@bryan-thompson/inspector-assessment 1.35.0 → 1.35.1

package/cli/build/lib/cli-parser.js

@@ -222,6 +222,10 @@ export function parseArgs(argv) {
                 // Issue #136: Auto-enable tiered output when results exceed token threshold
                 options.autoTier = true;
                 break;
+            case "--stage-b-verbose":
+                // Issue #137: Stage B enrichment for Claude semantic analysis
+                options.stageBVerbose = true;
+                break;
             case "--profile": {
                 const profileValue = args[++i];
                 if (!profileValue) {
@@ -392,6 +396,9 @@ Options:
                          tiered: Directory with executive-summary.json, tool-summaries.json, tools/
                          summary-only: Executive summary + tool summaries (no per-tool details)
   --auto-tier            Auto-enable tiered output when results exceed 100K tokens
+  --stage-b-verbose      Enable Stage B enrichment for Claude semantic analysis
+                         Adds evidence samples, payload correlations, and confidence
+                         breakdowns to tiered output (Tier 2 + Tier 3)
   --skip-modules <list>  Skip specific modules (comma-separated)
   --only-modules <list>  Run only specific modules (comma-separated)
   --json                 Output only JSON path (no console summary)

package/cli/build/lib/cli-parserSchemas.js

@@ -121,6 +121,9 @@ export const AssessmentOptionsSchema = z
     profile: AssessmentProfileNameSchema.optional(),
     logLevel: LogLevelSchema.optional(),
     listModules: z.boolean().optional(),
+    outputFormat: OutputFormatSchema.optional(),
+    autoTier: z.boolean().optional(),
+    stageBVerbose: z.boolean().optional(),
 })
     .refine((data) => !(data.profile && (data.skipModules?.length || data.onlyModules?.length)), {
     message: "--profile cannot be used with --skip-modules or --only-modules",

package/cli/build/lib/jsonl-events.js

@@ -258,6 +258,9 @@ export function emitPhaseComplete(phase, duration) {
 /**
  * Emit tiered_output_generated event when tiered output files are created.
  * Includes paths and token estimates for each tier.
+ *
+ * NOTE: This function is duplicated in scripts/lib/jsonl-events.ts.
+ * Keep both implementations in sync. See TieredOutputEvent comment above.
  */
 export function emitTieredOutput(outputDir, outputFormat, tiers) {
     emitJSONL({

package/cli/build/lib/result-output.js

@@ -68,7 +68,10 @@ export function saveResults(serverName, results, options) {
  * @returns Path to output directory
  */
 export function saveTieredResults(serverName, results, options) {
-    const summarizer = new AssessmentSummarizer();
+    // Issue #137: Pass stageBVerbose option to summarizer for Stage B enrichment
+    const summarizer = new AssessmentSummarizer({
+        stageBVerbose: options.stageBVerbose,
+    });
     // Determine output directory
     const defaultDir = `/tmp/inspector-full-assessment-${serverName}`;
     const outputDir = options.outputPath || defaultDir;
@@ -157,7 +160,10 @@ export function saveTieredResults(serverName, results, options) {
  * @returns Path to output directory
  */
 export function saveSummaryOnly(serverName, results, options) {
-    const summarizer = new AssessmentSummarizer();
+    // Issue #137: Pass stageBVerbose option to summarizer for Stage B enrichment
+    const summarizer = new AssessmentSummarizer({
+        stageBVerbose: options.stageBVerbose,
+    });
     // Determine output directory
     const defaultDir = `/tmp/inspector-full-assessment-${serverName}`;
     const outputDir = options.outputPath || defaultDir;

package/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-cli",
-  "version": "1.35.0",
+  "version": "1.35.1",
   "description": "CLI for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",

package/client/dist/assets/{OAuthCallback-DC1cIXHT.js → OAuthCallback-CUf6mvrP.js}

@@ -1,4 +1,4 @@
-import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-Dn2w887x.js";
+import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-uinVACY4.js";
 const OAuthCallback = ({ onConnect }) => {
   const { toast } = useToast();
   const hasProcessedRef = reactExports.useRef(false);

package/client/dist/assets/{OAuthDebugCallback-C3gqJjgQ.js → OAuthDebugCallback-DkfPOggR.js}

