@bryan-thompson/inspector-assessment-client 1.22.14 → 1.23.0

package/dist/index.html

@@ -5,8 +5,8 @@
     <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MCP Inspector</title>
-    <script type="module" crossorigin src="/assets/index-B55OPPJA.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-DiyPO_Zj.css">
+    <script type="module" crossorigin src="/assets/index-DkE5fYd3.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-Df9Sx1jt.css">
   </head>
   <body>
     <div id="root" class="w-full"></div>

package/lib/lib/assessment/configTypes.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Assessment Configuration Types
+ *
+ * Configuration interfaces and preset configurations for assessments.
+ *
+ * @module assessment/configTypes
+ */
+import { LoggingConfig, LogLevel, DEFAULT_LOGGING_CONFIG } from "../../services/assessment/lib/logger.js";
+export type { LoggingConfig, LogLevel };
+export { DEFAULT_LOGGING_CONFIG };
+/**
+ * Claude Code Bridge Configuration
+ * Enables integration with Claude Code CLI for intelligent analysis
+ */
+export interface ClaudeCodeConfig {
+    enabled: boolean;
+    features: {
+        intelligentTestGeneration: boolean;
+        aupSemanticAnalysis: boolean;
+        annotationInference: boolean;
+        documentationQuality: boolean;
+    };
+    timeout: number;
+    workingDir?: string;
+    maxRetries?: number;
+}
+export interface AssessmentConfiguration {
+    testTimeout: number;
+    /** Security-specific test timeout in ms (default: 5000). Lower than testTimeout for fast payload testing. */
+    securityTestTimeout?: number;
+    delayBetweenTests?: number;
+    skipBrokenTools: boolean;
+    reviewerMode?: boolean;
+    enableExtendedAssessment?: boolean;
+    documentationVerbosity?: "minimal" | "standard" | "verbose";
+    parallelTesting?: boolean;
+    maxParallelTests?: number;
+    scenariosPerTool?: number;
+    maxToolsToTestForErrors?: number;
+    selectedToolsForTesting?: string[];
+    securityPatternsToTest?: number;
+    enableDomainTesting?: boolean;
+    mcpProtocolVersion?: string;
+    enableSourceCodeAnalysis?: boolean;
+    patternConfigPath?: string;
+    claudeCode?: ClaudeCodeConfig;
+    temporalInvocations?: number;
+    /** Logging configuration for diagnostic output */
+    logging?: LoggingConfig;
+    assessmentCategories?: {
+        functionality: boolean;
+        security: boolean;
+        documentation: boolean;
+        errorHandling: boolean;
+        usability: boolean;
+        mcpSpecCompliance?: boolean;
+        aupCompliance?: boolean;
+        toolAnnotations?: boolean;
+        prohibitedLibraries?: boolean;
+        manifestValidation?: boolean;
+        portability?: boolean;
+        externalAPIScanner?: boolean;
+        authentication?: boolean;
+        temporal?: boolean;
+        resources?: boolean;
+        prompts?: boolean;
+        crossCapability?: boolean;
+    };
+}
+export declare const DEFAULT_ASSESSMENT_CONFIG: AssessmentConfiguration;
+export declare const REVIEWER_MODE_CONFIG: AssessmentConfiguration;
+export declare const DEVELOPER_MODE_CONFIG: AssessmentConfiguration;
+export declare const AUDIT_MODE_CONFIG: AssessmentConfiguration;
+export declare const CLAUDE_ENHANCED_AUDIT_CONFIG: AssessmentConfiguration;
+//# sourceMappingURL=configTypes.d.ts.map

