@bryan-thompson/inspector-assessment-client 1.15.0 → 1.16.0

package/lib/services/assessment/modules/CrossCapabilitySecurityAssessor.js

@@ -0,0 +1,330 @@
+/**
+ * Cross-Capability Security Assessor Module
+ * Tests interactions between tools, resources, and prompts for security vulnerabilities
+ *
+ * Tests include:
+ * - Tool->Resource access patterns (can a tool expose unauthorized resources?)
+ * - Prompt->Tool interaction (can a prompt trigger dangerous tool calls?)
+ * - Resource->Tool data flow (is sensitive resource data passed to tools?)
+ * - Privilege escalation across capabilities
+ */
+import { BaseAssessor } from "./BaseAssessor.js";
+// Tool patterns that indicate resource access capability
+const RESOURCE_ACCESS_TOOL_PATTERNS = [
+    /read[_-]?file/i,
+    /get[_-]?file/i,
+    /fetch[_-]?resource/i,
+    /load[_-]?data/i,
+    /access[_-]?resource/i,
+    /retrieve/i,
+    /download/i,
+];
+// Tool patterns that indicate dangerous operations
+const DANGEROUS_TOOL_PATTERNS = [
+    /delete/i,
+    /remove/i,
+    /drop/i,
+    /exec(ute)?/i,
+    /run[_-]?command/i,
+    /shell/i,
+    /system/i,
+    /eval/i,
+    /write/i,
+    /modify/i,
+    /update/i,
+    /create/i,
+    /admin/i,
+    /config/i,
+];
+// Sensitive resource patterns
+const SENSITIVE_RESOURCE_PATTERNS = [
+    /credential/i,
+    /secret/i,
+    /password/i,
+    /token/i,
+    /key/i,
+    /config/i,
+    /\.env/i,
+    /auth/i,
+];
+// Prompt patterns that could trigger tool execution
+const TOOL_TRIGGER_PATTERNS = [
+    /execute/i,
+    /run/i,
+    /call/i,
+    /invoke/i,
+    /trigger/i,
+    /perform/i,
+    /do the following/i,
+    /carry out/i,
+];
+export class CrossCapabilitySecurityAssessor extends BaseAssessor {
+    async assess(context) {
+        const results = [];
+        // Get all capabilities
+        const tools = context.tools || [];
+        const resources = context.resources || [];
+        const prompts = context.prompts || [];
+        this.log(`Testing cross-capability security: ${tools.length} tools, ${resources.length} resources, ${prompts.length} prompts`);
+        // Test 1: Tool->Resource access patterns
+        const toolResourceResults = this.testToolResourceAccess(tools, resources);
+        results.push(...toolResourceResults);
+        // Test 2: Prompt->Tool interaction security
+        const promptToolResults = this.testPromptToolInteraction(prompts, tools);
+        results.push(...promptToolResults);
+        // Test 3: Resource->Tool data flow
+        const dataFlowResults = this.testResourceToolDataFlow(resources, tools, context);
+        results.push(...dataFlowResults);
+        // Test 4: Privilege escalation paths
+        const escalationResults = this.testPrivilegeEscalation(tools, resources, prompts);
+        results.push(...escalationResults);
+        // Calculate metrics
+        const vulnerabilitiesFound = results.filter((r) => r.vulnerable).length;
+        const privilegeEscalationRisks = results.filter((r) => r.testType === "privilege_escalation" && r.vulnerable).length;
+        const dataFlowViolations = results.filter((r) => (r.testType === "resource_to_tool" ||
+            r.testType === "tool_to_resource") &&
+            r.vulnerable).length;
+        // Determine status
+        const status = this.determineCrossCapabilityStatus(vulnerabilitiesFound, privilegeEscalationRisks);
+        // Generate explanation and recommendations
+        const explanation = this.generateExplanation(results, vulnerabilitiesFound);
+        const recommendations = this.generateRecommendations(results);
+        return {
+            testsRun: results.length,
+            vulnerabilitiesFound,
+            privilegeEscalationRisks,
+            dataFlowViolations,
+            results,
+            status,
+            explanation,
+            recommendations,
+        };
+    }
+    /**
+     * Test if tools can access resources in unauthorized ways
+     */
+    testToolResourceAccess(tools, resources) {
