@bryan-thompson/inspector-assessment-client 1.20.5 → 1.20.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/{OAuthCallback-BnCTZWBB.js → OAuthCallback-D2bUyz16.js} +1 -1
- package/dist/assets/{OAuthDebugCallback-CJycNI_8.js → OAuthDebugCallback-CQPffWu6.js} +1 -1
- package/dist/assets/{index-BS8cfWFR.js → index-fK_4C8r2.js} +4 -4
- package/dist/index.html +1 -1
- package/lib/services/assessment/AssessmentOrchestrator.d.ts.map +1 -1
- package/lib/services/assessment/AssessmentOrchestrator.js +11 -15
- package/lib/services/assessment/modules/TemporalAssessor.d.ts +22 -0
- package/lib/services/assessment/modules/TemporalAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/TemporalAssessor.js +96 -3
- package/package.json +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-
|
|
1
|
+
import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-fK_4C8r2.js";
|
|
2
2
|
const OAuthCallback = ({ onConnect }) => {
|
|
3
3
|
const { toast } = useToast();
|
|
4
4
|
const hasProcessedRef = reactExports.useRef(false);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-
|
|
1
|
+
import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-fK_4C8r2.js";
|
|
2
2
|
const OAuthDebugCallback = ({ onConnect }) => {
|
|
3
3
|
reactExports.useEffect(() => {
|
|
4
4
|
let isProcessed = false;
|
|
@@ -16320,7 +16320,7 @@ object({
|
|
|
16320
16320
|
token_type_hint: string().optional()
|
|
16321
16321
|
}).strip();
|
|
16322
16322
|
const name = "@bryan-thompson/inspector-assessment-client";
|
|
16323
|
-
const version$1 = "1.20.
|
|
16323
|
+
const version$1 = "1.20.6";
|
|
16324
16324
|
const packageJson = {
|
|
16325
16325
|
name,
|
|
16326
16326
|
version: version$1
|
|
@@ -45352,7 +45352,7 @@ const useTheme = () => {
|
|
|
45352
45352
|
[theme, setThemeWithSideEffect]
|
|
45353
45353
|
);
|
|
45354
45354
|
};
|
|
45355
|
-
const version = "1.20.
|
|
45355
|
+
const version = "1.20.6";
|
|
45356
45356
|
var [createTooltipContext] = createContextScope("Tooltip", [
|
|
45357
45357
|
createPopperScope
|
|
45358
45358
|
]);
|
|
@@ -59167,13 +59167,13 @@ const App = () => {
|
|
|
59167
59167
|
) });
|
|
59168
59168
|
if (window.location.pathname === "/oauth/callback") {
|
|
59169
59169
|
const OAuthCallback = React.lazy(
|
|
59170
|
-
() => __vitePreload(() => import("./OAuthCallback-
|
|
59170
|
+
() => __vitePreload(() => import("./OAuthCallback-D2bUyz16.js"), true ? [] : void 0)
|
|
59171
59171
|
);
|
|
59172
59172
|
return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
|
|
59173
59173
|
}
|
|
59174
59174
|
if (window.location.pathname === "/oauth/callback/debug") {
|
|
59175
59175
|
const OAuthDebugCallback = React.lazy(
|
|
59176
|
-
() => __vitePreload(() => import("./OAuthDebugCallback-
|
|
59176
|
+
() => __vitePreload(() => import("./OAuthDebugCallback-CQPffWu6.js"), true ? [] : void 0)
|
|
59177
59177
|
);
|
|
59178
59178
|
return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
|
|
59179
59179
|
}
|
package/dist/index.html
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<link rel="icon" type="image/svg+xml" href="/mcp.svg" />
|
|
6
6
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
7
7
|
<title>MCP Inspector</title>
|
|
8
|
-
<script type="module" crossorigin src="/assets/index-
|
|
8
|
+
<script type="module" crossorigin src="/assets/index-fK_4C8r2.js"></script>
|
|
9
9
|
<link rel="stylesheet" crossorigin href="/assets/index-DiyPO_Zj.css">
|
|
10
10
|
</head>
|
|
11
11
|
<body>
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AssessmentOrchestrator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/AssessmentOrchestrator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EAGvB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,IAAI,EACJ,2BAA2B,EAC5B,MAAM,oCAAoC,CAAC;AAiC5C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EAEvB,MAAM,wBAAwB,CAAC;AAgKhC;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAClC,SAAS,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3D,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,uBAAuB,CAAC;IAChC,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;IAIF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGtC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAIrB