@bryan-thompson/inspector-assessment-client 1.24.1 → 1.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/{OAuthCallback-CoDaMN6l.js → OAuthCallback-CNC5_mEQ.js} +1 -1
- package/dist/assets/{OAuthDebugCallback-DVsgc4Jd.js → OAuthDebugCallback-BstXB61i.js} +1 -1
- package/dist/assets/{index-CauENw8a.js → index-jmzR9VGa.js} +4 -4
- package/dist/index.html +1 -1
- package/lib/services/assessment/modules/DeveloperExperienceAssessor.d.ts +67 -0
- package/lib/services/assessment/modules/DeveloperExperienceAssessor.d.ts.map +1 -0
- package/lib/services/assessment/modules/DeveloperExperienceAssessor.js +586 -0
- package/lib/services/assessment/modules/ProtocolComplianceAssessor.d.ts +108 -0
- package/lib/services/assessment/modules/ProtocolComplianceAssessor.d.ts.map +1 -0
- package/lib/services/assessment/modules/ProtocolComplianceAssessor.js +782 -0
- package/lib/services/assessment/modules/ProtocolConformanceAssessor.d.ts +21 -0
- package/lib/services/assessment/modules/ProtocolConformanceAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/ProtocolConformanceAssessor.js +130 -92
- package/lib/services/assessment/modules/index.d.ts +57 -11
- package/lib/services/assessment/modules/index.d.ts.map +1 -1
- package/lib/services/assessment/modules/index.js +72 -14
- package/package.json +1 -1
|
@@ -15,11 +15,32 @@ import type { ProtocolConformanceAssessment } from "../../../lib/assessment/exte
|
|
|
15
15
|
import { BaseAssessor } from "./BaseAssessor.js";
|
|
16
16
|
import { AssessmentContext } from "../AssessmentOrchestrator.js";
|
|
17
17
|
export declare class ProtocolConformanceAssessor extends BaseAssessor<ProtocolConformanceAssessment> {
|
|
18
|
+
/**
|
|
19
|
+
* Select representative tools for testing (first, middle, last for diversity)
|
|
20
|
+
*/
|
|
21
|
+
private selectToolsForTesting;
|
|
22
|
+
/**
|
|
23
|
+
* Get MCP spec version from config or use default
|
|
24
|
+
*/
|
|
25
|
+
private getSpecVersion;
|
|
26
|
+
/**
|
|
27
|
+
* Get base URL for MCP specification
|
|
28
|
+
*/
|
|
29
|
+
private getSpecBaseUrl;
|
|
30
|
+
/**
|
|
31
|
+
* Get lifecycle spec URL
|
|
32
|
+
*/
|
|
33
|
+
private getSpecLifecycleUrl;
|
|
34
|
+
/**
|
|
35
|
+
* Get tools spec URL
|
|
36
|
+
*/
|
|
37
|
+
private getSpecToolsUrl;
|
|
18
38
|
assess(context: AssessmentContext): Promise<ProtocolConformanceAssessment>;
|
|
19
39
|
/**
|
|
20
40
|
* Check 1: Error Response Format
|
|
21
41
|
* Validates that error responses follow MCP protocol structure
|
|
22
42
|
*
|
|
43
|
+
* Tests multiple tools (up to 3) for representative coverage.
