@bryan-thompson/inspector-assessment-client 1.24.2 → 1.25.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/dist/assets/{OAuthCallback-CoDaMN6l.js → OAuthCallback-CkzX_H4T.js} +1 -1
  2. package/dist/assets/{OAuthDebugCallback-DVsgc4Jd.js → OAuthDebugCallback-jZEkm74B.js} +1 -1
  3. package/dist/assets/{index-CauENw8a.js → index-BVx1dGJT.js} +4 -4
  4. package/dist/index.html +1 -1
  5. package/lib/services/assessment/ToolClassifier.d.ts.map +1 -1
  6. package/lib/services/assessment/ToolClassifier.js +2 -10
  7. package/lib/services/assessment/modules/DeveloperExperienceAssessor.d.ts +67 -0
  8. package/lib/services/assessment/modules/DeveloperExperienceAssessor.d.ts.map +1 -0
  9. package/lib/services/assessment/modules/DeveloperExperienceAssessor.js +586 -0
  10. package/lib/services/assessment/modules/ProtocolComplianceAssessor.d.ts +108 -0
  11. package/lib/services/assessment/modules/ProtocolComplianceAssessor.d.ts.map +1 -0
  12. package/lib/services/assessment/modules/ProtocolComplianceAssessor.js +782 -0
  13. package/lib/services/assessment/modules/index.d.ts +57 -11
  14. package/lib/services/assessment/modules/index.d.ts.map +1 -1
  15. package/lib/services/assessment/modules/index.js +72 -14
  16. package/package.json +1 -1
package/lib/services/assessment/modules/index.d.ts CHANGED
@@ -2,36 +2,82 @@
2
2
  * MCP Server Assessment Modules
3
3
  *
4
4
  * This module exports all assessors for comprehensive MCP server evaluation.
5
+ * Modules are organized into 4 tiers based on assessment purpose.
5
6
  *
6
- * Original Assessors (from MCP Inspector):
7
+ * ## Module Tier Organization (v1.25.0+)
8
+ *
9
+ * ### Tier 1: Core Security (Always Run) - 6 modules
7
10
  * - FunctionalityAssessor - Tests tool execution and response handling
8
- * - DocumentationAssessor - Evaluates README and tool documentation
9
11
  * - SecurityAssessor - Checks for security vulnerabilities
12
+ * - TemporalAssessor - Detects rug pull vulnerabilities
10
13
  * - ErrorHandlingAssessor - Tests error handling patterns
11
- * - UsabilityAssessor - Evaluates tool naming and schemas
12
- * - MCPSpecComplianceAssessor - Verifies MCP specification compliance
14
+ * - ProtocolComplianceAssessor - MCP protocol + JSON-RPC validation (NEW)
15
+ * - AUPComplianceAssessor - Checks for Acceptable Use Policy violations
13
16
  *
14
- * MCP Directory Compliance Assessors (new):
15
- * - AUPComplianceAssessor - Checks for Acceptable Use Policy violations (14 categories)
17
+ * ### Tier 2: Compliance (MCP Directory) - 4 modules
16
18
  * - ToolAnnotationAssessor - Verifies tool annotations per Policy #17
17
19
  * - ProhibitedLibrariesAssessor - Detects prohibited libraries per Policy #28-30
18
20
  * - ManifestValidationAssessor - Validates MCPB manifest.json
21
+ * - AuthenticationAssessor - OAuth and authentication evaluation
22
+ *
23
+ * ### Tier 3: Capability-Based (Conditional) - 3 modules
24
+ * - ResourceAssessor - Resource security assessment
25
+ * - PromptAssessor - Prompt security assessment
26
+ * - CrossCapabilitySecurityAssessor - Cross-capability attack chains
27
+ *
28
+ * ### Tier 4: Extended (Optional) - 3 modules
29
+ * - DeveloperExperienceAssessor - Documentation + usability assessment (NEW)
19
30
  * - PortabilityAssessor - Checks for portability issues
20
- * - TemporalAssessor - Detects rug pull vulnerabilities (temporal behavior changes)
31
+ * - ExternalAPIScannerAssessor - External API detection
32
+ *
33
+ * ## Deprecated Modules (v1.25.0+)
34
+ * The following modules are deprecated and will be removed in v2.0.0:
35
+ * - DocumentationAssessor → use DeveloperExperienceAssessor
36
+ * - UsabilityAssessor → use DeveloperExperienceAssessor
37
+ * - MCPSpecComplianceAssessor → use ProtocolComplianceAssessor
38
+ * - ProtocolConformanceAssessor → use ProtocolComplianceAssessor
39
+ *
40
+ * @module assessment/modules
21
41
  */
22
42
  export { BaseAssessor } from "./BaseAssessor.js";
23
43
  export { FunctionalityAssessor } from "./FunctionalityAssessor.js";
24
- export { DocumentationAssessor } from "./DocumentationAssessor.js";
25
44
  export { SecurityAssessor } from "./SecurityAssessor.js";
45
+ export { TemporalAssessor } from "./TemporalAssessor.js";
26
46
  export { ErrorHandlingAssessor } from "./ErrorHandlingAssessor.js";
27
- export { UsabilityAssessor } from "./UsabilityAssessor.js";
28
- export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
47
+ export { ProtocolComplianceAssessor } from "./ProtocolComplianceAssessor.js";
29
48
  export { AUPComplianceAssessor } from "./AUPComplianceAssessor.js";
30
49
  export { ToolAnnotationAssessor } from "./ToolAnnotationAssessor.js";
31
50
  export { ProhibitedLibrariesAssessor } from "./ProhibitedLibrariesAssessor.js";
32
51
  export { ManifestValidationAssessor } from "./ManifestValidationAssessor.js";
52
+ export { AuthenticationAssessor } from "./AuthenticationAssessor.js";
53
+ export { ResourceAssessor } from "./ResourceAssessor.js";
54
+ export { PromptAssessor } from "./PromptAssessor.js";
55
+ export { CrossCapabilitySecurityAssessor } from "./CrossCapabilitySecurityAssessor.js";
56
+ export { DeveloperExperienceAssessor } from "./DeveloperExperienceAssessor.js";
33
57
  export { PortabilityAssessor } from "./PortabilityAssessor.js";
34
58
  export { ExternalAPIScannerAssessor } from "./ExternalAPIScannerAssessor.js";
35
- export { TemporalAssessor } from "./TemporalAssessor.js";
59
+ /**
60
+ * @deprecated Use DeveloperExperienceAssessor instead.
