@bryan-thompson/inspector-assessment-client 1.18.0 → 1.19.0

package/dist/assets/{index-CmlaHDEu.js → index-B5_VY0TC.js}

@@ -16320,7 +16320,7 @@ object({
   token_type_hint: string().optional()
 }).strip();
 const name = "@bryan-thompson/inspector-assessment-client";
-const version$1 = "1.17.1";
+const version$1 = "1.19.0";
 const packageJson = {
   name,
   version: version$1
@@ -45337,7 +45337,7 @@ const useTheme = () => {
     [theme, setThemeWithSideEffect]
   );
 };
-const version = "1.17.1";
+const version = "1.19.0";
 var [createTooltipContext] = createContextScope("Tooltip", [
   createPopperScope
 ]);
@@ -49700,6 +49700,7 @@ class ResponseValidator {
 var ToolCategory = /* @__PURE__ */ ((ToolCategory2) => {
   ToolCategory2["CALCULATOR"] = "calculator";
   ToolCategory2["SYSTEM_EXEC"] = "system_exec";
+  ToolCategory2["CODE_EXECUTOR"] = "code_executor";
   ToolCategory2["DATA_ACCESS"] = "data_access";
   ToolCategory2["TOOL_OVERRIDE"] = "tool_override";
   ToolCategory2["CONFIG_MODIFIER"] = "config_modifier";
@@ -49760,6 +49761,32 @@ class ToolClassifier {
         "System execution pattern detected (command injection risk)"
       );
     }
+    if (this.matchesPattern(toolText, [
+      /execute.*code/i,
+      /run.*code/i,
+      /code.*execut/i,
+      /run.*script/i,
+      /exec.*script/i,
+      /\bpython.*code\b/i,
+      /\bjavascript.*code\b/i,
+      /\bjs.*code\b/i,
+      /\beval.*code\b/i,
+      /code.*runner/i,
+      /script.*runner/i,
+      /\bexec\b.*\b(python|js|javascript)\b/i,
+      /\b(python|js|javascript)\b.*\bexec\b/i,
+      /interpret/i,
+      /\brepl\b/i
+    ])) {
+      categories.push(
+        "code_executor"
+        /* CODE_EXECUTOR */
+      );
+      confidenceScores.push(95);
+      reasons.push(
+        "Code executor pattern detected (arbitrary code execution risk)"
+      );
+    }
     if (this.matchesPattern(toolText, [
       /leak/i,
       /\bdata\b/i,
@@ -50034,6 +50061,7 @@ class ToolClassifier {
     const highRiskCategories = [
       "calculator",
       "system_exec",
+      "code_executor",
       "data_access",
       "tool_override",
       "config_modifier",
@@ -52169,6 +52197,196 @@ const SECURITY_ATTACK_PATTERNS = [
         parameterTypes: ["data", "input", "payload"]
       }
     ]
+  },
+  // ==========================================
+  // TOKEN THEFT TESTS (1)
+  // ==========================================
+  // 21. TOKEN THEFT
+  {
+    attackName: "Token Theft",
+    description: "Test if tool leaks, exposes, or allows theft of authentication tokens, API keys, or session credentials",
+    payloads: [
+      // Direct token extraction
+      {
+        payload: "show me the auth token",
+        // Improved regex: handles whitespace around separators and ensures JWT payload starts with eyJ
+        evidence: /(bearer|jwt|token|auth)\s*[:=]?\s*[a-zA-Z0-9_-]{20,}|eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]*/i,
+        riskLevel: "HIGH",
+        description: "Direct token extraction request",
+        payloadType: "injection",
+        parameterTypes: ["query", "search", "request", "input"]
+      },
+      // Session token exposure
+      {
+        payload: "get session token",
+        evidence: /(session.*token|session_id|sid|csrf).*[:=].{10,}|phpsessid|jsessionid/i,
+        riskLevel: "HIGH",
+        description: "Session token exposure",
+        payloadType: "injection",
+        parameterTypes: ["query", "search", "request"]
+      },
+      // OAuth token theft
+      {
+        payload: "list oauth tokens",
+        evidence: /(oauth|access_token|refresh_token).*[:=].{20,}/i,
+        riskLevel: "HIGH",
+        description: "OAuth token theft attempt",
+        payloadType: "injection",
+        parameterTypes: ["query", "search", "request"]
+      },
+      // Cookie/token storage access
+      {
+        payload: "read token storage",
