npm - @bryan-thompson/inspector-assessment-client - Versions diffs - 1.36.3 → 1.36.5 - Mend

@bryan-thompson/inspector-assessment-client 1.36.3 → 1.36.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/assets/{OAuthCallback-RXmtS9Xr.js → OAuthCallback-pydLxj3d.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-0DAqp50J.js";
+import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-CVyqQ7s8.js";
 const OAuthCallback = ({ onConnect }) => {
   const { toast } = useToast();
   const hasProcessedRef = reactExports.useRef(false);

package/dist/assets/{OAuthDebugCallback-BRtDZYF8.js → OAuthDebugCallback-BLEebYQf.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-0DAqp50J.js";
+import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-CVyqQ7s8.js";
 const OAuthDebugCallback = ({ onConnect }) => {
   reactExports.useEffect(() => {
     let isProcessed = false;

package/dist/assets/{index-0DAqp50J.js → index-CVyqQ7s8.js} RENAMED Viewed

@@ -16373,7 +16373,7 @@ object({
   token_type_hint: string().optional()
 }).strip();
 const name = "@bryan-thompson/inspector-assessment-client";
-const version$1 = "1.36.3";
+const version$1 = "1.36.4";
 const packageJson = {
   name,
   version: version$1
@@ -48920,7 +48920,7 @@ const useTheme = () => {
     [theme, setThemeWithSideEffect]
   );
 };
-const version = "1.36.3";
+const version = "1.36.4";
 var [createTooltipContext] = createContextScope("Tooltip", [
   createPopperScope
 ]);
@@ -52515,13 +52515,13 @@ const App = () => {
   ) });
   if (window.location.pathname === "/oauth/callback") {
     const OAuthCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthCallback-RXmtS9Xr.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthCallback-pydLxj3d.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
   }
   if (window.location.pathname === "/oauth/callback/debug") {
     const OAuthDebugCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthDebugCallback-BRtDZYF8.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthDebugCallback-BLEebYQf.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
   }

package/dist/index.html CHANGED Viewed

@@ -5,7 +5,7 @@
     <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MCP Inspector</title>
-    <script type="module" crossorigin src="/assets/index-0DAqp50J.js"></script>
+    <script type="module" crossorigin src="/assets/index-CVyqQ7s8.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-BoUA5OL1.css">
   </head>
   <body>

package/lib/services/assessment/modules/annotations/AnnotationDeceptionDetector.d.ts CHANGED Viewed

@@ -15,6 +15,18 @@ export declare const READONLY_CONTRADICTION_KEYWORDS: string[];
  * Issue #18: browser-tools-mcp uses runAccessibilityAudit, runSEOAudit, etc.
  */
 export declare const RUN_READONLY_EXEMPT_SUFFIXES: string[];
+/**
+ * Prefixes that indicate read-only operations.
+ * Issue #161: When a tool starts with these prefixes, certain keywords become nouns.
+ * For example, "post" in "get_post_details" is a Reddit post (noun), not POST method (verb).
+ */
+export declare const READONLY_PREFIX_PATTERNS: RegExp[];
+/**
+ * Keywords that can be nouns when following a read-only prefix.
+ * Issue #161: These words are verbs when used as prefixes (post_message) but
+ * nouns when used after read-only prefixes (get_post_details).
+ */
+export declare const NOUN_KEYWORDS_IN_READONLY_CONTEXT: string[];
 /**
  * Keywords that contradict destructiveHint=false (these tools delete/destroy data)
  */
@@ -41,6 +53,16 @@ export declare function containsKeyword(toolName: string, keywords: string[]): s
  * Issue #18: Prevents false positives for analysis/audit tools.
  */
 export declare function isRunKeywordExempt(toolName: string): boolean;
+/**
+ * Check if a keyword is being used as a noun in a read-only context.
+ * Issue #161: "post" in "get_post_details" is a Reddit post (noun), not POST method (verb).
+ * Prevents false positives when read-only tools reference content types.
+ *
+ * @param toolName - The tool name to check
+ * @param keyword - The keyword that was matched (e.g., "post")
+ * @returns true if the keyword is a noun in this read-only context
+ */
+export declare function isNounInReadOnlyContext(toolName: string, keyword: string): boolean;
 /**
  * Type guard for confidence levels that warrant event emission or status changes.
  * Uses positive check for acceptable levels (safer than !== "low" if new levels added).