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAG9B,SAAS,CAAC,EAAE,WAAW,EAAE,CAAC;IAC1B,iBAAiB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC1C,OAAO,CAAC,EAAE,SAAS,EAAE,CAAC;IACtB,kBAAkB,CAAC,EAAE,qBAAqB,CAAC;IAG3C,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,SAAS,CAAC,EAAE,CACV,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KACzB,OAAO,CAAC;QAAE,QAAQ,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAGrE,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,iBAAiB,CAAC;QAC1C,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;IAIF,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;CACnC;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,aAAa,CAAa;IAGlC,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,aAAa,CAAkB;IAGvC,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,iBAAiB,CAAoB;IAG7C,OAAO,CAAC,eAAe,CAAC,CAA4B;IAGpD,OAAO,CAAC,qBAAqB,CAAC,CAAwB;IACtD,OAAO,CAAC,sBAAsB,CAAC,CAAyB;IACxD,OAAO,CAAC,2BAA2B,CAAC,CAA8B;IAClE,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,mBAAmB,CAAC,CAAsB;IAClD,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,gBAAgB,CAAC,CAAmB;IAG5C,OAAO,CAAC,gBAAgB,CAAC,CAAmB;IAC5C,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,uBAAuB,CAAC,CAAkC;gBAEtD,MAAM,GAAE,OAAO,CAAC,uBAAuB,CAAM;IAsFzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAqBhE;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,eAAe,IAAI,gBAAgB,GAAG,SAAS;IAI/C;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqC1B;;OAEG;IACG,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"AssessmentOrchestrator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/AssessmentOrchestrator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EAGvB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,IAAI,EACJ,2BAA2B,EAC5B,MAAM,oCAAoC,CAAC;AAiC5C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EAEvB,MAAM,wBAAwB,CAAC;AAgKhC;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAClC,SAAS,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3D,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,uBAAuB,CAAC;IAChC,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;IAIF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGtC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAIrB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAG9B,SAAS,CAAC,EAAE,WAAW,EAAE,CAAC;IAC1B,iBAAiB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC1C,OAAO,CAAC,EAAE,SAAS,EAAE,CAAC;IACtB,kBAAkB,CAAC,EAAE,qBAAqB,CAAC;IAG3C,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,SAAS,CAAC,EAAE,CACV,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KACzB,OAAO,CAAC;QAAE,QAAQ,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAGrE,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,iBAAiB,CAAC;QAC1C,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;IAIF,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;CACnC;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,aAAa,CAAa;IAGlC,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,aAAa,CAAkB;IAGvC,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,iBAAiB,CAAoB;IAG7C,OAAO,CAAC,eAAe,CAAC,CAA4B;IAGpD,OAAO,CAAC,qBAAqB,CAAC,CAAwB;IACtD,OAAO,CAAC,sBAAsB,CAAC,CAAyB;IACxD,OAAO,CAAC,2BAA2B,CAAC,CAA8B;IAClE,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,mBAAmB,CAAC,CAAsB;IAClD,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,gBAAgB,CAAC,CAAmB;IAG5C,OAAO,CAAC,gBAAgB,CAAC,CAAmB;IAC5C,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,uBAAuB,CAAC,CAAkC;gBAEtD,MAAM,GAAE,OAAO,CAAC,uBAAuB,CAAM;IAsFzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAqBhE;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,eAAe,IAAI,gBAAgB,GAAG,SAAS;IAI/C;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqC1B;;OAEG;IACG,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,sBAAsB,CAAC;IA+elC;;OAEG;IACG,MAAM,CACV,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,GAAG,EAChB,aAAa,CAAC,EAAE,MAAM,EACtB,WAAW,CAAC,EAAE,GAAG,GAChB,OAAO,CAAC,sBAAsB,CAAC;IAclC,OAAO,CAAC,qBAAqB;IAsE7B,OAAO,CAAC,sBAAsB;IAoB9B,OAAO,CAAC,eAAe;IA8DvB,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,SAAS,IAAI,uBAAuB;IAIpC;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,IAAI;CAG7D"}
|
|
@@ -337,6 +337,15 @@ export class AssessmentOrchestrator {
