npm - @bryan-thompson/inspector-assessment-client - Versions diffs - 1.12.0 → 1.13.1 - Mend

@bryan-thompson/inspector-assessment-client 1.12.0 → 1.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/lib/lib/reportFormatters/MarkdownReportFormatter.js ADDED Viewed

@@ -0,0 +1,498 @@
+/**
+ * Markdown Report Formatter
+ *
+ * Generates human-readable markdown reports from MCP assessment results.
+ * Designed for reviewers, auditors, and developers.
+ *
+ * @module MarkdownReportFormatter
+ */
+/**
+ * Formats assessment results as Markdown
+ */
+export class MarkdownReportFormatter {
+    options;
+    constructor(options = {}) {
+        this.options = {
+            includeDetails: true,
+            includeRecommendations: true,
+            ...options,
+        };
+    }
+    /**
+     * Format assessment results as markdown
+     */
+    format(assessment) {
+        const sections = [];
+        // Header
+        sections.push(this.formatHeader(assessment));
+        // Executive Summary
+        sections.push(this.formatExecutiveSummary(assessment));
+        // Module Status Table
+        sections.push(this.formatModuleStatusTable(assessment));
+        // Key Findings
+        sections.push(this.formatKeyFindings(assessment));
+        // Policy Compliance (if enabled)
+        if (this.options.includePolicy && this.options.policyReport) {
+            sections.push(this.formatPolicyCompliance(this.options.policyReport));
+        }
+        // Recommendations
+        if (this.options.includeRecommendations) {
+            sections.push(this.formatRecommendations(assessment));
+        }
+        // Detailed Results (if enabled)
+        if (this.options.includeDetails) {
+            sections.push(this.formatDetailedResults(assessment));
+        }
+        // Footer
+        sections.push(this.formatFooter(assessment));
+        return sections.filter(Boolean).join("\n\n---\n\n");
+    }
+    /**
+     * Format header section
+     */
+    formatHeader(assessment) {
+        const serverName = this.options.serverName || assessment.serverName;
+        const statusEmoji = this.getStatusEmoji(assessment.overallStatus);
+        return `# MCP Server Assessment Report
+**Server**: ${serverName}
+**Date**: ${new Date(assessment.assessmentDate).toLocaleString()}
+**Status**: ${statusEmoji} ${assessment.overallStatus}
+**Version**: ${assessment.assessorVersion}`;
+    }
+    /**
+     * Format executive summary
+     */
+    formatExecutiveSummary(assessment) {
+        const lines = ["## Executive Summary", ""];
+        lines.push("| Metric | Value |");
+        lines.push("|--------|-------|");
+        // Tools count
+        const workingCount = assessment.functionality?.workingTools ?? 0;
+        const brokenCount = assessment.functionality?.brokenTools?.length ?? 0;
+        lines.push(`| Tools Tested | ${workingCount + brokenCount} |`);
+        // Success rate
+        const successRate = assessment.functionality?.coveragePercentage ??
+            (workingCount > 0
+                ? Math.round((workingCount / (workingCount + brokenCount)) * 100)
+                : 0);
+        lines.push(`| Tool Success Rate | ${successRate}% |`);
+        // Vulnerabilities
+        const vulnCount = assessment.security?.vulnerabilities?.length ?? 0;
+        lines.push(`| Security Vulnerabilities | ${vulnCount === 0 ? "None" : vulnCount} |`);
+        // Total tests
+        lines.push(`| Total Tests Run | ${assessment.totalTestsRun} |`);
+        // Execution time
+        const execTime = (assessment.executionTime / 1000).toFixed(1);
+        lines.push(`| Execution Time | ${execTime}s |`);
+        return lines.join("\n");
+    }
+    /**
+     * Format module status table
+     */
+    formatModuleStatusTable(assessment) {
+        const lines = ["## Module Status", ""];
+        lines.push("| Module | Status | Key Finding |");
+        lines.push("|--------|--------|-------------|");
+        // Core modules
+        lines.push(this.formatModuleRow("Functionality", assessment.functionality?.status, this.getFunctionalityFinding(assessment)));
+        lines.push(this.formatModuleRow("Security", assessment.security?.status, this.getSecurityFinding(assessment)));
+        lines.push(this.formatModuleRow("Error Handling", assessment.errorHandling?.status, this.getErrorHandlingFinding(assessment)));
+        lines.push(this.formatModuleRow("Documentation", assessment.documentation?.status, this.getDocumentationFinding(assessment)));
+        lines.push(this.formatModuleRow("Usability", assessment.usability?.status, this.getUsabilityFinding(assessment)));
+        // Extended modules (if present)
