npm - @bryan-thompson/inspector-assessment - Versions diffs - 1.43.2 → 1.43.4 - Mend

@bryan-thompson/inspector-assessment 1.43.2 → 1.43.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/client/lib/services/assessment/modules/index.d.ts CHANGED Viewed

@@ -50,7 +50,7 @@ export { TemporalAssessor } from "./TemporalAssessor.js";
  * The `errorHandling` result field is preserved for backward compatibility.
  * @see GitHub Issue #188
  */
-export { ProtocolComplianceAssessor, type UnifiedProtocolComplianceAssessment, } from "./ProtocolComplianceAssessor.js";
+export { ProtocolComplianceAssessor, type UnifiedProtocolComplianceAssessment, } from "./ProtocolComplianceAssessor/index.js";
 export { AUPComplianceAssessor } from "./AUPComplianceAssessor.js";
 export { ToolAnnotationAssessor } from "./ToolAnnotationAssessor.js";
 export { ProhibitedLibrariesAssessor } from "./ProhibitedLibrariesAssessor.js";

package/client/lib/services/assessment/modules/index.js CHANGED Viewed

@@ -54,7 +54,7 @@ export { TemporalAssessor } from "./TemporalAssessor.js";
  * The `errorHandling` result field is preserved for backward compatibility.
  * @see GitHub Issue #188
  */
-export { ProtocolComplianceAssessor, } from "./ProtocolComplianceAssessor.js";
+export { ProtocolComplianceAssessor, } from "./ProtocolComplianceAssessor/index.js";
 export { AUPComplianceAssessor } from "./AUPComplianceAssessor.js";
 // ============================================================================
 // Tier 2: Compliance (MCP Directory)

package/client/lib/services/assessment/modules/securityTests/SecurityPayloadTester.d.ts CHANGED Viewed

@@ -36,6 +36,11 @@ export interface PayloadTestConfig {
      * When provided, enables annotation-aware false positive reduction
      */
     toolAnnotationsContext?: ToolAnnotationsContext;
+    /**
+     * Transport type for context-aware test skipping
+     * When "http" or "sse", skip filesystem-only tests (e.g., Path Traversal)
+     */
+    transportType?: "stdio" | "http" | "sse";
 }
 /**
  * Logger interface for test execution
@@ -61,6 +66,16 @@ export declare class SecurityPayloadTester {
      * Call before running tests to enable annotation-aware false positive reduction
      */
     setToolAnnotationsContext(context: ToolAnnotationsContext | undefined): void;
+    /**
+     * Set transport type for context-aware test skipping (FP reduction)
+     * Call before running tests to skip irrelevant patterns
+     */
+    setTransportType(transportType: "stdio" | "http" | "sse" | undefined): void;
+    /**
+     * Check if an attack pattern should be skipped for a given tool.
+     * Reduces false positives by skipping irrelevant test categories.
+     */
+    private shouldSkipPattern;
     /**
      * Run comprehensive security tests (advanced mode)
      * Tests selected tools with ALL 23 security patterns using diverse payloads

