@bryan-thompson/inspector-assessment 1.35.0 → 1.35.2

package/client/lib/lib/assessment/summarizer/stageBEnrichmentBuilder.js

@@ -0,0 +1,282 @@
+/**
+ * Stage B Enrichment Builder
+ *
+ * Functions to build Stage B enrichment data from assessment results.
+ * Extracts evidence, correlations, and confidence details for Claude
+ * semantic analysis.
+ *
+ * Issue #137: Stage A data enrichment for Stage B Claude analysis
+ *
+ * @module assessment/summarizer/stageBEnrichmentBuilder
+ */
+import { DEFAULT_TIER2_MAX_SAMPLES, DEFAULT_TIER3_MAX_CORRELATIONS, MAX_RESPONSE_LENGTH, MAX_CONTEXT_WINDOW, } from "./stageBTypes.js";
+// ============================================================================
+// Helper Functions
+// ============================================================================
+/**
+ * Truncate a string to a maximum length, adding ellipsis if truncated.
+ */
+function truncate(str, maxLength) {
+    if (!str)
+        return "";
+    if (str.length <= maxLength)
+        return str;
+    return str.slice(0, maxLength - 3) + "...";
+}
+/**
+ * Map test result to classification.
+ */
+function classifyTestResult(test) {
+    if (test.connectionError)
+        return "error";
+    if (test.testReliability === "failed")
+        return "error";
+    if (test.vulnerable)
+        return "vulnerable";
+    return "safe";
+}
+/**
+ * Convert SecurityTestResult to PayloadCorrelation.
+ */
+function testToCorrelation(test) {
+    return {
+        inputPayload: truncate(test.payload, MAX_RESPONSE_LENGTH),
+        outputResponse: truncate(test.response, MAX_RESPONSE_LENGTH),
+        classification: classifyTestResult(test),
+        matchedPatterns: test.vulnerable ? [test.testName] : [],
+        toolName: test.toolName || "unknown",
+        testName: test.testName,
+        confidence: test.confidence,
+    };
+}
+/**
+ * Convert test result to finding evidence.
+ */
+function testToEvidence(test) {
+    const contextSource = test.evidence || test.response;
+    const location = test.evidence
+        ? "evidence"
+        : test.response
+            ? "response"
+            : "unknown";
+    return {
+        raw: truncate(test.payload, MAX_RESPONSE_LENGTH),
+        context: truncate(contextSource, MAX_CONTEXT_WINDOW),
+        location,
+    };
+}
+/**
+ * Calculate confidence distribution from tests.
+ */
+function calculateConfidenceBreakdown(tests) {
+    const breakdown = { high: 0, medium: 0, low: 0 };
+    for (const test of tests) {
+        if (test.vulnerable) {
+            const confidence = test.confidence || "medium";
+            breakdown[confidence]++;
+        }
+    }
+    return breakdown;
+}
+/**
+ * Calculate pattern distribution from tests.
+ */
+function calculatePatternDistribution(tests) {
+    const distribution = {};
+    for (const test of tests) {
+        if (test.vulnerable) {
+            const pattern = test.testName;
+            distribution[pattern] = (distribution[pattern] || 0) + 1;
+        }
+    }
+    return distribution;
+}
+/**
+ * Find the highest risk test (most concerning vulnerability).
+ */
+function findHighestRiskTest(tests) {
+    const vulnerableTests = tests.filter((t) => t.vulnerable);
+    if (vulnerableTests.length === 0)
+        return undefined;
+    // Prioritize by risk level, then by confidence
+    const riskOrder = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
+    const confidenceOrder = { high: 0, medium: 1, low: 2 };
+    return vulnerableTests.sort((a, b) => {
+        const riskDiff = (riskOrder[a.riskLevel] ?? 4) - (riskOrder[b.riskLevel] ?? 4);
+        if (riskDiff !== 0)
+            return riskDiff;
+        return ((confidenceOrder[a.confidence || "medium"] ?? 1) -
+            (confidenceOrder[b.confidence || "medium"] ?? 1));
+    })[0];
+}
+// ============================================================================
+// Tier 2: Tool Summary Enrichment Builder
+// ============================================================================
+/**
+ * Build Stage B enrichment for Tier 2 tool summaries.
+ *
+ * @param toolName - Name of the tool
+ * @param tests - Security test results for this tool
+ * @param maxSamples - Maximum evidence samples to include
+ * @returns Tool summary Stage B enrichment
+ */
+export function buildToolSummaryStageBEnrichment(toolName, tests, maxSamples = DEFAULT_TIER2_MAX_SAMPLES) {
+    // Filter to only tests for this tool
+    const toolTests = tests.filter((t) => t.toolName === toolName);
+    // Get vulnerable tests for evidence sampling
+    const vulnerableTests = toolTests.filter((t) => t.vulnerable);
+    // Sample evidence from highest-risk vulnerabilities
+    const sortedVulnerable = [...vulnerableTests].sort((a, b) => {
+        const riskOrder = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
+        return (riskOrder[a.riskLevel] ?? 4) - (riskOrder[b.riskLevel] ?? 4);
+    });
+    const sampleEvidence = sortedVulnerable
+        .slice(0, maxSamples)
+        .map(testToEvidence);
+    // Calculate confidence breakdown
+    const confidenceBreakdown = calculateConfidenceBreakdown(toolTests);
+    // Find highest risk correlation
+    const highestRiskTest = findHighestRiskTest(toolTests);
+    const highestRiskCorrelation = highestRiskTest
+        ? testToCorrelation(highestRiskTest)
+        : undefined;
+    // Calculate pattern distribution
+    const patternDistribution = calculatePatternDistribution(toolTests);
+    // Check for sanitization detection
+    const sanitizationDetected = toolTests.some((t) => t.sanitizationDetected);
+    // Check auth failure mode
