@avi770/testteam 1.2.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (300) hide show
  1. package/CHANGELOG.md +29 -1
  2. package/README.md +53 -6
  3. package/agents/24-signup-onboarding-tester.ts +429 -0
  4. package/agents/25-crud-flow-tester.ts +302 -0
  5. package/agents/26-form-validator.ts +297 -0
  6. package/agents/27-search-filter-tester.ts +326 -0
  7. package/agents/28-navigation-routing-tester.ts +425 -0
  8. package/agents/29-responsive-interaction-tester.ts +350 -0
  9. package/agents/30-multi-user-scenario-tester.ts +319 -0
  10. package/agents/31-load-tester.ts +134 -0
  11. package/agents/32-memory-leak-detector.ts +194 -0
  12. package/agents/33-bundle-analyzer.ts +132 -0
  13. package/agents/34-xss-scanner.ts +191 -0
  14. package/agents/35-csrf-tester.ts +82 -0
  15. package/agents/36-auth-fuzzer.ts +194 -0
  16. package/agents/37-dependency-scanner.ts +176 -0
  17. package/agents/38-secrets-scanner.ts +137 -0
  18. package/agents/39-api-contract-tester.ts +199 -0
  19. package/agents/40-rate-limit-tester.ts +94 -0
  20. package/agents/41-api-pagination-tester.ts +97 -0
  21. package/agents/42-graphql-tester.ts +222 -0
  22. package/agents/43-data-consistency-checker.ts +205 -0
  23. package/agents/44-backup-recovery-tester.ts +152 -0
  24. package/agents/45-data-privacy-scanner.ts +125 -0
  25. package/agents/46-seo-auditor.ts +294 -0
  26. package/agents/47-social-preview-tester.ts +232 -0
  27. package/agents/48-lighthouse-auditor.ts +213 -0
  28. package/agents/49-i18n-tester.ts +198 -0
  29. package/agents/50-timezone-tester.ts +173 -0
  30. package/agents/51-error-recovery-tester.ts +155 -0
  31. package/agents/52-offline-mode-tester.ts +180 -0
  32. package/agents/53-graceful-degradation-tester.ts +156 -0
  33. package/agents/54-websocket-tester.ts +151 -0
  34. package/agents/55-realtime-sync-tester.ts +194 -0
  35. package/agents/56-file-upload-tester.ts +194 -0
  36. package/agents/57-export-tester.ts +174 -0
  37. package/agents/58-payment-flow-tester.ts +183 -0
  38. package/agents/59-ssl-tls-auditor.ts +141 -0
  39. package/agents/60-dns-cdn-tester.ts +117 -0
  40. package/agents/61-docker-health-checker.ts +111 -0
  41. package/agents/62-env-config-validator.ts +152 -0
  42. package/agents/63-log-quality-auditor.ts +136 -0
  43. package/agents/64-analytics-tracker-tester.ts +165 -0
  44. package/agents/65-gdpr-compliance-tester.ts +215 -0
  45. package/agents/66-soc2-control-validator.ts +210 -0
  46. package/agents/67-wcag-aaa-tester.ts +241 -0
  47. package/agents/68-dead-code-detector.ts +135 -0
  48. package/agents/69-type-safety-auditor.ts +164 -0
  49. package/agents/70-complexity-analyzer.ts +179 -0
  50. package/agents/__tests__/24-signup-onboarding-tester.test.ts +274 -0
  51. package/agents/__tests__/25-crud-flow-tester.test.ts +322 -0
  52. package/agents/__tests__/26-form-validator.test.ts +345 -0
  53. package/agents/__tests__/27-search-filter-tester.test.ts +311 -0
  54. package/agents/__tests__/28-navigation-routing-tester.test.ts +328 -0
  55. package/agents/__tests__/29-responsive-interaction-tester.test.ts +297 -0
  56. package/agents/__tests__/30-multi-user-scenario-tester.test.ts +328 -0
  57. package/agents/__tests__/31-load-tester.test.ts +189 -0
  58. package/agents/__tests__/32-memory-leak-detector.test.ts +251 -0
  59. package/agents/__tests__/33-bundle-analyzer.test.ts +237 -0
  60. package/agents/__tests__/34-xss-scanner.test.ts +258 -0
  61. package/agents/__tests__/35-csrf-tester.test.ts +200 -0
  62. package/agents/__tests__/36-auth-fuzzer.test.ts +214 -0
  63. package/agents/__tests__/37-dependency-scanner.test.ts +266 -0
  64. package/agents/__tests__/38-secrets-scanner.test.ts +224 -0
  65. package/agents/__tests__/39-api-contract-tester.test.ts +312 -0
  66. package/agents/__tests__/40-rate-limit-tester.test.ts +192 -0
  67. package/agents/__tests__/41-api-pagination-tester.test.ts +198 -0
  68. package/agents/__tests__/42-graphql-tester.test.ts +252 -0
  69. package/agents/__tests__/43-data-consistency-checker.test.ts +232 -0
  70. package/agents/__tests__/44-backup-recovery-tester.test.ts +222 -0
  71. package/agents/__tests__/45-data-privacy-scanner.test.ts +223 -0
  72. package/agents/__tests__/46-seo-auditor.test.ts +261 -0
  73. package/agents/__tests__/47-social-preview-tester.test.ts +245 -0
  74. package/agents/__tests__/48-lighthouse-auditor.test.ts +276 -0
  75. package/agents/__tests__/49-i18n-tester.test.ts +201 -0
  76. package/agents/__tests__/50-timezone-tester.test.ts +172 -0
  77. package/agents/__tests__/51-error-recovery-tester.test.ts +162 -0
  78. package/agents/__tests__/52-offline-mode-tester.test.ts +164 -0
  79. package/agents/__tests__/53-graceful-degradation-tester.test.ts +168 -0
  80. package/agents/__tests__/54-websocket-tester.test.ts +157 -0
  81. package/agents/__tests__/55-realtime-sync-tester.test.ts +181 -0
  82. package/agents/__tests__/56-file-upload-tester.test.ts +172 -0
  83. package/agents/__tests__/57-export-tester.test.ts +169 -0
  84. package/agents/__tests__/58-payment-flow-tester.test.ts +182 -0
  85. package/agents/__tests__/59-ssl-tls-auditor.test.ts +179 -0
  86. package/agents/__tests__/60-dns-cdn-tester.test.ts +176 -0
  87. package/agents/__tests__/61-docker-health-checker.test.ts +150 -0
  88. package/agents/__tests__/62-env-config-validator.test.ts +166 -0
  89. package/agents/__tests__/63-log-quality-auditor.test.ts +175 -0
  90. package/agents/__tests__/64-analytics-tracker-tester.test.ts +158 -0
  91. package/agents/__tests__/65-gdpr-compliance-tester.test.ts +174 -0
  92. package/agents/__tests__/66-soc2-control-validator.test.ts +183 -0
  93. package/agents/__tests__/67-wcag-aaa-tester.test.ts +190 -0
