@bryan-thompson/inspector-assessment-client 1.26.6 → 1.27.0

package/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts

@@ -144,6 +144,126 @@ export declare const AUTH_FAIL_CLOSED_PATTERNS: readonly [{
     readonly pattern: RegExp;
     readonly evidence: "denial reason provided";
 }];
+/**
+ * Patterns indicating vulnerable shared state authorization
+ * Detects cross-tool privilege escalation via shared mutable state
+ * Used by: analyzeStateBasedAuthBypass()
+ */
+export declare const STATE_AUTH_VULNERABLE_PATTERNS: readonly [{
+    readonly pattern: RegExp;
+    readonly evidence: "admin_mode enabled in response";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Tool hints at cross-tool state dependency";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Explicit cross-tool state dependency";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Cross-tool privilege escalation detected";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Elevated privileges granted";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Admin mode activated (state modifier)";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Response hints at config_modifier for admin_mode";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Tool depends on config_modifier for authorization";
+}];
+/**
+ * Patterns indicating safe independent authorization
+ * Detects tools that use per-request authentication (secure)
+ * Used by: analyzeStateBasedAuthBypass()
+ */
+export declare const STATE_AUTH_SAFE_PATTERNS: readonly [{
+    readonly pattern: RegExp;
+    readonly evidence: "Tool explicitly states it doesn't use shared state";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Tool requires independent per-request auth";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Independent authorization required";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Tool confirms it does not use shared state";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Request stored for admin review (no auto-execution)";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "Per-request authentication enforced";
+}];
+/**
+ * Response pattern structure for chain exploitation analysis
+ */
+export interface ChainResponsePattern {
+    pattern: RegExp;
+    weight: number;
+    category: string;
+    description: string;
+}
+/**
+ * Patterns indicating vulnerable chain execution behavior
+ * - Arbitrary tool invocation without allowlist
+ * - Output injection via template substitution
+ * - Recursive/circular chain execution
+ * - Missing depth limits
+ * - State poisoning between steps
+ *
+ * Used by: analyzeChainExploitation()
+ */
+export declare const CHAIN_EXPLOIT_VULNERABLE_PATTERNS: ChainResponsePattern[];
+/**
+ * Patterns indicating safe/hardened chain handling
+ * - Tool allowlist validation
+ * - No execution (validation only)
+ * - Depth limits enforced
+ * - Output injection blocked
+ *
+ * Used by: analyzeChainExploitation()
+ */
+/**
+ * Threshold for confirming vulnerable chain execution behavior.
+ * Value of 1.5 requires ~2 weighted pattern matches to confirm vulnerability.
+ *
+ * Derived from A/B testing against vulnerable-mcp/hardened-mcp testbed:
+ * - vulnerable-mcp: typical scores 2.0-4.0 for vulnerable chains
+ * - hardened-mcp: typical scores 0.0-0.8 for safe chains
+ *
+ * Setting at 1.5 provides margin against false positives while
+ * maintaining detection of genuine vulnerabilities.
+ */
+export declare const CHAIN_VULNERABLE_THRESHOLD = 1.5;
+/**
+ * Threshold for confirming safe/hardened chain behavior.
+ * Value of 1.0 requires 1+ weighted safe pattern matches.
+ *
+ * Derived from A/B testing:
+ * - hardened-mcp: typical scores 1.5-3.0 for safe chains
+ * - vulnerable-mcp: typical scores 0.0-0.5 for safe patterns
+ */
+export declare const CHAIN_SAFE_THRESHOLD = 1;
+/**
+ * Maps vulnerability categories to detection patterns.
+ * Used by analyzeChainExploitation() for category classification.
+ *
+ * Extracted from inline patterns to maintain single source of truth.
+ */
+export declare const CHAIN_CATEGORY_PATTERNS: Record<string, {
+    pattern: RegExp;
+    category: string;
+}[]>;
+/**
+ * Detect vulnerability categories from response text.
+ * Returns array of detected category names.
