@bryan-thompson/inspector-assessment 1.36.5 → 1.38.0

package/client/lib/services/assessment/AssessmentOrchestrator.d.ts

@@ -5,9 +5,11 @@
  * @public
  * @module AssessmentOrchestrator
  */
-import { MCPDirectoryAssessment, AssessmentConfiguration, ManifestJsonSchema, ProgressCallback, ServerInfo, PackageJson } from "../../lib/assessmentTypes.js";
+import { MCPDirectoryAssessment, AssessmentConfiguration, ManifestJsonSchema, ProgressCallback, ServerInfo, PackageJson, ToolAnnotationsContext } from "../../lib/assessmentTypes.js";
 import { Tool, CompatibilityCallToolResult } from "@modelcontextprotocol/sdk/types.js";
 import { ClaudeCodeBridge, ClaudeCodeBridgeConfig } from "./lib/claudeCodeBridge.js";
+import { ExternalAPIDependencyInfo } from "./helpers/ExternalAPIDependencyDetector.js";
+import { TransportDetectionResult } from "./helpers/StdioTransportDetector.js";
 /**
  * MCP Resource interface for assessment context
  * @public
@@ -96,6 +98,9 @@ export interface AssessmentContext {
         oauthEnabled?: boolean;
     };
     listTools?: () => Promise<Tool[]>;
+    externalAPIDependencies?: ExternalAPIDependencyInfo;
+    transportDetection?: TransportDetectionResult;
+    toolAnnotationsContext?: ToolAnnotationsContext;
 }
 /**
  * Main orchestrator class for running MCP server assessments

package/client/lib/services/assessment/AssessmentOrchestrator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AssessmentOrchestrator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/AssessmentOrchestrator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EAEvB,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,WAAW,EACZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,IAAI,EACJ,2BAA2B,EAC5B,MAAM,oCAAoC,CAAC;AAK5C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EAEvB,MAAM,wBAAwB,CAAC;AAsBhC;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC,CAAC;CACJ;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAClC,SAAS,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3D,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,uBAAuB,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IAIxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGtC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAIrB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAG9B,SAAS,CAAC,EAAE,WAAW,EAAE,CAAC;IAC1B,iBAAiB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC1C,OAAO,CAAC,EAAE,SAAS,EAAE,CAAC;IACtB,kBAAkB,CAAC,EAAE,qBAAqB,CAAC;IAG3C,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,SAAS,CAAC,EAAE,CACV,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KACzB,OAAO,CAAC;QAAE,QAAQ,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAGrE,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,iBAAiB,CAAC;QAC1C,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;IAIF,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;CACnC;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,aAAa,CAAa;IAGlC,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,aAAa,CAAkB;IAIvC,OAAO,CAAC,QAAQ,CAAmB;gBAEvB,MAAM,GAAE,OAAO,CAAC,uBAAuB,CAAM;IAiDzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAe9B;;;;OAIG;IACH,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAgBhE;;;OAGG;IACH,eAAe,IAAI,OAAO;IAI1B;;;OAGG;IACH,eAAe,IAAI,gBAAgB,GAAG,SAAS;IAI/C;;;OAGG;IACG,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,sBAAsB,CAAC;IAiHlC;;;;OAIG;IACG,MAAM,CACV,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,UAAU,EACvB,aAAa,CAAC,EAAE,MAAM,EACtB,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,sBAAsB,CAAC;IAclC,OAAO,CAAC,qBAAqB;IAO7B;;;OAGG;IACH,SAAS,IAAI,uBAAuB;IAIpC;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,IAAI;CAG7D"}
+{"version":3,"file":"AssessmentOrchestrator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/AssessmentOrchestrator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EAEvB,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,WAAW,EACX,sBAAsB,EACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,IAAI,EACJ,2BAA2B,EAC5B,MAAM,oCAAoC,CAAC;AAK5C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EAEvB,MAAM,wBAAwB,CAAC;AAchC,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AAGpF,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAW5E;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC,CAAC;CACJ;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAClC,SAAS,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3D,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,uBAAuB,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IAIxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGtC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAIrB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAG9B,SAAS,CAAC,EAAE,WAAW,EAAE,CAAC;IAC1B,iBAAiB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC1C,OAAO,CAAC,EAAE,SAAS,EAAE,CAAC;IACtB,kBAAkB,CAAC,EAAE,qBAAqB,CAAC;IAG3C,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,SAAS,CAAC,EAAE,CACV,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KACzB,OAAO,CAAC;QAAE,QAAQ,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAGrE,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,iBAAiB,CAAC;QAC1C,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;IAIF,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAKlC,uBAAuB,CAAC,EAAE,yBAAyB,CAAC;IAKpD,kBAAkB,CAAC,EAAE,wBAAwB,CAAC;IAK9C,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;CACjD;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,aAAa,CAAa;IAGlC,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,aAAa,CAAkB;IAIvC,OAAO,CAAC,QAAQ,CAAmB;gBAEvB,MAAM,GAAE,OAAO,CAAC,uBAAuB,CAAM;IAiDzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAe9B;;;;OAIG;IACH,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAgBhE;;;OAGG;IACH,eAAe,IAAI,OAAO;IAI1B;;;OAGG;IACH,eAAe,IAAI,gBAAgB,GAAG,SAAS;IAI/C;;;OAGG;IACG,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,sBAAsB,CAAC;IAiHlC;;;;OAIG;IACG,MAAM,CACV,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,UAAU,EACvB,aAAa,CAAC,EAAE,MAAM,EACtB,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,sBAAsB,CAAC;IAclC,OAAO,CAAC,qBAAqB;IAO7B;;;OAGG;IACH,SAAS,IAAI,uBAAuB;IAIpC;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,IAAI;CAG7D"}