@@ -1,4 +1,4 @@
-import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-Dn2w887x.js";
+import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-uinVACY4.js";
 const OAuthDebugCallback = ({ onConnect }) => {
   reactExports.useEffect(() => {
     let isProcessed = false;

package/client/dist/assets/{index-Dn2w887x.js → index-uinVACY4.js}

@@ -16373,7 +16373,7 @@ object({
   token_type_hint: string().optional()
 }).strip();
 const name = "@bryan-thompson/inspector-assessment-client";
-const version$1 = "1.35.0";
+const version$1 = "1.35.1";
 const packageJson = {
   name,
   version: version$1
@@ -48920,7 +48920,7 @@ const useTheme = () => {
     [theme, setThemeWithSideEffect]
   );
 };
-const version = "1.35.0";
+const version = "1.35.1";
 var [createTooltipContext] = createContextScope("Tooltip", [
   createPopperScope
 ]);
@@ -52515,13 +52515,13 @@ const App = () => {
   ) });
   if (window.location.pathname === "/oauth/callback") {
     const OAuthCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthCallback-DC1cIXHT.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthCallback-CUf6mvrP.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
   }
   if (window.location.pathname === "/oauth/callback/debug") {
     const OAuthDebugCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthDebugCallback-C3gqJjgQ.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthDebugCallback-DkfPOggR.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
   }

package/client/dist/index.html

@@ -5,7 +5,7 @@
     <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MCP Inspector</title>
-    <script type="module" crossorigin src="/assets/index-Dn2w887x.js"></script>
+    <script type="module" crossorigin src="/assets/index-uinVACY4.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-BoUA5OL1.css">
   </head>
   <body>

package/client/lib/lib/assessment/summarizer/AssessmentSummarizer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AssessmentSummarizer.d.ts","sourceRoot":"","sources":["../../../../src/lib/assessment/summarizer/AssessmentSummarizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,sBAAsB,EAEvB,MAAM,gBAAgB,CAAC;AAIxB,OAAO,EACL,KAAK,gBAAgB,EAErB,KAAK,uBAAuB,EAE5B,KAAK,gBAAgB,EAEtB,MAAM,SAAS,CAAC;AAMjB;;;;;;;;;GASG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,CAA6B;gBAE/B,MAAM,GAAE,gBAAqB;IAQzC;;;;;;OAMG;IACH,wBAAwB,CAAC,OAAO,EAAE,sBAAsB,GAAG,gBAAgB;IA2B3E;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA8C7B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAmDrC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAO9B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA2B7B;;;;;;OAMG;IACH,qBAAqB,CACnB,OAAO,EAAE,sBAAsB,GAC9B,uBAAuB;IAoC1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA8BxB;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAgCjC;;OAEG;IACH,OAAO,CAAC,YAAY;IAQpB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAgB1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAMzB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA8B7B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAgCnC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;;;;;;OAOG;IACH,iBAAiB,CACf,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,sBAAsB,GAC9B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IA2B1B;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,sBAAsB,GAAG,MAAM,EAAE;CAG3D"}
+{"version":3,"file":"AssessmentSummarizer.d.ts","sourceRoot":"","sources":["../../../../src/lib/assessment/summarizer/AssessmentSummarizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,sBAAsB,EAEvB,MAAM,gBAAgB,CAAC;AAIxB,OAAO,EACL,KAAK,gBAAgB,EAErB,KAAK,uBAAuB,EAE5B,KAAK,gBAAgB,EAEtB,MAAM,SAAS,CAAC;AAUjB;;;;;;;;;GASG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,CAA6B;gBAE/B,MAAM,GAAE,gBAAqB;IAQzC;;;;;;OAMG;IACH,wBAAwB,CAAC,OAAO,EAAE,sBAAsB,GAAG,gBAAgB;IA2B3E;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA8C7B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAmDrC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAO9B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA2B7B;;;;;;OAMG;IACH,qBAAqB,CACnB,OAAO,EAAE,sBAAsB,GAC9B,uBAAuB;IAoC1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA8BxB;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA0CjC;;OAEG;IACH,OAAO,CAAC,YAAY;IAQpB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAgB1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAMzB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA8B7B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAgCnC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;;;;;;OAOG;IACH,iBAAiB,CACf,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,sBAAsB,GAC9B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IA0C1B;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,sBAAsB,GAAG,MAAM,EAAE;CAG3D"}

