@bryan-thompson/inspector-assessment 1.5.0 → 1.7.0

package/client/lib/services/assessment/modules/PortabilityAssessor.js

@@ -0,0 +1,347 @@
+/**
+ * Portability Assessor
+ * Detects hardcoded paths and platform-specific code
+ *
+ * Checks:
+ * - Hardcoded absolute paths
+ * - User home directory references
+ * - ${BUNDLE_ROOT} anti-pattern (should use ${__dirname})
+ * - Platform-specific code without fallbacks
+ * - ${__dirname} usage (correct pattern)
+ *
+ * Reference: MCPB Bundle Portability Requirements
+ */
+import { BaseAssessor } from "./BaseAssessor.js";
+/**
+ * Patterns for detecting portability issues
+ */
+const ISSUE_PATTERNS = {
+    // Absolute Unix paths (not ${__dirname})
+    absoluteUnixPath: /(?<!\$\{__dirname\}|['"])\/(?:usr|home|var|etc|opt|tmp|Users|Applications)\/[^\s'"]+/g,
+    // Absolute Windows paths
+    absoluteWindowsPath: /[A-Z]:\\[^\s'"]+/gi,
+    // User home directory references
+    userHomePath: /(?:~\/|\/Users\/|\/home\/)[^\s'"]+/g,
+    // ${BUNDLE_ROOT} anti-pattern
+    bundleRootAntipattern: /\$\{BUNDLE_ROOT\}/g,
+    // Platform-specific checks without fallbacks
+    platformSpecificDarwin: /process\.platform\s*===?\s*['"]darwin['"]/g,
+    platformSpecificWin32: /process\.platform\s*===?\s*['"]win32['"]/g,
+    platformSpecificLinux: /process\.platform\s*===?\s*['"]linux['"]/g,
+    // Hardcoded config paths
+    hardcodedConfigPaths: /['"](?:\/etc\/|~\/\.|\.config\/)[^'"]+['"]/g,
+};
+/**
+ * Patterns for correct usage (positive signals)
+ */
+const GOOD_PATTERNS = {
+    // Correct ${__dirname} usage
+    dirname: /\$\{__dirname\}/g,
+    // process.cwd() (usually acceptable)
+    processCwd: /process\.cwd\(\)/g,
+    // Cross-platform path handling
+    pathJoin: /path\.join\(/g,
+    pathResolve: /path\.resolve\(/g,
+};
+export class PortabilityAssessor extends BaseAssessor {
+    /**
+     * Run portability assessment
+     */
+    async assess(context) {
+        this.log("Starting portability assessment");
+        this.testCount = 0;
+        const issues = [];
+        let scannedFiles = 0;
+        let platformSpecificCount = 0;
+        let hardcodedPathCount = 0;
+        let usesDirname = false;
+        let usesBundleRoot = false;
+        // Check manifest if available
+        if (context.manifestRaw) {
+            this.testCount++;
+            scannedFiles++;
+            const manifestIssues = this.scanFile("manifest.json", context.manifestRaw);
+            issues.push(...manifestIssues);
+            // Check for ${__dirname} and ${BUNDLE_ROOT} in manifest
+            if (GOOD_PATTERNS.dirname.test(context.manifestRaw)) {
+                usesDirname = true;
+            }
+            if (ISSUE_PATTERNS.bundleRootAntipattern.test(context.manifestRaw)) {
+                usesBundleRoot = true;
+            }
+        }
+        // Check package.json scripts
+        if (context.packageJson) {
+            this.testCount++;
+            scannedFiles++;
+            const packageJson = context.packageJson;
+            if (packageJson.scripts) {
+                const scriptsStr = JSON.stringify(packageJson.scripts);
+                const scriptIssues = this.scanFile("package.json (scripts)", scriptsStr);
+                issues.push(...scriptIssues);
+            }
+        }
+        // Check source code files if available
+        if (context.sourceCodeFiles && context.config.enableSourceCodeAnalysis) {
+            this.log("Scanning source code files for portability issues...");
+            for (const [filePath, content] of context.sourceCodeFiles) {
+                // Skip irrelevant files
+                if (this.shouldSkipFile(filePath))
+                    continue;
+                this.testCount++;
+                scannedFiles++;
+                const fileIssues = this.scanFile(filePath, content);
+                issues.push(...fileIssues);
+                // Check for good patterns
+                if (GOOD_PATTERNS.dirname.test(content)) {
+                    usesDirname = true;
+                }
+                if (ISSUE_PATTERNS.bundleRootAntipattern.test(content)) {
+                    usesBundleRoot = true;
+                }
+            }
+        }
+        // Count issue types
+        hardcodedPathCount = issues.filter((i) => i.type === "hardcoded_path" ||
+            i.type === "absolute_path" ||
+            i.type === "user_home_path").length;
+        platformSpecificCount = issues.filter((i) => i.type === "platform_specific").length;
+        const status = this.determinePortabilityStatus(issues, usesDirname, usesBundleRoot);
