@bryan-thompson/inspector-assessment 1.35.2 → 1.36.0

package/cli/build/__tests__/http-transport-integration.test.js

@@ -7,8 +7,15 @@
  *
  * Note: Tests skip gracefully when testbed servers are unavailable.
  */
-import { describe, it, expect, beforeAll } from "@jest/globals";
+import { jest, describe, it, expect, beforeAll, afterEach, } from "@jest/globals";
+/**
+ * Skip integration tests unless RUN_E2E_TESTS is set.
+ * This prevents long timeouts when testbed servers aren't running.
+ *
+ * To run: RUN_E2E_TESTS=1 npm test -- --testPathPattern="http-transport-integration"
+ */
 import { createTransport } from "../transport.js";
+const describeE2E = process.env.RUN_E2E_TESTS ? describe : describe.skip;
 // Testbed server URLs
 const VULNERABLE_MCP_URL = "http://localhost:10900/mcp";
 const HARDENED_MCP_URL = "http://localhost:10901/mcp";
@@ -24,9 +31,9 @@ const DEFAULT_HEADERS = {
  * Check if a server is available by sending a basic HTTP request
  */
 async function checkServerAvailable(url) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 5000);
     try {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), 5000);
         const response = await fetch(url, {
             method: "POST",
             headers: DEFAULT_HEADERS,
@@ -42,13 +49,17 @@ async function checkServerAvailable(url) {
             }),
             signal: controller.signal,
         });
-        clearTimeout(timeoutId);
         // Accept any response (200 or error) as indication server is up
         return response.status < 500;
     }
     catch {
         return false;
     }
+    finally {
+        // Always clean up timeout and abort controller to prevent memory leaks
+        clearTimeout(timeoutId);
+        controller.abort();
+    }
 }
 /**
  * Parse SSE response to extract JSON data
@@ -100,7 +111,10 @@ async function sendMcpRequest(url, method, params = {}, headers = {}) {
     }
     return { response, data };
 }
-describe("HTTP Transport Integration", () => {
+describeE2E("HTTP Transport Integration", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     let vulnerableServerAvailable = false;
     let hardenedServerAvailable = false;
     beforeAll(async () => {

package/cli/build/__tests__/jsonl-events.test.js

@@ -40,7 +40,7 @@ describe("JSONL Event Emission", () => {
         });
         it("should include schemaVersion field", () => {
             emitJSONL({ event: "test" });
-            expect(emittedEvents[0]).toHaveProperty("schemaVersion", 1);
+            expect(emittedEvents[0]).toHaveProperty("schemaVersion", 3);
         });
         it("should handle complex nested objects", () => {
             emitJSONL({

package/cli/build/__tests__/lib/server-configSchemas.test.js

@@ -7,7 +7,7 @@
  * Addresses QA requirement: Test that type guards are mutually exclusive
  * and correctly discriminate between transport types.
  */
-import { describe, it, expect } from "@jest/globals";
+import { jest, describe, it, expect } from "@jest/globals";
 import { z } from "zod";
 // Define schemas inline to avoid import issues with client/lib in CLI tests
 const HttpSseServerConfigSchema = z.object({
@@ -36,6 +36,9 @@ function isStdioConfig(entry) {
     return "command" in entry && !("url" in entry);
 }
 describe("server-configSchemas type guards", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     describe("isHttpSseConfig", () => {
         it("should return true for HTTP transport config", () => {
             const config = {

package/cli/build/__tests__/lib/zodErrorFormatter.test.js

@@ -4,10 +4,13 @@
  * Tests for formatZodError utility to ensure helpful error messages.
  * Addresses QA requirement: verify Zod error messages are helpful (not just generic "Invalid").
  */
-import { describe, it, expect } from "@jest/globals";
+import { jest, describe, it, expect } from "@jest/globals";
 import { z } from "zod";
 import { formatZodError, formatZodIssue, formatZodErrorIndented, zodErrorToArray, formatUserFriendlyError, formatZodErrorForJson, } from "../../lib/zodErrorFormatter.js";
 describe("zodErrorFormatter", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     describe("formatZodIssue", () => {
         it("should format issue with path", () => {
             const issue = {