package/client/lib/services/assessment/modules/securityTests/SecurityPayloadTester.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecurityPayloadTester.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPayloadTester.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,gBAAgB,EAIjB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAGL,eAAe,EAChB,MAAM,wBAAwB,CAAC;~~AAQhC~~;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC;;;OAGG;IACH,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC;;;OAGG;IACH,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;~~CACjD~~;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC/B,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED;;GAEG;AACH,qBAAa,qBAAqB;IAO9B,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,kBAAkB;IAR5B,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,oBAAoB,CAAuB;IACnD,OAAO,CAAC,SAAS,CAAK;gBAGZ,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,UAAU,EAClB,kBAAkB,EAAE,CAAC,CAAC,EAC5B,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EACnB,OAAO,EAAE,MAAM,KACZ,OAAO,CAAC,CAAC,CAAC;IAOjB;;;OAGG;IACH,yBAAyB,CAAC,OAAO,EAAE,sBAAsB,GAAG,SAAS,GAAG,IAAI;IAI5E;;;OAGG;IACG,yBAAyB,CAC7B,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,oBAAoB,GAChC,OAAO,CAAC,kBAAkB,EAAE,CAAC;~~IAsMhC~~;;;OAGG;IACG,qBAAqB,CACzB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,oBAAoB,GAChC,OAAO,CAAC,kBAAkB,EAAE,CAAC;~~IA8LhC~~;;OAEG;IACG,WAAW,CACf,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,GACxC,OAAO,CAAC,kBAAkB,CAAC;IAqT9B;;;;;;;;;;;OAWG;IACG,oBAAoB,CACxB,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,GACxC,OAAO,CAAC,kBAAkB,CAAC;IAqD9B;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAqBxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAO3B;;OAEG;IACH,OAAO,CAAC,KAAK;CAGd"}
1	+ {"version":3,"file":"SecurityPayloadTester.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPayloadTester.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,gBAAgB,EAIjB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAGL,eAAe,EAChB,MAAM,wBAAwB,CAAC;AAShC;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC;;;OAGG;IACH,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC;;;OAGG;IACH,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;IAChD;;;OAGG;IACH,aAAa,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IAC/B,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;CACrD;AAED;;GAEG;AACH,qBAAa,qBAAqB;IAO9B,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,kBAAkB;IAR5B,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,oBAAoB,CAAuB;IACnD,OAAO,CAAC,SAAS,CAAK;gBAGZ,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,UAAU,EAClB,kBAAkB,EAAE,CAAC,CAAC,EAC5B,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EACnB,OAAO,EAAE,MAAM,KACZ,OAAO,CAAC,CAAC,CAAC;IAOjB;;;OAGG;IACH,yBAAyB,CAAC,OAAO,EAAE,sBAAsB,GAAG,SAAS,GAAG,IAAI;IAI5E;;;OAGG;IACH,gBAAgB,CAAC,aAAa,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,IAAI;IAI3E;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAwBzB;;;OAGG;IACG,yBAAyB,CAC7B,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,oBAAoB,GAChC,OAAO,CAAC,kBAAkB,EAAE,CAAC;IA6NhC;;;OAGG;IACG,qBAAqB,CACzB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,oBAAoB,GAChC,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAwNhC;;OAEG;IACG,WAAW,CACf,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,GACxC,OAAO,CAAC,kBAAkB,CAAC;IAqT9B;;;;;;;;;;;OAWG;IACG,oBAAoB,CACxB,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,GACxC,OAAO,CAAC,kBAAkB,CAAC;IAqD9B;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAqBxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAO3B;;OAEG;IACH,OAAO,CAAC,KAAK;CAGd"}

package/client/lib/services/assessment/modules/securityTests/SecurityPayloadTester.js CHANGED Viewed