package/lib/lib/assessment/configTypes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"configTypes.d.ts","sourceRoot":"","sources":["../../../src/lib/assessment/configTypes.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,aAAa,EACb,QAAQ,EACR,sBAAsB,EACvB,MAAM,kCAAkC,CAAC;AAG1C,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAC;AACxC,OAAO,EAAE,sBAAsB,EAAE,CAAC;AAElC;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE;QACR,yBAAyB,EAAE,OAAO,CAAC;QACnC,mBAAmB,EAAE,OAAO,CAAC;QAC7B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,oBAAoB,EAAE,OAAO,CAAC;KAC/B,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,6GAA6G;IAC7G,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IAEzB,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC,sBAAsB,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,SAAS,CAAC;IAI5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,kDAAkD;IAClD,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,oBAAoB,CAAC,EAAE;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,QAAQ,EAAE,OAAO,CAAC;QAClB,aAAa,EAAE,OAAO,CAAC;QACvB,aAAa,EAAE,OAAO,CAAC;QACvB,SAAS,EAAE,OAAO,CAAC;QACnB,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAE5B,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;QAEnB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;CACH;AAMD,eAAO,MAAM,yBAAyB,EAAE,uBAiCvC,CAAC;AAIF,eAAO,MAAM,oBAAoB,EAAE,uBAkClC,CAAC;AAGF,eAAO,MAAM,qBAAqB,EAAE,uBAiCnC,CAAC;AAIF,eAAO,MAAM,iBAAiB,EAAE,uBAiC/B,CAAC;AAIF,eAAO,MAAM,4BAA4B,EAAE,uBA4C1C,CAAC"}

