@bryan-thompson/inspector-assessment-client 1.22.14 → 1.22.16

package/lib/services/assessment/lib/logger.d.ts

@@ -0,0 +1,98 @@
+/**
+ * Structured Logger for Assessment Modules
+ *
+ * Provides configurable logging with level filtering, structured context,
+ * and consistent formatting across all assessment modules.
+ *
+ * IMPORTANT: This logger outputs to stdout. JSONL events (module_started,
+ * module_complete, etc.) use stderr via console.error() and should NOT
+ * be routed through this logger.
+ */
+export type LogLevel = "silent" | "error" | "warn" | "info" | "debug";
+/**
+ * Logging configuration for assessment runs.
+ * Controls verbosity and output format of diagnostic messages.
+ */
+export interface LoggingConfig {
+    /**
+     * Log level threshold. Messages below this level are suppressed.
+     * - 'silent': No output
+     * - 'error': Only errors
+     * - 'warn': Errors and warnings
+     * - 'info': Normal operational messages (default)
+     * - 'debug': Detailed diagnostic output
+     */
+    level: LogLevel;
+    /**
+     * Output format.
+     * - 'text': Human-readable prefixed messages (default)
+     * - 'json': Machine-parseable JSON lines
+     */
+    format?: "text" | "json";
+    /**
+     * Include ISO timestamp in each message.
+     * Default: false
+     */
+    includeTimestamp?: boolean;
+}
+/**
+ * Logger interface for assessment modules.
+ * Provides structured logging with context support.
+ */
+export interface Logger {
+    /**
+     * Log debug-level message (most verbose).
+     * Use for detailed diagnostic information during development.
+     */
+    debug(message: string, context?: Record<string, unknown>): void;
+    /**
+     * Log info-level message (normal operations).
+     * Use for significant events during normal operation.
+     */
+    info(message: string, context?: Record<string, unknown>): void;
+    /**
+     * Log warning-level message (potential issues).
+     * Use for recoverable issues or unexpected but handled conditions.
+     */
+    warn(message: string, context?: Record<string, unknown>): void;
+    /**
+     * Log error-level message (failures).
+     * Use for errors that may affect assessment results.
+     */
+    error(message: string, context?: Record<string, unknown>): void;
+    /**
+     * Create a child logger with a combined prefix.
+     * Useful for sub-components that need their own namespace.
+     */
+    child(name: string): Logger;
+    /**
+     * Check if a level would be logged.
+     * Use to avoid expensive operations when logging is disabled.
+     */
+    isLevelEnabled(level: LogLevel): boolean;
+}
+/**
+ * Default configuration for logging.
+ */
+export declare const DEFAULT_LOGGING_CONFIG: LoggingConfig;
+/**
+ * Create a logger instance with the given prefix and configuration.
+ *
+ * @param prefix - Logger prefix (typically module name)
+ * @param config - Optional logging configuration
+ * @returns Logger instance
+ *
+ * @example
+ * ```typescript
+ * const logger = createLogger('SecurityAssessor', { level: 'debug' });
+ * logger.info('Starting assessment', { toolCount: 5 });
+ * // Output: [SecurityAssessor] Starting assessment {"toolCount":5}
+ * ```
+ */
+export declare function createLogger(prefix: string, config?: Partial<LoggingConfig>): Logger;
+/**
+ * Create a silent logger that produces no output.
+ * Useful for tests or when logging should be completely disabled.
+ */
+export declare function createSilentLogger(): Logger;
+//# sourceMappingURL=logger.d.ts.map

package/lib/services/assessment/lib/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/lib/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAEtE;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;OAOG;IACH,KAAK,EAAE,QAAQ,CAAC;IAEhB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAEzB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;GAGG;AACH,MAAM,WAAW,MAAM;IACrB;;;OAGG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAEhE;;;OAGG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE/D;;;OAGG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE/D;;;OAGG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAEhE;;;OAGG;IACH,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IAE5B;;;OAGG;IACH,cAAc,CAAC,KAAK,EAAE,QAAQ,GAAG,OAAO,CAAC;CAC1C;AAED;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,aAIpC,CAAC;AAiDF;;;;;;;;;;;;;GAaG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC9B,MAAM,CA0FR;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C"}