package/cli/build/__tests__/profiles.test.js

@@ -7,6 +7,9 @@
 import { jest, describe, it, expect } from "@jest/globals";
 import { ASSESSMENT_PROFILES, PROFILE_METADATA, MODULE_ALIASES, DEPRECATED_MODULES, TIER_1_CORE_SECURITY, TIER_2_COMPLIANCE, TIER_3_CAPABILITY, TIER_4_EXTENDED, ALL_MODULES, resolveModuleNames, getProfileModules, isValidProfileName, getProfileHelpText, mapLegacyConfigToModules, modulesToLegacyConfig, } from "../profiles.js";
 describe("Profile Definitions", () => {
+    afterEach(() => {
+        jest.restoreAllMocks();
+    });
     describe("Profile Constants", () => {
         it("should have four profiles defined", () => {
             const profiles = Object.keys(ASSESSMENT_PROFILES);
@@ -124,17 +127,25 @@ describe("resolveModuleNames", () => {
     });
     it("should emit warnings for deprecated modules when warn=true", () => {
         const consoleSpy = jest.spyOn(console, "warn").mockImplementation(() => { });
-        const modules = ["documentation"];
-        resolveModuleNames(modules, true);
-        expect(consoleSpy).toHaveBeenCalledWith(expect.stringContaining("deprecated"));
-        consoleSpy.mockRestore();
+        try {
+            const modules = ["documentation"];
+            resolveModuleNames(modules, true);
+            expect(consoleSpy).toHaveBeenCalledWith(expect.stringContaining("deprecated"));
+        }
+        finally {
+            consoleSpy.mockRestore();
+        }
     });
     it("should not emit warnings when warn=false", () => {
         const consoleSpy = jest.spyOn(console, "warn").mockImplementation(() => { });
-        const modules = ["documentation"];
-        resolveModuleNames(modules, false);
-        expect(consoleSpy).not.toHaveBeenCalled();
-        consoleSpy.mockRestore();
+        try {
+            const modules = ["documentation"];
+            resolveModuleNames(modules, false);
+            expect(consoleSpy).not.toHaveBeenCalled();
+        }
+        finally {
+            consoleSpy.mockRestore();
+        }
     });
 });
 describe("getProfileModules", () => {

package/cli/build/__tests__/security/security-pattern-count.test.js

@@ -13,7 +13,7 @@
  * CLI tools override this to 30 patterns for comprehensive security assessment.
  * This test verifies consistency within each context.
  */
-import { describe, it, expect } from "@jest/globals";
+import { jest, describe, it, expect, afterEach } from "@jest/globals";
 import * as fs from "fs";
 import * as path from "path";
 import { fileURLToPath } from "url";
@@ -22,6 +22,9 @@ const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const projectRoot = path.resolve(__dirname, "../../../.."); // From cli/src/__tests__/security to root
 describe("Security Pattern Count Consistency", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     describe("CLI assess-security references", () => {
         it("should use consistent pattern count in assess-security.ts", () => {
             const filePath = path.join(projectRoot, "cli/src/assess-security.ts");
@@ -131,9 +134,9 @@ describe("Security Pattern Count Consistency", () => {
             // Default: "default all 8" or "default 8"
             expect(content).toMatch(/securityPatternsToTest\?\s*:\s*number;.*default.*8/i);
             // Reviewer mode: "Test only 3 critical"
-            expect(content).toMatch(/securityPatternsToTest:\s*3;.*3 critical/i);
+            expect(content).toMatch(/securityPatternsToTest:\s*3,.*3 critical/i);
             // Developer/audit modes: "all security patterns" or "all 8"
-            expect(content).toMatch(/securityPatternsToTest:\s*8;.*all.*8|8.*patterns/i);
+            expect(content).toMatch(/securityPatternsToTest:\s*8,.*all.*8|8.*patterns/i);
         });
         it("should document pattern count in help text comments", () => {
             const filePath = path.join(projectRoot, "cli/src/assess-security.ts");

