@bryan-thompson/inspector-assessment-client 1.22.3 → 1.22.5

package/dist/assets/{OAuthCallback-BVO57XO6.js → OAuthCallback-B5zTjfUQ.js}

@@ -1,4 +1,4 @@
-import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-DdB_RMJV.js";
+import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-DILbEAS1.js";
 const OAuthCallback = ({ onConnect }) => {
   const { toast } = useToast();
   const hasProcessedRef = reactExports.useRef(false);

package/dist/assets/{OAuthDebugCallback-Dou7_Gex.js → OAuthDebugCallback-NE-WvEWH.js}

@@ -1,4 +1,4 @@
-import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-DdB_RMJV.js";
+import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-DILbEAS1.js";
 const OAuthDebugCallback = ({ onConnect }) => {
   reactExports.useEffect(() => {
     let isProcessed = false;

package/dist/assets/{index-DdB_RMJV.js → index-DILbEAS1.js}

@@ -16320,7 +16320,7 @@ object({
   token_type_hint: string().optional()
 }).strip();
 const name = "@bryan-thompson/inspector-assessment-client";
-const version$1 = "1.22.3";
+const version$1 = "1.22.5";
 const packageJson = {
   name,
   version: version$1
@@ -45352,7 +45352,7 @@ const useTheme = () => {
     [theme, setThemeWithSideEffect]
   );
 };
-const version = "1.22.3";
+const version = "1.22.5";
 var [createTooltipContext] = createContextScope("Tooltip", [
   createPopperScope
 ]);
@@ -59266,13 +59266,13 @@ const App = () => {
   ) });
   if (window.location.pathname === "/oauth/callback") {
     const OAuthCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthCallback-BVO57XO6.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthCallback-B5zTjfUQ.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
   }
   if (window.location.pathname === "/oauth/callback/debug") {
     const OAuthDebugCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthDebugCallback-Dou7_Gex.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthDebugCallback-NE-WvEWH.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
   }

package/dist/index.html

@@ -5,7 +5,7 @@
     <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MCP Inspector</title>
-    <script type="module" crossorigin src="/assets/index-DdB_RMJV.js"></script>
+    <script type="module" crossorigin src="/assets/index-DILbEAS1.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-DiyPO_Zj.css">
   </head>
   <body>

package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts

@@ -82,6 +82,7 @@ export declare class ToolAnnotationAssessor extends BaseAssessor {
     /**
      * Assess a single tool's annotations
      * Now includes alignment status with confidence-aware logic
+     * Enhanced with high-confidence deception detection for obvious misalignments
      */
     private assessTool;
     /**

