@bryan-thompson/inspector-assessment-client 1.25.1 → 1.25.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (132) hide show
  1. package/dist/assets/{OAuthCallback-CkzX_H4T.js → OAuthCallback-Dl4GYls3.js} +1 -1
  2. package/dist/assets/{OAuthDebugCallback-jZEkm74B.js → OAuthDebugCallback-BdJ38Z-r.js} +1 -1
  3. package/dist/assets/{index-Df9Sx1jt.css → index-cHhcEXbr.css} +4 -0
  4. package/dist/assets/{index-BVx1dGJT.js → index-pfUiTdQb.js} +4 -4
  5. package/dist/index.html +2 -2
  6. package/lib/lib/assessment/configTypes.d.ts +3 -0
  7. package/lib/lib/assessment/configTypes.d.ts.map +1 -1
  8. package/lib/lib/assessment/configTypes.js +11 -6
  9. package/lib/lib/assessment/coreTypes.d.ts +65 -0
  10. package/lib/lib/assessment/coreTypes.d.ts.map +1 -1
  11. package/lib/lib/assessment/extendedTypes.d.ts +127 -0
  12. package/lib/lib/assessment/extendedTypes.d.ts.map +1 -1
  13. package/lib/lib/assessment/resultTypes.d.ts +45 -0
  14. package/lib/lib/assessment/resultTypes.d.ts.map +1 -1
  15. package/lib/services/assessment/AssessmentOrchestrator.d.ts +4 -12
  16. package/lib/services/assessment/AssessmentOrchestrator.d.ts.map +1 -1
  17. package/lib/services/assessment/AssessmentOrchestrator.js +49 -238
  18. package/lib/services/assessment/TestDataGenerator.d.ts +9 -1
  19. package/lib/services/assessment/TestDataGenerator.d.ts.map +1 -1
  20. package/lib/services/assessment/TestDataGenerator.js +32 -6
  21. package/lib/services/assessment/TestScenarioEngine.d.ts +9 -1
  22. package/lib/services/assessment/TestScenarioEngine.d.ts.map +1 -1
  23. package/lib/services/assessment/TestScenarioEngine.js +17 -14
  24. package/lib/services/assessment/ToolClassifier.d.ts +154 -27
  25. package/lib/services/assessment/ToolClassifier.d.ts.map +1 -1
  26. package/lib/services/assessment/ToolClassifier.js +171 -318
  27. package/lib/services/assessment/config/annotationPatterns.d.ts +3 -1
  28. package/lib/services/assessment/config/annotationPatterns.d.ts.map +1 -1
  29. package/lib/services/assessment/config/annotationPatterns.js +5 -2
  30. package/lib/services/assessment/config/architecturePatterns.d.ts +101 -0
  31. package/lib/services/assessment/config/architecturePatterns.d.ts.map +1 -0
  32. package/lib/services/assessment/config/architecturePatterns.js +248 -0
  33. package/lib/services/assessment/config/performanceConfig.d.ts +122 -0
  34. package/lib/services/assessment/config/performanceConfig.d.ts.map +1 -0
  35. package/lib/services/assessment/config/performanceConfig.js +154 -0
  36. package/lib/services/assessment/config/sanitizationPatterns.d.ts +63 -0
  37. package/lib/services/assessment/config/sanitizationPatterns.d.ts.map +1 -0
  38. package/lib/services/assessment/config/sanitizationPatterns.js +223 -0
  39. package/lib/services/assessment/lib/claudeCodeBridge.d.ts +3 -1
  40. package/lib/services/assessment/lib/claudeCodeBridge.d.ts.map +1 -1
  41. package/lib/services/assessment/lib/claudeCodeBridge.js +5 -3
  42. package/lib/services/assessment/lib/concurrencyLimit.d.ts +6 -2
  43. package/lib/services/assessment/lib/concurrencyLimit.d.ts.map +1 -1
  44. package/lib/services/assessment/lib/concurrencyLimit.js +13 -6
  45. package/lib/services/assessment/lib/errors.d.ts +90 -0
  46. package/lib/services/assessment/lib/errors.d.ts.map +1 -0
  47. package/lib/services/assessment/lib/errors.js +136 -0
  48. package/lib/services/assessment/lib/timeoutUtils.d.ts +69 -0
  49. package/lib/services/assessment/lib/timeoutUtils.d.ts.map +1 -0
  50. package/lib/services/assessment/lib/timeoutUtils.js +103 -0
  51. package/lib/services/assessment/modules/BaseAssessor.d.ts +43 -8
  52. package/lib/services/assessment/modules/BaseAssessor.d.ts.map +1 -1
  53. package/lib/services/assessment/modules/BaseAssessor.js +103 -34
  54. package/lib/services/assessment/modules/DeveloperExperienceAssessor.d.ts +38 -1
  55. package/lib/services/assessment/modules/DeveloperExperienceAssessor.d.ts.map +1 -1
  56. package/lib/services/assessment/modules/DeveloperExperienceAssessor.js +185 -19
  57. package/lib/services/assessment/modules/DocumentationAssessor.d.ts +5 -0
  58. package/lib/services/assessment/modules/DocumentationAssessor.d.ts.map +1 -1
  59. package/lib/services/assessment/modules/DocumentationAssessor.js +11 -0
  60. package/lib/services/assessment/modules/ErrorHandlingAssessor.js +1 -1
  61. package/lib/services/assessment/modules/FunctionalityAssessor.d.ts.map +1 -1
  62. package/lib/services/assessment/modules/FunctionalityAssessor.js +6 -3
