mcp-recon 0.2.2

package/dist/classify/types.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Wire-format types for the v0.1 classification document.
+ *
+ * Schema tag: `mcp-recon/v0.1/classification`. Every field's design
+ * intent is documented in docs/METHODOLOGY.md.
+ */
+/** Schema-version tag for classification documents. */
+export declare const CLASSIFICATION_SCHEMA: "mcp-recon/v0.1/classification";
+/** Top-level data classes, per docs/METHODOLOGY.md. */
+export type DataClass = "filesystem" | "network" | "shell" | "payments" | "messaging" | "system" | "metadata" | "unknown";
+/** Authority levels, per docs/METHODOLOGY.md. */
+export type AuthorityLevel = "read" | "write" | "destructive" | "privileged";
+/** One classification per tool. */
+export interface Classification {
+    /** Tool name from the inventory. */
+    tool: string;
+    /** Assigned data-class. */
+    data_class: DataClass;
+    /** Assigned authority level. */
+    authority_level: AuthorityLevel;
+    /**
+     * The load-bearing flag: tool takes user-controllable string args
+     * AND has write/destructive/privileged authority.
+     */
+    confused_deputy_candidate: boolean;
+    /** Combined confidence in [0, 1] per noisy-OR over fired rules. */
+    confidence: number;
+    /** Free-form rationale listing every rule that fired and its weight. */
+    rationale: string;
+    /** Suggested capnagent caveat for this tool (string, copy-pasteable). */
+    recommended_caveat: string;
+}
+/** Top-level classification document. */
+export interface ClassificationResults {
+    schema: typeof CLASSIFICATION_SCHEMA;
+    scanned_at: string;
+    server: {
+        name?: string;
+        version?: string;
+    };
+    /** Whether fuzz results were folded into confidence (raises confidence by 0.1). */
+    fuzz_informed: boolean;
+    classifications: Classification[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/classify/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/classify/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,uDAAuD;AACvD,eAAO,MAAM,qBAAqB,EAAG,+BAAwC,CAAC;AAE9E,uDAAuD;AACvD,MAAM,MAAM,SAAS,GACjB,YAAY,GACZ,SAAS,GACT,OAAO,GACP,UAAU,GACV,WAAW,GACX,QAAQ,GACR,UAAU,GACV,SAAS,CAAC;AAEd,iDAAiD;AACjD,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,OAAO,GAAG,aAAa,GAAG,YAAY,CAAC;AAE7E,mCAAmC;AACnC,MAAM,WAAW,cAAc;IAC7B,oCAAoC;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,UAAU,EAAE,SAAS,CAAC;IACtB,gCAAgC;IAChC,eAAe,EAAE,cAAc,CAAC;IAChC;;;OAGG;IACH,yBAAyB,EAAE,OAAO,CAAC;IACnC,mEAAmE;IACnE,UAAU,EAAE,MAAM,CAAC;IACnB,wEAAwE;IACxE,SAAS,EAAE,MAAM,CAAC;IAClB,yEAAyE;IACzE,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,yCAAyC;AACzC,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,OAAO,qBAAqB,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,mFAAmF;IACnF,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC"}

package/dist/classify/types.js

@@ -0,0 +1,9 @@
+/**
+ * Wire-format types for the v0.1 classification document.
+ *
+ * Schema tag: `mcp-recon/v0.1/classification`. Every field's design
+ * intent is documented in docs/METHODOLOGY.md.
+ */
+/** Schema-version tag for classification documents. */
+export const CLASSIFICATION_SCHEMA = "mcp-recon/v0.1/classification";
+//# sourceMappingURL=types.js.map

package/dist/classify/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/classify/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,uDAAuD;AACvD,MAAM,CAAC,MAAM,qBAAqB,GAAG,+BAAwC,CAAC"}