package/cli/build/__tests__/stage3-fix-validation.test.js

@@ -6,9 +6,12 @@
  *
  * @see https://github.com/triepod-ai/inspector-assessment/issues/137
  */
-import { describe, it, expect } from "@jest/globals";
+import { jest, describe, it, expect, afterEach } from "@jest/globals";
 import { AssessmentOptionsSchema, safeParseAssessmentOptions, validateAssessmentOptions, } from "../lib/cli-parserSchemas.js";
 describe("Stage 3 Fix Validation Tests", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     describe("[TEST-001] cli-parserSchemas.ts - stageBVerbose field (FIX-001)", () => {
         describe("stageBVerbose field validation", () => {
             it("should accept stageBVerbose with true value (happy path)", () => {

package/cli/build/__tests__/testbed-integration.test.js

@@ -11,7 +11,14 @@
  *
  * Note: Tests skip gracefully when testbed servers are unavailable.
  */
-import { describe, it, expect, beforeAll } from "@jest/globals";
+import { jest, describe, it, expect, beforeAll, afterEach, } from "@jest/globals";
+/**
+ * Skip integration tests unless RUN_E2E_TESTS is set.
+ * This prevents long timeouts when testbed servers aren't running.
+ *
+ * To run: RUN_E2E_TESTS=1 npm test -- --testPathPattern="testbed-integration"
+ */
+const describeE2E = process.env.RUN_E2E_TESTS ? describe : describe.skip;
 // Testbed server URLs
 const VULNERABLE_URL = "http://localhost:10900/mcp";
 const HARDENED_URL = "http://localhost:10901/mcp";
@@ -26,9 +33,9 @@ const DEFAULT_HEADERS = {
  * Check if a server is available by sending an initialize request
  */
 async function checkServerAvailable(url) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 5000);
     try {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), 5000);
         const response = await fetch(url, {
             method: "POST",
             headers: DEFAULT_HEADERS,
@@ -44,12 +51,16 @@ async function checkServerAvailable(url) {
             }),
             signal: controller.signal,
         });
-        clearTimeout(timeoutId);
         return response.status < 500;
     }
     catch {
         return false;
     }
+    finally {
+        // Always clean up timeout and abort controller to prevent memory leaks
+        clearTimeout(timeoutId);
+        controller.abort();
+    }
 }
 /**
  * Parse SSE response to extract JSON data
@@ -119,7 +130,10 @@ async function callTool(url, toolName, args) {
     });
     return data;
 }
-describe("Testbed A/B Comparison", () => {
+describeE2E("Testbed A/B Comparison", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     let bothServersAvailable = false;
     let vulnerableAvailable = false;
     let hardenedAvailable = false;

package/cli/build/__tests__/transport.test.js

@@ -5,9 +5,12 @@
  * Tests focus on input validation and error handling rather than
  * mocked transport implementations due to ESM limitations.
  */
-import { describe, it, expect } from "@jest/globals";
+import { jest, describe, it, expect, afterEach } from "@jest/globals";
 import { createTransport } from "../transport.js";
 describe("Transport Creation", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     describe("Input Validation", () => {
         it("should throw error when URL is missing for HTTP transport", () => {
             const options = {

package/cli/build/lib/__tests__/cli-parserSchemas.test.js

@@ -5,10 +5,13 @@
  *
  * @module cli/lib/__tests__/cli-parserSchemas
  */
-// Uses Jest globals (describe, test, expect)
+import { jest, describe, test, expect, afterEach } from "@jest/globals";
 import { ZodError } from "zod";
 import { AssessmentProfileNameSchema, AssessmentModuleNameSchema, ServerConfigSchema, AssessmentOptionsSchema, ValidationResultSchema, validateAssessmentOptions, validateServerConfig, parseAssessmentOptions, safeParseAssessmentOptions, parseModuleNames, safeParseModuleNames, LogLevelSchema, ReportFormatSchema, TransportTypeSchema, ZOD_SCHEMA_VERSION, } from "../cli-parserSchemas.js";
 describe("cli-parserSchemas", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     describe("Re-exported schemas", () => {
         test("exports ZOD_SCHEMA_VERSION", () => {
             expect(ZOD_SCHEMA_VERSION).toBe(1);