package/client/lib/lib/assessment/summarizer/AssessmentSummarizer.js

@@ -11,6 +11,7 @@
 import { calculateModuleScore } from "../../moduleScoring.js";
 import { estimateTokens } from "./tokenEstimator.js";
 import { DEFAULT_SUMMARIZER_CONFIG, } from "./types.js";
+import { buildToolSummaryStageBEnrichment, buildToolDetailStageBEnrichment, } from "./stageBEnrichmentBuilder.js";
 // ============================================================================
 // Assessment Summarizer Class
 // ============================================================================
@@ -303,6 +304,11 @@ export class AssessmentSummarizer {
             hasAnnotations: annotationInfo.hasAnnotations,
             annotationStatus: annotationInfo.status,
         };
+        // Issue #137: Add Stage B enrichment if enabled
+        if (this.config.stageBVerbose) {
+            const allTests = results.security?.promptInjectionTests ?? [];
+            summary.stageBEnrichment = buildToolSummaryStageBEnrichment(toolName, allTests, 3);
+        }
         summary.estimatedTokens = estimateTokens(summary);
         return summary;
     }
@@ -413,7 +419,7 @@ export class AssessmentSummarizer {
         const securityTests = this.getToolTests(toolName, results);
         const functionalityResult = results.functionality?.toolResults?.find((r) => r.toolName === toolName);
         const annotationResult = results.toolAnnotations?.toolResults?.find((r) => r.toolName === toolName);
-        return {
+        const detail = {
             toolName,
             extractedAt: new Date().toISOString(),
             security: {
@@ -429,6 +435,13 @@ export class AssessmentSummarizer {
                 annotations: annotationResult,
             }),
         };
+        // Issue #137: Add Stage B enrichment for Tier 3 if enabled
+        if (this.config.stageBVerbose) {
+            const allTests = results.security?.promptInjectionTests ?? [];
+            const aupViolations = results.aupCompliance?.violations;
+            detail.stageBEnrichment = buildToolDetailStageBEnrichment(toolName, allTests, annotationResult, aupViolations, 50);
+        }
+        return detail;
     }
     /**
      * Get all tool names for Tier 3 file generation.

package/client/lib/lib/assessment/summarizer/index.d.ts

@@ -5,11 +5,15 @@
  * LLM context windows.
  *
  * Issue #136: Tiered output strategy for large assessments
+ * Issue #137: Stage B enrichment for Claude semantic analysis
  *
  * @module assessment/summarizer
  */
 export type { OutputFormat, ToolRiskLevel, ExecutiveSummary, ToolSummary, ToolSummariesCollection, ToolDetailReference, TieredOutput, SummarizerConfig, } from "./types.js";
 export { DEFAULT_SUMMARIZER_CONFIG } from "./types.js";
+export type { FindingEvidence, PayloadCorrelation, ToolSummaryStageBEnrichment, ToolDetailStageBEnrichment, StageBEnrichment, } from "./stageBTypes.js";
+export { STAGE_B_ENRICHMENT_VERSION, DEFAULT_TIER2_MAX_SAMPLES, DEFAULT_TIER3_MAX_CORRELATIONS, MAX_RESPONSE_LENGTH, MAX_CONTEXT_WINDOW, } from "./stageBTypes.js";
+export { buildToolSummaryStageBEnrichment, buildToolDetailStageBEnrichment, } from "./stageBEnrichmentBuilder.js";
 export { estimateTokens, estimateJsonFileTokens, shouldAutoTier, formatTokenEstimate, estimateSectionTokens, getTopSections, } from "./tokenEstimator.js";
 export { AssessmentSummarizer } from "./AssessmentSummarizer.js";
 //# sourceMappingURL=index.d.ts.map