|
|
23
44
|
* Based on conformance's ToolsCallErrorScenario:
|
|
24
45
|
* - isError flag must be true
|
|
25
46
|
* - content must be an array
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProtocolConformanceAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ProtocolConformanceAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EACV,6BAA6B,EAE9B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"ProtocolConformanceAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ProtocolConformanceAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EACV,6BAA6B,EAE9B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAmB9D,qBAAa,2BAA4B,SAAQ,YAAY,CAAC,6BAA6B,CAAC;IAC1F;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAS7B;;OAEG;IACH,OAAO,CAAC,cAAc;IAItB;;OAEG;IACH,OAAO,CAAC,cAAc;IAItB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAI3B;;OAEG;IACH,OAAO,CAAC,eAAe;IAIjB,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,6BAA6B,CAAC;IAqCzC;;;;;;;;;OASG;YACW,wBAAwB;IAoHtC;;;;;OAKG;YACW,uBAAuB;IAkGrC;;;;;;;;OAQG;YACW,4BAA4B;IAkD1C;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA6BjC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmC3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CA6ChC"}
|
|
@@ -12,13 +12,6 @@
|
|
|
12
12
|
* @module assessment/modules/ProtocolConformanceAssessor
|
|
13
13
|
*/
|
|
14
14
|
import { BaseAssessor } from "./BaseAssessor.js";
|
|
15
|
-
// MCP specification references
|
|
16
|
-
// NOTE: Update this URL when targeting a newer MCP spec version
|
|
17
|
-
// See: https://modelcontextprotocol.io/specification for available versions
|
|
18
|
-
const MCP_SPEC_VERSION = "2025-06-18";
|
|
19
|
-
const MCP_SPEC_BASE = `https://modelcontextprotocol.io/specification/${MCP_SPEC_VERSION}`;
|
|
20
|
-
const SPEC_LIFECYCLE = `${MCP_SPEC_BASE}/basic/lifecycle`;
|
|
21
|
-
const SPEC_TOOLS = `${MCP_SPEC_BASE}/server/tools`;
|
|
22
15
|
// Valid MCP content types
|
|
23
16
|
const VALID_CONTENT_TYPES = [
|
|
24
17
|
"text",
|
|
@@ -28,6 +21,39 @@ const VALID_CONTENT_TYPES = [
|
|
|
28
21
|
"resource_link",
|
|
29
22
|
];
|
|
30
23
|
export class ProtocolConformanceAssessor extends BaseAssessor {
|
|
24
|
+
/**
|
|
25
|
+
* Select representative tools for testing (first, middle, last for diversity)
|
|
26
|
+
*/
|
|
27
|
+
selectToolsForTesting(tools, maxTools = 3) {
|
|
28
|
+
if (tools.length <= maxTools)
|
|
29
|
+
return tools;
|
|
30
|
+
const indices = [0, Math.floor(tools.length / 2), tools.length - 1];
|
|
31
|
+
return [...new Set(indices)].slice(0, maxTools).map((i) => tools[i]);
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Get MCP spec version from config or use default
|
|
35
|
+
*/
|
|
36
|
+
getSpecVersion() {
|
|
37
|
+
return this.config.mcpProtocolVersion || "2025-06";
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Get base URL for MCP specification
|
|
41
|
+
*/
|
|
42
|
+
getSpecBaseUrl() {
|
|
43
|
+
return `https://modelcontextprotocol.io/specification/${this.getSpecVersion()}`;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Get lifecycle spec URL
|
|
47
|
+
*/
|
|
48
|
+
getSpecLifecycleUrl() {
|
|
49
|
+
return `${this.getSpecBaseUrl()}/basic/lifecycle`;
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Get tools spec URL
|
|
53
|
+
*/
|
|
54
|
+
getSpecToolsUrl() {
|
|
55
|
+
return `${this.getSpecBaseUrl()}/server/tools`;
|
|
56
|
+
}
|
|
31
57
|
async assess(context) {
|
|
32
58
|
this.logger.info("Starting protocol conformance assessment");
|
|
33
59
|
// Run all protocol checks
|
|
@@ -60,96 +86,108 @@ export class ProtocolConformanceAssessor extends BaseAssessor {
|
|
|
60
86
|
* Check 1: Error Response Format
|
|
61
87
|
* Validates that error responses follow MCP protocol structure
|
|
62
88
|
*
|
|
89
|
+
* Tests multiple tools (up to 3) for representative coverage.