package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ToolAnnotationAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ToolAnnotationAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,wBAAwB,EACxB,oBAAoB,EAKpB,uBAAuB,EAExB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,wBAAwB,EAK9B,MAAM,8BAA8B,CAAC;AA2PtC;;GAEG;AACH,MAAM,WAAW,4BAA6B,SAAQ,oBAAoB;IACxE,eAAe,CAAC,EAAE;QAChB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,oBAAoB,EAAE;YACpB,YAAY,CAAC,EAAE,OAAO,CAAC;YACvB,eAAe,CAAC,EAAE,OAAO,CAAC;YAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;SAC1B,CAAC;QACF,oBAAoB,EAAE,OAAO,CAAC;QAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,MAAM,EAAE,iBAAiB,GAAG,eAAe,CAAC;KAC7C,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gCAAiC,SAAQ,wBAAwB;IAChF,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC5C,cAAc,EAAE,OAAO,CAAC;IACxB,2BAA2B,EAAE,4BAA4B,EAAE,CAAC;CAC7D;AAKD,qBAAa,sBAAuB,SAAQ,YAAY;IACtD,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,kBAAkB,CAAC,CAA2B;gBAE1C,MAAM,EAAE,uBAAuB;IAM3C;;OAEG;IACH,qBAAqB,IAAI,wBAAwB,GAAG,SAAS;IAI7D;;OAEG;IACH,WAAW,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI;IAK7C;;OAEG;IACH,eAAe,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI;IAK/C;;OAEG;IACH,eAAe,IAAI,OAAO;IAO1B;;OAEG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,wBAAwB,GAAG,gCAAgC,CAAC;IAmUvE;;OAEG;YACW,0BAA0B;IA+IxC;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAiCnC;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAoFvC;;;OAGG;IACH,OAAO,CAAC,UAAU;IA2HlB;;;OAGG;IACH,OAAO,CAAC,2BAA2B;IA2DnC;;;;;;;;;OASG;IACH,OAAO,CAAC,kBAAkB;IAyE1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAuBzB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAmKrB;;;OAGG;IACH,OAAO,CAAC,yBAAyB;IA0DjC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAiDxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmC3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CA2ChC"}
+{"version":3,"file":"ToolAnnotationAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ToolAnnotationAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,wBAAwB,EACxB,oBAAoB,EAKpB,uBAAuB,EAExB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,wBAAwB,EAK9B,MAAM,8BAA8B,CAAC;AAyXtC;;GAEG;AACH,MAAM,WAAW,4BAA6B,SAAQ,oBAAoB;IACxE,eAAe,CAAC,EAAE;QAChB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,oBAAoB,EAAE;YACpB,YAAY,CAAC,EAAE,OAAO,CAAC;YACvB,eAAe,CAAC,EAAE,OAAO,CAAC;YAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;SAC1B,CAAC;QACF,oBAAoB,EAAE,OAAO,CAAC;QAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,MAAM,EAAE,iBAAiB,GAAG,eAAe,CAAC;KAC7C,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gCAAiC,SAAQ,wBAAwB;IAChF,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC5C,cAAc,EAAE,OAAO,CAAC;IACxB,2BAA2B,EAAE,4BAA4B,EAAE,CAAC;CAC7D;AAKD,qBAAa,sBAAuB,SAAQ,YAAY;IACtD,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,kBAAkB,CAAC,CAA2B;gBAE1C,MAAM,EAAE,uBAAuB;IAM3C;;OAEG;IACH,qBAAqB,IAAI,wBAAwB,GAAG,SAAS;IAI7D;;OAEG;IACH,WAAW,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI;IAK7C;;OAEG;IACH,eAAe,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI;IAK/C;;OAEG;IACH,eAAe,IAAI,OAAO;IAO1B;;OAEG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,wBAAwB,GAAG,gCAAgC,CAAC;IAmUvE;;OAEG;YACW,0BAA0B;IA+IxC;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAiCnC;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAoFvC;;;;OAIG;IACH,OAAO,CAAC,UAAU;IA0IlB;;;OAGG;IACH,OAAO,CAAC,2BAA2B;IA2DnC;;;;;;;;;OASG;IACH,OAAO,CAAC,kBAAkB;IAyE1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAuBzB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAmKrB;;;OAGG;IACH,OAAO,CAAC,yBAAyB;IA0DjC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAiDxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmC3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CA2ChC"}

