@bryan-thompson/inspector-assessment-client 1.22.10 → 1.22.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/{OAuthCallback-Cod7tZC4.js → OAuthCallback-KYOejDDy.js} +1 -1
- package/dist/assets/{OAuthDebugCallback-C94tMjjD.js → OAuthDebugCallback-BX5oTfcp.js} +1 -1
- package/dist/assets/{index-Ci3chsgs.js → index-DFdmJpUY.js} +4 -4
- package/dist/index.html +1 -1
- package/lib/services/assessment/config/annotationPatterns.d.ts.map +1 -1
- package/lib/services/assessment/config/annotationPatterns.js +32 -0
- package/lib/services/assessment/modules/PortabilityAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/PortabilityAssessor.js +3 -1
- package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/ToolAnnotationAssessor.js +60 -5
- package/package.json +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-
|
|
1
|
+
import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-DFdmJpUY.js";
|
|
2
2
|
const OAuthCallback = ({ onConnect }) => {
|
|
3
3
|
const { toast } = useToast();
|
|
4
4
|
const hasProcessedRef = reactExports.useRef(false);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-
|
|
1
|
+
import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-DFdmJpUY.js";
|
|
2
2
|
const OAuthDebugCallback = ({ onConnect }) => {
|
|
3
3
|
reactExports.useEffect(() => {
|
|
4
4
|
let isProcessed = false;
|
|
@@ -16320,7 +16320,7 @@ object({
|
|
|
16320
16320
|
token_type_hint: string().optional()
|
|
16321
16321
|
}).strip();
|
|
16322
16322
|
const name = "@bryan-thompson/inspector-assessment-client";
|
|
16323
|
-
const version$1 = "1.22.
|
|
16323
|
+
const version$1 = "1.22.11";
|
|
16324
16324
|
const packageJson = {
|
|
16325
16325
|
name,
|
|
16326
16326
|
version: version$1
|
|
@@ -45352,7 +45352,7 @@ const useTheme = () => {
|
|
|
45352
45352
|
[theme, setThemeWithSideEffect]
|
|
45353
45353
|
);
|
|
45354
45354
|
};
|
|
45355
|
-
const version = "1.22.
|
|
45355
|
+
const version = "1.22.11";
|
|
45356
45356
|
var [createTooltipContext] = createContextScope("Tooltip", [
|
|
45357
45357
|
createPopperScope
|
|
45358
45358
|
]);
|
|
@@ -59266,13 +59266,13 @@ const App = () => {
|
|
|
59266
59266
|
) });
|
|
59267
59267
|
if (window.location.pathname === "/oauth/callback") {
|
|
59268
59268
|
const OAuthCallback = React.lazy(
|
|
59269
|
-
() => __vitePreload(() => import("./OAuthCallback-
|
|
59269
|
+
() => __vitePreload(() => import("./OAuthCallback-KYOejDDy.js"), true ? [] : void 0)
|
|
59270
59270
|
);
|
|
59271
59271
|
return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
|
|
59272
59272
|
}
|
|
59273
59273
|
if (window.location.pathname === "/oauth/callback/debug") {
|
|
59274
59274
|
const OAuthDebugCallback = React.lazy(
|
|
59275
|
-
() => __vitePreload(() => import("./OAuthDebugCallback-
|
|
59275
|
+
() => __vitePreload(() => import("./OAuthDebugCallback-BX5oTfcp.js"), true ? [] : void 0)
|
|
59276
59276
|
);
|
|
59277
59277
|
return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
|
|
59278
59278
|
}
|
package/dist/index.html
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<link rel="icon" type="image/svg+xml" href="/mcp.svg" />
|
|
6
6
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
7
7
|
<title>MCP Inspector</title>
|
|
8
|
-
<script type="module" crossorigin src="/assets/index-
|
|
8
|
+
<script type="module" crossorigin src="/assets/index-DFdmJpUY.js"></script>
|
|
9
9
|
<link rel="stylesheet" crossorigin href="/assets/index-DiyPO_Zj.css">
|
|
10
10
|
</head>
|
|
11
11
|
<body>
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"annotationPatterns.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/config/annotationPatterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;GAIG;AACH,MAAM,WAAW,uBAAuB;IACtC,iFAAiF;IACjF,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,0FAA0F;IAC1F,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,8FAA8F;IAC9F,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,mFAAmF;IACnF,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,UAAU,GAAG,aAAa,GAAG,OAAO,GAAG,WAAW,GAAG,SAAS,CAAC;IACzE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,WAAW,EAAE,OAAO,CAAC;CACtB;AAED;;;GAGG;AACH,eAAO,MAAM,2BAA2B,EAAE,
|
|
1
|
+
