@apitap/core 1.0.0

package/dist/discovery/index.js

@@ -0,0 +1,219 @@
+import { validateUrl } from '../skill/ssrf.js';
+import { safeFetch } from './fetch.js';
+import { detectFrameworks } from './frameworks.js';
+import { discoverSpecs, parseSpecToSkillFile } from './openapi.js';
+import { probeApiPaths } from './probes.js';
+import { detectAuthRequired } from './auth.js';
+/**
+ * Run smart discovery on a URL to detect APIs without launching a browser.
+ *
+ * Flow:
+ * 1. SSRF validation
+ * 2. Fetch homepage HTML + headers
+ * 3. Run detection strategies in parallel:
+ *    - Framework detection (from HTML/headers)
+ *    - OpenAPI spec discovery (probe common paths)
+ *    - Common API pattern probing
+ * 4. Synthesize results into a DiscoveryResult
+ */
+export async function discover(url, options = {}) {
+    const start = Date.now();
+    const fullUrl = url.startsWith('http') ? url : `https://${url}`;
+    // SSRF check
+    if (!options.skipSsrf) {
+        const ssrfResult = validateUrl(fullUrl);
+        if (!ssrfResult.safe) {
+            return {
+                confidence: 'none',
+                hints: [`SSRF blocked: ${ssrfResult.reason}`],
+                duration: Date.now() - start,
+            };
+        }
+    }
+    let domain;
+    let origin;
+    try {
+        const parsed = new URL(fullUrl);
+        domain = parsed.hostname;
+        origin = parsed.origin;
+    }
+    catch {
+        return {
+            confidence: 'none',
+            hints: ['Invalid URL'],
+            duration: Date.now() - start,
+        };
+    }
+    // Fetch homepage
+    const homepage = await safeFetch(fullUrl, { timeout: options.timeout ?? 10000, skipSsrf: options.skipSsrf });
+    if (!homepage) {
+        return {
+            confidence: 'none',
+            hints: ['Failed to fetch homepage — site may be down or blocking requests'],
+            duration: Date.now() - start,
+        };
+    }
+    const ssrfOpts = { skipSsrf: options.skipSsrf };
+    // Auth detection (runs on homepage HTML + headers)
+    const authResult = detectAuthRequired(homepage.body, fullUrl, homepage.headers);
+    const authFields = authResult.authRequired ? {
+        authRequired: true,
+        authSignals: authResult.signals,
+        ...(authResult.loginUrl ? { loginUrl: authResult.loginUrl } : {}),
+    } : {};
+    // Run all detection strategies in parallel
+    const [frameworks, specs, probes] = await Promise.all([
+        options.skipFrameworks
+            ? []
+            : detectFrameworks({ html: homepage.body, headers: homepage.headers, url: fullUrl }),
+        options.skipSpecs
+            ? []
+            : discoverSpecs(origin, homepage.headers, ssrfOpts),
+        options.skipProbes
+            ? []
+            : probeApiPaths(origin, ssrfOpts),
+    ]);
+    const hints = [];
+    // Strategy 1: OpenAPI spec found → parse into skill file (highest confidence)
+    if (specs.length > 0) {
+        const bestSpec = specs[0];
+        const skillFile = await parseSpecToSkillFile(bestSpec.url, domain, origin, ssrfOpts);
+        if (skillFile && skillFile.endpoints.length > 0) {
+            hints.push(`OpenAPI spec found at ${bestSpec.url} (${bestSpec.version})`);
+            if (frameworks.length > 0)
+                hints.push(`Framework: ${frameworks.map(f => f.name).join(', ')}`);
+            addProbeHints(hints, probes);
+            return {
+                confidence: 'high',
+                skillFile,
+                hints,
+                frameworks: frameworks.length > 0 ? frameworks : undefined,
+                specs,
+                probes: probes.length > 0 ? probes : undefined,
+                duration: Date.now() - start,
+                ...authFields,
+            };
+        }
+    }
+    // Strategy 2: Framework detected → generate skeleton skill file
+    const highConfidence = frameworks.filter(f => f.confidence === 'high');
+    if (highConfidence.length > 0) {
+        const skillFile = buildFrameworkSkillFile(domain, origin, highConfidence);
+        hints.push(`Detected: ${highConfidence.map(f => f.name).join(', ')}`);
+        addProbeHints(hints, probes);
