@bryan-thompson/inspector-assessment 1.26.7 → 1.28.0

package/client/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.js

@@ -130,6 +130,19 @@ export class SecurityPayloadGenerator {
                 }
             }
         }
+        // VERBOSE MODE TESTING (Issue #103, Challenge #9)
+        // For secret_leakage payloads, enable verbose mode to detect additional credential exposure
+        if (payload.payloadType === "secret_leakage") {
+            for (const [key, prop] of Object.entries(schema.properties)) {
+                const propSchema = prop;
+                if (propSchema.type === "boolean" &&
+                    key.toLowerCase() === "verbose" &&
+                    !(key in params)) {
+                    params[key] = true; // Enable verbose mode to test for additional leakage
+                    break;
+                }
+            }
+        }
         // Fill required parameters with safe defaults
         for (const [key, prop] of Object.entries(schema.properties)) {
             const propSchema = prop;

package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts

@@ -129,6 +129,41 @@ export declare class SecurityResponseAnalyzer {
      * @returns Analysis result with vulnerability status and evidence
      */
     analyzeChainExploitation(response: CompatibilityCallToolResult): ChainExploitationAnalysis;
+    /**
+     * Check for secret leakage in response (Issue #103, Challenge #9)
+     * Scans for credential patterns regardless of payload type.
+     *
+     * This method detects when tools inadvertently expose:
+     * - API keys (AWS, OpenAI, GitHub, GitLab, Slack)
+     * - Database connection strings with credentials
+     * - Environment variable values
+     * - Partial key previews
+     *
+     * @note This method must be called separately from analyzeResponse().
+     * It is not part of the standard vulnerability detection flow because
+     * secret leakage detection requires examining ALL responses, not just
+     * those matching attack payloads. Callers should invoke this method
+     * independently when auditing tool responses for credential exposure.
+     *
+     * @example
+     * ```typescript
+     * const analyzer = new SecurityResponseAnalyzer();
+     * const response = await client.callTool("get_status", { verbose: true });
+     *
+     * // Standard vulnerability check
+     * const vulnResult = analyzer.analyzeResponse(response, payload);
+     *
+     * // Additional secret leakage check (separate concern)
+     * const leakResult = analyzer.checkSecretLeakage(response);
+     * if (leakResult.detected) {
+     *   console.warn(`Secret leaked: ${leakResult.evidence}`);
+     * }
+     * ```
+     */
+    checkSecretLeakage(response: CompatibilityCallToolResult): {
+        detected: boolean;
+        evidence?: string;
+    };
     /**
      * Check if response indicates connection/server failure
      */

package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,eAAe,EAAE,cAAc,GAAG,aAAa,GAAG,SAAS,CAAC;IAC5D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,sBAAsB,GACtB,iBAAiB,GACjB,SAAS,GACT,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,0BAA0B,GAClC,kBAAkB,GAClB,iBAAiB,GACjB,2BAA2B,GAC3B,gBAAgB,GAChB,qBAAqB,GACrB,iBAAiB,CAAC;AAEtB;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,kBAAkB,CAAC;IAC9B,uBAAuB,EAAE,0BAA0B,EAAE,CAAC;IACtD,QAAQ,EAAE;QACR,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,eAAe,EAAE,MAAM,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;;IAc3C;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAqBjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAWnB;;;OAGG;IACH,yBAAyB,CACvB,QAAQ,EAAE,2BAA2B,GACpC,gBAAgB;IAsFnB;;;;;;;;;OASG;IACH,2BAA2B,CACzB,QAAQ,EAAE,2BAA2B,GACpC,oBAAoB;IAmGvB;;;;;;;;;;;;OAYG;IACH,wBAAwB,CACtB,QAAQ,EAAE,2BAA2B,GACpC,yBAAyB;IA6D5B;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA+E7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAwClC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAoBjC"}
+{"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,eAAe,EAAE,cAAc,GAAG,aAAa,GAAG,SAAS,CAAC;IAC5D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,sBAAsB,GACtB,iBAAiB,GACjB,SAAS,GACT,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,0BAA0B,GAClC,kBAAkB,GAClB,iBAAiB,GACjB,2BAA2B,GAC3B,gBAAgB,GAChB,qBAAqB,GACrB,iBAAiB,CAAC;AAEtB;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,kBAAkB,CAAC;IAC9B,uBAAuB,EAAE,0BAA0B,EAAE,CAAC;IACtD,QAAQ,EAAE;QACR,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,eAAe,EAAE,MAAM,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;;IAc3C;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAqBjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAWnB;;;OAGG;IACH,yBAAyB,CACvB,QAAQ,EAAE,2BAA2B,GACpC,gBAAgB;IAsFnB;;;;;;;;;OASG;IACH,2BAA2B,CACzB,QAAQ,EAAE,2BAA2B,GACpC,oBAAoB;IAmGvB;;;;;;;;;;;;OAYG;IACH,wBAAwB,CACtB,QAAQ,EAAE,2BAA2B,GACpC,yBAAyB;IA6D5B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,kBAAkB,CAAC,QAAQ,EAAE,2BAA2B,GAAG;QACzD,QAAQ,EAAE,OAAO,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB;IAwCD;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA+E7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAwClC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAoBjC"}