  94. package/agents/__tests__/68-dead-code-detector.test.ts +174 -0
  95. package/agents/__tests__/69-type-safety-auditor.test.ts +173 -0
  96. package/agents/__tests__/70-complexity-analyzer.test.ts +177 -0
  97. package/agents/__tests__/registry.test.ts +13 -13
  98. package/agents/registry.ts +146 -5
  99. package/core/__tests__/integration.test.ts +4 -4
  100. package/core/__tests__/orchestrator.test.ts +17 -16
  101. package/core/license.ts +208 -211
  102. package/core/orchestrator.ts +6 -4
  103. package/dist/agents/24-signup-onboarding-tester.d.ts +35 -0
  104. package/dist/agents/24-signup-onboarding-tester.d.ts.map +1 -0
  105. package/dist/agents/24-signup-onboarding-tester.js +357 -0
  106. package/dist/agents/24-signup-onboarding-tester.js.map +1 -0
  107. package/dist/agents/25-crud-flow-tester.d.ts +11 -0
  108. package/dist/agents/25-crud-flow-tester.d.ts.map +1 -0
  109. package/dist/agents/25-crud-flow-tester.js +253 -0
  110. package/dist/agents/25-crud-flow-tester.js.map +1 -0
  111. package/dist/agents/26-form-validator.d.ts +12 -0
  112. package/dist/agents/26-form-validator.d.ts.map +1 -0
  113. package/dist/agents/26-form-validator.js +257 -0
  114. package/dist/agents/26-form-validator.js.map +1 -0
  115. package/dist/agents/27-search-filter-tester.d.ts +20 -0
  116. package/dist/agents/27-search-filter-tester.d.ts.map +1 -0
  117. package/dist/agents/27-search-filter-tester.js +267 -0
  118. package/dist/agents/27-search-filter-tester.js.map +1 -0
  119. package/dist/agents/28-navigation-routing-tester.d.ts +32 -0
  120. package/dist/agents/28-navigation-routing-tester.d.ts.map +1 -0
  121. package/dist/agents/28-navigation-routing-tester.js +363 -0
  122. package/dist/agents/28-navigation-routing-tester.js.map +1 -0
  123. package/dist/agents/29-responsive-interaction-tester.d.ts +26 -0
  124. package/dist/agents/29-responsive-interaction-tester.d.ts.map +1 -0
  125. package/dist/agents/29-responsive-interaction-tester.js +272 -0
  126. package/dist/agents/29-responsive-interaction-tester.js.map +1 -0
  127. package/dist/agents/30-multi-user-scenario-tester.d.ts +24 -0
  128. package/dist/agents/30-multi-user-scenario-tester.d.ts.map +1 -0
  129. package/dist/agents/30-multi-user-scenario-tester.js +254 -0
  130. package/dist/agents/30-multi-user-scenario-tester.js.map +1 -0
  131. package/dist/agents/31-load-tester.d.ts +12 -0
  132. package/dist/agents/31-load-tester.d.ts.map +1 -0
  133. package/dist/agents/31-load-tester.js +110 -0
  134. package/dist/agents/31-load-tester.js.map +1 -0
  135. package/dist/agents/32-memory-leak-detector.d.ts +12 -0
  136. package/dist/agents/32-memory-leak-detector.d.ts.map +1 -0
  137. package/dist/agents/32-memory-leak-detector.js +167 -0
  138. package/dist/agents/32-memory-leak-detector.js.map +1 -0
  139. package/dist/agents/33-bundle-analyzer.d.ts +10 -0
  140. package/dist/agents/33-bundle-analyzer.d.ts.map +1 -0
  141. package/dist/agents/33-bundle-analyzer.js +111 -0
  142. package/dist/agents/33-bundle-analyzer.js.map +1 -0
  143. package/dist/agents/34-xss-scanner.d.ts +11 -0
  144. package/dist/agents/34-xss-scanner.d.ts.map +1 -0
  145. package/dist/agents/34-xss-scanner.js +164 -0
  146. package/dist/agents/34-xss-scanner.js.map +1 -0
  147. package/dist/agents/35-csrf-tester.d.ts +11 -0
  148. package/dist/agents/35-csrf-tester.d.ts.map +1 -0
  149. package/dist/agents/35-csrf-tester.js +70 -0
  150. package/dist/agents/35-csrf-tester.js.map +1 -0
  151. package/dist/agents/36-auth-fuzzer.d.ts +13 -0
  152. package/dist/agents/36-auth-fuzzer.d.ts.map +1 -0
  153. package/dist/agents/36-auth-fuzzer.js +163 -0
  154. package/dist/agents/36-auth-fuzzer.js.map +1 -0
  155. package/dist/agents/37-dependency-scanner.d.ts +11 -0
  156. package/dist/agents/37-dependency-scanner.d.ts.map +1 -0
  157. package/dist/agents/37-dependency-scanner.js +139 -0
  158. package/dist/agents/37-dependency-scanner.js.map +1 -0
  159. package/dist/agents/38-secrets-scanner.d.ts +11 -0
  160. package/dist/agents/38-secrets-scanner.d.ts.map +1 -0
  161. package/dist/agents/38-secrets-scanner.js +116 -0
  162. package/dist/agents/38-secrets-scanner.js.map +1 -0
  163. package/dist/agents/39-api-contract-tester.d.ts +12 -0
  164. package/dist/agents/39-api-contract-tester.d.ts.map +1 -0
  165. package/dist/agents/39-api-contract-tester.js +142 -0
  166. package/dist/agents/39-api-contract-tester.js.map +1 -0
  167. package/dist/agents/40-rate-limit-tester.d.ts +12 -0
  168. package/dist/agents/40-rate-limit-tester.d.ts.map +1 -0
  169. package/dist/agents/40-rate-limit-tester.js +79 -0
  170. package/dist/agents/40-rate-limit-tester.js.map +1 -0
  171. package/dist/agents/41-api-pagination-tester.d.ts +12 -0
  172. package/dist/agents/41-api-pagination-tester.d.ts.map +1 -0
  173. package/dist/agents/41-api-pagination-tester.js +79 -0
  174. package/dist/agents/41-api-pagination-tester.js.map +1 -0
  175. package/dist/agents/42-graphql-tester.d.ts +13 -0
  176. package/dist/agents/42-graphql-tester.d.ts.map +1 -0
  177. package/dist/agents/42-graphql-tester.js +187 -0
  178. package/dist/agents/42-graphql-tester.js.map +1 -0
  179. package/dist/agents/43-data-consistency-checker.d.ts +11 -0
  180. package/dist/agents/43-data-consistency-checker.d.ts.map +1 -0
  181. package/dist/agents/43-data-consistency-checker.js +176 -0
  182. package/dist/agents/43-data-consistency-checker.js.map +1 -0
  183. package/dist/agents/44-backup-recovery-tester.d.ts +11 -0
  184. package/dist/agents/44-backup-recovery-tester.d.ts.map +1 -0
  185. package/dist/agents/44-backup-recovery-tester.js +128 -0
  186. package/dist/agents/44-backup-recovery-tester.js.map +1 -0
