@arcadialdev/arcality 2.5.0 → 2.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -18
- package/package.json +1 -1
- package/scripts/gen-and-run.mjs +72 -85
- package/src/EvidenceUploader.mjs +45 -45
- package/src/KnowledgeService.ts +1 -1
- package/src/arcalityClient.mjs +15 -8
- package/src/services/collectiveMemoryService.ts +10 -10
- package/src/services/securityScanner.ts +4 -4
- package/tests/_helpers/ArcalityReporter.js +729 -729
- package/tests/_helpers/agentic-runner.bundle.spec.js +50 -25
|
@@ -305,7 +305,8 @@ var qaAdvancedTools = [
|
|
|
305
305
|
|
|
306
306
|
// tests/_helpers/qa-security-tools.ts
|
|
307
307
|
async function audit_http_headers(page) {
|
|
308
|
-
|
|
308
|
+
if (process.env.DEBUG)
|
|
309
|
+
console.log(`[QA-SEC] Auditing HTTP Headers for: ${page.url()}`);
|
|
309
310
|
const response = await page.reload({ waitUntil: "domcontentloaded" });
|
|
310
311
|
const headers = response?.headers();
|
|
311
312
|
const vulnerabilities = [];
|
|
@@ -364,11 +365,13 @@ async function audit_http_headers(page) {
|
|
|
364
365
|
});
|
|
365
366
|
}
|
|
366
367
|
}
|
|
367
|
-
|
|
368
|
+
if (process.env.DEBUG)
|
|
369
|
+
console.log(`[QA-SEC] Found ${vulnerabilities.length} missing security headers.`);
|
|
368
370
|
return vulnerabilities;
|
|
369
371
|
}
|
|
370
372
|
async function scan_sensitive_data_exposure(page) {
|
|
371
|
-
|
|
373
|
+
if (process.env.DEBUG)
|
|
374
|
+
console.log(`[QA-SEC] Scanning localStorage and sessionStorage for sensitive data.`);
|
|
372
375
|
const vulnerabilities = [];
|
|
373
376
|
const sensitiveKeywords = ["token", "password", "secret", "key", "jwt", "auth"];
|
|
374
377
|
const storages = {
|
|
@@ -406,7 +409,8 @@ async function scan_sensitive_data_exposure(page) {
|
|
|
406
409
|
}
|
|
407
410
|
}
|
|
408
411
|
}
|
|
409
|
-
|
|
412
|
+
if (process.env.DEBUG)
|
|
413
|
+
console.log(`[QA-SEC] Found ${vulnerabilities.length} instances of sensitive data in browser storage.`);
|
|
410
414
|
return vulnerabilities;
|
|
411
415
|
}
|
|
412
416
|
|
|
@@ -516,7 +520,8 @@ var KnowledgeService = class _KnowledgeService {
|
|
|
516
520
|
const data = await res.json();
|
|
517
521
|
if (data.status === "skipped_duplicate_dom") {
|
|
518
522
|
} else {
|
|
519
|
-
|
|
523
|
+
if (process.env.DEBUG)
|
|
524
|
+
console.log(import_chalk.default.cyan(`[Knowledge] Ingesta exitosa (Project: ${payload.project_id})`));
|
|
520
525
|
}
|
|
521
526
|
}
|
|
522
527
|
} catch (e) {
|
|
@@ -691,14 +696,17 @@ async function pushRule(rule) {
|
|
|
691
696
|
})
|
|
692
697
|
});
|
|
693
698
|
if (!res.ok) {
|
|
694
|
-
|
|
699
|
+
if (process.env.DEBUG)
|
|
700
|
+
console.warn(`[CollectiveMemory] pushRule HTTP ${res.status}: ${await res.text().catch(() => "")}`);
|
|
695
701
|
return null;
|
|
696
702
|
}
|
|
697
703
|
const data = await res.json();
|
|
698
|
-
|
|
704
|
+
if (process.env.DEBUG)
|
|
705
|
+