|
|
63
90
|
* Based on conformance's ToolsCallErrorScenario:
|
|
64
91
|
* - isError flag must be true
|
|
65
92
|
* - content must be an array
|
|
66
93
|
* - content items must have type: "text" and text field
|
|
67
94
|
*/
|
|
68
95
|
async checkErrorResponseFormat(context) {
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
if (!testTool) {
|
|
72
|
-
return {
|
|
73
|
-
passed: false,
|
|
74
|
-
confidence: "low",
|
|
75
|
-
evidence: "No tools available to test error response format",
|
|
76
|
-
specReference: SPEC_LIFECYCLE,
|
|
77
|
-
warnings: ["Cannot validate error format without tools"],
|
|
78
|
-
};
|
|
79
|
-
}
|
|
80
|
-
// Call with parameters designed to cause an error
|
|
81
|
-
// (invalid param that doesn't match schema)
|
|
82
|
-
const result = await this.executeWithTimeout(context.callTool(testTool.name, {
|
|
83
|
-
__test_invalid_param__: "should_cause_error",
|
|
84
|
-
}), this.config.testTimeout);
|
|
85
|
-
// Validate MCP error response structure
|
|
86
|
-
const contentArray = Array.isArray(result.content) ? result.content : [];
|
|
87
|
-
const validations = {
|
|
88
|
-
hasIsErrorFlag: result.isError === true,
|
|
89
|
-
hasContentArray: Array.isArray(result.content),
|
|
90
|
-
contentNotEmpty: contentArray.length > 0,
|
|
91
|
-
firstContentHasType: contentArray[0]?.type !== undefined,
|
|
92
|
-
firstContentIsTextOrResource: contentArray[0]?.type === "text" ||
|
|
93
|
-
contentArray[0]?.type === "resource",
|
|
94
|
-
hasErrorMessage: typeof contentArray[0]?.text === "string" &&
|
|
95
|
-
contentArray[0].text.length > 0,
|
|
96
|
-
};
|
|
97
|
-
const passedValidations = Object.values(validations).filter((v) => v);
|
|
98
|
-
const allPassed = passedValidations.length === Object.keys(validations).length;
|
|
99
|
-
// If result is not an error, that's okay - the tool might have accepted the params
|
|
100
|
-
// In that case, we can't validate error format, but it's not a failure
|
|
101
|
-
if (!result.isError && contentArray.length > 0) {
|
|
102
|
-
return {
|
|
103
|
-
passed: true,
|
|
104
|
-
confidence: "medium",
|
|
105
|
-
evidence: "Tool did not return an error with invalid params (may have accepted them). Content structure is valid.",
|
|
106
|
-
specReference: SPEC_LIFECYCLE,
|
|
107
|
-
details: {
|
|
108
|
-
note: "Tool accepted test params without error - cannot validate error format",
|
|
109
|
-
contentStructure: contentArray.map((c) => ({
|
|
110
|
-
type: c.type,
|
|
111
|
-
})),
|
|
112
|
-
},
|
|
113
|
-
};
|
|
114
|
-
}
|
|
96
|
+
const testTools = this.selectToolsForTesting(context.tools, 3);
|
|
97
|
+
if (testTools.length === 0) {
|
|
115
98
|
return {
|
|
116
|
-
passed:
|
|
117
|
-
confidence:
|
|
118
|
-
evidence:
|
|
119
|
-
specReference:
|
|
120
|
-
|
|
121
|
-
validations,
|
|
122
|
-
sampleResponse: {
|
|
123
|
-
isError: result.isError,
|
|
124
|
-
contentLength: contentArray.length,
|
|
125
|
-
firstContentType: contentArray[0]?.type,
|
|
126
|
-
},
|
|
127
|
-
},
|
|
128
|
-
warnings: allPassed
|
|
129
|
-
? undefined
|
|
130
|
-
: [
|
|
131
|
-
"Error response does not fully comply with MCP protocol format",
|
|
132
|
-
"Ensure errors have isError: true and content array with text type",
|
|
133
|
-
],
|
|
99
|
+
passed: false,
|
|
100
|
+
confidence: "low",
|
|
101
|
+
evidence: "No tools available to test error response format",
|
|
102
|
+
specReference: this.getSpecLifecycleUrl(),
|
|
103
|
+
warnings: ["Cannot validate error format without tools"],
|
|
134
104
|
};
|
|
135
105
|
}
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
106
|
+
// Test each selected tool and collect results
|
|
107
|
+
const results = [];
|
|
108
|
+
for (const testTool of testTools) {
|
|
109
|
+
try {
|
|
110
|
+
// Call with parameters designed to cause an error
|
|