+        const explanation = this.generateExplanation(issues, usesDirname, usesBundleRoot, scannedFiles);
+        const recommendations = this.generateRecommendations(issues, usesDirname, usesBundleRoot);
+        this.log(`Assessment complete: ${issues.length} portability issues found`);
+        return {
+            issues,
+            scannedFiles,
+            platformSpecificCount,
+            hardcodedPathCount,
+            usesDirname,
+            usesBundleRoot,
+            status,
+            explanation,
+            recommendations,
+        };
+    }
+    /**
+     * Scan a file for portability issues
+     */
+    scanFile(filePath, content) {
+        const issues = [];
+        const lines = content.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNumber = i + 1;
+            // Check for ${BUNDLE_ROOT} anti-pattern
+            const bundleRootMatches = line.match(ISSUE_PATTERNS.bundleRootAntipattern);
+            if (bundleRootMatches) {
+                for (const match of bundleRootMatches) {
+                    issues.push({
+                        type: "bundle_root_antipattern",
+                        filePath,
+                        lineNumber,
+                        matchedText: match,
+                        severity: "HIGH",
+                        recommendation: "Replace ${BUNDLE_ROOT} with ${__dirname} - BUNDLE_ROOT is not supported",
+                    });
+                }
+            }
+            // Check for absolute Unix paths (excluding __dirname prefixed)
+            const cleanLine = line.replace(/\$\{__dirname\}/g, ""); // Remove __dirname to avoid false positives
+            const unixPathMatches = cleanLine.match(ISSUE_PATTERNS.absoluteUnixPath);
+            if (unixPathMatches) {
+                for (const match of unixPathMatches) {
+                    // Skip if it looks like a URL or comment
+                    if (match.includes("://") ||
+                        line.trim().startsWith("//") ||
+                        line.trim().startsWith("*")) {
+                        continue;
+                    }
+                    issues.push({
+                        type: "absolute_path",
+                        filePath,
+                        lineNumber,
+                        matchedText: match,
+                        severity: "HIGH",
+                        recommendation: "Use relative paths or ${__dirname} for bundle portability",
+                    });
+                }
+            }
+            // Check for absolute Windows paths
+            const windowsPathMatches = line.match(ISSUE_PATTERNS.absoluteWindowsPath);
+            if (windowsPathMatches) {
+                for (const match of windowsPathMatches) {
+                    issues.push({
+                        type: "absolute_path",
+                        filePath,
+                        lineNumber,
+                        matchedText: match,
+                        severity: "HIGH",
+                        recommendation: "Use relative paths or path.join() for cross-platform support",
+                    });
+                }
+            }
+            // Check for user home paths
+            const homePathMatches = line.match(ISSUE_PATTERNS.userHomePath);
+            if (homePathMatches) {
+                for (const match of homePathMatches) {
+                    // Skip if in a comment
+                    if (line.trim().startsWith("//") ||
+                        line.trim().startsWith("*") ||
+                        line.trim().startsWith("#")) {
+                        continue;
+                    }
+                    issues.push({
+                        type: "user_home_path",
+                        filePath,
+                        lineNumber,
+                        matchedText: match,
+                        severity: "MEDIUM",
+                        recommendation: "Use os.homedir() or environment variable for user home paths",
+                    });
+                }
+            }
+            // Check for platform-specific code without apparent fallback
+            const platformChecks = [
+                ISSUE_PATTERNS.platformSpecificDarwin,
+                ISSUE_PATTERNS.platformSpecificWin32,
+                ISSUE_PATTERNS.platformSpecificLinux,
+            ];
+            for (const pattern of platformChecks) {
+                const matches = line.match(pattern);
+                if (matches) {
+                    // Check if there's a fallback (else clause or default case)
