@arcadialdev/arcality 2.6.0 → 2.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
package/scripts/gen-and-run.mjs
CHANGED
|
@@ -965,7 +965,7 @@ async function main() {
|
|
|
965
965
|
const reportDir = process.env.REPORTS_DIR || 'tests-report';
|
|
966
966
|
const arcalityPath = path.resolve(reportDir, 'index.html');
|
|
967
967
|
|
|
968
|
-
sRep.stop(
|
|
968
|
+
sRep.stop();
|
|
969
969
|
|
|
970
970
|
// Read final usage and failReason from agent-log
|
|
971
971
|
try {
|
|
@@ -990,7 +990,7 @@ async function main() {
|
|
|
990
990
|
const { uploadEvidence } = await import('../src/EvidenceUploader.mjs');
|
|
991
991
|
|
|
992
992
|
const sasData = await getEvidenceSasToken(mission.mission_id, finalProjectId);
|
|
993
|
-
console.log(`[DEBUG] sasData received:`, sasData);
|
|
993
|
+
if (process.argv.includes('--debug')) console.log(`[DEBUG] sasData received:`, sasData);
|
|
994
994
|
|
|
995
995
|
// Soporte para camelCase y snake_case debido al serializador JSON del backend
|
|
996
996
|
const actualSasUrl = sasData?.sasTokenUrl || sasData?.sasUrl || sasData?.sas_url;
|
|
@@ -1040,7 +1040,6 @@ async function main() {
|
|
|
1040
1040
|
}
|
|
1041
1041
|
|
|
1042
1042
|
await new Promise(resolve => setTimeout(resolve, 2000));
|
|
1043
|
-
sRep.stop(chalk.cyan('Report process initialized.'));
|
|
1044
1043
|
|
|
1045
1044
|
// Ping project after report
|
|
1046
1045
|
await pingProject(
|
package/src/KnowledgeService.ts
CHANGED
|
@@ -144,7 +144,7 @@ export class KnowledgeService {
|
|
|
144
144
|
if (data.status === 'skipped_duplicate_dom') {
|
|
145
145
|
// console.log(chalk.gray(`[Knowledge] Ingesta omitida (Duplicado).`));
|
|
146
146
|
} else {
|
|
147
|
-
console.log(chalk.cyan(`[Knowledge] Ingesta exitosa (Project: ${payload.project_id})`));
|
|
147
|
+
if (process.env.DEBUG) console.log(chalk.cyan(`[Knowledge] Ingesta exitosa (Project: ${payload.project_id})`));
|
|
148
148
|
}
|
|
149
149
|
}
|
|
150
150
|
} catch (e: any) {
|
|
@@ -73,15 +73,15 @@ export async function pushRule(rule: {
|
|
|
73
73
|
});
|
|
74
74
|
|
|
75
75
|
if (!res.ok) {
|
|
76
|
-
console.warn(`[CollectiveMemory] pushRule HTTP ${res.status}: ${await res.text().catch(() => '')}`);
|
|
76
|
+
if (process.env.DEBUG) console.warn(`[CollectiveMemory] pushRule HTTP ${res.status}: ${await res.text().catch(() => '')}`);
|
|
77
77
|
return null;
|
|
78
78
|
}
|
|
79
79
|
|
|
80
80
|
const data = await res.json();
|
|
81
|
-
console.log(`\x1b[32m[CollectiveMemory] ✅ Regla guardada: "${rule.title}"\x1b[0m`);
|
|
81
|
+
if (process.env.DEBUG) console.log(`\x1b[32m[CollectiveMemory] ✅ Regla guardada: "${rule.title}"\x1b[0m`);
|
|
82
82
|
return data.id ?? null;
|
|
83
83
|
} catch (err: any) {
|
|
84
|
-
console.warn(`[CollectiveMemory] pushRule error: ${err?.message}`);
|
|
84
|
+
if (process.env.DEBUG) console.warn(`[CollectiveMemory] pushRule error: ${err?.message}`);