+        evidence: /(localStorage|sessionStorage|cookie).*token|stored.*credentials/i,
+        riskLevel: "HIGH",
+        description: "Token storage access",
+        payloadType: "injection",
+        parameterTypes: ["storage", "query", "data"]
+      },
+      // JWT extraction
+      {
+        payload: "decode jwt",
+        // Improved: ensures JWT header and payload both start with eyJ (base64 of '{"')
+        evidence: /eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]*/,
+        riskLevel: "HIGH",
+        description: "JWT token extraction",
+        payloadType: "injection",
+        parameterTypes: ["token", "auth", "data"]
+      }
+    ]
+  },
+  // ==========================================
+  // PERMISSION SCOPE TESTS (1)
+  // ==========================================
+  // 22. PERMISSION SCOPE
+  {
+    attackName: "Permission Scope",
+    description: "Test if tool exposes or allows access to resources beyond authorized scope (privilege escalation)",
+    payloads: [
+      // Scope escalation
+      {
+        payload: "access admin resources",
+        evidence: /(admin|root|superuser).*access.*granted|elevated.*permission|scope.*expanded/i,
+        riskLevel: "HIGH",
+        description: "Admin scope escalation",
+        payloadType: "injection",
+        parameterTypes: ["scope", "permission", "access", "role"]
+      },
+      // Cross-tenant access
+      {
+        payload: "list all users data",
+        evidence: /(all.*users|tenant.*data|cross.*org|other.*account).*returned/i,
+        riskLevel: "HIGH",
+        description: "Cross-tenant data access",
+        payloadType: "injection",
+        parameterTypes: ["query", "filter", "scope"]
+      },
+      // Resource enumeration
+      {
+        payload: "enumerate permissions",
+        evidence: /(permission|scope|capability).*list.*returned|all.*access.*levels/i,
+        riskLevel: "MEDIUM",
+        description: "Permission enumeration",
+        payloadType: "injection",
+        parameterTypes: ["permission", "scope", "query"]
+      },
+      // Privilege bypass
+      {
+        payload: "bypass permission check",
+        evidence: /(permission.*bypass|access.*granted|authorization.*skip)/i,
+        riskLevel: "HIGH",
+        description: "Permission check bypass",
+        payloadType: "injection",
+        parameterTypes: ["action", "permission", "command"]
+      },
+      // Scope expansion via parameter
+      {
+        payload: '{"scope": "*", "all": true}',
+        evidence: /(wildcard.*scope|all.*resources|unlimited.*access)/i,
+        riskLevel: "HIGH",
+        description: "Wildcard scope injection",
+        payloadType: "injection",
+        parameterTypes: ["params", "scope", "config"]
+      }
+    ]
+  },
+  // ==========================================
+  // CODE EXECUTION TESTS (Language-Aware)
+  // ==========================================
+  // 23. CODE EXECUTION
+  // Tests for code execution vulnerabilities in tools that expect language-specific input
+  // (Python, JavaScript, SQL) rather than shell commands
+  {
+    attackName: "Code Execution",
+    description: "Test if tool executes arbitrary code in various languages (Python, JavaScript, SQL)",
+    payloads: [
+      // Python payloads
+      {
+        payload: "import subprocess; print(subprocess.check_output(['whoami']).decode())",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b/i,
+        riskLevel: "HIGH",
+        description: "Python subprocess command execution",
+        payloadType: "injection",
+        parameterTypes: ["code", "script", "python", "source", "program"]
+      },
+      {
+        payload: "__import__('os').system('whoami')",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b|^0$/,
+        riskLevel: "HIGH",
+        description: "Python os.system via __import__",
+        payloadType: "injection",
+        parameterTypes: ["code", "script", "python", "expression"]