+                    const hasElse = content
+                        .substring(content.indexOf(line))
+                        .includes("else");
+                    const hasDefault = content
+                        .substring(content.indexOf(line))
+                        .includes("default:");
+                    if (!hasElse && !hasDefault) {
+                        for (const match of matches) {
+                            issues.push({
+                                type: "platform_specific",
+                                filePath,
+                                lineNumber,
+                                matchedText: match,
+                                severity: "LOW",
+                                recommendation: "Consider adding fallback for other platforms",
+                            });
+                        }
+                    }
+                }
+            }
+        }
+        return issues;
+    }
+    /**
+     * Check if file should be skipped
+     */
+    shouldSkipFile(filePath) {
+        const skipPatterns = [
+            /node_modules/,
+            /\.test\.(ts|js|tsx|jsx)$/,
+            /\.spec\.(ts|js|tsx|jsx)$/,
+            /\.d\.ts$/,
+            /package-lock\.json$/,
+            /yarn\.lock$/,
+            /\.map$/,
+            /\.min\.(js|css)$/,
+            /README\.md$/i,
+            /CHANGELOG\.md$/i,
+            /LICENSE/i,
+        ];
+        return skipPatterns.some((pattern) => pattern.test(filePath));
+    }
+    /**
+     * Determine overall status
+     */
+    determinePortabilityStatus(issues, usesDirname, usesBundleRoot) {
+        // ${BUNDLE_ROOT} usage = automatic FAIL
+        if (usesBundleRoot) {
+            return "FAIL";
+        }
+        // HIGH severity issues = FAIL
+        const highIssues = issues.filter((i) => i.severity === "HIGH");
+        if (highIssues.length > 0) {
+            return "FAIL";
+        }
+        // MEDIUM severity issues = NEED_MORE_INFO
+        const mediumIssues = issues.filter((i) => i.severity === "MEDIUM");
+        if (mediumIssues.length > 0) {
+            return "NEED_MORE_INFO";
+        }
+        // Uses ${__dirname} is a positive signal
+        if (usesDirname && issues.length === 0) {
+            return "PASS";
+        }
+        // LOW severity issues only
+        if (issues.length > 0) {
+            return "NEED_MORE_INFO";
+        }
+        return "PASS";
+    }
+    /**
+     * Generate explanation
+     */
+    generateExplanation(issues, usesDirname, usesBundleRoot, scannedFiles) {
+        const parts = [];
+        if (usesBundleRoot) {
+            parts.push("CRITICAL: Uses ${BUNDLE_ROOT} which is not supported in MCPB bundles.");
+        }
+        if (issues.length === 0) {
+            parts.push("No portability issues detected.");
+        }
+        else {
+            const highCount = issues.filter((i) => i.severity === "HIGH").length;
+            const mediumCount = issues.filter((i) => i.severity === "MEDIUM").length;
+            if (highCount > 0) {
+                parts.push(`${highCount} high-severity portability issue(s) found.`);
+            }
+            if (mediumCount > 0) {
+                parts.push(`${mediumCount} medium-severity issue(s) found.`);
+            }
+        }
+        if (usesDirname) {
+            parts.push("Uses ${__dirname} correctly for relative paths.");
+        }
+        parts.push(`Scanned ${scannedFiles} file(s).`);
+        return parts.join(" ");
+    }
+    /**
+     * Generate recommendations
+     */
+    generateRecommendations(issues, usesDirname, usesBundleRoot) {
+        const recommendations = [];
+        if (usesBundleRoot) {
+            recommendations.push("CRITICAL: Replace all ${BUNDLE_ROOT} with ${__dirname} - BUNDLE_ROOT variable is not supported in MCPB bundles.");
+        }
+        // Group issues by type
+        const byType = new Map();
+        for (const issue of issues) {
+            const existing = byType.get(issue.type) || [];
+            existing.push(issue);
+            byType.set(issue.type, existing);
+        }
+        // Add recommendations by type
+        for (const [type, typeIssues] of byType) {
+            if (type === "bundle_root_antipattern")
+                continue; // Already handled
+            const first = typeIssues[0];
+            if (typeIssues.length === 1) {
+                recommendations.push(`${first.filePath}:${first.lineNumber}: ${first.recommendation}`);
+            }
+            else {
+                recommendations.push(`${typeIssues.length} ${type.replace(/_/g, " ")} issues: ${first.recommendation}`);