+        if (specs.length > 0)
+            hints.push(`Spec found but could not parse: ${specs.map(s => s.url).join(', ')}`);
+        return {
+            confidence: 'medium',
+            skillFile,
+            hints,
+            frameworks,
+            specs: specs.length > 0 ? specs : undefined,
+            probes: probes.length > 0 ? probes : undefined,
+            duration: Date.now() - start,
+            ...authFields,
+        };
+    }
+    // Strategy 3: Medium-confidence framework or API probes found → hints only
+    const apiProbes = probes.filter(p => p.isApi);
+    const mediumFrameworks = frameworks.filter(f => f.confidence === 'medium');
+    if (mediumFrameworks.length > 0 || apiProbes.length > 0) {
+        if (mediumFrameworks.length > 0) {
+            const skillFile = buildFrameworkSkillFile(domain, origin, mediumFrameworks);
+            hints.push(`Possibly: ${mediumFrameworks.map(f => f.name).join(', ')}`);
+            addProbeHints(hints, probes);
+            return {
+                confidence: 'low',
+                skillFile,
+                hints,
+                frameworks,
+                probes: probes.length > 0 ? probes : undefined,
+                duration: Date.now() - start,
+                ...authFields,
+            };
+        }
+        // Only probes found
+        hints.push('API paths detected via probing');
+        addProbeHints(hints, probes);
+        return {
+            confidence: 'low',
+            hints,
+            frameworks: frameworks.length > 0 ? frameworks : undefined,
+            probes,
+            duration: Date.now() - start,
+            ...authFields,
+        };
+    }
+    // Nothing found
+    if (frameworks.length > 0) {
+        hints.push(`Low-confidence signals: ${frameworks.map(f => f.name).join(', ')}`);
+    }
+    hints.push('No API patterns detected — auto-capture recommended');
+    return {
+        confidence: 'none',
+        hints,
+        frameworks: frameworks.length > 0 ? frameworks : undefined,
+        probes: probes.length > 0 ? probes : undefined,
+        duration: Date.now() - start,
+        ...authFields,
+    };
+}
+function addProbeHints(hints, probes) {
+    const apiProbes = probes.filter(p => p.isApi);
+    if (apiProbes.length > 0) {
+        hints.push(`API paths found: ${apiProbes.map(p => `${p.path} (${p.status})`).join(', ')}`);
+    }
+}
+/**
+ * Build a skeleton skill file from detected frameworks.
+ * Endpoints are unverified predictions — replayability is 'unknown'.
+ */
+function buildFrameworkSkillFile(domain, baseUrl, frameworks) {
+    const endpoints = [];
+    const seen = new Set();
+    for (const framework of frameworks) {
+        for (const pattern of framework.apiPatterns) {
+            const key = `GET ${pattern}`;
+            if (seen.has(key))
+                continue;
+            seen.add(key);
+            const id = generateId('GET', pattern);
+            endpoints.push({
+                id,
+                method: 'GET',
+                path: pattern,
+                queryParams: {},
+                headers: {},
+                responseShape: { type: 'unknown' },
+                examples: {
+                    request: { url: `${baseUrl}${pattern}`, headers: {} },
+                    responsePreview: null,
+                },
+                replayability: {
+                    tier: 'unknown',
+                    verified: false,
+                    signals: [`discovered-from-${framework.name.toLowerCase()}`],
+                },
+            });
+        }
+    }
+    return {
+        version: '1.2',
+        domain,
+        capturedAt: new Date().toISOString(),
+        baseUrl,
+        endpoints,
+        metadata: {
+            captureCount: 0,
+            filteredCount: 0,
+            toolVersion: '1.0.0',
+        },
+        provenance: 'unsigned',
+    };
+}
+function generateId(method, path) {
+    const segments = path.split('/').filter(s => s !== '' && !s.startsWith(':'));
+    const slug = segments.join('-').replace(/[^a-z0-9-]/gi, '').toLowerCase() || 'root';
+    return `${method.toLowerCase()}-${slug}`;
+}
+//# sourceMappingURL=index.js.map

