@bryan-thompson/inspector-assessment-client 1.12.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/assets/{OAuthCallback-DD8JgGmx.js → OAuthCallback-D8KW6pFf.js} +1 -1
  2. package/dist/assets/{OAuthDebugCallback-CGeg00AP.js → OAuthDebugCallback-D15nNAOl.js} +1 -1
  3. package/dist/assets/{index-sUICDw7A.js → index-cVkEgqCc.js} +130 -5
  4. package/dist/index.html +1 -1
  5. package/lib/lib/assessmentTypes.d.ts +17 -0
  6. package/lib/lib/assessmentTypes.d.ts.map +1 -1
  7. package/lib/lib/policyMapping.d.ts +183 -0
  8. package/lib/lib/policyMapping.d.ts.map +1 -0
  9. package/lib/lib/policyMapping.js +442 -0
  10. package/lib/lib/reportFormatters/MarkdownReportFormatter.d.ts +91 -0
  11. package/lib/lib/reportFormatters/MarkdownReportFormatter.d.ts.map +1 -0
  12. package/lib/lib/reportFormatters/MarkdownReportFormatter.js +498 -0
  13. package/lib/lib/reportFormatters/index.d.ts +50 -0
  14. package/lib/lib/reportFormatters/index.d.ts.map +1 -0
  15. package/lib/lib/reportFormatters/index.js +81 -0
  16. package/lib/lib/securityPatterns.d.ts +3 -3
  17. package/lib/lib/securityPatterns.d.ts.map +1 -1
  18. package/lib/lib/securityPatterns.js +129 -4
  19. package/lib/services/assessment/PolicyComplianceGenerator.d.ts +119 -0
  20. package/lib/services/assessment/PolicyComplianceGenerator.d.ts.map +1 -0
  21. package/lib/services/assessment/PolicyComplianceGenerator.js +632 -0
  22. package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts +6 -0
  23. package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts.map +1 -1
  24. package/lib/services/assessment/modules/ToolAnnotationAssessor.js +77 -20
  25. package/package.json +1 -1
package/lib/services/assessment/modules/ToolAnnotationAssessor.js CHANGED
@@ -53,6 +53,13 @@ export class ToolAnnotationAssessor extends BaseAssessor {
53
53
  let annotatedCount = 0;
54
54
  let missingAnnotationsCount = 0;
55
55
  let misalignedAnnotationsCount = 0;
56
+ // Track annotation sources
57
+ const annotationSourceCounts = {
58
+ mcp: 0,
59
+ sourceCode: 0,
60
+ inferred: 0,
61
+ none: 0,
62
+ };
56
63
  const useClaudeInference = this.isClaudeEnabled();
57
64
  if (useClaudeInference) {
58
65
  this.log("Claude Code integration enabled - using semantic behavior inference");
@@ -106,7 +113,23 @@ export class ToolAnnotationAssessor extends BaseAssessor {
106
113
  }
107
114
  else {
108
115
  missingAnnotationsCount++;
109
- // Emit annotation_missing event with tool details
116
+ }
117
+ // Track annotation source
118
+ const source = latestResult.annotationSource;
119
+ if (source === "mcp") {
120
+ annotationSourceCounts.mcp++;
121
+ }
122
+ else if (source === "source-code") {
123
+ annotationSourceCounts.sourceCode++;
124
+ }
125
+ else if (source === "inferred") {
126
+ annotationSourceCounts.inferred++;
127
+ }
128
+ else {
129
+ annotationSourceCounts.none++;
130
+ }
131
+ // Emit annotation_missing event with tool details
132
+ if (!latestResult.hasAnnotations) {
110
133
  if (context.onProgress && latestResult.inferredBehavior) {
111
134
  const annotations = this.extractAnnotations(tool);
112
135
  context.onProgress({
@@ -225,6 +248,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
225
248
  recommendations: this.generateEnhancedRecommendations(toolResults),
226
249
  metrics,
227
250
  alignmentBreakdown,
251
+ annotationSources: annotationSourceCounts,
228
252
  claudeEnhanced: true,
229
253
  highConfidenceMisalignments,
230
254
  };
@@ -239,6 +263,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
239
263
  recommendations,
240
264
  metrics,
241
265
  alignmentBreakdown,
266
+ annotationSources: annotationSourceCounts,
242
267
  };
243
268
  }
244
269
  /**
@@ -495,6 +520,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
495
520
  toolName: tool.name,
496
521
  hasAnnotations,
497
522
  annotations: hasAnnotations ? annotations : undefined,