+ */
+export declare function detectVulnerabilityCategories(responseText: string): string[];
+export declare const CHAIN_EXPLOIT_SAFE_PATTERNS: ChainResponsePattern[];
 /**
  * Patterns indicating search result responses
  * Used by: isSearchResultResponse()

package/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;IAqBpC,4DAA4D;;IAW5D,+BAA+B;;CAEvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAMhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,eAAe,mJAkBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB,2rBAwGtB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc5B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,sBAAsB,2FAWzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,iBAAiB,mHAcpB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,mFAU1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,mDAM9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,2DAO1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB,2DAO5B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B,yKAWhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,kBAAkB,mGAYrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QACO,CAAC;AAMhD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAC8B,CAAC;AAE/D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2EAS3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,oRA4B9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAMX;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD"}
+{"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;IAqBpC,4DAA4D;;IAW5D,+BAA+B;;CAEvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAMhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,eAAe,mJAkBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB,2rBAwGtB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;EAiCjC,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAMX;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,EAAE,oBAAoB,EA0FnE,CAAC;AAEF;;;;;;;;GAQG;AAKH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,IAAM,CAAC;AAMxC;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAC1C,MAAM,EACN;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,CAgCxC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAiB5E;AAED,eAAO,MAAM,2BAA2B,EAAE,oBAAoB,EAuE7D,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,2FAWzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,iBAAiB,mHAcpB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,mFAU1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,mDAM9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,2DAO1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB,2DAO5B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B,yKAWhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,kBAAkB,mGAYrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QACO,CAAC;AAMhD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAC8B,CAAC;AAE/D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2EAS3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,oRA4B9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAMX;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD"}

package/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.js

@@ -338,6 +338,344 @@ export const AUTH_FAIL_CLOSED_PATTERNS = [
     { pattern: /"denial_reason"/i, evidence: "denial reason provided" },
 ];
 // =============================================================================
+// CROSS-TOOL STATE-BASED AUTH PATTERNS (Issue #92, Challenge #7)
+// =============================================================================
+/**
+ * Patterns indicating vulnerable shared state authorization
+ * Detects cross-tool privilege escalation via shared mutable state
+ * Used by: analyzeStateBasedAuthBypass()
+ */
+export const STATE_AUTH_VULNERABLE_PATTERNS = [
+    {
+        pattern: /"admin_mode"\s*:\s*true/i,
+        evidence: "admin_mode enabled in response",
+    },
+    {
+        pattern: /hint.*use\s+config_modifier/i,
+        evidence: "Tool hints at cross-tool state dependency",
+    },
+    {
+        pattern: /admin_mode.*set\s+by.*another\s+tool/i,
+        evidence: "Explicit cross-tool state dependency",
+    },
+    {
+        pattern: /"evidence".*cross-tool.*privilege/i,
+        evidence: "Cross-tool privilege escalation detected",
+    },
+    {
+        pattern: /elevated\s+privileges?\s+granted/i,
+        evidence: "Elevated privileges granted",
+    },
+    {
+        pattern: /admin\s+mode\s+activated/i,
+        evidence: "Admin mode activated (state modifier)",
+    },
+    {
+        pattern: /"hint".*config_modifier.*admin_mode/i,
+        evidence: "Response hints at config_modifier for admin_mode",
+    },
+    {
+        pattern: /Use\s+config_modifier.*enable.*admin_mode/i,
+        evidence: "Tool depends on config_modifier for authorization",
+    },
+];
+/**
+ * Patterns indicating safe independent authorization
+ * Detects tools that use per-request authentication (secure)
+ * Used by: analyzeStateBasedAuthBypass()
+ */
+export const STATE_AUTH_SAFE_PATTERNS = [
+    {
+        pattern: /"shared_state_checked"\s*:\s*false/i,
+        evidence: "Tool explicitly states it doesn't use shared state",
+    },
+    {
+        pattern: /"independent_auth_required"\s*:\s*true/i,
+        evidence: "Tool requires independent per-request auth",
+    },