+            }
+        }
+        if (recommendations.length === 0) {
+            if (usesDirname) {
+                recommendations.push("Server uses proper relative paths with ${__dirname}. Good portability.");
+            }
+            else {
+                recommendations.push("Consider using ${__dirname} for paths in manifest.json for better portability.");
+            }
+        }
+        return recommendations;
+    }
+}

package/client/lib/services/assessment/modules/ProhibitedLibrariesAssessor.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Prohibited Libraries Assessor
+ * Detects financial and media processing libraries per Policy #28-30
+ *
+ * Checks:
+ * - package.json dependencies
+ * - requirements.txt (Python)
+ * - Source code imports (if sourceCodePath provided)
+ *
+ * Reference: Anthropic MCP Directory Policy #28-30
+ */
+import { BaseAssessor } from "./BaseAssessor.js";
+import { AssessmentContext } from "../AssessmentOrchestrator.js";
+import type { ProhibitedLibrariesAssessment } from "../../../lib/assessmentTypes.js";
+export declare class ProhibitedLibrariesAssessor extends BaseAssessor {
+    /**
+     * Run prohibited libraries assessment
+     */
+    assess(context: AssessmentContext): Promise<ProhibitedLibrariesAssessment>;
+    /**
+     * Check if file is a source file worth scanning
+     */
+    private isSourceFile;
+    /**
+     * De-duplicate matches, keeping the most severe
+     */
+    private deduplicateMatches;
+    /**
+     * Calculate overall status from matches
+     */
+    private calculateStatusFromMatches;
+    /**
+     * Generate explanation
+     */
+    private generateExplanation;
+    /**
+     * Generate recommendations
+     */
+    private generateRecommendations;
+}
+//# sourceMappingURL=ProhibitedLibrariesAssessor.d.ts.map

package/client/lib/services/assessment/modules/ProhibitedLibrariesAssessor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProhibitedLibrariesAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ProhibitedLibrariesAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,6BAA6B,EAG9B,MAAM,uBAAuB,CAAC;AAO/B,qBAAa,2BAA4B,SAAQ,YAAY;IAC3D;;OAEG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,6BAA6B,CAAC;IA4IzC;;OAEG;IACH,OAAO,CAAC,YAAY;IA0BpB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqB1B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAuBlC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAoD3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;CAqDhC"}

package/client/lib/services/assessment/modules/ProhibitedLibrariesAssessor.js

@@ -0,0 +1,256 @@
+/**
+ * Prohibited Libraries Assessor
+ * Detects financial and media processing libraries per Policy #28-30
+ *
+ * Checks:
+ * - package.json dependencies
+ * - requirements.txt (Python)
+ * - Source code imports (if sourceCodePath provided)
+ *
+ * Reference: Anthropic MCP Directory Policy #28-30
+ */
+import { BaseAssessor } from "./BaseAssessor.js";
+import { checkPackageJsonDependencies, checkRequirementsTxt, checkSourceImports, } from "../../../lib/prohibitedLibraries.js";
+export class ProhibitedLibrariesAssessor extends BaseAssessor {
+    /**
+     * Run prohibited libraries assessment
+     */
+    async assess(context) {
+        this.log("Starting prohibited libraries assessment");
+        this.testCount = 0;
+        const matches = [];
+        const scannedFiles = [];
+        let hasFinancialLibraries = false;
+        let hasMediaLibraries = false;
+        // Check package.json dependencies
+        if (context.packageJson) {
+            this.log("Scanning package.json dependencies...");
+            this.testCount++;
+            scannedFiles.push("package.json");
+            const packageJson = context.packageJson;
+            const depMatches = checkPackageJsonDependencies(packageJson);
+            for (const match of depMatches) {
+                matches.push({
+                    name: match.library.name,
+                    category: match.library.category,
+                    location: "package.json",
+                    severity: match.library.severity,
+                    reason: match.library.reason,
+                    policyReference: match.library.policyReference,
+                });
+                if (match.library.category === "financial" ||
+                    match.library.category === "payments" ||
+                    match.library.category === "banking") {
+                    hasFinancialLibraries = true;
+                }
