npm - @bryan-thompson/inspector-assessment-client - Versions diffs - 1.28.0 → 1.29.0 - Mend

@bryan-thompson/inspector-assessment-client 1.28.0 → 1.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/lib/services/assessment/modules/annotations/ExplanationGenerator.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Explanation Generator Module
+ * Generates explanations and recommendations for annotation assessment results
+ *
+ * Extracted from ToolAnnotationAssessor.ts as part of Issue #105 refactoring.
+ */
+import type { ToolAnnotationResult } from "../../../../lib/assessmentTypes.js";
+import type { EnhancedToolAnnotationResult } from "./types.js";
+/**
+ * Generate basic explanation for annotation assessment
+ */
+export declare function generateExplanation(annotatedCount: number, missingCount: number, misalignedCount: number, totalTools: number): string;
+/**
+ * Generate enhanced explanation with Claude analysis
+ */
+export declare function generateEnhancedExplanation(annotatedCount: number, missingCount: number, highConfidenceMisalignments: number, totalTools: number): string;
+/**
+ * Generate recommendations for annotation issues
+ */
+export declare function generateRecommendations(results: ToolAnnotationResult[]): string[];
+/**
+ * Generate enhanced recommendations with Claude analysis
+ */
+export declare function generateEnhancedRecommendations(results: EnhancedToolAnnotationResult[]): string[];
+//# sourceMappingURL=ExplanationGenerator.d.ts.map

package/lib/services/assessment/modules/annotations/ExplanationGenerator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ExplanationGenerator.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/ExplanationGenerator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAClE,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,SAAS,CAAC;AAE5D;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,EAAE,MAAM,EACtB,YAAY,EAAE,MAAM,EACpB,eAAe,EAAE,MAAM,EACvB,UAAU,EAAE,MAAM,GACjB,MAAM,CA4BR;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CACzC,cAAc,EAAE,MAAM,EACtB,YAAY,EAAE,MAAM,EACpB,2BAA2B,EAAE,MAAM,EACnC,UAAU,EAAE,MAAM,GACjB,MAAM,CA0BR;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,oBAAoB,EAAE,GAC9B,MAAM,EAAE,CAuCV;AAED;;GAEG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,EAAE,4BAA4B,EAAE,GACtC,MAAM,EAAE,CA2EV"}

package/lib/services/assessment/modules/annotations/ExplanationGenerator.js ADDED Viewed