package/cli/build/lib/assessment-runner/__tests__/server-configSchemas.test.js

@@ -5,10 +5,13 @@
  *
  * @module cli/lib/assessment-runner/__tests__/server-configSchemas
  */
-// Uses Jest globals (describe, test, expect)
+import { jest, describe, test, expect, afterEach } from "@jest/globals";
 import { ZodError } from "zod";
 import { HttpSseServerConfigSchema, StdioServerConfigSchema, ServerEntrySchema, ClaudeDesktopConfigSchema, StandaloneConfigSchema, ConfigFileSchema, parseConfigFile, safeParseConfigFile, validateServerEntry, isHttpSseConfig, isStdioConfig, TransportTypeSchema, } from "../server-configSchemas.js";
 describe("server-configSchemas", () => {
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
     describe("Re-exported schemas", () => {
         test("exports TransportTypeSchema", () => {
             expect(TransportTypeSchema.safeParse("stdio").success).toBe(true);

package/cli/build/lib/assessment-runner/assessment-executor.js

@@ -12,9 +12,12 @@ import { AssessmentStateManager } from "../../assessmentState.js";
 import { emitServerConnected, emitToolDiscovered, emitToolsDiscoveryComplete, emitAssessmentComplete, emitTestBatch, emitVulnerabilityFound, emitAnnotationMissing, emitAnnotationMisaligned, emitAnnotationReviewRecommended, emitAnnotationAligned, emitModulesConfigured, emitPhaseStarted, emitPhaseComplete, emitToolTestComplete, emitValidationSummary, } from "../jsonl-events.js";
 import { loadServerConfig } from "./server-config.js";
 import { loadSourceFiles } from "./source-loader.js";
+import { resolveSourcePath } from "./path-resolver.js";
 import { connectToServer } from "./server-connection.js";
 import { createCallToolWrapper } from "./tool-wrapper.js";
 import { buildConfig } from "./config-builder.js";
+// Issue #155: Import annotation debug mode setter
+import { setAnnotationDebugMode } from "../../../../client/lib/services/assessment/modules/annotations/AlignmentChecker.js";
 /**
  * Run full assessment against an MCP server
  *
@@ -22,6 +25,13 @@ import { buildConfig } from "./config-builder.js";
  * @returns Assessment results
  */
 export async function runFullAssessment(options) {
+    // Issue #155: Enable annotation debug mode if flag is set
+    if (options.debugAnnotations) {
+        setAnnotationDebugMode(true);
+        if (!options.jsonOnly) {
+            console.log("🔍 Annotation debug mode enabled (--debug-annotations)");
+        }
+    }
     if (!options.jsonOnly) {
         console.log(`\n🔍 Starting full assessment for: ${options.serverName}`);
     }
@@ -199,10 +209,19 @@ export async function runFullAssessment(options) {
         }
     }
     let sourceFiles = {};
-    if (options.sourceCodePath && fs.existsSync(options.sourceCodePath)) {
-        sourceFiles = loadSourceFiles(options.sourceCodePath);
-        if (!options.jsonOnly) {
-            console.log(`📁 Loaded source files from: ${options.sourceCodePath}`);
+    if (options.sourceCodePath) {
+        // Resolve path using utility (handles ~, relative paths, symlinks)
+        const resolvedSourcePath = resolveSourcePath(options.sourceCodePath);
+        if (fs.existsSync(resolvedSourcePath)) {
+            sourceFiles = loadSourceFiles(resolvedSourcePath, options.debugSource);
+            if (!options.jsonOnly) {
+                console.log(`📁 Loaded source files from: ${resolvedSourcePath}`);
+            }
+        }
+        else if (!options.jsonOnly) {
+            // Issue #154: Always show warning, not just with --debug-source
+            console.log(`⚠️  Source path not found: ${options.sourceCodePath} (resolved: ${resolvedSourcePath})`);
+            console.log(`   Use --source <existing-path> to enable full source file analysis.`);
         }
     }
     // Create readResource wrapper for ResourceAssessor