+    const authTests = toolTests.filter((t) => t.authFailureMode);
+    const authFailureMode = authTests.length > 0 ? authTests[0].authFailureMode : undefined;
+    return {
+        sampleEvidence,
+        confidenceBreakdown,
+        highestRiskCorrelation,
+        patternDistribution,
+        sanitizationDetected: sanitizationDetected || undefined,
+        authFailureMode,
+    };
+}
+// ============================================================================
+// Tier 3: Tool Detail Enrichment Builder
+// ============================================================================
+/**
+ * Build Stage B enrichment for Tier 3 per-tool detail files.
+ *
+ * @param toolName - Name of the tool
+ * @param tests - Security test results for this tool
+ * @param annotationResult - Tool annotation result (if available)
+ * @param aupViolations - AUP violations for this tool (if any)
+ * @param maxCorrelations - Maximum correlations to include
+ * @returns Tool detail Stage B enrichment
+ */
+export function buildToolDetailStageBEnrichment(toolName, tests, annotationResult, aupViolations, maxCorrelations = DEFAULT_TIER3_MAX_CORRELATIONS) {
+    // Filter to only tests for this tool
+    const toolTests = tests.filter((t) => t.toolName === toolName);
+    // Build payload correlations (prioritize vulnerable, then errors, then safe)
+    const sortedTests = [...toolTests].sort((a, b) => {
+        if (a.vulnerable && !b.vulnerable)
+            return -1;
+        if (!a.vulnerable && b.vulnerable)
+            return 1;
+        if (a.connectionError && !b.connectionError)
+            return -1;
+        if (!a.connectionError && b.connectionError)
+            return 1;
+        return 0;
+    });
+    const payloadCorrelations = sortedTests
+        .slice(0, maxCorrelations)
+        .map(testToCorrelation);
+    // Pattern distribution
+    const patternDistribution = calculatePatternDistribution(toolTests);
+    // Build context windows from evidence
+    const contextWindows = {};
+    for (const test of toolTests.filter((t) => t.vulnerable && t.evidence)) {
+        const key = `${test.testName}:${test.payload.slice(0, 30)}`;
+        if (!contextWindows[key]) {
+            contextWindows[key] = truncate(test.evidence, MAX_CONTEXT_WINDOW);
+        }
+    }
+    // Calculate confidence details
+    const confidenceBreakdown = calculateConfidenceBreakdown(toolTests);
+    const totalVulnerable = confidenceBreakdown.high +
+        confidenceBreakdown.medium +
+        confidenceBreakdown.low;
+    const overallConfidence = totalVulnerable > 0
+        ? Math.round(((confidenceBreakdown.high * 100 +
+            confidenceBreakdown.medium * 70 +
+            confidenceBreakdown.low * 40) /
+            totalVulnerable /
+            100) *
+            100)
+        : 100; // 100% confidence if no vulnerabilities
+    const confidenceDetails = {
+        overall: overallConfidence,
+        byCategory: patternDistribution,
+        requiresManualReview: toolTests.filter((t) => t.requiresManualReview)
+            .length,
+    };
+    // Security details
+    const vulnerableCount = toolTests.filter((t) => t.vulnerable).length;
+    const safeCount = toolTests.filter((t) => !t.vulnerable && !t.connectionError).length;
+    const errorCount = toolTests.filter((t) => t.connectionError).length;
+    // Collect sanitization libraries
+    const sanitizationLibraries = [
+        ...new Set(toolTests.flatMap((t) => t.sanitizationLibraries || []).filter(Boolean)),
+    ];
+    // Auth bypass evidence
+    const authBypassTest = toolTests.find((t) => t.authBypassDetected);
+    const authBypassEvidence = authBypassTest?.authBypassEvidence;
+    const securityDetails = {
+        vulnerableCount,
+        safeCount,
+        errorCount,
+        sanitizationLibraries,
+        authBypassEvidence,
+    };
+    // Annotation details
+    let annotationDetails;
+    if (annotationResult) {
+        annotationDetails = {
+            hasAnnotations: annotationResult.hasAnnotations,
+            alignmentStatus: annotationResult.alignmentStatus,
+            inferredBehavior: annotationResult.inferredBehavior
+                ? {
+                    expectedReadOnly: annotationResult.inferredBehavior.expectedReadOnly,
+                    expectedDestructive: annotationResult.inferredBehavior.expectedDestructive,
+                    reason: annotationResult.inferredBehavior.reason,
+                }
+                : undefined,
+            descriptionPoisoning: annotationResult.descriptionPoisoning
+                ? {
+                    detected: annotationResult.descriptionPoisoning.detected,
+                    patterns: annotationResult.descriptionPoisoning.patterns.map((p) => ({
+                        name: p.name,
+                        evidence: truncate(p.evidence, MAX_CONTEXT_WINDOW),
+                        severity: p.severity,
+                    })),
+                }
+                : undefined,
+        };
+    }
+    // AUP violations for this tool
+    const toolAupViolations = aupViolations
+        ?.filter((v) => v.location?.includes(toolName))
+        .map((v) => ({
+        pattern: v.pattern,
+        matchedText: truncate(v.matchedText, MAX_CONTEXT_WINDOW),
+        severity: v.severity,
+        location: v.location,
+    }));
+    return {
+        payloadCorrelations,
+        patternDistribution,
+        contextWindows,
+        confidenceDetails,
+        securityDetails,
+        annotationDetails,
+        aupViolations: toolAupViolations && toolAupViolations.length > 0
+            ? toolAupViolations
+            : undefined,
+    };
+}