+        if (assessment.mcpSpecCompliance) {
+            lines.push(this.formatModuleRow("MCP Spec Compliance", assessment.mcpSpecCompliance.status, this.getMCPSpecFinding(assessment)));
+        }
+        if (assessment.aupCompliance) {
+            lines.push(this.formatModuleRow("AUP Compliance", assessment.aupCompliance.status, this.getAUPFinding(assessment)));
+        }
+        if (assessment.toolAnnotations) {
+            lines.push(this.formatModuleRow("Tool Annotations", assessment.toolAnnotations.status, this.getAnnotationFinding(assessment)));
+        }
+        return lines.join("\n");
+    }
+    /**
+     * Format a single module row
+     */
+    formatModuleRow(name, status, finding) {
+        const statusEmoji = this.getStatusEmoji(status);
+        const displayStatus = status || "NOT_RUN";
+        return `| ${name} | ${statusEmoji} ${displayStatus} | ${finding} |`;
+    }
+    /**
+     * Format key findings section
+     */
+    formatKeyFindings(assessment) {
+        const lines = ["## Key Findings", ""];
+        // Critical Issues
+        const criticalIssues = this.getCriticalIssues(assessment);
+        if (criticalIssues.length > 0) {
+            lines.push("### Critical Issues");
+            for (const issue of criticalIssues) {
+                lines.push(`- ${issue}`);
+            }
+            lines.push("");
+        }
+        // Warnings
+        const warnings = this.getWarnings(assessment);
+        if (warnings.length > 0) {
+            lines.push("### Warnings");
+            for (const warning of warnings) {
+                lines.push(`- ${warning}`);
+            }
+            lines.push("");
+        }
+        // Positive findings
+        const positives = this.getPositiveFindings(assessment);
+        if (positives.length > 0) {
+            lines.push("### Positive Findings");
+            for (const positive of positives) {
+                lines.push(`- ${positive}`);
+            }
+        }
+        return lines.join("\n");
+    }
+    /**
+     * Format policy compliance section
+     */
+    formatPolicyCompliance(report) {
+        const lines = ["## Policy Compliance", ""];
+        // Summary
+        lines.push("### Compliance Summary");
+        lines.push("");
+        lines.push("| Metric | Value |");
+        lines.push("|--------|-------|");
+        lines.push(`| Total Requirements | ${report.summary.totalRequirements} |`);
+        lines.push(`| Passed | ${report.summary.passed} |`);
+        lines.push(`| Failed | ${report.summary.failed} |`);
+        lines.push(`| Needs Review | ${report.summary.needsReview} |`);
+        lines.push(`| Compliance Score | ${report.summary.complianceScore}% |`);
+        lines.push(`| Overall Status | ${this.getStatusEmoji(this.complianceToAssessment(report.summary.overallStatus))} ${report.summary.overallStatus} |`);
+        lines.push("");
+        // Category breakdown
+        lines.push("### By Category");
+        lines.push("");
+        lines.push("| Category | Status | Passed | Failed |");
+        lines.push("|----------|--------|--------|--------|");
+        for (const [, category] of Object.entries(report.byCategory)) {
+            const statusEmoji = this.getComplianceStatusEmoji(category.status);
+            lines.push(`| ${category.categoryName} | ${statusEmoji} ${category.status} | ${category.passed}/${category.total} | ${category.failed} |`);
+        }
+        lines.push("");
+        // Critical issues from policy
+        if (report.criticalIssues.length > 0) {
+            lines.push("### Critical Policy Issues");
+            lines.push("");
+            for (const issue of report.criticalIssues.slice(0, 5)) {
+                lines.push(`- **${issue.requirement.id}**: ${issue.requirement.name} - ${issue.status}`);
+                if (issue.recommendation) {
+                    lines.push(`  - ${issue.recommendation}`);
+                }
+            }
+            lines.push("");
+        }
+        // Action items
+        if (report.actionItems.length > 0) {
+            lines.push("### Action Items");
+            lines.push("");
+            for (const item of report.actionItems) {
+                lines.push(`- ${item}`);
+            }
+        }
+        return lines.join("\n");
+    }
+    /**
+     * Format recommendations section
+     */
+    formatRecommendations(assessment) {
+        const lines = ["## Recommendations", ""];
+        const recs = assessment.recommendations || [];
+        if (recs.length === 0) {
+            lines.push("No recommendations at this time.");
+            return lines.join("\n");
+        }
+        // Group by priority