@@ -0,0 +1,122 @@
+/**
+ * Explanation Generator Module
+ * Generates explanations and recommendations for annotation assessment results
+ *
+ * Extracted from ToolAnnotationAssessor.ts as part of Issue #105 refactoring.
+ */
+/**
+ * Generate basic explanation for annotation assessment
+ */
+export function generateExplanation(annotatedCount, missingCount, misalignedCount, totalTools) {
+    const parts = [];
+    if (totalTools === 0) {
+        return "No tools found to assess for annotations.";
+    }
+    parts.push(`Tool annotation coverage: ${annotatedCount}/${totalTools} tools have annotations.`);
+    if (missingCount > 0) {
+        parts.push(`${missingCount} tool(s) are missing required annotations (readOnlyHint, destructiveHint).`);
+    }
+    if (misalignedCount > 0) {
+        parts.push(`${misalignedCount} tool(s) have potentially misaligned annotations based on naming patterns.`);
+    }
+    if (missingCount === 0 && misalignedCount === 0) {
+        parts.push("All tools are properly annotated.");
+    }
+    return parts.join(" ");
+}
+/**
+ * Generate enhanced explanation with Claude analysis
+ */
+export function generateEnhancedExplanation(annotatedCount, missingCount, highConfidenceMisalignments, totalTools) {
+    const parts = [];
+    if (totalTools === 0) {
+        return "No tools found to assess for annotations.";
+    }
+    parts.push(`Tool annotation coverage: ${annotatedCount}/${totalTools} tools have annotations.`);
+    if (missingCount > 0) {
+        parts.push(`${missingCount} tool(s) are missing required annotations (readOnlyHint, destructiveHint).`);
+    }
+    if (highConfidenceMisalignments > 0) {
+        parts.push(`Claude analysis identified ${highConfidenceMisalignments} high-confidence annotation misalignment(s).`);
+    }
+    parts.push("Analysis enhanced with Claude semantic behavior inference.");
+    return parts.join(" ");
+}
+/**
+ * Generate recommendations for annotation issues
+ */
+export function generateRecommendations(results) {
+    const recommendations = [];
+    const allRecs = new Set();
+    for (const result of results) {
+        for (const rec of result.recommendations) {
+            allRecs.add(rec);
+        }
+    }
+    const destructiveRecs = Array.from(allRecs).filter((r) => r.includes("destructive"));
+    const otherRecs = Array.from(allRecs).filter((r) => !r.includes("destructive"));
+    if (destructiveRecs.length > 0) {
+        recommendations.push("PRIORITY: The following tools appear to perform destructive operations but lack proper destructiveHint annotation:");
+        recommendations.push(...destructiveRecs.slice(0, 5));
+    }
+    if (otherRecs.length > 0) {
+        recommendations.push(...otherRecs.slice(0, 5));
+    }
+    if (recommendations.length === 0) {
+        recommendations.push("All tools have proper annotations. No action required.");
+    }
+    else {
+        recommendations.push("Reference: MCP Directory Policy #17 requires tools to have readOnlyHint and destructiveHint annotations.");
+    }
+    return recommendations;
+}
+/**
+ * Generate enhanced recommendations with Claude analysis
+ */
+export function generateEnhancedRecommendations(results) {
+    const recommendations = [];
+    const claudeMisalignments = results.filter((r) => r.claudeInference &&
+        r.claudeInference.source === "claude-inferred" &&
+        r.claudeInference.confidence >= 70 &&
+        r.claudeInference.misalignmentDetected);
+    if (claudeMisalignments.length > 0) {
+        recommendations.push("HIGH CONFIDENCE: Claude analysis identified the following annotation issues:");
+        for (const result of claudeMisalignments.slice(0, 5)) {
+            if (result.claudeInference) {
+                recommendations.push(`  - ${result.toolName}: ${result.claudeInference.reasoning}`);
+            }
+        }
+    }
+    const claudeSuggestions = results
+        .filter((r) => r.claudeInference &&
+        r.claudeInference.source === "claude-inferred" &&
+        r.claudeInference.confidence >= 60)
+        .flatMap((r) => r.recommendations.filter((rec) => rec.includes("Claude")));
+    if (claudeSuggestions.length > 0) {
+        recommendations.push(...claudeSuggestions.slice(0, 5));
+    }
+    const patternRecs = new Set();
+    for (const result of results) {
+        for (const rec of result.recommendations) {
+            if (!rec.includes("Claude")) {
+                patternRecs.add(rec);
+            }
+        }
+    }
+    const destructiveRecs = Array.from(patternRecs).filter((r) => r.includes("destructive"));
+    const otherRecs = Array.from(patternRecs).filter((r) => !r.includes("destructive"));
+    if (destructiveRecs.length > 0) {
+        recommendations.push("PRIORITY: Potential destructive tools without proper hints:");
+        recommendations.push(...destructiveRecs.slice(0, 3));
+    }
+    if (otherRecs.length > 0 && recommendations.length < 10) {
+        recommendations.push(...otherRecs.slice(0, 3));
+    }
+    if (recommendations.length === 0) {
+        recommendations.push("All tools have proper annotations. No action required.");
+    }
+    else {
+        recommendations.push("Reference: MCP Directory Policy #17 requires tools to have readOnlyHint and destructiveHint annotations.");
+    }
+    return recommendations;
+}

package/lib/services/assessment/modules/annotations/index.d.ts CHANGED Viewed

@@ -10,4 +10,9 @@ export { inferBehavior, inferBehaviorEnhanced, type BehaviorInferenceResult, } f
 export { analyzeDescription, hasReadOnlyIndicators, hasDestructiveIndicators, hasWriteIndicators, DESCRIPTION_BEHAVIOR_KEYWORDS, } from "./DescriptionAnalyzer.js";
 export { analyzeInputSchema, analyzeOutputSchema, hasBulkOperationIndicators, hasPaginationParameters, hasForceFlags, INPUT_READONLY_PATTERNS, INPUT_DESTRUCTIVE_PATTERNS, INPUT_WRITE_PATTERNS, OUTPUT_READONLY_PATTERNS, OUTPUT_DESTRUCTIVE_PATTERNS, OUTPUT_WRITE_PATTERNS, type JSONSchema, } from "./SchemaAnalyzer.js";
 export { detectArchitecture, hasDatabaseToolPatterns, extractDatabasesFromDependencies, type Tool as ArchitectureTool, type ArchitectureContext, } from "./ArchitectureDetector.js";
+export { type ClaudeInference, type EnhancedToolAnnotationResult, } from "./types.js";
+export { extractAnnotations, extractExtendedMetadata, extractToolParams, assessSingleTool, determineAnnotationStatus, calculateMetrics, type ExtractedAnnotations, type AlignmentMetricsResult, } from "./AlignmentChecker.js";
+export { generateExplanation, generateEnhancedExplanation, generateRecommendations, generateEnhancedRecommendations, } from "./ExplanationGenerator.js";
+export { emitAnnotationEvents, emitMismatchEvent } from "./EventEmitter.js";
+export { enhanceWithClaudeInference, createPatternBasedInference, } from "./ClaudeIntegration.js";
 //# sourceMappingURL=index.d.ts.map