{"version":3,"file":"annotationPatterns.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/config/annotationPatterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;GAIG;AACH,MAAM,WAAW,uBAAuB;IACtC,iFAAiF;IACjF,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,0FAA0F;IAC1F,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,8FAA8F;IAC9F,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,mFAAmF;IACnF,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,UAAU,GAAG,aAAa,GAAG,OAAO,GAAG,WAAW,GAAG,SAAS,CAAC;IACzE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,WAAW,EAAE,OAAO,CAAC;CACtB;AAED;;;GAGG;AACH,eAAO,MAAM,2BAA2B,EAAE,uBAqMzC,CAAC;AAoBF;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,uBAAuB,GAC9B,gBAAgB,CAOlB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,UAAU,CAAC,EAAE,MAAM,GAClB,uBAAuB,CAyBzB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,gBAAgB,GACzB,kBAAkB,CA0DpB;AAOD;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,gBAAgB,CAK7D;AAMD;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,UAAU,GAAG,SAAS,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,gBAAgB,CAAC;IACxB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACvC;AAED;;;GAGG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,EAW3C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,MAAM,EAU5C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,gCAAgC,EAAE,MAAM,EAgCpD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,EAAE,MAAM,EAWnD,CAAC;AAEF;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,MAAM,EAAE,GAClB,wBAAwB,CAuD1B;AAED;;;;;GAKG;AACH,wBAAgB,uCAAuC,CAAC,WAAW,EAAE,MAAM,GAAG;IAC5E,kBAAkB,EAAE,OAAO,CAAC;IAC5B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,CA0BA"}
|
|
@@ -83,6 +83,38 @@ export const DEFAULT_ANNOTATION_PATTERNS = {
|
|
|
83
83
|
"kill-",
|
|
84
84
|
"force_",
|
|
85
85
|
"force-",
|
|
86
|
+
// Command execution tools - can execute arbitrary destructive commands (Issue #17)
|
|
87
|
+
// These override the generic "run_" and "execute_" write patterns
|
|
88
|
+
"run_command",
|
|
89
|
+
"run-command",
|
|
90
|
+
"run_cmd",
|
|
91
|
+
"run-cmd",
|
|
92
|
+
"run_shell",
|
|
93
|
+
"run-shell",
|
|
94
|
+
"exec_command",
|
|
95
|
+
"exec-command",
|
|
96
|
+
"exec_cmd",
|
|
97
|
+
"exec-cmd",
|
|
98
|
+
"exec_shell",
|
|
99
|
+
"exec-shell",
|
|
100
|
+
"execute_command",
|
|
101
|
+
"execute-command",
|
|
102
|
+
"execute_cmd",
|
|
103
|
+
"execute-cmd",
|
|
104
|
+
"execute_shell",
|
|
105
|
+
"execute-shell",
|
|
106
|
+
"shell_command",
|
|
107
|
+
"shell-command",
|
|
108
|
+
"shell_exec",
|
|
109
|
+
"shell-exec",
|
|
110
|
+
"bash_command",
|
|
111
|
+
"bash-command",
|
|
112
|
+
"bash_exec",
|
|
113
|
+
"bash-exec",
|
|
114
|
+
"cmd_execute",
|
|
115
|
+
"cmd-execute",
|
|
116
|
+
"cmd_run",
|
|
117
|
+
"cmd-run",
|
|
86
118
|
],
|
|
87
119
|
write: [
|
|
88
120
|
"create_",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PortabilityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/PortabilityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,qBAAqB,EAGtB,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"PortabilityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/PortabilityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,qBAAqB,EAGtB,MAAM,uBAAuB,CAAC;AA8H/B,qBAAa,mBAAoB,SAAQ,YAAY;IACnD;;OAEG;IACG,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAuHxE;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAiD5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAuE/B;;OAEG;IACH,OAAO,CAAC,QAAQ;IAiIhB;;OAEG;IACH,OAAO,CAAC,cAAc;IAkBtB;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAmClC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAqC3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CAmDhC"}
|
|
@@ -21,7 +21,9 @@ const ISSUE_PATTERNS = {
|
|
|
21
21
|
absoluteUnixPath: /(?<!\$\{__dirname\}|['"])\/(?:usr|home|var|etc|opt|Users|Applications)\/[^\s'"]+/g,
|
|
22
22
|
// Absolute Windows paths (requires valid path chars, excludes escape sequences like \n, \t)
|
|
23
23
|
// Note: Windows drive letters are always uppercase, so /i flag removed to avoid false positives
|
|
24
|
-
|
|
24
|
+
// Negative lookahead (?![ntr0'"bfv]) excludes escape sequences in source code strings