package/dist/enumerate.d.ts

@@ -0,0 +1,79 @@
+/**
+ * `enumerate` — produce a v0.1 tool inventory document.
+ *
+ * Connects to the server (caller's responsibility — pass an open
+ * Client) and lists every tool. Output shape is documented in
+ * docs/SPEC.md §"Output format". The shape is the load-bearing
+ * contract that downstream tools (capnagent's caveat-suggestion
+ * bridge, the Markdown reporter) consume.
+ */
+import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
+/** Schema-version tag for inventory documents. v0.1 = mcp-recon/v0.1/inventory. */
+export declare const INVENTORY_SCHEMA: "mcp-recon/v0.1/inventory";
+/** One tool as it appears in the inventory. */
+export interface EnumeratedTool {
+    /** Tool name as the server reported it. */
+    name: string;
+    /** Optional human-readable description from the server. */
+    description?: string;
+    /** JSON Schema for the tool's input arguments — opaque to v0.1 enumerate. */
+    inputSchema: unknown;
+}
+/** A complete inventory document. */
+export interface ToolInventory {
+    schema: typeof INVENTORY_SCHEMA;
+    scanned_at: string;
+    server: {
+        /** Whatever name the server self-identified as via initialize. */
+        name?: string;
+        /** Whatever version the server self-identified as. */
+        version?: string;
+    };
+    tools: EnumeratedTool[];
+}
+/**
+ * Options for `enumerate`.
+ *
+ * `timeoutMs` is forwarded to the SDK's `client.listTools` request
+ * options. Defaults to 30s — tighter than the SDK's 60s default,
+ * because mcp-recon scans untrusted servers and a hostile server
+ * that never replies should not hang the operator. Pass a smaller
+ * value when scripting against many servers; pass a larger value
+ * when scanning a slow but trusted server with a huge tool list.
+ *
+ * `maxDescriptionChars` bounds individual tool descriptions; longer
+ * values are truncated (with an `…[truncated by mcp-recon]` marker
+ * appended) before being stored in the inventory. Real-world tools
+ * have descriptions under 2KB; the 64KB default leaves headroom
+ * while bounding memory use of a hostile server returning a 10MB
+ * description in every tool. Pass `Infinity` to disable.
+ *
+ * Both options are discovered via `adversarial-servers/` fixtures
+ * (see `__tests__/adversarial.integration.test.ts`).
+ */
+export interface EnumerateOptions {
+    /** Max time, in ms, to wait for `tools/list`. Default: 30000. */
+    timeoutMs?: number;
+    /** Per-tool description cap, in chars. Default: 65536. */
+    maxDescriptionChars?: number;
+}
+/** Default `tools/list` timeout. See `EnumerateOptions.timeoutMs`. */
+export declare const DEFAULT_ENUMERATE_TIMEOUT_MS = 30000;
+/** Default per-tool description cap. See `EnumerateOptions.maxDescriptionChars`. */
+export declare const DEFAULT_MAX_DESCRIPTION_CHARS: number;
+/** Marker appended to truncated descriptions so reviewers see the cap fired. */
+export declare const TRUNCATION_MARKER = "\u2026[truncated by mcp-recon]";
+/**
+ * Enumerate all tools exposed by the connected client.
+ *
+ * v0.1 is a thin shim over `client.listTools()` plus a self-
+ * describing wrapper. We do not classify here — that's the
+ * `classify` command's job. We do not fuzz here — that's `fuzz`.
+ * Single responsibility.
+ *
+ * Enforces a per-call timeout (`opts.timeoutMs`, default 30s) so a
+ * hostile server that accepts the handshake but never answers
+ * `tools/list` cannot hang the operator forever.
+ */
+export declare function enumerate(client: Client, opts?: EnumerateOptions): Promise<ToolInventory>;
+//# sourceMappingURL=enumerate.d.ts.map

package/dist/enumerate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enumerate.d.ts","sourceRoot":"","sources":["../src/enumerate.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAExE,mFAAmF;AACnF,eAAO,MAAM,gBAAgB,EAAG,0BAAmC,CAAC;AAEpE,+CAA+C;AAC/C,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6EAA6E;IAC7E,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,qCAAqC;AACrC,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,OAAO,gBAAgB,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE;QACN,kEAAkE;QAClE,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,sDAAsD;QACtD,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,KAAK,EAAE,cAAc,EAAE,CAAC;CACzB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iEAAiE;IACjE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,sEAAsE;AACtE,eAAO,MAAM,4BAA4B,QAAS,CAAC;AAEnD,oFAAoF;AACpF,eAAO,MAAM,6BAA6B,QAAY,CAAC;AAEvD,gFAAgF;AAChF,eAAO,MAAM,iBAAiB,mCAA8B,CAAC;AAU7D;;;;;;;;;;;GAWG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,MAAM,EACd,IAAI,GAAE,gBAAqB,GAC1B,OAAO,CAAC,aAAa,CAAC,CAyBxB"}