package/lib/services/assessment/modules/annotations/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,8BAA8B,EAC9B,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,GACzB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,+BAA+B,EAC/B,4BAA4B,EAC5B,kCAAkC,EAClC,eAAe,EACf,kBAAkB,EAClB,sBAAsB,EACtB,yBAAyB,EACzB,KAAK,eAAe,GACrB,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,KAAK,uBAAuB,GAC7B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,wBAAwB,EACxB,kBAAkB,EAClB,6BAA6B,GAC9B,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,0BAA0B,EAC1B,uBAAuB,EACvB,aAAa,EACb,uBAAuB,EACvB,0BAA0B,EAC1B,oBAAoB,EACpB,wBAAwB,EACxB,2BAA2B,EAC3B,qBAAqB,EACrB,KAAK,UAAU,GAChB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,gCAAgC,EAChC,KAAK,IAAI,IAAI,gBAAgB,EAC7B,KAAK,mBAAmB,GACzB,MAAM,wBAAwB,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,8BAA8B,EAC9B,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,GACzB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,+BAA+B,EAC/B,4BAA4B,EAC5B,kCAAkC,EAClC,eAAe,EACf,kBAAkB,EAClB,sBAAsB,EACtB,yBAAyB,EACzB,KAAK,eAAe,GACrB,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,KAAK,uBAAuB,GAC7B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,wBAAwB,EACxB,kBAAkB,EAClB,6BAA6B,GAC9B,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,0BAA0B,EAC1B,uBAAuB,EACvB,aAAa,EACb,uBAAuB,EACvB,0BAA0B,EAC1B,oBAAoB,EACpB,wBAAwB,EACxB,2BAA2B,EAC3B,qBAAqB,EACrB,KAAK,UAAU,GAChB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,gCAAgC,EAChC,KAAK,IAAI,IAAI,gBAAgB,EAC7B,KAAK,mBAAmB,GACzB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,4BAA4B,GAClC,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,gBAAgB,EAChB,yBAAyB,EACzB,gBAAgB,EAChB,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,GAC5B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,EACvB,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGzE,OAAO,EACL,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC"}

package/lib/services/assessment/modules/annotations/index.js CHANGED Viewed

@@ -13,3 +13,11 @@ export { analyzeDescription, hasReadOnlyIndicators, hasDestructiveIndicators, ha
 export { analyzeInputSchema, analyzeOutputSchema, hasBulkOperationIndicators, hasPaginationParameters, hasForceFlags, INPUT_READONLY_PATTERNS, INPUT_DESTRUCTIVE_PATTERNS, INPUT_WRITE_PATTERNS, OUTPUT_READONLY_PATTERNS, OUTPUT_DESTRUCTIVE_PATTERNS, OUTPUT_WRITE_PATTERNS, } from "./SchemaAnalyzer.js";
 // Issue #57: Architecture Detector
 export { detectArchitecture, hasDatabaseToolPatterns, extractDatabasesFromDependencies, } from "./ArchitectureDetector.js";
+// Issue #105: Alignment Checker
+export { extractAnnotations, extractExtendedMetadata, extractToolParams, assessSingleTool, determineAnnotationStatus, calculateMetrics, } from "./AlignmentChecker.js";
+// Issue #105: Explanation Generator
+export { generateExplanation, generateEnhancedExplanation, generateRecommendations, generateEnhancedRecommendations, } from "./ExplanationGenerator.js";
+// Issue #105: Event Emitter
+export { emitAnnotationEvents, emitMismatchEvent } from "./EventEmitter.js";
+// Issue #105: Claude Integration
+export { enhanceWithClaudeInference, createPatternBasedInference, } from "./ClaudeIntegration.js";

package/lib/services/assessment/modules/annotations/types.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Shared Types for Annotation Assessment Modules
+ *
+ * Consolidates common type definitions used across annotation helper modules.
+ * Created as part of Issue #105 refactoring to eliminate duplicate definitions.
+ */
+import type { ToolAnnotationResult } from "../../../../lib/assessmentTypes.js";
+/**
+ * Claude inference result structure
+ * Contains semantic analysis of tool behavior from Claude
+ */
+export interface ClaudeInference {
+    expectedReadOnly: boolean;
+    expectedDestructive: boolean;
+    confidence: number;
+    reasoning: string;
+    suggestedAnnotations: {
+        readOnlyHint?: boolean;
+        destructiveHint?: boolean;
+        idempotentHint?: boolean;
+    };
+    misalignmentDetected: boolean;
+    misalignmentDetails?: string;
+    source: "claude-inferred" | "pattern-based";
+}
+/**
+ * Enhanced tool annotation result with Claude inference
+ * Extends the base result with optional Claude semantic analysis
+ */
+export interface EnhancedToolAnnotationResult extends ToolAnnotationResult {
+    claudeInference?: ClaudeInference;
+}
+//# sourceMappingURL=types.d.ts.map

package/lib/services/assessment/modules/annotations/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAElE;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB,EAAE;QACpB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,oBAAoB,EAAE,OAAO,CAAC;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,MAAM,EAAE,iBAAiB,GAAG,eAAe,CAAC;CAC7C;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA6B,SAAQ,oBAAoB;IACxE,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC"}

package/lib/services/assessment/modules/annotations/types.js ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Shared Types for Annotation Assessment Modules
+ *
+ * Consolidates common type definitions used across annotation helper modules.
+ * Created as part of Issue #105 refactoring to eliminate duplicate definitions.
+ */
+export {};

package/lib/services/assessment/modules/securityTests/SafeResponseDetector.d.ts CHANGED Viewed