package/client/lib/lib/assessment/summarizer/stageBTypes.d.ts

@@ -0,0 +1,154 @@
+/**
+ * Stage B Enrichment Types
+ *
+ * Type definitions for Stage B (Claude semantic analysis) data enrichment.
+ * These types extend the tiered output with evidence, correlations, and
+ * confidence details for better LLM semantic analysis.
+ *
+ * Issue #137: Stage A data enrichment for Stage B Claude analysis
+ *
+ * @module assessment/summarizer/stageBTypes
+ */
+/**
+ * Evidence structure for individual findings.
+ * Provides raw data and context for Claude to analyze.
+ */
+export interface FindingEvidence {
+    /** Actual data that triggered the finding (payload or matched text) */
+    raw: string;
+    /** Surrounding context for better understanding */
+    context: string;
+    /** Location in response (e.g., "response.content[0].text", "description") */
+    location: string;
+}
+/**
+ * Payload correlation linking input to output.
+ * Enables Claude to understand cause-effect relationships.
+ */
+export interface PayloadCorrelation {
+    /** The test payload that was sent */
+    inputPayload: string;
+    /** The response received (may be truncated) */
+    outputResponse: string;
+    /** Classification of the result */
+    classification: "vulnerable" | "safe" | "error" | "timeout";
+    /** Patterns that matched this response */
+    matchedPatterns: string[];
+    /** Tool this correlation belongs to */
+    toolName: string;
+    /** Test name/pattern that triggered this */
+    testName: string;
+    /** Confidence level of the detection */
+    confidence?: "high" | "medium" | "low";
+}
+/**
+ * Stage B enrichment for Tier 2 tool summaries.
+ * Provides sampled evidence for quick Claude analysis.
+ */
+export interface ToolSummaryStageBEnrichment {
+    /** Top evidence samples for this tool (limited for token efficiency) */
+    sampleEvidence: FindingEvidence[];
+    /** Confidence breakdown by pattern type */
+    confidenceBreakdown: {
+        high: number;
+        medium: number;
+        low: number;
+    };
+    /** Highest risk correlation for this tool (if vulnerable) */
+    highestRiskCorrelation?: PayloadCorrelation;
+    /** Pattern distribution showing which attack types were detected */
+    patternDistribution: Record<string, number>;
+    /** Whether this tool has sanitization detected */
+    sanitizationDetected?: boolean;
+    /** Auth bypass mode if detected */
+    authFailureMode?: "FAIL_OPEN" | "FAIL_CLOSED" | "UNKNOWN";
+}
+/**
+ * Stage B enrichment for Tier 3 per-tool detail files.
+ * Provides comprehensive evidence for deep-dive analysis.
+ */
+export interface ToolDetailStageBEnrichment {
+    /** All payload correlations for this tool */
+    payloadCorrelations: PayloadCorrelation[];
+    /** Full pattern distribution with counts */
+    patternDistribution: Record<string, number>;
+    /** Context windows for key locations */
+    contextWindows: Record<string, string>;
+    /** Detailed confidence breakdown */
+    confidenceDetails: {
+        /** Overall confidence score (0-100) */
+        overall: number;
+        /** Confidence by attack category */
+        byCategory: Record<string, number>;
+        /** Number of tests with manual review recommended */
+        requiresManualReview: number;
+    };
+    /** Security-specific details */
+    securityDetails: {
+        /** Total vulnerabilities found */
+        vulnerableCount: number;
+        /** Total safe tests */
+        safeCount: number;
+        /** Tests with connection errors */
+        errorCount: number;
+        /** Sanitization libraries detected */
+        sanitizationLibraries: string[];
+        /** Auth bypass evidence if detected */
+        authBypassEvidence?: string;
+    };
+    /** Annotation alignment details (if available) */
+    annotationDetails?: {
+        /** Whether tool has annotations */
+        hasAnnotations: boolean;
+        /** Alignment status */
+        alignmentStatus?: "ALIGNED" | "MISALIGNED" | "MISSING";
+        /** Inferred behavior from patterns */
+        inferredBehavior?: {
+            expectedReadOnly: boolean;
+            expectedDestructive: boolean;
+            reason: string;
+        };
+        /** Description poisoning if detected */
+        descriptionPoisoning?: {
+            detected: boolean;
+            patterns: Array<{
+                name: string;
+                evidence: string;
+                severity: "LOW" | "MEDIUM" | "HIGH";
+            }>;
+        };
+    };
+    /** AUP violations for this tool (if any) */
+    aupViolations?: Array<{
+        pattern: string;
+        matchedText: string;
+        severity: string;
+        location: string;
+    }>;
+}
+/**
+ * Combined Stage B enrichment that can be attached to results.
+ */
+export interface StageBEnrichment {
+    /** Enrichment version for compatibility tracking */
+    version: number;
+    /** Whether enrichment was enabled */
+    enabled: boolean;
+    /** Generation timestamp */
+    generatedAt: string;
+    /** Tier 2 enrichment (tool summary level) */
+    tier2?: ToolSummaryStageBEnrichment;
+    /** Tier 3 enrichment (tool detail level) */
+    tier3?: ToolDetailStageBEnrichment;
+}
+/** Current Stage B enrichment version */
+export declare const STAGE_B_ENRICHMENT_VERSION = 1;
+/** Default maximum samples for Tier 2 evidence */
+export declare const DEFAULT_TIER2_MAX_SAMPLES = 3;
+/** Default maximum correlations for Tier 3 */
+export declare const DEFAULT_TIER3_MAX_CORRELATIONS = 50;
+/** Maximum response length to include (prevents token explosion) */
+export declare const MAX_RESPONSE_LENGTH = 500;
+/** Maximum context window size (chars before/after) */
+export declare const MAX_CONTEXT_WINDOW = 200;
+//# sourceMappingURL=stageBTypes.d.ts.map