package/dist/enumerate.js

@@ -0,0 +1,62 @@
+/**
+ * `enumerate` — produce a v0.1 tool inventory document.
+ *
+ * Connects to the server (caller's responsibility — pass an open
+ * Client) and lists every tool. Output shape is documented in
+ * docs/SPEC.md §"Output format". The shape is the load-bearing
+ * contract that downstream tools (capnagent's caveat-suggestion
+ * bridge, the Markdown reporter) consume.
+ */
+/** Schema-version tag for inventory documents. v0.1 = mcp-recon/v0.1/inventory. */
+export const INVENTORY_SCHEMA = "mcp-recon/v0.1/inventory";
+/** Default `tools/list` timeout. See `EnumerateOptions.timeoutMs`. */
+export const DEFAULT_ENUMERATE_TIMEOUT_MS = 30_000;
+/** Default per-tool description cap. See `EnumerateOptions.maxDescriptionChars`. */
+export const DEFAULT_MAX_DESCRIPTION_CHARS = 64 * 1024;
+/** Marker appended to truncated descriptions so reviewers see the cap fired. */
+export const TRUNCATION_MARKER = "…[truncated by mcp-recon]";
+function clampDescription(s, cap) {
+    if (s === undefined)
+        return undefined;
+    if (s.length <= cap)
+        return s;
+    // Reserve room for the marker so the final string is at most `cap`.
+    const room = Math.max(0, cap - TRUNCATION_MARKER.length);
+    return s.slice(0, room) + TRUNCATION_MARKER;
+}
+/**
+ * Enumerate all tools exposed by the connected client.
+ *
+ * v0.1 is a thin shim over `client.listTools()` plus a self-
+ * describing wrapper. We do not classify here — that's the
+ * `classify` command's job. We do not fuzz here — that's `fuzz`.
+ * Single responsibility.
+ *
+ * Enforces a per-call timeout (`opts.timeoutMs`, default 30s) so a
+ * hostile server that accepts the handshake but never answers
+ * `tools/list` cannot hang the operator forever.
+ */
+export async function enumerate(client, opts = {}) {
+    const timeoutMs = opts.timeoutMs ?? DEFAULT_ENUMERATE_TIMEOUT_MS;
+    const maxDescriptionChars = opts.maxDescriptionChars ?? DEFAULT_MAX_DESCRIPTION_CHARS;
+    const result = await client.listTools(undefined, { timeout: timeoutMs });
+    // The SDK exposes the server's identity via getServerVersion(); in
+    // some SDK versions this is an awaitable getter and in others a
+    // direct property. Probe defensively so we don't break across
+    // minor version bumps.
+    const serverInfo = client.getServerVersion?.();
+    return {
+        schema: INVENTORY_SCHEMA,
+        scanned_at: new Date().toISOString(),
+        server: {
+            name: serverInfo?.name,
+            version: serverInfo?.version,
+        },
+        tools: result.tools.map((t) => ({
+            name: t.name,
+            description: clampDescription(t.description, maxDescriptionChars),
+            inputSchema: t.inputSchema,
+        })),
+    };
+}
+//# sourceMappingURL=enumerate.js.map

package/dist/enumerate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enumerate.js","sourceRoot":"","sources":["../src/enumerate.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,mFAAmF;AACnF,MAAM,CAAC,MAAM,gBAAgB,GAAG,0BAAmC,CAAC;AAoDpE,sEAAsE;AACtE,MAAM,CAAC,MAAM,4BAA4B,GAAG,MAAM,CAAC;AAEnD,oFAAoF;AACpF,MAAM,CAAC,MAAM,6BAA6B,GAAG,EAAE,GAAG,IAAI,CAAC;AAEvD,gFAAgF;AAChF,MAAM,CAAC,MAAM,iBAAiB,GAAG,2BAA2B,CAAC;AAE7D,SAAS,gBAAgB,CAAC,CAAqB,EAAE,GAAW;IAC1D,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACtC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,oEAAoE;IACpE,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACzD,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,iBAAiB,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAc,EACd,OAAyB,EAAE;IAE3B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,4BAA4B,CAAC;IACjE,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,IAAI,6BAA6B,CAAC;IACtF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;IACzE,mEAAmE;IACnE,gEAAgE;IAChE,8DAA8D;IAC9D,uBAAuB;IACvB,MAAM,UAAU,GAAI,MAElB,CAAC,gBAAgB,EAAE,EAAE,CAAC;IAExB,OAAO;QACL,MAAM,EAAE,gBAAgB;QACxB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,MAAM,EAAE;YACN,IAAI,EAAE,UAAU,EAAE,IAAI;YACtB,OAAO,EAAE,UAAU,EAAE,OAAO;SAC7B;QACD,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC9B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,gBAAgB,CAAC,CAAC,CAAC,WAAW,EAAE,mBAAmB,CAAC;YACjE,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B,CAAC,CAAC;KACJ,CAAC;AACJ,CAAC"}