package/client/lib/services/assessment/config/performanceConfig.d.ts

@@ -63,6 +63,20 @@ export interface PerformanceConfig {
      * @default 50
      */
     eventEmitterMaxListeners: number;
+    /**
+     * Maximum retry attempts for transient errors in security tests.
+     * Payload-level retry with exponential backoff for connection errors.
+     * @default 2
+     * @see https://github.com/triepod-ai/inspector-assessment/issues/157
+     */
+    securityRetryMaxAttempts: number;
+    /**
+     * Initial backoff delay in milliseconds for security test retries.
+     * Uses exponential backoff: delay * 2^attempt (100ms → 200ms → 400ms)
+     * @default 100
+     * @see https://github.com/triepod-ai/inspector-assessment/issues/157
+     */
+    securityRetryBackoffMs: number;
 }
 /**
  * Default performance configuration.
@@ -86,6 +100,8 @@ export declare const PERFORMANCE_PRESETS: {
         securityTestTimeoutMs: number;
         queueWarningThreshold: number;
         eventEmitterMaxListeners: number;
+        securityRetryMaxAttempts: number;
+        securityRetryBackoffMs: number;
     }>;
     /** Conservative settings for resource-constrained environments */
     readonly resourceConstrained: Readonly<{
@@ -96,6 +112,8 @@ export declare const PERFORMANCE_PRESETS: {
         testTimeoutMs: number;
         securityTestTimeoutMs: number;
         eventEmitterMaxListeners: number;
+        securityRetryMaxAttempts: number;
+        securityRetryBackoffMs: number;
     }>;
 };
 /**