package/lib/lib/assessment/configTypes.js

@@ -0,0 +1,201 @@
+/**
+ * Assessment Configuration Types
+ *
+ * Configuration interfaces and preset configurations for assessments.
+ *
+ * @module assessment/configTypes
+ */
+import { DEFAULT_LOGGING_CONFIG, } from "../../services/assessment/lib/logger.js";
+export { DEFAULT_LOGGING_CONFIG };
+// ============================================================================
+// Configuration Presets
+// ============================================================================
+export const DEFAULT_ASSESSMENT_CONFIG = {
+    testTimeout: 30000, // 30 seconds per tool
+    delayBetweenTests: 0, // No delay by default
+    skipBrokenTools: false,
+    reviewerMode: false,
+    enableExtendedAssessment: true, // Enable MCP Spec Compliance assessment by default
+    parallelTesting: false,
+    maxParallelTests: 5,
+    securityPatternsToTest: 8, // Test all security patterns by default
+    enableDomainTesting: true, // Enable advanced security testing by default (all 8 backend patterns)
+    mcpProtocolVersion: "2025-06",
+    enableSourceCodeAnalysis: false, // Source code analysis disabled by default (requires sourceCodePath)
+    logging: { level: "info" }, // Standard verbosity
+    assessmentCategories: {
+        functionality: true,
+        security: true,
+        documentation: true,
+        errorHandling: true,
+        usability: true,
+        mcpSpecCompliance: false,
+        // New assessors - disabled by default, enable for MCP Directory compliance audits
+        aupCompliance: false,
+        toolAnnotations: false,
+        prohibitedLibraries: false,
+        manifestValidation: false,
+        portability: false,
+        externalAPIScanner: false,
+        authentication: false,
+        // New capability assessors - disabled by default
+        resources: false,
+        prompts: false,
+        crossCapability: false,
+    },
+};
+// Reviewer mode configuration: optimized for fast, human-assisted reviews
+// Focuses on Anthropic's 5 core requirements only
+export const REVIEWER_MODE_CONFIG = {
+    testTimeout: 10000, // 10 seconds per tool (faster)
+    delayBetweenTests: 100, // Small delay for rate limiting
+    skipBrokenTools: true, // Skip broken tools to save time
+    reviewerMode: true,
+    enableExtendedAssessment: false, // Disable extended assessments (not required for directory approval)
+    parallelTesting: true, // Faster execution
+    maxParallelTests: 5,
+    scenariosPerTool: 1, // Single realistic test per tool
+    securityPatternsToTest: 3, // Test only 3 critical security patterns
+    enableDomainTesting: false, // Use basic security testing for speed (3 patterns)
+    mcpProtocolVersion: "2025-06",
+    enableSourceCodeAnalysis: false,
+    logging: { level: "warn" }, // Minimal noise for fast reviews
+    assessmentCategories: {
+        functionality: true,
+        security: true,
+        documentation: true,
+        errorHandling: true,
+        usability: true,
+        mcpSpecCompliance: false, // Not part of Anthropic's 5 core requirements
+        // New assessors - disabled in reviewer mode for speed
+        aupCompliance: false,
+        toolAnnotations: false,
+        prohibitedLibraries: false,
+        manifestValidation: false,
+        portability: false,
+        externalAPIScanner: false,
+        authentication: false,
+        // New capability assessors - disabled in reviewer mode for speed
+        resources: false,
+        prompts: false,
+        crossCapability: false,
+    },
+};
+// Developer mode configuration: comprehensive testing for debugging
+export const DEVELOPER_MODE_CONFIG = {
+    testTimeout: 30000, // 30 seconds per tool
+    delayBetweenTests: 500, // Moderate delay for thorough testing
+    skipBrokenTools: false,
+    reviewerMode: false,
+    enableExtendedAssessment: true,
+    parallelTesting: false, // Sequential for easier debugging
+    maxParallelTests: 5,
+    securityPatternsToTest: 8, // Test all security patterns
+    enableDomainTesting: true, // Enable advanced security testing (all 8 backend patterns)
+    mcpProtocolVersion: "2025-06",
+    enableSourceCodeAnalysis: true, // Enable source code analysis if path provided
+    logging: { level: "debug" }, // Full diagnostic output for debugging
+    assessmentCategories: {
+        functionality: true,
+        security: true,
+        documentation: true,
+        errorHandling: true,
+        usability: true,
+        mcpSpecCompliance: true, // Include extended assessments
+        // New assessors - enabled in developer mode for comprehensive testing
+        aupCompliance: true,
+        toolAnnotations: true,
+        prohibitedLibraries: true,
+        manifestValidation: false, // MCPB bundle-specific, disabled by default
+        portability: false, // MCPB bundle-specific, disabled by default
+        externalAPIScanner: true,
+        authentication: true,
+        // New capability assessors - enabled in developer mode
+        resources: true,
+        prompts: true,
+        crossCapability: true,
+    },
+};
+// MCP Directory Audit mode: focuses on compliance gap assessors
+// Use for pre-submission validation to Anthropic MCP Directory
+export const AUDIT_MODE_CONFIG = {
+    testTimeout: 30000,
+    delayBetweenTests: 100,
+    skipBrokenTools: false,
+    reviewerMode: false,
+    enableExtendedAssessment: true,
+    parallelTesting: true, // Parallel for faster audits
+    maxParallelTests: 5,
+    securityPatternsToTest: 8,
+    enableDomainTesting: true,
+    mcpProtocolVersion: "2025-06",
+    enableSourceCodeAnalysis: true, // Deep analysis for audits
+    logging: { level: "info" }, // Standard verbosity for audits
+    assessmentCategories: {
+        functionality: true,
+        security: true,
+        documentation: true,
+        errorHandling: true,
+        usability: true,
+        mcpSpecCompliance: true,
+        // All new assessors enabled for audit mode
+        aupCompliance: true,
+        toolAnnotations: true,
+        prohibitedLibraries: true,
+        manifestValidation: false, // MCPB bundle-specific, disabled by default
+        portability: false, // MCPB bundle-specific, disabled by default
+        externalAPIScanner: true,
+        authentication: true,
+        // New capability assessors - enabled in audit mode
+        resources: true,
+        prompts: true,
+        crossCapability: true,
+    },
+};
+// Claude-enhanced audit mode: uses Claude Code for intelligent analysis
+// Reduces false positives in AUP scanning and improves test quality
+export const CLAUDE_ENHANCED_AUDIT_CONFIG = {
+    testTimeout: 30000,
+    delayBetweenTests: 100,
+    skipBrokenTools: false,
+    reviewerMode: false,
+    enableExtendedAssessment: true,
+    parallelTesting: false, // Sequential when using Claude to avoid rate limiting
+    maxParallelTests: 1,
+    securityPatternsToTest: 8,
+    enableDomainTesting: true,
+    mcpProtocolVersion: "2025-06",
+    enableSourceCodeAnalysis: true,
+    logging: { level: "info" }, // Standard verbosity (Claude output is already verbose)
+    // Claude Code integration enabled
+    claudeCode: {
+        enabled: true,
+        features: {
+            intelligentTestGeneration: true, // Generate semantically meaningful test params
+            aupSemanticAnalysis: true, // Reduce false positives in AUP scanning
+            annotationInference: true, // Detect annotation misalignments
+            documentationQuality: true, // Assess documentation quality semantically
+        },
+        timeout: 90000, // 90 seconds for Claude calls
+        maxRetries: 2,
+    },
+    assessmentCategories: {
+        functionality: true,
+        security: true,
+        documentation: true,
+        errorHandling: true,
+        usability: true,
+        mcpSpecCompliance: true,
+        aupCompliance: true,
+        toolAnnotations: true,
+        prohibitedLibraries: true,
+        manifestValidation: false, // MCPB bundle-specific, disabled by default
+        portability: false, // MCPB bundle-specific, disabled by default
+        externalAPIScanner: true,
+        authentication: true,
+        // New capability assessors - enabled in Claude mode
+        resources: true,
+        prompts: true,
+        crossCapability: true,
+    },
+};

