@bryan-thompson/inspector-assessment-client 1.26.6 → 1.26.7

package/lib/services/assessment/modules/SecurityAssessor.js

@@ -1,11 +1,11 @@
 /**
  * Security Assessor Module
- * Tests for backend API security vulnerabilities using 23 focused patterns
+ * Tests for backend API security vulnerabilities using 26 focused patterns
  *
  * BASIC MODE (5 patterns - enableDomainTesting=false):
  *   Command Injection, Calculator Injection, SQL Injection, Path Traversal, Unicode Bypass
  *
- * ADVANCED MODE (all 23 patterns - enableDomainTesting=true):
+ * ADVANCED MODE (all 26 patterns - enableDomainTesting=true):
  *   - Critical Injection (6): Command, Calculator, SQL, Path Traversal, XXE, NoSQL
  *   - Input Validation (3): Type Safety, Boundary Testing, Required Fields
  *   - Protocol Compliance (2): MCP Error Format, Timeout Handling
@@ -14,13 +14,22 @@
  *   - Encoding Bypass (1): Unicode Bypass
  *   - Resource Exhaustion (1): DoS/Resource Exhaustion
  *   - Deserialization (1): Insecure Deserialization
+ *   - Auth Bypass (1): Fail-open authentication vulnerabilities (CVE-2025-52882)
+ *   - Cross-Tool State Bypass (1): Privilege escalation via shared state (Issue #92)
+ *   - Chained Exploitation (1): Multi-tool chain execution attacks (Issue #93)
+ *
+ * SEQUENCE TESTING (enableSequenceTesting - default true):
+ *   Tests for cross-tool privilege escalation by calling tool sequences
+ *   Tests for multi-tool chain exploitation attacks
  */
 import { BaseAssessor } from "./BaseAssessor.js";
-import { SecurityPayloadTester, SecurityPayloadGenerator, } from "./securityTests/index.js";
+import { SecurityPayloadTester, SecurityPayloadGenerator, CrossToolStateTester, ChainExecutionTester, } from "./securityTests/index.js";
 import { ToolClassifier, ToolCategory } from "../ToolClassifier.js";
 export class SecurityAssessor extends BaseAssessor {
     payloadTester;
     payloadGenerator;
+    crossToolStateTester;
+    chainTester;
     claudeBridge = null;
     /**
      * Set the ClaudeCodeBridge for semantic analysis of security test results
@@ -29,7 +38,7 @@ export class SecurityAssessor extends BaseAssessor {
     setClaudeBridge(bridge) {
         this.claudeBridge = bridge;
         if (bridge) {
-            this.log(`ClaudeCodeBridge enabled for security semantic analysis (transport: ${bridge.getTransport()})`);
+            this.logger.info(`ClaudeCodeBridge enabled for security semantic analysis (transport: ${bridge.getTransport()})`);
         }
     }
     /**
@@ -58,7 +67,7 @@ export class SecurityAssessor extends BaseAssessor {
             return await this.claudeBridge.analyzeSecurityResponse(context);
         }
         catch (error) {
-            this.logError("Claude semantic analysis failed", error);
+            this.logger.error("Claude semantic analysis failed", { error });
             return null;
         }
     }
@@ -75,11 +84,19 @@ export class SecurityAssessor extends BaseAssessor {
         };
         // Create logger adapter
         const testLogger = {
-            log: (message) => this.log(message),
-            logError: (message, error) => this.logError(message, error),
+            log: (message) => this.logger.info(message),
+            logError: (message, error) => this.logger.error(message, { error }),
         };
         // Initialize payload tester with config, logger, and timeout function
         this.payloadTester = new SecurityPayloadTester(payloadConfig, testLogger, this.executeWithTimeout.bind(this));
+        // Initialize cross-tool state tester (Issue #92)
+        this.crossToolStateTester = new CrossToolStateTester({
+            timeout: config.securityTestTimeout,
+        });
+        // Initialize chain execution tester (Issue #93)
+        this.chainTester = new ChainExecutionTester({
+            verbose: false,
+        });
     }
     async assess(context) {
         // Select tools for testing first
@@ -91,8 +108,8 @@ export class SecurityAssessor extends BaseAssessor {
         const validTests = allTests.filter((t) => !t.connectionError);
         // Log connection error warning
         if (connectionErrors.length > 0) {
-            this.log(`⚠️ WARNING: ${connectionErrors.length} test${connectionErrors.length !== 1 ? "s" : ""} failed due to connection/server errors`);
-            this.log(`Connection errors: ${connectionErrors.map((e) => `${e.toolName}:${e.testName} (${e.errorType})`).join(", ")}`);
+            this.logger.info(`⚠️ WARNING: ${connectionErrors.length} test${connectionErrors.length !== 1 ? "s" : ""} failed due to connection/server errors`);
+            this.logger.info(`Connection errors: ${connectionErrors.map((e) => `${e.toolName}:${e.testName} (${e.errorType})`).join(", ")}`);
         }
         // Progressive enhancement: refine medium/low confidence detections with Claude semantic analysis
         // HIGH confidence detections bypass Claude (cost efficient), only uncertain cases get API calls
@@ -102,7 +119,7 @@ export class SecurityAssessor extends BaseAssessor {
             // Find tests that need semantic refinement (medium/low confidence vulnerabilities)