@@ -37,6 +37,9 @@ export declare class SafeResponseDetector {
     /**
      * Check if response is just reflection (safe)
      * Two-layer defense: Match reflection patterns, verify NO execution evidence
+     *
+     * Issue #110, Challenge #8: Also checks for LLM injection markers and
+     * output injection vulnerability metadata before declaring response safe.
      */
     isReflectionResponse(responseText: string): boolean;
     /**

package/lib/services/assessment/modules/securityTests/SafeResponseDetector.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SafeResponseDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SafeResponseDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;~~AAcjF~~;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,iBAAiB,CAA4B;;IAMrD;;OAEG;IACH,oBAAoB,CAAC,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAQzE;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD~~;;;OAGG~~;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;~~IAkEnD~~;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIjD;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IA0CrE;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;CAUtE"}
1	+ {"version":3,"file":"SafeResponseDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SafeResponseDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AAgBjF;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,iBAAiB,CAA4B;;IAMrD;;OAEG;IACH,oBAAoB,CAAC,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAQzE;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;;;;;OAMG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IA8EnD;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIjD;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IA0CrE;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;CAUtE"}

package/lib/services/assessment/modules/securityTests/SafeResponseDetector.js CHANGED Viewed

@@ -5,7 +5,7 @@
  * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
  * Handles: MCP validation, HTTP errors, reflection detection, validation rejection
  */
-import { VALIDATION_ERROR_PATTERNS, STATUS_PATTERNS, REFLECTION_PATTERNS, SEARCH_RESULT_PATTERNS, CREATION_PATTERNS, TEXT_REJECTION_PATTERNS, RESULT_REJECTION_PATTERNS, isHttpError, matchesAny, } from "./SecurityPatternLibrary.js";
+import { VALIDATION_ERROR_PATTERNS, STATUS_PATTERNS, REFLECTION_PATTERNS, SEARCH_RESULT_PATTERNS, CREATION_PATTERNS, TEXT_REJECTION_PATTERNS, RESULT_REJECTION_PATTERNS, isHttpError, matchesAny, hasLLMInjectionMarkers, hasOutputInjectionVulnerability, } from "./SecurityPatternLibrary.js";
 import { ExecutionArtifactDetector } from "./ExecutionArtifactDetector.js";
 /**
  * Detects safe response patterns indicating proper tool behavior
@@ -33,8 +33,21 @@ export class SafeResponseDetector {
     /**
      * Check if response is just reflection (safe)
      * Two-layer defense: Match reflection patterns, verify NO execution evidence
+     *
+     * Issue #110, Challenge #8: Also checks for LLM injection markers and
+     * output injection vulnerability metadata before declaring response safe.
      */
     isReflectionResponse(responseText) {
+        // Issue #110: Check for LLM injection markers BEFORE reflection check
+        // If response contains <IMPORTANT>, [INST], or similar markers, it's not safe
+        if (hasLLMInjectionMarkers(responseText)) {
+            return false; // Not safe - contains potential LLM injection
+        }
+        // Issue #110: Check for output injection vulnerability metadata
+        // If tool self-reports raw_content_included or injection risk, it's not safe
+        if (hasOutputInjectionVulnerability(responseText)) {
+            return false; // Not safe - tool reports output injection vulnerability
+        }
         // Combine status patterns and reflection patterns
         const allReflectionPatterns = [...STATUS_PATTERNS, ...REFLECTION_PATTERNS];
         const hasReflection = matchesAny(allReflectionPatterns, responseText);