package/client/lib/lib/assessment/summarizer/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/assessment/summarizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,mBAAmB,EACnB,YAAY,EACZ,gBAAgB,GACjB,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAGpD,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,cAAc,EACd,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,GACf,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/lib/assessment/summarizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,YAAY,EACV,YAAY,EACZ,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,uBAAuB,EACvB,mBAAmB,EACnB,YAAY,EACZ,gBAAgB,GACjB,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAGpD,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,0BAA0B,EAC1B,yBAAyB,EACzB,8BAA8B,EAC9B,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gCAAgC,EAChC,+BAA+B,GAChC,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,cAAc,EACd,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,GACf,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC"}

package/client/lib/lib/assessment/summarizer/index.js

@@ -5,10 +5,14 @@
  * LLM context windows.
  *
  * Issue #136: Tiered output strategy for large assessments
+ * Issue #137: Stage B enrichment for Claude semantic analysis
  *
  * @module assessment/summarizer
  */
 export { DEFAULT_SUMMARIZER_CONFIG } from "./types.js";
+export { STAGE_B_ENRICHMENT_VERSION, DEFAULT_TIER2_MAX_SAMPLES, DEFAULT_TIER3_MAX_CORRELATIONS, MAX_RESPONSE_LENGTH, MAX_CONTEXT_WINDOW, } from "./stageBTypes.js";
+// Stage B Enrichment Builders (Issue #137)
+export { buildToolSummaryStageBEnrichment, buildToolDetailStageBEnrichment, } from "./stageBEnrichmentBuilder.js";
 // Token estimation utilities
 export { estimateTokens, estimateJsonFileTokens, shouldAutoTier, formatTokenEstimate, estimateSectionTokens, getTopSections, } from "./tokenEstimator.js";
 // Main summarizer class

package/client/lib/lib/assessment/summarizer/stageBEnrichmentBuilder.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Stage B Enrichment Builder
+ *
+ * Functions to build Stage B enrichment data from assessment results.
+ * Extracts evidence, correlations, and confidence details for Claude
+ * semantic analysis.
+ *
+ * Issue #137: Stage A data enrichment for Stage B Claude analysis
+ *
+ * @module assessment/summarizer/stageBEnrichmentBuilder
+ */
+import type { SecurityTestResult } from "../resultTypes.js";
+import type { AUPViolation } from "../extendedTypes.js";
+import type { EnhancedToolAnnotationResult } from "../../../services/assessment/modules/annotations/types.js";
+import { type ToolSummaryStageBEnrichment, type ToolDetailStageBEnrichment } from "./stageBTypes.js";
+/**
+ * Build Stage B enrichment for Tier 2 tool summaries.
+ *
+ * @param toolName - Name of the tool
+ * @param tests - Security test results for this tool
+ * @param maxSamples - Maximum evidence samples to include
+ * @returns Tool summary Stage B enrichment
+ */
+export declare function buildToolSummaryStageBEnrichment(toolName: string, tests: SecurityTestResult[], maxSamples?: number): ToolSummaryStageBEnrichment;
+/**
+ * Build Stage B enrichment for Tier 3 per-tool detail files.
+ *
+ * @param toolName - Name of the tool
+ * @param tests - Security test results for this tool
+ * @param annotationResult - Tool annotation result (if available)
+ * @param aupViolations - AUP violations for this tool (if any)
+ * @param maxCorrelations - Maximum correlations to include
+ * @returns Tool detail Stage B enrichment
+ */
+export declare function buildToolDetailStageBEnrichment(toolName: string, tests: SecurityTestResult[], annotationResult?: EnhancedToolAnnotationResult, aupViolations?: AUPViolation[], maxCorrelations?: number): ToolDetailStageBEnrichment;
+//# sourceMappingURL=stageBEnrichmentBuilder.d.ts.map