  63. package/lib/services/assessment/modules/MCPSpecComplianceAssessor.d.ts +3 -0
  64. package/lib/services/assessment/modules/MCPSpecComplianceAssessor.d.ts.map +1 -1
  65. package/lib/services/assessment/modules/MCPSpecComplianceAssessor.js +14 -2
  66. package/lib/services/assessment/modules/ManifestValidationAssessor.d.ts.map +1 -1
  67. package/lib/services/assessment/modules/ManifestValidationAssessor.js +7 -2
  68. package/lib/services/assessment/modules/PromptAssessor.d.ts +1 -0
  69. package/lib/services/assessment/modules/PromptAssessor.d.ts.map +1 -1
  70. package/lib/services/assessment/modules/PromptAssessor.js +26 -16
  71. package/lib/services/assessment/modules/ProtocolComplianceAssessor.d.ts.map +1 -1
  72. package/lib/services/assessment/modules/ProtocolComplianceAssessor.js +6 -2
  73. package/lib/services/assessment/modules/ProtocolConformanceAssessor.d.ts +5 -0
  74. package/lib/services/assessment/modules/ProtocolConformanceAssessor.d.ts.map +1 -1
  75. package/lib/services/assessment/modules/ProtocolConformanceAssessor.js +15 -0
  76. package/lib/services/assessment/modules/ResourceAssessor.d.ts.map +1 -1
  77. package/lib/services/assessment/modules/ResourceAssessor.js +8 -2
  78. package/lib/services/assessment/modules/SecurityAssessor.d.ts +3 -171
  79. package/lib/services/assessment/modules/SecurityAssessor.d.ts.map +1 -1
  80. package/lib/services/assessment/modules/SecurityAssessor.js +25 -1480
  81. package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts +27 -28
  82. package/lib/services/assessment/modules/ToolAnnotationAssessor.d.ts.map +1 -1
  83. package/lib/services/assessment/modules/ToolAnnotationAssessor.js +340 -863
  84. package/lib/services/assessment/modules/UsabilityAssessor.d.ts +5 -0
  85. package/lib/services/assessment/modules/UsabilityAssessor.d.ts.map +1 -1
  86. package/lib/services/assessment/modules/UsabilityAssessor.js +11 -0
  87. package/lib/services/assessment/modules/annotations/AnnotationDeceptionDetector.d.ts +57 -0
  88. package/lib/services/assessment/modules/annotations/AnnotationDeceptionDetector.d.ts.map +1 -0
  89. package/lib/services/assessment/modules/annotations/AnnotationDeceptionDetector.js +176 -0
  90. package/lib/services/assessment/modules/annotations/ArchitectureDetector.d.ts +67 -0
  91. package/lib/services/assessment/modules/annotations/ArchitectureDetector.d.ts.map +1 -0
  92. package/lib/services/assessment/modules/annotations/ArchitectureDetector.js +239 -0
  93. package/lib/services/assessment/modules/annotations/BehaviorInference.d.ts +46 -0
  94. package/lib/services/assessment/modules/annotations/BehaviorInference.d.ts.map +1 -0
  95. package/lib/services/assessment/modules/annotations/BehaviorInference.js +394 -0
  96. package/lib/services/assessment/modules/annotations/DescriptionAnalyzer.d.ts +64 -0
  97. package/lib/services/assessment/modules/annotations/DescriptionAnalyzer.d.ts.map +1 -0
  98. package/lib/services/assessment/modules/annotations/DescriptionAnalyzer.js +304 -0
  99. package/lib/services/assessment/modules/annotations/DescriptionPoisoningDetector.d.ts +43 -0
  100. package/lib/services/assessment/modules/annotations/DescriptionPoisoningDetector.d.ts.map +1 -0
  101. package/lib/services/assessment/modules/annotations/DescriptionPoisoningDetector.js +276 -0
  102. package/lib/services/assessment/modules/annotations/SchemaAnalyzer.d.ts +122 -0
  103. package/lib/services/assessment/modules/annotations/SchemaAnalyzer.d.ts.map +1 -0
  104. package/lib/services/assessment/modules/annotations/SchemaAnalyzer.js +388 -0
  105. package/lib/services/assessment/modules/annotations/index.d.ts +13 -0
  106. package/lib/services/assessment/modules/annotations/index.d.ts.map +1 -0
  107. package/lib/services/assessment/modules/annotations/index.js +15 -0
  108. package/lib/services/assessment/modules/index.d.ts +10 -0
  109. package/lib/services/assessment/modules/index.d.ts.map +1 -1
  110. package/lib/services/assessment/modules/index.js +13 -0
  111. package/lib/services/assessment/modules/securityTests/SanitizationDetector.d.ts +125 -0
  112. package/lib/services/assessment/modules/securityTests/SanitizationDetector.d.ts.map +1 -0
  113. package/lib/services/assessment/modules/securityTests/SanitizationDetector.js +345 -0
  114. package/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.d.ts +33 -0
  115. package/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.d.ts.map +1 -0
  116. package/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.js +128 -0