package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.js

@@ -321,6 +321,72 @@ export class SecurityResponseAnalyzer {
             },
         };
     }
+    /**
+     * Check for secret leakage in response (Issue #103, Challenge #9)
+     * Scans for credential patterns regardless of payload type.
+     *
+     * This method detects when tools inadvertently expose:
+     * - API keys (AWS, OpenAI, GitHub, GitLab, Slack)
+     * - Database connection strings with credentials
+     * - Environment variable values
+     * - Partial key previews
+     *
+     * @note This method must be called separately from analyzeResponse().
+     * It is not part of the standard vulnerability detection flow because
+     * secret leakage detection requires examining ALL responses, not just
+     * those matching attack payloads. Callers should invoke this method
+     * independently when auditing tool responses for credential exposure.
+     *
+     * @example
+     * ```typescript
+     * const analyzer = new SecurityResponseAnalyzer();
+     * const response = await client.callTool("get_status", { verbose: true });
+     *
+     * // Standard vulnerability check
+     * const vulnResult = analyzer.analyzeResponse(response, payload);
+     *
+     * // Additional secret leakage check (separate concern)
+     * const leakResult = analyzer.checkSecretLeakage(response);
+     * if (leakResult.detected) {
+     *   console.warn(`Secret leaked: ${leakResult.evidence}`);
+     * }
+     * ```
+     */
+    checkSecretLeakage(response) {
+        const responseText = this.extractResponseContent(response);
+        const patterns = [
+            { regex: /AKIA[A-Z0-9]{16}/, name: "AWS Access Key" },
+            { regex: /sk-[a-zA-Z0-9]{20,}/, name: "OpenAI API Key" },
+            { regex: /ghp_[a-zA-Z0-9]{36}/, name: "GitHub PAT" },
+            { regex: /glpat-[a-zA-Z0-9]{20}/, name: "GitLab PAT" },
+            { regex: /xox[baprs]-[a-zA-Z0-9-]+/, name: "Slack Token" },
+            {
+                regex: /(postgresql|mysql|mongodb|redis|mssql):\/\/[^:]+:[^@]+@/i,
+                name: "Connection String with Credentials",
+            },
+            {
+                regex: /(api[_-]?key|secret|password|credential)[^\s]*[:=]\s*["']?[a-zA-Z0-9_-]{10,}/i,
+                name: "Credential Assignment",
+            },
+            {
+                regex: /(SECRET_TOKEN|DATABASE_URL|API_KEY|PRIVATE_KEY|DB_PASSWORD)[^\s]*[:=]/i,
+                name: "Environment Variable Leakage",
+            },
+            {
+                regex: /api_key_preview|key_fragment|partial_key/i,
+                name: "Partial Key Exposure",
+            },
+        ];
+        for (const { regex, name } of patterns) {
+            if (regex.test(responseText)) {
+                return {
+                    detected: true,
+                    evidence: `${name} pattern found in response`,
+                };
+            }
+        }
+        return { detected: false };
+    }
     /**
      * Check if response indicates connection/server failure
      */