+        const results = [];
+        // Find tools that can access resources
+        const resourceAccessTools = tools.filter((tool) => RESOURCE_ACCESS_TOOL_PATTERNS.some((pattern) => pattern.test(tool.name) || pattern.test(tool.description || "")));
+        // Find sensitive resources
+        const sensitiveResources = resources.filter((resource) => SENSITIVE_RESOURCE_PATTERNS.some((pattern) => pattern.test(resource.uri) ||
+            pattern.test(resource.name || "") ||
+            pattern.test(resource.description || "")));
+        this.testCount += resourceAccessTools.length * sensitiveResources.length;
+        // Test each combination
+        for (const tool of resourceAccessTools) {
+            for (const resource of sensitiveResources) {
+                const hasPathParameter = this.toolHasPathParameter(tool);
+                results.push({
+                    testType: "tool_to_resource",
+                    sourceCapability: `tool:${tool.name}`,
+                    targetCapability: `resource:${resource.uri}`,
+                    vulnerable: hasPathParameter, // If tool has path param, it could access sensitive resources
+                    evidence: hasPathParameter
+                        ? `Tool ${tool.name} has path/file parameter that could access sensitive resource ${resource.uri}`
+                        : undefined,
+                    riskLevel: hasPathParameter ? "HIGH" : "LOW",
+                    description: `Tool ${tool.name} access to resource ${resource.uri}`,
+                });
+            }
+        }
+        return results;
+    }
+    /**
+     * Test if prompts could trigger dangerous tool calls
+     */
+    testPromptToolInteraction(prompts, tools) {
+        const results = [];
+        // Find dangerous tools
+        const dangerousTools = tools.filter((tool) => DANGEROUS_TOOL_PATTERNS.some((pattern) => pattern.test(tool.name) || pattern.test(tool.description || "")));
+        // Find prompts that mention tool execution
+        const toolTriggerPrompts = prompts.filter((prompt) => TOOL_TRIGGER_PATTERNS.some((pattern) => pattern.test(prompt.name) || pattern.test(prompt.description || "")) ||
+            prompt.arguments?.some((arg) => TOOL_TRIGGER_PATTERNS.some((pattern) => pattern.test(arg.name) || pattern.test(arg.description || ""))));
+        this.testCount += toolTriggerPrompts.length * dangerousTools.length;
+        for (const prompt of toolTriggerPrompts) {
+            for (const tool of dangerousTools) {
+                // Check if prompt could potentially reference this tool
+                const promptText = `${prompt.name} ${prompt.description || ""} ${prompt.arguments?.map((a) => a.name).join(" ") || ""}`.toLowerCase();
+                const toolName = tool.name.toLowerCase();
+                const couldTrigger = promptText.includes(toolName) ||
+                    this.promptCouldTriggerTool(prompt, tool);
+                results.push({
+                    testType: "prompt_to_tool",
+                    sourceCapability: `prompt:${prompt.name}`,
+                    targetCapability: `tool:${tool.name}`,
+                    vulnerable: couldTrigger,
+                    evidence: couldTrigger
+                        ? `Prompt ${prompt.name} could trigger dangerous tool ${tool.name}`
+                        : undefined,
+                    riskLevel: couldTrigger ? "HIGH" : "LOW",
+                    description: `Prompt ${prompt.name} interaction with tool ${tool.name}`,
+                });
+            }
+        }
+        return results;
+    }
+    /**
+     * Test if resource data could be passed to tools in unsafe ways
+     */
+    testResourceToolDataFlow(resources, tools, _context) {
+        const results = [];
+        // Find sensitive resources
+        const sensitiveResources = resources.filter((resource) => SENSITIVE_RESOURCE_PATTERNS.some((pattern) => pattern.test(resource.uri) ||
+            pattern.test(resource.name || "") ||