  117. package/lib/services/assessment/modules/securityTests/SecurityPayloadTester.d.ts +67 -0
  118. package/lib/services/assessment/modules/securityTests/SecurityPayloadTester.d.ts.map +1 -0
  119. package/lib/services/assessment/modules/securityTests/SecurityPayloadTester.js +372 -0
  120. package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts +178 -0
  121. package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts.map +1 -0
  122. package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.js +1207 -0
  123. package/lib/services/assessment/modules/securityTests/index.d.ts +8 -0
  124. package/lib/services/assessment/modules/securityTests/index.d.ts.map +1 -0
  125. package/lib/services/assessment/modules/securityTests/index.js +7 -0
  126. package/lib/services/assessment/orchestratorHelpers.d.ts +83 -0
  127. package/lib/services/assessment/orchestratorHelpers.d.ts.map +1 -0
  128. package/lib/services/assessment/orchestratorHelpers.js +212 -0
  129. package/lib/services/assessment/tool-classifier-patterns.d.ts +85 -0
  130. package/lib/services/assessment/tool-classifier-patterns.d.ts.map +1 -0
  131. package/lib/services/assessment/tool-classifier-patterns.js +365 -0
  132. package/package.json +1 -1
package/lib/services/assessment/config/architecturePatterns.d.ts ADDED
@@ -0,0 +1,101 @@
1
+ /**
2
+ * Architecture Pattern Configuration
3
+ *
4
+ * Pattern database for detecting server architecture characteristics including:
5
+ * - Database backends (Neo4j, MongoDB, PostgreSQL, etc.)
6
+ * - Transport modes (stdio, HTTP, SSE)
7
+ * - Network access requirements
8
+ *
9
+ * Created as part of Issue #57: Architecture detection and behavior inference modules
10
+ */
11
+ /**
12
+ * Database backend types detected from patterns
13
+ */
14
+ export type DatabaseBackend = "neo4j" | "mongodb" | "sqlite" | "postgresql" | "mysql" | "redis" | "dynamodb" | "firestore" | "supabase" | "cassandra" | "elasticsearch" | "unknown";
15
+ /**
16
+ * Transport mode capabilities
17
+ */
18
+ export type TransportMode = "stdio" | "http" | "sse";
19
+ /**
20
+ * Server architecture classification
21
+ */
22
+ export type ServerArchitectureType = "local" | "hybrid" | "remote";
23
+ /**
24
+ * Database detection patterns.
25
+ * Each database has multiple patterns to catch various naming conventions.
26
+ */
27
+ export declare const DATABASE_PATTERNS: Record<Exclude<DatabaseBackend, "unknown">, RegExp[]>;
28
+ /**
29
+ * Transport detection patterns.
30
+ * Used to identify which transport modes a server supports.
31
+ */
32
+ export declare const TRANSPORT_PATTERNS: Record<TransportMode, RegExp[]>;
33
+ /**
34
+ * Network access indicators.
35
+ * Patterns that suggest the server requires network/internet access.
36
+ */
37
+ export declare const NETWORK_INDICATORS: RegExp[];
38
+ /**
39
+ * Local-only indicators.
40
+ * Patterns that suggest the server operates locally without network.
41
+ */
42
+ export declare const LOCAL_ONLY_INDICATORS: RegExp[];
43
+ /**
44
+ * External service detection patterns.
45
+ * Maps service names to URL/import patterns.
46
+ */
47
+ export declare const EXTERNAL_SERVICE_PATTERNS: Record<string, RegExp[]>;
48
+ /**
49
+ * Architecture pattern configuration interface.
50
+ * Allows customization of all pattern categories.
51
+ */
52
+ export interface ArchitecturePatternConfig {
53
+ databases: Record<string, RegExp[]>;
54
+ transports: Record<string, RegExp[]>;
55
+ networkIndicators: RegExp[];
56
+ localOnlyIndicators: RegExp[];
57
+ externalServices: Record<string, RegExp[]>;
58
+ }
59
+ /**
60
+ * Get default architecture patterns configuration.
61
+ */
62
+ export declare function getDefaultArchitecturePatterns(): ArchitecturePatternConfig;
63
+ /**
64
+ * Detect database backends from text content.
65
+ * Searches for patterns in tool descriptions, source code, or package.json.
66
+ *
67
+ * @param content - Text content to search (description, source code, etc.)
68
+ * @returns Array of detected database backends with match evidence
69
+ */
70
+ export declare function detectDatabasesFromContent(content: string): Array<{
71
+ backend: DatabaseBackend;
72
+ evidence: string;
73
+ confidence: "high" | "medium" | "low";
74
+ }>;
75
+ /**
76
+ * Detect transport modes from text content.
77
+ *
78
+ * @param content - Text content to search
79
+ * @returns Array of detected transport modes
80
+ */
81
+ export declare function detectTransportsFromContent(content: string): TransportMode[];
82
+ /**
83
+ * Check if content indicates network access requirements.