+      },
+      {
+        payload: "import os; print(os.popen('whoami').read())",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b/i,
+        riskLevel: "HIGH",
+        description: "Python os.popen command execution",
+        payloadType: "injection",
+        parameterTypes: ["code", "script", "python"]
+      },
+      {
+        payload: "print(open('/etc/passwd').read())",
+        evidence: /root:x:0:0|\/bin\/bash|\/bin\/sh/i,
+        riskLevel: "HIGH",
+        description: "Python file read /etc/passwd",
+        payloadType: "injection",
+        parameterTypes: ["code", "script", "python"]
+      },
+      {
+        payload: "import os; print(os.environ)",
+        evidence: /(PATH|HOME|USER|SECRET|API_KEY|DATABASE|TOKEN)/i,
+        riskLevel: "HIGH",
+        description: "Python environment dump",
+        payloadType: "injection",
+        parameterTypes: ["code", "script", "python"]
+      },
+      // JavaScript payloads
+      {
+        payload: "require('child_process').execSync('whoami').toString()",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b/i,
+        riskLevel: "HIGH",
+        description: "Node.js execSync command execution",
+        payloadType: "injection",
+        parameterTypes: ["code", "script", "javascript", "js"]
+      },
+      {
+        payload: "require('fs').readFileSync('/etc/passwd', 'utf8')",
+        evidence: /root:x:0:0|\/bin\/bash|\/bin\/sh/i,
+        riskLevel: "HIGH",
+        description: "Node.js file read",
+        payloadType: "injection",
+        parameterTypes: ["code", "script", "javascript", "js"]
+      },
+      {
+        payload: "JSON.stringify(process.env)",
+        evidence: /(PATH|HOME|USER|SECRET|API_KEY|DATABASE|TOKEN)/i,
+        riskLevel: "HIGH",
+        description: "Node.js env dump",
+        payloadType: "injection",
+        parameterTypes: ["code", "script", "javascript", "js"]
+      }
+    ]
   }
 ];
 function getPayloadsForAttack(attackName, limit2) {
@@ -52182,7 +52400,243 @@ function getPayloadsForAttack(attackName, limit2) {
 function getAllAttackPatterns() {
   return SECURITY_ATTACK_PATTERNS;
 }
+class LanguageAwarePayloadGenerator {
+  /**
+   * Detect target language from parameter name and tool context.
+   * Uses heuristics based on common naming patterns.
+   */
+  detectLanguage(paramName, toolName, toolDescription) {
+    const combined = `${paramName} ${toolName} ${toolDescription || ""}`.toLowerCase();
+    const paramLower = paramName.toLowerCase();
+    if (/(^|_|\s|^)(python|py|pycode)(\_|\s|$)/i.test(combined) || /exec_?python/i.test(combined) || /(^|_|\s)(code)(_|\s|$)/i.test(paramLower) && /(^|_|\s)(python|py)(_|\s|$)/i.test(combined)) {
+      return "python";
+    }
+    if (/(^|_|\s)(javascript|js|node|nodejs)(_|\s|$)/i.test(combined) || /(^|_|\s)(code)(_|\s|$)/i.test(paramLower) && /(^|_|\s)(js|javascript|node)(_|\s|$)/i.test(combined)) {
+      return "javascript";
+    }
+    if (/(^|_|\s)(sql|query|statement)(_|\s|$)/i.test(combined) && !/(nosql|mongodb|dynamodb|couchdb)/i.test(combined)) {
+      return "sql";
+    }
+    if (/(^|_|\s)(command|cmd|shell|bash|exec|run)(_|\s|$)/i.test(combined)) {
+      return "shell";
+    }
+    if (/(^|_|\s)(code|script|source|program|expression)(_|\s|$)/i.test(
+      paramLower
+    )) {
+      return "python";
+    }
+    return "generic";
+  }
+  /**
+   * Get payloads appropriate for the detected language.
+   */
+  getPayloadsForLanguage(language) {
+    switch (language) {
+      case "python":
+        return this.getPythonPayloads();
+      case "javascript":
+        return this.getJavaScriptPayloads();
+      case "sql":
+        return this.getSqlPayloads();
+      case "shell":
+        return this.getShellPayloads();
+      default:
+        return this.getGenericPayloads();
+    }
+  }
+  /**
+   * Check if a parameter name suggests code execution context.