package/client/lib/services/assessment/modules/temporal/MutationDetector.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Mutation Detector Module
+ * Detects definition mutations and content changes for rug pull detection.
+ *
+ * Extracted from TemporalAssessor as part of Issue #106 refactoring.
+ * DVMCP Challenge 4: Tool descriptions that mutate after N calls to inject malicious instructions.
+ */
+/**
+ * Tracks tool definition snapshots across invocations to detect rug pull mutations.
+ */
+export interface DefinitionSnapshot {
+    invocation: number;
+    description: string | undefined;
+    inputSchema: unknown;
+    timestamp: number;
+}
+/**
+ * Result of definition mutation detection.
+ */
+export interface DefinitionMutation {
+    detectedAt: number;
+    baselineDescription?: string;
+    mutatedDescription?: string;
+    baselineSchema?: unknown;
+    mutatedSchema?: unknown;
+}
+/**
+ * Result of content change detection.
+ */
+export interface ContentChangeResult {
+    detected: boolean;
+    reason: string | null;
+}
+/**
+ * Detects definition mutations and semantic content changes in tool responses.
+ * Used to identify "rug pull" attacks where tools change behavior after N invocations.
+ */
+export declare class MutationDetector {
+    /**
+     * Detect mutations in tool definition across invocation snapshots.
+     * DVMCP Challenge 4: Tool descriptions that mutate after N calls.
+     */
+    detectDefinitionMutation(snapshots: DefinitionSnapshot[]): DefinitionMutation | null;
+    /**
+     * Secondary detection for stateful tools that pass schema comparison.
+     * Catches rug pulls that change content semantically while keeping schema intact.
+     *
+     * Examples detected:
+     * - Weather data -> "Rate limit exceeded, upgrade to premium"
+     * - Stock prices -> "Subscribe for $9.99/month to continue"
+     * - Search results -> "Error: Service unavailable"
+     */
+    detectStatefulContentChange(baseline: unknown, current: unknown): ContentChangeResult;
+    /**
+     * Extract text content from a response for semantic analysis.
+     */
+    private extractTextContent;
+    /**
+     * Check for error-related keywords that indicate service degradation.
+     */
+    private hasErrorKeywords;
+    /**
+     * Check for promotional/monetization keywords that indicate a monetization rug pull.
+     * Enhanced to catch CH4-style rug pulls with limited-time offers, referral codes, etc.
+     *
+     * Combined into single regex for O(text_length) performance instead of O(18 * text_length).
+     */
+    private hasPromotionalKeywords;
+    /**
+     * Check for suspicious URL/link injection that wasn't present initially.
+     * Rug pulls often inject links to external malicious or monetization pages.
+     */
+    private hasSuspiciousLinks;
+}
+//# sourceMappingURL=MutationDetector.d.ts.map

package/client/lib/services/assessment/modules/temporal/MutationDetector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MutationDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/temporal/MutationDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED;;;GAGG;AACH,qBAAa,gBAAgB;IAC3B;;;OAGG;IACH,wBAAwB,CACtB,SAAS,EAAE,kBAAkB,EAAE,GAC9B,kBAAkB,GAAG,IAAI;IAgC5B;;;;;;;;OAQG;IACH,2BAA2B,CACzB,QAAQ,EAAE,OAAO,EACjB,OAAO,EAAE,OAAO,GACf,mBAAmB;IAgDtB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;;;;OAKG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;CAe3B"}