+            pattern.test(resource.description || "")));
+        // Find tools that could exfiltrate data
+        const exfiltrationTools = tools.filter((tool) => /send|post|upload|email|notify|webhook|http|request|api/i.test(tool.name) ||
+            /send|post|upload|email|notify|webhook|http|request|api/i.test(tool.description || ""));
+        this.testCount += sensitiveResources.length * exfiltrationTools.length;
+        for (const resource of sensitiveResources) {
+            for (const tool of exfiltrationTools) {
+                // Check if tool has parameters that could accept resource content
+                const hasContentParam = this.toolHasContentParameter(tool);
+                results.push({
+                    testType: "resource_to_tool",
+                    sourceCapability: `resource:${resource.uri}`,
+                    targetCapability: `tool:${tool.name}`,
+                    vulnerable: hasContentParam,
+                    evidence: hasContentParam
+                        ? `Sensitive resource ${resource.uri} content could be exfiltrated via tool ${tool.name}`
+                        : undefined,
+                    riskLevel: hasContentParam ? "HIGH" : "MEDIUM",
+                    description: `Resource ${resource.uri} data flow to tool ${tool.name}`,
+                });
+            }
+        }
+        return results;
+    }
+    /**
+     * Test for privilege escalation paths
+     */
+    testPrivilegeEscalation(tools, resources, prompts) {
+        const results = [];
+        // Pattern: Low-privilege prompt -> High-privilege tool
+        const readOnlyPrompts = prompts.filter((p) => /read|view|list|get|show|display/i.test(p.name) ||
+            /read|view|list|get|show|display/i.test(p.description || ""));
+        const writeTools = tools.filter((t) => /write|delete|modify|update|create|drop|exec/i.test(t.name) ||
+            /write|delete|modify|update|create|drop|exec/i.test(t.description || ""));
+        this.testCount += readOnlyPrompts.length;
+        for (const prompt of readOnlyPrompts) {
+            // Check if prompt arguments could be used to call write tools
+            const hasOpenArg = prompt.arguments?.some((arg) => /action|command|operation|tool|function/i.test(arg.name) ||
+                /action|command|operation|tool|function/i.test(arg.description || ""));
+            if (hasOpenArg && writeTools.length > 0) {
+                results.push({
+                    testType: "privilege_escalation",
+                    sourceCapability: `prompt:${prompt.name}`,
+                    targetCapability: `tools:write_operations`,
+                    vulnerable: true,
+                    evidence: `Read-only prompt ${prompt.name} has arguments that could specify write operations`,
+                    riskLevel: "HIGH",
+                    description: `Privilege escalation path from ${prompt.name} to write tools`,
+                });
+            }
+        }
+        // Pattern: Public resource -> Admin tool
+        const publicResources = resources.filter((r) => /public|shared|common/i.test(r.uri) ||
+            /public|shared|common/i.test(r.name || ""));
+        const adminTools = tools.filter((t) => /admin|config|system|manage|control/i.test(t.name) ||
+            /admin|config|system|manage|control/i.test(t.description || ""));
+        this.testCount += publicResources.length;
+        for (const resource of publicResources) {
+            for (const tool of adminTools) {
+                // Check if resource content could be used as tool input
+                const toolAcceptsData = this.toolHasContentParameter(tool);
+                if (toolAcceptsData) {
+                    results.push({
+                        testType: "privilege_escalation",
+                        sourceCapability: `resource:${resource.uri}`,
+                        targetCapability: `tool:${tool.name}`,
+                        vulnerable: true,