package/lib/services/assessment/modules/ToolAnnotationAssessor.js

@@ -12,6 +12,115 @@
  */
 import { BaseAssessor } from "./BaseAssessor.js";
 import { getDefaultCompiledPatterns, matchToolPattern, detectPersistenceModel, checkDescriptionForImmediatePersistence, } from "../config/annotationPatterns.js";
+/**
+ * High-confidence deception detection patterns
+ * These patterns detect obvious misalignment between annotations and tool names
+ * where keywords appear ANYWHERE in the tool name (not just as prefixes)
+ */
+/** Keywords that contradict readOnlyHint=true (these tools modify state) */
+const READONLY_CONTRADICTION_KEYWORDS = [
+    // Execution keywords - tools that execute code/commands are never read-only
+    "exec",
+    "execute",
+    "run",
+    "shell",
+    "command",
+    "cmd",
+    "spawn",
+    "invoke",
+    // Write/modify keywords
+    "write",
+    "create",
+    "delete",
+    "remove",
+    "modify",
+    "update",
+    "edit",
+    "change",
+    "set",
+    "put",
+    "patch",
+    // Deployment/installation keywords
+    "install",
+    "deploy",
+    "upload",
+    "push",
+    // Communication keywords (sending data)
+    "send",
+    "post",
+    "submit",
+    "publish",
+    // Destructive keywords
+    "destroy",
+    "drop",
+    "purge",
+    "wipe",
+    "clear",
+    "truncate",
+    "reset",
+    "kill",
+    "terminate",
+];
+/** Keywords that contradict destructiveHint=false (these tools delete/destroy data) */
+const DESTRUCTIVE_CONTRADICTION_KEYWORDS = [
+    "delete",
+    "remove",
+    "drop",
+    "destroy",
+    "purge",
+    "wipe",
+    "erase",
+    "truncate",
+    "clear",
+    "reset",
+    "kill",
+    "terminate",
+    "revoke",
+    "cancel",
+    "force",
+];
+/**
+ * Check if a tool name contains any of the given keywords (case-insensitive)
+ * Looks for keywords anywhere in the name, not just as prefixes
+ */
+function containsKeyword(toolName, keywords) {
+    const lowerName = toolName.toLowerCase();
+    for (const keyword of keywords) {
+        if (lowerName.includes(keyword)) {
+            return keyword;
+        }
+    }
+    return null;
+}
+/**
+ * Detect high-confidence annotation deception
+ * Returns misalignment info if obvious deception detected, null otherwise
+ */
+function detectAnnotationDeception(toolName, annotations) {
+    // Check readOnlyHint=true contradiction
+    if (annotations.readOnlyHint === true) {
+        const keyword = containsKeyword(toolName, READONLY_CONTRADICTION_KEYWORDS);
+        if (keyword) {
+            return {
+                field: "readOnlyHint",
+                matchedKeyword: keyword,
+                reason: `Tool name contains '${keyword}' but claims readOnlyHint=true - this is likely deceptive`,
+            };
+        }
+    }
+    // Check destructiveHint=false contradiction
+    if (annotations.destructiveHint === false) {
+        const keyword = containsKeyword(toolName, DESTRUCTIVE_CONTRADICTION_KEYWORDS);
+        if (keyword) {
+            return {
+                field: "destructiveHint",
+                matchedKeyword: keyword,
+                reason: `Tool name contains '${keyword}' but claims destructiveHint=false - this is likely deceptive`,
+            };
+        }
+    }
+    return null;
+}
 const DESCRIPTION_POISONING_PATTERNS = [
     // Hidden instruction tags
     {
@@ -726,6 +835,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
     /**
      * Assess a single tool's annotations
      * Now includes alignment status with confidence-aware logic
+     * Enhanced with high-confidence deception detection for obvious misalignments
      */
     assessTool(tool) {
         const issues = [];
@@ -745,36 +855,57 @@ export class ToolAnnotationAssessor extends BaseAssessor {
             alignmentStatus = "UNKNOWN";
         }
         else {
-            // Check for misaligned annotations with confidence-aware logic
-            const readOnlyMismatch = annotations.readOnlyHint !== undefined &&
-                annotations.readOnlyHint !== inferredBehavior.expectedReadOnly;
-            const destructiveMismatch = annotations.destructiveHint !== undefined &&
-                annotations.destructiveHint !== inferredBehavior.expectedDestructive;
-            if (readOnlyMismatch || destructiveMismatch) {
-                if (inferredBehavior.isAmbiguous ||
-                    inferredBehavior.confidence === "low") {
-                    // Ambiguous case: REVIEW_RECOMMENDED, softer language
-                    alignmentStatus = "REVIEW_RECOMMENDED";
-                    if (readOnlyMismatch) {
-                        issues.push(`Review recommended: readOnlyHint=${annotations.readOnlyHint} may or may not match '${tool.name}' behavior (confidence: ${inferredBehavior.confidence})`);
-                        recommendations.push(`Verify readOnlyHint for ${tool.name}: pattern is ambiguous - manual review recommended`);
-                    }
-                    if (destructiveMismatch) {
-                        issues.push(`Review recommended: destructiveHint=${annotations.destructiveHint} may or may not match '${tool.name}' behavior (confidence: ${inferredBehavior.confidence})`);