package/client/lib/lib/assessment/summarizer/stageBEnrichmentBuilder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stageBEnrichmentBuilder.d.ts","sourceRoot":"","sources":["../../../../src/lib/assessment/summarizer/stageBEnrichmentBuilder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,wDAAwD,CAAC;AAC3G,OAAO,EAGL,KAAK,2BAA2B,EAChC,KAAK,0BAA0B,EAKhC,MAAM,eAAe,CAAC;AA6HvB;;;;;;;GAOG;AACH,wBAAgB,gCAAgC,CAC9C,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,kBAAkB,EAAE,EAC3B,UAAU,GAAE,MAAkC,GAC7C,2BAA2B,CA6C7B;AAMD;;;;;;;;;GASG;AACH,wBAAgB,+BAA+B,CAC7C,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,kBAAkB,EAAE,EAC3B,gBAAgB,CAAC,EAAE,4BAA4B,EAC/C,aAAa,CAAC,EAAE,YAAY,EAAE,EAC9B,eAAe,GAAE,MAAuC,GACvD,0BAA0B,CA4I5B"}

package/client/lib/lib/assessment/summarizer/stageBEnrichmentBuilder.js

@@ -0,0 +1,282 @@
+/**
+ * Stage B Enrichment Builder
+ *
+ * Functions to build Stage B enrichment data from assessment results.
+ * Extracts evidence, correlations, and confidence details for Claude
+ * semantic analysis.
+ *
+ * Issue #137: Stage A data enrichment for Stage B Claude analysis
+ *
+ * @module assessment/summarizer/stageBEnrichmentBuilder
+ */
+import { DEFAULT_TIER2_MAX_SAMPLES, DEFAULT_TIER3_MAX_CORRELATIONS, MAX_RESPONSE_LENGTH, MAX_CONTEXT_WINDOW, } from "./stageBTypes.js";
+// ============================================================================
+// Helper Functions
+// ============================================================================
+/**
+ * Truncate a string to a maximum length, adding ellipsis if truncated.
+ */
+function truncate(str, maxLength) {
+    if (!str)
+        return "";
+    if (str.length <= maxLength)
+        return str;
+    return str.slice(0, maxLength - 3) + "...";
+}
+/**
+ * Map test result to classification.
+ */
+function classifyTestResult(test) {
+    if (test.connectionError)
+        return "error";
+    if (test.testReliability === "failed")
+        return "error";
+    if (test.vulnerable)
+        return "vulnerable";
+    return "safe";
+}
+/**
+ * Convert SecurityTestResult to PayloadCorrelation.
+ */
+function testToCorrelation(test) {
+    return {
+        inputPayload: truncate(test.payload, MAX_RESPONSE_LENGTH),
+        outputResponse: truncate(test.response, MAX_RESPONSE_LENGTH),
+        classification: classifyTestResult(test),
+        matchedPatterns: test.vulnerable ? [test.testName] : [],
+        toolName: test.toolName || "unknown",
+        testName: test.testName,
+        confidence: test.confidence,
+    };
+}
+/**
+ * Convert test result to finding evidence.
+ */
+function testToEvidence(test) {
+    const contextSource = test.evidence || test.response;
+    const location = test.evidence
+        ? "evidence"
+        : test.response
+            ? "response"
+            : "unknown";
+    return {
+        raw: truncate(test.payload, MAX_RESPONSE_LENGTH),
+        context: truncate(contextSource, MAX_CONTEXT_WINDOW),
+        location,
+    };
+}
+/**
+ * Calculate confidence distribution from tests.
+ */
+function calculateConfidenceBreakdown(tests) {
+    const breakdown = { high: 0, medium: 0, low: 0 };
+    for (const test of tests) {
+        if (test.vulnerable) {
+            const confidence = test.confidence || "medium";
+            breakdown[confidence]++;
+        }
+    }
+    return breakdown;
+}
+/**
+ * Calculate pattern distribution from tests.
+ */
+function calculatePatternDistribution(tests) {
+    const distribution = {};
+    for (const test of tests) {
+        if (test.vulnerable) {
+            const pattern = test.testName;
+            distribution[pattern] = (distribution[pattern] || 0) + 1;
+        }
+    }
+    return distribution;
+}
+/**
+ * Find the highest risk test (most concerning vulnerability).
+ */
+function findHighestRiskTest(tests) {
+    const vulnerableTests = tests.filter((t) => t.vulnerable);
+    if (vulnerableTests.length === 0)
+        return undefined;
+    // Prioritize by risk level, then by confidence