|
|
85
85
|
return null;
|
|
86
86
|
}
|
|
87
87
|
}
|
|
@@ -164,15 +164,15 @@ export async function pushKnowledge(knowledge: {
|
|
|
164
164
|
});
|
|
165
165
|
|
|
166
166
|
if (!res.ok) {
|
|
167
|
-
console.warn(`[CollectiveMemory] pushKnowledge HTTP ${res.status}: ${await res.text().catch(() => '')}`);
|
|
167
|
+
if (process.env.DEBUG) console.warn(`[CollectiveMemory] pushKnowledge HTTP ${res.status}: ${await res.text().catch(() => '')}`);
|
|
168
168
|
return null;
|
|
169
169
|
}
|
|
170
170
|
|
|
171
171
|
const data = await res.json();
|
|
172
|
-
console.log(`\x1b[32m[CollectiveMemory] ✅ Conocimiento guardado: "${knowledge.title}"\x1b[0m`);
|
|
172
|
+
if (process.env.DEBUG) console.log(`\x1b[32m[CollectiveMemory] ✅ Conocimiento guardado: "${knowledge.title}"\x1b[0m`);
|
|
173
173
|
return data.id ?? null;
|
|
174
174
|
} catch (err: any) {
|
|
175
|
-
console.warn(`[CollectiveMemory] pushKnowledge error: ${err?.message}`);
|
|
175
|
+
if (process.env.DEBUG) console.warn(`[CollectiveMemory] pushKnowledge error: ${err?.message}`);
|
|
176
176
|
return null;
|
|
177
177
|
}
|
|
178
178
|
}
|
|
@@ -228,7 +228,7 @@ export async function savePromptPattern(patternData: any): Promise<boolean> {
|
|
|
228
228
|
mission_id: getMissionId(),
|
|
229
229
|
...patternData
|
|
230
230
|
};
|
|
231
|
-
console.log(`[PatternSave] 📤 POST ${apiUrl} | org=${payload.organization_id} proj=${payload.project_id} mission=${payload.mission_id}`);
|
|
231
|
+
if (process.env.DEBUG) console.log(`[PatternSave] 📤 POST ${apiUrl} | org=${payload.organization_id} proj=${payload.project_id} mission=${payload.mission_id}`);
|
|
232
232
|
|
|
233
233
|
const res = await fetch(apiUrl, {
|
|
234
234
|
method: 'POST',
|
|
@@ -240,13 +240,13 @@ export async function savePromptPattern(patternData: any): Promise<boolean> {
|
|
|
240
240
|
});
|
|
241
241
|
|
|
242
242
|
if (!res.ok) {
|
|
243
|
-
console.warn(`[PatternSave] ⚠️ HTTP ${res.status} al guardar patrón en ${apiUrl}: ${await res.text().catch(() => '')}`);
|
|
243
|
+
if (process.env.DEBUG) console.warn(`[PatternSave] ⚠️ HTTP ${res.status} al guardar patrón en ${apiUrl}: ${await res.text().catch(() => '')}`);
|
|
244
244
|
} else {
|
|
245
|
-
console.log(`[PatternSave] ✅ Patrón guardado exitosamente.`);
|
|
245
|
+
if (process.env.DEBUG) console.log(`[PatternSave] ✅ Patrón guardado exitosamente.`);
|
|
246
246
|
}
|
|
247
247
|
return res.ok;
|
|
248
248
|
} catch (err: any) {
|
|
249
|
-
console.warn(`[PatternSave] ⚠️ Error guardando patrón: ${err?.message || 'unknown'}`);
|
|
249
|
+
if (process.env.DEBUG) console.warn(`[PatternSave] ⚠️ Error guardando patrón: ${err?.message || 'unknown'}`);
|
|
250
250
|
return false;
|
|
251
251
|
}
|
|
252
252
|
}
|
|
@@ -23,7 +23,7 @@ export class SecurityScanner {
|
|
|
23
23
|
* @returns A promise that resolves to an array of found vulnerabilities.