package/cli/build/lib/assessment-runner/index.js

@@ -10,6 +10,8 @@
 export { loadServerConfig } from "./server-config.js";
 // Source File Loading
 export { loadSourceFiles } from "./source-loader.js";
+// Path Resolution
+export { resolveSourcePath } from "./path-resolver.js";
 // Server Connection
 export { connectToServer } from "./server-connection.js";
 // Tool Wrapper

package/cli/build/lib/assessment-runner/path-resolver.js

@@ -0,0 +1,48 @@
+/**
+ * Path Resolution Utilities
+ *
+ * Handles path normalization for source code paths including:
+ * - Home directory (~) expansion
+ * - Relative path resolution
+ * - Symlink resolution (for MCPB temp extraction paths)
+ *
+ * @module cli/lib/assessment-runner/path-resolver
+ */
+import * as fs from "fs";
+import * as os from "os";
+import * as path from "path";
+/**
+ * Resolve a source code path to an absolute, real path
+ *
+ * Handles:
+ * - Tilde (~) expansion to home directory
+ * - Relative paths resolved to absolute
+ * - Symlinks followed to real paths (important for MCPB temp extraction)
+ *
+ * @param sourcePath - The source path to resolve (may be relative, contain ~, or be a symlink)
+ * @returns The resolved absolute path, or the original path if resolution fails
+ *
+ * @example
+ * resolveSourcePath("~/project") // => "/home/user/project"
+ * resolveSourcePath("./src") // => "/current/working/dir/src"
+ * resolveSourcePath("/tmp/symlink") // => "/actual/target/path"
+ */
+export function resolveSourcePath(sourcePath) {
+    let resolved = sourcePath;
+    // Expand home directory (~)
+    if (resolved.startsWith("~")) {
+        resolved = path.join(os.homedir(), resolved.slice(1));
+    }
+    // Resolve to absolute path
+    resolved = path.resolve(resolved);
+    // Follow symlinks if path exists (handles MCPB temp extraction paths)
+    try {
+        if (fs.existsSync(resolved)) {
+            resolved = fs.realpathSync(resolved);
+        }
+    }
+    catch {
+        // realpathSync can fail on broken symlinks, continue with resolved path
+    }
+    return resolved;
+}