package/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts CHANGED Viewed

@@ -40,6 +40,25 @@ export declare const EXECUTION_ARTIFACT_PATTERNS: {
     /** Context-sensitive - only count if no echoed payload */
     readonly contextSensitive: readonly [RegExp, RegExp, RegExp];
 };
+/**
+ * Patterns for detecting LLM prompt injection markers in tool output
+ * These indicate potential indirect prompt injection (output injection)
+ * Used by: hasLLMInjectionMarkers()
+ *
+ * When tool output contains these markers, it may flow to the orchestrating
+ * LLM and influence its behavior - a security concern for MCP integrations.
+ */
+export declare const LLM_INJECTION_MARKERS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Patterns for detecting output injection vulnerability metadata
+ * Tools that self-report vulnerability status
+ */
+export declare const OUTPUT_INJECTION_METADATA: {
+    /** Tool reports it includes raw/unsanitized content */
+    readonly rawContentIncluded: readonly [RegExp, RegExp, RegExp];
+    /** Tool reports vulnerability in output handling */
+    readonly vulnerableOutput: readonly [RegExp, RegExp, RegExp, RegExp];
+};
 /**
  * Patterns for connection/server errors
  * Used by: isConnectionError(), isConnectionErrorFromException()
@@ -373,4 +392,14 @@ export declare function isHttpError(text: string): boolean;
  * Check if response has MCP error prefix
  */
 export declare function hasMcpErrorPrefix(text: string): boolean;
+/**
+ * Check if text contains LLM injection markers (Issue #110, Challenge #8)
+ * Detects XML-style tags, chat format markers, and instruction overrides
+ */
+export declare function hasLLMInjectionMarkers(text: string): boolean;
+/**
+ * Check if response indicates output injection vulnerability (Issue #110, Challenge #8)
+ * Detects tools that self-report including raw/unsanitized content
+ */
+export declare function hasOutputInjectionVulnerability(text: string): boolean;
 //# sourceMappingURL=SecurityPatternLibrary.d.ts.map

package/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;IAqBpC,4DAA4D;;IAW5D,+BAA+B;;CAEvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAMhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,eAAe,mJAkBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB,2rBAwGtB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;EAiCjC,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAMX;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,EAAE,oBAAoB,EA0FnE,CAAC;AAEF;;;;;;;;GAQG;AAKH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,IAAM,CAAC;AAMxC;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAC1C,MAAM,EACN;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,CAgCxC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAiB5E;AAED,eAAO,MAAM,2BAA2B,EAAE,oBAAoB,EAuE7D,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,2FAWzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,iBAAiB,mHAcpB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,mFAU1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,mDAM9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,2DAO1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB,2DAO5B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B,yKAWhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,kBAAkB,mGAYrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QACO,CAAC;AAMhD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAC8B,CAAC;AAE/D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2EAS3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,oRA4B9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;IAClC,iCAAiC;;IAQjC,mDAAmD;;IAInD,gDAAgD;;IAIhD,oCAAoC;;IAEpC,6CAA6C;;CAIrC,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB;IACpC,oDAAoD;;IAOpD,wCAAwC;;CAEhC,CAAC;AAMX;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD"}
1	+ {"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;;;;;GAOG;AACH,eAAO,MAAM,qBAAqB,2KA4BxB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,uDAAuD;;IAOvD,oDAAoD;;CAO5C,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;IAqBpC,4DAA4D;;IAW5D,+BAA+B;;CAEvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAMhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,eAAe,mJAkBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB,2rBAwGtB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;EAiCjC,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAMX;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,EAAE,oBAAoB,EA0FnE,CAAC;AAEF;;;;;;;;GAQG;AAKH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,IAAM,CAAC;AAMxC;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAC1C,MAAM,EACN;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,CAgCxC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAiB5E;AAED,eAAO,MAAM,2BAA2B,EAAE,oBAAoB,EAuE7D,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,2FAWzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,iBAAiB,mHAcpB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,mFAU1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,mDAM9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,2DAO1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB,2DAO5B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B,yKAWhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,kBAAkB,mGAYrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QACO,CAAC;AAMhD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAC8B,CAAC;AAE/D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2EAS3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,oRA4B9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;IAClC,iCAAiC;;IAQjC,mDAAmD;;IAInD,gDAAgD;;IAIhD,oCAAoC;;IAEpC,6CAA6C;;CAIrC,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB;IACpC,oDAAoD;;IAOpD,wCAAwC;;CAEhC,CAAC;AAMX;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE5D;AAED;;;GAGG;AACH,wBAAgB,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAKrE"}