111
|
+
const result = await this.executeWithTimeout(context.callTool(testTool.name, {
|
|
112
|
+
__test_invalid_param__: "should_cause_error",
|
|
113
|
+
}), this.config.testTimeout);
|
|
114
|
+
// Validate MCP error response structure
|
|
115
|
+
const contentArray = Array.isArray(result.content)
|
|
116
|
+
? result.content
|
|
117
|
+
: [];
|
|
118
|
+
const validations = {
|
|
119
|
+
hasIsErrorFlag: result.isError === true,
|
|
120
|
+
hasContentArray: Array.isArray(result.content),
|
|
121
|
+
contentNotEmpty: contentArray.length > 0,
|
|
122
|
+
firstContentHasType: contentArray[0]?.type !== undefined,
|
|
123
|
+
firstContentIsTextOrResource: contentArray[0]?.type === "text" ||
|
|
124
|
+
contentArray[0]?.type === "resource",
|
|
125
|
+
hasErrorMessage: typeof contentArray[0]?.text === "string" &&
|
|
126
|
+
contentArray[0].text.length > 0,
|
|
127
|
+
};
|
|
128
|
+
// Tool did not return error - might have accepted params
|
|
129
|
+
if (!result.isError && contentArray.length > 0) {
|
|
130
|
+
results.push({
|
|
131
|
+
toolName: testTool.name,
|
|
132
|
+
passed: true,
|
|
133
|
+
isErrorResponse: false,
|
|
134
|
+
validations,
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
else {
|
|
138
|
+
const passedValidations = Object.values(validations).filter((v) => v);
|
|
139
|
+
const allPassed = passedValidations.length === Object.keys(validations).length;
|
|
140
|
+
results.push({
|
|
141
|
+
toolName: testTool.name,
|
|
142
|
+
passed: allPassed,
|
|
143
|
+
isErrorResponse: true,
|
|
144
|
+
validations,
|
|
145
|
+
});
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
catch (error) {
|
|
149
|
+
// Tool threw exception instead of returning error response
|
|
150
|
+
results.push({
|
|
151
|
+
toolName: testTool.name,
|
|
152
|
+
passed: false,
|
|
153
|
+
isErrorResponse: false,
|
|
145
154
|
error: error instanceof Error ? error.message : String(error),
|
|
146
|
-
}
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
155
|
+
});
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
// Aggregate results
|
|
159
|
+
const errorResponseResults = results.filter((r) => r.isErrorResponse);
|
|
160
|
+
const passedCount = results.filter((r) => r.passed).length;
|
|
161
|
+
const allPassed = passedCount === results.length;
|
|
162
|
+
// Determine confidence based on error response coverage
|
|
163
|
+
let confidence;
|
|
164
|
+
if (errorResponseResults.length === 0) {
|
|
165
|
+
// No tools returned errors - all accepted invalid params
|
|
166
|
+
confidence = "medium";
|
|
152
167
|
}
|
|
168
|
+
else if (allPassed) {
|
|
169
|
+
confidence = "high";
|
|
170
|
+
}
|
|
171
|
+
else {
|
|
172
|
+
confidence = "medium";
|
|
173
|
+
}
|
|
174
|
+
return {
|
|
175
|
+
passed: allPassed,
|
|
176
|
+
confidence,
|
|
177
|
+
evidence: `Tested ${results.length} tool(s): ${passedCount}/${results.length} passed error format validation`,
|
|
178
|
+
specReference: this.getSpecLifecycleUrl(),
|
|
179
|
+
details: {
|
|
180
|
+
toolResults: results,
|
|
181
|
+
testedToolCount: results.length,
|
|
182
|
+
errorResponseCount: errorResponseResults.length,
|
|
183
|
+
},
|
|
184
|
+
warnings: allPassed
|
|
185
|
+
? undefined
|
|
186
|
+
: [
|
|
187
|
+
"Error response format issues detected in some tools",
|
|
188
|
+
"Ensure all errors have isError: true and content array with text type",
|
|
189
|
+
],
|
|
190
|
+
};
|
|
153
191
|
}
|
|
154
192
|
/**
|
|
155
193
|
* Check 2: Content Type Support
|
|
@@ -165,7 +203,7 @@ export class ProtocolConformanceAssessor extends BaseAssessor {
|
|
|
165
203
|
passed: false,
|
|
166
204
|
confidence: "low",
|
|
167
205
|
evidence: "No tools available to test content types",
|
|
168
|
-
specReference:
|
|
206
|
+
specReference: this.getSpecToolsUrl(),
|
|
169
207
|
};
|
|
170
208