package/client/lib/services/assessment/modules/temporal/MutationDetector.js

@@ -0,0 +1,147 @@
+/**
+ * Mutation Detector Module
+ * Detects definition mutations and content changes for rug pull detection.
+ *
+ * Extracted from TemporalAssessor as part of Issue #106 refactoring.
+ * DVMCP Challenge 4: Tool descriptions that mutate after N calls to inject malicious instructions.
+ */
+/**
+ * Detects definition mutations and semantic content changes in tool responses.
+ * Used to identify "rug pull" attacks where tools change behavior after N invocations.
+ */
+export class MutationDetector {
+    /**
+     * Detect mutations in tool definition across invocation snapshots.
+     * DVMCP Challenge 4: Tool descriptions that mutate after N calls.
+     */
+    detectDefinitionMutation(snapshots) {
+        if (snapshots.length < 2)
+            return null;
+        const baseline = snapshots[0];
+        for (let i = 1; i < snapshots.length; i++) {
+            const current = snapshots[i];
+            // Check if description changed
+            const descriptionChanged = baseline.description !== current.description;
+            // Check if schema changed (deep comparison)
+            const schemaChanged = JSON.stringify(baseline.inputSchema) !==
+                JSON.stringify(current.inputSchema);
+            if (descriptionChanged || schemaChanged) {
+                return {
+                    detectedAt: current.invocation,
+                    baselineDescription: baseline.description,
+                    mutatedDescription: descriptionChanged
+                        ? current.description
+                        : undefined,
+                    baselineSchema: schemaChanged ? baseline.inputSchema : undefined,
+                    mutatedSchema: schemaChanged ? current.inputSchema : undefined,
+                };
+            }
+        }
+        return null;
+    }
+    /**
+     * Secondary detection for stateful tools that pass schema comparison.
+     * Catches rug pulls that change content semantically while keeping schema intact.
+     *
+     * Examples detected:
+     * - Weather data -> "Rate limit exceeded, upgrade to premium"
+     * - Stock prices -> "Subscribe for $9.99/month to continue"
+     * - Search results -> "Error: Service unavailable"
+     */
+    detectStatefulContentChange(baseline, current) {
+        // Convert to strings for content analysis
+        const baselineText = this.extractTextContent(baseline);
+        const currentText = this.extractTextContent(current);
+        // Skip if both are empty or identical
+        if (!baselineText && !currentText)
+            return { detected: false, reason: null };
+        if (baselineText === currentText)
+            return { detected: false, reason: null };
+        // Check 1: Error keywords appearing in later responses (not present in baseline)
+        if (this.hasErrorKeywords(currentText) &&
+            !this.hasErrorKeywords(baselineText)) {
+            return { detected: true, reason: "error_keywords_appeared" };
+        }
+        // Check 2: Promotional/payment keywords (rug pull monetization pattern)
+        if (this.hasPromotionalKeywords(currentText) &&
+            !this.hasPromotionalKeywords(baselineText)) {
+            return { detected: true, reason: "promotional_keywords_appeared" };
+        }
+        // Check 3: Suspicious links injected (URLs not present in baseline)
+        if (this.hasSuspiciousLinks(currentText) &&
+            !this.hasSuspiciousLinks(baselineText)) {
+            return { detected: true, reason: "suspicious_links_injected" };
+        }
+        // Check 4: Significant length DECREASE only (response becoming much shorter)
+        // This catches cases where helpful responses shrink to terse error messages
+        // We don't flag length increase because stateful tools legitimately accumulate data
+        if (baselineText.length > 20) {
+            // Only check if baseline has meaningful content
+            const lengthRatio = currentText.length / baselineText.length;
+            if (lengthRatio < 0.3) {
+                // Response shrunk to <30% of original
+                return { detected: true, reason: "significant_length_decrease" };
+            }
+        }
+        return { detected: false, reason: null };
+    }
+    /**
+     * Extract text content from a response for semantic analysis.
+     */
+    extractTextContent(obj) {
+        if (typeof obj === "string")
+            return obj;
+        if (typeof obj !== "object" || !obj)
+            return "";
+        return JSON.stringify(obj);
+    }
+    /**
+     * Check for error-related keywords that indicate service degradation.
+     */
+    hasErrorKeywords(text) {
+        const patterns = [
+            /\berror\b/i,
+            /\bfail(ed|ure)?\b/i,
+            /\bunavailable\b/i,
+            /\brate\s*limit/i,
+            /\bdenied\b/i,
+            /\bexpired\b/i,
+            /\btimeout\b/i,
+            /\bblocked\b/i,
+        ];
+        return patterns.some((p) => p.test(text));
+    }
+    /**
+     * Check for promotional/monetization keywords that indicate a monetization rug pull.
+     * Enhanced to catch CH4-style rug pulls with limited-time offers, referral codes, etc.
+     *
+     * Combined into single regex for O(text_length) performance instead of O(18 * text_length).
+     */
+    hasPromotionalKeywords(text) {
+        // Single combined regex with alternation - matches all 18 original patterns
+        // Word-boundary patterns: upgrade, premium, discount, exclusive, subscription variants,
+        //   multi-word phrases (pro plan, buy now, limited time/offer, free trial, etc.)
+        // Non-word patterns: price ($X.XX), percentage (N% off/discount)
+        const PROMO_PATTERN = /\b(?:upgrade|premium|discount|exclusive|subscri(?:be|ption)|pro\s*plan|buy\s*now|limited\s*(?:time|offer)|free\s*trial|special\s*offer|referral\s*code|promo\s*code|act\s*now|don't\s*miss|for\s*a\s*fee|pay(?:ment)?\s*(?:required|needed|now))\b|\$\d+(?:\.\d{2})?|\b\d+%\s*(?:off|discount)\b/i;
+        return PROMO_PATTERN.test(text);
+    }
+    /**
+     * Check for suspicious URL/link injection that wasn't present initially.
+     * Rug pulls often inject links to external malicious or monetization pages.
+     */
+    hasSuspiciousLinks(text) {
+        const patterns = [
+            // HTTP(S) URLs
+            /https?:\/\/[^\s]+/i,
+            // Markdown links
+            /\[.{0,50}?\]\(.{0,200}?\)/,
+            // URL shorteners
+            /\b(bit\.ly|tinyurl|t\.co|goo\.gl|ow\.ly|buff\.ly)\b/i,
+            // Click-bait action patterns
+            /\bclick\s*(here|now|this)\b/i,
+            /\bvisit\s*our\s*(website|site|page)\b/i,
+            /\b(sign\s*up|register)\s*(here|now|at)\b/i,
+        ];
+        return patterns.some((p) => p.test(text));
+    }
+}