+    {
+        pattern: /requires\s+independent\s+authorization/i,
+        evidence: "Independent authorization required",
+    },
+    {
+        pattern: /(?:not|does\s+not|doesn't)\s+(?:use\s+)?shared\s+state/i,
+        evidence: "Tool confirms it does not use shared state",
+    },
+    {
+        pattern: /stored.*for.*admin.*review/i,
+        evidence: "Request stored for admin review (no auto-execution)",
+    },
+    {
+        pattern: /per-request\s+auth/i,
+        evidence: "Per-request authentication enforced",
+    },
+];
+/**
+ * Patterns indicating vulnerable chain execution behavior
+ * - Arbitrary tool invocation without allowlist
+ * - Output injection via template substitution
+ * - Recursive/circular chain execution
+ * - Missing depth limits
+ * - State poisoning between steps
+ *
+ * Used by: analyzeChainExploitation()
+ */
+export const CHAIN_EXPLOIT_VULNERABLE_PATTERNS = [
+    // Chain execution evidence
+    {
+        pattern: /chain_results/i,
+        weight: 0.9,
+        category: "chain_execution",
+        description: "Chain execution returning step results",
+    },
+    {
+        pattern: /steps_executed/i,
+        weight: 0.8,
+        category: "chain_execution",
+        description: "Steps executed counter in response",
+    },
+    {
+        pattern: /vulnerabilities_triggered/i,
+        weight: 1.0,
+        category: "chain_execution",
+        description: "Explicit vulnerabilities triggered indicator",
+    },
+    // Output injection evidence
+    {
+        pattern: /output_injection/i,
+        weight: 1.0,
+        category: "output_injection",
+        description: "Output injection between chain steps",
+    },
+    {
+        pattern: /\{\{output\}\}.*substitut/i,
+        weight: 0.9,
+        category: "output_injection",
+        description: "Template output substitution performed",
+    },
+    {
+        pattern: /last_output.*passed/i,
+        weight: 0.8,
+        category: "output_injection",
+        description: "Raw output passed to next step",
+    },
+    // Recursive chain evidence
+    {
+        pattern: /recursive_chain/i,
+        weight: 1.0,
+        category: "recursive_chain",
+        description: "Self-referential chain execution",
+    },
+    {
+        pattern: /chain_executor.*within.*chain/i,
+        weight: 0.9,
+        category: "recursive_chain",
+        description: "Chain executor called recursively",
+    },
+    {
+        pattern: /circular.*chain/i,
+        weight: 0.9,
+        category: "recursive_chain",
+        description: "Circular chain reference detected",
+    },
+    // Arbitrary tool acceptance
+    {
+        pattern: /arbitrary.*tool.*step/i,
+        weight: 0.9,
+        category: "arbitrary_tool",
+        description: "Arbitrary tool name accepted in chain",
+    },
+    {
+        pattern: /unknown.*tool.*executed/i,
+        weight: 0.8,
+        category: "arbitrary_tool",
+        description: "Unknown tool executed without validation",
+    },
+    {
+        pattern: /attempted.*execute.*unknown/i,
+        weight: 0.8,
+        category: "arbitrary_tool",
+        description: "Attempted execution of unknown tool",
+    },
+    // Shadowed tool execution
+    {
+        pattern: /shadowed.*tool/i,
+        weight: 1.0,
+        category: "tool_shadowing",
+        description: "Shadowed/poisoned tool executed",
+    },
+    {
+        pattern: /shadowed_definition/i,
+        weight: 0.9,
+        category: "tool_shadowing",
+        description: "Shadowed definition used instead of original",
+    },
+];
+/**
+ * Patterns indicating safe/hardened chain handling
+ * - Tool allowlist validation
+ * - No execution (validation only)
+ * - Depth limits enforced
+ * - Output injection blocked
+ *
+ * Used by: analyzeChainExploitation()
+ */
+// =============================================================================
+// CHAIN VULNERABILITY THRESHOLDS (Issue #93)
+// =============================================================================
+/**
+ * Threshold for confirming vulnerable chain execution behavior.
+ * Value of 1.5 requires ~2 weighted pattern matches to confirm vulnerability.
+ *
+ * Derived from A/B testing against vulnerable-mcp/hardened-mcp testbed:
+ * - vulnerable-mcp: typical scores 2.0-4.0 for vulnerable chains
+ * - hardened-mcp: typical scores 0.0-0.8 for safe chains
+ *
+ * Setting at 1.5 provides margin against false positives while
+ * maintaining detection of genuine vulnerabilities.
+ */
+export const CHAIN_VULNERABLE_THRESHOLD = 1.5;
+/**
+ * Threshold for confirming safe/hardened chain behavior.
+ * Value of 1.0 requires 1+ weighted safe pattern matches.
+ *
+ * Derived from A/B testing:
+ * - hardened-mcp: typical scores 1.5-3.0 for safe chains
+ * - vulnerable-mcp: typical scores 0.0-0.5 for safe patterns
+ */
+export const CHAIN_SAFE_THRESHOLD = 1.0;
+// =============================================================================
+// CHAIN VULNERABILITY CATEGORY PATTERNS (Issue #93)
+// =============================================================================
+/**
+ * Maps vulnerability categories to detection patterns.
+ * Used by analyzeChainExploitation() for category classification.
+ *
+ * Extracted from inline patterns to maintain single source of truth.