             const testsToRefine = validTests.filter((t) => t.vulnerable && (t.confidence === "medium" || t.confidence === "low"));
             if (testsToRefine.length > 0) {
-                this.log(`🧠 Running Claude semantic analysis on ${testsToRefine.length} medium/low confidence detection(s)...`);
+                this.logger.info(`🧠 Running Claude semantic analysis on ${testsToRefine.length} medium/low confidence detection(s)...`);
                 let refinedCount = 0;
                 let falsePositivesRemoved = 0;
                 for (const test of testsToRefine) {
@@ -123,18 +140,18 @@ export class SecurityAssessor extends BaseAssessor {
                             // False positive - mark as not vulnerable
                             test.vulnerable = false;
                             falsePositivesRemoved++;
-                            this.log(`  ✅ ${test.toolName}:${test.testName} - marked safe (${refinement.reasoning.substring(0, 100)}...)`);
+                            this.logger.info(`  ✅ ${test.toolName}:${test.testName} - marked safe (${refinement.reasoning.substring(0, 100)}...)`);
                         }
                         else {
                             // Confirmed or upgraded - update confidence
                             test.confidence = refinement.refinedConfidence;
                             if (refinement.refinedConfidence === "high") {
-                                this.log(`  ⚠️ ${test.toolName}:${test.testName} - confirmed vulnerable (${refinement.reasoning.substring(0, 100)}...)`);
+                                this.logger.info(`  ⚠️ ${test.toolName}:${test.testName} - confirmed vulnerable (${refinement.reasoning.substring(0, 100)}...)`);
                             }
                         }
                     }
                 }
-                this.log(`🧠 Semantic analysis complete: ${refinedCount} refined, ${falsePositivesRemoved} false positives removed`);
+                this.logger.info(`🧠 Semantic analysis complete: ${refinedCount} refined, ${falsePositivesRemoved} false positives removed`);
             }
         }
         // Count vulnerabilities from VALID tests only
@@ -169,6 +186,34 @@ export class SecurityAssessor extends BaseAssessor {
         // Additional security checks for new patterns (only on selected tools)
         const additionalVulnerabilities = await this.performAdditionalSecurityChecks(toolsToTest);
         vulnerabilities.push(...additionalVulnerabilities);
+        // Cross-tool sequence testing (Issue #92, Challenge #7)
+        // Tests for privilege escalation via shared mutable state
+        if (this.config.enableSequenceTesting !== false) {
+            const crossToolResults = await this.runCrossToolSequenceTests(toolsToTest, context.callTool, context.onProgress);
+            for (const [pairKey, result] of crossToolResults) {
+                if (result.vulnerable) {
+                    highRiskCount++;
+                    const vulnerability = `Cross-tool privilege escalation: ${pairKey}`;
+                    if (!vulnerabilities.includes(vulnerability)) {
+                        vulnerabilities.push(vulnerability);
+                    }
+                }
+            }
+        }
+        // Chain exploitation testing (Issue #93, Challenge #6)
+        // Tests for multi-tool chain exploitation attacks
+        if (this.config.enableSequenceTesting !== false) {
+            const chainResults = await this.runChainExploitationTests(toolsToTest, context.callTool, context.onProgress);
+            for (const [testKey, result] of chainResults) {
+                if (result.vulnerable) {
+                    highRiskCount++;
+                    const vulnerability = `Chain exploitation: ${testKey} (${result.reason})`;
+                    if (!vulnerabilities.includes(vulnerability)) {
+                        vulnerabilities.push(vulnerability);
+                    }
+                }
+            }
+        }
         // Determine overall risk level
         const overallRiskLevel = this.determineOverallRiskLevel(highRiskCount, mediumRiskCount, vulnerabilities.length);
         // Determine status (pass validTests array to check confidence levels, not allTests)
@@ -197,19 +242,19 @@ export class SecurityAssessor extends BaseAssessor {
             const selectedTools = tools.filter((tool) => selectedNames.has(tool.name));
             // Empty array means user explicitly selected 0 tools
             if (this.config.selectedToolsForTesting.length === 0) {
-                this.log(`User selected 0 tools for security testing - skipping tests`);
+                this.logger.info(`User selected 0 tools for security testing - skipping tests`);
                 return [];
             }
             // If no tools matched the names (config out of sync), log warning but respect selection
             if (selectedTools.length === 0) {
-                this.log(`Warning: No tools matched selection (${this.config.selectedToolsForTesting.join(", ")})`);