package/client/lib/lib/assessment/summarizer/stageBTypes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stageBTypes.d.ts","sourceRoot":"","sources":["../../../../src/lib/assessment/summarizer/stageBTypes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,uEAAuE;IACvE,GAAG,EAAE,MAAM,CAAC;IACZ,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC;IAChB,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,cAAc,EAAE,MAAM,CAAC;IACvB,mCAAmC;IACnC,cAAc,EAAE,YAAY,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;IAC5D,0CAA0C;IAC1C,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACxC;AAMD;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,wEAAwE;IACxE,cAAc,EAAE,eAAe,EAAE,CAAC;IAElC,2CAA2C;IAC3C,mBAAmB,EAAE;QACnB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IAEF,6DAA6D;IAC7D,sBAAsB,CAAC,EAAE,kBAAkB,CAAC;IAE5C,oEAAoE;IACpE,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE5C,kDAAkD;IAClD,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAE/B,mCAAmC;IACnC,eAAe,CAAC,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;CAC3D;AAMD;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,6CAA6C;IAC7C,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;IAE1C,4CAA4C;IAC5C,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE5C,wCAAwC;IACxC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEvC,oCAAoC;IACpC,iBAAiB,EAAE;QACjB,uCAAuC;QACvC,OAAO,EAAE,MAAM,CAAC;QAChB,oCAAoC;QACpC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnC,qDAAqD;QACrD,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;IAEF,gCAAgC;IAChC,eAAe,EAAE;QACf,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;QACxB,uBAAuB;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,mCAAmC;QACnC,UAAU,EAAE,MAAM,CAAC;QACnB,sCAAsC;QACtC,qBAAqB,EAAE,MAAM,EAAE,CAAC;QAChC,uCAAuC;QACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;IAEF,kDAAkD;IAClD,iBAAiB,CAAC,EAAE;QAClB,mCAAmC;QACnC,cAAc,EAAE,OAAO,CAAC;QACxB,uBAAuB;QACvB,eAAe,CAAC,EAAE,SAAS,GAAG,YAAY,GAAG,SAAS,CAAC;QACvD,sCAAsC;QACtC,gBAAgB,CAAC,EAAE;YACjB,gBAAgB,EAAE,OAAO,CAAC;YAC1B,mBAAmB,EAAE,OAAO,CAAC;YAC7B,MAAM,EAAE,MAAM,CAAC;SAChB,CAAC;QACF,wCAAwC;QACxC,oBAAoB,CAAC,EAAE;YACrB,QAAQ,EAAE,OAAO,CAAC;YAClB,QAAQ,EAAE,KAAK,CAAC;gBACd,IAAI,EAAE,MAAM,CAAC;gBACb,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;aACrC,CAAC,CAAC;SACJ,CAAC;KACH,CAAC;IAEF,4CAA4C;IAC5C,aAAa,CAAC,EAAE,KAAK,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;CACJ;AAMD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,oDAAoD;IACpD,OAAO,EAAE,MAAM,CAAC;IAEhB,qCAAqC;IACrC,OAAO,EAAE,OAAO,CAAC;IAEjB,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IAEpB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,2BAA2B,CAAC;IAEpC,4CAA4C;IAC5C,KAAK,CAAC,EAAE,0BAA0B,CAAC;CACpC;AAMD,yCAAyC;AACzC,eAAO,MAAM,0BAA0B,IAAI,CAAC;AAE5C,kDAAkD;AAClD,eAAO,MAAM,yBAAyB,IAAI,CAAC;AAE3C,8CAA8C;AAC9C,eAAO,MAAM,8BAA8B,KAAK,CAAC;AAEjD,oEAAoE;AACpE,eAAO,MAAM,mBAAmB,MAAM,CAAC;AAEvC,uDAAuD;AACvD,eAAO,MAAM,kBAAkB,MAAM,CAAC"}

package/client/lib/lib/assessment/summarizer/stageBTypes.js

@@ -0,0 +1,24 @@
+/**
+ * Stage B Enrichment Types
+ *
+ * Type definitions for Stage B (Claude semantic analysis) data enrichment.
+ * These types extend the tiered output with evidence, correlations, and
+ * confidence details for better LLM semantic analysis.
+ *
+ * Issue #137: Stage A data enrichment for Stage B Claude analysis
+ *
+ * @module assessment/summarizer/stageBTypes
+ */
+// ============================================================================
+// Constants
+// ============================================================================
+/** Current Stage B enrichment version */
+export const STAGE_B_ENRICHMENT_VERSION = 1;
+/** Default maximum samples for Tier 2 evidence */
+export const DEFAULT_TIER2_MAX_SAMPLES = 3;
+/** Default maximum correlations for Tier 3 */
+export const DEFAULT_TIER3_MAX_CORRELATIONS = 50;
+/** Maximum response length to include (prevents token explosion) */
+export const MAX_RESPONSE_LENGTH = 500;
+/** Maximum context window size (chars before/after) */
+export const MAX_CONTEXT_WINDOW = 200;

package/client/lib/lib/assessment/summarizer/types.d.ts

@@ -9,6 +9,7 @@
  * @module assessment/summarizer/types
  */
 import type { AssessmentStatus } from "../coreTypes.js";
+import type { ToolSummaryStageBEnrichment } from "./stageBTypes.js";
 /**
  * Output format for assessment results.
  * - "full": Complete JSON output (default, existing behavior)
@@ -103,6 +104,8 @@ export interface ToolSummary {
     hasAnnotations: boolean;
     /** Annotation alignment status if available */
     annotationStatus?: "ALIGNED" | "MISALIGNED" | "MISSING";
+    /** Stage B enrichment for Claude semantic analysis (Issue #137) */
+    stageBEnrichment?: ToolSummaryStageBEnrichment;
 }
 /**
  * Collection of tool summaries with aggregate metadata.
@@ -174,6 +177,8 @@ export interface SummarizerConfig {
     autoTierThreshold?: number;
     /** Whether to include tool detail files (Tier 3) */
     includeToolDetails?: boolean;
+    /** Enable Stage B enrichment for Claude semantic analysis (Issue #137) */
+    stageBVerbose?: boolean;
 }
 /**
  * Default summarizer configuration values.