+ */
+export const CHAIN_CATEGORY_PATTERNS = {
+    OUTPUT_INJECTION: [
+        { pattern: /output_injection/i, category: "OUTPUT_INJECTION" },
+        { pattern: /\{\{output\}\}.*substitut/i, category: "OUTPUT_INJECTION" },
+    ],
+    RECURSIVE_CHAIN: [
+        { pattern: /recursive_chain/i, category: "RECURSIVE_CHAIN" },
+        { pattern: /chain_executor.*within/i, category: "RECURSIVE_CHAIN" },
+    ],
+    ARBITRARY_TOOL_INVOCATION: [
+        { pattern: /arbitrary.*tool/i, category: "ARBITRARY_TOOL_INVOCATION" },
+        {
+            pattern: /unknown.*tool.*executed/i,
+            category: "ARBITRARY_TOOL_INVOCATION",
+        },
+    ],
+    TOOL_SHADOWING: [
+        { pattern: /shadowed.*tool/i, category: "TOOL_SHADOWING" },
+        { pattern: /shadowed_definition/i, category: "TOOL_SHADOWING" },
+    ],
+    MISSING_DEPTH_LIMIT: [
+        {
+            pattern: /steps_executed.*[1-9][0-9]/i,
+            category: "MISSING_DEPTH_LIMIT",
+        },
+        { pattern: /no.*depth.*limit/i, category: "MISSING_DEPTH_LIMIT" },
+    ],
+    STATE_POISONING: [
+        { pattern: /state.*poison/i, category: "STATE_POISONING" },
+        { pattern: /config.*modified.*chain/i, category: "STATE_POISONING" },
+    ],
+};
+/**
+ * Detect vulnerability categories from response text.
+ * Returns array of detected category names.
+ */
+export function detectVulnerabilityCategories(responseText) {
+    const categories = [];
+    for (const [categoryName, patterns] of Object.entries(CHAIN_CATEGORY_PATTERNS)) {
+        for (const { pattern } of patterns) {
+            if (pattern.test(responseText)) {
+                if (!categories.includes(categoryName)) {
+                    categories.push(categoryName);
+                }
+                break; // Found match for this category, move to next
+            }
+        }
+    }
+    return categories;
+}
+export const CHAIN_EXPLOIT_SAFE_PATTERNS = [
+    // Validation-only behavior
+    {
+        pattern: /stored.*for.*review/i,
+        weight: 0.8,
+        category: "safe_storage",
+        description: "Chain stored for review, not executed",
+    },
+    {
+        pattern: /validation.*only/i,
+        weight: 0.9,
+        category: "safe_validation",
+        description: "Chain validated but not executed",
+    },
+    {
+        pattern: /chain.*validated/i,
+        weight: 0.7,
+        category: "safe_validation",
+        description: "Chain validation response",
+    },
+    {
+        pattern: /pending.*review/i,
+        weight: 0.8,
+        category: "safe_storage",
+        description: "Request pending admin review",
+    },
+    // Allowlist enforcement
+    {
+        pattern: /tool.*not.*in.*allowlist/i,
+        weight: 0.9,
+        category: "allowlist",
+        description: "Tool rejected - not in allowlist",
+    },
+    {
+        pattern: /only.*safe.*tools.*permitted/i,
+        weight: 0.9,
+        category: "allowlist",
+        description: "Allowlist enforcement message",
+    },
+    {
+        pattern: /blocked.*tool.*chain/i,
+        weight: 0.8,
+        category: "allowlist",
+        description: "Tool blocked from chain execution",
+    },
+    // Depth limit enforcement
+    {
+        pattern: /depth.*limit.*enforced/i,
+        weight: 0.8,
+        category: "depth_limit",
+        description: "Depth limit properly enforced",
+    },
+    {
+        pattern: /max.*depth.*exceeded/i,
+        weight: 0.7,
+        category: "depth_limit",
+        description: "Chain rejected for exceeding depth",
+    },
+    // No execution indicators
+    {
+        pattern: /chain_executed.*false/i,
+        weight: 0.9,
+        category: "no_execution",
+        description: "Chain execution disabled",
+    },
+    {
+        pattern: /execution.*disabled/i,
+        weight: 0.8,
+        category: "no_execution",
+        description: "Execution capability disabled",
+    },
+];
+// =============================================================================
 // SEARCH/RETRIEVAL PATTERNS
 // =============================================================================
 /**

package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts

@@ -35,6 +35,40 @@ export interface AuthBypassResult {
     failureMode: "FAIL_OPEN" | "FAIL_CLOSED" | "UNKNOWN";
     evidence?: string;
 }
+/**