+                this.logger.info(`Warning: No tools matched selection (${this.config.selectedToolsForTesting.join(", ")})`);
                 return [];
             }
-            this.log(`Testing ${selectedTools.length} selected tools out of ${tools.length} for security`);
+            this.logger.info(`Testing ${selectedTools.length} selected tools out of ${tools.length} for security`);
             return selectedTools;
         }
         // Default: test all tools
-        this.log(`Testing all ${tools.length} tools for security`);
+        this.logger.info(`Testing all ${tools.length} tools for security`);
         return tools;
     }
     /**
@@ -235,6 +280,93 @@ export class SecurityAssessor extends BaseAssessor {
         }
         return vulnerabilities;
     }
+    /**
+     * Run cross-tool sequence tests for privilege escalation (Issue #92, Challenge #7)
+     * Tests tool pairs: modifier enables admin mode, then admin action succeeds
+     */
+    async runCrossToolSequenceTests(tools, callTool, onProgress) {
+        const pairs = this.crossToolStateTester.identifyCrossToolPairs(tools);
+        if (pairs.length === 0) {
+            this.logger.info(`No cross-tool pairs identified for sequence testing`);
+            return new Map();
+        }
+        this.logger.info(`Running cross-tool sequence tests on ${pairs.length} tool pair(s)...`);
+        const results = await this.crossToolStateTester.runAllSequenceTests(tools, callTool, onProgress);
+        // Log results
+        const summary = this.crossToolStateTester.summarizeResults(results);
+        if (summary.vulnerable > 0) {
+            this.logger.info(`⚠️ Cross-tool privilege escalation detected in ${summary.vulnerable} pair(s): ${summary.vulnerablePairs.join(", ")}`);
+        }
+        else {
+            this.logger.info(`✅ No cross-tool privilege escalation detected (${summary.safe} safe, ${summary.errors} errors)`);
+        }
+        return results;
+    }
+    /**
+     * Run chain exploitation tests (Issue #93, Challenge #6)
+     * Tests for multi-tool chain exploitation attacks including:
+     * - Arbitrary tool invocation without allowlist
+     * - Output injection via {{output}} template
+     * - Recursive chain execution (DoS potential)
+     * - State poisoning between chain steps
+     */
+    async runChainExploitationTests(tools, callTool, onProgress) {
+        const chainTools = this.chainTester.identifyChainExecutorTools(tools);
+        const allResults = new Map();
+        if (chainTools.length === 0) {
+            this.logger.info(`No chain executor tools identified for chain testing`);
+            return allResults;
+        }
+        this.logger.info(`Running chain exploitation tests on ${chainTools.length} tool(s)...`);
+        for (const tool of chainTools) {
+            const toolResults = await this.chainTester.runChainExploitationTests(callTool, tool);
+            // Aggregate results with tool name prefix and emit progress events
+            for (const [testName, result] of toolResults) {
+                allResults.set(`${tool.name}:${testName}`, result);
+                // Emit vulnerability_found progress event for vulnerable results
+                if (result.vulnerable && onProgress) {
+                    const evidenceText = result.evidence
+                        ? `Chain payload: ${result.evidence.chainPayload}`
+                        : `Chain exploitation detected: ${result.reason}`;
+                    const vulnEvent = {
+                        type: "vulnerability_found",
+                        tool: tool.name,
+                        pattern: `chain_exploitation:${testName}`,
+                        confidence: "high",
+                        evidence: evidenceText,
+                        riskLevel: "HIGH",
+                        requiresReview: true,
+                        payload: result.evidence?.chainPayload,
+                    };
+                    onProgress(vulnEvent);
+                }
+            }
+            // Log individual tool results
+            const summary = this.chainTester.summarizeResults(toolResults);
+            if (summary.vulnerable > 0) {
+                this.logger.info(`⚠️ Chain exploitation detected in ${tool.name}: ${summary.vulnerableTests.join(", ")}`);
+            }
+        }
+        // Log overall summary
+        let totalVulnerable = 0;
+        let totalSafe = 0;
+        let totalErrors = 0;
+        for (const result of allResults.values()) {
+            if (result.reason === "test_error")
+                totalErrors++;
+            else if (result.vulnerable)
+                totalVulnerable++;
+            else
+                totalSafe++;
+        }
+        if (totalVulnerable > 0) {
+            this.logger.info(`⚠️ Chain exploitation total: ${totalVulnerable} vulnerable, ${totalSafe} safe, ${totalErrors} errors`);
+        }
+        else {
+            this.logger.info(`✅ No chain exploitation detected (${totalSafe} safe, ${totalErrors} errors)`);
+        }
+        return allResults;
+    }
     /**
      * Determine overall risk level
      */