package/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.js CHANGED Viewed

@@ -104,6 +104,62 @@ export const EXECUTION_ARTIFACT_PATTERNS = {
     contextSensitive: [/\/etc\/passwd/i, /\/etc\/shadow/i, /file:\/\/\//i],
 };
 // =============================================================================
+// LLM INJECTION MARKER PATTERNS (Issue #110, Challenge #8)
+// =============================================================================
+/**
+ * Patterns for detecting LLM prompt injection markers in tool output
+ * These indicate potential indirect prompt injection (output injection)
+ * Used by: hasLLMInjectionMarkers()
+ *
+ * When tool output contains these markers, it may flow to the orchestrating
+ * LLM and influence its behavior - a security concern for MCP integrations.
+ */
+export const LLM_INJECTION_MARKERS = [
+    // XML-style instruction tags
+    /<IMPORTANT>/i,
+    /<\/IMPORTANT>/i,
+    /<SYSTEM>/i,
+    /<\/SYSTEM>/i,
+    /<INSTRUCTION>/i,
+    /<\/INSTRUCTION>/i,
+    // Chat model format markers
+    /\[INST\]/i,
+    /\[\/INST\]/i,
+    /<\|system\|>/i,
+    /<\|user\|>/i,
+    /<\|assistant\|>/i,
+    /<\|im_start\|>/i,
+    /<\|im_end\|>/i,
+    // Template injection patterns
+    /\{\{SYSTEM_PROMPT\}\}/i,
+    /\{\{USER_INPUT\}\}/i,
+    /\{\{ASSISTANT\}\}/i,
+    // Instruction override patterns
+    /ignore.*previous.*instructions/i,
+    /disregard.*above.*instructions/i,
+    /new.*instructions.*follow/i,
+    /override.*system.*prompt/i,
+];
+/**
+ * Patterns for detecting output injection vulnerability metadata
+ * Tools that self-report vulnerability status
+ */
+export const OUTPUT_INJECTION_METADATA = {
+    /** Tool reports it includes raw/unsanitized content */
+    rawContentIncluded: [
+        /"raw_content_included"\s*:\s*true/i,
+        /"unsanitized"\s*:\s*true/i,
+        /"content_sanitized"\s*:\s*false/i,
+    ],
+    /** Tool reports vulnerability in output handling */
+    vulnerableOutput: [
+        /enables\s+indirect\s+prompt\s+injection/i,
+        /returns\s+unsanitized\s+user\s+content/i,
+        /output\s+injection/i,
+        /"injection_risk"\s*:\s*true/i,
+    ],
+};
+// =============================================================================
 // CONNECTION ERROR PATTERNS (consolidated from 2 duplicate locations)
 // =============================================================================
 /**
@@ -952,3 +1008,18 @@ export function isHttpError(text) {
 export function hasMcpErrorPrefix(text) {
     return CONNECTION_ERROR_PATTERNS.mcpPrefix.test(text);
 }
+/**
+ * Check if text contains LLM injection markers (Issue #110, Challenge #8)
+ * Detects XML-style tags, chat format markers, and instruction overrides
+ */
+export function hasLLMInjectionMarkers(text) {
+    return matchesAny(LLM_INJECTION_MARKERS, text);
+}
+/**
+ * Check if response indicates output injection vulnerability (Issue #110, Challenge #8)
+ * Detects tools that self-report including raw/unsanitized content
+ */
+export function hasOutputInjectionVulnerability(text) {
+    return (matchesAny(OUTPUT_INJECTION_METADATA.rawContentIncluded, text) ||
+        matchesAny(OUTPUT_INJECTION_METADATA.vulnerableOutput, text));
+}

package/lib/services/assessment/modules/securityTests/SecurityPayloadTester.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecurityPayloadTester.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPayloadTester.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EACL,gBAAgB,EAGjB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAGL,eAAe,EAChB,MAAM,wBAAwB,CAAC;AAOhC;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC/B,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED;;GAEG;AACH,qBAAa,qBAAqB;IAO9B,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,kBAAkB;IAR5B,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,oBAAoB,CAAuB;IACnD,OAAO,CAAC,SAAS,CAAK;gBAGZ,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,UAAU,EAClB,kBAAkB,EAAE,CAAC,CAAC,EAC5B,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EACnB,OAAO,EAAE,MAAM,KACZ,OAAO,CAAC,CAAC,CAAC;IAOjB;;;OAGG;IACG,yBAAyB,CAC7B,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,oBAAoB,GAChC,OAAO,CAAC,kBAAkB,EAAE,CAAC;IA2JhC;;;OAGG;IACG,qBAAqB,CACzB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,oBAAoB,GAChC,OAAO,CAAC,kBAAkB,EAAE,CAAC;IA8IhC;;OAEG;IACG,WAAW,CACf,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,GACxC,OAAO,CAAC,kBAAkB,CAAC;~~IAyJ9B~~;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAO3B;;OAEG;IACH,OAAO,CAAC,KAAK;CAGd"}
1	+ {"version":3,"file":"SecurityPayloadTester.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPayloadTester.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EACL,gBAAgB,EAGjB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAGL,eAAe,EAChB,MAAM,wBAAwB,CAAC;AAOhC;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC/B,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED;;GAEG;AACH,qBAAa,qBAAqB;IAO9B,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,kBAAkB;IAR5B,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,oBAAoB,CAAuB;IACnD,OAAO,CAAC,SAAS,CAAK;gBAGZ,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,UAAU,EAClB,kBAAkB,EAAE,CAAC,CAAC,EAC5B,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EACnB,OAAO,EAAE,MAAM,KACZ,OAAO,CAAC,CAAC,CAAC;IAOjB;;;OAGG;IACG,yBAAyB,CAC7B,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,oBAAoB,GAChC,OAAO,CAAC,kBAAkB,EAAE,CAAC;IA2JhC;;;OAGG;IACG,qBAAqB,CACzB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,oBAAoB,GAChC,OAAO,CAAC,kBAAkB,EAAE,CAAC;IA8IhC;;OAEG;IACG,WAAW,CACf,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,GACxC,OAAO,CAAC,kBAAkB,CAAC;IAsM9B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAO3B;;OAEG;IACH,OAAO,CAAC,KAAK;CAGd"}

package/lib/services/assessment/modules/securityTests/SecurityPayloadTester.js CHANGED Viewed