+ * Result of cross-tool state-based auth bypass analysis (Issue #92, Challenge #7)
+ * Detects privilege escalation via shared mutable state between tools
+ */
+export interface StateBasedAuthResult {
+    vulnerable: boolean;
+    safe: boolean;
+    stateDependency: "SHARED_STATE" | "INDEPENDENT" | "UNKNOWN";
+    evidence: string;
+}
+/**
+ * Chain execution type classification (Issue #93, Challenge #6)
+ */
+export type ChainExecutionType = "VULNERABLE_EXECUTION" | "SAFE_VALIDATION" | "PARTIAL" | "UNKNOWN";
+/**
+ * Chain vulnerability categories (Issue #93, Challenge #6)
+ */
+export type ChainVulnerabilityCategory = "OUTPUT_INJECTION" | "RECURSIVE_CHAIN" | "ARBITRARY_TOOL_INVOCATION" | "TOOL_SHADOWING" | "MISSING_DEPTH_LIMIT" | "STATE_POISONING";
+/**
+ * Result of chain exploitation analysis (Issue #93, Challenge #6)
+ * Detects multi-tool chained exploitation attacks
+ */
+export interface ChainExploitationAnalysis {
+    vulnerable: boolean;
+    safe: boolean;
+    chainType: ChainExecutionType;
+    vulnerabilityCategories: ChainVulnerabilityCategory[];
+    evidence: {
+        vulnerablePatterns: string[];
+        safePatterns: string[];
+        vulnerableScore: number;
+        safeScore: number;
+    };
+}
 /**
  * Error classification types
  */
@@ -70,6 +104,31 @@ export declare class SecurityResponseAnalyzer {
      * Detects fail-open authentication vulnerabilities (CVE-2025-52882)
      */
     analyzeAuthBypassResponse(response: CompatibilityCallToolResult): AuthBypassResult;
+    /**
+     * Analyze response for cross-tool state-based authorization bypass (Issue #92)
+     * Detects Challenge #7: Privilege escalation via shared mutable state
+     *
+     * Vulnerable pattern: Tool checks shared state (e.g., config_state["admin_mode"])
+     * that can be modified by another tool (e.g., config_modifier)
+     *
+     * Safe pattern: Tool uses independent per-request authorization,
+     * indicated by shared_state_checked: false or independent_auth_required: true
+     */
+    analyzeStateBasedAuthBypass(response: CompatibilityCallToolResult): StateBasedAuthResult;
+    /**
+     * Analyze response for chain exploitation vulnerabilities (Issue #93, Challenge #6)
+     * Detects multi-tool chained exploitation attacks including:
+     * - Arbitrary tool invocation without allowlist
+     * - Output injection via {{output}} template substitution
+     * - Recursive/circular chain execution (DoS potential)
+     * - State poisoning between chain steps
+     * - Tool shadowing in chains
+     * - Missing depth/size limits
+     *
+     * @param response The tool response to analyze
+     * @returns Analysis result with vulnerability status and evidence
+     */
+    analyzeChainExploitation(response: CompatibilityCallToolResult): ChainExploitationAnalysis;
     /**
      * Check if response indicates connection/server failure
      */

package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;;IAc3C;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAqBjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAWnB;;;OAGG;IACH,yBAAyB,CACvB,QAAQ,EAAE,2BAA2B,GACpC,gBAAgB;IAsFnB;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA+E7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAwClC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAoBjC"}
+{"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,eAAe,EAAE,cAAc,GAAG,aAAa,GAAG,SAAS,CAAC;IAC5D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,sBAAsB,GACtB,iBAAiB,GACjB,SAAS,GACT,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,0BAA0B,GAClC,kBAAkB,GAClB,iBAAiB,GACjB,2BAA2B,GAC3B,gBAAgB,GAChB,qBAAqB,GACrB,iBAAiB,CAAC;AAEtB;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,kBAAkB,CAAC;IAC9B,uBAAuB,EAAE,0BAA0B,EAAE,CAAC;IACtD,QAAQ,EAAE;QACR,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,eAAe,EAAE,MAAM,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;;IAc3C;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAqBjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAWnB;;;OAGG;IACH,yBAAyB,CACvB,QAAQ,EAAE,2BAA2B,GACpC,gBAAgB;IAsFnB;;;;;;;;;OASG;IACH,2BAA2B,CACzB,QAAQ,EAAE,2BAA2B,GACpC,oBAAoB;IAmGvB;;;;;;;;;;;;OAYG;IACH,wBAAwB,CACtB,QAAQ,EAAE,2BAA2B,GACpC,yBAAyB;IA6D5B;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA+E7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAwClC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAoBjC"}