@@ -13,6 +13,7 @@ import { SecurityPayloadGenerator } from "./SecurityPayloadGenerator.js";
 import { SanitizationDetector } from "./SanitizationDetector.js";
 import { DEFAULT_PERFORMANCE_CONFIG } from "../../config/performanceConfig.js";
 import { isTransientErrorPattern } from "./SecurityPatternLibrary.js";
+import { ToolClassifier } from "../../ToolClassifier.js";
 /**
  * Executes security tests with payloads against MCP tools
  */
@@ -39,6 +40,36 @@ export class SecurityPayloadTester {
     setToolAnnotationsContext(context) {
         this.config.toolAnnotationsContext = context;
     }
+    /**
+     * Set transport type for context-aware test skipping (FP reduction)
+     * Call before running tests to skip irrelevant patterns
+     */
+    setTransportType(transportType) {
+        this.config.transportType = transportType;
+    }
+    /**
+     * Check if an attack pattern should be skipped for a given tool.
+     * Reduces false positives by skipping irrelevant test categories.
+     */
+    shouldSkipPattern(tool, attackName) {
+        // Skip "Calculator Injection" for non-calculator tools
+        if (attackName === "Calculator Injection") {
+            const classifier = new ToolClassifier();
+            const result = classifier.classify(tool.name, tool.description);
+            const hasCalcCategory = result.categories.some((c) => c === "calculator" || c === "code_executor");
+            if (!hasCalcCategory) {
+                return "Tool is not a calculator/code executor - Calculator Injection not applicable";
+            }
+        }
+        // Skip "Path Traversal" for HTTP/SSE transport (no local filesystem)
+        if (attackName === "Path Traversal") {
+            const transport = this.config.transportType;
+            if (transport === "http" || transport === "sse") {
+                return "Remote transport (HTTP/SSE) - Path Traversal not applicable to remote servers";
+            }
+        }
+        return null;
+    }
     /**
      * Run comprehensive security tests (advanced mode)
      * Tests selected tools with ALL 23 security patterns using diverse payloads
@@ -120,6 +151,25 @@ export class SecurityPayloadTester {
             }
             this.logger.log(`Testing ${tool.name} with all attack patterns`);
             for (const attackPattern of attackPatterns) {
+                // Skip irrelevant attack patterns to reduce false positives
+                const skipReason = this.shouldSkipPattern(tool, attackPattern.attackName);
+                if (skipReason) {
+                    const payloads = getPayloadsForAttack(attackPattern.attackName);
+                    for (const payload of payloads) {
+                        toolResults.push({
+                            testName: attackPattern.attackName,
+                            description: payload.description,
+                            payload: payload.payload,
+                            riskLevel: payload.riskLevel,
+                            toolName: tool.name,
+                            vulnerable: false,
+                            evidence: skipReason,
+                        });
+                        completedTests++;
+                        batchCount++;
+                    }
+                    continue;
+                }
                 const payloads = getPayloadsForAttack(attackPattern.attackName);
                 for (const payload of payloads) {
                     this.testCount++;
@@ -269,6 +319,28 @@ export class SecurityPayloadTester {
             }
             this.logger.log(`Testing ${tool.name} with ${basicPatterns.length} critical patterns`);
             for (const attackPattern of basicPatterns) {
+                // Skip irrelevant attack patterns to reduce false positives
+                const skipReason = this.shouldSkipPattern(tool, attackPattern.attackName);
+                if (skipReason) {
+                    const allPayloads = getPayloadsForAttack(attackPattern.attackName);
+                    const payload = allPayloads[0];
+                    if (payload) {
+                        const skippedResult = {
+                            testName: attackPattern.attackName,
+                            description: payload.description,
+                            payload: payload.payload,
+                            riskLevel: payload.riskLevel,
+                            toolName: tool.name,
+                            vulnerable: false,
+                            evidence: skipReason,
+                        };
+                        results.push(skippedResult);
+                        toolResults.push(skippedResult);
+                        completedTests++;
+                        batchCount++;
+                    }
+                    continue;
+                }
                 const allPayloads = getPayloadsForAttack(attackPattern.attackName);
                 const payload = allPayloads[0];
                 if (!payload)

package/client/lib/services/assessment/modules/securityTests/factory.d.ts CHANGED Viewed

@@ -48,6 +48,8 @@ export interface SecurityTestersConfig {
     logger: TestLogger;
     /** Timeout execution wrapper from BaseAssessor */
     executeWithTimeout: <T>(promise: Promise<T>, timeout: number) => Promise<T>;
+    /** Transport type for context-aware test skipping */
+    transportType?: "stdio" | "http" | "sse";
 }
 /**
  * Create security testers with dependencies injected