package/client/lib/services/assessment/config/performanceConfig.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"performanceConfig.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/config/performanceConfig.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAG5C;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;;;OAIG;IACH,sBAAsB,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAE1B;;;;OAIG;IACH,aAAa,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,qBAAqB,EAAE,MAAM,CAAC;IAE9B;;;;;;;;;;OAUG;IACH,qBAAqB,EAAE,MAAM,CAAC;IAE9B;;;;OAIG;IACH,wBAAwB,EAAE,MAAM,CAAC;CAClC;AAED;;;;GAIG;AACH,eAAO,MAAM,0BAA0B,EAAE,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CASzE,CAAC;AAEL;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,mDAAmD;;IAGnD,8CAA8C;;;;8BA1ExB,MAAM;uBAoBb,MAAM;+BAOE,MAAM;+BAaN,MAAM;kCAOH,MAAM;;IAkChC,kEAAkE;;;;;8BAjF5C,MAAM;uBAoBb,MAAM;+BAOE,MAAM;kCAoBH,MAAM;;CAyCxB,CAAC;AAEX;;;;;;;;;GASG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACjC,MAAM,EAAE,CAGV;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAClC,QAAQ,CAAC,iBAAiB,CAAC,CAsB7B;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,CAAC,EAAE,MAAM,EACnB,MAAM,CAAC,EAAE,MAAM,GACd,QAAQ,CAAC,iBAAiB,CAAC,CAyC7B"}
+{"version":3,"file":"performanceConfig.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/config/performanceConfig.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAG5C;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;;;OAIG;IACH,sBAAsB,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAE1B;;;;OAIG;IACH,aAAa,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,qBAAqB,EAAE,MAAM,CAAC;IAE9B;;;;;;;;;;OAUG;IACH,qBAAqB,EAAE,MAAM,CAAC;IAE9B;;;;OAIG;IACH,wBAAwB,EAAE,MAAM,CAAC;IAEjC;;;;;OAKG;IACH,wBAAwB,EAAE,MAAM,CAAC;IAEjC;;;;;OAKG;IACH,sBAAsB,EAAE,MAAM,CAAC;CAChC;AAED;;;;GAIG;AACH,eAAO,MAAM,0BAA0B,EAAE,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAWzE,CAAC;AAEL;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,mDAAmD;;IAGnD,8CAA8C;;;;8BA5FxB,MAAM;uBAoBb,MAAM;+BAOE,MAAM;+BAaN,MAAM;kCAOH,MAAM;kCAQN,MAAM;gCAQR,MAAM;;IAoC9B,kEAAkE;;;;;8BAnG5C,MAAM;uBAoBb,MAAM;+BAOE,MAAM;kCAoBH,MAAM;kCAQN,MAAM;gCAQR,MAAM;;CA2CtB,CAAC;AAEX;;;;;;;;;GASG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACjC,MAAM,EAAE,CAGV;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAClC,QAAQ,CAAC,iBAAiB,CAAC,CA4B7B;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,CAAC,EAAE,MAAM,EACnB,MAAM,CAAC,EAAE,MAAM,GACd,QAAQ,CAAC,iBAAiB,CAAC,CAyC7B"}

package/client/lib/services/assessment/config/performanceConfig.js

@@ -24,6 +24,8 @@ export const DEFAULT_PERFORMANCE_CONFIG = Object.freeze({
     securityTestTimeoutMs: 5000,
     queueWarningThreshold: 10000,
     eventEmitterMaxListeners: 50,
+    securityRetryMaxAttempts: 2,
+    securityRetryBackoffMs: 100,
 });
 /**
  * Performance presets for common use cases.
@@ -82,6 +84,10 @@ export function mergeWithDefaults(partial) {
             DEFAULT_PERFORMANCE_CONFIG.queueWarningThreshold,
         eventEmitterMaxListeners: partial.eventEmitterMaxListeners ??
             DEFAULT_PERFORMANCE_CONFIG.eventEmitterMaxListeners,
+        securityRetryMaxAttempts: partial.securityRetryMaxAttempts ??
+            DEFAULT_PERFORMANCE_CONFIG.securityRetryMaxAttempts,
+        securityRetryBackoffMs: partial.securityRetryBackoffMs ??
+            DEFAULT_PERFORMANCE_CONFIG.securityRetryBackoffMs,
     };
 }
 /**