package/client/lib/lib/assessment/summarizer/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/lib/assessment/summarizer/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAMrD;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,QAAQ,GAAG,cAAc,CAAC;AAE9D;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAM/D;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IAEnB,2DAA2D;IAC3D,aAAa,EAAE,gBAAgB,CAAC;IAEhC,uCAAuC;IACvC,YAAY,EAAE,MAAM,CAAC;IAErB,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAElB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAElB,2CAA2C;IAC3C,aAAa,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,cAAc,EAAE,MAAM,CACpB,MAAM,EACN;QACE,MAAM,EAAE,gBAAgB,CAAC;QACzB,KAAK,EAAE,MAAM,CAAC;KACf,CACF,CAAC;IAEF,oDAAoD;IACpD,gBAAgB,EAAE;QAChB,kDAAkD;QAClD,uBAAuB,EAAE,MAAM,CAAC;QAChC,wCAAwC;QACxC,aAAa,EAAE,MAAM,CAAC;QACtB,4CAA4C;QAC5C,WAAW,EAAE,MAAM,CAAC;QACpB,mDAAmD;QACnD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IAEF;;;OAGG;IACH,oBAAoB,EAAE;QACpB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAEF,sDAAsD;IACtD,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,6CAA6C;IAC7C,eAAe,EAAE,MAAM,CAAC;IAExB,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC1B,gCAAgC;IAChC,QAAQ,EAAE,MAAM,CAAC;IAEjB,uDAAuD;IACvD,SAAS,EAAE,aAAa,CAAC;IAEzB,oDAAoD;IACpD,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAElB,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IAEjB,oCAAoC;IACpC,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,6CAA6C;IAC7C,eAAe,EAAE,MAAM,CAAC;IAExB,8CAA8C;IAC9C,cAAc,EAAE,OAAO,CAAC;IAExB,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE,SAAS,GAAG,YAAY,GAAG,SAAS,CAAC;CACzD;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,gCAAgC;IAChC,KAAK,EAAE,WAAW,EAAE,CAAC;IAErB,4BAA4B;IAC5B,UAAU,EAAE,MAAM,CAAC;IAEnB,2BAA2B;IAC3B,SAAS,EAAE;QACT,6CAA6C;QAC7C,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yCAAyC;QACzC,eAAe,EAAE,MAAM,CAAC;QACxB,wCAAwC;QACxC,qBAAqB,EAAE,MAAM,CAAC;KAC/B,CAAC;IAEF,+CAA+C;IAC/C,eAAe,EAAE,MAAM,CAAC;IAExB,oBAAoB;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IAEjB,gEAAgE;IAChE,YAAY,EAAE,MAAM,CAAC;IAErB,mCAAmC;IACnC,YAAY,EAAE,MAAM,CAAC;IAErB,yBAAyB;IACzB,aAAa,EAAE,MAAM,CAAC;IAEtB,4CAA4C;IAC5C,eAAe,EAAE,MAAM,CAAC;CACzB;AAMD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,6BAA6B;IAC7B,aAAa,EAAE,uBAAuB,CAAC;IAEvC,kDAAkD;IAClD,cAAc,EAAE,mBAAmB,EAAE,CAAC;IAEtC,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAElB,+BAA+B;IAC/B,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,CAAC;QACzB,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAMD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wEAAwE;IACxE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,gEAAgE;IAChE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,0DAA0D;IAC1D,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB,EAAE,QAAQ,CAAC,gBAAgB,CAKhE,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