|
}
|
|
171
209
|
// Check if tool has required params - if so, we can't easily test
|
|
@@ -178,7 +216,7 @@ export class ProtocolConformanceAssessor extends BaseAssessor {
|
|
|
178
216
|
passed: true,
|
|
179
217
|
confidence: "low",
|
|
180
218
|
evidence: "Cannot test content types without knowing valid parameters - tool has required params",
|
|
181
|
-
specReference:
|
|
219
|
+
specReference: this.getSpecToolsUrl(),
|
|
182
220
|
warnings: [
|
|
183
221
|
"Content type validation requires valid tool parameters",
|
|
184
222
|
"Consider adding a tool without required params for protocol testing",
|
|
@@ -204,7 +242,7 @@ export class ProtocolConformanceAssessor extends BaseAssessor {
|
|
|
204
242
|
passed: allPassed,
|
|
205
243
|
confidence: allPassed ? "high" : "medium",
|
|
206
244
|
evidence: `${passedValidations.length}/${Object.keys(validations).length} content type checks passed`,
|
|
207
|
-
specReference:
|
|
245
|
+
specReference: this.getSpecToolsUrl(),
|
|
208
246
|
details: {
|
|
209
247
|
validations,
|
|
210
248
|
detectedContentTypes: detectedTypes,
|
|
@@ -220,7 +258,7 @@ export class ProtocolConformanceAssessor extends BaseAssessor {
|
|
|
220
258
|
passed: false,
|
|
221
259
|
confidence: "medium",
|
|
222
260
|
evidence: "Could not test content types due to error",
|
|
223
|
-
specReference:
|
|
261
|
+
specReference: this.getSpecToolsUrl(),
|
|
224
262
|
details: {
|
|
225
263
|
error: error instanceof Error ? error.message : String(error),
|
|
226
264
|
},
|
|
@@ -254,7 +292,7 @@ export class ProtocolConformanceAssessor extends BaseAssessor {
|
|
|
254
292
|
passed: hasMinimumInfo,
|
|
255
293
|
confidence: allPassed ? "high" : "medium",
|
|
256
294
|
evidence: `${passedValidations.length}/${Object.keys(validations).length} initialization checks passed`,
|
|
257
|
-
specReference:
|
|
295
|
+
specReference: this.getSpecLifecycleUrl(),
|
|
258
296
|
details: {
|
|
259
297
|
validations,
|
|
260
298
|
serverInfo: {
|
|
@@ -351,7 +389,7 @@ export class ProtocolConformanceAssessor extends BaseAssessor {
|
|
|
351
389
|
recommendations.push("Protocol conformance is good. Consider testing with official @modelcontextprotocol/conformance suite for comprehensive validation.");
|
|
352
390
|
}
|
|
353
391
|
else {
|
|
354
|
-
recommendations.push(`Review MCP specification: ${
|
|
392
|
+
recommendations.push(`Review MCP specification: ${this.getSpecBaseUrl()}/`);
|
|
355
393
|
}
|
|
356
394
|
return recommendations;
|
|
357
395
|
}
|
|
@@ -2,36 +2,82 @@
|
|
|
2
2
|
* MCP Server Assessment Modules
|
|
3
3
|
*
|
|
4
4
|
* This module exports all assessors for comprehensive MCP server evaluation.
|
|
5
|
+
* Modules are organized into 4 tiers based on assessment purpose.
|
|
5
6
|
*
|
|
6
|
-
*
|
|
7
|
+
* ## Module Tier Organization (v1.25.0+)
|
|
8
|
+
*
|
|
9
|
+
* ### Tier 1: Core Security (Always Run) - 6 modules
|
|
7
10
|
* - FunctionalityAssessor - Tests tool execution and response handling
|
|
8
|
-
* - DocumentationAssessor - Evaluates README and tool documentation
|
|
9
11
|
* - SecurityAssessor - Checks for security vulnerabilities
|
|
12
|
+
* - TemporalAssessor - Detects rug pull vulnerabilities
|
|
10
13
|
* - ErrorHandlingAssessor - Tests error handling patterns
|
|
11
|
-
* -
|
|
12
|
-
* -
|
|
14
|
+
* - ProtocolComplianceAssessor - MCP protocol + JSON-RPC validation (NEW)
|
|
15
|
+
* - AUPComplianceAssessor - Checks for Acceptable Use Policy violations
|
|
13
16
|
*
|
|
14
|
-
* MCP Directory
|
|
15
|
-
* - AUPComplianceAssessor - Checks for Acceptable Use Policy violations (14 categories)
|
|
17
|
+
* ### Tier 2: Compliance (MCP Directory) - 4 modules
|
|
16
18
|
* - ToolAnnotationAssessor - Verifies tool annotations per Policy #17
|
|
17
19
|
* - ProhibitedLibrariesAssessor - Detects prohibited libraries per Policy #28-30
