npm - @bryan-thompson/inspector-assessment-client - Versions diffs - 1.22.13 → 1.22.16 - Mend

@bryan-thompson/inspector-assessment-client 1.22.13 → 1.22.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/dist/assets/{OAuthCallback-CZrJlcLn.js → OAuthCallback-DNYBkA2C.js} +1 -1
package/dist/assets/{OAuthDebugCallback-DjI-YxME.js → OAuthDebugCallback-EhdSHXee.js} +1 -1
package/dist/assets/{index-_w0OL9Gt.js → index-BRiFDs-g.js} +21 -14
package/dist/index.html +1 -1
package/lib/lib/assessment/configTypes.d.ts +70 -0
package/lib/lib/assessment/configTypes.d.ts.map +1 -0
package/lib/lib/assessment/configTypes.js +194 -0
package/lib/lib/assessment/constants.d.ts +10 -0
package/lib/lib/assessment/constants.d.ts.map +1 -0
package/lib/lib/assessment/constants.js +61 -0
package/lib/lib/assessment/coreTypes.d.ts +159 -0
package/lib/lib/assessment/coreTypes.d.ts.map +1 -0
package/lib/lib/assessment/coreTypes.js +101 -0
package/lib/lib/assessment/extendedTypes.d.ts +415 -0
package/lib/lib/assessment/extendedTypes.d.ts.map +1 -0
package/lib/lib/assessment/extendedTypes.js +9 -0
package/lib/lib/assessment/index.d.ts +23 -0
package/lib/lib/assessment/index.d.ts.map +1 -0
package/lib/lib/assessment/index.js +48 -0
package/lib/lib/assessment/progressTypes.d.ts +160 -0
package/lib/lib/assessment/progressTypes.d.ts.map +1 -0
package/lib/lib/assessment/progressTypes.js +9 -0
package/lib/lib/assessment/resultTypes.d.ts +568 -0
package/lib/lib/assessment/resultTypes.d.ts.map +1 -0
package/lib/lib/assessment/resultTypes.js +9 -0
package/lib/lib/assessmentTypes.d.ts +20 -1248
package/lib/lib/assessmentTypes.d.ts.map +1 -1
package/lib/lib/assessmentTypes.js +21 -287
package/lib/services/assessment/AssessmentOrchestrator.d.ts +5 -0
package/lib/services/assessment/AssessmentOrchestrator.d.ts.map +1 -1
package/lib/services/assessment/AssessmentOrchestrator.js +24 -6
package/lib/services/assessment/lib/concurrencyLimit.d.ts +12 -0
package/lib/services/assessment/lib/concurrencyLimit.d.ts.map +1 -1
package/lib/services/assessment/lib/concurrencyLimit.js +22 -0
package/lib/services/assessment/lib/logger.d.ts +98 -0
package/lib/services/assessment/lib/logger.d.ts.map +1 -0
package/lib/services/assessment/lib/logger.js +153 -0
package/lib/services/assessment/modules/BaseAssessor.d.ts +2 -2
package/lib/services/assessment/modules/BaseAssessor.d.ts.map +1 -1
package/lib/services/assessment/modules/SecurityAssessor.d.ts.map +1 -1
package/lib/services/assessment/modules/SecurityAssessor.js +10 -5
package/lib/services/assessment/modules/ToolAnnotationAssessor.js +1 -1
package/package.json +1 -1