package/client/lib/services/assessment/modules/securityTests/factory.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EACL,qBAAqB,EAErB,UAAU,EACX,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAE9D;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,aAAa,EAAE,qBAAqB,CAAC;IAErC,mEAAmE;IACnE,gBAAgB,EAAE,wBAAwB,CAAC;IAE3C,wEAAwE;IACxE,oBAAoB,EAAE,oBAAoB,CAAC;IAE3C,kEAAkE;IAClE,WAAW,EAAE,oBAAoB,CAAC;IAElC,wEAAwE;IACxE,gBAAgB,EAAE,oBAAoB,CAAC;CACxC;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,yDAAyD;IACzD,gBAAgB,EAAE,uBAAuB,CAAC;IAE1C,wCAAwC;IACxC,MAAM,EAAE,UAAU,CAAC;IAEnB,kDAAkD;IAClD,kBAAkB,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;~~CAC7E~~;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,qBAAqB,CACnC,aAAa,EAAE,qBAAqB,GACnC,eAAe,~~CA8BjB~~;AAED;;;;;;;GAOG;AACH,wBAAgB,kCAAkC,CAChD,cAAc,EAAE,OAAO,CAAC,eAAe,CAAC,EACxC,aAAa,EAAE,qBAAqB,GACnC,eAAe,CAOjB"}
1	+ {"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EACL,qBAAqB,EAErB,UAAU,EACX,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAE9D;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,aAAa,EAAE,qBAAqB,CAAC;IAErC,mEAAmE;IACnE,gBAAgB,EAAE,wBAAwB,CAAC;IAE3C,wEAAwE;IACxE,oBAAoB,EAAE,oBAAoB,CAAC;IAE3C,kEAAkE;IAClE,WAAW,EAAE,oBAAoB,CAAC;IAElC,wEAAwE;IACxE,gBAAgB,EAAE,oBAAoB,CAAC;CACxC;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,yDAAyD;IACzD,gBAAgB,EAAE,uBAAuB,CAAC;IAE1C,wCAAwC;IACxC,MAAM,EAAE,UAAU,CAAC;IAEnB,kDAAkD;IAClD,kBAAkB,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;IAE5E,qDAAqD;IACrD,aAAa,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;CAC1C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,qBAAqB,CACnC,aAAa,EAAE,qBAAqB,GACnC,eAAe,CA+BjB;AAED;;;;;;;GAOG;AACH,wBAAgB,kCAAkC,CAChD,cAAc,EAAE,OAAO,CAAC,eAAe,CAAC,EACxC,aAAa,EAAE,qBAAqB,GACnC,eAAe,CAOjB"}

package/client/lib/services/assessment/modules/securityTests/factory.js CHANGED Viewed

@@ -46,6 +46,7 @@ export function createSecurityTesters(factoryConfig) {
         maxParallelTests: assessmentConfig.maxParallelTests,
         securityTestTimeout: assessmentConfig.securityTestTimeout,
         selectedToolsForTesting: assessmentConfig.selectedToolsForTesting,
+        transportType: factoryConfig.transportType,
     };
     return {
         payloadTester: new SecurityPayloadTester(payloadConfig, logger, executeWithTimeout),

package/client/lib/services/assessment/registry/AssessorDefinitions.js CHANGED Viewed

@@ -14,7 +14,7 @@ import { FunctionalityAssessor } from "../modules/FunctionalityAssessor.js";
 import { SecurityAssessor } from "../modules/SecurityAssessor.js";
 import { DocumentationAssessor } from "../modules/DocumentationAssessor.js";
 // ErrorHandlingAssessor merged into ProtocolComplianceAssessor (Issue #188)
-// import { ErrorHandlingAssessor } from "../modules/ErrorHandlingAssessor";
+// import { ErrorHandlingAssessor } from "../modules/ErrorHandlingAssessor.js";
 import { UsabilityAssessor } from "../modules/UsabilityAssessor.js";
 // Protocol compliance (unified module with error handling - Issue #188)
 import { ProtocolComplianceAssessor } from "../modules/ProtocolComplianceAssessor/ProtocolComplianceAssessor.js";

package/client/lib/services/assessment/responseValidatorSchemas.d.ts CHANGED Viewed