package/cli/build/lib/assessment-runner/source-loader.js

@@ -6,6 +6,7 @@
  * @module cli/lib/assessment-runner/source-loader
  */
 import * as fs from "fs";
+import * as os from "os";
 import * as path from "path";
 /** Maximum file size (in characters) to include in source code analysis */
 const MAX_SOURCE_FILE_SIZE = 100_000;
@@ -13,34 +14,65 @@ const MAX_SOURCE_FILE_SIZE = 100_000;
  * Load optional files from source code path
  *
  * @param sourcePath - Path to source code directory
+ * @param debug - Enable debug logging for path resolution troubleshooting
  * @returns Object containing loaded source files
  */
-export function loadSourceFiles(sourcePath) {
+export function loadSourceFiles(sourcePath, debug = false) {
     const result = {};
+    // Debug logging helper - masks home directory for privacy in logs
+    const log = (msg) => {
+        if (!debug)
+            return;
+        const maskedMsg = msg.replace(os.homedir(), "~");
+        console.log(`[source-loader] ${maskedMsg}`);
+    };
+    log(`Starting source file loading from: ${sourcePath}`);
     // Search for README in source directory and parent directories (up to 3 levels)
     // This handles cases where --source points to a subdirectory but README is at repo root
-    const readmePaths = ["README.md", "readme.md", "Readme.md"];
+    // Extended patterns to handle various README naming conventions
+    const readmePaths = [
+        "README.md",
+        "readme.md",
+        "Readme.md",
+        "README.markdown",
+        "readme.markdown",
+        "README.txt",
+        "readme.txt",
+        "README",
+        "Readme",
+    ];
     let readmeFound = false;
+    log(`Searching for README variants: ${readmePaths.join(", ")}`);
     // First try the source directory itself
     for (const readmePath of readmePaths) {
         const fullPath = path.join(sourcePath, readmePath);
-        if (fs.existsSync(fullPath)) {
+        const exists = fs.existsSync(fullPath);
+        log(`  Checking: ${fullPath} - exists: ${exists}`);
+        if (exists) {
             result.readmeContent = fs.readFileSync(fullPath, "utf-8");
+            log(`  ✓ Found README: ${fullPath} (${result.readmeContent.length} bytes)`);
             readmeFound = true;
             break;
         }
     }
     // If not found, search parent directories (up to 3 levels)
     if (!readmeFound) {
+        log(`README not found in source directory, searching parent directories...`);
         let currentDir = sourcePath;
         for (let i = 0; i < 3; i++) {
             const parentDir = path.dirname(currentDir);
-            if (parentDir === currentDir)
+            if (parentDir === currentDir) {
+                log(`  Reached filesystem root, stopping parent search`);
                 break; // Reached filesystem root
+            }
+            log(`  Searching parent level ${i + 1}: ${parentDir}`);
             for (const readmePath of readmePaths) {
                 const fullPath = path.join(parentDir, readmePath);
-                if (fs.existsSync(fullPath)) {
+                const exists = fs.existsSync(fullPath);
+                log(`    Checking: ${fullPath} - exists: ${exists}`);
+                if (exists) {
                     result.readmeContent = fs.readFileSync(fullPath, "utf-8");
+                    log(`    ✓ Found README: ${fullPath} (${result.readmeContent.length} bytes)`);
                     readmeFound = true;
                     break;
                 }
@@ -50,6 +82,9 @@ export function loadSourceFiles(sourcePath) {
             currentDir = parentDir;
         }
     }
+    if (!readmeFound) {
+        log(`✗ No README found in source directory or parent directories`);
+    }
     const packagePath = path.join(sourcePath, "package.json");
     if (fs.existsSync(packagePath)) {
         result.packageJson = JSON.parse(fs.readFileSync(packagePath, "utf-8"));
@@ -135,5 +170,12 @@ export function loadSourceFiles(sourcePath) {
     catch (e) {
         console.warn("[Assessment] Could not load source files:", e);
     }
+    // Summary logging
+    const sourceCodeFiles = result.sourceCodeFiles;
+    log(`Source loading complete:`);
+    log(`  - README: ${result.readmeContent ? "found" : "not found"}`);
+    log(`  - package.json: ${result.packageJson ? "found" : "not found"}`);
+    log(`  - manifest.json: ${result.manifestJson ? "found" : "not found"}`);
+    log(`  - Source files loaded: ${sourceCodeFiles.size}`);
     return result;
 }

package/cli/build/lib/cli-parser.js

@@ -94,6 +94,13 @@ export function parseArgs(argv) {
             case "--source":
                 options.sourceCodePath = args[++i];
                 break;
+            case "--debug-source":
+                options.debugSource = true;
+                break;
+            case "--debug-annotations":
+                // Issue #155: Enable debug logging for annotation extraction
+                options.debugAnnotations = true;
+                break;
             case "--pattern-config":
             case "-p":
                 options.patternConfigPath = args[++i];
@@ -374,6 +381,9 @@ Options:
   --config, -c <path>    Path to server config JSON
   --output, -o <path>    Output path (default: /tmp/inspector-full-assessment-<server>.<ext>)
   --source <path>        Source code path for deep analysis (AUP, portability, etc.)
+  --debug-source         Enable debug logging for source file loading (Issue #151)
+  --debug-annotations    Enable debug logging for annotation extraction (Issue #155)
+                         Shows raw tool keys, annotations object, and direct hints
   --pattern-config, -p <path>  Path to custom annotation pattern JSON
   --performance-config <path>  Path to performance tuning JSON (batch sizes, timeouts, etc.)
   --format, -f <type>    Output format: json (default) or markdown