package/dist/fuzz/axes/boundary.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Boundary-values axis.
+ *
+ * For each declared arg, generate edge values that often expose
+ * uninitialised handling: empty string, max-length string, 0, -1,
+ * Number.MAX_SAFE_INTEGER + 1, NaN, null, undefined-as-omitted.
+ *
+ * Per docs/SPEC.md §"Fuzzing strategy".
+ */
+import type { Prng } from "../prng.js";
+import type { ToolFacts } from "../schema.js";
+/** Generate boundary inputs for one tool. */
+export declare function generateBoundary(facts: ToolFacts, _prng: Prng): Generator<{
+    args: Record<string, unknown>;
+    rationale: string;
+}>;
+//# sourceMappingURL=boundary.d.ts.map

package/dist/fuzz/axes/boundary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"boundary.d.ts","sourceRoot":"","sources":["../../../src/fuzz/axes/boundary.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AA+B9C,6CAA6C;AAC7C,wBAAiB,gBAAgB,CAC/B,KAAK,EAAE,SAAS,EAChB,KAAK,EAAE,IAAI,GACV,SAAS,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAgCjE"}

package/dist/fuzz/axes/boundary.js

@@ -0,0 +1,143 @@
+/**
+ * Boundary-values axis.
+ *
+ * For each declared arg, generate edge values that often expose
+ * uninitialised handling: empty string, max-length string, 0, -1,
+ * Number.MAX_SAFE_INTEGER + 1, NaN, null, undefined-as-omitted.
+ *
+ * Per docs/SPEC.md §"Fuzzing strategy".
+ */
+const STRING_BOUNDARIES = [
+    "",
+    "x".repeat(1024 * 64), // 64 KiB
+    "\x00",
+    "\x00\x00\x00",
+    " ",
+    "\t\n\r",
+];
+const NUMBER_BOUNDARIES = [
+    0,
+    -1,
+    -0.0,
+    Number.MAX_SAFE_INTEGER + 1,
+    -Number.MAX_SAFE_INTEGER - 1,
+    Number.EPSILON,
+    Number.NaN,
+    Number.POSITIVE_INFINITY,
+    Number.NEGATIVE_INFINITY,
+];
+const INTEGER_BOUNDARIES = [
+    0,
+    -1,
+    Number.MAX_SAFE_INTEGER,
+    Number.MAX_SAFE_INTEGER + 1,
+    -Number.MAX_SAFE_INTEGER,
+];
+/** Generate boundary inputs for one tool. */
+export function* generateBoundary(facts, _prng) {
+    if (facts.isArgless) {
+        yield { args: {}, rationale: "argless tool: empty args object" };
+        return;
+    }
+    for (const arg of facts.args) {
+        const argName = arg.path[0];
+        if (argName === undefined)
+            continue;
+        const baseArgs = baseShape(facts);
+        const candidates = boundaryValuesFor(arg.declaredType);
+        for (const value of candidates) {
+            yield {
+                args: { ...baseArgs, [argName]: value },
+                rationale: `boundary ${arg.declaredType} for arg "${argName}": ${describeValue(value)}`,
+            };
+        }
+    }
+    // Whole-arg-missing: required field omitted.
+    for (const arg of facts.args) {
+        const argName = arg.path[0];
+        if (argName === undefined)
+            continue;
+        if (!arg.required)
+            continue;
+        const baseArgs = baseShape(facts);
+        delete baseArgs[argName];
+        yield {
+            args: baseArgs,
+            rationale: `boundary: omit required field "${argName}"`,
+        };
+    }
+}
+function boundaryValuesFor(t) {
+    switch (t) {
+        case "string":
+            return [...STRING_BOUNDARIES, null];
+        case "number":
+            return [...NUMBER_BOUNDARIES, null];
+        case "integer":
+            return [...INTEGER_BOUNDARIES, null];
+        case "boolean":
+            return [true, false, null];
+        case "array":
+            return [[], [null], Array.from({ length: 1024 }, (_, i) => i)];
+        case "object":
+            return [{}, { __proto__: null }, { a: { b: { c: { d: { e: 1 } } } } }];
+        case "null":
+            return [null];
+        case "unknown":
+            // For unknown-type args, throw the kitchen sink at it.
+            return ["", 0, true, [], {}, null];
+    }
+}
+function describeValue(v) {
+    if (v === null)
+        return "null";
+    if (Number.isNaN(v))
+        return "NaN";
+    if (v === Number.POSITIVE_INFINITY)
+        return "+Infinity";
+    if (v === Number.NEGATIVE_INFINITY)
+        return "-Infinity";
+    if (typeof v === "string") {
+        if (v.length === 0)
+            return "empty string";
+        if (v.length > 32)
+            return `string len=${v.length}`;
+        return JSON.stringify(v);
+    }
+    if (Array.isArray(v))
+        return `array len=${v.length}`;
+    return typeof v;
+}
+/** Build a "default" args shape so a single-field fuzz still has the other required fields populated. */
+function baseShape(facts) {
+    const out = {};
+    for (const arg of facts.args) {
+        const argName = arg.path[0];
+        if (argName === undefined)
+            continue;
+        if (!arg.required)
+            continue;
+        out[argName] = defaultForType(arg.declaredType);
+    }
+    return out;
+}
+function defaultForType(t) {
+    switch (t) {
+        case "string":
+            return "x";
+        case "number":
+        case "integer":
+            return 1;
+        case "boolean":
+            return false;
+        case "array":
+            return [];
+        case "object":
+            return {};
+        case "null":
+            return null;
+        case "unknown":
+            return "x";
+    }
+}
+//# sourceMappingURL=boundary.js.map