package/lib/services/assessment/modules/TemporalAssessor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TemporalAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/TemporalAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAGnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA+B9C,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,kBAAkB,CAAS;IAGnC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAoBnC;IAGF,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IAEjD;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAqBrC;IAEF;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAYzC;gBAEU,MAAM,EAAE,uBAAuB;IAKrC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAqEvD,UAAU;IAuHxB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAkChC,OAAO,CAAC,gBAAgB;IAsJxB;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAsC3B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAiFzB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAKzB;;;;;;;;OAQG;IACH,OAAO,CAAC,cAAc;IAetB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,sBAAsB;IAQ9B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAmExB;;;OAGG;IACH,OAAO,CAAC,yBAAyB;IAgEjC;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IA2DxB;;;;;;OAMG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAiCzB;;;;;;;;OAQG;IACH,OAAO,CAAC,2BAA2B;IAmDnC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;;;;OAKG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,uBAAuB;IAa/B,OAAO,CAAC,mBAAmB;IA+C3B,OAAO,CAAC,uBAAuB;CA+DhC"}
+{"version":3,"file":"TemporalAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/TemporalAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAGnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA+B9C,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,kBAAkB,CAAS;IAGnC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAoBnC;IAGF,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IAEjD;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAqBrC;IAEF;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAYzC;gBAEU,MAAM,EAAE,uBAAuB;IAKrC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAqEvD,UAAU;IAuHxB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAkChC,OAAO,CAAC,gBAAgB;IAwJxB;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAsC3B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAiFzB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAKzB;;;;;;;;OAQG;IACH,OAAO,CAAC,cAAc;IAetB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,sBAAsB;IAQ9B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAmExB;;;OAGG;IACH,OAAO,CAAC,yBAAyB;IAgEjC;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IA2DxB;;;;;;OAMG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAiCzB;;;;;;;;OAQG;IACH,OAAO,CAAC,2BAA2B;IAmDnC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;;;;OAKG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,uBAAuB;IAa/B,OAAO,CAAC,mBAAmB;IA+C3B,OAAO,CAAC,uBAAuB;CA+DhC"}