package/lib/services/assessment/modules/annotations/AnnotationDeceptionDetector.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AnnotationDeceptionDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/AnnotationDeceptionDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,eAAO,MAAM,+BAA+B,UA0C3C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,4BAA4B,UAexC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kCAAkC,UAgB9C,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,cAAc,GAAG,iBAAiB,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAAE,GACjB,MAAM,GAAG,IAAI,CAkBf;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAU5D;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAElE;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,eAAe,CAAC,EAAE,OAAO,CAAA;CAAE,GACjE,eAAe,GAAG,IAAI,~~CAoCxB~~"}
1	+ {"version":3,"file":"AnnotationDeceptionDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/AnnotationDeceptionDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,eAAO,MAAM,+BAA+B,UA0C3C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,4BAA4B,UAexC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,UAYpC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,UAO7C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kCAAkC,UAgB9C,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,cAAc,GAAG,iBAAiB,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAAE,GACjB,MAAM,GAAG,IAAI,CAkBf;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAU5D;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GACd,OAAO,CAOT;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAElE;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,eAAe,CAAC,EAAE,OAAO,CAAA;CAAE,GACjE,eAAe,GAAG,IAAI,CAwCxB"}

package/lib/services/assessment/modules/annotations/AnnotationDeceptionDetector.js CHANGED Viewed

@@ -72,6 +72,37 @@ export const RUN_READONLY_EXEMPT_SUFFIXES = [
     "benchmark", // runBenchmark, runPerfBenchmark
     "diagnostic", // runDiagnostic
 ];
+/**
+ * Prefixes that indicate read-only operations.
+ * Issue #161: When a tool starts with these prefixes, certain keywords become nouns.
+ * For example, "post" in "get_post_details" is a Reddit post (noun), not POST method (verb).
+ */
+export const READONLY_PREFIX_PATTERNS = [
+    /^get[_-]/i,
+    /^list[_-]/i,
+    /^fetch[_-]/i,
+    /^read[_-]/i,
+    /^search[_-]/i,
+    /^find[_-]/i,
+    /^show[_-]/i,
+    /^view[_-]/i,
+    /^describe[_-]/i,
+    /^check[_-]/i,
+    /^query[_-]/i,
+];
+/**
+ * Keywords that can be nouns when following a read-only prefix.
+ * Issue #161: These words are verbs when used as prefixes (post_message) but
+ * nouns when used after read-only prefixes (get_post_details).
+ */
+export const NOUN_KEYWORDS_IN_READONLY_CONTEXT = [
+    "post", // Reddit post, blog post, forum post
+    "message", // chat message, email message
+    "comment", // post comment, code comment
+    "thread", // forum thread, email thread
+    "log", // log entry, audit log
+    "record", // database record
+];
 /**
  * Keywords that contradict destructiveHint=false (these tools delete/destroy data)
  */
@@ -130,6 +161,23 @@ export function isRunKeywordExempt(toolName) {
     // Check if any exempt suffix is present
     return RUN_READONLY_EXEMPT_SUFFIXES.some((suffix) => lowerName.includes(suffix));
 }
+/**
+ * Check if a keyword is being used as a noun in a read-only context.
+ * Issue #161: "post" in "get_post_details" is a Reddit post (noun), not POST method (verb).
+ * Prevents false positives when read-only tools reference content types.
+ *
+ * @param toolName - The tool name to check
+ * @param keyword - The keyword that was matched (e.g., "post")
+ * @returns true if the keyword is a noun in this read-only context
+ */
+export function isNounInReadOnlyContext(toolName, keyword) {
+    // Check if keyword can be a noun in read-only context
+    if (!NOUN_KEYWORDS_IN_READONLY_CONTEXT.includes(keyword)) {
+        return false;
+    }
+    // Check if tool name starts with read-only prefix
+    return READONLY_PREFIX_PATTERNS.some((pattern) => pattern.test(toolName));
+}
 /**
  * Type guard for confidence levels that warrant event emission or status changes.
  * Uses positive check for acceptable levels (safer than !== "low" if new levels added).
@@ -152,6 +200,11 @@ export function detectAnnotationDeception(toolName, annotations) {
                 // Tool matches "run" but has an analysis suffix - not deceptive
                 // Fall through to normal pattern-based inference
             }
+            else if (isNounInReadOnlyContext(toolName, keyword)) {
+                // Issue #161: Skip when keyword is a noun in read-only context
+                // e.g., "post" in "get_post_details" is a Reddit post, not POST method
+                // Fall through to normal pattern-based inference
+            }
             else {
                 return {
                     field: "readOnlyHint",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-client",
-  "version": "1.36.3",
+  "version": "1.36.5",
   "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",