package/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-cli",
-  "version": "1.35.2",
+  "version": "1.36.0",
   "description": "CLI for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",

package/client/dist/assets/{OAuthCallback-jfmizOMH.js → OAuthCallback-Cfp3Vzdz.js}

@@ -1,4 +1,4 @@
-import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-Ce63ds7G.js";
+import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-B21S7_ML.js";
 const OAuthCallback = ({ onConnect }) => {
   const { toast } = useToast();
   const hasProcessedRef = reactExports.useRef(false);

package/client/dist/assets/{OAuthDebugCallback-bU5kKvnt.js → OAuthDebugCallback-7BLaxlcq.js}

@@ -1,4 +1,4 @@
-import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-Ce63ds7G.js";
+import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-B21S7_ML.js";
 const OAuthDebugCallback = ({ onConnect }) => {
   reactExports.useEffect(() => {
     let isProcessed = false;

package/client/dist/assets/{index-Ce63ds7G.js → index-B21S7_ML.js}

@@ -16373,7 +16373,7 @@ object({
   token_type_hint: string().optional()
 }).strip();
 const name = "@bryan-thompson/inspector-assessment-client";
-const version$1 = "1.35.2";
+const version$1 = "1.36.0";
 const packageJson = {
   name,
   version: version$1
@@ -48920,7 +48920,7 @@ const useTheme = () => {
     [theme, setThemeWithSideEffect]
   );
 };
-const version = "1.35.2";
+const version = "1.36.0";
 var [createTooltipContext] = createContextScope("Tooltip", [
   createPopperScope
 ]);
@@ -52515,13 +52515,13 @@ const App = () => {
   ) });
   if (window.location.pathname === "/oauth/callback") {
     const OAuthCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthCallback-jfmizOMH.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthCallback-Cfp3Vzdz.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
   }
   if (window.location.pathname === "/oauth/callback/debug") {
     const OAuthDebugCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthDebugCallback-bU5kKvnt.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthDebugCallback-7BLaxlcq.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
   }

package/client/dist/index.html

@@ -5,7 +5,7 @@
     <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MCP Inspector</title>
-    <script type="module" crossorigin src="/assets/index-Ce63ds7G.js"></script>
+    <script type="module" crossorigin src="/assets/index-B21S7_ML.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-BoUA5OL1.css">
   </head>
   <body>

package/client/lib/lib/assessment/coreTypes.d.ts

@@ -280,4 +280,27 @@ export interface PackageJson {
 export type ToolInputSchema = JSONSchema7 & {
     type: "object";
 };
+/**
+ * Result of namespace/prefix detection for tool naming.
+ * Used to identify when tools share a common namespace (e.g., calc_add, calc_subtract).
+ * This helps downstream analyzers (like mcp-auditor) understand intentional naming patterns
+ * and reduces false positives for "naming conflicts".
+ * @public
+ */
+export interface NamespaceDetectionResult {
+    /** Whether a namespace was detected */
+    detected: boolean;
+    /** The detected namespace/prefix (e.g., "calc" from calc_add, calc_subtract) */
+    namespace?: string;
+    /** Confidence level of the detection */
+    confidence: "high" | "medium" | "low";
+    /** Number of tools that match this namespace */
+    toolsCovered: number;
+    /** Total number of tools analyzed */
+    totalTools: number;
+    /** How the namespace was detected */
+    matchPattern?: "prefix" | "serverName" | "none";
+    /** Sample tool names showing the pattern */
+    evidence?: string[];
+}
 //# sourceMappingURL=coreTypes.d.ts.map