|
|
|
337
337
|
// Run assessments in parallel if enabled
|
|
338
338
|
const assessmentPromises = [];
|
|
339
339
|
const assessmentResults = {};
|
|
340
|
+
// PHASE 0: Temporal Assessment (ALWAYS runs first, before parallel/sequential phases)
|
|
341
|
+
// This ensures temporal captures clean baseline before other modules trigger rug pulls
|
|
342
|
+
if (this.temporalAssessor) {
|
|
343
|
+
const toolCount = context.tools.length;
|
|
344
|
+
const invocationsPerTool = this.config.temporalInvocations ?? 25;
|
|
345
|
+
emitModuleStartedEvent("Temporal", toolCount * invocationsPerTool, toolCount);
|
|
346
|
+
assessmentResults.temporal = await this.temporalAssessor.assess(context);
|
|
347
|
+
emitModuleProgress("Temporal", assessmentResults.temporal.status, assessmentResults.temporal, this.temporalAssessor.getTestCount());
|
|
348
|
+
}
|
|
340
349
|
if (this.config.parallelTesting) {
|
|
341
350
|
// Calculate estimates for module_started events
|
|
342
351
|
const toolCount = context.tools.length;
|
|
@@ -415,14 +424,7 @@ export class AssessmentOrchestrator {
|
|
|
415
424
|
return (assessmentResults.externalAPIScanner = r);
|
|
416
425
|
}));
|
|
417
426
|
}
|
|
418
|
-
|
|
419
|
-
const invocationsPerTool = this.config.temporalInvocations ?? 25;
|
|
420
|
-
emitModuleStartedEvent("Temporal", toolCount * invocationsPerTool, toolCount);
|
|
421
|
-
assessmentPromises.push(this.temporalAssessor.assess(context).then((r) => {
|
|
422
|
-
emitModuleProgress("Temporal", r.status, r, this.temporalAssessor.getTestCount());
|
|
423
|
-
return (assessmentResults.temporal = r);
|
|
424
|
-
}));
|
|
425
|
-
}
|
|
427
|
+
// NOTE: Temporal runs in PHASE 0 above, not in parallel with other modules
|
|
426
428
|
// New capability assessors
|
|
427
429
|
if (this.resourceAssessor) {
|
|
428
430
|
const resourceCount = (context.resources?.length || 0) +
|
|
@@ -457,6 +459,7 @@ export class AssessmentOrchestrator {
|
|
|
457
459
|
// Sequential execution with module_started events
|
|
458
460
|
const toolCount = context.tools.length;
|
|
459
461
|
const securityPatterns = this.config.securityPatternsToTest || 17;
|
|
462
|
+
// NOTE: Temporal runs in PHASE 0 above, before sequential/parallel phases
|
|
460
463
|
// Functionality: ~10 scenarios per tool
|
|
461
464
|
emitModuleStartedEvent("Functionality", toolCount * 10, toolCount);
|
|
462
465
|
assessmentResults.functionality =
|
|
@@ -524,13 +527,6 @@ export class AssessmentOrchestrator {
|
|
|
524
527
|
await this.externalAPIScannerAssessor.assess(context);
|
|
525
528
|
emitModuleProgress("External APIs", assessmentResults.externalAPIScanner.status, assessmentResults.externalAPIScanner, this.externalAPIScannerAssessor.getTestCount());
|
|
526
529
|
}
|
|
527
|
-
if (this.temporalAssessor) {
|
|
528
|
-
const invocationsPerTool = this.config.temporalInvocations ?? 25;
|
|
529
|
-
emitModuleStartedEvent("Temporal", toolCount * invocationsPerTool, toolCount);
|
|
530
|
-
assessmentResults.temporal =
|
|
531
|
-
await this.temporalAssessor.assess(context);
|
|
532
|
-
emitModuleProgress("Temporal", assessmentResults.temporal.status, assessmentResults.temporal, this.temporalAssessor.getTestCount());
|
|
533
|
-
}
|
|
534
530
|
// New capability assessors (sequential)
|
|
535
531
|
if (this.resourceAssessor) {
|
|
536
532
|
const resourceCount = (context.resources?.length || 0) +
|
|
@@ -76,6 +76,28 @@ export declare class TemporalAssessor extends BaseAssessor {
|
|
|
76
76
|
* Handles arrays by sampling multiple elements to detect heterogeneous schemas.
|
|
77
77
|
*/
|
|
78
78
|
private extractFieldNames;
|
|
79
|
+
/**
|
|
80
|
+
* Secondary detection for stateful tools that pass schema comparison.
|
|
81
|
+
* Catches rug pulls that change content semantically while keeping schema intact.
|
|
82
|
+
*
|
|
83
|
+
* Examples detected:
|
|
84
|
+
* - Weather data → "Rate limit exceeded, upgrade to premium"
|
|
85
|
+
* - Stock prices → "Subscribe for $9.99/month to continue"
|
|
86
|
+
* - Search results → "Error: Service unavailable"
|
|
87
|
+
*/
|
|
88
|
+
private detectStatefulContentChange;
|
|
89
|
+
/**
|
|
90
|
+
* Extract text content from a response for semantic analysis.