+        const high = recs.filter((r) => r.toLowerCase().includes("critical") ||
+            r.toLowerCase().includes("security"));
+        const medium = recs.filter((r) => !high.includes(r) &&
+            (r.toLowerCase().includes("required") ||
+                r.toLowerCase().includes("must")));
+        const low = recs.filter((r) => !high.includes(r) && !medium.includes(r));
+        if (high.length > 0) {
+            lines.push("### High Priority");
+            for (const rec of high) {
+                lines.push(`1. ${rec}`);
+            }
+            lines.push("");
+        }
+        if (medium.length > 0) {
+            lines.push("### Medium Priority");
+            for (const rec of medium) {
+                lines.push(`1. ${rec}`);
+            }
+            lines.push("");
+        }
+        if (low.length > 0) {
+            lines.push("### Other");
+            for (const rec of low.slice(0, 5)) {
+                lines.push(`1. ${rec}`);
+            }
+        }
+        return lines.join("\n");
+    }
+    /**
+     * Format detailed results section
+     */
+    formatDetailedResults(assessment) {
+        const lines = ["## Detailed Results", ""];
+        // Functionality details
+        if (assessment.functionality) {
+            lines.push("### Functionality");
+            lines.push("");
+            lines.push(`**Status**: ${assessment.functionality.status}`);
+            lines.push("");
+            const workingCount = assessment.functionality.workingTools ?? 0;
+            const brokenTools = assessment.functionality.brokenTools || [];
+            if (workingCount > 0) {
+                lines.push(`**Working Tools**: ${workingCount} tool(s) functioning correctly`);
+            }
+            if (brokenTools.length > 0) {
+                lines.push("");
+                lines.push(`**Broken Tools** (${brokenTools.length}):`);
+                for (const tool of brokenTools.slice(0, 5)) {
+                    lines.push(`- ${tool}`);
+                }
+            }
+            lines.push("");
+        }
+        // Security details
+        if (assessment.security) {
+            lines.push("### Security");
+            lines.push("");
+            lines.push(`**Status**: ${assessment.security.status}`);
+            lines.push("");
+            const vulns = assessment.security.vulnerabilities || [];
+            if (vulns.length > 0) {
+                lines.push(`**Vulnerabilities Found** (${vulns.length}):`);
+                for (const vuln of vulns.slice(0, 5)) {
+                    lines.push(`- ${vuln}`);
+                }
+            }
+            else {
+                lines.push("No vulnerabilities detected.");
+            }
+            lines.push("");
+        }
+        // Tool Annotations details
+        if (assessment.toolAnnotations) {
+            lines.push("### Tool Annotations");
+            lines.push("");
+            lines.push(`**Status**: ${assessment.toolAnnotations.status}`);
+            lines.push(`**Coverage**: ${assessment.toolAnnotations.annotatedCount} annotated, ${assessment.toolAnnotations.missingAnnotationsCount} missing`);
+            if (assessment.toolAnnotations.annotationSources) {
+                const sources = assessment.toolAnnotations.annotationSources;
+                lines.push("");
+                lines.push("**Annotation Sources**:");
+                lines.push(`- MCP Protocol: ${sources.mcp}`);
+                lines.push(`- Source Code: ${sources.sourceCode}`);
+                lines.push(`- Inferred: ${sources.inferred}`);
+                lines.push(`- None: ${sources.none}`);
+            }
+            lines.push("");
+        }
+        return lines.join("\n");
+    }
+    /**
+     * Format footer section
+     */
+    formatFooter(assessment) {
+        return `## Report Metadata
+- **Generated**: ${new Date().toISOString()}
+- **Assessor Version**: ${assessment.assessorVersion}
+- **MCP Protocol Version**: ${assessment.mcpProtocolVersion || "N/A"}
+- **Total Tests**: ${assessment.totalTestsRun}
+- **Execution Time**: ${(assessment.executionTime / 1000).toFixed(2)}s
+---
+*Generated by MCP Inspector Assessment CLI*`;
+    }
+    // ============================================================================
+    // Helper Methods
+    // ============================================================================
+    getStatusEmoji(status) {
+        switch (status) {
+            case "PASS":
+                return "✅";
+            case "FAIL":
+                return "❌";
+            case "NEED_MORE_INFO":
+                return "⚠️";
+            default:
+                return "❓";
+        }
+    }
