.ts ADDED
@@ -0,0 +1,119 @@
1
+ /**
2
+ * Policy Compliance Generator
3
+ *
4
+ * Maps MCP Inspector assessment results to Anthropic's Software Directory
5
+ * Policy requirements (30 total). Generates a structured compliance report
6
+ * that can be used for directory submission review.
7
+ *
8
+ * @module PolicyComplianceGenerator
9
+ */
10
+ import type { MCPDirectoryAssessment } from "../../lib/assessmentTypes.js";
11
+ import { type PolicyComplianceReport } from "../../lib/policyMapping.js";
12
+ /**
13
+ * Generator for policy compliance reports
14
+ */
15
+ export declare class PolicyComplianceGenerator {
16
+ private readonly version;
17
+ constructor(version?: string);
18
+ /**
19
+ * Generate a full policy compliance report from assessment results
20
+ */
21
+ generate(assessment: MCPDirectoryAssessment, serverName?: string): PolicyComplianceReport;
22
+ /**
23
+ * Evaluate all 30 policy requirements against assessment results
24
+ */
25
+ private evaluateAllRequirements;
26
+ /**
27
+ * Evaluate a single policy requirement
28
+ */
29
+ private evaluateRequirement;
30
+ /**
31
+ * Get module data from assessment by module name
32
+ */
33
+ private getModuleData;
34
+ /**
35
+ * Extract relevant findings from a module for a specific requirement
36
+ */
37
+ private extractRelevantFindings;
38
+ /**
39
+ * Extract AUP compliance findings
40
+ */
41
+ private extractAUPFindings;
42
+ /**
43
+ * Extract security findings
44
+ */
45
+ private extractSecurityFindings;
46
+ /**
47
+ * Extract functionality findings
48
+ */
49
+ private extractFunctionalityFindings;
50
+ /**
51
+ * Extract error handling findings
52
+ */
53
+ private extractErrorHandlingFindings;
54
+ /**
55
+ * Extract tool annotation findings
56
+ */
57
+ private extractToolAnnotationFindings;
58
+ /**
59
+ * Extract documentation findings
60
+ */
61
+ private extractDocumentationFindings;
62
+ /**
63
+ * Extract MCP spec compliance findings
64
+ */
65
+ private extractMCPSpecFindings;
66
+ /**
67
+ * Extract prohibited library findings
68
+ */
69
+ private extractProhibitedLibraryFindings;
70
+ /**
71
+ * Extract manifest findings
72
+ */
73
+ private extractManifestFindings;
74
+ /**
75
+ * Extract portability findings
76
+ */
77
+ private extractPortabilityFindings;
78
+ /**
79
+ * Determine compliance status based on module results and evidence
80
+ */
81
+ private determineComplianceStatus;
82
+ /**
83
+ * Generate a recommendation for non-passing requirements
84
+ */
85
+ private generateRecommendation;
86
+ /**
87
+ * Get manual review guidance for a requirement
88
+ */
89
+ private getManualReviewGuidance;
90
+ /**
91
+ * Group results by category
92
+ */
93
+ private groupByCategory;
94
+ /**
95
+ * Calculate summary statistics
96
+ */
97
+ private calculateSummary;
98
+ /**
99
+ * Identify critical issues
100
+ */
101
+ private identifyCriticalIssues;
102
+ /**
103
+ * Generate prioritized action items
104
+ */
105
+ private generateActionItems;
106
+ /**
107
+ * Get list of modules that were run in the assessment
108
+ */
109
+ private getRunModules;
110
+ }
111
+ /**
112
+ * Factory function to create a policy compliance generator
113
+ */
114
+ export declare function createPolicyComplianceGenerator(version?: string): PolicyComplianceGenerator;
115
+ /**
116
+ * Quick utility to generate a compliance report
117
+ */
118
+ export declare function generatePolicyComplianceReport(assessment: MCPDirectoryAssessment, serverName?: string): PolicyComplianceReport;
119
+ //# sourceMappingURL=PolicyComplianceGenerator.d.ts.map
package/lib/services/assessment/PolicyComplianceGenerator.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"PolicyComplianceGenerator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/PolicyComplianceGenerator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EAML,KAAK,sBAAsB,EAG5B,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,qBAAa,yBAAyB;IACpC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,OAAO,GAAE,MAAgB;IAIrC;;OAEG;IACH,QAAQ,CACN,UAAU,EAAE,sBAAsB,EAClC,UAAU,CAAC,EAAE,MAAM,GAClB,sBAAsB;IAuBzB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAQ/B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA0D3B;;OAEG;IACH,OAAO,CAAC,aAAa;IAyBrB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAmE/B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqC1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAuC/B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAkCpC;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAuBpC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAoCrC;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAqBpC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAqB9B;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAsBxC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAkB/B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAsBlC;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA+CjC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IA2D9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAe/B;;OAEG;IACH,OAAO,CAAC,eAAe;IAiDvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAyCxB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAoD3B;;OAEG;IACH,OAAO,CAAC,aAAa;CAiBtB;AAED;;GAEG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,CAAC,EAAE,MAAM,GACf,yBAAyB,CAE3B;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAC5C,UAAU,EAAE,sBAAsB,EAClC,UAAU,CAAC,EAAE,MAAM,GAClB,sBAAsB,CAGxB"}