+                        evidence: `Public resource ${resource.uri} content could influence admin tool ${tool.name}`,
+                        riskLevel: "HIGH",
+                        description: `Privilege escalation path from ${resource.uri} to ${tool.name}`,
+                    });
+                }
+            }
+        }
+        return results;
+    }
+    toolHasPathParameter(tool) {
+        const schema = tool.inputSchema;
+        if (!schema?.properties)
+            return false;
+        return Object.entries(schema.properties).some(([name, prop]) => /path|file|uri|url|location|directory|folder/i.test(name) ||
+            /path|file|uri|url|location|directory|folder/i.test(prop.description || ""));
+    }
+    toolHasContentParameter(tool) {
+        const schema = tool.inputSchema;
+        if (!schema?.properties)
+            return false;
+        return Object.entries(schema.properties).some(([name, prop]) => /content|data|body|text|message|payload/i.test(name) ||
+            /content|data|body|text|message|payload/i.test(prop.description || ""));
+    }
+    promptCouldTriggerTool(prompt, tool) {
+        // Check if prompt has action/tool arguments
+        const hasActionArg = prompt.arguments?.some((arg) => /action|tool|function|command|operation/i.test(arg.name) ||
+            /action|tool|function|command|operation/i.test(arg.description || ""));
+        // Check if prompt description mentions tool-like operations
+        const descMentionsTool = tool.name
+            .toLowerCase()
+            .split(/[_-]/)
+            .some((word) => word.length > 2 &&
+            (prompt.description || "").toLowerCase().includes(word));
+        return hasActionArg || descMentionsTool;
+    }
+    determineCrossCapabilityStatus(vulnerabilitiesFound, privilegeEscalationRisks) {
+        if (privilegeEscalationRisks > 0)
+            return "FAIL";
+        if (vulnerabilitiesFound > 2)
+            return "FAIL";
+        if (vulnerabilitiesFound > 0)
+            return "NEED_MORE_INFO";
+        return "PASS";
+    }
+    generateExplanation(results, vulnerabilitiesFound) {
+        const parts = [];
+        parts.push(`Tested ${results.length} cross-capability interaction(s).`);
+        if (vulnerabilitiesFound > 0) {
+            parts.push(`Found ${vulnerabilitiesFound} potential vulnerability(ies).`);
+            const byType = results.reduce((acc, r) => {
+                if (r.vulnerable) {
+                    acc[r.testType] = (acc[r.testType] || 0) + 1;
+                }
+                return acc;
+            }, {});
+            for (const [type, count] of Object.entries(byType)) {
+                parts.push(`${type}: ${count}`);
+            }
+        }
+        else {
+            parts.push("No cross-capability vulnerabilities detected.");
+        }
+        return parts.join(" ");
+    }
+    generateRecommendations(results) {
+        const recommendations = [];
+        // Tool->Resource recommendations
+        const toolResourceVulns = results.filter((r) => r.testType === "tool_to_resource" && r.vulnerable);
+        if (toolResourceVulns.length > 0) {
+            recommendations.push("Implement resource access controls to prevent tools from accessing sensitive resources. Consider allowlisting accessible resource paths.");
+        }
+        // Prompt->Tool recommendations
+        const promptToolVulns = results.filter((r) => r.testType === "prompt_to_tool" && r.vulnerable);
+        if (promptToolVulns.length > 0) {
+            recommendations.push("Add confirmation prompts before dangerous tool execution. Implement tool invocation policies in prompts.");
+        }
+        // Data flow recommendations
+        const dataFlowVulns = results.filter((r) => r.testType === "resource_to_tool" && r.vulnerable);
+        if (dataFlowVulns.length > 0) {
+            recommendations.push("Implement data loss prevention controls. Validate and sanitize resource content before passing to external-facing tools.");