package/lib/lib/assessment/constants.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Assessment Constants
+ *
+ * Constant values used in security testing.
+ *
+ * @module assessment/constants
+ */
+import type { SecurityTestResult } from "./resultTypes.js";
+export declare const PROMPT_INJECTION_TESTS: Omit<SecurityTestResult, "vulnerable" | "evidence">[];
+//# sourceMappingURL=constants.d.ts.map

package/lib/lib/assessment/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/lib/assessment/constants.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAGxD,eAAO,MAAM,sBAAsB,EAAE,IAAI,CACvC,kBAAkB,EAClB,YAAY,GAAG,UAAU,CAC1B,EAqDA,CAAC"}

package/lib/lib/assessment/constants.js

@@ -0,0 +1,61 @@
+/**
+ * Assessment Constants
+ *
+ * Constant values used in security testing.
+ *
+ * @module assessment/constants
+ */
+// Backend API security patterns (8 total) - tests API security, not LLM behaviors
+export const PROMPT_INJECTION_TESTS = [
+    // Critical Injection (3)
+    {
+        testName: "Command Injection",
+        description: "Test if tool executes system commands",
+        payload: "; rm -rf /; echo 'test'",
+        riskLevel: "HIGH",
+    },
+    {
+        testName: "SQL Injection",
+        description: "Test if tool properly escapes SQL commands",
+        payload: "'; DROP TABLE users;--",
+        riskLevel: "HIGH",
+    },
+    {
+        testName: "Path Traversal",
+        description: "Test if tool allows access to files outside intended directory",
+        payload: "../../../etc/passwd",
+        riskLevel: "HIGH",
+    },
+    // Input Validation (3)
+    {
+        testName: "Type Safety",
+        description: "Test if tool validates parameter types correctly",
+        payload: "not_a_number",
+        riskLevel: "MEDIUM",
+    },
+    {
+        testName: "Boundary Testing",
+        description: "Test edge cases and boundary conditions",
+        payload: "",
+        riskLevel: "LOW",
+    },
+    {
+        testName: "Required Fields",
+        description: "Test if tool validates required parameters",
+        payload: "MISSING_REQUIRED",
+        riskLevel: "MEDIUM",
+    },
+    // Protocol Compliance (2)
+    {
+        testName: "MCP Error Format",
+        description: "Verify errors follow MCP protocol specification",
+        payload: "INVALID_TRIGGER_ERROR",
+        riskLevel: "LOW",
+    },
+    {
+        testName: "Timeout Handling",
+        description: "Test if tool handles long operations gracefully",
+        payload: "SIMULATE_LONG_OPERATION",
+        riskLevel: "LOW",
+    },
+];