package/dist/fuzz/axes/boundary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"boundary.js","sourceRoot":"","sources":["../../../src/fuzz/axes/boundary.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,iBAAiB,GAAG;IACxB,EAAE;IACF,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,SAAS;IAChC,MAAM;IACN,cAAc;IACd,GAAG;IACH,QAAQ;CACT,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,CAAC;IACD,CAAC,CAAC;IACF,CAAC,GAAG;IACJ,MAAM,CAAC,gBAAgB,GAAG,CAAC;IAC3B,CAAC,MAAM,CAAC,gBAAgB,GAAG,CAAC;IAC5B,MAAM,CAAC,OAAO;IACd,MAAM,CAAC,GAAG;IACV,MAAM,CAAC,iBAAiB;IACxB,MAAM,CAAC,iBAAiB;CACzB,CAAC;AAEF,MAAM,kBAAkB,GAAG;IACzB,CAAC;IACD,CAAC,CAAC;IACF,MAAM,CAAC,gBAAgB;IACvB,MAAM,CAAC,gBAAgB,GAAG,CAAC;IAC3B,CAAC,MAAM,CAAC,gBAAgB;CACzB,CAAC;AAEF,6CAA6C;AAC7C,MAAM,SAAS,CAAC,CAAC,gBAAgB,CAC/B,KAAgB,EAChB,KAAW;IAEX,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACpB,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,iCAAiC,EAAE,CAAC;QACjE,OAAO;IACT,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,SAAS;YAAE,SAAS;QAEpC,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACvD,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,MAAM;gBACJ,IAAI,EAAE,EAAE,GAAG,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE;gBACvC,SAAS,EAAE,YAAY,GAAG,CAAC,YAAY,aAAa,OAAO,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE;aACxF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,SAAS;YAAE,SAAS;QACpC,IAAI,CAAC,GAAG,CAAC,QAAQ;YAAE,SAAS;QAC5B,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAClC,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC;QACzB,MAAM;YACJ,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,kCAAkC,OAAO,GAAG;SACxD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,CAA4C;IACrE,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,QAAQ;YACX,OAAO,CAAC,GAAG,iBAAiB,EAAE,IAAI,CAAC,CAAC;QACtC,KAAK,QAAQ;YACX,OAAO,CAAC,GAAG,iBAAiB,EAAE,IAAI,CAAC,CAAC;QACtC,KAAK,SAAS;YACZ,OAAO,CAAC,GAAG,kBAAkB,EAAE,IAAI,CAAC,CAAC;QACvC,KAAK,SAAS;YACZ,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAC7B,KAAK,OAAO;YACV,OAAO,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,KAAK,QAAQ;YACX,OAAO,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACzE,KAAK,MAAM;YACT,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,KAAK,SAAS;YACZ,uDAAuD;YACvD,OAAO,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,CAAU;IAC/B,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,CAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,CAAC,KAAK,MAAM,CAAC,iBAAiB;QAAE,OAAO,WAAW,CAAC;IACvD,IAAI,CAAC,KAAK,MAAM,CAAC,iBAAiB;QAAE,OAAO,WAAW,CAAC;IACvD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,cAAc,CAAC;QAC1C,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,cAAc,CAAC,CAAC,MAAM,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3B,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC;IACrD,OAAO,OAAO,CAAC,CAAC;AAClB,CAAC;AAED,yGAAyG;AACzG,SAAS,SAAS,CAAC,KAAgB;IACjC,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,SAAS;YAAE,SAAS;QACpC,IAAI,CAAC,GAAG,CAAC,QAAQ;YAAE,SAAS;QAC5B,GAAG,CAAC,OAAO,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,cAAc,CAAC,CAA4C;IAClE,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,QAAQ;YACX,OAAO,GAAG,CAAC;QACb,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,CAAC,CAAC;QACX,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,EAAE,CAAC;QACZ,KAAK,QAAQ;YACX,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM;YACT,OAAO,IAAI,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,GAAG,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/fuzz/axes/encoding.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Encoding-tricks axis.
+ *
+ * For each string-typed arg, send variants that round-trip through
+ * common middleware in surprising ways: percent-encoded null bytes,
+ * Unicode homographs, RTL overrides, double-encoded sequences.
+ *
+ * Per docs/SPEC.md §"Fuzzing strategy".
+ */
+import type { Prng } from "../prng.js";
+import type { ToolFacts } from "../schema.js";
+/** Generate encoding-trick inputs for one tool. */
+export declare function generateEncoding(facts: ToolFacts, _prng: Prng): Generator<{
+    args: Record<string, unknown>;
+    rationale: string;
+}>;
+//# sourceMappingURL=encoding.d.ts.map