+        }
+        // Privilege escalation recommendations
+        const escalationVulns = results.filter((r) => r.testType === "privilege_escalation" && r.vulnerable);
+        if (escalationVulns.length > 0) {
+            recommendations.push("CRITICAL: Review and fix privilege escalation paths. Implement capability-based access control and principle of least privilege.");
+        }
+        return recommendations;
+    }
+}

package/lib/services/assessment/modules/FunctionalityAssessor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"FunctionalityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/FunctionalityAssessor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EAGxB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAM9D,qBAAa,qBAAsB,SAAQ,YAAY;IACrD,OAAO,CAAC,cAAc,CAAwB;IAE9C;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAoCvB,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,uBAAuB,CAAC;YAkI5D,QAAQ;IAiFtB,OAAO,CAAC,qBAAqB;IA0D7B,OAAO,CAAC,kBAAkB;IAwF1B;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAe7C;IAEF;;;OAGG;IACH,OAAO,CAAC,mCAAmC;IAsF3C;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAWlB,iBAAiB,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO;IAI9C,OAAO,CAAC,mBAAmB;CA+B5B"}
+{"version":3,"file":"FunctionalityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/FunctionalityAssessor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EAGxB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAS9D,qBAAa,qBAAsB,SAAQ,YAAY;IACrD,OAAO,CAAC,cAAc,CAAwB;IAE9C;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAoCvB,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,uBAAuB,CAAC;YAkI5D,QAAQ;IAgGtB,OAAO,CAAC,qBAAqB;IAmE7B,OAAO,CAAC,kBAAkB;IA4G1B;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAe7C;IAEF;;;OAGG;IACH,OAAO,CAAC,mCAAmC;IAsF3C;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAWlB,iBAAiB,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO;IAI9C,OAAO,CAAC,mBAAmB;CA+B5B"}

package/lib/services/assessment/modules/FunctionalityAssessor.js

@@ -7,6 +7,8 @@ import { ResponseValidator } from "../ResponseValidator.js";
 import { createConcurrencyLimit } from "../lib/concurrencyLimit.js";
 import { ToolClassifier, ToolCategory } from "../ToolClassifier.js";
 import { TestDataGenerator } from "../TestDataGenerator.js";
+import { cleanParams } from "../../../utils/paramUtils.js";
+import { resolveRef, normalizeUnionType } from "../../../utils/schemaUtils.js";
 export class FunctionalityAssessor extends BaseAssessor {
     toolClassifier = new ToolClassifier();
     /**
@@ -131,21 +133,30 @@ export class FunctionalityAssessor extends BaseAssessor {
         // Generate minimal valid parameters with metadata
         const { params: testParams, metadata } = this.generateMinimalParams(tool);
         try {
-            this.log(`Testing tool: ${tool.name} with params: ${JSON.stringify(testParams)}`);
+            // Clean parameters to remove empty/null/undefined values for optional fields
+            // This prevents false negatives where tools reject empty optional values
+            const schema = tool.inputSchema;
+            const cleanedParams = schema
+                ? cleanParams(testParams, schema)
+                : testParams;
+            this.log(`Testing tool: ${tool.name} with params: ${JSON.stringify(cleanedParams)}`);
             // Execute tool with timeout
-            const response = await this.executeWithTimeout(callTool(tool.name, testParams), this.config.testTimeout);
+            const response = await this.executeWithTimeout(callTool(tool.name, cleanedParams), this.config.testTimeout);
             const executionTime = Date.now() - startTime;
+            // Create validation context for response analysis
+            const validationContext = {
+                tool,
+                input: cleanedParams,
+                response,
+            };
+            // Extract response metadata (content types, structuredContent, etc.)