  187. package/dist/agents/45-data-privacy-scanner.d.ts +11 -0
  188. package/dist/agents/45-data-privacy-scanner.d.ts.map +1 -0
  189. package/dist/agents/45-data-privacy-scanner.js +100 -0
  190. package/dist/agents/45-data-privacy-scanner.js.map +1 -0
  191. package/dist/agents/46-seo-auditor.d.ts +12 -0
  192. package/dist/agents/46-seo-auditor.d.ts.map +1 -0
  193. package/dist/agents/46-seo-auditor.js +275 -0
  194. package/dist/agents/46-seo-auditor.js.map +1 -0
  195. package/dist/agents/47-social-preview-tester.d.ts +11 -0
  196. package/dist/agents/47-social-preview-tester.d.ts.map +1 -0
  197. package/dist/agents/47-social-preview-tester.js +219 -0
  198. package/dist/agents/47-social-preview-tester.js.map +1 -0
  199. package/dist/agents/48-lighthouse-auditor.d.ts +11 -0
  200. package/dist/agents/48-lighthouse-auditor.d.ts.map +1 -0
  201. package/dist/agents/48-lighthouse-auditor.js +192 -0
  202. package/dist/agents/48-lighthouse-auditor.js.map +1 -0
  203. package/dist/agents/49-i18n-tester.d.ts +13 -0
  204. package/dist/agents/49-i18n-tester.d.ts.map +1 -0
  205. package/dist/agents/49-i18n-tester.js +172 -0
  206. package/dist/agents/49-i18n-tester.js.map +1 -0
  207. package/dist/agents/50-timezone-tester.d.ts +11 -0
  208. package/dist/agents/50-timezone-tester.d.ts.map +1 -0
  209. package/dist/agents/50-timezone-tester.js +152 -0
  210. package/dist/agents/50-timezone-tester.js.map +1 -0
  211. package/dist/agents/51-error-recovery-tester.d.ts +11 -0
  212. package/dist/agents/51-error-recovery-tester.d.ts.map +1 -0
  213. package/dist/agents/51-error-recovery-tester.js +134 -0
  214. package/dist/agents/51-error-recovery-tester.js.map +1 -0
  215. package/dist/agents/52-offline-mode-tester.d.ts +12 -0
  216. package/dist/agents/52-offline-mode-tester.d.ts.map +1 -0
  217. package/dist/agents/52-offline-mode-tester.js +161 -0
  218. package/dist/agents/52-offline-mode-tester.js.map +1 -0
  219. package/dist/agents/53-graceful-degradation-tester.d.ts +12 -0
  220. package/dist/agents/53-graceful-degradation-tester.d.ts.map +1 -0
  221. package/dist/agents/53-graceful-degradation-tester.js +130 -0
  222. package/dist/agents/53-graceful-degradation-tester.js.map +1 -0
  223. package/dist/agents/54-websocket-tester.d.ts +10 -0
  224. package/dist/agents/54-websocket-tester.d.ts.map +1 -0
  225. package/dist/agents/54-websocket-tester.js +132 -0
  226. package/dist/agents/54-websocket-tester.js.map +1 -0
  227. package/dist/agents/55-realtime-sync-tester.d.ts +11 -0
  228. package/dist/agents/55-realtime-sync-tester.d.ts.map +1 -0
  229. package/dist/agents/55-realtime-sync-tester.js +175 -0
  230. package/dist/agents/55-realtime-sync-tester.js.map +1 -0
  231. package/dist/agents/56-file-upload-tester.d.ts +12 -0
  232. package/dist/agents/56-file-upload-tester.d.ts.map +1 -0
  233. package/dist/agents/56-file-upload-tester.js +166 -0
  234. package/dist/agents/56-file-upload-tester.js.map +1 -0
  235. package/dist/agents/57-export-tester.d.ts +11 -0
  236. package/dist/agents/57-export-tester.d.ts.map +1 -0
  237. package/dist/agents/57-export-tester.js +155 -0
  238. package/dist/agents/57-export-tester.js.map +1 -0
  239. package/dist/agents/58-payment-flow-tester.d.ts +11 -0
  240. package/dist/agents/58-payment-flow-tester.d.ts.map +1 -0
  241. package/dist/agents/58-payment-flow-tester.js +159 -0
  242. package/dist/agents/58-payment-flow-tester.js.map +1 -0
  243. package/dist/agents/59-ssl-tls-auditor.d.ts +10 -0
  244. package/dist/agents/59-ssl-tls-auditor.d.ts.map +1 -0
  245. package/dist/agents/59-ssl-tls-auditor.js +132 -0
  246. package/dist/agents/59-ssl-tls-auditor.js.map +1 -0
  247. package/dist/agents/60-dns-cdn-tester.d.ts +10 -0
  248. package/dist/agents/60-dns-cdn-tester.d.ts.map +1 -0
  249. package/dist/agents/60-dns-cdn-tester.js +105 -0
  250. package/dist/agents/60-dns-cdn-tester.js.map +1 -0
  251. package/dist/agents/61-docker-health-checker.d.ts +10 -0
  252. package/dist/agents/61-docker-health-checker.d.ts.map +1 -0
  253. package/dist/agents/61-docker-health-checker.js +95 -0
  254. package/dist/agents/61-docker-health-checker.js.map +1 -0
  255. package/dist/agents/62-env-config-validator.d.ts +10 -0
  256. package/dist/agents/62-env-config-validator.d.ts.map +1 -0
  257. package/dist/agents/62-env-config-validator.js +132 -0
  258. package/dist/agents/62-env-config-validator.js.map +1 -0
  259. package/dist/agents/63-log-quality-auditor.d.ts +9 -0
  260. package/dist/agents/63-log-quality-auditor.d.ts.map +1 -0
  261. package/dist/agents/63-log-quality-auditor.js +121 -0
  262. package/dist/agents/63-log-quality-auditor.js.map +1 -0
  263. package/dist/agents/64-analytics-tracker-tester.d.ts +10 -0
  264. package/dist/agents/64-analytics-tracker-tester.d.ts.map +1 -0
  265. package/dist/agents/64-analytics-tracker-tester.js +146 -0
  266. package/dist/agents/64-analytics-tracker-tester.js.map +1 -0
  267. package/dist/agents/65-gdpr-compliance-tester.d.ts +13 -0
  268. package/dist/agents/65-gdpr-compliance-tester.d.ts.map +1 -0
  269. package/dist/agents/65-gdpr-compliance-tester.js +186 -0
  270. package/dist/agents/65-gdpr-compliance-tester.js.map +1 -0
  271. package/dist/agents/66-soc2-control-validator.d.ts +14 -0
  272. package/dist/agents/66-soc2-control-validator.d.ts.map +1 -0
  273. package/dist/agents/66-soc2-control-validator.js +178 -0
  274. package/dist/agents/66-soc2-control-validator.js.map +1 -0
  275. package/dist/agents/67-wcag-aaa-tester.d.ts +13 -0
  276. package/dist/agents/67-wcag-aaa-tester.d.ts.map +1 -0
  277. package/dist/agents/67-wcag-aaa-tester.js +207 -0
  278. package/dist/agents/67-wcag-aaa-tester.js.map +1 -0