+    const riskOrder = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
+    const confidenceOrder = { high: 0, medium: 1, low: 2 };
+    return vulnerableTests.sort((a, b) => {
+        const riskDiff = (riskOrder[a.riskLevel] ?? 4) - (riskOrder[b.riskLevel] ?? 4);
+        if (riskDiff !== 0)
+            return riskDiff;
+        return ((confidenceOrder[a.confidence || "medium"] ?? 1) -
+            (confidenceOrder[b.confidence || "medium"] ?? 1));
+    })[0];
+}
+// ============================================================================
+// Tier 2: Tool Summary Enrichment Builder
+// ============================================================================
+/**
+ * Build Stage B enrichment for Tier 2 tool summaries.
+ *
+ * @param toolName - Name of the tool
+ * @param tests - Security test results for this tool
+ * @param maxSamples - Maximum evidence samples to include
+ * @returns Tool summary Stage B enrichment
+ */
+export function buildToolSummaryStageBEnrichment(toolName, tests, maxSamples = DEFAULT_TIER2_MAX_SAMPLES) {
+    // Filter to only tests for this tool
+    const toolTests = tests.filter((t) => t.toolName === toolName);
+    // Get vulnerable tests for evidence sampling
+    const vulnerableTests = toolTests.filter((t) => t.vulnerable);
+    // Sample evidence from highest-risk vulnerabilities
+    const sortedVulnerable = [...vulnerableTests].sort((a, b) => {
+        const riskOrder = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
+        return (riskOrder[a.riskLevel] ?? 4) - (riskOrder[b.riskLevel] ?? 4);
+    });
+    const sampleEvidence = sortedVulnerable
+        .slice(0, maxSamples)
+        .map(testToEvidence);
+    // Calculate confidence breakdown
+    const confidenceBreakdown = calculateConfidenceBreakdown(toolTests);
+    // Find highest risk correlation
+    const highestRiskTest = findHighestRiskTest(toolTests);
+    const highestRiskCorrelation = highestRiskTest
+        ? testToCorrelation(highestRiskTest)
+        : undefined;
+    // Calculate pattern distribution
+    const patternDistribution = calculatePatternDistribution(toolTests);
+    // Check for sanitization detection
+    const sanitizationDetected = toolTests.some((t) => t.sanitizationDetected);
+    // Check auth failure mode
+    const authTests = toolTests.filter((t) => t.authFailureMode);
+    const authFailureMode = authTests.length > 0 ? authTests[0].authFailureMode : undefined;
+    return {
+        sampleEvidence,
+        confidenceBreakdown,
+        highestRiskCorrelation,
+        patternDistribution,
+        sanitizationDetected: sanitizationDetected || undefined,
+        authFailureMode,
+    };
+}
+// ============================================================================
+// Tier 3: Tool Detail Enrichment Builder
+// ============================================================================
+/**
+ * Build Stage B enrichment for Tier 3 per-tool detail files.
+ *
+ * @param toolName - Name of the tool
+ * @param tests - Security test results for this tool
+ * @param annotationResult - Tool annotation result (if available)
+ * @param aupViolations - AUP violations for this tool (if any)
+ * @param maxCorrelations - Maximum correlations to include
+ * @returns Tool detail Stage B enrichment
+ */
+export function buildToolDetailStageBEnrichment(toolName, tests, annotationResult, aupViolations, maxCorrelations = DEFAULT_TIER3_MAX_CORRELATIONS) {
+    // Filter to only tests for this tool
+    const toolTests = tests.filter((t) => t.toolName === toolName);
+    // Build payload correlations (prioritize vulnerable, then errors, then safe)
+    const sortedTests = [...toolTests].sort((a, b) => {
+        if (a.vulnerable && !b.vulnerable)
+            return -1;
+        if (!a.vulnerable && b.vulnerable)
+            return 1;
+        if (a.connectionError && !b.connectionError)
+            return -1;
+        if (!a.connectionError && b.connectionError)