package/lib/services/assessment/modules/TemporalAssessor.js

@@ -110,10 +110,10 @@ export class TemporalAssessor extends BaseAssessor {
         // Check if definition tracking is available
         const canTrackDefinitions = typeof context.listTools === "function";
         if (canTrackDefinitions) {
-            this.log(`Starting temporal assessment with ${this.invocationsPerTool} invocations per tool (definition tracking enabled)`);
+            this.logger.info(`Starting temporal assessment with ${this.invocationsPerTool} invocations per tool (definition tracking enabled)`);
         }
         else {
-            this.log(`Starting temporal assessment with ${this.invocationsPerTool} invocations per tool (definition tracking unavailable)`);
+            this.logger.info(`Starting temporal assessment with ${this.invocationsPerTool} invocations per tool (definition tracking unavailable)`);
         }
         for (const tool of context.tools) {
             // Skip if tool selection is configured and this tool isn't selected
@@ -125,11 +125,11 @@ export class TemporalAssessor extends BaseAssessor {
             results.push(result);
             if (result.vulnerable) {
                 rugPullsDetected++;
-                this.log(`RUG PULL DETECTED: ${tool.name} changed behavior at invocation ${result.firstDeviationAt}`);
+                this.logger.info(`RUG PULL DETECTED: ${tool.name} changed behavior at invocation ${result.firstDeviationAt}`);
             }
             if (result.definitionMutated) {
                 definitionMutationsDetected++;
-                this.log(`DEFINITION MUTATION DETECTED: ${tool.name} changed description at invocation ${result.definitionMutationAt}`);
+                this.logger.info(`DEFINITION MUTATION DETECTED: ${tool.name} changed description at invocation ${result.definitionMutationAt}`);
             }
             // Respect delay between tests
             if (this.config.delayBetweenTests) {
@@ -161,7 +161,7 @@ export class TemporalAssessor extends BaseAssessor {
             : this.invocationsPerTool;
         // Check if definition tracking is available
         const canTrackDefinitions = typeof context.listTools === "function";
-        this.log(`Testing ${tool.name} with ${invocations} invocations${isDestructive ? " (reduced - destructive)" : ""}`);
+        this.logger.info(`Testing ${tool.name} with ${invocations} invocations${isDestructive ? " (reduced - destructive)" : ""}`);
         for (let i = 1; i <= invocations; i++) {
             this.testCount++;
             // Track tool definition BEFORE each invocation (if available)
@@ -181,7 +181,7 @@ export class TemporalAssessor extends BaseAssessor {
                 }
                 catch {
                     // Definition tracking failed - continue with response tracking
-                    this.log(`Warning: Failed to fetch tool definition for ${tool.name} at invocation ${i}`);
+                    this.logger.info(`Warning: Failed to fetch tool definition for ${tool.name} at invocation ${i}`);
                 }
             }
             try {
@@ -296,10 +296,10 @@ export class TemporalAssessor extends BaseAssessor {
         const isStateful = this.isStatefulTool(tool);
         const isResourceCreating = this.isResourceCreatingTool(tool);
         if (isStateful) {
-            this.log(`${tool.name} classified as stateful - using schema comparison`);
+            this.logger.info(`${tool.name} classified as stateful - using schema comparison`);
         }
         else if (isResourceCreating) {
-            this.log(`${tool.name} classified as resource-creating - using variance classification`);
+            this.logger.info(`${tool.name} classified as resource-creating - using variance classification`);
         }
         for (let i = 1; i < responses.length; i++) {
             if (responses[i].error) {
@@ -316,7 +316,7 @@ export class TemporalAssessor extends BaseAssessor {
                     const contentChange = this.detectStatefulContentChange(responses[0].response, responses[i].response);
                     if (contentChange.detected) {
                         isDifferent = true;
-                        this.log(`${tool.name}: Content semantic change detected at invocation ${i + 1} - ${contentChange.reason}`);
+                        this.logger.info(`${tool.name}: Content semantic change detected at invocation ${i + 1} - ${contentChange.reason}`);
                     }
                 }
                 if (isDifferent) {
@@ -335,7 +335,7 @@ export class TemporalAssessor extends BaseAssessor {
                 // LEGITIMATE variance is expected for resource-creating tools
                 if (classification.type !== "LEGITIMATE") {
                     deviations.push(i + 1);
-                    this.log(`${tool.name}: ${classification.type} variance at invocation ${i + 1} - ${classification.reasons.join(", ")}`);
+                    this.logger.info(`${tool.name}: ${classification.type} variance at invocation ${i + 1} - ${classification.reasons.join(", ")}`);
                 }
             }
             else {