84
+ *
85
+ * @param content - Text content to search
86
+ * @returns Object with network access flag and matched indicators
87
+ */
88
+ export declare function checkNetworkAccess(content: string): {
89
+ requiresNetwork: boolean;
90
+ indicators: string[];
91
+ localOnly: boolean;
92
+ localIndicators: string[];
93
+ };
94
+ /**
95
+ * Detect external services from content.
96
+ *
97
+ * @param content - Text content to search
98
+ * @returns Array of detected service names
99
+ */
100
+ export declare function detectExternalServices(content: string): string[];
101
+ //# sourceMappingURL=architecturePatterns.d.ts.map
package/lib/services/assessment/config/architecturePatterns.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"architecturePatterns.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/config/architecturePatterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,OAAO,GACP,SAAS,GACT,QAAQ,GACR,YAAY,GACZ,OAAO,GACP,OAAO,GACP,UAAU,GACV,WAAW,GACX,UAAU,GACV,WAAW,GACX,eAAe,GACf,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;AAErD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEnE;;;GAGG;AACH,eAAO,MAAM,iBAAiB,EAAE,MAAM,CACpC,OAAO,CAAC,eAAe,EAAE,SAAS,CAAC,EACnC,MAAM,EAAE,CAiCT,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,CAyB9D,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,MAAM,EA6BtC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,qBAAqB,EAAE,MAAM,EAmBzC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,yBAAyB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAW9D,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACpC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACrC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CAC5C;AAED;;GAEG;AACH,wBAAgB,8BAA8B,IAAI,yBAAyB,CAQ1E;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,CAAC;IACjE,OAAO,EAAE,eAAe,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACvC,CAAC,CA4BD;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,EAAE,CAa5E;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG;IACnD,eAAe,EAAE,OAAO,CAAC;IACzB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,CAwBA;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAahE"}
package/lib/services/assessment/config/architecturePatterns.js ADDED
@@ -0,0 +1,248 @@
1
+ /**
2
+ * Architecture Pattern Configuration
3
+ *
4
+ * Pattern database for detecting server architecture characteristics including:
5
+ * - Database backends (Neo4j, MongoDB, PostgreSQL, etc.)
6
+ * - Transport modes (stdio, HTTP, SSE)
7
+ * - Network access requirements
8
+ *
9
+ * Created as part of Issue #57: Architecture detection and behavior inference modules
10
+ */
11
+ /**
12
+ * Database detection patterns.
13
+ * Each database has multiple patterns to catch various naming conventions.
14
+ */
15
+ export const DATABASE_PATTERNS = {
16
+ neo4j: [
17
+ /\bneo4j\b/i,
18
+ /\bcypher\b/i,
19
+ /graph\s*database/i,
20
+ /neo4j:\/\//i,
21
+ /\bgraph\s*db\b/i,
22
+ ],
23
+ mongodb: [
24
+ /\bmongodb\b/i,
25
+ /\bmongoose\b/i,
26
+ /\bmongo\b/i,
27
+ /mongodb:\/\//i,
28
+ /mongodb\+srv:\/\//i,
29
+ /\bpymongo\b/i,
30
+ ],
31
+ sqlite: [/\bsqlite\b/i, /\bsqlite3\b/i, /\.sqlite\b/i, /\.db\b/i],
32
+ postgresql: [
33
+ /\bpostgres\b/i,
34
+ /\bpostgresql\b/i,
35
+ /\bpg\b/i,
36
+ /postgres:\/\//i,
37
+ /postgresql:\/\//i,
38
+ /\bpsycopg\b/i,
39
+ ],
40
+ mysql: [/\bmysql\b/i, /\bmariadb\b/i, /mysql:\/\//i, /mariadb:\/\//i],
41
+ redis: [/\bredis\b/i, /redis:\/\//i, /\bupstash\b/i],
42
+ dynamodb: [/\bdynamodb\b/i, /\bdynamo\b/i, /aws.*dynamo/i],
43
+ firestore: [/\bfirestore\b/i, /firebase.*firestore/i],
44
+ supabase: [/\bsupabase\b/i, /supabase\.co/i],
45
+ cassandra: [/\bcassandra\b/i, /\bscylla\b/i, /cql/i],
46
+ elasticsearch: [/\belasticsearch\b/i, /\belastic\b/i, /\bopensearch\b/i],
47
+ };
48
+ /**
49
+ * Transport detection patterns.
50
+ * Used to identify which transport modes a server supports.
51
+ */
52
+ export const TRANSPORT_PATTERNS = {
53
+ stdio: [
54
+ /\bstdio\b/i,
55
+ /\bstdin\b/i,
56
+ /\bstdout\b/i,
57
+ /transport.*stdio/i,
58
+ /stdio.*transport/i,
59
+ /process\.stdin/i,
60
+ /process\.stdout/i,
61
+ ],
62
+ http: [
63
+ /\bhttp\s*transport\b/i,
64
+ /streamable-http/i,
65
+ /rest\s*api/i,
66
+ /\bhttp\s*server\b/i,
67
+ /express|fastify|koa|hono/i,
68
+ /app\.listen/i,
69
+ ],
70
+ sse: [
71
+ /\bsse\b/i,
72
+ /server-sent/i,
73
+ /event\s*stream/i,
74
+ /sse\s*transport/i,
75
+ /text\/event-stream/i,
76
+ ],
77
+ };
78
+ /**
79
+ * Network access indicators.