|
|
25
|
+
// e.g., "STDOUT:\n" won't match T:\n as a Windows path
|
|
26
|
+
absoluteWindowsPath: /[A-Z]:\\(?![ntr0'"bfv])[a-zA-Z0-9_\-.\\]+/g,
|
|
25
27
|
// User home directory references
|
|
26
28
|
userHomePath: /(?:~\/|\/Users\/|\/home\/)[^\s'"]+/g,
|
|
27
29
|
// ${BUNDLE_ROOT} anti-pattern
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ToolAnnotationAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ToolAnnotationAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,wBAAwB,EACxB,oBAAoB,EAKpB,uBAAuB,EAExB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,wBAAwB,EAK9B,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"ToolAnnotationAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ToolAnnotationAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,wBAAwB,EACxB,oBAAoB,EAKpB,uBAAuB,EAExB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,wBAAwB,EAK9B,MAAM,8BAA8B,CAAC;AA+atC;;GAEG;AACH,MAAM,WAAW,4BAA6B,SAAQ,oBAAoB;IACxE,eAAe,CAAC,EAAE;QAChB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,oBAAoB,EAAE;YACpB,YAAY,CAAC,EAAE,OAAO,CAAC;YACvB,eAAe,CAAC,EAAE,OAAO,CAAC;YAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;SAC1B,CAAC;QACF,oBAAoB,EAAE,OAAO,CAAC;QAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,MAAM,EAAE,iBAAiB,GAAG,eAAe,CAAC;KAC7C,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gCAAiC,SAAQ,wBAAwB;IAChF,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC5C,cAAc,EAAE,OAAO,CAAC;IACxB,2BAA2B,EAAE,4BAA4B,EAAE,CAAC;CAC7D;AAKD,qBAAa,sBAAuB,SAAQ,YAAY;IACtD,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,kBAAkB,CAAC,CAA2B;gBAE1C,MAAM,EAAE,uBAAuB;IAM3C;;OAEG;IACH,qBAAqB,IAAI,wBAAwB,GAAG,SAAS;IAI7D;;OAEG;IACH,WAAW,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI;IAK7C;;OAEG;IACH,eAAe,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI;IAK/C;;OAEG;IACH,eAAe,IAAI,OAAO;IAO1B;;OAEG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,wBAAwB,GAAG,gCAAgC,CAAC;IA+UvE;;OAEG;YACW,0BAA0B;IA+IxC;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAiCnC;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAoFvC;;;;OAIG;IACH,OAAO,CAAC,UAAU;IA0IlB;;;OAGG;IACH,OAAO,CAAC,2BAA2B;IA2DnC;;;;;;;;;OASG;IACH,OAAO,CAAC,kBAAkB;IAyE1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAuBzB;;;OAGG;IACH,OAAO,CAAC,aAAa;IA+KrB;;;OAGG;IACH,OAAO,CAAC,yBAAyB;IA0DjC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAiDxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmC3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CA2ChC"}
|
|
@@ -61,6 +61,27 @@ const READONLY_CONTRADICTION_KEYWORDS = [
|
|
|
61
61
|
"kill",
|
|
62
62
|
"terminate",
|
|
63
63
|
];
|
|
64
|
+
/**
|
|
65
|
+
* Suffixes that exempt "run" from readOnlyHint contradiction detection.
|
|
66
|
+
* Tools matching "run" + these suffixes are legitimately read-only (fetch analysis data).
|
|
67
|
+
* Issue #18: browser-tools-mcp uses runAccessibilityAudit, runSEOAudit, etc.
|
|
68
|
+
*/
|
|
69
|
+
const RUN_READONLY_EXEMPT_SUFFIXES = [
|
|
70
|
+
"audit", // runAccessibilityAudit, runPerformanceAudit, runSEOAudit
|
|
71
|
+
"check", // runHealthCheck, runSecurityCheck
|
|
72
|
+
"mode", // runAuditMode, runDebuggerMode
|
|
73
|
+
"test", // runTest, runUnitTest (analysis, not execution)
|
|
74
|
+
"scan", // runSecurityScan, runVulnerabilityScan
|
|
75
|
+
"analyze", // runAnalyze, runCodeAnalyze
|
|
76
|
+
"report", // runReport, runStatusReport
|
|
77
|
+
"status", // runStatus, runHealthStatus
|
|
78
|
+
"validate", // runValidate, runSchemaValidate
|
|
79
|
+
"verify", // runVerify, runIntegrityVerify
|
|
80
|
+
"inspect", // runInspect, runCodeInspect
|
|
81
|
+
"lint", // runLint, runEslint
|
|
82
|
+
"benchmark", // runBenchmark, runPerfBenchmark
|
|
83
|
+
"diagnostic", // runDiagnostic
|
|
84
|
+
];
|
|
64
85
|
/** Keywords that contradict destructiveHint=false (these tools delete/destroy data) */
|
|
65
86
|
const DESTRUCTIVE_CONTRADICTION_KEYWORDS = [
|
|
66
87
|
"delete",
|
|
@@ -92,6 +113,20 @@ function containsKeyword(toolName, keywords) {
|
|
|
92
113
|
}
|
|
93
114
|
return null;
|
|
94
115
|
}
|
|
116
|
+
/**
|
|
117
|
+
* Check if a tool name with "run" keyword is exempt from readOnlyHint contradiction.