package/lib/services/assessment/modules/ToolAnnotationAssessor.js

@@ -39,14 +39,14 @@ export class ToolAnnotationAssessor extends BaseAssessor {
      */
     setPatterns(patterns) {
         this.compiledPatterns = patterns;
-        this.log("Custom annotation patterns configured");
+        this.logger.info("Custom annotation patterns configured");
     }
     /**
      * Set Claude Code Bridge for enhanced behavior inference
      */
     setClaudeBridge(bridge) {
         this.claudeBridge = bridge;
-        this.log("Claude Code Bridge enabled for behavior inference");
+        this.logger.info("Claude Code Bridge enabled for behavior inference");
     }
     /**
      * Check if Claude enhancement is available
@@ -59,7 +59,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
      * Run tool annotation assessment
      */
     async assess(context) {
-        this.log("Starting tool annotation assessment");
+        this.logger.info("Starting tool annotation assessment");
         this.testCount = 0;
         const toolResults = [];
         let annotatedCount = 0;
@@ -82,7 +82,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
         // Detect server persistence model from tool names
         const toolNames = context.tools.map((t) => t.name);
         this.persistenceContext = detectPersistenceModel(toolNames);
-        this.log(`Persistence model detected: ${this.persistenceContext.model} (confidence: ${this.persistenceContext.confidence})`);
+        this.logger.info(`Persistence model detected: ${this.persistenceContext.model} (confidence: ${this.persistenceContext.confidence})`);
         // Issue #57: Detect server architecture
         const architectureContext = {
             tools: context.tools.map((t) => ({
@@ -97,7 +97,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
                 : undefined,
         };
         const architectureAnalysis = detectArchitecture(architectureContext);
-        this.log(`Architecture detected: ${architectureAnalysis.serverType} server, databases: ${architectureAnalysis.databaseBackends.join(", ") || "none"}, network: ${architectureAnalysis.requiresNetworkAccess}`);
+        this.logger.info(`Architecture detected: ${architectureAnalysis.serverType} server, databases: ${architectureAnalysis.databaseBackends.join(", ") || "none"}, network: ${architectureAnalysis.requiresNetworkAccess}`);
         // Issue #57: Behavior inference metrics tracking
         const behaviorInferenceMetrics = {
             namePatternMatches: 0,
@@ -108,7 +108,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
         };
         const useClaudeInference = this.isClaudeEnabled();
         if (useClaudeInference) {
-            this.log("Claude Code integration enabled - using semantic behavior inference");
+            this.logger.info("Claude Code integration enabled - using semantic behavior inference");
         }
         for (const tool of context.tools) {
             this.testCount++;
@@ -211,7 +211,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
             // Emit poisoned description event
             if (latestResult.descriptionPoisoning?.detected) {
                 poisonedDescriptionsCount++;
-                this.log(`POISONED DESCRIPTION DETECTED: ${tool.name} contains suspicious patterns`);
+                this.logger.info(`POISONED DESCRIPTION DETECTED: ${tool.name} contains suspicious patterns`);
                 if (context.onProgress) {
                     context.onProgress({
                         type: "annotation_poisoned",
@@ -229,7 +229,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
         const explanation = this.generateExplanation(annotatedCount, missingAnnotationsCount, misalignedAnnotationsCount, context.tools.length);
         const recommendations = this.generateRecommendations(toolResults);
         const { metrics, alignmentBreakdown } = this.calculateMetrics(toolResults, context.tools.length);
-        this.log(`Assessment complete: ${annotatedCount}/${context.tools.length} tools annotated, ${misalignedAnnotationsCount} misaligned, ${alignmentBreakdown.reviewRecommended} need review, ${poisonedDescriptionsCount} poisoned`);
+        this.logger.info(`Assessment complete: ${annotatedCount}/${context.tools.length} tools annotated, ${misalignedAnnotationsCount} misaligned, ${alignmentBreakdown.reviewRecommended} need review, ${poisonedDescriptionsCount} poisoned`);
         if (useClaudeInference) {
             const highConfidenceMisalignments = toolResults.filter((r) => r.claudeInference &&
                 r.claudeInference.confidence >= 70 &&
@@ -467,7 +467,7 @@ export class ToolAnnotationAssessor extends BaseAssessor {
             };
         }
         catch (error) {
-            this.logError(`Claude inference failed for ${tool.name}`, error);
+            this.logger.error(`Claude inference failed for ${tool.name}`, { error });
             return {
                 ...baseResult,
                 claudeInference: {

package/lib/services/assessment/modules/UsabilityAssessor.js

@@ -16,7 +16,7 @@ export class UsabilityAssessor extends BaseAssessor {
         });
     }
     async assess(context) {
-        this.log("Starting usability assessment");
+        this.logger.info("Starting usability assessment");
         const metrics = this.analyzeUsability(context.tools);
         const status = this.determineUsabilityStatus(metrics);
         const explanation = this.generateExplanation(metrics, context.tools);

package/lib/services/assessment/modules/annotations/DescriptionPoisoningDetector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"DescriptionPoisoningDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/DescriptionPoisoningDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC/C;AAED;;;;GAIG;AACH,eAAO,MAAM,8BAA8B,EAAE,gBAAgB,EA2O5D,CAAC;AAEF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,IAAI,GAAG,mBAAmB,CA+C3E"}
+{"version":3,"file":"DescriptionPoisoningDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/DescriptionPoisoningDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC/C;AAED;;;;GAIG;AACH,eAAO,MAAM,8BAA8B,EAAE,gBAAgB,EAiR5D,CAAC;AAEF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,IAAI,GAAG,mBAAmB,CA+C3E"}

package/lib/services/assessment/modules/annotations/DescriptionPoisoningDetector.js