package/dist/discovery/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/discovery/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAU/C;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,GAAW,EACX,UAA4B,EAAE;IAE9B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC;IAEhE,aAAa;IACb,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YACrB,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,KAAK,EAAE,CAAC,iBAAiB,UAAU,CAAC,MAAM,EAAE,CAAC;gBAC7C,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC7B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAc,CAAC;IACnB,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC;QACzB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,KAAK,EAAE,CAAC,aAAa,CAAC;YACtB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,iBAAiB;IACjB,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7G,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,KAAK,EAAE,CAAC,kEAAkE,CAAC;YAC3E,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;IAEhD,mDAAmD;IACnD,MAAM,UAAU,GAAG,kBAAkB,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChF,MAAM,UAAU,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3C,YAAY,EAAE,IAAa;QAC3B,WAAW,EAAE,UAAU,CAAC,OAAO;QAC/B,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClE,CAAC,CAAC,CAAC,EAAE,CAAC;IAEP,2CAA2C;IAC3C,MAAM,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpD,OAAO,CAAC,cAAc;YACpB,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;QACtF,OAAO,CAAC,SAAS;YACf,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC;QACrD,OAAO,CAAC,UAAU;YAChB,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC;KACpC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,8EAA8E;IAC9E,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QACrF,IAAI,SAAS,IAAI,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,KAAK,CAAC,IAAI,CAAC,yBAAyB,QAAQ,CAAC,GAAG,KAAK,QAAQ,CAAC,OAAO,GAAG,CAAC,CAAC;YAC1E,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,cAAc,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9F,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAE7B,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,SAAS;gBACT,KAAK;gBACL,UAAU,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;gBAC1D,KAAK;gBACL,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBAC9C,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC5B,GAAG,UAAU;aACd,CAAC;QACJ,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,MAAM,cAAc,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,MAAM,CAAC,CAAC;IACvE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;QAC1E,KAAK,CAAC,IAAI,CAAC,aAAa,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtE,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,mCAAmC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAExG,OAAO;YACL,UAAU,EAAE,QAAQ;YACpB,SAAS;YACT,KAAK;YACL,UAAU;YACV,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;YAC3C,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YAC9C,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC5B,GAAG,UAAU;SACd,CAAC;IACJ,CAAC;IAED,2EAA2E;IAC3E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,gBAAgB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC;IAE3E,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC;YAC5E,KAAK,CAAC,IAAI,CAAC,aAAa,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxE,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAE7B,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,SAAS;gBACT,KAAK;gBACL,UAAU;gBACV,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBAC9C,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC5B,GAAG,UAAU;aACd,CAAC;QACJ,CAAC;QAED,oBAAoB;QACpB,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC7C,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAE7B,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,KAAK;YACL,UAAU,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;YAC1D,MAAM;YACN,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC5B,GAAG,UAAU;SACd,CAAC;IACJ,CAAC;IAED,gBAAgB;IAChB,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,2BAA2B,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IAElE,OAAO;QACL,UAAU,EAAE,MAAM;QAClB,KAAK;QACL,UAAU,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAC1D,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC9C,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;QAC5B,GAAG,UAAU;KACd,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,KAAe,EAAE,MAA2C;IACjF,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,oBAAoB,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7F,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAC9B,MAAc,EACd,OAAe,EACf,UAA+B;IAE/B,MAAM,SAAS,GAAoB,EAAE,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,GAAG,GAAG,OAAO,OAAO,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,MAAM,EAAE,GAAG,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACtC,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE;gBACF,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,EAAE;gBACf,OAAO,EAAE,EAAE;gBACX,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAClC,QAAQ,EAAE;oBACR,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,GAAG,OAAO,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;oBACrD,eAAe,EAAE,IAAI;iBACtB;gBACD,aAAa,EAAE;oBACb,IAAI,EAAE,SAAS;oBACf,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,CAAC,mBAAmB,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;iBAC7D;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM;QACN,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,OAAO;QACP,SAAS;QACT,QAAQ,EAAE;YACR,YAAY,EAAE,CAAC;YACf,aAAa,EAAE,CAAC;YAChB,WAAW,EAAE,OAAO;SACrB;QACD,UAAU,EAAE,UAAU;KACvB,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc,EAAE,IAAY;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,IAAI,MAAM,CAAC;IACpF,OAAO,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC;AAC3C,CAAC"}