/lib/assessment/summarizer/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAMjE;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,QAAQ,GAAG,cAAc,CAAC;AAE9D;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAM/D;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IAEnB,2DAA2D;IAC3D,aAAa,EAAE,gBAAgB,CAAC;IAEhC,uCAAuC;IACvC,YAAY,EAAE,MAAM,CAAC;IAErB,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAElB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAElB,2CAA2C;IAC3C,aAAa,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,cAAc,EAAE,MAAM,CACpB,MAAM,EACN;QACE,MAAM,EAAE,gBAAgB,CAAC;QACzB,KAAK,EAAE,MAAM,CAAC;KACf,CACF,CAAC;IAEF,oDAAoD;IACpD,gBAAgB,EAAE;QAChB,kDAAkD;QAClD,uBAAuB,EAAE,MAAM,CAAC;QAChC,wCAAwC;QACxC,aAAa,EAAE,MAAM,CAAC;QACtB,4CAA4C;QAC5C,WAAW,EAAE,MAAM,CAAC;QACpB,mDAAmD;QACnD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IAEF;;;OAGG;IACH,oBAAoB,EAAE;QACpB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAEF,sDAAsD;IACtD,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,6CAA6C;IAC7C,eAAe,EAAE,MAAM,CAAC;IAExB,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC1B,gCAAgC;IAChC,QAAQ,EAAE,MAAM,CAAC;IAEjB,uDAAuD;IACvD,SAAS,EAAE,aAAa,CAAC;IAEzB,oDAAoD;IACpD,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAElB,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IAEjB,oCAAoC;IACpC,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,6CAA6C;IAC7C,eAAe,EAAE,MAAM,CAAC;IAExB,8CAA8C;IAC9C,cAAc,EAAE,OAAO,CAAC;IAExB,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE,SAAS,GAAG,YAAY,GAAG,SAAS,CAAC;IAExD,mEAAmE;IACnE,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;CAChD;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,gCAAgC;IAChC,KAAK,EAAE,WAAW,EAAE,CAAC;IAErB,4BAA4B;IAC5B,UAAU,EAAE,MAAM,CAAC;IAEnB,2BAA2B;IAC3B,SAAS,EAAE;QACT,6CAA6C;QAC7C,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yCAAyC;QACzC,eAAe,EAAE,MAAM,CAAC;QACxB,wCAAwC;QACxC,qBAAqB,EAAE,MAAM,CAAC;KAC/B,CAAC;IAEF,+CAA+C;IAC/C,eAAe,EAAE,MAAM,CAAC;IAExB,oBAAoB;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IAEjB,gEAAgE;IAChE,YAAY,EAAE,MAAM,CAAC;IAErB,mCAAmC;IACnC,YAAY,EAAE,MAAM,CAAC;IAErB,yBAAyB;IACzB,aAAa,EAAE,MAAM,CAAC;IAEtB,4CAA4C;IAC5C,eAAe,EAAE,MAAM,CAAC;CACzB;AAMD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,6BAA6B;IAC7B,aAAa,EAAE,uBAAuB,CAAC;IAEvC,kDAAkD;IAClD,cAAc,EAAE,mBAAmB,EAAE,CAAC;IAEtC,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAElB,+BAA+B;IAC/B,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,CAAC;QACzB,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAMD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wEAAwE;IACxE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,gEAAgE;IAChE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,0DAA0D;IAC1D,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B,0EAA0E;IAC1E,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB,EAAE,QAAQ,CAAC,gBAAgB,CAMhE,CAAC"}