@@ -231,6 +231,43 @@ export const DESCRIPTION_POISONING_PATTERNS = [
         severity: "HIGH",
         category: "hidden_trigger",
     },
+    // Cross-tool state dependency patterns (Issue #92, Challenge #7)
+    {
+        name: "shared_state_reference",
+        pattern: /\b(config_state|shared_state|global_state|runtime_config)\b/gi,
+        severity: "HIGH",
+        category: "state_dependency",
+    },
+    {
+        name: "cross_tool_dependency",
+        pattern: /set\s+by\s+(another|other|different)\s+tool/gi,
+        severity: "HIGH",
+        category: "state_dependency",
+    },
+    {
+        name: "admin_mode_check",
+        pattern: /\bchecks?\s+(admin[_-]?mode|privileged[_-]?mode)/gi,
+        severity: "HIGH",
+        category: "state_dependency",
+    },
+    {
+        name: "requires_prior_call",
+        pattern: /requires?\s+.*\s+(first|before|prior)/gi,
+        severity: "MEDIUM",
+        category: "state_dependency",
+    },
+    {
+        name: "depends_on_tool",
+        pattern: /depends?\s+on\s+(tool|function|calling)/gi,
+        severity: "MEDIUM",
+        category: "state_dependency",
+    },
+    {
+        name: "enable_admin_hint",
+        pattern: /enable\s+admin[_-]?mode|activate\s+admin/gi,
+        severity: "HIGH",
+        category: "state_dependency",
+    },
 ];
 /**
  * Scan tool description for poisoning patterns

package/lib/services/assessment/modules/index.d.ts

@@ -90,4 +90,7 @@ export { MCPSpecComplianceAssessor } from "./MCPSpecComplianceAssessor.js";
  * This export will be removed in v2.0.0.
  */
 export { ProtocolConformanceAssessor } from "./ProtocolConformanceAssessor.js";
+export type { MCPDirectoryAssessment, SecurityAssessment, FunctionalityAssessment, ErrorHandlingAssessment, DocumentationAssessment, UsabilityAssessment, MCPSpecComplianceAssessment, AssessmentStatus, } from "../../../lib/assessment/index.js";
+export type { AssessmentConfiguration, } from "../../../lib/assessment/configTypes.js";
+export type { ProgressCallback, ProgressEvent, } from "../../../lib/assessment/progressTypes.js";
 //# sourceMappingURL=index.d.ts.map

package/lib/services/assessment/modules/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAM9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAMhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAMlE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,+BAA+B,EAAE,MAAM,mCAAmC,CAAC;AAMpF,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAM1E;;;GAGG;AACH,cAAc,iBAAiB,CAAC;AAEhC;;;GAGG;AACH,cAAc,eAAe,CAAC;AAM9B;;;;GAIG;AACH,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE;;;;GAIG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD;;;;GAIG;AACH,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE;;;;GAIG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAM9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAMhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAMlE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,+BAA+B,EAAE,MAAM,mCAAmC,CAAC;AAMpF,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAM1E;;;GAGG;AACH,cAAc,iBAAiB,CAAC;AAEhC;;;GAGG;AACH,cAAc,eAAe,CAAC;AAM9B;;;;GAIG;AACH,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE;;;;GAIG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD;;;;GAIG;AACH,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE;;;;GAIG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAM5E,YAAY,EAEV,sBAAsB,EACtB,kBAAkB,EAClB,uBAAuB,EACvB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,EACnB,2BAA2B,EAE3B,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EAEV,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AAEtC,YAAY,EAEV,gBAAgB,EAChB,aAAa,GACd,MAAM,gCAAgC,CAAC"}