package/dist/discovery/openapi.d.ts

@@ -0,0 +1,13 @@
+import type { SkillFile, DiscoveredSpec } from '../types.js';
+export interface SpecDiscoveryOptions {
+    skipSsrf?: boolean;
+}
+/**
+ * Check for API specs at common paths and in Link headers.
+ * Returns discovered specs with their URLs.
+ */
+export declare function discoverSpecs(baseUrl: string, homepageHeaders?: Record<string, string>, options?: SpecDiscoveryOptions): Promise<DiscoveredSpec[]>;
+/**
+ * Parse an OpenAPI/Swagger spec into a SkillFile.
+ */
+export declare function parseSpecToSkillFile(specUrl: string, domain: string, baseUrl: string, options?: SpecDiscoveryOptions): Promise<SkillFile | null>;

package/dist/discovery/openapi.js

@@ -0,0 +1,175 @@
+import { safeFetch } from './fetch.js';
+/** Paths to check for API specs, in priority order */
+const SPEC_PATHS = [
+    '/openapi.json',
+    '/swagger.json',
+    '/api-docs',
+    '/api/docs',
+    '/.well-known/openapi',
+    '/v1/openapi.json',
+    '/v2/openapi.json',
+    '/v3/openapi.json',
+    '/docs/api.json',
+    '/api/swagger.json',
+];
+/**
+ * Check for API specs at common paths and in Link headers.
+ * Returns discovered specs with their URLs.
+ */
+export async function discoverSpecs(baseUrl, homepageHeaders, options = {}) {
+    const specs = [];
+    const origin = new URL(baseUrl).origin;
+    // Check Link header from homepage for rel="describedby"
+    if (homepageHeaders) {
+        const linkHeader = homepageHeaders['link'] || homepageHeaders['Link'];
+        if (linkHeader) {
+            const describedBy = parseLinkHeader(linkHeader, 'describedby');
+            if (describedBy) {
+                const specUrl = describedBy.startsWith('http') ? describedBy : `${origin}${describedBy}`;
+                const result = await tryFetchSpec(specUrl, options);
+                if (result)
+                    specs.push(result);
+            }
+        }
+    }
+    // Probe common spec paths in parallel
+    const checks = SPEC_PATHS.map(async (path) => {
+        const specUrl = `${origin}${path}`;
+        return tryFetchSpec(specUrl, options);
+    });
+    const results = await Promise.all(checks);
+    for (const result of results) {
+        if (result && !specs.some(s => s.url === result.url)) {
+            specs.push(result);
+        }
+    }
+    return specs;
+}
+async function tryFetchSpec(url, options = {}) {
+    const result = await safeFetch(url, { timeout: 5000, skipSsrf: options.skipSsrf });
+    if (!result || result.status !== 200)
+        return null;
+    // Must look like JSON
+    const ct = result.contentType.toLowerCase();
+    if (!ct.includes('json') && !ct.includes('yaml') && !ct.includes('text/plain'))
+        return null;
+    try {
+        const spec = JSON.parse(result.body);
+        if (spec.openapi || spec.swagger) {
+            const endpointCount = spec.paths ? Object.keys(spec.paths).reduce((sum, path) => {
+                return sum + Object.keys(spec.paths[path]).filter(m => ['get', 'post', 'put', 'patch', 'delete'].includes(m)).length;
+            }, 0) : 0;
+            return {
+                type: spec.openapi ? 'openapi' : 'swagger',
+                url,
+                version: spec.openapi || spec.swagger,
+                endpointCount,
+            };
+        }
+    }
+    catch {
+        // Not valid JSON or not an API spec
+    }
+    return null;
+}
+/**
+ * Parse an OpenAPI/Swagger spec into a SkillFile.
+ */