console.log(`\x1B[32m[CollectiveMemory] \u2705 Regla guardada: "${rule.title}"\x1B[0m`);
|
|
699
706
|
return data.id ?? null;
|
|
700
707
|
} catch (err) {
|
|
701
|
-
|
|
708
|
+
if (process.env.DEBUG)
|
|
709
|
+
console.warn(`[CollectiveMemory] pushRule error: ${err?.message}`);
|
|
702
710
|
return null;
|
|
703
711
|
}
|
|
704
712
|
}
|
|
@@ -755,14 +763,17 @@ async function pushKnowledge(knowledge) {
|
|
|
755
763
|
})
|
|
756
764
|
});
|
|
757
765
|
if (!res.ok) {
|
|
758
|
-
|
|
766
|
+
if (process.env.DEBUG)
|
|
767
|
+
console.warn(`[CollectiveMemory] pushKnowledge HTTP ${res.status}: ${await res.text().catch(() => "")}`);
|
|
759
768
|
return null;
|
|
760
769
|
}
|
|
761
770
|
const data = await res.json();
|
|
762
|
-
|
|
771
|
+
if (process.env.DEBUG)
|
|
772
|
+
console.log(`\x1B[32m[CollectiveMemory] \u2705 Conocimiento guardado: "${knowledge.title}"\x1B[0m`);
|
|
763
773
|
return data.id ?? null;
|
|
764
774
|
} catch (err) {
|
|
765
|
-
|
|
775
|
+
if (process.env.DEBUG)
|
|
776
|
+
console.warn(`[CollectiveMemory] pushKnowledge error: ${err?.message}`);
|
|
766
777
|
return null;
|
|
767
778
|
}
|
|
768
779
|
}
|
|
@@ -811,7 +822,8 @@ async function savePromptPattern(patternData) {
|
|
|
811
822
|
mission_id: getMissionId(),
|
|
812
823
|
...patternData
|
|
813
824
|
};
|
|
814
|
-
|
|
825
|
+
if (process.env.DEBUG)
|
|
826
|
+
console.log(`[PatternSave] \u{1F4E4} POST ${apiUrl} | org=${payload.organization_id} proj=${payload.project_id} mission=${payload.mission_id}`);
|
|
815
827
|
const res = await fetch(apiUrl, {
|
|
816
828
|
method: "POST",
|
|
817
829
|
headers: {
|
|
@@ -821,13 +833,16 @@ async function savePromptPattern(patternData) {
|
|
|
821
833
|
body: JSON.stringify(payload)
|
|
822
834
|
});
|
|
823
835
|
if (!res.ok) {
|
|
824
|
-
|
|
836
|
+
if (process.env.DEBUG)
|
|
837
|
+
console.warn(`[PatternSave] \u26A0\uFE0F HTTP ${res.status} al guardar patr\xF3n en ${apiUrl}: ${await res.text().catch(() => "")}`);
|
|
825
838
|
} else {
|
|
826
|
-
|
|
839
|
+
if (process.env.DEBUG)
|
|
840
|
+
console.log(`[PatternSave] \u2705 Patr\xF3n guardado exitosamente.`);
|
|
827
841
|
}
|
|
828
842
|
return res.ok;
|
|
829
843
|
} catch (err) {
|
|
830
|
-
|
|
844
|
+
if (process.env.DEBUG)
|
|
845
|
+
console.warn(`[PatternSave] \u26A0\uFE0F Error guardando patr\xF3n: ${err?.message || "unknown"}`);
|
|
831
846
|
return false;
|
|
832
847
|
}
|
|
833
848
|
}
|
|
@@ -987,7 +1002,8 @@ ${content}
|
|
|
987
1002
|
}
|
|
988
1003
|
}
|
|
989
1004
|
if (loadedCount > 0) {
|
|
990
|
-
|
|
1005
|
+
if (process.env.DEBUG)
|
|
1006
|
+
console.log(`>> \u{1F4D1} ${loadedCount} habilidades QA inyectadas al cerebro.`);
|
|
991
1007
|
return skillsContext;
|
|
992
1008
|
}
|
|
993
1009
|
} catch (e) {
|
|
@@ -2659,13 +2675,15 @@ var SecurityScanner = class {
|
|
|
2659
2675
|
* @returns A promise that resolves to an array of found vulnerabilities.