@@ -319,6 +319,26 @@ export class SecurityPayloadTester {
                     authBypassEvidence: authResult.evidence,
                 };
             }
+            // Issue #110: Analyze blacklist bypass patterns for "Blacklist Bypass" attack type
+            let blacklistBypassFields = {};
+            if (attackName === "Blacklist Bypass") {
+                const bypassResult = this.responseAnalyzer.analyzeBlacklistBypassResponse(response);
+                blacklistBypassFields = {
+                    blacklistBypassDetected: bypassResult.detected,
+                    blacklistBypassType: bypassResult.bypassType,
+                    blacklistBypassMethod: bypassResult.bypassMethod,
+                    blacklistBypassEvidence: bypassResult.evidence,
+                };
+            }
+            // Issue #110: Analyze output injection patterns for Challenge #8
+            // Check ALL responses since any tool could have output injection vulnerabilities
+            const outputInjectionResult = this.responseAnalyzer.analyzeOutputInjectionResponse(response);
+            const outputInjectionFields = {
+                outputInjectionDetected: outputInjectionResult.detected,
+                outputInjectionType: outputInjectionResult.injectionType,
+                outputInjectionMarkers: outputInjectionResult.markers,
+                outputInjectionEvidence: outputInjectionResult.evidence,
+            };
             return {
                 testName: attackName,
                 description: payload.description,
@@ -333,6 +353,10 @@ export class SecurityPayloadTester {
                 sanitizationLibraries: combinedSanitization.libraries,
                 // Issue #75: Auth bypass detection fields
                 ...authBypassFields,
+                // Issue #110: Blacklist bypass detection fields
+                ...blacklistBypassFields,
+                // Issue #110: Output injection detection fields (Challenge #8)
+                ...outputInjectionFields,
                 ...confidenceResult,
             };
         }

package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts CHANGED Viewed

@@ -45,6 +45,26 @@ export interface StateBasedAuthResult {
     stateDependency: "SHARED_STATE" | "INDEPENDENT" | "UNKNOWN";
     evidence: string;
 }
+/**
+ * Result of blacklist bypass response analysis (Issue #110, Challenge #11)
+ * Detects incomplete blacklist security controls being bypassed
+ */
+export interface BlacklistBypassResult {
+    detected: boolean;
+    bypassType: "BLACKLIST_BYPASS" | "ALLOWLIST_BLOCKED" | "UNKNOWN";
+    bypassMethod?: string;
+    evidence?: string;
+}
+/**
+ * Result of output injection response analysis (Issue #110, Challenge #8)
+ * Detects indirect prompt injection via unsanitized tool output
+ */
+export interface OutputInjectionResult {
+    detected: boolean;
+    injectionType: "LLM_INJECTION_MARKERS" | "RAW_CONTENT_INCLUDED" | "SANITIZED" | "UNKNOWN";
+    markers?: string[];
+    evidence?: string;
+}
 /**
  * Chain execution type classification (Issue #93, Challenge #6)
  */
@@ -115,6 +135,31 @@ export declare class SecurityResponseAnalyzer {
      * indicated by shared_state_checked: false or independent_auth_required: true
      */
     analyzeStateBasedAuthBypass(response: CompatibilityCallToolResult): StateBasedAuthResult;
+    /**
+     * Analyze response for blacklist bypass patterns (Issue #110, Challenge #11)
+     * Detects when incomplete blacklist security controls are bypassed
+     *
+     * This method extracts JSON metadata from tool responses to detect:
+     * - VULNERABLE: bypass_used: true, blacklist_check: "passed"
+     * - SAFE: execution_blocked: true, allowlist_used: true
+     *
+     * @param response The tool response to analyze
+     * @returns Analysis result with bypass detection status
+     */
+    analyzeBlacklistBypassResponse(response: CompatibilityCallToolResult): BlacklistBypassResult;
+    /**
+     * Analyze response for output injection vulnerabilities (Issue #110, Challenge #8)
+     * Detects indirect prompt injection via unsanitized tool output
+     *
+     * This method detects:
+     * - VULNERABLE: LLM injection markers (<IMPORTANT>, [INST], etc.) in output
+     * - VULNERABLE: Tool self-reports raw_content_included: true
+     * - SAFE: Tool reports content_sanitized: true or uses hash references
+     *
+     * @param response The tool response to analyze
+     * @returns Analysis result with output injection detection status
+     */
+    analyzeOutputInjectionResponse(response: CompatibilityCallToolResult): OutputInjectionResult;
     /**
      * Analyze response for chain exploitation vulnerabilities (Issue #93, Challenge #6)
      * Detects multi-tool chained exploitation attacks including:
@@ -138,6 +183,27 @@ export declare class SecurityResponseAnalyzer {
      * - Database connection strings with credentials
      * - Environment variable values
      * - Partial key previews
+     *
+     * @note This method must be called separately from analyzeResponse().
+     * It is not part of the standard vulnerability detection flow because
+     * secret leakage detection requires examining ALL responses, not just
+     * those matching attack payloads. Callers should invoke this method
+     * independently when auditing tool responses for credential exposure.
+     *
+     * @example
+     * ```typescript
+     * const analyzer = new SecurityResponseAnalyzer();
+     * const response = await client.callTool("get_status", { verbose: true });
+     *
+     * // Standard vulnerability check
+     * const vulnResult = analyzer.analyzeResponse(response, payload);
+     *
+     * // Additional secret leakage check (separate concern)
+     * const leakResult = analyzer.checkSecretLeakage(response);
+     * if (leakResult.detected) {
+     *   console.warn(`Secret leaked: ${leakResult.evidence}`);
+     * }
+     * ```
      */
     checkSecretLeakage(response: CompatibilityCallToolResult): {
         detected: boolean;