package/lib/services/assessment/lib/logger.js

@@ -0,0 +1,153 @@
+/**
+ * Structured Logger for Assessment Modules
+ *
+ * Provides configurable logging with level filtering, structured context,
+ * and consistent formatting across all assessment modules.
+ *
+ * IMPORTANT: This logger outputs to stdout. JSONL events (module_started,
+ * module_complete, etc.) use stderr via console.error() and should NOT
+ * be routed through this logger.
+ */
+/**
+ * Default configuration for logging.
+ */
+export const DEFAULT_LOGGING_CONFIG = {
+    level: "info",
+    format: "text",
+    includeTimestamp: false,
+};
+/**
+ * Log level priority mapping.
+ * Higher numbers are more verbose.
+ */
+const LOG_LEVEL_PRIORITY = {
+    silent: 0,
+    error: 1,
+    warn: 2,
+    info: 3,
+    debug: 4,
+};
+/**
+ * Safely serialize a value for logging.
+ * Handles circular references and error objects.
+ */
+function safeSerialize(value) {
+    if (value instanceof Error) {
+        return {
+            name: value.name,
+            message: value.message,
+            stack: value.stack,
+        };
+    }
+    return value;
+}
+/**
+ * Format context object for text output.
+ */
+function formatContext(context) {
+    if (!context || Object.keys(context).length === 0) {
+        return "";
+    }
+    try {
+        // Serialize with safe handling of special values
+        const serializable = {};
+        for (const [key, value] of Object.entries(context)) {
+            serializable[key] = safeSerialize(value);
+        }
+        return " " + JSON.stringify(serializable);
+    }
+    catch {
+        return " [context serialization failed]";
+    }
+}
+/**
+ * Create a logger instance with the given prefix and configuration.
+ *
+ * @param prefix - Logger prefix (typically module name)
+ * @param config - Optional logging configuration
+ * @returns Logger instance
+ *
+ * @example
+ * ```typescript
+ * const logger = createLogger('SecurityAssessor', { level: 'debug' });
+ * logger.info('Starting assessment', { toolCount: 5 });
+ * // Output: [SecurityAssessor] Starting assessment {"toolCount":5}
+ * ```
+ */
+export function createLogger(prefix, config) {
+    const finalConfig = {
+        ...DEFAULT_LOGGING_CONFIG,
+        ...config,
+    };
+    const threshold = LOG_LEVEL_PRIORITY[finalConfig.level];
+    function shouldLog(level) {
+        return LOG_LEVEL_PRIORITY[level] <= threshold;
+    }
+    function emit(level, message, context) {
+        if (!shouldLog(level)) {
+            return;
+        }
+        const timestamp = finalConfig.includeTimestamp
+            ? new Date().toISOString()
+            : null;
+        if (finalConfig.format === "json") {
+            // JSON format for machine parsing
+            const logEntry = {
+                level,
+                prefix,
+                message,
+            };
+            if (timestamp) {
+                logEntry.timestamp = timestamp;
+            }
+            if (context && Object.keys(context).length > 0) {
+                const serializable = {};
+                for (const [key, value] of Object.entries(context)) {
+                    serializable[key] = safeSerialize(value);
+                }
+                logEntry.context = serializable;
+            }
+            // Output to stdout (NOT stderr - that's reserved for JSONL events)
+            console.log(JSON.stringify(logEntry));
+        }
+        else {
+            // Text format for human reading
+            let output = "";
+            if (timestamp) {
+                output += `[${timestamp}] `;
+            }
+            output += `[${prefix}] ${message}`;
+            output += formatContext(context);
+            // Output to stdout (NOT stderr - that's reserved for JSONL events)
+            console.log(output);
+        }
+    }
+    const logger = {
+        debug(message, context) {
+            emit("debug", message, context);
+        },
+        info(message, context) {
+            emit("info", message, context);
+        },
+        warn(message, context) {
+            emit("warn", message, context);
+        },
+        error(message, context) {
+            emit("error", message, context);
+        },
+        child(name) {
+            return createLogger(`${prefix}:${name}`, finalConfig);
+        },
+        isLevelEnabled(level) {
+            return shouldLog(level);
+        },
+    };
+    return logger;
+}
+/**
+ * Create a silent logger that produces no output.
+ * Useful for tests or when logging should be completely disabled.
+ */
+export function createSilentLogger() {
+    return createLogger("", { level: "silent" });
+}