  279. package/dist/agents/68-dead-code-detector.d.ts +9 -0
  280. package/dist/agents/68-dead-code-detector.d.ts.map +1 -0
  281. package/dist/agents/68-dead-code-detector.js +116 -0
  282. package/dist/agents/68-dead-code-detector.js.map +1 -0
  283. package/dist/agents/69-type-safety-auditor.d.ts +9 -0
  284. package/dist/agents/69-type-safety-auditor.d.ts.map +1 -0
  285. package/dist/agents/69-type-safety-auditor.js +148 -0
  286. package/dist/agents/69-type-safety-auditor.js.map +1 -0
  287. package/dist/agents/70-complexity-analyzer.d.ts +10 -0
  288. package/dist/agents/70-complexity-analyzer.d.ts.map +1 -0
  289. package/dist/agents/70-complexity-analyzer.js +154 -0
  290. package/dist/agents/70-complexity-analyzer.js.map +1 -0
  291. package/dist/agents/registry.d.ts +3 -3
  292. package/dist/agents/registry.d.ts.map +1 -1
  293. package/dist/agents/registry.js +146 -5
  294. package/dist/agents/registry.js.map +1 -1
  295. package/dist/core/license.js +2 -5
  296. package/dist/core/license.js.map +1 -1
  297. package/dist/core/orchestrator.d.ts.map +1 -1
  298. package/dist/core/orchestrator.js +6 -4
  299. package/dist/core/orchestrator.js.map +1 -1
  300. package/package.json +2 -2
@@ -0,0 +1,142 @@
1
+ import { readFile } from 'node:fs/promises';
2
+ import { join } from 'node:path';
3
+ import { BaseAgent } from './base-agent';
4
+ import { resolveEnvironment } from '../helpers/env-resolver';
5
+ const REQUEST_TIMEOUT_MS = 10_000;
6
+ export class ApiContractTesterAgent extends BaseAgent {
7
+ agentId = 39;
8
+ agentName = 'API Contract Tester';
9
+ baseUrl = '';
10
+ async preFlight() {
11
+ const { env } = await resolveEnvironment(this.config, this.phase);
12
+ this.baseUrl = env.baseUrl;
13
+ }
14
+ async execute() {
15
+ const findings = [];
16
+ const projectRoot = this.config.projectRoot ?? process.cwd();
17
+ // Try to find OpenAPI spec
18
+ const specPaths = [
19
+ join(projectRoot, 'openapi.json'),
20
+ join(projectRoot, 'swagger.json'),
21
+ join(projectRoot, 'docs', 'openapi.json'),
22
+ join(projectRoot, 'docs', 'swagger.json'),
23
+ ];
24
+ let spec = null;
25
+ let specPath = '';
26
+ for (const path of specPaths) {
27
+ try {
28
+ const content = await readFile(path, 'utf-8');
29
+ spec = JSON.parse(content);
30
+ specPath = path;
31
+ break;
32
+ }
33
+ catch {
34
+ // File not found — try next
35
+ }
36
+ }
37
+ if (!spec) {
38
+ findings.push({
39
+ id: `${this.agentId}-no-spec`,
40
+ type: 'infra-issue',
41
+ severity: 'low',
42
+ agentId: this.agentId,
43
+ module: 'api-contract-tester',
44
+ description: 'No OpenAPI/Swagger spec found — cannot validate API contracts',
45
+ });
46
+ return findings;
47
+ }
48
+ this.addEvidence({
49
+ type: 'report',
50
+ path: specPath,
51
+ description: `Using OpenAPI spec from ${specPath}`,
52
+ });
53
+ const paths = spec.paths ?? {};
54
+ for (const [path, methods] of Object.entries(paths)) {
55
+ for (const [method, definition] of Object.entries(methods)) {
56
+ if (method.startsWith('x-') || method === 'parameters')
57
+ continue;
58
+ const httpMethod = method.toUpperCase();
59
+ if (!['GET', 'POST', 'PUT', 'DELETE', 'PATCH'].includes(httpMethod))
60
+ continue;
61
+ const contractFindings = await this.testEndpoint(path, httpMethod, definition);
62
+ findings.push(...contractFindings);
63
+ }
64
+ }
65
+ return findings;
66
+ }
67
+ async testEndpoint(path, method, definition) {
68
+ const findings = [];
69
+ const url = `${this.baseUrl}${path}`;
70
+ try {
71
+ const response = await Promise.race([
72
+ fetch(url, {
73
+ method,
74
+ headers: { 'Content-Type': 'application/json' },
75
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
76
+ }),
77
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
78
+ ]);
79
+ const statusStr = String(response.status);
80
+ const responseDef = definition.responses?.[statusStr] ?? definition.responses?.['200'];
81
+ if (!responseDef) {
82
+ return findings;
83
+ }
84
+ const jsonContent = responseDef.content?.['application/json'];
85
+ if (!jsonContent?.schema) {
86
+ return findings;
87
+ }
88
+ let body;
89
+ const contentType = response.headers.get('content-type') ?? '';
90
+ if (contentType.includes('application/json')) {
91
+ body = await response.json();
92
+ }
93
+ else {
94
+ return findings;
95
+ }
96
+ const schemaFindings = this.validateSchema(body, jsonContent.schema, `${method} ${path}`);
97
+ findings.push(...schemaFindings);
98
+ }
99
+ catch {
100
+ // Request failed — endpoint may not be reachable
101
+ }
102
+ return findings;
103
+ }
104
+ validateSchema(body, schema, context) {
105
+ const findings = [];
106
+ if (schema.type === 'object' && schema.properties && typeof body === 'object' && body !== null) {
107
+ const record = body;
108
+ // Check required fields
109
+ for (const field of schema.required ?? []) {
110
+ if (!(field in record)) {
111
+ findings.push({
112
+ id: `${this.agentId}-missing-field-${context.replace(/\s/g, '-')}-${field}`,
113
+ type: 'test-bug',
114
+ severity: 'medium',
115
+ agentId: this.agentId,
116
+ module: 'api-contract-tester',
117
+ description: `Missing required field "${field}" in response for ${context}`,
118
+ });
119
+ }
120
+ }
121
+ // Check types of present fields
122
+ for (const [field, fieldSchema] of Object.entries(schema.properties)) {
123
+ if (field in record && fieldSchema.type) {
124
+ const actualType = Array.isArray(record[field]) ? 'array' : typeof record[field];
125
+ const expectedType = fieldSchema.type === 'integer' ? 'number' : fieldSchema.type;
126
+ if (actualType !== expectedType && record[field] !== null) {
127
+ findings.push({
128
+ id: `${this.agentId}-wrong-type-${context.replace(/\s/g, '-')}-${field}`,
129
+ type: 'test-bug',
130