+    getComplianceStatusEmoji(status) {
+        switch (status) {
+            case "PASS":
+                return "✅";
+            case "FAIL":
+                return "❌";
+            case "FLAG":
+                return "🚩";
+            case "REVIEW":
+                return "🔍";
+            case "NOT_APPLICABLE":
+                return "➖";
+            case "NOT_TESTED":
+                return "❓";
+            default:
+                return "❓";
+        }
+    }
+    complianceToAssessment(status) {
+        switch (status) {
+            case "COMPLIANT":
+                return "PASS";
+            case "NON_COMPLIANT":
+                return "FAIL";
+            case "NEEDS_REVIEW":
+                return "NEED_MORE_INFO";
+        }
+    }
+    getFunctionalityFinding(assessment) {
+        const working = assessment.functionality?.workingTools ?? 0;
+        const broken = assessment.functionality?.brokenTools?.length ?? 0;
+        const total = working + broken;
+        if (total === 0)
+            return "No tools tested";
+        if (broken === 0)
+            return `All ${total} tools working`;
+        return `${working}/${total} tools working, ${broken} failing`;
+    }
+    getSecurityFinding(assessment) {
+        const vulns = assessment.security?.vulnerabilities?.length ?? 0;
+        if (vulns === 0)
+            return "No vulnerabilities detected";
+        return `${vulns} vulnerability(ies) detected`;
+    }
+    getErrorHandlingFinding(assessment) {
+        const metrics = assessment.errorHandling?.metrics;
+        if (!metrics)
+            return "Not tested";
+        const passRate = metrics.validationCoverage?.overallPassRate ?? 0;
+        return `${passRate}% pass rate`;
+    }
+    getDocumentationFinding(assessment) {
+        const status = assessment.documentation?.status;
+        if (!status)
+            return "Not assessed";
+        return status === "PASS"
+            ? "Documentation adequate"
+            : "Documentation needs improvement";
+    }
+    getUsabilityFinding(assessment) {
+        const status = assessment.usability?.status;
+        if (!status)
+            return "Not assessed";
+        return status === "PASS" ? "Good usability" : "Usability issues found";
+    }
+    getMCPSpecFinding(assessment) {
+        const status = assessment.mcpSpecCompliance?.status;
+        if (!status)
+            return "Not tested";
+        return status === "PASS" ? "Protocol compliant" : "Protocol issues found";
+    }
+    getAUPFinding(assessment) {
+        const violations = assessment.aupCompliance?.violations?.length ?? 0;
+        if (violations === 0)
+            return "No AUP violations";
+        return `${violations} AUP violation(s) detected`;
+    }
+    getAnnotationFinding(assessment) {
+        const annotated = assessment.toolAnnotations?.annotatedCount ?? 0;
+        const missing = assessment.toolAnnotations?.missingAnnotationsCount ?? 0;
+        if (annotated === 0 && missing === 0)
+            return "No tools assessed";
+        if (missing === 0)
+            return `All ${annotated} tools annotated`;
+        return `${annotated} annotated, ${missing} missing`;
+    }
+    getCriticalIssues(assessment) {
+        const issues = [];
+        // Security vulnerabilities
+        const vulns = assessment.security?.vulnerabilities || [];
+        if (vulns.length > 0) {
+            issues.push(`${vulns.length} security vulnerability(ies) detected`);
+        }
+        // AUP violations
+        const aupViolations = assessment.aupCompliance?.violations || [];
+        const critical = aupViolations.filter((v) => typeof v === "object" &&
+            v !== null &&
+            v.severity === "CRITICAL");
+        if (critical.length > 0) {
+            issues.push(`${critical.length} critical AUP violation(s)`);
+        }
+        // Broken tools
+        const broken = assessment.functionality?.brokenTools || [];
+        if (broken.length > 0) {
+            issues.push(`${broken.length} tool(s) not functioning correctly`);
+        }
+        return issues;
+    }
+    getWarnings(assessment) {
+        const warnings = [];
+        // Missing annotations
+        const missing = assessment.toolAnnotations?.missingAnnotationsCount ?? 0;
+        if (missing > 0) {
+            warnings.push(`${missing} tool(s) missing required annotations`);
+        }
+        // Misaligned annotations
+        const misaligned = assessment.toolAnnotations?.misalignedAnnotationsCount ?? 0;
+        if (misaligned > 0) {
+            warnings.push(`${misaligned} tool(s) with potentially misaligned annotations`);
+        }