+            return 1;
+        return 0;
+    });
+    const payloadCorrelations = sortedTests
+        .slice(0, maxCorrelations)
+        .map(testToCorrelation);
+    // Pattern distribution
+    const patternDistribution = calculatePatternDistribution(toolTests);
+    // Build context windows from evidence
+    const contextWindows = {};
+    for (const test of toolTests.filter((t) => t.vulnerable && t.evidence)) {
+        const key = `${test.testName}:${test.payload.slice(0, 30)}`;
+        if (!contextWindows[key]) {
+            contextWindows[key] = truncate(test.evidence, MAX_CONTEXT_WINDOW);
+        }
+    }
+    // Calculate confidence details
+    const confidenceBreakdown = calculateConfidenceBreakdown(toolTests);
+    const totalVulnerable = confidenceBreakdown.high +
+        confidenceBreakdown.medium +
+        confidenceBreakdown.low;
+    const overallConfidence = totalVulnerable > 0
+        ? Math.round(((confidenceBreakdown.high * 100 +
+            confidenceBreakdown.medium * 70 +
+            confidenceBreakdown.low * 40) /
+            totalVulnerable /
+            100) *
+            100)
+        : 100; // 100% confidence if no vulnerabilities
+    const confidenceDetails = {
+        overall: overallConfidence,
+        byCategory: patternDistribution,
+        requiresManualReview: toolTests.filter((t) => t.requiresManualReview)
+            .length,
+    };
+    // Security details
+    const vulnerableCount = toolTests.filter((t) => t.vulnerable).length;
+    const safeCount = toolTests.filter((t) => !t.vulnerable && !t.connectionError).length;
+    const errorCount = toolTests.filter((t) => t.connectionError).length;
+    // Collect sanitization libraries
+    const sanitizationLibraries = [
+        ...new Set(toolTests.flatMap((t) => t.sanitizationLibraries || []).filter(Boolean)),
+    ];
+    // Auth bypass evidence
+    const authBypassTest = toolTests.find((t) => t.authBypassDetected);
+    const authBypassEvidence = authBypassTest?.authBypassEvidence;
+    const securityDetails = {
+        vulnerableCount,
+        safeCount,
+        errorCount,
+        sanitizationLibraries,
+        authBypassEvidence,
+    };
+    // Annotation details
+    let annotationDetails;
+    if (annotationResult) {
+        annotationDetails = {
+            hasAnnotations: annotationResult.hasAnnotations,
+            alignmentStatus: annotationResult.alignmentStatus,
+            inferredBehavior: annotationResult.inferredBehavior
+                ? {
+                    expectedReadOnly: annotationResult.inferredBehavior.expectedReadOnly,
+                    expectedDestructive: annotationResult.inferredBehavior.expectedDestructive,
+                    reason: annotationResult.inferredBehavior.reason,
+                }
+                : undefined,
+            descriptionPoisoning: annotationResult.descriptionPoisoning
+                ? {
+                    detected: annotationResult.descriptionPoisoning.detected,
+                    patterns: annotationResult.descriptionPoisoning.patterns.map((p) => ({
+                        name: p.name,
+                        evidence: truncate(p.evidence, MAX_CONTEXT_WINDOW),
+                        severity: p.severity,
+                    })),
+                }
+                : undefined,
+        };
+    }
+    // AUP violations for this tool
+    const toolAupViolations = aupViolations
+        ?.filter((v) => v.location?.includes(toolName))
+        .map((v) => ({
+        pattern: v.pattern,
+        matchedText: truncate(v.matchedText, MAX_CONTEXT_WINDOW),
+        severity: v.severity,
+        location: v.location,
+    }));
+    return {
+        payloadCorrelations,
+        patternDistribution,
+        contextWindows,
+        confidenceDetails,
+        securityDetails,
+        annotationDetails,
+        aupViolations: toolAupViolations && toolAupViolations.length > 0
+            ? toolAupViolations
+            : undefined,
+    };
+}