|
|
18
20
|
* - ManifestValidationAssessor - Validates MCPB manifest.json
|
|
21
|
+
* - AuthenticationAssessor - OAuth and authentication evaluation
|
|
22
|
+
*
|
|
23
|
+
* ### Tier 3: Capability-Based (Conditional) - 3 modules
|
|
24
|
+
* - ResourceAssessor - Resource security assessment
|
|
25
|
+
* - PromptAssessor - Prompt security assessment
|
|
26
|
+
* - CrossCapabilitySecurityAssessor - Cross-capability attack chains
|
|
27
|
+
*
|
|
28
|
+
* ### Tier 4: Extended (Optional) - 3 modules
|
|
29
|
+
* - DeveloperExperienceAssessor - Documentation + usability assessment (NEW)
|
|
19
30
|
* - PortabilityAssessor - Checks for portability issues
|
|
20
|
-
* -
|
|
31
|
+
* - ExternalAPIScannerAssessor - External API detection
|
|
32
|
+
*
|
|
33
|
+
* ## Deprecated Modules (v1.25.0+)
|
|
34
|
+
* The following modules are deprecated and will be removed in v2.0.0:
|
|
35
|
+
* - DocumentationAssessor → use DeveloperExperienceAssessor
|
|
36
|
+
* - UsabilityAssessor → use DeveloperExperienceAssessor
|
|
37
|
+
* - MCPSpecComplianceAssessor → use ProtocolComplianceAssessor
|
|
38
|
+
* - ProtocolConformanceAssessor → use ProtocolComplianceAssessor
|
|
39
|
+
*
|
|
40
|
+
* @module assessment/modules
|
|
21
41
|
*/
|
|
22
42
|
export { BaseAssessor } from "./BaseAssessor.js";
|
|
23
43
|
export { FunctionalityAssessor } from "./FunctionalityAssessor.js";
|
|
24
|
-
export { DocumentationAssessor } from "./DocumentationAssessor.js";
|
|
25
44
|
export { SecurityAssessor } from "./SecurityAssessor.js";
|
|
45
|
+
export { TemporalAssessor } from "./TemporalAssessor.js";
|
|
26
46
|
export { ErrorHandlingAssessor } from "./ErrorHandlingAssessor.js";
|
|
27
|
-
export {
|
|
28
|
-
export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
|
|
47
|
+
export { ProtocolComplianceAssessor } from "./ProtocolComplianceAssessor.js";
|
|
29
48
|
export { AUPComplianceAssessor } from "./AUPComplianceAssessor.js";
|
|
30
49
|
export { ToolAnnotationAssessor } from "./ToolAnnotationAssessor.js";
|
|
31
50
|
export { ProhibitedLibrariesAssessor } from "./ProhibitedLibrariesAssessor.js";
|
|
32
51
|
export { ManifestValidationAssessor } from "./ManifestValidationAssessor.js";
|
|
52
|
+
export { AuthenticationAssessor } from "./AuthenticationAssessor.js";
|
|
53
|
+
export { ResourceAssessor } from "./ResourceAssessor.js";
|
|
54
|
+
export { PromptAssessor } from "./PromptAssessor.js";
|
|
55
|
+
export { CrossCapabilitySecurityAssessor } from "./CrossCapabilitySecurityAssessor.js";
|
|
56
|
+
export { DeveloperExperienceAssessor } from "./DeveloperExperienceAssessor.js";
|
|
33
57
|
export { PortabilityAssessor } from "./PortabilityAssessor.js";
|
|
34
58
|
export { ExternalAPIScannerAssessor } from "./ExternalAPIScannerAssessor.js";
|
|
35
|
-
|
|
59
|
+
/**
|
|
60
|
+
* @deprecated Use DeveloperExperienceAssessor instead.
|
|
61
|
+
* DocumentationAssessor has been merged into DeveloperExperienceAssessor.
|
|
62
|
+
* This export will be removed in v2.0.0.
|
|
63
|
+
*/
|
|
64
|
+
export { DocumentationAssessor } from "./DocumentationAssessor.js";
|
|
65
|
+
/**
|
|
66
|
+
* @deprecated Use DeveloperExperienceAssessor instead.
|
|
67
|
+
* UsabilityAssessor has been merged into DeveloperExperienceAssessor.
|
|
68
|
+
* This export will be removed in v2.0.0.
|
|
69
|
+
*/
|
|
70
|
+
export { UsabilityAssessor } from "./UsabilityAssessor.js";
|
|
71
|
+
/**
|
|
72
|
+
* @deprecated Use ProtocolComplianceAssessor instead.
|
|
73
|
+
* MCPSpecComplianceAssessor has been merged into ProtocolComplianceAssessor.
|
|
74
|
+
* This export will be removed in v2.0.0.
|
|
75
|
+
*/
|
|
76
|
+
export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
|
|
77
|
+
/**
|
|
78
|
+
* @deprecated Use ProtocolComplianceAssessor instead.