package/client/lib/services/assessment/config/performanceConfigSchemas.d.ts

@@ -46,6 +46,16 @@ export declare const PerformanceConfigSchema: z.ZodObject<{
      * Maximum EventEmitter listeners to prevent Node.js warnings.
      */
     eventEmitterMaxListeners: z.ZodOptional<z.ZodNumber>;
+    /**
+     * Maximum retry attempts for transient errors in security tests.
+     * Issue #157: Connection retry logic for reliability
+     */
+    securityRetryMaxAttempts: z.ZodOptional<z.ZodNumber>;
+    /**
+     * Initial backoff delay in milliseconds for security test retries.
+     * Issue #157: Connection retry logic for reliability
+     */
+    securityRetryBackoffMs: z.ZodOptional<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
     batchFlushIntervalMs?: number;
     functionalityBatchSize?: number;
@@ -54,6 +64,8 @@ export declare const PerformanceConfigSchema: z.ZodObject<{
     securityTestTimeoutMs?: number;
     queueWarningThreshold?: number;
     eventEmitterMaxListeners?: number;
+    securityRetryMaxAttempts?: number;
+    securityRetryBackoffMs?: number;
 }, {
     batchFlushIntervalMs?: number;
     functionalityBatchSize?: number;
@@ -62,6 +74,8 @@ export declare const PerformanceConfigSchema: z.ZodObject<{
     securityTestTimeoutMs?: number;
     queueWarningThreshold?: number;
     eventEmitterMaxListeners?: number;
+    securityRetryMaxAttempts?: number;
+    securityRetryBackoffMs?: number;
 }>;
 /**
  * Type inferred from the schema.
@@ -99,6 +113,8 @@ export declare function safeParsePerformanceConfig(config: unknown): z.SafeParse
     securityTestTimeoutMs?: number;
     queueWarningThreshold?: number;
     eventEmitterMaxListeners?: number;
+    securityRetryMaxAttempts?: number;
+    securityRetryBackoffMs?: number;
 }, {
     batchFlushIntervalMs?: number;
     functionalityBatchSize?: number;
@@ -107,5 +123,7 @@ export declare function safeParsePerformanceConfig(config: unknown): z.SafeParse
     securityTestTimeoutMs?: number;
     queueWarningThreshold?: number;
     eventEmitterMaxListeners?: number;
+    securityRetryMaxAttempts?: number;
+    securityRetryBackoffMs?: number;
 }>;
 //# sourceMappingURL=performanceConfigSchemas.d.ts.map

package/client/lib/services/assessment/config/performanceConfigSchemas.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"performanceConfigSchemas.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/config/performanceConfigSchemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAG3E,OAAO,EAAE,kBAAkB,EAAE,CAAC;AAE9B;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB;IAClC;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;;;;;;;;;;;;;;;;;EAaH,CAAC;AAEH;;;GAGG;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE/E;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,CAW1E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,OAAO,GACd,wBAAwB,CAE1B;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,OAAO;;;;;;;;;;;;;;;;GAEzD"}
+{"version":3,"file":"performanceConfigSchemas.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/config/performanceConfigSchemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAG3E,OAAO,EAAE,kBAAkB,EAAE,CAAC;AAE9B;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB;IAClC;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;OAEG;;IAcH;;;OAGG;;IAcH;;;OAGG;;;;;;;;;;;;;;;;;;;;;;EAaH,CAAC;AAEH;;;GAGG;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE/E;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,CAW1E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,OAAO,GACd,wBAAwB,CAE1B;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;GAEzD"}

package/client/lib/services/assessment/config/performanceConfigSchemas.js

@@ -83,6 +83,26 @@ export const PerformanceConfigSchema = z.object({
         .min(PERF_CONFIG_RANGES.eventEmitterMaxListeners.min, `eventEmitterMaxListeners must be >= ${PERF_CONFIG_RANGES.eventEmitterMaxListeners.min}`)
         .max(PERF_CONFIG_RANGES.eventEmitterMaxListeners.max, `eventEmitterMaxListeners must be <= ${PERF_CONFIG_RANGES.eventEmitterMaxListeners.max}`)
         .optional(),
+    /**
+     * Maximum retry attempts for transient errors in security tests.
+     * Issue #157: Connection retry logic for reliability
+     */
+    securityRetryMaxAttempts: z
+        .number()
+        .int("securityRetryMaxAttempts must be an integer")
+        .min(PERF_CONFIG_RANGES.securityRetryMaxAttempts.min, `securityRetryMaxAttempts must be >= ${PERF_CONFIG_RANGES.securityRetryMaxAttempts.min}`)
+        .max(PERF_CONFIG_RANGES.securityRetryMaxAttempts.max, `securityRetryMaxAttempts must be <= ${PERF_CONFIG_RANGES.securityRetryMaxAttempts.max}`)
+        .optional(),
+    /**
+     * Initial backoff delay in milliseconds for security test retries.
+     * Issue #157: Connection retry logic for reliability
+     */
+    securityRetryBackoffMs: z
+        .number()
+        .int("securityRetryBackoffMs must be an integer")
+        .min(PERF_CONFIG_RANGES.securityRetryBackoffMs.min, `securityRetryBackoffMs must be >= ${PERF_CONFIG_RANGES.securityRetryBackoffMs.min}`)
+        .max(PERF_CONFIG_RANGES.securityRetryBackoffMs.max, `securityRetryBackoffMs must be <= ${PERF_CONFIG_RANGES.securityRetryBackoffMs.max}`)
+        .optional(),
 });
 /**
  * Validate a partial performance config using Zod.