@@ -369,9 +369,9 @@ export declare const ValidationResultSchema: z.ZodObject<{
     evidence?: string[];
     confidence?: number;
     isError?: boolean;
-    issues?: string[];
     isValid?: boolean;
-    classification?: "error" | "broken" | "fully_working" | "partially_working" | "connectivity_only";
+    issues?: string[];
+    classification?: "error" | "fully_working" | "partially_working" | "connectivity_only" | "broken";
     responseMetadata?: {
         contentTypes?: ("text" | "image" | "audio" | "resource_link" | "resource")[];
         hasStructuredContent?: boolean;
@@ -389,9 +389,9 @@ export declare const ValidationResultSchema: z.ZodObject<{
     evidence?: string[];
     confidence?: number;
     isError?: boolean;
-    issues?: string[];
     isValid?: boolean;
-    classification?: "error" | "broken" | "fully_working" | "partially_working" | "connectivity_only";
+    issues?: string[];
+    classification?: "error" | "fully_working" | "partially_working" | "connectivity_only" | "broken";
     responseMetadata?: {
         contentTypes?: ("text" | "image" | "audio" | "resource_link" | "resource")[];
         hasStructuredContent?: boolean;
@@ -480,7 +480,6 @@ export declare const MCPToolCallResultSchema: z.ZodObject<{
     structuredContent: z.ZodOptional<z.ZodUnknown>;
     _meta: z.ZodOptional<z.ZodUnknown>;
 }, "strip", z.ZodTypeAny, {
-    _meta?: unknown;
     content?: ({
         text?: string;
         type?: "text";
@@ -504,9 +503,9 @@ export declare const MCPToolCallResultSchema: z.ZodObject<{
         uri?: string;
     })[];
     isError?: boolean;
+    _meta?: unknown;
     structuredContent?: unknown;
 }, {
-    _meta?: unknown;
     content?: ({
         text?: string;
         type?: "text";
@@ -530,6 +529,7 @@ export declare const MCPToolCallResultSchema: z.ZodObject<{
         uri?: string;
     })[];
     isError?: boolean;
+    _meta?: unknown;
     structuredContent?: unknown;
 }>;
 export type MCPToolCallResultParsed = z.infer<typeof MCPToolCallResultSchema>;
@@ -596,7 +596,6 @@ export declare function safeParseContentArray(content: unknown): z.SafeParseRetu
  * @returns SafeParseResult with success status and data/error
  */
 export declare function safeParseMCPToolCallResult(result: unknown): z.SafeParseReturnType<{
-    _meta?: unknown;
     content?: ({
         text?: string;
         type?: "text";
@@ -620,9 +619,9 @@ export declare function safeParseMCPToolCallResult(result: unknown): z.SafeParse
         uri?: string;
     })[];
     isError?: boolean;
+    _meta?: unknown;
     structuredContent?: unknown;
 }, {
-    _meta?: unknown;
     content?: ({
         text?: string;
         type?: "text";
@@ -646,6 +645,7 @@ export declare function safeParseMCPToolCallResult(result: unknown): z.SafeParse
         uri?: string;
     })[];
     isError?: boolean;
+    _meta?: unknown;
     structuredContent?: unknown;
 }>;
 /**
@@ -673,9 +673,9 @@ export declare function safeParseValidationResult(result: unknown): z.SafeParseR
     evidence?: string[];
     confidence?: number;
     isError?: boolean;
-    issues?: string[];
     isValid?: boolean;
-    classification?: "error" | "broken" | "fully_working" | "partially_working" | "connectivity_only";
+    issues?: string[];
+    classification?: "error" | "fully_working" | "partially_working" | "connectivity_only" | "broken";
     responseMetadata?: {
         contentTypes?: ("text" | "image" | "audio" | "resource_link" | "resource")[];
         hasStructuredContent?: boolean;
@@ -693,9 +693,9 @@ export declare function safeParseValidationResult(result: unknown): z.SafeParseR
     evidence?: string[];
     confidence?: number;
     isError?: boolean;
-    issues?: string[];
     isValid?: boolean;
-    classification?: "error" | "broken" | "fully_working" | "partially_working" | "connectivity_only";
+    issues?: string[];
+    classification?: "error" | "fully_working" | "partially_working" | "connectivity_only" | "broken";
     responseMetadata?: {
         contentTypes?: ("text" | "image" | "audio" | "resource_link" | "resource")[];
         hasStructuredContent?: boolean;