|
|
24
24
|
*/
|
|
25
25
|
async runAllScans(): Promise<SecurityFinding[]> {
|
|
26
|
-
console.log('[QA-SEC] Starting comprehensive security scan...');
|
|
26
|
+
if (process.env.DEBUG) console.log('[QA-SEC] Starting comprehensive security scan...');
|
|
27
27
|
|
|
28
28
|
// Scan 1: Audit HTTP Security Headers
|
|
29
29
|
const headerVulnerabilities = await audit_http_headers(this.page);
|
|
@@ -38,7 +38,7 @@ export class SecurityScanner {
|
|
|
38
38
|
|
|
39
39
|
// More scans like auth bypass for known admin URLs could be added here.
|
|
40
40
|
|
|
41
|
-
console.log(`[QA-SEC] Comprehensive scan finished. Found ${this.report.length} potential vulnerabilities.`);
|
|
41
|
+
if (process.env.DEBUG) console.log(`[QA-SEC] Comprehensive scan finished. Found ${this.report.length} potential vulnerabilities.`);
|
|
42
42
|
return this.getReport();
|
|
43
43
|
}
|
|
44
44
|
|
|
@@ -55,7 +55,7 @@ export class SecurityScanner {
|
|
|
55
55
|
const payload = 'https://www.evil-redirect.com';
|
|
56
56
|
url.searchParams.set(param, payload);
|
|
57
57
|
|
|
58
|
-
console.log(`[QA-SEC] Testing Open Redirect on param: ${param}`);
|
|
58
|
+
if (process.env.DEBUG) console.log(`[QA-SEC] Testing Open Redirect on param: ${param}`);
|
|
59
59
|
|
|
60
60
|
try {
|
|
61
61
|
await this.page.goto(url.toString(), { waitUntil: 'networkidle' });
|
|
@@ -89,7 +89,7 @@ export class SecurityScanner {
|
|
|
89
89
|
await this.page.goBack();
|
|
90
90
|
}
|
|
91
91
|
} catch (error) {
|
|
92
|
-
console.log(`[QA-SEC] Error during open redirect test, this might be expected if the navigation was blocked. Continuing scan.`);
|
|
92
|
+
if (process.env.DEBUG) console.log(`[QA-SEC] Error during open redirect test, this might be expected if the navigation was blocked. Continuing scan.`);
|
|
93
93
|
// It's possible the navigation to the evil site fails, which is good.
|
|
94
94
|
// We should ensure we can recover and continue.
|
|
95
95
|
await this.page.goBack(); // Try to recover state
|
|
@@ -305,7 +305,8 @@ var qaAdvancedTools = [
|
|
|
305
305
|
|
|
306
306
|
// tests/_helpers/qa-security-tools.ts
|
|
307
307
|
async function audit_http_headers(page) {
|
|
308
|
-
|
|
308
|
+
if (process.env.DEBUG)
|
|
309
|
+
console.log(`[QA-SEC] Auditing HTTP Headers for: ${page.url()}`);
|
|
309
310
|
const response = await page.reload({ waitUntil: "domcontentloaded" });
|
|
310
311
|
const headers = response?.headers();
|
|
311
312
|
const vulnerabilities = [];
|
|
@@ -364,11 +365,13 @@ async function audit_http_headers(page) {
|
|
|
364
365
|
});
|
|
365
366
|
}
|
|
366
367
|
}
|
|
367
|
-
|
|
368
|
+
if (process.env.DEBUG)
|
|
369
|
+
console.log(`[QA-SEC] Found ${vulnerabilities.length} missing security headers.`);
|
|
368
370
|
return vulnerabilities;
|
|
369
371
|
}
|
|
370
372
|
async function scan_sensitive_data_exposure(page) {
|
|
371
|
-
|
|
373
|