+ severity: 'high',
131
+ agentId: this.agentId,
132
+ module: 'api-contract-tester',
133
+ description: `Wrong type for field "${field}" in ${context}: expected ${expectedType}, got ${actualType}`,
134
+ });
135
+ }
136
+ }
137
+ }
138
+ }
139
+ return findings;
140
+ }
141
+ }
142
+ //# sourceMappingURL=39-api-contract-tester.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"39-api-contract-tester.js","sourceRoot":"","sources":["../../agents/39-api-contract-tester.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAuBlC,MAAM,OAAO,sBAAuB,SAAQ,SAAS;IAC1C,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,qBAAqB,CAAC;IACnC,OAAO,GAAG,EAAE,CAAC;IAEX,KAAK,CAAC,SAAS;QACvB,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAE7D,2BAA2B;QAC3B,MAAM,SAAS,GAAG;YAChB,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC;YACjC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC;YACjC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,CAAC;YACzC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,CAAC;SAC1C,CAAC;QAEF,IAAI,IAAI,GAAuB,IAAI,CAAC;QACpC,IAAI,QAAQ,GAAG,EAAE,CAAC;QAElB,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC9C,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAgB,CAAC;gBAC1C,QAAQ,GAAG,IAAI,CAAC;gBAChB,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,UAAU;gBAC7B,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,qBAAqB;gBAC7B,WAAW,EAAE,+DAA+D;aAC7E,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,CAAC,WAAW,CAAC;YACf,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,2BAA2B,QAAQ,EAAE;SACnD,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAE/B,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACpD,KAAK,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3D,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,MAAM,KAAK,YAAY;oBAAE,SAAS;gBACjE,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;gBACxC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAAE,SAAS;gBAE9E,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;gBAC/E,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,YAAY,CACxB,IAAY,EACZ,MAAc,EACd,UAA+B;QAE/B,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QAErC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,KAAK,CAAC,GAAG,EAAE;oBACT,MAAM;oBACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;iBAChD,CAAC;gBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;aACF,CAAa,CAAC;YAEf,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,WAAW,GAAG,UAAU,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC;YAEvF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,CAAC;YAC9D,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;gBACzB,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,IAAI,IAAa,CAAC;YAClB,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC/D,IAAI,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC7C,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CACxC,IAAI,EACJ,WAAW,CAAC,MAAM,EAClB,GAAG,MAAM,IAAI,IAAI,EAAE,CACpB,CAAC;YACF,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,iDAAiD;QACnD,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CACpB,IAAa,EACb,MAAqB,EACrB,OAAe;QAEf,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAC/F,MAAM,MAAM,GAAG,IAA+B,CAAC;YAE/C,wBAAwB;YACxB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;gBAC1C,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,kBAAkB,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,KAAK,EAAE;wBAC3E,IAAI,EAAE,UAAU;wBAChB,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,MAAM,EAAE,qBAAqB;wBAC7B,WAAW,EAAE,2BAA2B,KAAK,qBAAqB,OAAO,EAAE;qBAC5E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,gCAAgC;YAChC,KAAK,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrE,IAAI,KAAK,IAAI,MAAM,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC;oBACxC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;oBACjF,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;oBAElF,IAAI,UAAU,KAAK,YAAY,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;wBAC1D,QAAQ,CAAC,IAAI,CAAC;4BACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,eAAe,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,KAAK,EAAE;4BACxE,IAAI,EAAE,UAAU;4BAChB,QAAQ,EAAE,MAAM;4BAChB,OAAO,EAAE,IAAI,CAAC,OAAO;4BACrB,MAAM,EAAE,qBAAqB;4BAC7B,WAAW,EAAE,yBAAyB,KAAK,QAAQ,OAAO,cAAc,YAAY,SAAS,UAAU,EAAE;yBAC1G,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
@@ -0,0 +1,12 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class RateLimitTesterAgent extends BaseAgent {
4
+ readonly agentId = 40;
5
+ readonly agentName = "Rate Limit Tester";
6
+ private baseUrl;
7
+ protected preFlight(): Promise<void>;
8
+ protected execute(): Promise<Finding[]>;
9
+ private discoverEndpoints;
10
+ private testRateLimit;
11
+ }
12
+ //# sourceMappingURL=40-rate-limit-tester.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"40-rate-limit-tester.d.ts","sourceRoot":"","sources":["../../agents/40-rate-limit-tester.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAazC,qBAAa,oBAAqB,SAAQ,SAAS;IACjD,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,uBAAuB;IACzC,OAAO,CAAC,OAAO,CAAM;cAEL,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAK1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAY7C,OAAO,CAAC,iBAAiB;YAOX,aAAa;CAkD5B"}
@@ -0,0 +1,79 @@
1
+ import { BaseAgent } from './base-agent';
2
+ import { resolveEnvironment } from '../helpers/env-resolver';
3
+ const REQUEST_TIMEOUT_MS = 10_000;
4
+ const RAPID_REQUEST_COUNT = 50;
5
+ /** Default endpoints to test for rate limiting. */
6
+ const DEFAULT_ENDPOINTS = [
7
+ '/api/auth/login',
8
+ '/api/tasks',
9
+ '/api/clients',
10
+ ];
11
+ export class RateLimitTesterAgent extends BaseAgent {
12
+ agentId = 40;
13
+ agentName = 'Rate Limit Tester';
14