package/client/lib/lib/assessment/summarizer/types.js

@@ -16,4 +16,5 @@ export const DEFAULT_SUMMARIZER_CONFIG = {
     maxPatternsPerTool: 5,
     autoTierThreshold: 100_000,
     includeToolDetails: true,
+    stageBVerbose: false,
 };

package/client/lib/lib/moduleScoring.d.ts

@@ -36,6 +36,7 @@ export declare const INSPECTOR_VERSION: string;
  * Version History:
  * - v1: Initial schema
  * - v2: Added TestValidityWarningEvent (Issue #134)
+ * - v3: Added Stage B enrichment for Claude semantic analysis (Issue #137)
  */
-export declare const SCHEMA_VERSION = 2;
+export declare const SCHEMA_VERSION = 3;
 //# sourceMappingURL=moduleScoring.d.ts.map

package/client/lib/lib/moduleScoring.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"moduleScoring.d.ts","sourceRoot":"","sources":["../../src/lib/moduleScoring.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE7D;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAkCnE;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB,QAAsB,CAAC;AAErD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,cAAc,IAAI,CAAC"}
+{"version":3,"file":"moduleScoring.d.ts","sourceRoot":"","sources":["../../src/lib/moduleScoring.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE7D;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAkCnE;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB,QAAsB,CAAC;AAErD;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,cAAc,IAAI,CAAC"}

package/client/lib/lib/moduleScoring.js

@@ -73,5 +73,6 @@ export const INSPECTOR_VERSION = packageJson.version;
  * Version History:
  * - v1: Initial schema
  * - v2: Added TestValidityWarningEvent (Issue #134)
+ * - v3: Added Stage B enrichment for Claude semantic analysis (Issue #137)
  */
-export const SCHEMA_VERSION = 2;
+export const SCHEMA_VERSION = 3;

package/client/lib/services/assessment/modules/ManifestValidationAssessor.d.ts

@@ -14,6 +14,14 @@ import { BaseAssessor } from "./BaseAssessor.js";
 import { AssessmentContext } from "../AssessmentOrchestrator.js";
 import type { ManifestValidationAssessment } from "../../../lib/assessmentTypes.js";
 export declare class ManifestValidationAssessor extends BaseAssessor {
+    /**
+     * Get mcp_config from manifest (supports both root and nested v0.3 format)
+     * Issue #138: Manifest v0.3 places mcp_config under server object
+     *
+     * @param manifest - The parsed manifest JSON
+     * @returns The mcp_config object or undefined if not found in either location
+     */
+    private getMcpConfig;
     /**
      * Run manifest validation assessment
      */