80
+ * Patterns that suggest the server requires network/internet access.
81
+ */
82
+ export const NETWORK_INDICATORS = [
83
+ // URL patterns
84
+ /https?:\/\//i,
85
+ /wss?:\/\//i,
86
+ // API domain patterns
87
+ /api\.[a-z]+\./i,
88
+ /\.api\./i,
89
+ // HTTP client libraries
90
+ /\bfetch\s*\(/i,
91
+ /\baxios\b/i,
92
+ /\brequest\b/i,
93
+ /\bgot\b/i,
94
+ /\bnode-fetch\b/i,
95
+ /\bundici\b/i,
96
+ /\bhttpx\b/i,
97
+ /\brequests\b/i,
98
+ /\baiohttp\b/i,
99
+ // WebSocket patterns
100
+ /\bwebsocket\b/i,
101
+ /\bsocket\.io\b/i,
102
+ /\bws\b/i,
103
+ // Cloud service patterns
104
+ /aws-sdk/i,
105
+ /\bgoogle-cloud\b/i,
106
+ /azure/i,
107
+ ];
108
+ /**
109
+ * Local-only indicators.
110
+ * Patterns that suggest the server operates locally without network.
111
+ */
112
+ export const LOCAL_ONLY_INDICATORS = [
113
+ // File system operations
114
+ /\bfs\b/i,
115
+ /file\s*system/i,
116
+ /local\s*file/i,
117
+ /\.readFile/i,
118
+ /\.writeFile/i,
119
+ // SQLite (local database)
120
+ /\bsqlite\b/i,
121
+ // Local path patterns
122
+ /~\/|\/home\/|\/Users\//i,
123
+ // Local process execution
124
+ /child_process/i,
125
+ /subprocess/i,
126
+ /\bexec\b/i,
127
+ /\bspawn\b/i,
128
+ ];
129
+ /**
130
+ * External service detection patterns.
131
+ * Maps service names to URL/import patterns.
132
+ */
133
+ export const EXTERNAL_SERVICE_PATTERNS = {
134
+ github: [/github\.com/i, /api\.github/i, /\b@octokit\b/i, /\bgithub\b/i],
135
+ gitlab: [/gitlab\.com/i, /api\.gitlab/i, /\bgitlab\b/i],
136
+ aws: [/aws-sdk/i, /amazonaws\.com/i, /\baws\b/i],
137
+ gcp: [/google-cloud/i, /googleapis\.com/i, /\bgcp\b/i],
138
+ azure: [/azure/i, /microsoft\.com/i],
139
+ openai: [/openai\.com/i, /api\.openai/i, /\bopenai\b/i],
140
+ anthropic: [/anthropic\.com/i, /api\.anthropic/i, /\banthropic\b/i],
141
+ slack: [/slack\.com/i, /api\.slack/i, /\bslack\b/i],
142
+ discord: [/discord\.com/i, /discord\.gg/i, /\bdiscord\b/i],
143
+ stripe: [/stripe\.com/i, /api\.stripe/i, /\bstripe\b/i],
144
+ };
145
+ /**
146
+ * Get default architecture patterns configuration.
147
+ */
148
+ export function getDefaultArchitecturePatterns() {
149
+ return {
150
+ databases: DATABASE_PATTERNS,
151
+ transports: TRANSPORT_PATTERNS,
152
+ networkIndicators: NETWORK_INDICATORS,
153
+ localOnlyIndicators: LOCAL_ONLY_INDICATORS,
154
+ externalServices: EXTERNAL_SERVICE_PATTERNS,
155
+ };
156
+ }
157
+ /**
158
+ * Detect database backends from text content.
159
+ * Searches for patterns in tool descriptions, source code, or package.json.
160
+ *
161
+ * @param content - Text content to search (description, source code, etc.)
162
+ * @returns Array of detected database backends with match evidence
163
+ */
164
+ export function detectDatabasesFromContent(content) {
165
+ const results = [];
166
+ for (const [backend, patterns] of Object.entries(DATABASE_PATTERNS)) {
167
+ for (const pattern of patterns) {
168
+ const match = content.match(pattern);
169
+ if (match) {
170
+ // Determine confidence based on pattern specificity
171
+ const confidence = pattern.source.includes("://") || pattern.source.includes("\\b")
172
+ ? "high"
173
+ : "medium";
174
+ results.push({
175
+ backend: backend,
176
+ evidence: match[0],
177
+ confidence,
178
+ });
179
+ break; // Only one match per backend
180
+ }
181
+ }
182
+ }
183
+ return results;
184
+ }
185
+ /**
186
+ * Detect transport modes from text content.
187
+ *
188
+ * @param content - Text content to search
189
+ * @returns Array of detected transport modes
190
+ */
191
+ export function detectTransportsFromContent(content) {
192
+ const transports = new Set();
193
+ for (const [mode, patterns] of Object.entries(TRANSPORT_PATTERNS)) {
194
+ for (const pattern of patterns) {
195
+ if (pattern.test(content)) {
196
+ transports.add(mode);
197
+ break;
198
+ }
199
+ }
200
+ }
201
+ return Array.from(transports);
202
+ }
203
+ /**
204
+ * Check if content indicates network access requirements.