|
|
91
|
+
*/
|
|
92
|
+
private extractTextContent;
|
|
93
|
+
/**
|
|
94
|
+
* Check for error-related keywords that indicate service degradation.
|
|
95
|
+
*/
|
|
96
|
+
private hasErrorKeywords;
|
|
97
|
+
/**
|
|
98
|
+
* Check for promotional/monetization keywords that indicate a monetization rug pull.
|
|
99
|
+
*/
|
|
100
|
+
private hasPromotionalKeywords;
|
|
79
101
|
private determineTemporalStatus;
|
|
80
102
|
private generateExplanation;
|
|
81
103
|
private generateRecommendations;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TemporalAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/TemporalAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAEnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA+B9C,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,kBAAkB,CAAS;IAGnC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAoBnC;IAGF,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IAEjD;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAqBrC;gBAEU,MAAM,EAAE,uBAAuB;IAKrC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAqEvD,UAAU;IAuHxB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAkChC,OAAO,CAAC,gBAAgB;
|
|
1
|
+
{"version":3,"file":"TemporalAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/TemporalAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAEnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA+B9C,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,kBAAkB,CAAS;IAGnC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAoBnC;IAGF,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IAEjD;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAqBrC;gBAEU,MAAM,EAAE,uBAAuB;IAKrC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAqEvD,UAAU;IAuHxB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAkChC,OAAO,CAAC,gBAAgB;IAmGxB;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAsC3B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAiFzB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAKzB;;;;;;;;OAQG;IACH,OAAO,CAAC,cAAc;IAetB;;;;;;OAMG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAiCzB;;;;;;;;OAQG;IACH,OAAO,CAAC,2BAA2B;IA2CnC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAa9B,OAAO,CAAC,uBAAuB;IAa/B,OAAO,CAAC,mBAAmB;IA+C3B,OAAO,CAAC,uBAAuB;CA+DhC"}
|
|
@@ -277,6 +277,15 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
277
277
|
// Schema-only comparison for stateful tools
|
|
278
278
|
// Content can vary, but field names should remain consistent
|
|
279
279
|
isDifferent = !this.compareSchemas(responses[0].response, responses[i].response);
|
|
280
|
+
// Secondary detection: Check for content semantic changes (rug pull patterns)
|
|
281
|
+
// This catches cases where schema is same but content shifts from helpful to harmful
|
|
282
|
+
if (!isDifferent) {
|
|
283
|
+
const contentChange = this.detectStatefulContentChange(responses[0].response, responses[i].response);
|
|
284
|
+
if (contentChange.detected) {
|
|
285
|
+
isDifferent = true;
|
|
286
|
+
this.log(`${tool.name}: Content semantic change detected at invocation ${i + 1} - ${contentChange.reason}`);
|
|
287
|
+
}
|
|
288
|
+
}
|
|
280
289
|
}
|
|
281
290
|
else {
|
|
282
291
|
// Exact comparison for non-stateful tools
|
|
@@ -308,9 +317,11 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
308
317
|
maliciousResponseExample: responses[deviations[0] - 1]?.response ?? null,
|
|
309
318
|
}
|
|
310
319
|
: undefined,
|
|
311
|
-
// Add note for stateful tools
|
|
312
|
-
note: isStateful
|
|
313
|
-
?
|
|
320
|
+
// Add note for stateful tools - different messages for pass vs fail
|
|
321
|
+
note: isStateful
|
|
322
|
+
? isVulnerable
|
|
323
|
+
? "Stateful tool - secondary content analysis detected rug pull"
|
|
324
|
+
: "Stateful tool - content variation expected, schema consistent"
|
|
314
325
|
: undefined,
|
|
315
326
|
};
|
|
316
327
|
}
|
|
@@ -498,6 +509,88 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
498
509
|
}
|
|
499
510
|
return fields;
|
|
500
511
|
}
|
|
512
|
+
/**
|
|
513
|
+
* Secondary detection for stateful tools that pass schema comparison.
|
|
514
|
+
* Catches rug pulls that change content semantically while keeping schema intact.