|
|
79
|
+
* ProtocolConformanceAssessor has been merged into ProtocolComplianceAssessor.
|
|
80
|
+
* This export will be removed in v2.0.0.
|
|
81
|
+
*/
|
|
36
82
|
export { ProtocolConformanceAssessor } from "./ProtocolConformanceAssessor.js";
|
|
37
83
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/index.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAM9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAMhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAMlE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,+BAA+B,EAAE,MAAM,mCAAmC,CAAC;AAMpF,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAM1E;;;;GAIG;AACH,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE;;;;GAIG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD;;;;GAIG;AACH,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE;;;;GAIG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC"}
|
|
@@ -2,39 +2,97 @@
|
|
|
2
2
|
* MCP Server Assessment Modules
|
|
3
3
|
*
|
|
4
4
|
* This module exports all assessors for comprehensive MCP server evaluation.
|
|
5
|
+
* Modules are organized into 4 tiers based on assessment purpose.
|
|
5
6
|
*
|
|
6
|
-
*
|
|
7
|
+
* ## Module Tier Organization (v1.25.0+)
|
|
8
|
+
*
|
|
9
|
+
* ### Tier 1: Core Security (Always Run) - 6 modules
|
|
7
10
|
* - FunctionalityAssessor - Tests tool execution and response handling
|
|
8
|
-
* - DocumentationAssessor - Evaluates README and tool documentation
|
|
9
11
|
* - SecurityAssessor - Checks for security vulnerabilities
|
|
12
|
+
* - TemporalAssessor - Detects rug pull vulnerabilities
|
|
10
13
|
* - ErrorHandlingAssessor - Tests error handling patterns
|
|
11
|
-
* -
|
|
12
|
-
* -
|
|
14
|
+
* - ProtocolComplianceAssessor - MCP protocol + JSON-RPC validation (NEW)
|
|
15
|
+
* - AUPComplianceAssessor - Checks for Acceptable Use Policy violations
|
|
13
16
|
*
|
|
14
|
-
* MCP Directory
|
|
15
|
-
* - AUPComplianceAssessor - Checks for Acceptable Use Policy violations (14 categories)
|
|
17
|
+
* ### Tier 2: Compliance (MCP Directory) - 4 modules
|
|
16
18
|
* - ToolAnnotationAssessor - Verifies tool annotations per Policy #17
|
|
17
19
|
* - ProhibitedLibrariesAssessor - Detects prohibited libraries per Policy #28-30
|
|
18
20
|
* - ManifestValidationAssessor - Validates MCPB manifest.json
|
|
21
|
+
* - AuthenticationAssessor - OAuth and authentication evaluation
|
|
22
|
+
*
|
|
23
|
+
* ### Tier 3: Capability-Based (Conditional) - 3 modules
|
|
24
|
+
* - ResourceAssessor - Resource security assessment
|
|
25
|
+
* - PromptAssessor - Prompt security assessment
|
|
26
|
+
* - CrossCapabilitySecurityAssessor - Cross-capability attack chains
|
|
27
|
+
*
|
|
28
|
+
* ### Tier 4: Extended (Optional) - 3 modules
|
|
29
|
+
* - DeveloperExperienceAssessor - Documentation + usability assessment (NEW)
|
|
19
30
|
* - PortabilityAssessor - Checks for portability issues
|
|
20
|
-
* -
|
|
31
|
+
* - ExternalAPIScannerAssessor - External API detection
|
|
32
|
+
*
|
|
33
|
+
* ## Deprecated Modules (v1.25.0+)
|
|
34
|
+
* The following modules are deprecated and will be removed in v2.0.0:
|
|
35
|
+
* - DocumentationAssessor → use DeveloperExperienceAssessor
|
|
36
|
+
* - UsabilityAssessor → use DeveloperExperienceAssessor
|
|
37
|
+
* - MCPSpecComplianceAssessor → use ProtocolComplianceAssessor
|
|
38
|
+
* - ProtocolConformanceAssessor → use ProtocolComplianceAssessor
|
|
39
|
+
*
|
|
40
|
+
* @module assessment/modules
|
|
21
41
|
*/
|
|
22
42
|
// Base class
|
|
23
43
|
export { BaseAssessor } from "./BaseAssessor.js";
|
|
24
|
-
//
|
|
44
|
+
// ============================================================================
|
|
45
|
+
// Tier 1: Core Security (Always Run)
|
|
46
|
+
// ============================================================================
|
|
25
47
|
export { FunctionalityAssessor } from "./FunctionalityAssessor.js";
|
|
26
|
-