+            const responseMetadata = ResponseValidator.extractResponseMetadata(validationContext);
             // Check if response indicates an error using base class method
             // Use strict mode for functionality testing - only check explicit error indicators
             // This prevents false positives where valid responses mention "error" in their content
             if (this.isErrorResponse(response, true)) {
                 // Check if this is a business logic error (validation error)
                 // Tools that correctly validate inputs should be marked as "working"
-                const validationContext = {
-                    tool,
-                    input: testParams,
-                    response,
-                };
                 if (ResponseValidator.isBusinessLogicError(validationContext)) {
                     // Tool is correctly validating inputs - this is expected behavior
                     return {
@@ -153,9 +164,10 @@ export class FunctionalityAssessor extends BaseAssessor {
                         tested: true,
                         status: "working",
                         executionTime,
-                        testParameters: testParams,
+                        testParameters: cleanedParams,
                         response,
                         testInputMetadata: metadata,
+                        responseMetadata,
                     };
                 }
                 // Real tool failure (not just validation)
@@ -165,9 +177,10 @@ export class FunctionalityAssessor extends BaseAssessor {
                     status: "broken",
                     error: this.extractErrorMessage(response),
                     executionTime,
-                    testParameters: testParams,
+                    testParameters: cleanedParams,
                     response,
                     testInputMetadata: metadata,
+                    responseMetadata,
                 };
             }
             return {
@@ -175,9 +188,10 @@ export class FunctionalityAssessor extends BaseAssessor {
                 tested: true,
                 status: "working",
                 executionTime,
-                testParameters: testParams,
+                testParameters: cleanedParams,
                 response,
                 testInputMetadata: metadata,
+                responseMetadata,
             };
         }
         catch (error) {
@@ -215,9 +229,16 @@ export class FunctionalityAssessor extends BaseAssessor {
         const required = schema.required || [];
         // For functionality testing, only generate REQUIRED parameters
         // This avoids triggering validation errors on optional parameters with complex rules
-        for (const [key, prop] of Object.entries(schema.properties)) {
+        for (const [key, rawProp] of Object.entries(schema.properties)) {
             // Only include required parameters for basic functionality testing
             if (required.includes(key)) {
+                // P2 Enhancement: Resolve $ref references in the property schema
+                let prop = rawProp;
+                if (prop.$ref) {
+                    prop = resolveRef(prop, schema);
+                }
+                // P2 Enhancement: Normalize union types (e.g., string|null from FastMCP)
+                prop = normalizeUnionType(prop);
                 const { value, source, reason } = this.generateSmartParamValueWithMetadata(prop, key, primaryCategory);
                 params[key] = value;
                 fieldSources[key] = { field: key, value, source, reason };
@@ -271,8 +292,14 @@ export class FunctionalityAssessor extends BaseAssessor {
             case "array":
                 // Generate array with sample items based on items schema
                 if (prop.items) {
+                    // Resolve $ref and normalize union types for items schema
+                    let itemsSchema = prop.items;
+                    if (itemsSchema.$ref) {
+                        itemsSchema = resolveRef(itemsSchema, prop);
+                    }
+                    itemsSchema = normalizeUnionType(itemsSchema);
                     return [
-                        this.generateParamValue(prop.items, undefined, includeOptional),
+                        this.generateParamValue(itemsSchema, undefined, includeOptional),
                     ];
                 }
                 return [];
@@ -284,8 +311,14 @@ export class FunctionalityAssessor extends BaseAssessor {
                     // Generate properties based on includeOptional flag
                     // includeOptional=false: Only required properties (for functionality testing)
                     // includeOptional=true: All properties (for test input generation)
-                    for (const [key, subProp] of Object.entries(prop.properties)) {
+                    for (const [key, rawSubProp] of Object.entries(prop.properties)) {
                         if (includeOptional || requiredProps.includes(key)) {
+                            // Resolve $ref and normalize union types for nested properties