package/dist/fuzz/axes/encoding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../../../src/fuzz/axes/encoding.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAqB9C,mDAAmD;AACnD,wBAAiB,gBAAgB,CAC/B,KAAK,EAAE,SAAS,EAChB,KAAK,EAAE,IAAI,GACV,SAAS,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAgBjE"}

package/dist/fuzz/axes/encoding.js

@@ -0,0 +1,59 @@
+/**
+ * Encoding-tricks axis.
+ *
+ * For each string-typed arg, send variants that round-trip through
+ * common middleware in surprising ways: percent-encoded null bytes,
+ * Unicode homographs, RTL overrides, double-encoded sequences.
+ *
+ * Per docs/SPEC.md §"Fuzzing strategy".
+ */
+const ENCODING_PAYLOADS = [
+    { value: "%00", reason: "percent-encoded NUL" },
+    { value: "%2e%2e", reason: "percent-encoded dot-dot" },
+    { value: "%252e%252e", reason: "double-percent-encoded dot-dot" },
+    { value: "x\x00y", reason: "embedded NUL byte" },
+    // Cyrillic homograph for ASCII 'a' (U+0430)
+    { value: "аdmin", reason: "Cyrillic-a homograph (admin)" },
+    // RTL override
+    { value: "‮gnp.exe", reason: "RTL override (filename spoof)" },
+    // Backslash escapes
+    { value: "\\..\\..\\..", reason: "backslash traversal" },
+    // Mixed slashes (Windows-style)
+    { value: "x\\y/z", reason: "mixed-separator path" },
+    // Unicode normalization edge — combining diacritics
+    { value: "café", reason: "combining diacritic (NFC vs NFD)" },
+    // Long string with one funny byte
+    { value: `${"a".repeat(1024)}\x00`, reason: "long string with trailing NUL" },
+];
+/** Generate encoding-trick inputs for one tool. */
+export function* generateEncoding(facts, _prng) {
+    if (facts.isArgless)
+        return;
+    for (const arg of facts.args) {
+        const argName = arg.path[0];
+        if (argName === undefined)
+            continue;
+        if (arg.declaredType !== "string" && arg.declaredType !== "unknown")
+            continue;
+        const baseArgs = baseShape(facts);
+        for (const { value, reason } of ENCODING_PAYLOADS) {
+            yield {
+                args: { ...baseArgs, [argName]: value },
+                rationale: `encoding "${argName}": ${reason}`,
+            };
+        }
+    }
+}
+function baseShape(facts) {
+    const out = {};
+    for (const arg of facts.args) {
+        const argName = arg.path[0];
+        if (argName === undefined)
+            continue;
+        if (!arg.required)
+            continue;
+        out[argName] = arg.declaredType === "string" ? "x" : 0;
+    }
+    return out;
+}
+//# sourceMappingURL=encoding.js.map