package/client/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-client",
-  "version": "1.43.2",
+  "version": "1.43.4",
   "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",
@@ -36,8 +36,8 @@
   ],
   "scripts": {
     "dev": "vite --port 6274",
-    "build": "tsc -b && vite build && npm run build:lib",
-    "build:lib": "tsc -p tsconfig.lib.json && npx tsc-alias -p tsconfig.lib.json --resolve-full-paths",
+    "build": "vite build && npm run build:lib",
+    "build:lib": "tsc -p tsconfig.lib.json --noCheck && npx tsc-alias -p tsconfig.lib.json --resolve-full-paths",
     "lint": "eslint .",
     "preview": "vite preview --port 6274",
     "test": "jest --config jest.config.cjs",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment",
-  "version": "1.43.2",
+  "version": "1.43.4",
   "description": "Enhanced MCP Inspector with comprehensive assessment capabilities for server validation",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",
@@ -89,8 +89,10 @@
   ],
   "scripts": {
     "build": "npm run build-server && npm run build-client && npm run build-cli",
+    "build:docker": "npm run build-server && npm run build-client:docker && npm run build-cli",
     "build-server": "cd server && npm run build",
     "build-client": "cd client && npm run build",
+    "build-client:docker": "docker run --rm -v \"$PWD\":/app -w /app/client node:22-slim sh -c 'npm install --prefer-offline 2>/dev/null; npm run build'",
     "build-cli": "cd cli && npm run build",
     "clean": "rimraf ./node_modules ./client/node_modules ./cli/node_modules ./build ./client/dist ./server/build ./cli/build ./package-lock.json && npm install",
     "dev": "node client/bin/start.js --dev",
@@ -119,7 +121,7 @@
     "prettier-fix": "prettier --write .",
     "prettier-check": "prettier --check .",
     "lint": "prettier --check . && cd client && npm run lint",
-    "prepare": "husky && npm run build",
+    "prepare": "husky",
     "prepublishOnly": "node scripts/validate-publish.js",
     "publish-all": "npm publish --workspaces --access public && npm publish --access public",
     "update-version": "node scripts/update-version.js",

package/server/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-server",
-  "version": "1.43.2",
+  "version": "1.43.4",
   "description": "Server-side application for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",