package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,eAAe,EAAE,cAAc,GAAG,aAAa,GAAG,SAAS,CAAC;IAC5D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,sBAAsB,GACtB,iBAAiB,GACjB,SAAS,GACT,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,0BAA0B,GAClC,kBAAkB,GAClB,iBAAiB,GACjB,2BAA2B,GAC3B,gBAAgB,GAChB,qBAAqB,GACrB,iBAAiB,CAAC;AAEtB;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,kBAAkB,CAAC;IAC9B,uBAAuB,EAAE,0BAA0B,EAAE,CAAC;IACtD,QAAQ,EAAE;QACR,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,eAAe,EAAE,MAAM,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;;IAc3C;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAqBjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAWnB;;;OAGG;IACH,yBAAyB,CACvB,QAAQ,EAAE,2BAA2B,GACpC,gBAAgB;IAsFnB;;;;;;;;;OASG;IACH,2BAA2B,CACzB,QAAQ,EAAE,2BAA2B,GACpC,oBAAoB;IAmGvB;;;;;;;;;;;;OAYG;IACH,wBAAwB,CACtB,QAAQ,EAAE,2BAA2B,GACpC,yBAAyB;IA6D5B~~;;;;;;;;;OASG~~;IACH,kBAAkB,CAAC,QAAQ,EAAE,2BAA2B,GAAG;QACzD,QAAQ,EAAE,OAAO,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAwCD;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;~~IA+E7B~~;;;OAGG;IACH,OAAO,CAAC,0BAA0B;~~IAwClC~~;;OAEG;IACH,OAAO,CAAC,wBAAwB;~~CAoBjC~~"}
1	+ {"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,eAAe,EAAE,cAAc,GAAG,aAAa,GAAG,SAAS,CAAC;IAC5D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,kBAAkB,GAAG,mBAAmB,GAAG,SAAS,CAAC;IACjE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,OAAO,CAAC;IAClB,aAAa,EACT,uBAAuB,GACvB,sBAAsB,GACtB,WAAW,GACX,SAAS,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,sBAAsB,GACtB,iBAAiB,GACjB,SAAS,GACT,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,0BAA0B,GAClC,kBAAkB,GAClB,iBAAiB,GACjB,2BAA2B,GAC3B,gBAAgB,GAChB,qBAAqB,GACrB,iBAAiB,CAAC;AAEtB;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,kBAAkB,CAAC;IAC9B,uBAAuB,EAAE,0BAA0B,EAAE,CAAC;IACtD,QAAQ,EAAE;QACR,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,eAAe,EAAE,MAAM,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;;IAc3C;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAqBjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAWnB;;;OAGG;IACH,yBAAyB,CACvB,QAAQ,EAAE,2BAA2B,GACpC,gBAAgB;IAsFnB;;;;;;;;;OASG;IACH,2BAA2B,CACzB,QAAQ,EAAE,2BAA2B,GACpC,oBAAoB;IAmGvB;;;;;;;;;;OAUG;IACH,8BAA8B,CAC5B,QAAQ,EAAE,2BAA2B,GACpC,qBAAqB;IAyFxB;;;;;;;;;;;OAWG;IACH,8BAA8B,CAC5B,QAAQ,EAAE,2BAA2B,GACpC,qBAAqB;IA0FxB;;;;;;;;;;;;OAYG;IACH,wBAAwB,CACtB,QAAQ,EAAE,2BAA2B,GACpC,yBAAyB;IA6D5B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,kBAAkB,CAAC,QAAQ,EAAE,2BAA2B,GAAG;QACzD,QAAQ,EAAE,OAAO,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAwCD;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAqF7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IA0DlC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAmBjC"}