package/dist/fuzz/axes/encoding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.js","sourceRoot":"","sources":["../../../src/fuzz/axes/encoding.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,iBAAiB,GAA6C;IAClE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE;IAC/C,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,yBAAyB,EAAE;IACtD,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,gCAAgC,EAAE;IACjE,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,mBAAmB,EAAE;IAChD,4CAA4C;IAC5C,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,8BAA8B,EAAE;IAC1D,eAAe;IACf,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,+BAA+B,EAAE;IAC9D,oBAAoB;IACpB,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,qBAAqB,EAAE;IACxD,gCAAgC;IAChC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACnD,oDAAoD;IACpD,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,kCAAkC,EAAE;IAC9D,kCAAkC;IAClC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,+BAA+B,EAAE;CAC9E,CAAC;AAEF,mDAAmD;AACnD,MAAM,SAAS,CAAC,CAAC,gBAAgB,CAC/B,KAAgB,EAChB,KAAW;IAEX,IAAI,KAAK,CAAC,SAAS;QAAE,OAAO;IAE5B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,SAAS;YAAE,SAAS;QACpC,IAAI,GAAG,CAAC,YAAY,KAAK,QAAQ,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS;YAAE,SAAS;QAE9E,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAClC,KAAK,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YAClD,MAAM;gBACJ,IAAI,EAAE,EAAE,GAAG,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE;gBACvC,SAAS,EAAE,aAAa,OAAO,MAAM,MAAM,EAAE;aAC9C,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAgB;IACjC,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,SAAS;YAAE,SAAS;QACpC,IAAI,CAAC,GAAG,CAAC,QAAQ;YAAE,SAAS;QAC5B,GAAG,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/fuzz/axes/path-traversal.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Path-traversal axis.
+ *
+ * For each path-shaped arg (heuristic: name contains `path`, `file`,
+ * `dir`, etc. — see schema.ts::looksPathy), send classic traversal
+ * payloads. Tests whether the server canonicalises paths before use.
+ *
+ * Per docs/SPEC.md §"Fuzzing strategy".
+ */
+import type { Prng } from "../prng.js";
+import type { ToolFacts } from "../schema.js";
+/** Generate path-traversal inputs for one tool. */
+export declare function generatePathTraversal(facts: ToolFacts, _prng: Prng): Generator<{
+    args: Record<string, unknown>;
+    rationale: string;
+}>;
+//# sourceMappingURL=path-traversal.d.ts.map

package/dist/fuzz/axes/path-traversal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-traversal.d.ts","sourceRoot":"","sources":["../../../src/fuzz/axes/path-traversal.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAgB9C,mDAAmD;AACnD,wBAAiB,qBAAqB,CACpC,KAAK,EAAE,SAAS,EAChB,KAAK,EAAE,IAAI,GACV,SAAS,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAiBjE"}