package/client/lib/services/assessment/modules/temporal/VarianceClassifier.d.ts

@@ -0,0 +1,112 @@
+/**
+ * Variance Classifier Module
+ * Classifies response variance to distinguish legitimate behavior from rug pulls.
+ *
+ * Extracted from TemporalAssessor as part of Issue #106 refactoring.
+ */
+import { VarianceClassification } from "../../../../lib/assessmentTypes.js";
+import { Tool } from "@modelcontextprotocol/sdk/types.js";
+import { MutationDetector } from "./MutationDetector.js";
+/**
+ * Classifies response variance and categorizes tools by their expected behavior patterns.
+ * Used to reduce false positives in temporal assessment by understanding legitimate variance.
+ */
+export declare class VarianceClassifier {
+    private mutationDetector;
+    private readonly DESTRUCTIVE_PATTERNS;
+    /**
+     * Tool name patterns that are expected to have state-dependent responses.
+     * These tools legitimately return different results based on data state,
+     * which is NOT a rug pull vulnerability.
+     *
+     * Includes both:
+     * - READ operations: search, list, query return more results after data stored
+     * - ACCUMULATION operations: add, append, store return accumulated state (counts, IDs)
+     *
+     * NOTE: Does NOT include patterns already in DESTRUCTIVE_PATTERNS (create, write,
+     * insert, etc.) - those need strict comparison to detect real rug pulls.
+     *
+     * Uses word-boundary matching to prevent false matches.
+     * "add_observations" matches "add" but "address_validator" does not.
+     */
+    private readonly STATEFUL_TOOL_PATTERNS;
+    /**
+     * Issue #69: Patterns for resource-creating operations that legitimately return
+     * different IDs/resources each invocation.
+     *
+     * These tools CREATE new resources, so they should use schema comparison + variance
+     * classification rather than exact comparison. Unlike STATEFUL_TOOL_PATTERNS, these
+     * may overlap with DESTRUCTIVE_PATTERNS (e.g., "create", "insert") but should still
+     * use intelligent variance classification to avoid false positives.
+     *
+     * Examples:
+     * - create_billing_product -> new product_id each time (LEGITIMATE variance)
+     * - generate_report -> new report_id each time (LEGITIMATE variance)
+     * - insert_record -> new record_id each time (LEGITIMATE variance)
+     */
+    private readonly RESOURCE_CREATING_PATTERNS;
+    constructor(mutationDetector?: MutationDetector);
+    /**
+     * Normalize response for comparison by removing naturally varying data.
+     * Prevents false positives from timestamps, UUIDs, request IDs, counters, etc.
+     * Handles both direct JSON and nested JSON strings (e.g., content[].text).
+     */
+    normalizeResponse(response: unknown): string;
+    /**
+     * Detect if a tool may have side effects based on naming patterns.
+     */
+    isDestructiveTool(tool: Tool): boolean;
+    /**
+     * Check if a tool is expected to have state-dependent behavior.
+     * Stateful tools (search, list, add, store, etc.) legitimately return different
+     * results as underlying data changes - this is NOT a rug pull.
+     *
+     * Uses word-boundary matching to prevent false positives:
+     * - "add_observations" matches "add"
+     * - "address_validator" does NOT match "add"
+     */
+    isStatefulTool(tool: Tool): boolean;
+    /**
+     * Issue #69: Check if a tool creates new resources that legitimately vary per invocation.