+
if (process.env.DEBUG)
|
|
374
|
+
console.log(`[QA-SEC] Scanning localStorage and sessionStorage for sensitive data.`);
|
|
372
375
|
const vulnerabilities = [];
|
|
373
376
|
const sensitiveKeywords = ["token", "password", "secret", "key", "jwt", "auth"];
|
|
374
377
|
const storages = {
|
|
@@ -406,7 +409,8 @@ async function scan_sensitive_data_exposure(page) {
|
|
|
406
409
|
}
|
|
407
410
|
}
|
|
408
411
|
}
|
|
409
|
-
|
|
412
|
+
if (process.env.DEBUG)
|
|
413
|
+
console.log(`[QA-SEC] Found ${vulnerabilities.length} instances of sensitive data in browser storage.`);
|
|
410
414
|
return vulnerabilities;
|
|
411
415
|
}
|
|
412
416
|
|
|
@@ -516,7 +520,8 @@ var KnowledgeService = class _KnowledgeService {
|
|
|
516
520
|
const data = await res.json();
|
|
517
521
|
if (data.status === "skipped_duplicate_dom") {
|
|
518
522
|
} else {
|
|
519
|
-
|
|
523
|
+
if (process.env.DEBUG)
|
|
524
|
+
console.log(import_chalk.default.cyan(`[Knowledge] Ingesta exitosa (Project: ${payload.project_id})`));
|
|
520
525
|
}
|
|
521
526
|
}
|
|
522
527
|
} catch (e) {
|
|
@@ -691,14 +696,17 @@ async function pushRule(rule) {
|
|
|
691
696
|
})
|
|
692
697
|
});
|
|
693
698
|
if (!res.ok) {
|
|
694
|
-
|
|
699
|
+
if (process.env.DEBUG)
|
|
700
|
+
console.warn(`[CollectiveMemory] pushRule HTTP ${res.status}: ${await res.text().catch(() => "")}`);
|
|
695
701
|
return null;
|
|
696
702
|
}
|
|
697
703
|
const data = await res.json();
|
|
698
|
-
|
|
704
|
+
if (process.env.DEBUG)
|
|
705
|
+
console.log(`\x1B[32m[CollectiveMemory] \u2705 Regla guardada: "${rule.title}"\x1B[0m`);
|
|
699
706
|
return data.id ?? null;
|
|
700
707
|
} catch (err) {
|
|
701
|
-
|
|
708
|
+
if (process.env.DEBUG)
|
|
709
|
+
console.warn(`[CollectiveMemory] pushRule error: ${err?.message}`);
|
|
702
710
|
return null;
|
|
703
711
|
}
|
|
704
712
|
}
|
|
@@ -755,14 +763,17 @@ async function pushKnowledge(knowledge) {
|
|
|
755
763
|
})
|
|
756
764
|
});
|
|
757
765
|
if (!res.ok) {
|
|
758
|
-
|
|
766
|
+
if (process.env.DEBUG)
|
|
767
|
+
console.warn(`[CollectiveMemory] pushKnowledge HTTP ${res.status}: ${await res.text().catch(() => "")}`);
|
|
759
768
|
return null;
|
|
760
769
|
}
|
|
761
770
|
const data = await res.json();
|
|
762
|
-
|
|
771
|
+
if (process.env.DEBUG)
|
|
772
|
+
console.log(`\x1B[32m[CollectiveMemory] \u2705 Conocimiento guardado: "${knowledge.title}"\x1B[0m`);
|
|
763
773
|
return data.id ?? null;
|
|
764
774
|
} catch (err) {
|
|
765
|
-
|
|
775
|
+
if (process.env.DEBUG)
|
|
776
|
+
console.warn(`[CollectiveMemory] pushKnowledge error: ${err?.message}`);
|
|
766
777
|
return null;
|
|
767
778
|
}
|
|
768
779
|
}
|
|
@@ -811,7 +822,8 @@ async function savePromptPattern(patternData) {
|
|
|
811
822
|
mission_id: getMissionId(),
|
|
812
823
|
...patternData
|
|
813
824
|
};
|
|
814
|
-
|
|
825
|
+
if (process.env.DEBUG)
|
|
826