package/client/lib/services/assessment/helpers/ExternalAPIDependencyDetector.d.ts

@@ -0,0 +1,165 @@
+/**
+ * External API Dependency Detector
+ *
+ * Identifies tools that depend on external APIs based on:
+ * 1. Tool name and description patterns (fast, always available)
+ * 2. Source code scanning for API calls (more accurate, when source available)
+ *
+ * This information enables downstream assessors to adjust their behavior:
+ * - TemporalAssessor: Relaxed variance thresholds for external API tools
+ * - FunctionalityAssessor: Accept API errors as valid responses
+ * - ErrorHandlingAssessor: Account for external service failures
+ *
+ * Issue #168: Enhanced with source code scanning support
+ *
+ * @module helpers/ExternalAPIDependencyDetector
+ */
+import { Tool } from "@modelcontextprotocol/sdk/types.js";
+/**
+ * Implications of external API dependencies for downstream assessors
+ * @public
+ */
+export interface ExternalAPIImplications {
+    /** Expected temporal variance behavior */
+    temporalVariance: string;
+    /** Dependency on external service availability */
+    availabilityDependency: string;
+    /** Potential rate limiting from external services */
+    rateLimitingRisk?: string;
+}
+/**
+ * External API dependency detection results
+ * @public
+ */
+export interface ExternalAPIDependencyInfo {
+    /** Set of tool names that depend on external APIs */
+    toolsWithExternalAPIDependency: Set<string>;
+    /** Number of tools detected with external API dependencies */
+    detectedCount: number;
+    /** Detection confidence based on pattern strength */
+    confidence: "high" | "medium" | "low";
+    /** List of detected tool names (for serialization) */
+    detectedTools: string[];
+    /** Extracted domains from source code scanning (e.g., ["api.worldbank.org"]) */
+    domains?: string[];
+    /** Whether source code was available and scanned */
+    sourceCodeScanned?: boolean;
+    /** Implications for downstream assessors when external APIs are detected */
+    implications?: ExternalAPIImplications;
+}
+/**
+ * Detects external API dependencies in MCP tools based on name and description patterns.
+ * Designed to run during context preparation before assessors execute.
+ *
+ * @public
+ */
+export declare class ExternalAPIDependencyDetector {
+    /**
+     * Tool name patterns that suggest external API dependency.
+     * Uses word-boundary matching to prevent false positives.
+     *
+     * Extracted from VarianceClassifier (Issue #166) for reuse across modules.
+     */
+    private readonly EXTERNAL_API_PATTERNS;
+    /**
+     * Description patterns that suggest external API dependency.
+     * Regex patterns for more flexible matching.
+     */
+    private readonly EXTERNAL_API_DESCRIPTION_PATTERNS;
+    /**
+     * Source code patterns that indicate external API calls.
+     * Each pattern captures the URL in group 1.
+     *
+     * Issue #168: Patterns from proposal for source code scanning
+     */
+    private readonly SOURCE_CODE_API_PATTERNS;
+    /**
+     * URL patterns to skip (localhost, local networks, documentation)
+     */
+    private readonly LOCALHOST_PATTERNS;
+    /**
+     * File patterns to skip during source code scanning
+     */
+    private readonly SKIP_FILE_PATTERNS;
+    /**
+     * Detect external API dependencies from tools and optionally source code.
+     *
+     * Detection strategy:
+     * 1. Always analyze tool names and descriptions (fast, no source needed)
+     * 2. If sourceCodeFiles provided, scan for actual API calls (more accurate)
+     * 3. Combine results and compute confidence
+     *
+     * @param tools - List of MCP tools to analyze
+     * @param sourceCodeFiles - Optional map of file paths to content for source scanning
+     * @returns Detection results with tool names, domains, and implications
+     */
+    detect(tools: Tool[], sourceCodeFiles?: Map<string, string>): ExternalAPIDependencyInfo;
+    /** Maximum content length per file (500KB) - prevents ReDoS attacks */
+    private readonly MAX_CONTENT_LENGTH;
+    /** Maximum matches per file - prevents runaway matching */
+    private readonly MAX_MATCHES_PER_FILE;
+    /**
+     * Scan source code files for external API URLs.
+     * Returns unique external domains found in the code.
+     *
+     * @param sourceCodeFiles - Map of file paths to content
+     * @returns Array of unique external domain names
+     */
+    scanSourceCode(sourceCodeFiles: Map<string, string>): string[];
+    /**
+     * Extract the hostname from a URL string.
+     *
+     * @param url - URL string (may be partial)
+     * @returns Hostname or null if extraction fails
+     */
+    private extractDomain;
+    /**
+     * Check if a URL points to localhost or local network.
+     *
+     * @param url - URL string to check
+     * @returns true if URL is local
+     */
+    private isLocalhost;
+    /**
+     * Check if a file should be skipped during source scanning.
+     *
+     * @param filePath - Path to check
+     * @returns true if file should be skipped
+     */
+    private shouldSkipFile;
+    /**
+     * Compute detection confidence based on both methods.
+     * Source code confirmation boosts confidence.
+     *
+     * @param toolCount - Number of tools detected via name/description
+     * @param domains - Domains found in source code
+     * @returns Confidence level
+     */
+    private computeConfidence;
+    /**
+     * Generate implications for downstream assessors.
+     *
+     * @param domains - External domains found
+     * @returns Implications object
+     */
+    private generateImplications;
+    /**
+     * Check if a single tool depends on external APIs.
+     * Uses BOTH name patterns AND description analysis for detection.
+     *
+     * @param tool - MCP tool to check
+     * @returns true if tool appears to depend on external APIs
+     */
+    isExternalAPITool(tool: Tool): boolean;
+    /**
+     * Get the list of name patterns used for detection.
+     * Useful for debugging and documentation.
+     */
+    getNamePatterns(): readonly string[];
+    /**
+     * Get the list of description patterns used for detection.
+     * Useful for debugging and documentation.
+     */
+    getDescriptionPatterns(): readonly RegExp[];
+}
+//# sourceMappingURL=ExternalAPIDependencyDetector.d.ts.map