package/lib/services/assessment/modules/BaseAssessor.d.ts

@@ -4,14 +4,14 @@
  */
 import { AssessmentConfiguration, AssessmentStatus } from "../../../lib/assessmentTypes.js";
 import { AssessmentContext } from "../AssessmentOrchestrator.js";
-export declare abstract class BaseAssessor {
+export declare abstract class BaseAssessor<T = unknown> {
     protected config: AssessmentConfiguration;
     protected testCount: number;
     constructor(config: AssessmentConfiguration);
     /**
      * Abstract method that each assessor must implement
      */
-    abstract assess(context: AssessmentContext): Promise<any>;
+    abstract assess(context: AssessmentContext): Promise<T>;
     /**
      * Common method to determine status based on pass rate
      */

package/lib/services/assessment/modules/BaseAssessor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"BaseAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/BaseAssessor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EACvB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,8BAAsB,YAAY;IAChC,SAAS,CAAC,MAAM,EAAE,uBAAuB,CAAC;IAC1C,SAAS,CAAC,SAAS,EAAE,MAAM,CAAK;gBAEpB,MAAM,EAAE,uBAAuB;IAI3C;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC;IAEzD;;OAEG;IACH,SAAS,CAAC,eAAe,CACvB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,SAAS,GAAE,MAAY,GACtB,gBAAgB;IAUnB;;OAEG;IACH,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIpC;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,GAAG,IAAI;IAItD;;OAEG;IACH,YAAY,IAAI,MAAM;IAItB;;OAEG;IACH,cAAc,IAAI,IAAI;IAItB;;OAEG;IACH,SAAS,CAAC,gBAAgB,CACxB,OAAO,EAAE,MAAM,uBAAuB,CAAC,sBAAsB,CAAC,GAC7D,OAAO;IAIV;;OAEG;cACa,KAAK,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhD;;OAEG;cACa,kBAAkB,CAAC,CAAC,EAClC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EACnB,SAAS,GAAE,MAAgC,GAC1C,OAAO,CAAC,CAAC,CAAC;IAWb;;OAEG;IACH,SAAS,CAAC,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG;IAS1C;;OAEG;IACH,SAAS,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM;IAejD;;;;;;OAMG;IACH,SAAS,CAAC,eAAe,CACvB,QAAQ,EAAE,GAAG,EACb,UAAU,GAAE,OAAe,GAC1B,OAAO;IA8CV;;OAEG;IACH,SAAS,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,GAAG;QACzC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB;CAqBF"}
+{"version":3,"file":"BaseAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/BaseAssessor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EACvB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,8BAAsB,YAAY,CAAC,CAAC,GAAG,OAAO;IAC5C,SAAS,CAAC,MAAM,EAAE,uBAAuB,CAAC;IAC1C,SAAS,CAAC,SAAS,EAAE,MAAM,CAAK;gBAEpB,MAAM,EAAE,uBAAuB;IAI3C;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,CAAC,CAAC;IAEvD;;OAEG;IACH,SAAS,CAAC,eAAe,CACvB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,SAAS,GAAE,MAAY,GACtB,gBAAgB;IAUnB;;OAEG;IACH,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIpC;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,GAAG,IAAI;IAItD;;OAEG;IACH,YAAY,IAAI,MAAM;IAItB;;OAEG;IACH,cAAc,IAAI,IAAI;IAItB;;OAEG;IACH,SAAS,CAAC,gBAAgB,CACxB,OAAO,EAAE,MAAM,uBAAuB,CAAC,sBAAsB,CAAC,GAC7D,OAAO;IAIV;;OAEG;cACa,KAAK,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhD;;OAEG;cACa,kBAAkB,CAAC,CAAC,EAClC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EACnB,SAAS,GAAE,MAAgC,GAC1C,OAAO,CAAC,CAAC,CAAC;IAWb;;OAEG;IACH,SAAS,CAAC,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG;IAS1C;;OAEG;IACH,SAAS,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM;IAejD;;;;;;OAMG;IACH,SAAS,CAAC,eAAe,CACvB,QAAQ,EAAE,GAAG,EACb,UAAU,GAAE,OAAe,GAC1B,OAAO;IA8CV;;OAEG;IACH,SAAS,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,GAAG;QACzC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB;CAqBF"}