+        // Error handling issues
+        const errorMetrics = assessment.errorHandling?.metrics;
+        const passRate = errorMetrics?.validationCoverage?.overallPassRate ?? 100;
+        if (errorMetrics && passRate < 80) {
+            warnings.push(`Low error handling pass rate (${passRate}%)`);
+        }
+        return warnings;
+    }
+    getPositiveFindings(assessment) {
+        const positives = [];
+        // All tools working
+        const working = assessment.functionality?.workingTools ?? 0;
+        const broken = assessment.functionality?.brokenTools?.length ?? 0;
+        if (working > 0 && broken === 0) {
+            positives.push(`All ${working} tools functioning correctly`);
+        }
+        // No security vulnerabilities
+        const vulns = assessment.security?.vulnerabilities?.length ?? 0;
+        if (vulns === 0) {
+            positives.push("No security vulnerabilities detected");
+        }
+        // Full annotation coverage
+        const annotated = assessment.toolAnnotations?.annotatedCount ?? 0;
+        const missingAnnotations = assessment.toolAnnotations?.missingAnnotationsCount ?? 0;
+        if (annotated > 0 && missingAnnotations === 0) {
+            positives.push(`All ${annotated} tools have required annotations`);
+        }
+        // Good error handling
+        const errorMetrics2 = assessment.errorHandling?.metrics;
+        const passRate2 = errorMetrics2?.validationCoverage?.overallPassRate ?? 0;
+        if (errorMetrics2 && passRate2 >= 90) {
+            positives.push("Excellent error handling coverage");
+        }
+        return positives;
+    }
+}
+/**
+ * Create a markdown formatter with options
+ */
+export function createMarkdownFormatter(options) {
+    return new MarkdownReportFormatter(options);
+}

package/lib/lib/reportFormatters/index.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Report Formatters
+ *
+ * Factory module for creating report formatters in different output formats.
+ *
+ * @module reportFormatters
+ */
+import type { MCPDirectoryAssessment } from "../assessmentTypes.js";
+import type { PolicyComplianceReport } from "../policyMapping.js";
+import { MarkdownReportFormatter, type MarkdownReportOptions } from "./MarkdownReportFormatter.js";
+/**
+ * Supported output formats
+ */
+export type ReportFormat = "json" | "markdown";
+/**
+ * Base formatter interface
+ */
+export interface ReportFormatter {
+    /** Format the assessment results */
+    format(assessment: MCPDirectoryAssessment): string;
+    /** Get the file extension for this format */
+    getFileExtension(): string;
+}
+/**
+ * Options for creating a formatter
+ */
+export interface FormatterOptions {
+    /** Output format */
+    format: ReportFormat;
+    /** Include policy compliance mapping */
+    includePolicyMapping?: boolean;
+    /** Policy compliance report (generated separately) */
+    policyReport?: PolicyComplianceReport;
+    /** Server name override */
+    serverName?: string;
+    /** Include detailed results */
+    includeDetails?: boolean;
+    /** Pretty print JSON */
+    prettyPrint?: boolean;
+}
+/**
+ * Create a formatter based on options
+ */
+export declare function createFormatter(options: FormatterOptions): ReportFormatter;
+/**
+ * Quick format utility
+ */
+export declare function formatAssessmentReport(assessment: MCPDirectoryAssessment, format?: ReportFormat, options?: Partial<FormatterOptions>): string;
+export { MarkdownReportFormatter, type MarkdownReportOptions };
+//# sourceMappingURL=index.d.ts.map

package/lib/lib/reportFormatters/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/reportFormatters/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EACL,uBAAuB,EACvB,KAAK,qBAAqB,EAC3B,MAAM,2BAA2B,CAAC;AAEnC;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,oCAAoC;IACpC,MAAM,CAAC,UAAU,EAAE,sBAAsB,GAAG,MAAM,CAAC;IACnD,6CAA6C;IAC7C,gBAAgB,IAAI,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB;IACpB,MAAM,EAAE,YAAY,CAAC;IACrB,wCAAwC;IACxC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,sDAAsD;IACtD,YAAY,CAAC,EAAE,sBAAsB,CAAC;IACtC,2BAA2B;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,wBAAwB;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AA8DD;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,eAAe,CAQ1E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,sBAAsB,EAClC,MAAM,GAAE,YAAqB,EAC7B,OAAO,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAClC,MAAM,CAMR;AAGD,OAAO,EAAE,uBAAuB,EAAE,KAAK,qBAAqB,EAAE,CAAC"}

package/lib/lib/reportFormatters/index.js ADDED Viewed

@@ -0,0 +1,81 @@
+/**
+ * Report Formatters
+ *
+ * Factory module for creating report formatters in different output formats.