+                if (match.library.category === "media") {
+                    hasMediaLibraries = true;
+                }
+            }
+        }
+        // Check source code files if available
+        if (context.sourceCodeFiles && context.config.enableSourceCodeAnalysis) {
+            this.log("Scanning source code files...");
+            for (const [filePath, content] of context.sourceCodeFiles) {
+                // Check Python requirements files
+                if (filePath.endsWith("requirements.txt") ||
+                    filePath.endsWith("requirements-dev.txt")) {
+                    this.testCount++;
+                    scannedFiles.push(filePath);
+                    const reqMatches = checkRequirementsTxt(content);
+                    for (const match of reqMatches) {
+                        matches.push({
+                            name: match.library.name,
+                            category: match.library.category,
+                            location: "requirements.txt",
+                            filePath,
+                            lineNumber: match.lineNumber,
+                            severity: match.library.severity,
+                            reason: match.library.reason,
+                            policyReference: match.library.policyReference,
+                        });
+                        if (match.library.category === "financial" ||
+                            match.library.category === "payments" ||
+                            match.library.category === "banking") {
+                            hasFinancialLibraries = true;
+                        }
+                        if (match.library.category === "media") {
+                            hasMediaLibraries = true;
+                        }
+                    }
+                }
+                // Check source code imports
+                if (this.isSourceFile(filePath)) {
+                    this.testCount++;
+                    scannedFiles.push(filePath);
+                    const importMatches = checkSourceImports(content);
+                    for (const match of importMatches) {
+                        matches.push({
+                            name: match.library.name,
+                            category: match.library.category,
+                            location: "source_import",
+                            filePath,
+                            lineNumber: match.lineNumber,
+                            severity: match.library.severity,
+                            reason: match.library.reason,
+                            policyReference: match.library.policyReference,
+                        });
+                        if (match.library.category === "financial" ||
+                            match.library.category === "payments" ||
+                            match.library.category === "banking") {
+                            hasFinancialLibraries = true;
+                        }
+                        if (match.library.category === "media") {
+                            hasMediaLibraries = true;
+                        }
+                    }
+                }
+            }
+        }
+        // De-duplicate matches by library name
+        const uniqueMatches = this.deduplicateMatches(matches);
+        const status = this.calculateStatusFromMatches(uniqueMatches);
+        const explanation = this.generateExplanation(uniqueMatches, hasFinancialLibraries, hasMediaLibraries, scannedFiles);
+        const recommendations = this.generateRecommendations(uniqueMatches);
+        this.log(`Assessment complete: ${uniqueMatches.length} prohibited libraries found`);
+        return {
+            matches: uniqueMatches,
+            scannedFiles,
+            hasFinancialLibraries,
+            hasMediaLibraries,
+            status,
+            explanation,
+            recommendations,
+        };
+    }
+    /**
+     * Check if file is a source file worth scanning
+     */
+    isSourceFile(filePath) {
+        const sourceExtensions = [
+            ".ts",
+            ".tsx",
+            ".js",
+            ".jsx",
+            ".mjs",
+            ".cjs",
+            ".py",
+            ".rs",
+            ".go",
+        ];
+        // Skip test files and node_modules
+        if (filePath.includes("node_modules") ||
+            filePath.includes(".test.") ||
+            filePath.includes(".spec.") ||
+            filePath.includes("__tests__")) {
+            return false;
+        }
+        return sourceExtensions.some((ext) => filePath.endsWith(ext));
+    }
+    /**