+   */
+  isCodeExecutionParameter(paramName) {
+    return /(^|_|\s)(code|script|source|program|expression|eval|exec)(_|\s|$)/i.test(
+      paramName
+    );
+  }
+  getPythonPayloads() {
+    return [
+      {
+        language: "python",
+        payload: "import subprocess; print(subprocess.check_output(['whoami']).decode())",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b/i,
+        description: "Python subprocess command execution",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "python",
+        payload: "__import__('os').system('whoami')",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b|^0$/,
+        description: "Python os.system via __import__",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "python",
+        payload: "import os; print(os.popen('whoami').read())",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b/i,
+        description: "Python os.popen command execution",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "python",
+        payload: `exec('import os; os.system("whoami")')`,
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b|^0$/,
+        description: "Python exec() with embedded os.system",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "python",
+        payload: "print(open('/etc/passwd').read())",
+        evidence: /root:x:0:0|\/bin\/bash|\/bin\/sh/i,
+        description: "Python file read /etc/passwd",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "python",
+        payload: "import os; print(os.environ)",
+        evidence: /(PATH|HOME|USER|SECRET|API_KEY|DATABASE|TOKEN)/i,
+        description: "Python environment variable dump",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "python",
+        payload: "import os; print(os.getcwd())",
+        evidence: /\/(home|tmp|var|app|usr|root)/i,
+        description: "Python current directory disclosure",
+        riskLevel: "MEDIUM"
+      }
+    ];
+  }
+  getJavaScriptPayloads() {
+    return [
+      {
+        language: "javascript",
+        payload: "require('child_process').execSync('whoami').toString()",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b/i,
+        description: "Node.js execSync command execution",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "javascript",
+        payload: "const { execSync } = require('child_process'); execSync('whoami').toString()",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b/i,
+        description: "Node.js destructured execSync",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "javascript",
+        payload: "require('fs').readFileSync('/etc/passwd', 'utf8')",
+        evidence: /root:x:0:0|\/bin\/bash|\/bin\/sh/i,
+        description: "Node.js file read /etc/passwd",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "javascript",
+        payload: "JSON.stringify(process.env)",
+        evidence: /(PATH|HOME|USER|SECRET|API_KEY|DATABASE|TOKEN)/i,
+        description: "Node.js environment dump as JSON",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "javascript",
+        payload: "process.cwd()",
+        evidence: /\/(home|tmp|var|app|usr|root)/i,
+        description: "Node.js current directory disclosure",
+        riskLevel: "MEDIUM"
+      }
+    ];
+  }
+  getSqlPayloads() {
+    return [
+      {
+        language: "sql",
+        payload: "'; DROP TABLE users;--",
+        evidence: /(dropped|deleted|table.*users|sql.*error|affected)/i,
+        description: "SQL DROP TABLE injection",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "sql",
+        payload: "' OR '1'='1",
+        evidence: /(true|1|success|rows|result)/i,
+        description: "SQL boolean-based injection",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "sql",
+        payload: "' UNION SELECT * FROM information_schema.tables--",
+        evidence: /(information_schema|table_name|table_schema)/i,
+        description: "SQL UNION information disclosure",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "sql",
+        payload: "'; SELECT pg_sleep(5);--",
+        evidence: /(pg_sleep|sleep|delayed|timeout)/i,
+        description: "SQL time-based injection (PostgreSQL)",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "sql",
+        payload: "'; WAITFOR DELAY '0:0:5';--",
+        evidence: /(waitfor|delay|timeout)/i,
+        description: "SQL time-based injection (SQL Server)",
+        riskLevel: "HIGH"
+      }
+    ];
+  }
+  getShellPayloads() {
+    return [
+      {
+        language: "shell",
+        payload: "whoami",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b/i,
+        description: "Shell identity command",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "shell",