+ baseUrl = '';
15
+ async preFlight() {
16
+ const { env } = await resolveEnvironment(this.config, this.phase);
17
+ this.baseUrl = env.baseUrl;
18
+ }
19
+ async execute() {
20
+ const findings = [];
21
+ const endpoints = this.discoverEndpoints();
22
+ for (const endpoint of endpoints) {
23
+ const endpointFindings = await this.testRateLimit(endpoint);
24
+ findings.push(...endpointFindings);
25
+ }
26
+ return findings;
27
+ }
28
+ discoverEndpoints() {
29
+ if (this.config.modules && this.config.modules.length > 0) {
30
+ return this.config.modules.map(m => `/api${m.route}`);
31
+ }
32
+ return [...DEFAULT_ENDPOINTS];
33
+ }
34
+ async testRateLimit(endpoint) {
35
+ const findings = [];
36
+ const url = `${this.baseUrl}${endpoint}`;
37
+ let got429 = false;
38
+ let successCount = 0;
39
+ let errorCount = 0;
40
+ const promises = Array.from({ length: RAPID_REQUEST_COUNT }, async () => {
41
+ try {
42
+ const response = await Promise.race([
43
+ fetch(url, {
44
+ method: 'GET',
45
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
46
+ }),
47
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
48
+ ]);
49
+ if (response.status === 429) {
50
+ got429 = true;
51
+ }
52
+ else {
53
+ successCount++;
54
+ }
55
+ }
56
+ catch {
57
+ errorCount++;
58
+ }
59
+ });
60
+ await Promise.all(promises);
61
+ if (!got429) {
62
+ findings.push({
63
+ id: `${this.agentId}-no-rate-limit-${endpoint.replace(/\//g, '_')}`,
64
+ type: 'code-bug-security',
65
+ severity: 'medium',
66
+ agentId: this.agentId,
67
+ module: 'rate-limit-tester',
68
+ description: `No rate limiting on endpoint ${endpoint} — sent ${RAPID_REQUEST_COUNT} rapid requests with no 429 response`,
69
+ });
70
+ }
71
+ this.addEvidence({
72
+ type: 'log',
73
+ path: `rate-limit-${endpoint.replace(/\//g, '_')}`,
74
+ description: `Rate limit test for ${endpoint}: 429=${got429}, successes=${successCount}, errors=${errorCount}`,
75
+ });
76
+ return findings;
77
+ }
78
+ }
79
+ //# sourceMappingURL=40-rate-limit-tester.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"40-rate-limit-tester.js","sourceRoot":"","sources":["../../agents/40-rate-limit-tester.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAClC,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAE/B,mDAAmD;AACnD,MAAM,iBAAiB,GAAG;IACxB,iBAAiB;IACjB,YAAY;IACZ,cAAc;CACN,CAAC;AAEX,MAAM,OAAO,oBAAqB,SAAQ,SAAS;IACxC,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,mBAAmB,CAAC;IACjC,OAAO,GAAG,EAAE,CAAC;IAEX,KAAK,CAAC,SAAS;QACvB,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE3C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,iBAAiB;QACvB,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,CAAC,GAAG,iBAAiB,CAAC,CAAC;IAChC,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,QAAgB;QAC1C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,QAAQ,EAAE,CAAC;QACzC,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,mBAAmB,EAAE,EAAE,KAAK,IAAI,EAAE;YACtE,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;oBAClC,KAAK,CAAC,GAAG,EAAE;wBACT,MAAM,EAAE,KAAK;wBACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;qBAChD,CAAC;oBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;iBACF,CAAa,CAAC;gBAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC5B,MAAM,GAAG,IAAI,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,YAAY,EAAE,CAAC;gBACjB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE5B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,kBAAkB,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE;gBACnE,IAAI,EAAE,mBAAmB;gBACzB,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,mBAAmB;gBAC3B,WAAW,EAAE,gCAAgC,QAAQ,WAAW,mBAAmB,sCAAsC;aAC1H,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,WAAW,CAAC;YACf,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,cAAc,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE;YAClD,WAAW,EAAE,uBAAuB,QAAQ,SAAS,MAAM,eAAe,YAAY,YAAY,UAAU,EAAE;SAC/G,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
@@ -0,0 +1,12 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class ApiPaginationTesterAgent extends BaseAgent {
4
+ readonly agentId = 41;
5
+ readonly agentName = "API Pagination Tester";
6
+ private baseUrl;
7
+ protected preFlight(): Promise<void>;
8
+ protected execute(): Promise<Finding[]>;
9
+ private discoverListEndpoints;
10
+ private testPagination;
11
+ }
12
+ //# sourceMappingURL=41-api-pagination-tester.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"41-api-pagination-tester.d.ts","sourceRoot":"","sources":["../../agents/41-api-pagination-tester.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAczC,qBAAa,wBAAyB,SAAQ,SAAS;IACrD,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,2BAA2B;IAC7C,OAAO,CAAC,OAAO,CAAM;cAEL,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAK1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAc7C,OAAO,CAAC,qBAAqB;YAOf,cAAc;CAkD7B"}
@@ -0,0 +1,79 @@
1
+ import { BaseAgent } from './base-agent';
2
+ import { resolveEnvironment } from '../helpers/env-resolver';
3
+ const REQUEST_TIMEOUT_MS = 10_000;
4
+ /** Edge-case pagination parameters to test. */
5
+ const PAGINATION_TESTS = [
6
+ { param: 'page=0', description: 'page=0 (zero-indexed edge case)' },
7
+ { param: 'page=-1', description: 'page=-1 (negative page)' },
8
+ { param: 'page=99999', description: 'page=99999 (very high page)' },
9
+ { param: 'limit=0', description: 'limit=0 (zero limit)' },
10
+ { param: 'limit=10000', description: 'limit=10000 (excessively high limit)' },
11
+ ];
12
+ export class ApiPaginationTesterAgent extends BaseAgent {
13
+ agentId = 41;
14
+ agentName = 'API Pagination Tester';
15
+ baseUrl = '';
16
+ async preFlight() {
17
+ const { env } = await resolveEnvironment(this.config, this.phase);
18