+ *
+ * @module reportFormatters
+ */
+import { MarkdownReportFormatter, } from "./MarkdownReportFormatter.js";
+/**
+ * JSON formatter implementation
+ */
+class JSONReportFormatter {
+    options;
+    constructor(options) {
+        this.options = options;
+    }
+    format(assessment) {
+        const output = {
+            ...assessment,
+        };
+        // Add policy compliance if included
+        if (this.options.includePolicyMapping && this.options.policyReport) {
+            output.policyCompliance = this.options.policyReport;
+        }
+        // Override server name if provided
+        if (this.options.serverName) {
+            output.serverName = this.options.serverName;
+        }
+        const indent = this.options.prettyPrint !== false ? 2 : undefined;
+        return JSON.stringify(output, null, indent);
+    }
+    getFileExtension() {
+        return ".json";
+    }
+}
+/**
+ * Markdown formatter wrapper
+ */
+class MarkdownFormatterWrapper {
+    formatter;
+    constructor(options) {
+        const mdOptions = {
+            includePolicy: options.includePolicyMapping,
+            policyReport: options.policyReport,
+            includeDetails: options.includeDetails ?? true,
+            includeRecommendations: true,
+            serverName: options.serverName,
+        };
+        this.formatter = new MarkdownReportFormatter(mdOptions);
+    }
+    format(assessment) {
+        return this.formatter.format(assessment);
+    }
+    getFileExtension() {
+        return ".md";
+    }
+}
+/**
+ * Create a formatter based on options
+ */
+export function createFormatter(options) {
+    switch (options.format) {
+        case "markdown":
+            return new MarkdownFormatterWrapper(options);
+        case "json":
+        default:
+            return new JSONReportFormatter(options);
+    }
+}
+/**
+ * Quick format utility
+ */
+export function formatAssessmentReport(assessment, format = "json", options) {
+    const formatter = createFormatter({
+        format,
+        ...options,
+    });
+    return formatter.format(assessment);
+}
+// Re-export types and classes
+export { MarkdownReportFormatter };

package/lib/lib/securityPatterns.d.ts CHANGED Viewed

@@ -1,12 +1,12 @@
 /**
  * Backend API Security Patterns
- * Tests MCP server API security with 13 focused patterns
+ * Tests MCP server API security with 16 focused patterns
  *
  * Architecture: Attack-Type with Specific Payloads
  * - Critical Injection (4 patterns): Command, Calculator, SQL, Path Traversal
  * - Input Validation (3 patterns): Type Safety, Boundary Testing, Required Fields
  * - Protocol Compliance (2 patterns): MCP Error Format, Timeout Handling
- * - Tool-Specific Vulnerabilities (4 patterns): Indirect Injection, Unicode Bypass, Nested Injection, Package Squatting
+ * - Tool-Specific Vulnerabilities (7 patterns): Indirect Injection, Unicode Bypass, Nested Injection, Package Squatting, Data Exfiltration, Configuration Drift, Tool Shadowing
  *
  * Scope: Backend API Security ONLY
  * - Tests structured data inputs to API endpoints
@@ -38,7 +38,7 @@ export interface AttackPattern {
  * BACKEND API SECURITY PATTERNS
  * ========================================
  *
- * 13 focused patterns for MCP server API security
+ * 16 focused patterns for MCP server API security
  */
 export declare const SECURITY_ATTACK_PATTERNS: AttackPattern[];
 /**

package/lib/lib/securityPatterns.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"securityPatterns.d.ts","sourceRoot":"","sources":["../../src/lib/securityPatterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,EAAE,aAAa,~~EAgZnD~~,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,GACb,eAAe,EAAE,CAQnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,oBAAoB;;;;;;;;EA8BnC"}
1	+ {"version":3,"file":"securityPatterns.d.ts","sourceRoot":"","sources":["../../src/lib/securityPatterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,EAAE,aAAa,EA+hBnD,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,GACb,eAAe,EAAE,CAQnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,oBAAoB;;;;;;;;EA8BnC"}