+                            let subProp = rawSubProp;
+                            if (subProp.$ref) {
+                                subProp = resolveRef(subProp, prop);
+                            }
+                            subProp = normalizeUnionType(subProp);
                             obj[key] = this.generateParamValue(subProp, key, includeOptional);
                         }
                     }

package/lib/services/assessment/modules/MCPSpecComplianceAssessor.d.ts

@@ -37,6 +37,11 @@ export declare class MCPSpecComplianceAssessor extends BaseAssessor {
      * Check if tools have structured output support (2025-06-18 feature)
      */
     private checkStructuredOutputSupport;
+    /**
+     * Check if declared server capabilities match actual behavior
+     * Tests that capabilities advertised via serverCapabilities are actually implemented
+     */
+    private checkCapabilitiesCompliance;
     /**
      * Assess transport compliance (basic check)
      */

package/lib/services/assessment/modules/MCPSpecComplianceAssessor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"MCPSpecComplianceAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/MCPSpecComplianceAssessor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,2BAA2B,EAM3B,uBAAuB,EAGxB,MAAM,uBAAuB,CAAC;AAO/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,qBAAa,yBAA0B,SAAQ,YAAY;IACzD,OAAO,CAAC,GAAG,CAAc;gBAEb,MAAM,EAAE,uBAAuB;IAK3C;;;OAGG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,2BAA2B,CAAC;IAqGvC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAwB9B;;OAEG;YACW,sBAAsB;IAkBpC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAyC7B;;OAEG;YACW,mBAAmB;IAwBjC;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAiBpC;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAyFjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAsB/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IA4B9B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA2C7B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAoF5B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAyBjC;;OAEG;IACH,OAAO,CAAC,6BAA6B;CA0DtC"}
+{"version":3,"file":"MCPSpecComplianceAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/MCPSpecComplianceAssessor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,2BAA2B,EAM3B,uBAAuB,EAGxB,MAAM,uBAAuB,CAAC;AAO/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,qBAAa,yBAA0B,SAAQ,YAAY;IACzD,OAAO,CAAC,GAAG,CAAc;gBAEb,MAAM,EAAE,uBAAuB;IAK3C;;;OAGG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,2BAA2B,CAAC;IA6GvC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAwB9B;;OAEG;YACW,sBAAsB;IAkBpC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAyC7B;;OAEG;YACW,mBAAmB;IAwBjC;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAiBpC;;;OAGG;IACH,OAAO,CAAC,2BAA2B;IA0FnC;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAyFjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAsB/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IA4B9B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA2C7B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAoF5B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAyBjC;;OAEG;IACH,OAAO,CAAC,6BAA6B;CA0DtC"}

package/lib/services/assessment/modules/MCPSpecComplianceAssessor.js

@@ -22,6 +22,7 @@ export class MCPSpecComplianceAssessor extends BaseAssessor {
         const schemaCheck = this.checkSchemaCompliance(tools);
         const jsonRpcCheck = await this.checkJsonRpcCompliance(callTool);
         const errorCheck = await this.checkErrorResponses(tools, callTool);
+        const capabilitiesCheck = this.checkCapabilitiesCompliance(context);
         const protocolChecks = {
             jsonRpcCompliance: {
                 passed: jsonRpcCheck.passed,
@@ -60,6 +61,13 @@ export class MCPSpecComplianceAssessor extends BaseAssessor {
                     outputSchema: t.outputSchema,
                 })),
             },
+            capabilitiesCompliance: {
+                passed: capabilitiesCheck.passed,
+                confidence: capabilitiesCheck.confidence,
+                evidence: capabilitiesCheck.evidence,
+                warnings: capabilitiesCheck.warnings,
+                rawResponse: capabilitiesCheck.rawResponse,
+            },
         };
         // SECTION 2: Metadata Hints (LOW CONFIDENCE - not tested, just parsed)
         const metadataHints = this.extractMetadataHints(context);
@@ -231,6 +239,79 @@ export class MCPSpecComplianceAssessor extends BaseAssessor {
         // Consider it supported if at least some tools use it
         return toolsWithOutputSchema > 0;
     }
+    /**
+     * Check if declared server capabilities match actual behavior
+     * Tests that capabilities advertised via serverCapabilities are actually implemented
+     */
+    checkCapabilitiesCompliance(context) {
+        const warnings = [];
+        const capabilities = context.serverCapabilities;
+        // If no capabilities declared, that's fine - it's optional
+        if (!capabilities) {
+            return {
+                passed: true,
+                confidence: "medium",