|
|
2660
2676
|
*/
|
|
2661
2677
|
async runAllScans() {
|
|
2662
|
-
|
|
2678
|
+
if (process.env.DEBUG)
|
|
2679
|
+
console.log("[QA-SEC] Starting comprehensive security scan...");
|
|
2663
2680
|
const headerVulnerabilities = await audit_http_headers(this.page);
|
|
2664
2681
|
this.report.push(...headerVulnerabilities);
|
|
2665
2682
|
const storageVulnerabilities = await scan_sensitive_data_exposure(this.page);
|
|
2666
2683
|
this.report.push(...storageVulnerabilities);
|
|
2667
2684
|
await this.testOpenRedirect();
|
|
2668
|
-
|
|
2685
|
+
if (process.env.DEBUG)
|
|
2686
|
+
console.log(`[QA-SEC] Comprehensive scan finished. Found ${this.report.length} potential vulnerabilities.`);
|
|
2669
2687
|
return this.getReport();
|
|
2670
2688
|
}
|
|
2671
2689
|
/**
|
|
@@ -2679,7 +2697,8 @@ var SecurityScanner = class {
|
|
|
2679
2697
|
const originalValue = url.searchParams.get(param);
|
|
2680
2698
|
const payload = "https://www.evil-redirect.com";
|
|
2681
2699
|
url.searchParams.set(param, payload);
|
|
2682
|
-
|
|
2700
|
+
if (process.env.DEBUG)
|
|
2701
|
+
console.log(`[QA-SEC] Testing Open Redirect on param: ${param}`);
|
|
2683
2702
|
try {
|
|
2684
2703
|
await this.page.goto(url.toString(), { waitUntil: "networkidle" });
|
|
2685
2704
|
if (this.page.url().startsWith(payload)) {
|
|
@@ -2710,7 +2729,8 @@ var SecurityScanner = class {
|
|
|
2710
2729
|
await this.page.goBack();
|
|
2711
2730
|
}
|
|
2712
2731
|
} catch (error) {
|
|
2713
|
-
|
|
2732
|
+
if (process.env.DEBUG)
|
|
2733
|
+
console.log(`[QA-SEC] Error during open redirect test, this might be expected if the navigation was blocked. Continuing scan.`);
|
|
2714
2734
|
await this.page.goBack();
|
|
2715
2735
|
}
|
|
2716
2736
|
}
|
|
@@ -2906,11 +2926,13 @@ function captureValidationRule(errorMessage, context) {
|
|
|
2906
2926
|
const apiUrl = process.env.ARCALITY_API_URL || "";
|
|
2907
2927
|
const apiKey = process.env.ARCALITY_API_KEY || "";
|
|
2908
2928
|
if (!pid || !apiUrl || !apiKey) {
|
|
2909
|
-
|
|
2929
|
+
if (process.env.DEBUG)
|
|
2930
|
+
console.warn(`[CollectiveMemory] \u26A0\uFE0F Vars faltantes \u2014 project_id='${pid}' api_url='${apiUrl}' api_key='${apiKey ? "OK" : "MISSING"}' \u2192 NO persiste.`);
|
|
2910
2931
|
return;
|
|
2911
2932
|
}
|
|
2912
2933
|
if (collectiveMemoryPersisted && !isFailed) {
|
|
2913
|
-
|
|
2934
|
+
if (process.env.DEBUG)
|
|
2935
|
+
console.log(`[CollectiveMemory] \u2139\uFE0F Ya persistido como \xE9xito. Skip duplicado.`);
|
|
2914
2936
|
return;
|
|
2915
2937
|
}
|
|
2916
2938
|
if (!isFailed && stepsData.length === 0 && stepsDataBackup.length === 0) {
|
|
@@ -3907,7 +3929,8 @@ ${patternContext}` : prompt;
|
|
|
3907
3929
|
const stepsToSave = stepsData.length > 0 ? stepsData : stepsDataBackup;
|
|
3908
3930
|
const hasCompleteSteps = stepsToSave.length >= stepsDataBackup.length;
|
|
3909
3931
|
if (!isDuplicate && hasCompleteSteps) {
|
|
3910
|
-
|
|
3932
|
+
if (process.env.DEBUG)
|
|
3933
|
+
console.log(`>>ARCALITY_STATUS>> \u{1F4BE} Guardando nuevo patr\xF3n de ejecuci\xF3n (${stepsToSave.length} pasos, pattern_saved: true)...`);
|
|
3911
3934
|
const sanitizedSteps = stepsToSave.map((step, idx) => {
|
|
3912
3935
|
const s = JSON.parse(JSON.stringify(step));
|
|
3913
3936
|
s.step_index = idx;
|
|
@@ -3940,7 +3963,8 @@ ${patternContext}` : prompt;
|
|
|
3940
3963
|
}
|
|
3941
3964
|
}
|
|
3942
3965
|
}
|
|
3943
|
-
|
|
3966
|
+
if (process.env.DEBUG)
|
|
3967
|
+
console.log("\u270D\uFE0F [HUMANIZANDO] Generando resumen de \xE9xito para el reporte...");
|
|
3944
3968
|
const summary = await agent.humanizeMissionResult(prompt, history);
|
|
3945
3969
|
if (summary) {
|
|
3946
3970
|
await testInfo.attach("success_summary", {
|
|
@@ -3948,7 +3972,8 @@ ${patternContext}` : prompt;
|
|
|
3948
3972
|
contentType: "text/plain"
|
|
3949
3973
|
});
|
|
3950
3974
|
}
|
|
3951
|
-
|
|
3975
|
+
if (process.env.DEBUG)
|
|
3976
|
+
console.log("\u{1F916} [SMART-YAML] Generating mission card...");
|
|
3952
3977
|
const smartYaml = await agent.summarizeMissionToYaml(prompt, history, target);
|
|
3953
3978
|
if (smartYaml) {
|
|
3954
3979
|
const yamlPath = path2.join(contextDir, "last-mission-smart.yaml");
|