+export async function parseSpecToSkillFile(specUrl, domain, baseUrl, options = {}) {
+    const result = await safeFetch(specUrl, { timeout: 10000, skipSsrf: options.skipSsrf });
+    if (!result || result.status !== 200)
+        return null;
+    let spec;
+    try {
+        spec = JSON.parse(result.body);
+    }
+    catch {
+        return null;
+    }
+    if (!spec.paths)
+        return null;
+    // Determine API base URL
+    let apiBase = baseUrl;
+    if (spec.servers?.[0]?.url) {
+        const serverUrl = spec.servers[0].url;
+        apiBase = serverUrl.startsWith('http') ? serverUrl : `${baseUrl}${serverUrl}`;
+    }
+    else if (spec.host) {
+        const scheme = specUrl.startsWith('https') ? 'https' : 'http';
+        apiBase = `${scheme}://${spec.host}${spec.basePath || ''}`;
+    }
+    const endpoints = [];
+    for (const [path, methods] of Object.entries(spec.paths)) {
+        for (const [method, operation] of Object.entries(methods)) {
+            if (!['get', 'post', 'put', 'patch', 'delete'].includes(method))
+                continue;
+            const op = operation;
+            // Parameterize path: {id} → :id
+            const paramPath = path.replace(/\{([^}]+)\}/g, ':$1');
+            // Extract query params
+            const queryParams = {};
+            if (op.parameters) {
+                for (const param of op.parameters) {
+                    if (param.in === 'query') {
+                        queryParams[param.name] = {
+                            type: param.schema?.type || 'string',
+                            example: '',
+                        };
+                    }
+                }
+            }
+            // Generate endpoint ID
+            const id = op.operationId
+                ? method.toLowerCase() + '-' + op.operationId.replace(/[^a-z0-9]/gi, '-').toLowerCase()
+                : generateId(method, paramPath);
+            endpoints.push({
+                id,
+                method: method.toUpperCase(),
+                path: paramPath,
+                queryParams,
+                headers: {},
+                responseShape: { type: 'unknown' },
+                examples: {
+                    request: { url: `${apiBase}${path}`, headers: {} },
+                    responsePreview: null,
+                },
+                replayability: {
+                    tier: 'unknown',
+                    verified: false,
+                    signals: ['discovered-from-spec'],
+                },
+            });
+        }
+    }
+    if (endpoints.length === 0)
+        return null;
+    return {
+        version: '1.2',
+        domain,
+        capturedAt: new Date().toISOString(),
+        baseUrl: apiBase,
+        endpoints,
+        metadata: {
+            captureCount: 0,
+            filteredCount: 0,
+            toolVersion: '1.0.0',
+        },
+        provenance: 'unsigned',
+    };
+}
+function generateId(method, path) {
+    const segments = path.split('/').filter(s => s !== '' && !s.startsWith(':'));
+    const slug = segments.join('-').replace(/[^a-z0-9-]/gi, '').toLowerCase() || 'root';
+    return `${method.toLowerCase()}-${slug}`;
+}
+function parseLinkHeader(header, rel) {
+    const parts = header.split(',');
+    for (const part of parts) {
+        const match = part.match(/<([^>]+)>.*rel\s*=\s*"?([^",;]+)"?/);
+        if (match && match[2].trim() === rel) {
+            return match[1];
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=openapi.js.map