package/lib/lib/assessment/coreTypes.d.ts

@@ -0,0 +1,159 @@
+/**
+ * Core Assessment Types
+ *
+ * Foundational types used across all assessment modules.
+ * These are the building blocks that other type files depend on.
+ *
+ * @module assessment/coreTypes
+ */
+export type AssessmentStatus = "PASS" | "FAIL" | "NEED_MORE_INFO";
+export type SecurityRiskLevel = "LOW" | "MEDIUM" | "HIGH";
+/**
+ * Alignment status for tool annotations.
+ * Extends beyond PASS/FAIL to handle ambiguous cases.
+ */
+export type AlignmentStatus = "ALIGNED" | "MISALIGNED" | "REVIEW_RECOMMENDED" | "UNKNOWN";
+/**
+ * Confidence level for behavior inference
+ */
+export type InferenceConfidence = "high" | "medium" | "low";
+/**
+ * Assessment category tier for distinguishing core vs optional assessments.
+ * - "core": Always applicable to any MCP server audit
+ * - "optional": Contextual assessments (e.g., MCPB bundle-specific)
+ */
+export type AssessmentCategoryTier = "core" | "optional";
+/**
+ * Metadata for assessment categories including tier and applicability info.
+ */
+export interface AssessmentCategoryMetadata {
+    tier: AssessmentCategoryTier;
+    description: string;
+    applicableTo?: string;
+}
+/**
+ * Category metadata mapping for all assessment modules.
+ * Used for CLI output and downstream consumers to understand category context.
+ *
+ * Note: Uses `satisfies` to preserve literal key types while ensuring type safety.
+ * This allows deriving AssessmentModuleName from the object keys.
+ */
+declare const ASSESSMENT_CATEGORY_METADATA_INTERNAL: {
+    functionality: {
+        tier: "core";
+        description: string;
+    };
+    security: {
+        tier: "core";
+        description: string;
+    };
+    documentation: {
+        tier: "core";
+        description: string;
+    };
+    errorHandling: {
+        tier: "core";
+        description: string;
+    };
+    usability: {
+        tier: "core";
+        description: string;
+    };
+    mcpSpecCompliance: {
+        tier: "core";
+        description: string;
+    };
+    aupCompliance: {
+        tier: "core";
+        description: string;
+    };
+    toolAnnotations: {
+        tier: "core";
+        description: string;
+    };
+    prohibitedLibraries: {
+        tier: "core";
+        description: string;
+    };
+    manifestValidation: {
+        tier: "optional";
+        description: string;
+        applicableTo: string;
+    };
+    portability: {
+        tier: "optional";
+        description: string;
+        applicableTo: string;
+    };
+    externalAPIScanner: {
+        tier: "core";
+        description: string;
+    };
+    authentication: {
+        tier: "core";
+        description: string;
+    };
+    temporal: {
+        tier: "core";
+        description: string;
+    };
+    resources: {
+        tier: "core";
+        description: string;
+    };
+    prompts: {
+        tier: "core";
+        description: string;
+    };
+    crossCapability: {
+        tier: "core";
+        description: string;
+    };
+};
+/**
+ * Type-safe module name derived from ASSESSMENT_CATEGORY_METADATA keys.
+ * Use this type for compile-time validation of module names.
+ */
+export type AssessmentModuleName = keyof typeof ASSESSMENT_CATEGORY_METADATA_INTERNAL;
+/**
+ * Re-export with original name for backward compatibility.
+ * Type is preserved as Record<AssessmentModuleName, AssessmentCategoryMetadata>.
+ */
+export declare const ASSESSMENT_CATEGORY_METADATA: Record<AssessmentModuleName, AssessmentCategoryMetadata>;
+/**
+ * Generate module configuration derived from ASSESSMENT_CATEGORY_METADATA.
+ * Single source of truth for all assessment module names.
+ *
+ * @param options.sourceCodePath - If true, enables externalAPIScanner
+ * @param options.skipTemporal - If true, disables temporal assessment
+ * @returns Record of module names to enabled state (type-safe)
+ */
+export declare function getAllModulesConfig(options: {
+    sourceCodePath?: boolean;
+    skipTemporal?: boolean;
+}): Record<AssessmentModuleName, boolean>;
+/**
+ * Persistence model for MCP servers (Three-Tier Classification).
+ *
+ * These types are re-exported from the services layer for backward compatibility
+ * with existing imports from `@/lib/assessmentTypes`. This cross-layer import
+ * is intentional and documented:
+ *
+ * **Why cross-layer?**
+ * - PersistenceModel and ServerPersistenceContext are defined in
+ *   `services/assessment/config/annotationPatterns.ts` alongside the pattern
+ *   matching logic that uses them.
+ * - Moving the types here would create a circular dependency since the
+ *   annotationPatterns module needs to import its own types.
+ * - Type-only imports (`export type`) don't create runtime dependencies,
+ *   so this cross-layer reference is safe.
+ *
+ * **Type definitions:**
+ * - "immediate": Write operations persist directly to storage (database, file, API)
+ * - "deferred": Write operations are in-memory until explicit save operation
+ * - "unknown": Cannot determine persistence model
+ *
+ * @see services/assessment/config/annotationPatterns.ts for implementation
+ */
+export type { PersistenceModel, ServerPersistenceContext, } from "../../services/assessment/config/annotationPatterns.js";
+//# sourceMappingURL=coreTypes.d.ts.map