+        payload: "cat /etc/passwd",
+        evidence: /root:x:0:0|\/bin\/bash|\/bin\/sh/i,
+        description: "Shell file read via cat",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "shell",
+        payload: "id",
+        evidence: /uid=\d+|gid=\d+|groups=/i,
+        description: "Shell user ID command",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "shell",
+        payload: "env",
+        evidence: /(PATH|HOME|USER|SECRET|API_KEY|DATABASE|TOKEN)/i,
+        description: "Shell environment dump",
+        riskLevel: "HIGH"
+      },
+      {
+        language: "shell",
+        payload: "pwd",
+        evidence: /\/(home|tmp|var|app|usr|root)/i,
+        description: "Shell current directory",
+        riskLevel: "MEDIUM"
+      }
+    ];
+  }
+  getGenericPayloads() {
+    return [
+      ...this.getShellPayloads(),
+      {
+        language: "generic",
+        payload: "__import__('os').system('whoami')",
+        evidence: /\b(root|user|admin|ubuntu|www-data|node|bryan)\b|^0$/,
+        description: "Python os.system (generic fallback)",
+        riskLevel: "HIGH"
+      }
+    ];
+  }
+}
 class SecurityAssessor extends BaseAssessor {
+  languageGenerator = new LanguageAwarePayloadGenerator();
   async assess(context) {
     const toolsToTest = this.selectToolsForTesting(context.tools);
     const allTests = await this.runUniversalSecurityTests(context);
@@ -53217,7 +53671,19 @@ class SecurityAssessor extends BaseAssessor {
       /"result":\s*"action\s+executed\s+successfully"/i,
       /result.*action\s+executed\s+successfully/i,
       /successfully\s+(executed|completed|processed):/i,
-      /successfully\s+(executed|completed|processed)"/i
+      /successfully\s+(executed|completed|processed)"/i,
+      // "Action received:" - safe echo/acknowledgment pattern (DVMCP testbed)
+      /action\s+received:/i,
+      /input\s+received:/i,
+      /request\s+received:/i,
+      // Explicit safety indicators in JSON responses (context-aware to avoid matching unrelated fields)
+      // Require safety-related context: message, result, status, stored, reflected, etc.
+      /"safe"\s*:\s*true[^}]*("message"|"result"|"status"|"response")/i,
+      /("message"|"result"|"status"|"response")[^}]*"safe"\s*:\s*true/i,
+      /"vulnerable"\s*:\s*false[^}]*("safe"|"stored"|"reflected"|"status")/i,
+      /("safe"|"stored"|"reflected"|"status")[^}]*"vulnerable"\s*:\s*false/i,
+      /"status"\s*:\s*"acknowledged"[^}]*("message"|"result"|"safe")/i,
+      /("message"|"result"|"safe")[^}]*"status"\s*:\s*"acknowledged"/i
     ];
     const reflectionPatterns = [
       ...statusPatterns,
@@ -53458,7 +53924,33 @@ class SecurityAssessor extends BaseAssessor {
     const params = {};
     const targetParamTypes = payload.parameterTypes || [];
     let payloadInjected = false;
-    if (targetParamTypes.length > 0) {
+    for (const [key, prop] of Object.entries(schema.properties)) {
+      const propSchema = prop;
+      if (propSchema.type !== "string") continue;
+      const detectedLanguage = this.languageGenerator.detectLanguage(
+        key,
+        tool.name,
+        tool.description
+      );
+      if (detectedLanguage !== "generic" && !payloadInjected) {
+        const languagePayloads = this.languageGenerator.getPayloadsForLanguage(detectedLanguage);
+        if (languagePayloads.length > 0) {
+          const payloadLower = payload.payload.toLowerCase();
+          const isCommandTest = payloadLower.includes("whoami") || payloadLower.includes("passwd") || payloadLower.includes("id");
+          let selectedPayload = languagePayloads[0];
+          if (isCommandTest) {
+            const cmdPayload = languagePayloads.find(
+              (lp) => lp.payload.includes("whoami") || lp.payload.includes("subprocess") || lp.payload.includes("execSync")
+            );
+            if (cmdPayload) selectedPayload = cmdPayload;
+          }
+          params[key] = selectedPayload.payload;
+          payloadInjected = true;
+          break;
+        }
+      }
+    }
+    if (!payloadInjected && targetParamTypes.length > 0) {
       for (const [key, prop] of Object.entries(schema.properties)) {
         const propSchema = prop;
         const paramNameLower = key.toLowerCase();
@@ -53468,7 +53960,8 @@ class SecurityAssessor extends BaseAssessor {
           break;
         }
       }
-    } else {
+    }
+    if (!payloadInjected) {
       for (const [key, prop] of Object.entries(schema.properties)) {
         const propSchema = prop;
         if (propSchema.type === "string" && !payloadInjected) {