205
+ *
206
+ * @param content - Text content to search
207
+ * @returns Object with network access flag and matched indicators
208
+ */
209
+ export function checkNetworkAccess(content) {
210
+ const networkMatches = [];
211
+ const localMatches = [];
212
+ for (const pattern of NETWORK_INDICATORS) {
213
+ const match = content.match(pattern);
214
+ if (match) {
215
+ networkMatches.push(match[0]);
216
+ }
217
+ }
218
+ for (const pattern of LOCAL_ONLY_INDICATORS) {
219
+ const match = content.match(pattern);
220
+ if (match) {
221
+ localMatches.push(match[0]);
222
+ }
223
+ }
224
+ return {
225
+ requiresNetwork: networkMatches.length > 0,
226
+ indicators: networkMatches,
227
+ localOnly: localMatches.length > 0 && networkMatches.length === 0,
228
+ localIndicators: localMatches,
229
+ };
230
+ }
231
+ /**
232
+ * Detect external services from content.
233
+ *
234
+ * @param content - Text content to search
235
+ * @returns Array of detected service names
236
+ */
237
+ export function detectExternalServices(content) {
238
+ const services = new Set();
239
+ for (const [service, patterns] of Object.entries(EXTERNAL_SERVICE_PATTERNS)) {
240
+ for (const pattern of patterns) {
241
+ if (pattern.test(content)) {
242
+ services.add(service);
243
+ break;
244
+ }
245
+ }
246
+ }
247
+ return Array.from(services);
248
+ }
package/lib/services/assessment/config/performanceConfig.d.ts ADDED
@@ -0,0 +1,122 @@
1
+ /**
2
+ * Performance Configuration for Assessment Engine
3
+ *
4
+ * Centralizes performance-related magic numbers that were previously
5
+ * scattered across multiple modules. Supports JSON configuration files
6
+ * for runtime tuning via CLI flags.
7
+ *
8
+ * @see https://github.com/triepod-ai/inspector-assessment/issues/37
9
+ */
10
+ import type { Logger } from "../lib/logger.js";
11
+ /**
12
+ * Performance configuration for assessment execution.
13
+ * Controls batching, timeouts, concurrency, and resource limits.
14
+ */
15
+ export interface PerformanceConfig {
16
+ /**
17
+ * Interval in milliseconds between progress batch flushes.
18
+ * Controls how often batched test results are emitted.
19
+ * @default 500
20
+ */
21
+ batchFlushIntervalMs: number;
22
+ /**
23
+ * Batch size for functionality assessment progress events.
24
+ * Smaller than security batch size because functionality tests are fewer.
25
+ * @default 5
26
+ */
27
+ functionalityBatchSize: number;
28
+ /**
29
+ * Batch size for security assessment progress events.
30
+ * @default 10
31
+ */
32
+ securityBatchSize: number;
33
+ /**
34
+ * Timeout for individual test scenario execution in milliseconds.
35
+ * Applied via Promise.race in TestScenarioEngine.
36
+ * @default 5000
37
+ */
38
+ testTimeoutMs: number;
39
+ /**
40
+ * Timeout for individual security payload tests in milliseconds.
41
+ * Fallback when not specified in assessment configuration.
42
+ * @default 5000
43
+ */
44
+ securityTestTimeoutMs: number;
45
+ /**
46
+ * Warning threshold for queue depth monitoring.
47
+ * Triggers warning when task queue exceeds this size.
48
+ *
49
+ * Derivation: Advanced security assessments can legitimately queue:
50
+ * 29 tools x 140 payloads (across 23 attack patterns) = 4,060 tasks
51
+ *
52
+ * Threshold of 10,000 provides ~146% headroom to accommodate larger
53
+ * tool sets while catching true runaway scenarios.
54
+ * @default 10000
55
+ */
56
+ queueWarningThreshold: number;
57
+ /**
58
+ * Maximum EventEmitter listeners to prevent Node.js warnings.
59
+ * Assessment operations require more listeners than Node's default (10).
60
+ * @default 50
61
+ */
62
+ eventEmitterMaxListeners: number;
63
+ }
64
+ /**
65
+ * Default performance configuration.
66
+ * These values preserve existing behavior across all modules.
67
+ */
68
+ export declare const DEFAULT_PERFORMANCE_CONFIG: Readonly<Required<PerformanceConfig>>;
69
+ /**
70
+ * Performance presets for common use cases.
71
+ */
72
+ export declare const PERFORMANCE_PRESETS: {
73
+ /** Default configuration - balanced performance */
74
+ readonly default: Readonly<Required<PerformanceConfig>>;
75
+ /** Optimized for speed with larger batches */
76
+ readonly fast: Readonly<{
77
+ functionalityBatchSize: 10;
78
+ securityBatchSize: 20;
79
+ batchFlushIntervalMs: number;
80
+ testTimeoutMs: number;
81
+ securityTestTimeoutMs: number;
82
+ queueWarningThreshold: number;
83
+ eventEmitterMaxListeners: number;
84
+ }>;
85
+ /** Conservative settings for resource-constrained environments */
86
+ readonly resourceConstrained: Readonly<{
87
+ functionalityBatchSize: 3;
88
+ securityBatchSize: 5;
89
+ queueWarningThreshold: 5000;
90
+ batchFlushIntervalMs: number;
91
+ testTimeoutMs: number;
92
+ securityTestTimeoutMs: number;
93
+ eventEmitterMaxListeners: number;
94
+ }>;
95
+ };
96
+ /**
97
+ * Validate a partial performance config.