61
+ * DocumentationAssessor has been merged into DeveloperExperienceAssessor.
62
+ * This export will be removed in v2.0.0.
63
+ */
64
+ export { DocumentationAssessor } from "./DocumentationAssessor.js";
65
+ /**
66
+ * @deprecated Use DeveloperExperienceAssessor instead.
67
+ * UsabilityAssessor has been merged into DeveloperExperienceAssessor.
68
+ * This export will be removed in v2.0.0.
69
+ */
70
+ export { UsabilityAssessor } from "./UsabilityAssessor.js";
71
+ /**
72
+ * @deprecated Use ProtocolComplianceAssessor instead.
73
+ * MCPSpecComplianceAssessor has been merged into ProtocolComplianceAssessor.
74
+ * This export will be removed in v2.0.0.
75
+ */
76
+ export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
77
+ /**
78
+ * @deprecated Use ProtocolComplianceAssessor instead.
79
+ * ProtocolConformanceAssessor has been merged into ProtocolComplianceAssessor.
80
+ * This export will be removed in v2.0.0.
81
+ */
36
82
  export { ProtocolConformanceAssessor } from "./ProtocolConformanceAssessor.js";
37
83
  //# sourceMappingURL=index.d.ts.map
package/lib/services/assessment/modules/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAG9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAGxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGtD,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAM9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAMhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAMlE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,+BAA+B,EAAE,MAAM,mCAAmC,CAAC;AAMpF,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAM1E;;;;GAIG;AACH,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE;;;;GAIG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD;;;;GAIG;AACH,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE;;;;GAIG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC"}
package/lib/services/assessment/modules/index.js CHANGED
@@ -2,39 +2,97 @@
2
2
  * MCP Server Assessment Modules
3
3
  *
4
4
  * This module exports all assessors for comprehensive MCP server evaluation.
5
+ * Modules are organized into 4 tiers based on assessment purpose.
5
6
  *
6
- * Original Assessors (from MCP Inspector):
7
+ * ## Module Tier Organization (v1.25.0+)
8
+ *
9
+ * ### Tier 1: Core Security (Always Run) - 6 modules
7
10
  * - FunctionalityAssessor - Tests tool execution and response handling
8
- * - DocumentationAssessor - Evaluates README and tool documentation
9
11
  * - SecurityAssessor - Checks for security vulnerabilities
12
+ * - TemporalAssessor - Detects rug pull vulnerabilities
10
13
  * - ErrorHandlingAssessor - Tests error handling patterns
11
- * - UsabilityAssessor - Evaluates tool naming and schemas
12
- * - MCPSpecComplianceAssessor - Verifies MCP specification compliance
14
+ * - ProtocolComplianceAssessor - MCP protocol + JSON-RPC validation (NEW)
15
+ * - AUPComplianceAssessor - Checks for Acceptable Use Policy violations
13
16
  *
14
- * MCP Directory Compliance Assessors (new):
15
- * - AUPComplianceAssessor - Checks for Acceptable Use Policy violations (14 categories)
17
+ * ### Tier 2: Compliance (MCP Directory) - 4 modules
16
18
  * - ToolAnnotationAssessor - Verifies tool annotations per Policy #17
17
19
  * - ProhibitedLibrariesAssessor - Detects prohibited libraries per Policy #28-30
18
20
  * - ManifestValidationAssessor - Validates MCPB manifest.json
21
+ * - AuthenticationAssessor - OAuth and authentication evaluation
22
+ *
23
+ * ### Tier 3: Capability-Based (Conditional) - 3 modules
24
+ * - ResourceAssessor - Resource security assessment
25
+ * - PromptAssessor - Prompt security assessment
26
+ * - CrossCapabilitySecurityAssessor - Cross-capability attack chains
27
+ *
28
+ * ### Tier 4: Extended (Optional) - 3 modules
29
+ * - DeveloperExperienceAssessor - Documentation + usability assessment (NEW)
19
30
  * - PortabilityAssessor - Checks for portability issues
20
- * - TemporalAssessor - Detects rug pull vulnerabilities (temporal behavior changes)
31
+ * - ExternalAPIScannerAssessor - External API detection
32
+ *
33
+ * ## Deprecated Modules (v1.25.0+)
34
+ * The following modules are deprecated and will be removed in v2.0.0:
35
+ * - DocumentationAssessor → use DeveloperExperienceAssessor
36
+ * - UsabilityAssessor → use DeveloperExperienceAssessor
37