package/lib/lib/assessment/progressTypes.d.ts ADDED Viewed

@@ -0,0 +1,160 @@
+/**
+ * Progress Event Types
+ *
+ * Types for real-time test progress tracking during assessment.
+ * Used by CLI to emit batched JSONL events.
+ *
+ * @module assessment/progressTypes
+ */
+import type { AssessmentStatus, InferenceConfidence } from "./coreTypes.js";
+/**
+ * Progress callback for assessment modules to report test execution progress.
+ * Used by CLI to emit batched JSONL events.
+ */
+export interface ProgressCallback {
+    (event: ProgressEvent): void;
+}
+/**
+ * Union type for all progress events emitted during assessment.
+ */
+export type ProgressEvent = ModuleStartedProgress | TestBatchProgress | ModuleCompleteProgress | VulnerabilityFoundProgress | AnnotationMissingProgress | AnnotationMisalignedProgress | AnnotationReviewRecommendedProgress | AnnotationPoisonedProgress | AnnotationAlignedProgress;
+/**
+ * Emitted when an assessment module begins execution.
+ */
+export interface ModuleStartedProgress {
+    type: "module_started";
+    module: string;
+    estimatedTests: number;
+    toolCount: number;
+}
+/**
+ * Emitted periodically during module execution with batched test results.
+ * Batching reduces event volume for large assessments.
+ */
+export interface TestBatchProgress {
+    type: "test_batch";
+    module: string;
+    completed: number;
+    total: number;
+    batchSize: number;
+    elapsed: number;
+}
+/**
+ * Emitted when an assessment module completes with final stats.
+ */
+export interface ModuleCompleteProgress {
+    type: "module_complete";
+    module: string;
+    status: AssessmentStatus;
+    score: number;
+    testsRun: number;
+    duration: number;
+}
+/**
+ * Emitted when a security vulnerability is detected during assessment.
+ * Provides real-time alerts for security findings.
+ */
+export interface VulnerabilityFoundProgress {
+    type: "vulnerability_found";
+    tool: string;
+    pattern: string;
+    confidence: "high" | "medium" | "low";
+    evidence: string;
+    riskLevel: "HIGH" | "MEDIUM" | "LOW";
+    requiresReview: boolean;
+    payload?: string;
+}
+/**
+ * Tool parameter metadata for annotation events.
+ * Reusable type matching jsonl-events.ts ToolParam.
+ */
+export interface ToolParamProgress {
+    name: string;
+    type: string;
+    required: boolean;
+    description?: string;
+}
+/**
+ * Emitted when a tool is missing required annotations.
+ * Provides real-time alerts during annotation assessment.
+ */
+export interface AnnotationMissingProgress {
+    type: "annotation_missing";
+    tool: string;
+    title?: string;
+    description?: string;
+    parameters: ToolParamProgress[];
+    inferredBehavior: {
+        expectedReadOnly: boolean;
+        expectedDestructive: boolean;
+        reason: string;
+    };
+}
+/**
+ * Emitted when tool annotations don't match inferred behavior.
+ * Provides real-time alerts during annotation assessment.
+ */
+export interface AnnotationMisalignedProgress {
+    type: "annotation_misaligned";
+    tool: string;
+    title?: string;
+    description?: string;
+    parameters: ToolParamProgress[];
+    field: "readOnlyHint" | "destructiveHint";
+    actual: boolean | undefined;
+    expected: boolean;
+    confidence: number;
+    reason: string;
+}
+/**
+ * Emitted when annotation alignment cannot be confidently determined.
+ * Used for ambiguous patterns like store_*, queue_*, cache_* where behavior
+ * varies by implementation context. Does not indicate a failure - just flags
+ * for human review.
+ */
+export interface AnnotationReviewRecommendedProgress {
+    type: "annotation_review_recommended";
+    tool: string;
+    title?: string;
+    description?: string;
+    parameters: ToolParamProgress[];
+    field: "readOnlyHint" | "destructiveHint";
+    actual: boolean | undefined;
+    inferred: boolean;
+    confidence: InferenceConfidence;
+    isAmbiguous: boolean;
+    reason: string;
+}
+/**
+ * Emitted when tool description contains poisoning patterns (Issue #8).
+ * Indicates potential prompt injection or malicious instructions in tool metadata.
+ */
+export interface AnnotationPoisonedProgress {
+    type: "annotation_poisoned";
+    tool: string;
+    description?: string;
+    patterns: Array<{
+        name: string;
+        pattern: string;
+        severity: "LOW" | "MEDIUM" | "HIGH";
+        category: string;
+        evidence: string;
+    }>;
+    riskLevel: "NONE" | "LOW" | "MEDIUM" | "HIGH";
+}
+/**
+ * Emitted when tool annotations correctly match inferred behavior.
+ * Provides real-time confirmation during annotation assessment.
+ */
+export interface AnnotationAlignedProgress {
+    type: "annotation_aligned";
+    tool: string;
+    confidence: "high" | "medium" | "low";
+    annotations: {
+        readOnlyHint?: boolean;
+        destructiveHint?: boolean;
+        openWorldHint?: boolean;
+        idempotentHint?: boolean;
+    };
+}
+//# sourceMappingURL=progressTypes.d.ts.map

package/lib/lib/assessment/progressTypes.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"progressTypes.d.ts","sourceRoot":"","sources":["../../../src/lib/assessment/progressTypes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAEzE;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,qBAAqB,GACrB,iBAAiB,GACjB,sBAAsB,GACtB,0BAA0B,GAC1B,yBAAyB,GACzB,4BAA4B,GAC5B,mCAAmC,GACnC,0BAA0B,GAC1B,yBAAyB,CAAC;AAE9B;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,gBAAgB,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,YAAY,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,gBAAgB,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACrC,cAAc,EAAE,OAAO,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,oBAAoB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,gBAAgB,EAAE;QAChB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C,IAAI,EAAE,uBAAuB,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,KAAK,EAAE,cAAc,GAAG,iBAAiB,CAAC;IAC1C,MAAM,EAAE,OAAO,GAAG,SAAS,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,MAAM,WAAW,mCAAmC;IAClD,IAAI,EAAE,+BAA+B,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,KAAK,EAAE,cAAc,GAAG,iBAAiB,CAAC;IAC1C,MAAM,EAAE,OAAO,GAAG,SAAS,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,mBAAmB,CAAC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC/C;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,oBAAoB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,WAAW,EAAE;QACX,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,CAAC;CACH"}

package/lib/lib/assessment/progressTypes.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Progress Event Types
+ *
+ * Types for real-time test progress tracking during assessment.
+ * Used by CLI to emit batched JSONL events.
+ *
+ * @module assessment/progressTypes
+ */
+export {};