package/cli/build/lib/__tests__/zodErrorFormatter.test.js DELETED Viewed

@@ -1,282 +0,0 @@
-/**
- * Tests for Zod Error Formatting Utilities
- *
- * Validates the error formatting functions for CLI-friendly output.
- *
- * @module cli/lib/__tests__/zodErrorFormatter
- */
-// Uses Jest globals (describe, test, expect)
-import { jest } from "@jest/globals";
-import { z } from "zod";
-import { formatZodIssue, formatZodError, formatZodErrorIndented, printZodErrorForCli, zodErrorToArray, formatZodErrorForJson, formatUserFriendlyError, } from "../zodErrorFormatter.js";
-// Helper to create a ZodError with specific issues
-function createZodError(issues) {
-    // Create a schema that will fail and then manipulate the error
-    const schema = z.object({ dummy: z.string() });
-    const result = schema.safeParse({ dummy: 123 });
-    if (!result.success) {
-        // Replace the errors with our custom issues
-        result.error.issues = issues.map((issue) => ({
-            code: issue.code || "custom",
-            path: issue.path,
-            message: issue.message,
-        }));
-        return result.error;
-    }
-    throw new Error("Failed to create ZodError");
-}
-describe("zodErrorFormatter", () => {
-    describe("formatZodIssue", () => {
-        test("formats issue with empty path (message only)", () => {
-            const issue = { code: "custom", path: [], message: "Required" };
-            const result = formatZodIssue(issue);
-            expect(result).toBe("Required");
-        });
-        test("formats issue with single-level path", () => {
-            const issue = {
-                code: "custom",
-                path: ["field"],
-                message: "Invalid value",
-            };
-            const result = formatZodIssue(issue);
-            expect(result).toBe("field: Invalid value");
-        });
-        test("formats issue with nested path", () => {
-            const issue = {
-                code: "custom",
-                path: ["config", "nested", "field"],
-                message: "Must be a string",
-            };
-            const result = formatZodIssue(issue);
-            expect(result).toBe("config.nested.field: Must be a string");
-        });
-        test("formats issue with array index in path", () => {
-            const issue = {
-                code: "custom",
-                path: ["items", 0, "name"],
-                message: "Required",
-            };
-            const result = formatZodIssue(issue);
-            expect(result).toBe("items.0.name: Required");
-        });
-    });
-    describe("formatZodError", () => {
-        test("formats single error", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            const result = formatZodError(error);
-            expect(result).toBe("field: Invalid value");
-        });
-        test("formats multiple errors with newlines", () => {
-            const error = createZodError([
-                { path: ["field1"], message: "Error 1" },
-                { path: ["field2"], message: "Error 2" },
-                { path: ["field3"], message: "Error 3" },
-            ]);
-            const result = formatZodError(error);
-            expect(result).toBe("field1: Error 1\nfield2: Error 2\nfield3: Error 3");
-        });
-        test("handles error with empty path", () => {
-            const error = createZodError([{ path: [], message: "Global error" }]);
-            const result = formatZodError(error);
-            expect(result).toBe("Global error");
-        });
-    });
-    describe("formatZodErrorIndented", () => {
-        test("uses default indentation (two spaces)", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            const result = formatZodErrorIndented(error);
-            expect(result).toBe("  field: Invalid value");
-        });
-        test("uses custom indentation", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            const result = formatZodErrorIndented(error, "\t");
-            expect(result).toBe("\tfield: Invalid value");
-        });
-        test("uses four spaces indentation", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            const result = formatZodErrorIndented(error, "    ");
-            expect(result).toBe("    field: Invalid value");
-        });
-        test("applies indent to each line for multiple errors", () => {
-            const error = createZodError([
-                { path: ["field1"], message: "Error 1" },
-                { path: ["field2"], message: "Error 2" },
-            ]);
-            const result = formatZodErrorIndented(error, ">> ");
-            expect(result).toBe(">> field1: Error 1\n>> field2: Error 2");
-        });
-        test("uses empty indentation", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            const result = formatZodErrorIndented(error, "");
-            expect(result).toBe("field: Invalid value");
-        });
-    });
-    describe("printZodErrorForCli", () => {
-        let consoleSpy;
-        beforeEach(() => {
-            consoleSpy = jest.spyOn(console, "error").mockImplementation(() => { });
-        });
-        afterEach(() => {
-            consoleSpy.mockRestore();
-        });
-        test("prints with context prefix", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            printZodErrorForCli(error, "config file");
-            expect(consoleSpy).toHaveBeenCalledWith("Error in config file:\n  field: Invalid value");
-        });
-        test("prints without context (default prefix)", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            printZodErrorForCli(error);
-            expect(consoleSpy).toHaveBeenCalledWith("Validation error:\n  field: Invalid value");
-        });
-        test("outputs multiple errors with indentation", () => {
-            const error = createZodError([
-                { path: ["field1"], message: "Error 1" },
-                { path: ["field2"], message: "Error 2" },
-            ]);