package/lib/lib/assessment/coreTypes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"coreTypes.d.ts","sourceRoot":"","sources":["../../../src/lib/assessment/coreTypes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAClE,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE1D;;;GAGG;AACH,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,YAAY,GACZ,oBAAoB,GACpB,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE5D;;;;GAIG;AACH,MAAM,MAAM,sBAAsB,GAAG,MAAM,GAAG,UAAU,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;GAMG;AACH,QAAA,MAAM,qCAAqC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8DW,CAAC;AAEvD;;;GAGG;AACH,MAAM,MAAM,oBAAoB,GAC9B,MAAM,OAAO,qCAAqC,CAAC;AAErD;;;GAGG;AACH,eAAO,MAAM,4BAA4B,EAAE,MAAM,CAC/C,oBAAoB,EACpB,0BAA0B,CACa,CAAC;AAE1C;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE;IAC3C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB,GAAG,MAAM,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAaxC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,YAAY,EACV,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,qDAAqD,CAAC"}

package/lib/lib/assessment/coreTypes.js

@@ -0,0 +1,101 @@
+/**
+ * Core Assessment Types
+ *
+ * Foundational types used across all assessment modules.
+ * These are the building blocks that other type files depend on.
+ *
+ * @module assessment/coreTypes
+ */
+/**
+ * Category metadata mapping for all assessment modules.
+ * Used for CLI output and downstream consumers to understand category context.
+ *
+ * Note: Uses `satisfies` to preserve literal key types while ensuring type safety.
+ * This allows deriving AssessmentModuleName from the object keys.
+ */
+const ASSESSMENT_CATEGORY_METADATA_INTERNAL = {
+    functionality: {
+        tier: "core",
+        description: "Tool functionality validation",
+    },
+    security: {
+        tier: "core",
+        description: "Security vulnerability detection",
+    },
+    documentation: {
+        tier: "core",
+        description: "Documentation quality",
+    },
+    errorHandling: {
+        tier: "core",
+        description: "Error handling compliance",
+    },
+    usability: { tier: "core", description: "Usability assessment" },
+    mcpSpecCompliance: {
+        tier: "core",
+        description: "MCP protocol compliance",
+    },
+    aupCompliance: {
+        tier: "core",
+        description: "Acceptable use policy compliance",
+    },
+    toolAnnotations: {
+        tier: "core",
+        description: "Tool annotation validation",
+    },
+    prohibitedLibraries: {
+        tier: "core",
+        description: "Prohibited library detection",
+    },
+    manifestValidation: {
+        tier: "optional",
+        description: "MCPB manifest validation",
+        applicableTo: "MCPB bundles",
+    },
+    portability: {
+        tier: "optional",
+        description: "Portability checks",
+        applicableTo: "MCPB bundles",
+    },
+    externalAPIScanner: {
+        tier: "core",
+        description: "External API detection",
+    },
+    authentication: {
+        tier: "core",
+        description: "OAuth/auth evaluation",
+    },
+    temporal: {
+        tier: "core",
+        description: "Temporal/rug pull detection",
+    },
+    resources: { tier: "core", description: "Resource security" },
+    prompts: { tier: "core", description: "Prompt security" },
+    crossCapability: {
+        tier: "core",
+        description: "Cross-capability security",
+    },
+};
+/**
+ * Re-export with original name for backward compatibility.
+ * Type is preserved as Record<AssessmentModuleName, AssessmentCategoryMetadata>.
+ */
+export const ASSESSMENT_CATEGORY_METADATA = ASSESSMENT_CATEGORY_METADATA_INTERNAL;
+/**
+ * Generate module configuration derived from ASSESSMENT_CATEGORY_METADATA.
+ * Single source of truth for all assessment module names.
+ *
+ * @param options.sourceCodePath - If true, enables externalAPIScanner
+ * @param options.skipTemporal - If true, disables temporal assessment
+ * @returns Record of module names to enabled state (type-safe)
+ */
+export function getAllModulesConfig(options) {
+    return Object.keys(ASSESSMENT_CATEGORY_METADATA).reduce((acc, key) => ({
+        ...acc,
+        [key]: key === "externalAPIScanner"
+            ? Boolean(options.sourceCodePath)
+            : key === "temporal"
+                ? !options.skipTemporal
+                : true,
+    }), {});
+}