+ this.baseUrl = env.baseUrl;
19
+ }
20
+ async execute() {
21
+ const findings = [];
22
+ const endpoints = this.discoverListEndpoints();
23
+ for (const endpoint of endpoints) {
24
+ for (const test of PAGINATION_TESTS) {
25
+ const testFindings = await this.testPagination(endpoint, test.param, test.description);
26
+ findings.push(...testFindings);
27
+ }
28
+ }
29
+ return findings;
30
+ }
31
+ discoverListEndpoints() {
32
+ if (this.config.modules && this.config.modules.length > 0) {
33
+ return this.config.modules.map(m => `/api${m.route}`);
34
+ }
35
+ return ['/api/tasks', '/api/clients'];
36
+ }
37
+ async testPagination(endpoint, queryParam, description) {
38
+ const findings = [];
39
+ const url = `${this.baseUrl}${endpoint}?${queryParam}`;
40
+ try {
41
+ const response = await Promise.race([
42
+ fetch(url, {
43
+ method: 'GET',
44
+ headers: { 'Content-Type': 'application/json' },
45
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
46
+ }),
47
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
48
+ ]);
49
+ // Check for server errors (crashes)
50
+ if (response.status >= 500) {
51
+ findings.push({
52
+ id: `${this.agentId}-crash-${endpoint.replace(/\//g, '_')}-${queryParam.replace(/[=&]/g, '_')}`,
53
+ type: 'code-bug-logic',
54
+ severity: 'high',
55
+ agentId: this.agentId,
56
+ module: 'api-pagination-tester',
57
+ description: `Endpoint ${endpoint} returned ${response.status} for ${description} — server crash on edge-case pagination`,
58
+ });
59
+ }
60
+ this.addEvidence({
61
+ type: 'log',
62
+ path: `pagination-${endpoint.replace(/\//g, '_')}-${queryParam.replace(/[=&]/g, '_')}`,
63
+ description: `${endpoint}?${queryParam}: status=${response.status}`,
64
+ });
65
+ }
66
+ catch (error) {
67
+ findings.push({
68
+ id: `${this.agentId}-error-${endpoint.replace(/\//g, '_')}-${queryParam.replace(/[=&]/g, '_')}`,
69
+ type: 'infra-issue',
70
+ severity: 'low',
71
+ agentId: this.agentId,
72
+ module: 'api-pagination-tester',
73
+ description: `Failed to test ${endpoint} with ${description}: ${error instanceof Error ? error.message : String(error)}`,
74
+ });
75
+ }
76
+ return findings;
77
+ }
78
+ }
79
+ //# sourceMappingURL=41-api-pagination-tester.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"41-api-pagination-tester.js","sourceRoot":"","sources":["../../agents/41-api-pagination-tester.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC,+CAA+C;AAC/C,MAAM,gBAAgB,GAAG;IACvB,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,iCAAiC,EAAE;IACnE,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAC5D,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,6BAA6B,EAAE;IACnE,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,sBAAsB,EAAE;IACzD,EAAE,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,sCAAsC,EAAE;CACrE,CAAC;AAEX,MAAM,OAAO,wBAAyB,SAAQ,SAAS;IAC5C,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,uBAAuB,CAAC;IACrC,OAAO,GAAG,EAAE,CAAC;IAEX,KAAK,CAAC,SAAS;QACvB,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE/C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;gBACpC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACvF,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,qBAAqB;QAC3B,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IACxC,CAAC;IAEO,KAAK,CAAC,cAAc,CAC1B,QAAgB,EAChB,UAAkB,EAClB,WAAmB;QAEnB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,QAAQ,IAAI,UAAU,EAAE,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,KAAK,CAAC,GAAG,EAAE;oBACT,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;iBAChD,CAAC;gBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;aACF,CAAa,CAAC;YAEf,oCAAoC;YACpC,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,UAAU,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;oBAC/F,IAAI,EAAE,gBAAgB;oBACtB,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,MAAM,EAAE,uBAAuB;oBAC/B,WAAW,EAAE,YAAY,QAAQ,aAAa,QAAQ,CAAC,MAAM,QAAQ,WAAW,yCAAyC;iBAC1H,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,cAAc,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;gBACtF,WAAW,EAAE,GAAG,QAAQ,IAAI,UAAU,YAAY,QAAQ,CAAC,MAAM,EAAE;aACpE,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,UAAU,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;gBAC/F,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,uBAAuB;gBAC/B,WAAW,EAAE,kBAAkB,QAAQ,SAAS,WAAW,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;aACzH,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
@@ -0,0 +1,13 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class GraphqlTesterAgent extends BaseAgent {
4
+ readonly agentId = 42;
5
+ readonly agentName = "GraphQL Tester";
6
+ private baseUrl;
7
+ protected preFlight(): Promise<void>;
8
+ protected execute(): Promise<Finding[]>;
9
+ private testIntrospection;
10
+ private testQueryDepth;
11
+ private testUnauthenticatedAccess;
12
+ }
13
+ //# sourceMappingURL=42-graphql-tester.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"42-graphql-tester.d.ts","sourceRoot":"","sources":["../../agents/42-graphql-tester.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAuBzC,qBAAa,kBAAmB,SAAQ,SAAS;IAC/C,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,oBAAoB;IACtC,OAAO,CAAC,OAAO,CAAM;cAEL,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAK1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAyD/B,iBAAiB;YA0CjB,cAAc;YA2Cd,yBAAyB;CA6CxC"}
@@ -0,0 +1,187 @@
1
+ import { BaseAgent } from './base-agent';
2
+ import { resolveEnvironment } from '../helpers/env-resolver';
3
+ const REQUEST_TIMEOUT_MS = 10_000;
4
+ const GRAPHQL_PATHS = ['/graphql', '/api/graphql'];
5
+ /** Standard introspection query. */
6
+ const INTROSPECTION_QUERY = '{ __schema { types { name } } }';
7
+ /** Deeply nested query (10+ levels). */