package/dist/fuzz/axes/path-traversal.js

@@ -0,0 +1,56 @@
+/**
+ * Path-traversal axis.
+ *
+ * For each path-shaped arg (heuristic: name contains `path`, `file`,
+ * `dir`, etc. — see schema.ts::looksPathy), send classic traversal
+ * payloads. Tests whether the server canonicalises paths before use.
+ *
+ * Per docs/SPEC.md §"Fuzzing strategy".
+ */
+const TRAVERSAL_PAYLOADS = [
+    { value: "../etc/passwd", reason: "POSIX dot-dot traversal" },
+    { value: "..\\..\\windows\\system32\\config\\sam", reason: "Windows dot-dot traversal" },
+    { value: "/etc/passwd", reason: "absolute POSIX path outside sandbox" },
+    { value: "C:\\Windows\\System32\\drivers\\etc\\hosts", reason: "absolute Windows path" },
+    { value: "/sandbox/../../../etc/passwd", reason: "in-sandbox prefix + traversal" },
+    { value: "/sandbox/%2e%2e/etc/passwd", reason: "percent-encoded traversal in path" },
+    { value: "//etc/passwd", reason: "double-slash absolute" },
+    { value: "/", reason: "filesystem root" },
+    { value: "~/.ssh/id_rsa", reason: "tilde-expansion private key" },
+    { value: "\\\\.\\PhysicalDrive0", reason: "Windows raw device path" },
+    { value: "file:///etc/passwd", reason: "file:// URI" },
+];
+/** Generate path-traversal inputs for one tool. */
+export function* generatePathTraversal(facts, _prng) {
+    if (facts.isArgless)
+        return;
+    for (const arg of facts.args) {
+        const argName = arg.path[0];
+        if (argName === undefined)
+            continue;
+        if (!arg.isPathShaped)
+            continue;
+        if (arg.declaredType !== "string" && arg.declaredType !== "unknown")
+            continue;
+        const baseArgs = baseShape(facts);
+        for (const { value, reason } of TRAVERSAL_PAYLOADS) {
+            yield {
+                args: { ...baseArgs, [argName]: value },
+                rationale: `path-traversal "${argName}": ${reason}`,
+            };
+        }
+    }
+}
+function baseShape(facts) {
+    const out = {};
+    for (const arg of facts.args) {
+        const argName = arg.path[0];
+        if (argName === undefined)
+            continue;
+        if (!arg.required)
+            continue;
+        out[argName] = arg.declaredType === "string" ? "x" : 0;
+    }
+    return out;
+}
+//# sourceMappingURL=path-traversal.js.map

package/dist/fuzz/axes/path-traversal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-traversal.js","sourceRoot":"","sources":["../../../src/fuzz/axes/path-traversal.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,kBAAkB,GAA6C;IACnE,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAC7D,EAAE,KAAK,EAAE,wCAAwC,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACxF,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,qCAAqC,EAAE;IACvE,EAAE,KAAK,EAAE,4CAA4C,EAAE,MAAM,EAAE,uBAAuB,EAAE;IACxF,EAAE,KAAK,EAAE,8BAA8B,EAAE,MAAM,EAAE,+BAA+B,EAAE;IAClF,EAAE,KAAK,EAAE,4BAA4B,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACpF,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,uBAAuB,EAAE;IAC1D,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,iBAAiB,EAAE;IACzC,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,6BAA6B,EAAE;IACjE,EAAE,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,yBAAyB,EAAE;IACrE,EAAE,KAAK,EAAE,oBAAoB,EAAE,MAAM,EAAE,aAAa,EAAE;CACvD,CAAC;AAEF,mDAAmD;AACnD,MAAM,SAAS,CAAC,CAAC,qBAAqB,CACpC,KAAgB,EAChB,KAAW;IAEX,IAAI,KAAK,CAAC,SAAS;QAAE,OAAO;IAE5B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,SAAS;YAAE,SAAS;QACpC,IAAI,CAAC,GAAG,CAAC,YAAY;YAAE,SAAS;QAChC,IAAI,GAAG,CAAC,YAAY,KAAK,QAAQ,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS;YAAE,SAAS;QAE9E,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAClC,KAAK,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACnD,MAAM;gBACJ,IAAI,EAAE,EAAE,GAAG,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE;gBACvC,SAAS,EAAE,mBAAmB,OAAO,MAAM,MAAM,EAAE;aACpD,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAgB;IACjC,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,SAAS;YAAE,SAAS;QACpC,IAAI,CAAC,GAAG,CAAC,QAAQ;YAAE,SAAS;QAC5B,GAAG,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/fuzz/axes/schema-violation.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Schema-violation axis.
+ *
+ * Send args that violate the declared schema in structural ways:
+ * extra fields the schema doesn't mention, missing required fields,
+ * wrong types in nested positions, deeply-nested objects,
+ * prototype pollution shapes.
+ *
+ * Per docs/SPEC.md §"Fuzzing strategy".
+ */
+import type { Prng } from "../prng.js";
+import type { ToolFacts } from "../schema.js";
+/** Generate schema-violation inputs for one tool. */
+export declare function generateSchemaViolation(facts: ToolFacts, _prng: Prng): Generator<{
+    args: Record<string, unknown>;
+    rationale: string;
+}>;
+//# sourceMappingURL=schema-violation.d.ts.map

package/dist/fuzz/axes/schema-violation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-violation.d.ts","sourceRoot":"","sources":["../../../src/fuzz/axes/schema-violation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAE9C,qDAAqD;AACrD,wBAAiB,uBAAuB,CACtC,KAAK,EAAE,SAAS,EAChB,KAAK,EAAE,IAAI,GACV,SAAS,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CA0CjE"}