package/dist/discovery/openapi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.js","sourceRoot":"","sources":["../../src/discovery/openapi.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,sDAAsD;AACtD,MAAM,UAAU,GAAG;IACjB,eAAe;IACf,eAAe;IACf,WAAW;IACX,WAAW;IACX,sBAAsB;IACtB,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,mBAAmB;CACpB,CAAC;AAiCF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,eAAwC,EACxC,UAAgC,EAAE;IAElC,MAAM,KAAK,GAAqB,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAEvC,wDAAwD;IACxD,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;QACtE,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,WAAW,GAAG,eAAe,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC/D,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,WAAW,EAAE,CAAC;gBACzF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACpD,IAAI,MAAM;oBAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC3C,MAAM,OAAO,GAAG,GAAG,MAAM,GAAG,IAAI,EAAE,CAAC;QACnC,OAAO,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,GAAW,EAAE,UAAgC,EAAE;IACzE,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAElD,sBAAsB;IACtB,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5F,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAgB,CAAC;QACpD,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;gBAC9E,OAAO,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACxH,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAEV,OAAO;gBACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;gBAC1C,GAAG;gBACH,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO;gBACrC,aAAa;aACd,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAe,EACf,MAAc,EACd,OAAe,EACf,UAAgC,EAAE;IAElC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAElD,IAAI,IAAiB,CAAC;IACtB,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAE7B,yBAAyB;IACzB,IAAI,OAAO,GAAG,OAAO,CAAC;IACtB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACtC,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,OAAO,GAAG,SAAS,EAAE,CAAC;IAChF,CAAC;SAAM,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QAC9D,OAAO,GAAG,GAAG,MAAM,MAAM,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;IAC7D,CAAC;IAED,MAAM,SAAS,GAAoB,EAAE,CAAC;IAEtC,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,KAAK,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,SAAS;YAC1E,MAAM,EAAE,GAAG,SAA6B,CAAC;YAEzC,gCAAgC;YAChC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YAEtD,uBAAuB;YACvB,MAAM,WAAW,GAAsD,EAAE,CAAC;YAC1E,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC;gBAClB,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC;oBAClC,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;wBACzB,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG;4BACxB,IAAI,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI,IAAI,QAAQ;4BACpC,OAAO,EAAE,EAAE;yBACZ,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW;gBACvB,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,GAAG,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE;gBACvF,CAAC,CAAC,UAAU,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAElC,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE;gBACF,MAAM,EAAE,MAAM,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,SAAS;gBACf,WAAW;gBACX,OAAO,EAAE,EAAE;gBACX,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gBAClC,QAAQ,EAAE;oBACR,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,OAAO,GAAG,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;oBAClD,eAAe,EAAE,IAAI;iBACtB;gBACD,aAAa,EAAE;oBACb,IAAI,EAAE,SAAS;oBACf,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,CAAC,sBAAsB,CAAC;iBAClC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM;QACN,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,OAAO,EAAE,OAAO;QAChB,SAAS;QACT,QAAQ,EAAE;YACR,YAAY,EAAE,CAAC;YACf,aAAa,EAAE,CAAC;YAChB,WAAW,EAAE,OAAO;SACrB;QACD,UAAU,EAAE,UAAU;KACvB,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc,EAAE,IAAY;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,IAAI,MAAM,CAAC;IACpF,OAAO,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,eAAe,CAAC,MAAc,EAAE,GAAW;IAClD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAC/D,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/discovery/probes.d.ts

@@ -0,0 +1,9 @@
+import type { ProbeResult } from '../types.js';
+export interface ProbeOptions {
+    skipSsrf?: boolean;
+}
+/**
+ * Probe common API paths with GET requests.
+ * Returns results for paths that respond with API-like content types.
+ */
+export declare function probeApiPaths(baseUrl: string, options?: ProbeOptions): Promise<ProbeResult[]>;