|
|
515
|
+
*
|
|
516
|
+
* Examples detected:
|
|
517
|
+
* - Weather data → "Rate limit exceeded, upgrade to premium"
|
|
518
|
+
* - Stock prices → "Subscribe for $9.99/month to continue"
|
|
519
|
+
* - Search results → "Error: Service unavailable"
|
|
520
|
+
*/
|
|
521
|
+
detectStatefulContentChange(baseline, current) {
|
|
522
|
+
// Convert to strings for content analysis
|
|
523
|
+
const baselineText = this.extractTextContent(baseline);
|
|
524
|
+
const currentText = this.extractTextContent(current);
|
|
525
|
+
// Skip if both are empty or identical
|
|
526
|
+
if (!baselineText && !currentText)
|
|
527
|
+
return { detected: false, reason: null };
|
|
528
|
+
if (baselineText === currentText)
|
|
529
|
+
return { detected: false, reason: null };
|
|
530
|
+
// Check 1: Error keywords appearing in later responses (not present in baseline)
|
|
531
|
+
if (this.hasErrorKeywords(currentText) &&
|
|
532
|
+
!this.hasErrorKeywords(baselineText)) {
|
|
533
|
+
return { detected: true, reason: "error_keywords_appeared" };
|
|
534
|
+
}
|
|
535
|
+
// Check 2: Promotional/payment keywords (rug pull monetization pattern)
|
|
536
|
+
if (this.hasPromotionalKeywords(currentText) &&
|
|
537
|
+
!this.hasPromotionalKeywords(baselineText)) {
|
|
538
|
+
return { detected: true, reason: "promotional_keywords_appeared" };
|
|
539
|
+
}
|
|
540
|
+
// Check 3: Significant length DECREASE only (response becoming much shorter)
|
|
541
|
+
// This catches cases where helpful responses shrink to terse error messages
|
|
542
|
+
// We don't flag length increase because stateful tools legitimately accumulate data
|
|
543
|
+
if (baselineText.length > 20) {
|
|
544
|
+
// Only check if baseline has meaningful content
|
|
545
|
+
const lengthRatio = currentText.length / baselineText.length;
|
|
546
|
+
if (lengthRatio < 0.3) {
|
|
547
|
+
// Response shrunk to <30% of original
|
|
548
|
+
return { detected: true, reason: "significant_length_decrease" };
|
|
549
|
+
}
|
|
550
|
+
}
|
|
551
|
+
return { detected: false, reason: null };
|
|
552
|
+
}
|
|
553
|
+
/**
|
|
554
|
+
* Extract text content from a response for semantic analysis.
|
|
555
|
+
*/
|
|
556
|
+
extractTextContent(obj) {
|
|
557
|
+
if (typeof obj === "string")
|
|
558
|
+
return obj;
|
|
559
|
+
if (typeof obj !== "object" || !obj)
|
|
560
|
+
return "";
|
|
561
|
+
return JSON.stringify(obj);
|
|
562
|
+
}
|
|
563
|
+
/**
|
|
564
|
+
* Check for error-related keywords that indicate service degradation.
|
|
565
|
+
*/
|
|
566
|
+
hasErrorKeywords(text) {
|
|
567
|
+
const patterns = [
|
|
568
|
+
/\berror\b/i,
|
|
569
|
+
/\bfail(ed|ure)?\b/i,
|
|
570
|
+
/\bunavailable\b/i,
|
|
571
|
+
/\brate\s*limit/i,
|
|
572
|
+
/\bdenied\b/i,
|
|
573
|
+
/\bexpired\b/i,
|
|
574
|
+
/\btimeout\b/i,
|
|
575
|
+
/\bblocked\b/i,
|
|
576
|
+
];
|
|
577
|
+
return patterns.some((p) => p.test(text));
|
|
578
|
+
}
|
|
579
|
+
/**
|
|
580
|
+
* Check for promotional/monetization keywords that indicate a monetization rug pull.
|
|
581
|
+
*/
|
|
582
|
+
hasPromotionalKeywords(text) {
|
|
583
|
+
const patterns = [
|
|
584
|
+
/\bupgrade\b/i,
|
|
585
|
+
/\bpremium\b/i,
|
|
586
|
+
/\bsubscri(be|ption)\b/i,
|
|
587
|
+
/\$\d+(\.\d{2})?/, // Price patterns like $49.99
|
|
588
|
+
/\bpay(ment)?\s*(required|needed|now)\b/i,
|
|
589
|
+
/\bpro\s*plan\b/i,
|
|
590
|
+
/\bbuy\s*now\b/i,
|
|
591
|
+
];
|
|
592
|
+
return patterns.some((p) => p.test(text));
|
|
593
|
+
}
|
|
501
594
|
determineTemporalStatus(rugPullsDetected, results) {
|
|
502
595
|
if (rugPullsDetected > 0) {
|
|
503
596
|
return "FAIL";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bryan-thompson/inspector-assessment-client",
|
|
3
|
-
"version": "1.20.
|
|
3
|
+
"version": "1.20.6",
|
|
4
4
|
"description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Bryan Thompson <bryan@triepod.ai>",
|