export { DocumentationAssessor } from "./DocumentationAssessor.js";
|
|
27
48
|
export { SecurityAssessor } from "./SecurityAssessor.js";
|
|
49
|
+
export { TemporalAssessor } from "./TemporalAssessor.js";
|
|
28
50
|
export { ErrorHandlingAssessor } from "./ErrorHandlingAssessor.js";
|
|
29
|
-
export {
|
|
30
|
-
export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
|
|
31
|
-
// MCP Directory Compliance Assessors
|
|
51
|
+
export { ProtocolComplianceAssessor } from "./ProtocolComplianceAssessor.js";
|
|
32
52
|
export { AUPComplianceAssessor } from "./AUPComplianceAssessor.js";
|
|
53
|
+
// ============================================================================
|
|
54
|
+
// Tier 2: Compliance (MCP Directory)
|
|
55
|
+
// ============================================================================
|
|
33
56
|
export { ToolAnnotationAssessor } from "./ToolAnnotationAssessor.js";
|
|
34
57
|
export { ProhibitedLibrariesAssessor } from "./ProhibitedLibrariesAssessor.js";
|
|
35
58
|
export { ManifestValidationAssessor } from "./ManifestValidationAssessor.js";
|
|
59
|
+
export { AuthenticationAssessor } from "./AuthenticationAssessor.js";
|
|
60
|
+
// ============================================================================
|
|
61
|
+
// Tier 3: Capability-Based (Conditional)
|
|
62
|
+
// ============================================================================
|
|
63
|
+
export { ResourceAssessor } from "./ResourceAssessor.js";
|
|
64
|
+
export { PromptAssessor } from "./PromptAssessor.js";
|
|
65
|
+
export { CrossCapabilitySecurityAssessor } from "./CrossCapabilitySecurityAssessor.js";
|
|
66
|
+
// ============================================================================
|
|
67
|
+
// Tier 4: Extended (Optional)
|
|
68
|
+
// ============================================================================
|
|
69
|
+
export { DeveloperExperienceAssessor } from "./DeveloperExperienceAssessor.js";
|
|
36
70
|
export { PortabilityAssessor } from "./PortabilityAssessor.js";
|
|
37
71
|
export { ExternalAPIScannerAssessor } from "./ExternalAPIScannerAssessor.js";
|
|
38
|
-
|
|
39
|
-
//
|
|
72
|
+
// ============================================================================
|
|
73
|
+
// Deprecated Exports (backward compatibility - will be removed in v2.0.0)
|
|
74
|
+
// ============================================================================
|
|
75
|
+
/**
|
|
76
|
+
* @deprecated Use DeveloperExperienceAssessor instead.
|
|
77
|
+
* DocumentationAssessor has been merged into DeveloperExperienceAssessor.
|
|
78
|
+
* This export will be removed in v2.0.0.
|
|
79
|
+
*/
|
|
80
|
+
export { DocumentationAssessor } from "./DocumentationAssessor.js";
|
|
81
|
+
/**
|
|
82
|
+
* @deprecated Use DeveloperExperienceAssessor instead.
|
|
83
|
+
* UsabilityAssessor has been merged into DeveloperExperienceAssessor.
|
|
84
|
+
* This export will be removed in v2.0.0.
|
|
85
|
+
*/
|
|
86
|
+
export { UsabilityAssessor } from "./UsabilityAssessor.js";
|
|
87
|
+
/**
|
|
88
|
+
* @deprecated Use ProtocolComplianceAssessor instead.
|
|
89
|
+
* MCPSpecComplianceAssessor has been merged into ProtocolComplianceAssessor.
|
|
90
|
+
* This export will be removed in v2.0.0.
|
|
91
|
+
*/
|
|
92
|
+
export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
|
|
93
|
+
/**
|
|
94
|
+
* @deprecated Use ProtocolComplianceAssessor instead.
|
|
95
|
+
* ProtocolConformanceAssessor has been merged into ProtocolComplianceAssessor.
|
|
96
|
+
* This export will be removed in v2.0.0.
|
|
97
|
+
*/
|
|
40
98
|
export { ProtocolConformanceAssessor } from "./ProtocolConformanceAssessor.js";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bryan-thompson/inspector-assessment-client",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.25.0",
|
|
4
4
|
"description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Bryan Thompson <bryan@triepod.ai>",
|