-            printZodErrorForCli(error, "CLI arguments");
-            expect(consoleSpy).toHaveBeenCalledWith("Error in CLI arguments:\n  field1: Error 1\n  field2: Error 2");
-        });
-    });
-    describe("zodErrorToArray", () => {
-        test("converts single error to array", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            const result = zodErrorToArray(error);
-            expect(result).toEqual(["field: Invalid value"]);
-        });
-        test("converts multiple errors to array", () => {
-            const error = createZodError([
-                { path: ["field1"], message: "Error 1" },
-                { path: ["field2"], message: "Error 2" },
-                { path: ["field3"], message: "Error 3" },
-            ]);
-            const result = zodErrorToArray(error);
-            expect(result).toEqual([
-                "field1: Error 1",
-                "field2: Error 2",
-                "field3: Error 3",
-            ]);
-        });
-        test("returns array preserving order", () => {
-            const error = createZodError([
-                { path: ["z"], message: "Z error" },
-                { path: ["a"], message: "A error" },
-                { path: ["m"], message: "M error" },
-            ]);
-            const result = zodErrorToArray(error);
-            expect(result).toEqual(["z: Z error", "a: A error", "m: M error"]);
-        });
-    });
-    describe("formatZodErrorForJson", () => {
-        test("includes message field", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value" },
-            ]);
-            const result = formatZodErrorForJson(error);
-            expect(result.message).toBe("Validation failed");
-        });
-        test("includes errors array with path, message, code", () => {
-            const error = createZodError([
-                { path: ["field"], message: "Invalid value", code: "invalid_type" },
-            ]);
-            const result = formatZodErrorForJson(error);
-            expect(result.errors).toHaveLength(1);
-            expect(result.errors[0]).toEqual({
-                path: ["field"],
-                message: "Invalid value",
-                code: "invalid_type",
-            });
-        });
-        test("preserves path as array with numbers and strings", () => {
-            const error = createZodError([
-                { path: ["items", 0, "nested", 1, "field"], message: "Error" },
-            ]);
-            const result = formatZodErrorForJson(error);
-            expect(result.errors[0].path).toEqual(["items", 0, "nested", 1, "field"]);
-        });
-        test("handles multiple errors", () => {
-            const error = createZodError([
-                { path: ["field1"], message: "Error 1", code: "too_small" },
-                { path: ["field2"], message: "Error 2", code: "invalid_type" },
-            ]);
-            const result = formatZodErrorForJson(error);
-            expect(result.errors).toHaveLength(2);
-            expect(result.errors[0].code).toBe("too_small");
-            expect(result.errors[1].code).toBe("invalid_type");
-        });
-    });
-    describe("formatUserFriendlyError", () => {
-        test("single error returns plain message", () => {
-            const error = createZodError([
-                { path: ["username"], message: "Required" },
-            ]);
-            const result = formatUserFriendlyError(error);
-            expect(result).toBe("username: Required");
-        });
-        test("single error with empty path returns message only", () => {
-            const error = createZodError([{ path: [], message: "Invalid input" }]);
-            const result = formatUserFriendlyError(error);
-            expect(result).toBe("Invalid input");
-        });
-        test("multiple errors returns bulleted list", () => {
-            const error = createZodError([
-                { path: ["field1"], message: "Error 1" },
-                { path: ["field2"], message: "Error 2" },
-            ]);
-            const result = formatUserFriendlyError(error);
-            expect(result).toBe("Multiple validation errors:\n  - field1: Error 1\n  - field2: Error 2");
-        });
-        test("applies field label mapping", () => {
-            const error = createZodError([
-                { path: ["serverName"], message: "Required" },
-            ]);
-            const labels = { serverName: "Server Name" };
-            const result = formatUserFriendlyError(error, labels);
-            expect(result).toBe("Server Name: Required");
-        });
-        test("applies labels for multiple errors", () => {
-            const error = createZodError([
-                { path: ["serverName"], message: "Required" },
-                { path: ["configPath"], message: "Invalid path" },
-            ]);
-            const labels = {
-                serverName: "Server Name",
-                configPath: "Configuration Path",
-            };
-            const result = formatUserFriendlyError(error, labels);
-            expect(result).toBe("Multiple validation errors:\n  - Server Name: Required\n  - Configuration Path: Invalid path");
-        });
-        test("falls back to path when no matching label", () => {
-            const error = createZodError([
-                { path: ["unknownField"], message: "Error" },
-            ]);
-            const labels = { otherField: "Other Field" };
-            const result = formatUserFriendlyError(error, labels);
-            expect(result).toBe("unknownField: Error");
-        });
-        test("handles nested path with labels", () => {
-            const error = createZodError([
-                { path: ["config", "nested"], message: "Invalid" },
-            ]);
-            const labels = { "config.nested": "Nested Config" };
-            const result = formatUserFriendlyError(error, labels);
-            expect(result).toBe("Nested Config: Invalid");
-        });
-    });
-});