98
+ * Ensures values are within reasonable bounds.
99
+ *
100
+ * @param config - Partial config to validate
101
+ * @returns Array of validation error messages (empty if valid)
102
+ */
103
+ export declare function validatePerformanceConfig(config: Partial<PerformanceConfig>): string[];
104
+ /**
105
+ * Merge a partial config with defaults.
106
+ * User-provided values override defaults.
107
+ *
108
+ * @param partial - Partial config to merge
109
+ * @returns Complete config with defaults applied
110
+ */
111
+ export declare function mergeWithDefaults(partial: Partial<PerformanceConfig>): Required<PerformanceConfig>;
112
+ /**
113
+ * Load performance configuration from a JSON file.
114
+ * Partial configs are validated and merged with defaults.
115
+ *
116
+ * @param configPath - Path to JSON configuration file
117
+ * @param logger - Optional logger for diagnostic output
118
+ * @returns Complete configuration with defaults applied
119
+ * @throws Error if config file has validation errors
120
+ */
121
+ export declare function loadPerformanceConfig(configPath?: string, logger?: Logger): Required<PerformanceConfig>;
122
+ //# sourceMappingURL=performanceConfig.d.ts.map
package/lib/services/assessment/config/performanceConfig.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"performanceConfig.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/config/performanceConfig.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAE5C;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;;;OAIG;IACH,sBAAsB,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAE1B;;;;OAIG;IACH,aAAa,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,qBAAqB,EAAE,MAAM,CAAC;IAE9B;;;;;;;;;;OAUG;IACH,qBAAqB,EAAE,MAAM,CAAC;IAE9B;;;;OAIG;IACH,wBAAwB,EAAE,MAAM,CAAC;CAClC;AAED;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAE,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CASzE,CAAC;AAEL;;GAEG;AACH,eAAO,MAAM,mBAAmB;IAC9B,mDAAmD;;IAGnD,8CAA8C;;;;8BAxExB,MAAM;uBAoBb,MAAM;+BAOE,MAAM;+BAaN,MAAM;kCAOH,MAAM;;IAgChC,kEAAkE;;;;;8BA/E5C,MAAM;uBAoBb,MAAM;+BAOE,MAAM;kCAoBH,MAAM;;CAuCxB,CAAC;AAEX;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACjC,MAAM,EAAE,CAwDV;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAClC,QAAQ,CAAC,iBAAiB,CAAC,CAsB7B;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,CAAC,EAAE,MAAM,EACnB,MAAM,CAAC,EAAE,MAAM,GACd,QAAQ,CAAC,iBAAiB,CAAC,CAyC7B"}
package/lib/services/assessment/config/performanceConfig.js ADDED
@@ -0,0 +1,154 @@
1
+ /**
2
+ * Performance Configuration for Assessment Engine
3
+ *
4
+ * Centralizes performance-related magic numbers that were previously
5
+ * scattered across multiple modules. Supports JSON configuration files
6
+ * for runtime tuning via CLI flags.
7
+ *
8
+ * @see https://github.com/triepod-ai/inspector-assessment/issues/37
9
+ */
10
+ import * as fs from "fs";
11
+ /**
12
+ * Default performance configuration.
13
+ * These values preserve existing behavior across all modules.
14
+ */
15
+ export const DEFAULT_PERFORMANCE_CONFIG = Object.freeze({
16
+ batchFlushIntervalMs: 500,
17
+ functionalityBatchSize: 5,
18
+ securityBatchSize: 10,
19
+ testTimeoutMs: 5000,
20
+ securityTestTimeoutMs: 5000,
21
+ queueWarningThreshold: 10000,
22
+ eventEmitterMaxListeners: 50,
23
+ });
24
+ /**
25
+ * Performance presets for common use cases.
26
+ */
27
+ export const PERFORMANCE_PRESETS = {
28
+ /** Default configuration - balanced performance */
29
+ default: DEFAULT_PERFORMANCE_CONFIG,
30
+ /** Optimized for speed with larger batches */
31
+ fast: Object.freeze({
32
+ ...DEFAULT_PERFORMANCE_CONFIG,
33
+ functionalityBatchSize: 10,
34
+ securityBatchSize: 20,
35
+ }),
36
+ /** Conservative settings for resource-constrained environments */
37
+ resourceConstrained: Object.freeze({
38
+ ...DEFAULT_PERFORMANCE_CONFIG,
39
+ functionalityBatchSize: 3,
40
+ securityBatchSize: 5,
41
+ queueWarningThreshold: 5000,
42
+ }),
43
+ };
44
+ /**
45
+ * Validate a partial performance config.
46
+ * Ensures values are within reasonable bounds.