+     * Resource-creating tools return different IDs, creation timestamps, etc.
+     * for each new resource - this is expected behavior, NOT a rug pull.
+     *
+     * Unlike isStatefulTool(), this DOES include patterns that overlap with DESTRUCTIVE_PATTERNS
+     * because resource-creating tools need intelligent variance classification, not exact comparison.
+     *
+     * Uses word-boundary matching like isStatefulTool() to prevent false matches.
+     * - "create_billing_product" matches "create"
+     * - "recreate_view" does NOT match "create" (must be at word boundary)
+     */
+    isResourceCreatingTool(tool: Tool): boolean;
+    /**
+     * Issue #69: Classify variance between two responses to reduce false positives.
+     * Returns LEGITIMATE for expected variance (IDs, timestamps), SUSPICIOUS for
+     * schema changes, and BEHAVIORAL for semantic changes (promotional keywords, errors).
+     */
+    classifyVariance(_tool: Tool, baseline: unknown, current: unknown): VarianceClassification;
+    /**
+     * Issue #69: Check if a field name represents legitimate variance.
+     * Fields containing IDs, timestamps, tokens, etc. are expected to vary.
+     */
+    isLegitimateFieldVariance(field: string): boolean;
+    /**
+     * Issue #69: Find which fields differ between two responses.
+     * Returns field paths that have different values.
+     */
+    findVariedFields(obj1: unknown, obj2: unknown, prefix?: string): string[];
+    /**
+     * Compare response schemas (field names) rather than full content.
+     * Stateful tools may have different values but should have consistent fields.
+     *
+     * For stateful tools, allows schema growth (empty arrays -> populated arrays)
+     * but flags when baseline fields disappear (suspicious behavior).
+     */
+    compareSchemas(response1: unknown, response2: unknown): boolean;
+    /**
+     * Extract all field names from an object recursively.
+     * Handles arrays by sampling multiple elements to detect heterogeneous schemas.
+     */
+    extractFieldNames(obj: unknown, prefix?: string): string[];
+}
+//# sourceMappingURL=VarianceClassifier.d.ts.map

package/client/lib/services/assessment/modules/temporal/VarianceClassifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"VarianceClassifier.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/temporal/VarianceClassifier.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD;;;GAGG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,gBAAgB,CAAmB;IAG3C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAoBnC;IAEF;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAqBrC;IAEF;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAYzC;gBAEU,gBAAgB,CAAC,EAAE,gBAAgB;IAI/C;;;;OAIG;IACH,iBAAiB,CAAC,QAAQ,EAAE,OAAO,GAAG,MAAM;IAiF5C;;OAEG;IACH,iBAAiB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IAKtC;;;;;;;;OAQG;IACH,cAAc,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IAenC;;;;;;;;;;;OAWG;IACH,sBAAsB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IAQ3C;;;;OAIG;IACH,gBAAgB,CACd,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,OAAO,EACjB,OAAO,EAAE,OAAO,GACf,sBAAsB;IAkEzB;;;OAGG;IACH,yBAAyB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAgEjD;;;OAGG;IACH,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,SAAK,GAAG,MAAM,EAAE;IAuDrE;;;;;;OAMG;IACH,cAAc,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,OAAO;IAuB/D;;;OAGG;IACH,iBAAiB,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,SAAK,GAAG,MAAM,EAAE;CAgCvD"}