|
|
118
|
+
* Tools like "runAccessibilityAudit" are genuinely read-only (fetch analysis data).
|
|
119
|
+
* Issue #18: Prevents false positives for analysis/audit tools.
|
|
120
|
+
*/
|
|
121
|
+
function isRunKeywordExempt(toolName) {
|
|
122
|
+
const lowerName = toolName.toLowerCase();
|
|
123
|
+
// Only applies when "run" is detected
|
|
124
|
+
if (!lowerName.includes("run")) {
|
|
125
|
+
return false;
|
|
126
|
+
}
|
|
127
|
+
// Check if any exempt suffix is present
|
|
128
|
+
return RUN_READONLY_EXEMPT_SUFFIXES.some((suffix) => lowerName.includes(suffix));
|
|
129
|
+
}
|
|
95
130
|
/**
|
|
96
131
|
* Type guard for confidence levels that warrant event emission or status changes.
|
|
97
132
|
* Uses positive check for acceptable levels (safer than !== "low" if new levels added).
|
|
@@ -108,11 +143,19 @@ function detectAnnotationDeception(toolName, annotations) {
|
|
|
108
143
|
if (annotations.readOnlyHint === true) {
|
|
109
144
|
const keyword = containsKeyword(toolName, READONLY_CONTRADICTION_KEYWORDS);
|
|
110
145
|
if (keyword) {
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
146
|
+
// Issue #18: Skip deception flagging for "run" + analysis suffix combinations
|
|
147
|
+
// Tools like "runAccessibilityAudit" are genuinely read-only
|
|
148
|
+
if (keyword === "run" && isRunKeywordExempt(toolName)) {
|
|
149
|
+
// Tool matches "run" but has an analysis suffix - not deceptive
|
|
150
|
+
// Fall through to normal pattern-based inference
|
|
151
|
+
}
|
|
152
|
+
else {
|
|
153
|
+
return {
|
|
154
|
+
field: "readOnlyHint",
|
|
155
|
+
matchedKeyword: keyword,
|
|
156
|
+
reason: `Tool name contains '${keyword}' but claims readOnlyHint=true - this is likely deceptive`,
|
|
157
|
+
};
|
|
158
|
+
}
|
|
116
159
|
}
|
|
117
160
|
}
|
|
118
161
|
// Check destructiveHint=false contradiction
|
|
@@ -1088,6 +1131,18 @@ export class ToolAnnotationAssessor extends BaseAssessor {
|
|
|
1088
1131
|
*/
|
|
1089
1132
|
inferBehavior(toolName, description) {
|
|
1090
1133
|
const lowerDesc = (description || "").toLowerCase();
|
|
1134
|
+
// Issue #18: Early check for run + analysis suffix pattern
|
|
1135
|
+
// Tools like "runAccessibilityAudit" are genuinely read-only (fetch analysis data)
|
|
1136
|
+
// Check this BEFORE pattern matching to override the generic "run_" write pattern
|
|
1137
|
+
if (isRunKeywordExempt(toolName)) {
|
|
1138
|
+
return {
|
|
1139
|
+
expectedReadOnly: true,
|
|
1140
|
+
expectedDestructive: false,
|
|
1141
|
+
reason: `Tool name contains 'run' with analysis suffix (audit, check, scan, etc.) - this is a read-only analysis operation`,
|
|
1142
|
+
confidence: "medium",
|
|
1143
|
+
isAmbiguous: false,
|
|
1144
|
+
};
|
|
1145
|
+
}
|
|
1091
1146
|
// Use the configurable pattern matching system
|
|
1092
1147
|
const patternMatch = matchToolPattern(toolName, this.compiledPatterns);
|
|
1093
1148
|
// Handle pattern match results
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bryan-thompson/inspector-assessment-client",
|
|
3
|
-
"version": "1.22.
|
|
3
|
+
"version": "1.22.12",
|
|
4
4
|
"description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Bryan Thompson <bryan@triepod.ai>",
|