+ * - MCPSpecComplianceAssessor → use ProtocolComplianceAssessor
38
+ * - ProtocolConformanceAssessor → use ProtocolComplianceAssessor
39
+ *
40
+ * @module assessment/modules
21
41
  */
22
42
  // Base class
23
43
  export { BaseAssessor } from "./BaseAssessor.js";
24
- // Original MCP Inspector Assessors
44
+ // ============================================================================
45
+ // Tier 1: Core Security (Always Run)
46
+ // ============================================================================
25
47
  export { FunctionalityAssessor } from "./FunctionalityAssessor.js";
26
- export { DocumentationAssessor } from "./DocumentationAssessor.js";
27
48
  export { SecurityAssessor } from "./SecurityAssessor.js";
49
+ export { TemporalAssessor } from "./TemporalAssessor.js";
28
50
  export { ErrorHandlingAssessor } from "./ErrorHandlingAssessor.js";
29
- export { UsabilityAssessor } from "./UsabilityAssessor.js";
30
- export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
31
- // MCP Directory Compliance Assessors
51
+ export { ProtocolComplianceAssessor } from "./ProtocolComplianceAssessor.js";
32
52
  export { AUPComplianceAssessor } from "./AUPComplianceAssessor.js";
53
+ // ============================================================================
54
+ // Tier 2: Compliance (MCP Directory)
55
+ // ============================================================================
33
56
  export { ToolAnnotationAssessor } from "./ToolAnnotationAssessor.js";
34
57
  export { ProhibitedLibrariesAssessor } from "./ProhibitedLibrariesAssessor.js";
35
58
  export { ManifestValidationAssessor } from "./ManifestValidationAssessor.js";
59
+ export { AuthenticationAssessor } from "./AuthenticationAssessor.js";
60
+ // ============================================================================
61
+ // Tier 3: Capability-Based (Conditional)
62
+ // ============================================================================
63
+ export { ResourceAssessor } from "./ResourceAssessor.js";
64
+ export { PromptAssessor } from "./PromptAssessor.js";
65
+ export { CrossCapabilitySecurityAssessor } from "./CrossCapabilitySecurityAssessor.js";
66
+ // ============================================================================
67
+ // Tier 4: Extended (Optional)
68
+ // ============================================================================
69
+ export { DeveloperExperienceAssessor } from "./DeveloperExperienceAssessor.js";
36
70
  export { PortabilityAssessor } from "./PortabilityAssessor.js";
37
71
  export { ExternalAPIScannerAssessor } from "./ExternalAPIScannerAssessor.js";
38
- export { TemporalAssessor } from "./TemporalAssessor.js";
39
- // Protocol Conformance Assessor
72
+ // ============================================================================
73
+ // Deprecated Exports (backward compatibility - will be removed in v2.0.0)
74
+ // ============================================================================
75
+ /**
76
+ * @deprecated Use DeveloperExperienceAssessor instead.
77
+ * DocumentationAssessor has been merged into DeveloperExperienceAssessor.
78
+ * This export will be removed in v2.0.0.
79
+ */
80
+ export { DocumentationAssessor } from "./DocumentationAssessor.js";
81
+ /**
82
+ * @deprecated Use DeveloperExperienceAssessor instead.
83
+ * UsabilityAssessor has been merged into DeveloperExperienceAssessor.
84
+ * This export will be removed in v2.0.0.
85
+ */
86
+ export { UsabilityAssessor } from "./UsabilityAssessor.js";
87
+ /**
88
+ * @deprecated Use ProtocolComplianceAssessor instead.
89
+ * MCPSpecComplianceAssessor has been merged into ProtocolComplianceAssessor.
90
+ * This export will be removed in v2.0.0.
91
+ */
92
+ export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
93
+ /**
94
+ * @deprecated Use ProtocolComplianceAssessor instead.
95
+ * ProtocolConformanceAssessor has been merged into ProtocolComplianceAssessor.
96
+ * This export will be removed in v2.0.0.
97
+ */
40
98
  export { ProtocolConformanceAssessor } from "./ProtocolConformanceAssessor.js";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bryan-thompson/inspector-assessment-client",
3
- "version": "1.24.2",
3
+ "version": "1.25.1",
4
4
  "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
5
5
  "license": "MIT",
6
6
  "author": "Bryan Thompson <bryan@triepod.ai>",