|
+
console.log(`[PatternSave] \u{1F4E4} POST ${apiUrl} | org=${payload.organization_id} proj=${payload.project_id} mission=${payload.mission_id}`);
|
|
815
827
|
const res = await fetch(apiUrl, {
|
|
816
828
|
method: "POST",
|
|
817
829
|
headers: {
|
|
@@ -821,13 +833,16 @@ async function savePromptPattern(patternData) {
|
|
|
821
833
|
body: JSON.stringify(payload)
|
|
822
834
|
});
|
|
823
835
|
if (!res.ok) {
|
|
824
|
-
|
|
836
|
+
if (process.env.DEBUG)
|
|
837
|
+
console.warn(`[PatternSave] \u26A0\uFE0F HTTP ${res.status} al guardar patr\xF3n en ${apiUrl}: ${await res.text().catch(() => "")}`);
|
|
825
838
|
} else {
|
|
826
|
-
|
|
839
|
+
if (process.env.DEBUG)
|
|
840
|
+
console.log(`[PatternSave] \u2705 Patr\xF3n guardado exitosamente.`);
|
|
827
841
|
}
|
|
828
842
|
return res.ok;
|
|
829
843
|
} catch (err) {
|
|
830
|
-
|
|
844
|
+
if (process.env.DEBUG)
|
|
845
|
+
console.warn(`[PatternSave] \u26A0\uFE0F Error guardando patr\xF3n: ${err?.message || "unknown"}`);
|
|
831
846
|
return false;
|
|
832
847
|
}
|
|
833
848
|
}
|
|
@@ -987,7 +1002,8 @@ ${content}
|
|
|
987
1002
|
}
|
|
988
1003
|
}
|
|
989
1004
|
if (loadedCount > 0) {
|
|
990
|
-
|
|
1005
|
+
if (process.env.DEBUG)
|
|
1006
|
+
console.log(`>> \u{1F4D1} ${loadedCount} habilidades QA inyectadas al cerebro.`);
|
|
991
1007
|
return skillsContext;
|
|
992
1008
|
}
|
|
993
1009
|
} catch (e) {
|
|
@@ -2659,13 +2675,15 @@ var SecurityScanner = class {
|
|
|
2659
2675
|
* @returns A promise that resolves to an array of found vulnerabilities.
|
|
2660
2676
|
*/
|
|
2661
2677
|
async runAllScans() {
|
|
2662
|
-
|
|
2678
|
+
if (process.env.DEBUG)
|
|
2679
|
+
console.log("[QA-SEC] Starting comprehensive security scan...");
|
|
2663
2680
|
const headerVulnerabilities = await audit_http_headers(this.page);
|
|
2664
2681
|
this.report.push(...headerVulnerabilities);
|
|
2665
2682
|
const storageVulnerabilities = await scan_sensitive_data_exposure(this.page);
|
|
2666
2683
|
this.report.push(...storageVulnerabilities);
|
|
2667
2684
|
await this.testOpenRedirect();
|
|
2668
|
-
|
|
2685
|
+
if (process.env.DEBUG)
|
|
2686
|
+
console.log(`[QA-SEC] Comprehensive scan finished. Found ${this.report.length} potential vulnerabilities.`);
|
|
2669
2687
|
return this.getReport();
|
|
2670
2688
|
}
|
|
2671
2689
|
/**
|
|
@@ -2679,7 +2697,8 @@ var SecurityScanner = class {
|
|
|
2679
2697
|
const originalValue = url.searchParams.get(param);
|
|
2680
2698
|
const payload = "https://www.evil-redirect.com";
|
|
2681
2699
|
url.searchParams.set(param, payload);
|
|
2682
|
-
|
|
2700
|
+
if (process.env.DEBUG)
|
|
2701
|
+
console.log(`[QA-SEC] Testing Open Redirect on param: ${param}`);
|
|
2683
2702
|
try {
|
|
2684
2703
|
await this.page.goto(url.toString(), { waitUntil: "networkidle" });
|
|
2685
2704
|
if (this.page.url().startsWith(payload)) {
|
|