-                        recommendations.push(`Verify destructiveHint for ${tool.name}: pattern is ambiguous - manual review recommended`);
-                    }
+            // FIRST: Check for high-confidence deception (keywords anywhere in tool name)
+            // This catches obvious cases like "vulnerable_system_exec_tool" + readOnlyHint=true
+            const deception = detectAnnotationDeception(tool.name, {
+                readOnlyHint: annotations.readOnlyHint,
+                destructiveHint: annotations.destructiveHint,
+            });
+            if (deception) {
+                // High-confidence deception detected - this is MISALIGNED, not REVIEW_RECOMMENDED
+                alignmentStatus = "MISALIGNED";
+                issues.push(`DECEPTIVE ANNOTATION: ${deception.reason}`);
+                recommendations.push(`CRITICAL: Fix deceptive ${deception.field} for ${tool.name} - tool name contains '${deception.matchedKeyword}' which contradicts the annotation`);
+                // Override inferred behavior to match the detected deception
+                if (deception.field === "readOnlyHint") {
+                    inferredBehavior.expectedReadOnly = false;
+                    inferredBehavior.confidence = "high";
+                    inferredBehavior.isAmbiguous = false;
+                    inferredBehavior.reason = deception.reason;
                 }
                 else {
-                    // High/medium confidence mismatch: MISALIGNED
-                    alignmentStatus = "MISALIGNED";
-                    if (readOnlyMismatch) {
-                        issues.push(`Potentially misaligned readOnlyHint: set to ${annotations.readOnlyHint}, expected ${inferredBehavior.expectedReadOnly} based on tool name pattern`);
-                        recommendations.push(`Verify readOnlyHint for ${tool.name}: currently ${annotations.readOnlyHint}, tool name suggests ${inferredBehavior.expectedReadOnly}`);
-                    }
-                    if (destructiveMismatch) {
-                        issues.push(`Potentially misaligned destructiveHint: set to ${annotations.destructiveHint}, expected ${inferredBehavior.expectedDestructive} based on tool name pattern`);
-                        recommendations.push(`Verify destructiveHint for ${tool.name}: currently ${annotations.destructiveHint}, tool name suggests ${inferredBehavior.expectedDestructive}`);
+                    inferredBehavior.expectedDestructive = true;
+                    inferredBehavior.confidence = "high";
+                    inferredBehavior.isAmbiguous = false;
+                    inferredBehavior.reason = deception.reason;
+                }
+            }
+            else {
+                // Normal flow: Check for misaligned annotations with confidence-aware logic
+                const readOnlyMismatch = annotations.readOnlyHint !== undefined &&
+                    annotations.readOnlyHint !== inferredBehavior.expectedReadOnly;
+                const destructiveMismatch = annotations.destructiveHint !== undefined &&
+                    annotations.destructiveHint !== inferredBehavior.expectedDestructive;
+                if (readOnlyMismatch || destructiveMismatch) {
+                    // Only flag misalignment for medium/high confidence inference
+                    // When confidence is low/ambiguous, trust the explicit annotation
+                    // Note: High-confidence deception detection (exec/install keywords)
+                    // is handled in the `deception` block above, not here
+                    if (!inferredBehavior.isAmbiguous &&
+                        inferredBehavior.confidence !== "low") {
+                        // Medium/high confidence mismatch: MISALIGNED
+                        alignmentStatus = "MISALIGNED";
+                        if (readOnlyMismatch) {
+                            issues.push(`Potentially misaligned readOnlyHint: set to ${annotations.readOnlyHint}, expected ${inferredBehavior.expectedReadOnly} based on tool name pattern`);
+                            recommendations.push(`Verify readOnlyHint for ${tool.name}: currently ${annotations.readOnlyHint}, tool name suggests ${inferredBehavior.expectedReadOnly}`);
+                        }
+                        if (destructiveMismatch) {
+                            issues.push(`Potentially misaligned destructiveHint: set to ${annotations.destructiveHint}, expected ${inferredBehavior.expectedDestructive} based on tool name pattern`);
+                            recommendations.push(`Verify destructiveHint for ${tool.name}: currently ${annotations.destructiveHint}, tool name suggests ${inferredBehavior.expectedDestructive}`);
+                        }
                     }
+                    // When inference is ambiguous/low confidence, trust the explicit annotation
+                    // and keep alignmentStatus as ALIGNED (no change needed)
                 }
             }
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-client",
-  "version": "1.22.3",
+  "version": "1.22.5",
   "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",