+     * De-duplicate matches, keeping the most severe
+     */
+    deduplicateMatches(matches) {
+        const byName = new Map();
+        for (const match of matches) {
+            const existing = byName.get(match.name);
+            if (!existing) {
+                byName.set(match.name, match);
+            }
+            else {
+                // Keep the more severe match
+                const severityOrder = { BLOCKING: 3, HIGH: 2, MEDIUM: 1 };
+                if (severityOrder[match.severity] > severityOrder[existing.severity]) {
+                    byName.set(match.name, match);
+                }
+            }
+        }
+        return Array.from(byName.values());
+    }
+    /**
+     * Calculate overall status from matches
+     */
+    calculateStatusFromMatches(matches) {
+        // Any BLOCKING library = FAIL
+        const blockingMatches = matches.filter((m) => m.severity === "BLOCKING");
+        if (blockingMatches.length > 0) {
+            return "FAIL";
+        }
+        // HIGH severity = NEED_MORE_INFO (requires justification)
+        const highMatches = matches.filter((m) => m.severity === "HIGH");
+        if (highMatches.length > 0) {
+            return "NEED_MORE_INFO";
+        }
+        // MEDIUM severity = PASS with notes
+        if (matches.length > 0) {
+            return "NEED_MORE_INFO";
+        }
+        return "PASS";
+    }
+    /**
+     * Generate explanation
+     */
+    generateExplanation(matches, hasFinancial, hasMedia, scannedFiles) {
+        const parts = [];
+        if (matches.length === 0) {
+            parts.push("No prohibited libraries detected. Server appears compliant with Policy #28-30.");
+        }
+        else {
+            const blockingCount = matches.filter((m) => m.severity === "BLOCKING").length;
+            const highCount = matches.filter((m) => m.severity === "HIGH").length;
+            const mediumCount = matches.filter((m) => m.severity === "MEDIUM").length;
+            if (blockingCount > 0) {
+                parts.push(`BLOCKING: ${blockingCount} prohibited library/libraries detected that violate MCP Directory policy.`);
+            }
+            if (highCount > 0) {
+                parts.push(`HIGH: ${highCount} library/libraries detected that require justification for MCP server use.`);
+            }
+            if (mediumCount > 0) {
+                parts.push(`MEDIUM: ${mediumCount} library/libraries flagged for review.`);
+            }
+            if (hasFinancial) {
+                parts.push("Financial/payment processing libraries detected - violates Policy #28-29.");
+            }
+            if (hasMedia) {
+                parts.push("Media processing libraries detected - may require justification per Policy #30.");
+            }
+        }
+        parts.push(`Scanned ${scannedFiles.length} file(s).`);
+        return parts.join(" ");
+    }
+    /**
+     * Generate recommendations
+     */
+    generateRecommendations(matches) {
+        const recommendations = [];
+        // Group by severity
+        const blocking = matches.filter((m) => m.severity === "BLOCKING");
+        const high = matches.filter((m) => m.severity === "HIGH");
+        const medium = matches.filter((m) => m.severity === "MEDIUM");
+        if (blocking.length > 0) {
+            recommendations.push("BLOCKING - The following libraries must be removed for MCP Directory approval:");
+            for (const match of blocking) {
+                recommendations.push(`- ${match.name} (${match.policyReference}): ${match.reason}`);
+            }
+        }
+        if (high.length > 0) {
+            recommendations.push("HIGH - The following libraries require strong justification:");
+            for (const match of high) {
+                recommendations.push(`- ${match.name} (${match.policyReference}): ${match.reason}`);
+            }
+        }
+        if (medium.length > 0) {
+            recommendations.push("MEDIUM - Review the following libraries for necessity:");
+            for (const match of medium.slice(0, 3)) {
+                recommendations.push(`- ${match.name} (${match.policyReference}): ${match.reason}`);
+            }
+        }
+        if (matches.length === 0) {
+            recommendations.push("No prohibited libraries detected. Server is compliant with library restrictions.");
+        }
+        else {
+            recommendations.push("Reference: MCP Directory Policy #28-30 restricts financial transaction and media processing libraries.");
+        }
+        return recommendations;
+    }
+}