523
+ annotationSource: annotations.source,
498
524
  inferredBehavior,
499
525
  alignmentStatus,
500
526
  issues,
@@ -504,34 +530,65 @@ export class ToolAnnotationAssessor extends BaseAssessor {
504
530
  /**
505
531
  * Extract annotations from a tool
506
532
  * MCP SDK may have annotations in different locations
533
+ *
534
+ * Priority order:
535
+ * 1. tool.annotations (MCP 2024-11 spec) - "mcp" source
536
+ * 2. Direct properties on tool - "mcp" source
537
+ * 3. tool.metadata - "mcp" source
538
+ * 4. No annotations found - "none" source
507
539
  */
508
540
  extractAnnotations(tool) {
509
- // Try to find annotations in various locations
510
541
  const toolAny = tool;
511
- // Check direct properties
512
- let readOnlyHint = toolAny.readOnlyHint;
513
- let destructiveHint = toolAny.destructiveHint;
514
- let idempotentHint = toolAny.idempotentHint;
515
- let openWorldHint = toolAny.openWorldHint;
516
- // Check annotations object (MCP 2024-11 spec)
542
+ // Priority 1: Check annotations object (MCP 2024-11 spec) - primary source
517
543
  if (toolAny.annotations) {
518
- readOnlyHint = readOnlyHint ?? toolAny.annotations.readOnlyHint;
519
- destructiveHint = destructiveHint ?? toolAny.annotations.destructiveHint;
520
- idempotentHint = idempotentHint ?? toolAny.annotations.idempotentHint;
521
- openWorldHint = openWorldHint ?? toolAny.annotations.openWorldHint;
544
+ const hasAnnotations = toolAny.annotations.readOnlyHint !== undefined ||
545
+ toolAny.annotations.destructiveHint !== undefined;
546
+ if (hasAnnotations) {
547
+ return {
548
+ readOnlyHint: toolAny.annotations.readOnlyHint,
549
+ destructiveHint: toolAny.annotations.destructiveHint,
550
+ title: toolAny.annotations.title || toolAny.title,
551
+ description: tool.description,
552
+ idempotentHint: toolAny.annotations.idempotentHint,
553
+ openWorldHint: toolAny.annotations.openWorldHint,
554
+ source: "mcp",
555
+ };
556
+ }
557
+ }
558
+ // Priority 2: Check direct properties on tool object
559
+ if (toolAny.readOnlyHint !== undefined ||
560
+ toolAny.destructiveHint !== undefined) {
561
+ return {
562
+ readOnlyHint: toolAny.readOnlyHint,
563
+ destructiveHint: toolAny.destructiveHint,
564
+ title: toolAny.title,
565
+ description: tool.description,
566
+ idempotentHint: toolAny.idempotentHint,
567
+ openWorldHint: toolAny.openWorldHint,
568
+ source: "mcp",
569
+ };
522
570
  }
523
- // Check metadata (some servers use this)
571
+ // Priority 3: Check metadata (some servers use this)
524
572
  if (toolAny.metadata) {
525
- readOnlyHint = readOnlyHint ?? toolAny.metadata.readOnlyHint;
526
- destructiveHint = destructiveHint ?? toolAny.metadata.destructiveHint;
573
+ const hasMetadataAnnotations = toolAny.metadata.readOnlyHint !== undefined ||
574
+ toolAny.metadata.destructiveHint !== undefined;
575
+ if (hasMetadataAnnotations) {
576
+ return {
577
+ readOnlyHint: toolAny.metadata.readOnlyHint,
578
+ destructiveHint: toolAny.metadata.destructiveHint,
579
+ title: toolAny.metadata.title || toolAny.title,
580
+ description: tool.description,
581
+ idempotentHint: toolAny.metadata.idempotentHint,
582
+ openWorldHint: toolAny.metadata.openWorldHint,
583
+ source: "mcp",
584
+ };
585
+ }
527
586
  }
587
+ // No annotations found from MCP protocol
528
588
  return {
529
- readOnlyHint,
530
- destructiveHint,
531
- title: toolAny.title || toolAny.annotations?.title,
589
+ title: toolAny.title,
532
590
  description: tool.description,
533
- idempotentHint,
534
- openWorldHint,
591
+ source: "none",
535
592
  };
536
593
  }
537
594
  /**
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bryan-thompson/inspector-assessment-client",
3
- "version": "1.12.0",
3
+ "version": "1.13.0",
4
4
  "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
5
5
  "license": "MIT",
6
6
  "author": "Bryan Thompson <bryan@triepod.ai>",