package/dist/discovery/probes.js

@@ -0,0 +1,70 @@
+import { safeFetch } from './fetch.js';
+/** Common API paths to probe */
+const PROBE_PATHS = [
+    '/api/',
+    '/api/v1/',
+    '/api/v2/',
+    '/_api/',
+    '/rest/',
+    '/graphql',
+    '/gql',
+    '/api/graphql',
+];
+/**
+ * Probe common API paths with GET requests.
+ * Returns results for paths that respond with API-like content types.
+ */
+export async function probeApiPaths(baseUrl, options = {}) {
+    const origin = new URL(baseUrl).origin;
+    const results = [];
+    const checks = PROBE_PATHS.map(async (path) => {
+        const url = `${origin}${path}`;
+        const result = await safeFetch(url, { timeout: 5000, method: 'GET', maxBodySize: 4096, skipSsrf: options.skipSsrf });
+        if (!result)
+            return null;
+        // Don't count redirects to login pages or error pages
+        if (result.status >= 400 && result.status !== 401 && result.status !== 403)
+            return null;
+        const ct = result.contentType.toLowerCase();
+        const isApi = isApiContentType(ct, result.body, result.status);
+        return {
+            method: 'GET',
+            path,
+            status: result.status,
+            contentType: result.contentType,
+            isApi,
+        };
+    });
+    const settled = await Promise.all(checks);
+    for (const result of settled) {
+        if (result)
+            results.push(result);
+    }
+    return results;
+}
+function isApiContentType(contentType, body, status) {
+    // JSON responses are API
+    if (contentType.includes('json'))
+        return true;
+    // XML/SOAP
+    if (contentType.includes('xml'))
+        return true;
+    // 401/403 at an API path means something is there (but needs auth)
+    if ((status === 401 || status === 403) && !contentType.includes('html'))
+        return true;
+    // GraphQL introspection response
+    if (body.includes('"data"') && body.includes('"__schema"'))
+        return true;
+    // Check if body looks like JSON even without proper content-type
+    if (body.trim().startsWith('{') || body.trim().startsWith('[')) {
+        try {
+            JSON.parse(body);
+            return true;
+        }
+        catch {
+            // Not JSON
+        }
+    }
+    return false;
+}
+//# sourceMappingURL=probes.js.map

package/dist/discovery/probes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"probes.js","sourceRoot":"","sources":["../../src/discovery/probes.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,gCAAgC;AAChC,MAAM,WAAW,GAAG;IAClB,OAAO;IACP,UAAU;IACV,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,UAAU;IACV,MAAM;IACN,cAAc;CACf,CAAC;AAMF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe,EAAE,UAAwB,EAAE;IAC7E,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACvC,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAA+B,EAAE;QACzE,MAAM,GAAG,GAAG,GAAG,MAAM,GAAG,IAAI,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,sDAAsD;QACtD,IAAI,MAAM,CAAC,MAAM,IAAI,GAAG,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAExF,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,gBAAgB,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAE/D,OAAO;YACL,MAAM,EAAE,KAAK;YACb,IAAI;YACJ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,KAAK;SACN,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM;YAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CAAC,WAAmB,EAAE,IAAY,EAAE,MAAc;IACzE,yBAAyB;IACzB,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,WAAW;IACX,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,mEAAmE;IACnE,IAAI,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IACrF,iCAAiC;IACjC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IACxE,iEAAiE;IACjE,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC;YACH,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,25 @@
+export { capture, type CaptureOptions, type CaptureResult } from './capture/monitor.js';
+export { shouldCapture } from './capture/filter.js';
+export { isBlocklisted } from './capture/blocklist.js';
+export { isDomainMatch } from './capture/domain.js';
+export { scrubPII } from './capture/scrubber.js';
+export { SkillGenerator } from './skill/generator.js';
+export { writeSkillFile, readSkillFile, listSkillFiles } from './skill/store.js';
+export { signSkillFile, verifySignature } from './skill/signing.js';
+export { validateImport, importSkillFile } from './skill/importer.js';
+export { validateUrl, validateSkillFileUrls, resolveAndValidateUrl, resolveAndValidateSkillFileUrls } from './skill/ssrf.js';
+export { replayEndpoint, type ReplayResult } from './replay/engine.js';
+export { peek, read, type PeekOptions, type ReadOptions } from './read/index.js';
+export type { PeekResult, ReadResult, Decoder } from './read/types.js';
+export { AuthManager, getMachineId } from './auth/manager.js';
+export { parameterizePath, cleanFrameworkPath } from './capture/parameterize.js';
+export { detectPagination } from './capture/pagination.js';
+export { verifyEndpoints } from './capture/verifier.js';
+export { IdleTracker } from './capture/idle.js';
+export { isPathNoise } from './capture/filter.js';
+export { searchSkills, type SearchResult, type SearchResponse } from './skill/search.js';
+export { createPlugin, type Plugin, type ToolDefinition, type PluginOptions } from './plugin.js';
+export { shannonEntropy, isLikelyToken, parseJwtClaims, type TokenClassification, type JwtClaims } from './capture/entropy.js';
+export { isOAuthTokenRequest, type OAuthInfo } from './capture/oauth-detector.js';
+export { CaptureSession, type SessionOptions, type InteractionAction } from './capture/session.js';
+export type { SkillFile, SkillEndpoint, SkillSummary, CapturedExchange, StoredAuth, OAuthConfig, Replayability, PaginationInfo, PageSnapshot, PageElement, InteractionResult, FinishResult } from './types.js';