package/lib/services/assessment/modules/SecurityAssessor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/SecurityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,kBAAkB,EAInB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAc9D,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,iBAAiB,CAAuC;IAC1D,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuFrE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;;OAIG;YACW,yBAAyB;IAuKvC;;;;OAIG;YACW,qBAAqB;IA4JnC;;OAEG;YACW,WAAW;IA2HzB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAgDzB;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAiDtC;;OAEG;IACH,OAAO,CAAC,aAAa;IA+BrB;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAgClC;;;OAGG;IACH,OAAO,CAAC,eAAe;IAuIvB;;;;;;;OAOG;IACH,OAAO,CAAC,qBAAqB;IAiE7B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IAqC5B;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAsB3B;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IA8E5B;;OAEG;YACW,+BAA+B;IAiC7C;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0B/B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAkEnC;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAuI3B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAsB5B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,oBAAoB;IAoN5B;;;;;;;;;OASG;IACH,OAAO,CAAC,wBAAwB;IAwDhC;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAuBtC;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,oBAAoB;IAoH5B;;OAEG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,CAAC,eAAe;IASvB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;CAmB3B"}
+{"version":3,"file":"SecurityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/SecurityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,kBAAkB,EAInB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAc9D,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,iBAAiB,CAAuC;IAC1D,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuFrE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;;OAIG;YACW,yBAAyB;IA2KvC;;;;OAIG;YACW,qBAAqB;IA4JnC;;OAEG;YACW,WAAW;IA4HzB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAgDzB;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAiDtC;;OAEG;IACH,OAAO,CAAC,aAAa;IA+BrB;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAgClC;;;OAGG;IACH,OAAO,CAAC,eAAe;IAuIvB;;;;;;;OAOG;IACH,OAAO,CAAC,qBAAqB;IAiE7B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IAqC5B;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAsB3B;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IA8E5B;;OAEG;YACW,+BAA+B;IAiC7C;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0B/B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAkEnC;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAuI3B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAsB5B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,oBAAoB;IAoN5B;;;;;;;;;OASG;IACH,OAAO,CAAC,wBAAwB;IAwDhC;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAuBtC;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,oBAAoB;IAoH5B;;OAEG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,CAAC,eAAe;IASvB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;CAmB3B"}

package/lib/services/assessment/modules/SecurityAssessor.js

@@ -124,8 +124,12 @@ export class SecurityAssessor extends BaseAssessor {
         // Parallel tool testing with concurrency limit
         const concurrency = this.config.maxParallelTests ?? 5;
         const limit = createConcurrencyLimit(concurrency);
-        // Progress tracking for batched events
-        const totalEstimate = toolsToTest.length * attackPatterns.length * 3; // ~3 payloads per pattern
+        // Progress tracking for batched events - pre-calculate exact payload count
+        let totalPayloads = 0;
+        for (const pattern of attackPatterns) {
+            totalPayloads += getPayloadsForAttack(pattern.attackName).length;
+        }
+        const totalEstimate = toolsToTest.length * totalPayloads;
         let completedTests = 0;
         let lastBatchTime = Date.now();
         const startTime = Date.now();
@@ -377,8 +381,9 @@ export class SecurityAssessor extends BaseAssessor {
                     evidence: "No compatible parameters for testing",
                 };
             }
-            // Execute tool call
-            const response = await this.executeWithTimeout(callTool(tool.name, params), 5000);
+            // Execute tool call with configurable timeout (default 5000ms for fast payload testing)
+            const securityTimeout = this.config.securityTestTimeout ?? 5000;
+            const response = await this.executeWithTimeout(callTool(tool.name, params), securityTimeout);
             // Check for connection errors FIRST (before vulnerability analysis)
             if (this.isConnectionError(response)) {
                 return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-client",
-  "version": "1.22.14",
+  "version": "1.22.16",
   "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",