package/client/lib/services/assessment/modules/ManifestValidationAssessor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ManifestValidationAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ManifestValidationAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,4BAA4B,EAK7B,MAAM,uBAAuB,CAAC;AAM/B,qBAAa,0BAA2B,SAAQ,YAAY;IAC1D;;OAEG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,4BAA4B,CAAC;IA6JxC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAyB9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAmB/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAgC/B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAiC7B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAiChC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA+CzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAqCpB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA+B1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA8B7B;;OAEG;YACW,yBAAyB;IAqFvC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAsB/B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA0C3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CA+ChC"}
+{"version":3,"file":"ManifestValidationAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ManifestValidationAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,4BAA4B,EAM7B,MAAM,uBAAuB,CAAC;AAM/B,qBAAa,0BAA2B,SAAQ,YAAY;IAC1D;;;;;;OAMG;IACH,OAAO,CAAC,YAAY;IAcpB;;OAEG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,4BAA4B,CAAC;IAqLxC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAyB9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAmB/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAgC/B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAiC7B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAiChC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA+CzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAqCpB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA+B1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA8B7B;;OAEG;YACW,yBAAyB;IAqFvC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAsB/B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA0C3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CA+ChC"}

package/client/lib/services/assessment/modules/ManifestValidationAssessor.js

@@ -15,6 +15,24 @@ const REQUIRED_FIELDS = ["name", "version", "mcp_config"];
 const RECOMMENDED_FIELDS = ["description", "author", "repository"];
 const CURRENT_MANIFEST_VERSION = "0.3";
 export class ManifestValidationAssessor extends BaseAssessor {
+    /**
+     * Get mcp_config from manifest (supports both root and nested v0.3 format)
+     * Issue #138: Manifest v0.3 places mcp_config under server object
+     *
+     * @param manifest - The parsed manifest JSON
+     * @returns The mcp_config object or undefined if not found in either location
+     */
+    getMcpConfig(manifest) {
+        // Check root level first (legacy format)
+        if (manifest.mcp_config) {
+            return manifest.mcp_config;
+        }
+        // Check nested under server (v0.3 format)
+        if (manifest.server?.mcp_config) {
+            return manifest.server.mcp_config;
+        }
+        return undefined;
+    }
     /**
      * Run manifest validation assessment
      */
@@ -58,11 +76,35 @@ export class ManifestValidationAssessor extends BaseAssessor {
         // Validate required fields
         for (const field of REQUIRED_FIELDS) {
             this.testCount++;
-            const result = this.validateRequiredField(manifest, field);
-            validationResults.push(result);
-            if (!result.valid) {
-                hasRequiredFields = false;
-                missingFields.push(field);
+            // Special handling for mcp_config - can be nested under server (Issue #138)
+            if (field === "mcp_config") {
+                const mcpConfig = this.getMcpConfig(manifest);
+                if (!mcpConfig) {
+                    validationResults.push({
+                        field: "mcp_config",
+                        valid: false,
+                        issue: "Missing required field: mcp_config (checked root and server.mcp_config)",
+                        severity: "ERROR",
+                    });
+                    hasRequiredFields = false;
+                    missingFields.push(field);
+                }
+                else {
+                    validationResults.push({
+                        field: "mcp_config",
+                        valid: true,
+                        value: mcpConfig,
+                        severity: "INFO",
+                    });
+                }
+            }
+            else {
+                const result = this.validateRequiredField(manifest, field);
+                validationResults.push(result);
+                if (!result.valid) {
+                    hasRequiredFields = false;
+                    missingFields.push(field);
+                }
             }
         }
         // Validate recommended fields
@@ -70,10 +112,11 @@ export class ManifestValidationAssessor extends BaseAssessor {
             this.testCount++;
             validationResults.push(this.validateRecommendedField(manifest, field));
         }
-        // Validate mcp_config structure
-        if (manifest.mcp_config) {
+        // Validate mcp_config structure (using helper to support both root and nested paths)
+        const mcpConfig = this.getMcpConfig(manifest);
+        if (mcpConfig) {
             this.testCount++;
-            validationResults.push(this.validateMcpConfig(manifest.mcp_config));
+            validationResults.push(this.validateMcpConfig(mcpConfig));
         }
         // Check for icon
         this.testCount++;

package/client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-client",
-  "version": "1.35.0",
+  "version": "1.35.2",
   "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment",
-  "version": "1.35.0",
+  "version": "1.35.2",
   "description": "Enhanced MCP Inspector with comprehensive assessment capabilities for server validation",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",