47
+ *
48
+ * @param config - Partial config to validate
49
+ * @returns Array of validation error messages (empty if valid)
50
+ */
51
+ export function validatePerformanceConfig(config) {
52
+ const errors = [];
53
+ if (config.batchFlushIntervalMs !== undefined &&
54
+ (config.batchFlushIntervalMs < 50 || config.batchFlushIntervalMs > 10000)) {
55
+ errors.push("batchFlushIntervalMs must be between 50 and 10000");
56
+ }
57
+ if (config.functionalityBatchSize !== undefined &&
58
+ (config.functionalityBatchSize < 1 || config.functionalityBatchSize > 100)) {
59
+ errors.push("functionalityBatchSize must be between 1 and 100");
60
+ }
61
+ if (config.securityBatchSize !== undefined &&
62
+ (config.securityBatchSize < 1 || config.securityBatchSize > 100)) {
63
+ errors.push("securityBatchSize must be between 1 and 100");
64
+ }
65
+ if (config.testTimeoutMs !== undefined &&
66
+ (config.testTimeoutMs < 100 || config.testTimeoutMs > 300000)) {
67
+ errors.push("testTimeoutMs must be between 100 and 300000");
68
+ }
69
+ if (config.securityTestTimeoutMs !== undefined &&
70
+ (config.securityTestTimeoutMs < 100 ||
71
+ config.securityTestTimeoutMs > 300000)) {
72
+ errors.push("securityTestTimeoutMs must be between 100 and 300000");
73
+ }
74
+ if (config.queueWarningThreshold !== undefined &&
75
+ (config.queueWarningThreshold < 100 ||
76
+ config.queueWarningThreshold > 1000000)) {
77
+ errors.push("queueWarningThreshold must be between 100 and 1000000");
78
+ }
79
+ if (config.eventEmitterMaxListeners !== undefined &&
80
+ (config.eventEmitterMaxListeners < 10 ||
81
+ config.eventEmitterMaxListeners > 1000)) {
82
+ errors.push("eventEmitterMaxListeners must be between 10 and 1000");
83
+ }
84
+ return errors;
85
+ }
86
+ /**
87
+ * Merge a partial config with defaults.
88
+ * User-provided values override defaults.
89
+ *
90
+ * @param partial - Partial config to merge
91
+ * @returns Complete config with defaults applied
92
+ */
93
+ export function mergeWithDefaults(partial) {
94
+ return {
95
+ batchFlushIntervalMs: partial.batchFlushIntervalMs ??
96
+ DEFAULT_PERFORMANCE_CONFIG.batchFlushIntervalMs,
97
+ functionalityBatchSize: partial.functionalityBatchSize ??
98
+ DEFAULT_PERFORMANCE_CONFIG.functionalityBatchSize,
99
+ securityBatchSize: partial.securityBatchSize ?? DEFAULT_PERFORMANCE_CONFIG.securityBatchSize,
100
+ testTimeoutMs: partial.testTimeoutMs ?? DEFAULT_PERFORMANCE_CONFIG.testTimeoutMs,
101
+ securityTestTimeoutMs: partial.securityTestTimeoutMs ??
102
+ DEFAULT_PERFORMANCE_CONFIG.securityTestTimeoutMs,
103
+ queueWarningThreshold: partial.queueWarningThreshold ??
104
+ DEFAULT_PERFORMANCE_CONFIG.queueWarningThreshold,
105
+ eventEmitterMaxListeners: partial.eventEmitterMaxListeners ??
106
+ DEFAULT_PERFORMANCE_CONFIG.eventEmitterMaxListeners,
107
+ };
108
+ }
109
+ /**
110
+ * Load performance configuration from a JSON file.
111
+ * Partial configs are validated and merged with defaults.
112
+ *
113
+ * @param configPath - Path to JSON configuration file
114
+ * @param logger - Optional logger for diagnostic output
115
+ * @returns Complete configuration with defaults applied
116
+ * @throws Error if config file has validation errors
117
+ */
118
+ export function loadPerformanceConfig(configPath, logger) {
119
+ if (!configPath) {
120
+ return { ...DEFAULT_PERFORMANCE_CONFIG };
121
+ }
122
+ try {
123
+ const configContent = fs.readFileSync(configPath, "utf-8");
124
+ const userConfig = JSON.parse(configContent);
125
+ // Validate the config
126
+ const errors = validatePerformanceConfig(userConfig);
127
+ if (errors.length > 0) {
128
+ const errorMsg = `Invalid performance config: ${errors.join(", ")}`;
129
+ logger?.error(errorMsg, { configPath, errors });
130
+ throw new Error(errorMsg);
131
+ }
132
+ logger?.debug("Loaded performance config", { configPath, userConfig });
133
+ return mergeWithDefaults(userConfig);
134
+ }
135
+ catch (error) {
136
+ if (error instanceof SyntaxError) {
137
+ logger?.error("Invalid JSON in performance config file", {
138
+ configPath,
139
+ error: error.message,
140
+ });
141
+ throw new Error(`Invalid JSON in performance config: ${configPath}`);
142
+ }
143
+ // Re-throw validation errors
144
+ if (error instanceof Error && error.message.includes("Invalid")) {
145
+ throw error;
146
+ }
147
+ // File read errors - use defaults with warning
148
+ logger?.warn("Could not load performance config, using defaults", {
149
+ configPath,
150
+ error: error instanceof Error ? error.message : String(error),
151
+ });
152
+ return { ...DEFAULT_PERFORMANCE_CONFIG };
153
+ }
154
+ }