package/dist/index.js

@@ -0,0 +1,25 @@
+// src/index.ts
+export { capture } from './capture/monitor.js';
+export { shouldCapture } from './capture/filter.js';
+export { isBlocklisted } from './capture/blocklist.js';
+export { isDomainMatch } from './capture/domain.js';
+export { scrubPII } from './capture/scrubber.js';
+export { SkillGenerator } from './skill/generator.js';
+export { writeSkillFile, readSkillFile, listSkillFiles } from './skill/store.js';
+export { signSkillFile, verifySignature } from './skill/signing.js';
+export { validateImport, importSkillFile } from './skill/importer.js';
+export { validateUrl, validateSkillFileUrls, resolveAndValidateUrl, resolveAndValidateSkillFileUrls } from './skill/ssrf.js';
+export { replayEndpoint } from './replay/engine.js';
+export { peek, read } from './read/index.js';
+export { AuthManager, getMachineId } from './auth/manager.js';
+export { parameterizePath, cleanFrameworkPath } from './capture/parameterize.js';
+export { detectPagination } from './capture/pagination.js';
+export { verifyEndpoints } from './capture/verifier.js';
+export { IdleTracker } from './capture/idle.js';
+export { isPathNoise } from './capture/filter.js';
+export { searchSkills } from './skill/search.js';
+export { createPlugin } from './plugin.js';
+export { shannonEntropy, isLikelyToken, parseJwtClaims } from './capture/entropy.js';
+export { isOAuthTokenRequest } from './capture/oauth-detector.js';
+export { CaptureSession } from './capture/session.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,eAAe;AACf,OAAO,EAAE,OAAO,EAA2C,MAAM,sBAAsB,CAAC;AACxF,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,+BAA+B,EAAE,MAAM,iBAAiB,CAAC;AAC7H,OAAO,EAAE,cAAc,EAAqB,MAAM,oBAAoB,CAAC;AACvE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAsC,MAAM,iBAAiB,CAAC;AAEjF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,YAAY,EAA0C,MAAM,mBAAmB,CAAC;AACzF,OAAO,EAAE,YAAY,EAAwD,MAAM,aAAa,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAA4C,MAAM,sBAAsB,CAAC;AAC/H,OAAO,EAAE,mBAAmB,EAAkB,MAAM,6BAA6B,CAAC;AAClF,OAAO,EAAE,cAAc,EAA+C,MAAM,sBAAsB,CAAC"}

package/dist/inspect/report.d.ts

@@ -0,0 +1,52 @@
+import type { SkillFile } from '../types.js';
+import { type AntiBotSignal } from '../capture/anti-bot.js';
+export interface InspectReport {
+    domain: string;
+    scanDuration: number;
+    totalRequests: number;
+    filteredRequests: number;
+    domBytes?: number;
+    endpoints: InspectEndpoint[];
+    antiBot: AntiBotSignal[];
+    summary: {
+        total: number;
+        replayable: number;
+        authRequired: number;
+        framework: string | null;
+        browserTokens: number;
+        replayTokens: number;
+        savingsPercent: number;
+    };
+}
+interface InspectEndpoint {
+    method: string;
+    path: string;
+    tier: string;
+    auth: string;
+    responseBytes: number;
+    responseShape: {
+        type: string;
+        fields?: string[];
+    };
+    graphql: {
+        operations: string[];
+    } | null;
+    pagination: {
+        type: string;
+        paramName: string;
+    } | null;
+}
+/**
+ * Build an inspect report from capture results.
+ */
+export declare function buildInspectReport(options: {
+    skills: Map<string, SkillFile>;
+    totalRequests: number;
+    filteredRequests: number;
+    duration: number;
+    domBytes?: number;
+    antiBotSignals: AntiBotSignal[];
+    targetDomain: string;
+}): InspectReport;
+export declare function formatInspectHuman(report: InspectReport): string;
+export {};