package/lib/services/assessment/modules/securityTests/ChainExecutionTester.d.ts

@@ -0,0 +1,104 @@
+/**
+ * Chain Execution Tester
+ * Dynamic testing for multi-tool chain exploitation vulnerabilities
+ *
+ * Issue #93, Challenge #6: Multi-tool chained exploitation attacks
+ * Tests for:
+ * 1. Arbitrary tool invocation without allowlist
+ * 2. Output injection via {{output}} template substitution
+ * 3. Recursive chain execution (DoS potential)
+ * 4. State poisoning between chain steps
+ * 5. Missing depth/size limits
+ *
+ * A/B Validation:
+ * - vulnerable-mcp (10900): Should detect all vulnerability categories
+ * - hardened-mcp (10901): 0 false positives (validation-only behavior)
+ */
+import { Tool } from "@modelcontextprotocol/sdk/types.js";
+import { ChainExploitationAnalysis, ChainVulnerabilityCategory } from "./SecurityResponseAnalyzer.js";
+import { CallToolFunction } from "./CrossToolStateTester.js";
+export type { CallToolFunction } from "./CrossToolStateTester.js";
+/**
+ * Reason for chain exploitation test result
+ */
+export type ChainTestReason = "chain_execution_confirmed" | "output_injection_detected" | "recursive_execution_detected" | "arbitrary_tool_accepted" | "state_poisoning_detected" | "validation_only" | "chain_rejected" | "tool_not_chain_executor" | "test_error";
+/**
+ * Result of a single chain exploitation test
+ */
+export interface ChainExecutionTestResult {
+    vulnerable: boolean;
+    reason: ChainTestReason;
+    vulnerabilityCategories?: ChainVulnerabilityCategory[];
+    evidence?: {
+        chainPayload: string;
+        response: string;
+        analysisResult: ChainExploitationAnalysis;
+    };
+    error?: string;
+}
+/**
+ * Summary of chain exploitation tests for a tool
+ */
+export interface ChainExploitationSummary {
+    total: number;
+    vulnerable: number;
+    safe: number;
+    errors: number;
+    vulnerableTests: string[];
+    vulnerabilityCategories: ChainVulnerabilityCategory[];
+}
+/**
+ * Configuration for chain execution testing
+ */
+export interface ChainExecutionTesterConfig {
+    /** Enable verbose logging */
+    verbose?: boolean;
+    /** Maximum chain depth to test (default: 10) */
+    maxChainDepth?: number;
+}
+/**
+ * Tests for multi-tool chain exploitation vulnerabilities
+ */
+export declare class ChainExecutionTester {
+    private readonly verbose;
+    private analyzer;
+    constructor(config?: ChainExecutionTesterConfig);
+    /**
+     * Log message if verbose logging is enabled
+     */
+    private log;
+    /**
+     * Identify tools that might be chain executors
+     * Looks for tools with names/descriptions/parameters suggesting chain execution
+     */
+    identifyChainExecutorTools(tools: Tool[]): Tool[];
+    /**
+     * Get the parameter name for chain input from tool schema
+     */
+    private getChainParamName;
+    /**
+     * Extract text content from tool response
+     */
+    private extractResponseText;
+    /**
+     * Determine the vulnerability reason from analysis result
+     */
+    private determineVulnerabilityReason;
+    /**
+     * Test single chain payload against a tool
+     */
+    testChainPayload(callTool: CallToolFunction, tool: Tool, chainPayload: string, paramName?: string): Promise<ChainExecutionTestResult>;
+    /**
+     * Get test payloads for chain exploitation testing
+     */
+    private getTestPayloads;
+    /**
+     * Run comprehensive chain exploitation tests on a tool
+     */
+    runChainExploitationTests(callTool: CallToolFunction, tool: Tool): Promise<Map<string, ChainExecutionTestResult>>;
+    /**
+     * Summarize chain exploitation test results
+     */
+    summarizeResults(results: Map<string, ChainExecutionTestResult>): ChainExploitationSummary;
+}
+//# sourceMappingURL=ChainExecutionTester.d.ts.map

package/lib/services/assessment/modules/securityTests/ChainExecutionTester.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ChainExecutionTester.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/ChainExecutionTester.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAEL,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAEL,yBAAyB,EACzB,0BAA0B,EAC3B,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG1D,YAAY,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE/D;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,2BAA2B,GAC3B,2BAA2B,GAC3B,8BAA8B,GAC9B,yBAAyB,GACzB,0BAA0B,GAC1B,iBAAiB,GACjB,gBAAgB,GAChB,yBAAyB,GACzB,YAAY,CAAC;AAEjB;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,MAAM,EAAE,eAAe,CAAC;IACxB,uBAAuB,CAAC,EAAE,0BAA0B,EAAE,CAAC;IACvD,QAAQ,CAAC,EAAE;QACT,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,EAAE,MAAM,CAAC;QACjB,cAAc,EAAE,yBAAyB,CAAC;KAC3C,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,uBAAuB,EAAE,0BAA0B,EAAE,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,6BAA6B;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,gDAAgD;IAChD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAWD;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAA2B;gBAE/B,MAAM,GAAE,0BAA+B;IAKnD;;OAEG;IACH,OAAO,CAAC,GAAG;IAOX;;;OAGG;IACH,0BAA0B,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE;IA2CjD;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAYzB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAkB3B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAoBpC;;OAEG;IACG,gBAAgB,CACpB,QAAQ,EAAE,gBAAgB,EAC1B,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,MAAM,EACpB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,wBAAwB,CAAC;IAkDpC;;OAEG;IACH,OAAO,CAAC,eAAe;IA2CvB;;OAEG;IACG,yBAAyB,CAC7B,QAAQ,EAAE,gBAAgB,EAC1B,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAC;IA+BjD;;OAEG;IACH,gBAAgB,CACd,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,wBAAwB,CAAC,GAC7C,wBAAwB;CA4B5B"}