+                evidence: "No server capabilities declared (optional)",
+                rawResponse: undefined,
+            };
+        }
+        // Check tools capability
+        if (capabilities.tools) {
+            if (context.tools.length === 0) {
+                warnings.push("Declared tools capability but no tools registered");
+            }
+            this.testCount++;
+        }
+        // Check resources capability
+        if (capabilities.resources) {
+            if (!context.resources || context.resources.length === 0) {
+                // Resources declared but not provided - could be valid if not fetched
+                if (!context.readResource) {
+                    warnings.push("Declared resources capability but no resources data provided for validation");
+                }
+            }
+            // Check listChanged notification support
+            if (capabilities.resources.listChanged) {
+                this.log("Server declares resources.listChanged notification support");
+            }
+            // Check subscribe support
+            if (capabilities.resources.subscribe) {
+                this.log("Server declares resource subscription support");
+            }
+            this.testCount++;
+        }
+        // Check prompts capability
+        if (capabilities.prompts) {
+            if (!context.prompts || context.prompts.length === 0) {
+                // Prompts declared but not provided
+                if (!context.getPrompt) {
+                    warnings.push("Declared prompts capability but no prompts data provided for validation");
+                }
+            }
+            // Check listChanged notification support
+            if (capabilities.prompts.listChanged) {
+                this.log("Server declares prompts.listChanged notification support");
+            }
+            this.testCount++;
+        }
+        // Check logging capability
+        if (capabilities.logging) {
+            this.log("Server declares logging capability");
+            this.testCount++;
+        }
+        // Determine pass/fail
+        const passed = warnings.length === 0;
+        const confidence = warnings.length === 0 ? "high" : "medium";
+        return {
+            passed,
+            confidence,
+            evidence: passed
+                ? "All declared capabilities have corresponding implementations"
+                : `Capability validation issues: ${warnings.join("; ")}`,
+            warnings: warnings.length > 0 ? warnings : undefined,
+            rawResponse: capabilities,
+        };
+    }
     /**
      * Assess transport compliance (basic check)
      */

package/lib/services/assessment/modules/ManifestValidationAssessor.js

@@ -437,7 +437,7 @@ export class ManifestValidationAssessor extends BaseAssessor {
                     contentType: response.headers.get("content-type") || undefined,
                 });
             }
-            catch (error) {
+            catch {
                 // Try GET request as fallback (some servers reject HEAD)
                 try {
                     const controller = new AbortController();

package/lib/services/assessment/modules/PromptAssessor.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Prompt Assessor Module
+ * Tests MCP server prompts for security, AUP compliance, and injection vulnerabilities
+ *
+ * Tests include:
+ * - Prompt argument validation
+ * - AUP compliance (no harmful content generation instructions)
+ * - Injection vulnerability testing
+ * - Required vs optional argument handling
+ */
+import { PromptAssessment } from "../../../lib/assessmentTypes.js";
+import { BaseAssessor } from "./BaseAssessor.js";
+import { AssessmentContext } from "../AssessmentOrchestrator.js";
+export declare class PromptAssessor extends BaseAssessor {
+    assess(context: AssessmentContext): Promise<PromptAssessment>;
+    private createNoPromptsResponse;
+    private testPrompt;
+    private hasRequiredArguments;
+    private checkAUPViolations;
+    private createNormalArguments;
+    private testPromptExecution;
+    private checkMessagesForUnsafeContent;
+    private testPromptInjection;
+    private isInjectionSuccessful;
+    private testArgumentValidation;
+    private determinePromptStatus;
+    private generateExplanation;
+    private generateRecommendations;
+}
+//# sourceMappingURL=PromptAssessor.d.ts.map

package/lib/services/assessment/modules/PromptAssessor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PromptAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/PromptAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,gBAAgB,EAGjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAa,MAAM,2BAA2B,CAAC;AA6DzE,qBAAa,cAAe,SAAQ,YAAY;IACxC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAqDnE,OAAO,CAAC,uBAAuB;YAajB,UAAU;IA+ExB,OAAO,CAAC,oBAAoB;IAK5B,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,qBAAqB;YAuBf,mBAAmB;IAuCjC,OAAO,CAAC,6BAA6B;YAqBvB,mBAAmB;IA6CjC,OAAO,CAAC,qBAAqB;YAsCf,sBAAsB;IA+BpC,OAAO,CAAC,qBAAqB;IAe7B,OAAO,CAAC,mBAAmB;IAmC3B,OAAO,CAAC,uBAAuB;CAoChC"}