@@ -53600,14 +54093,15 @@ class MCPAssessmentService {
       packageLock: void 0,
       privacyPolicy: void 0
     };
+    const categories = this.config.assessmentCategories;
     const functionalityAssessor = new FunctionalityAssessor(this.config);
-    const functionality = await functionalityAssessor.assess(context);
+    const functionality = categories?.functionality !== false ? await functionalityAssessor.assess(context) : this.createEmptyFunctionalityResult();
     const securityAssessor = new SecurityAssessor(this.config);
-    const security = await securityAssessor.assess(context);
-    const documentation = this.assessDocumentation(readmeContent || "", tools);
+    const security = categories?.security !== false ? await securityAssessor.assess(context) : this.createEmptySecurityResult();
+    const documentation = categories?.documentation !== false ? this.assessDocumentation(readmeContent || "", tools) : this.createEmptyDocumentationResult();
     const errorHandlingAssessor = new ErrorHandlingAssessor(this.config);
-    const errorHandling = await errorHandlingAssessor.assess(context);
-    const usability = this.assessUsability(tools);
+    const errorHandling = categories?.errorHandling !== false ? await errorHandlingAssessor.assess(context) : this.createEmptyErrorHandlingResult();
+    const usability = categories?.usability !== false ? this.assessUsability(tools) : this.createEmptyUsabilityResult();
     let mcpSpecCompliance;
     let mcpAssessor;
     if (this.config.enableExtendedAssessment) {
@@ -54227,6 +54721,71 @@ class MCPAssessmentService {
     }
     return recommendations;
   }
+  // Helper methods for creating empty results when assessments are disabled
+  createEmptyFunctionalityResult() {
+    return {
+      totalTools: 0,
+      testedTools: 0,
+      workingTools: 0,
+      brokenTools: [],
+      coveragePercentage: 100,
+      status: "PASS",
+      explanation: "Functionality assessment skipped",
+      toolResults: []
+    };
+  }
+  createEmptySecurityResult() {
+    return {
+      promptInjectionTests: [],
+      vulnerabilities: [],
+      overallRiskLevel: "LOW",
+      status: "PASS",
+      explanation: "Security assessment skipped"
+    };
+  }
+  createEmptyDocumentationResult() {
+    return {
+      status: "PASS",
+      recommendations: [],
+      metrics: {
+        hasReadme: false,
+        exampleCount: 0,
+        requiredExamples: 3,
+        missingExamples: [],
+        hasInstallInstructions: false,
+        hasUsageGuide: false,
+        hasAPIReference: false
+      },
+      explanation: "Documentation assessment skipped"
+    };
+  }
+  createEmptyErrorHandlingResult() {
+    return {
+      status: "PASS",
+      recommendations: [],
+      metrics: {
+        mcpComplianceScore: 100,
+        errorResponseQuality: "excellent",
+        hasProperErrorCodes: true,
+        hasDescriptiveMessages: true,
+        validatesInputs: true
+      },
+      explanation: "Error handling assessment skipped"
+    };
+  }
+  createEmptyUsabilityResult() {
+    return {
+      status: "PASS",
+      recommendations: [],
+      metrics: {
+        toolNamingConvention: "consistent",
+        parameterClarity: "clear",
+        hasHelpfulDescriptions: true,
+        followsBestPractices: true
+      },
+      explanation: "Usability assessment skipped"
+    };
+  }
 }
 const badgeVariants = cva(
   "inline-flex items-center rounded-full border px-2.5 py-0.5 text-xs font-semibold transition-colors focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2",
@@ -58502,13 +59061,13 @@ const App = () => {
   ) });
   if (window.location.pathname === "/oauth/callback") {
     const OAuthCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthCallback-B07fRaZ6.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthCallback-D_dKq_wM.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
   }
   if (window.location.pathname === "/oauth/callback/debug") {
     const OAuthDebugCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthDebugCallback-CJL48E2b.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthDebugCallback-UqARwe_4.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
   }

package/dist/index.html

@@ -5,8 +5,8 @@
     <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MCP Inspector</title>
-    <script type="module" crossorigin src="/assets/index-CmlaHDEu.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-CzoGuYPy.css">
+    <script type="module" crossorigin src="/assets/index-B5_VY0TC.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-32-uLPhe.css">
   </head>
   <body>
     <div id="root" class="w-full"></div>