@@ -2710,7 +2729,8 @@ var SecurityScanner = class {
|
|
|
2710
2729
|
await this.page.goBack();
|
|
2711
2730
|
}
|
|
2712
2731
|
} catch (error) {
|
|
2713
|
-
|
|
2732
|
+
if (process.env.DEBUG)
|
|
2733
|
+
console.log(`[QA-SEC] Error during open redirect test, this might be expected if the navigation was blocked. Continuing scan.`);
|
|
2714
2734
|
await this.page.goBack();
|
|
2715
2735
|
}
|
|
2716
2736
|
}
|
|
@@ -2906,11 +2926,13 @@ function captureValidationRule(errorMessage, context) {
|
|
|
2906
2926
|
const apiUrl = process.env.ARCALITY_API_URL || "";
|
|
2907
2927
|
const apiKey = process.env.ARCALITY_API_KEY || "";
|
|
2908
2928
|
if (!pid || !apiUrl || !apiKey) {
|
|
2909
|
-
|
|
2929
|
+
if (process.env.DEBUG)
|
|
2930
|
+
console.warn(`[CollectiveMemory] \u26A0\uFE0F Vars faltantes \u2014 project_id='${pid}' api_url='${apiUrl}' api_key='${apiKey ? "OK" : "MISSING"}' \u2192 NO persiste.`);
|
|
2910
2931
|
return;
|
|
2911
2932
|
}
|
|
2912
2933
|
if (collectiveMemoryPersisted && !isFailed) {
|
|
2913
|
-
|
|
2934
|
+
if (process.env.DEBUG)
|
|
2935
|
+
console.log(`[CollectiveMemory] \u2139\uFE0F Ya persistido como \xE9xito. Skip duplicado.`);
|
|
2914
2936
|
return;
|
|
2915
2937
|
}
|
|
2916
2938
|
if (!isFailed && stepsData.length === 0 && stepsDataBackup.length === 0) {
|
|
@@ -3907,7 +3929,8 @@ ${patternContext}` : prompt;
|
|
|
3907
3929
|
const stepsToSave = stepsData.length > 0 ? stepsData : stepsDataBackup;
|
|
3908
3930
|
const hasCompleteSteps = stepsToSave.length >= stepsDataBackup.length;
|
|
3909
3931
|
if (!isDuplicate && hasCompleteSteps) {
|
|
3910
|
-
|
|
3932
|
+
if (process.env.DEBUG)
|
|
3933
|
+
console.log(`>>ARCALITY_STATUS>> \u{1F4BE} Guardando nuevo patr\xF3n de ejecuci\xF3n (${stepsToSave.length} pasos, pattern_saved: true)...`);
|
|
3911
3934
|
const sanitizedSteps = stepsToSave.map((step, idx) => {
|
|
3912
3935
|
const s = JSON.parse(JSON.stringify(step));
|
|
3913
3936
|
s.step_index = idx;
|
|
@@ -3940,7 +3963,8 @@ ${patternContext}` : prompt;
|
|
|
3940
3963
|
}
|
|
3941
3964
|
}
|
|
3942
3965
|
}
|
|
3943
|
-
|
|
3966
|
+
if (process.env.DEBUG)
|
|
3967
|
+
console.log("\u270D\uFE0F [HUMANIZANDO] Generando resumen de \xE9xito para el reporte...");
|
|
3944
3968
|
const summary = await agent.humanizeMissionResult(prompt, history);
|
|
3945
3969
|
if (summary) {
|
|
3946
3970
|
await testInfo.attach("success_summary", {
|
|
@@ -3948,7 +3972,8 @@ ${patternContext}` : prompt;
|
|
|
3948
3972
|
contentType: "text/plain"
|
|
3949
3973
|
});
|
|
3950
3974
|
}
|
|
3951
|
-
|
|
3975
|
+
if (process.env.DEBUG)
|
|
3976
|
+
console.log("\u{1F916} [SMART-YAML] Generating mission card...");
|
|
3952
3977
|
const smartYaml = await agent.summarizeMissionToYaml(prompt, history, target);
|
|
3953
3978
|
if (smartYaml) {
|
|
3954
3979
|
const yamlPath = path2.join(contextDir, "last-mission-smart.yaml");
|