package/client/lib/services/assessment/helpers/ExternalAPIDependencyDetector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ExternalAPIDependencyDetector.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/helpers/ExternalAPIDependencyDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE1D;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,0CAA0C;IAC1C,gBAAgB,EAAE,MAAM,CAAC;IACzB,kDAAkD;IAClD,sBAAsB,EAAE,MAAM,CAAC;IAC/B,qDAAqD;IACrD,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,qDAAqD;IACrD,8BAA8B,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5C,8DAA8D;IAC9D,aAAa,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,sDAAsD;IACtD,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gFAAgF;IAChF,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,oDAAoD;IACpD,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,4EAA4E;IAC5E,YAAY,CAAC,EAAE,uBAAuB,CAAC;CACxC;AAED;;;;;GAKG;AACH,qBAAa,6BAA6B;IACxC;;;;;OAKG;IACH,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAuBpC;IAEF;;;OAGG;IACH,OAAO,CAAC,QAAQ,CAAC,iCAAiC,CAQhD;IAEF;;;;;OAKG;IACH,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAevC;IAEF;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAUjC;IAEF;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAajC;IAEF;;;;;;;;;;;OAWG;IACH,MAAM,CACJ,KAAK,EAAE,IAAI,EAAE,EACb,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,yBAAyB;IA0C5B,uEAAuE;IACvE,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAW;IAE9C,2DAA2D;IAC3D,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAO;IAE5C;;;;;;OAMG;IACH,cAAc,CAAC,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,EAAE;IAoC9D;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IAUrB;;;;;OAKG;IACH,OAAO,CAAC,WAAW;IAInB;;;;;OAKG;IACH,OAAO,CAAC,cAAc;IAItB;;;;;;;OAOG;IACH,OAAO,CAAC,iBAAiB;IAyBzB;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;IAc5B;;;;;;OAMG;IACH,iBAAiB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IAmBtC;;;OAGG;IACH,eAAe,IAAI,SAAS,MAAM,EAAE;IAIpC;;;OAGG;IACH,sBAAsB,IAAI,SAAS,MAAM,EAAE;CAG5C"}