8
+ function buildDeepQuery(depth) {
9
+ let query = '{ __typename';
10
+ const openBraces = [];
11
+ for (let i = 0; i < depth; i++) {
12
+ query += ` __type(name: "Query") { name fields { name type { name`;
13
+ openBraces.push(' } }');
14
+ }
15
+ query += openBraces.reverse().join('');
16
+ query += ' }';
17
+ return query;
18
+ }
19
+ export class GraphqlTesterAgent extends BaseAgent {
20
+ agentId = 42;
21
+ agentName = 'GraphQL Tester';
22
+ baseUrl = '';
23
+ async preFlight() {
24
+ const { env } = await resolveEnvironment(this.config, this.phase);
25
+ this.baseUrl = env.baseUrl;
26
+ }
27
+ async execute() {
28
+ const findings = [];
29
+ // Discover GraphQL endpoint
30
+ let graphqlUrl = null;
31
+ for (const path of GRAPHQL_PATHS) {
32
+ const url = `${this.baseUrl}${path}`;
33
+ try {
34
+ const response = await Promise.race([
35
+ fetch(url, {
36
+ method: 'POST',
37
+ headers: { 'Content-Type': 'application/json' },
38
+ body: JSON.stringify({ query: '{ __typename }' }),
39
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
40
+ }),
41
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
42
+ ]);
43
+ if (response.status !== 404) {
44
+ graphqlUrl = url;
45
+ break;
46
+ }
47
+ }
48
+ catch {
49
+ // Path not available
50
+ }
51
+ }
52
+ if (!graphqlUrl) {
53
+ findings.push({
54
+ id: `${this.agentId}-no-graphql`,
55
+ type: 'infra-issue',
56
+ severity: 'low',
57
+ agentId: this.agentId,
58
+ module: 'graphql-tester',
59
+ description: 'No GraphQL endpoint found at /graphql or /api/graphql',
60
+ });
61
+ return findings;
62
+ }
63
+ // Test 1: Introspection
64
+ const introspectionFindings = await this.testIntrospection(graphqlUrl);
65
+ findings.push(...introspectionFindings);
66
+ // Test 2: Deep query (depth limiting)
67
+ const depthFindings = await this.testQueryDepth(graphqlUrl);
68
+ findings.push(...depthFindings);
69
+ // Test 3: Unauthenticated access
70
+ const authFindings = await this.testUnauthenticatedAccess(graphqlUrl);
71
+ findings.push(...authFindings);
72
+ return findings;
73
+ }
74
+ async testIntrospection(graphqlUrl) {
75
+ const findings = [];
76
+ try {
77
+ const response = await Promise.race([
78
+ fetch(graphqlUrl, {
79
+ method: 'POST',
80
+ headers: { 'Content-Type': 'application/json' },
81
+ body: JSON.stringify({ query: INTROSPECTION_QUERY }),
82
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
83
+ }),
84
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
85
+ ]);
86
+ if (response.status === 200) {
87
+ const body = await response.json();
88
+ if (body.data?.__schema) {
89
+ findings.push({
90
+ id: `${this.agentId}-introspection-enabled`,
91
+ type: 'code-bug-security',
92
+ severity: 'medium',
93
+ agentId: this.agentId,
94
+ module: 'graphql-tester',
95
+ description: 'GraphQL introspection is enabled in production — schema is exposed to attackers',
96
+ });
97
+ }
98
+ }
99
+ this.addEvidence({
100
+ type: 'log',
101
+ path: 'graphql-introspection',
102
+ description: `Introspection query: status=${response.status}`,
103
+ });
104
+ }
105
+ catch {
106
+ // Request failed
107
+ }
108
+ return findings;
109
+ }
110
+ async testQueryDepth(graphqlUrl) {
111
+ const findings = [];
112
+ const deepQuery = buildDeepQuery(10);
113
+ try {
114
+ const response = await Promise.race([
115
+ fetch(graphqlUrl, {
116
+ method: 'POST',
117
+ headers: { 'Content-Type': 'application/json' },
118
+ body: JSON.stringify({ query: deepQuery }),
119
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
120
+ }),
121
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
122
+ ]);
123
+ if (response.status === 200) {
124
+ const body = await response.json();
125
+ if (!body.errors) {
126
+ findings.push({
127
+ id: `${this.agentId}-no-depth-limit`,
128
+ type: 'code-bug-security',
129
+ severity: 'high',
130
+ agentId: this.agentId,
131
+ module: 'graphql-tester',
132
+ description: 'No query depth limit on GraphQL endpoint — deeply nested queries (10+ levels) are accepted without error',
133
+ });
134
+ }
135
+ }
136
+ this.addEvidence({
137
+ type: 'log',
138
+ path: 'graphql-depth',
139
+ description: `Deep query test (10 levels): status=${response.status}`,
140
+ });
141
+ }
142
+ catch {
143
+ // Request failed
144
+ }
145
+ return findings;
146
+ }
147
+ async testUnauthenticatedAccess(graphqlUrl) {
148
+ const findings = [];
149
+ // Send a query that would typically need auth
150
+ const query = '{ users { id email } }';
151
+ try {
152
+ const response = await Promise.race([
153
+ fetch(graphqlUrl, {
154
+ method: 'POST',
155
+ headers: { 'Content-Type': 'application/json' },
156
+ // No Authorization header
157
+ body: JSON.stringify({ query }),
158
+ signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
159
+ }),
160
+ new Promise((_, reject) => setTimeout(() => reject(new Error('Timeout')), REQUEST_TIMEOUT_MS)),
161
+ ]);
162
+ if (response.status === 200) {
163
+ const body = await response.json();
164
+ if (body.data?.users && Array.isArray(body.data.users) && body.data.users.length > 0) {
165
+ findings.push({
166
+ id: `${this.agentId}-no-field-auth`,
167
+ type: 'code-bug-security',
168
+ severity: 'high',
169
+ agentId: this.agentId,
170
+ module: 'graphql-tester',
171
+ description: 'GraphQL returns user data without authentication — field-level authorization is missing',
172
+ });
173
+ }
174
+ }
175
+ this.addEvidence({
176
+ type: 'log',
177
+ path: 'graphql-unauth',
178
+ description: `Unauthenticated query test: status=${response.status}`,
179
+ });
180
+ }
181
+ catch {
182
+ // Request failed
183
+ }
184
+ return findings;
185
+ }
186
+ }
187
+ //# sourceMappingURL=42-graphql-tester.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"42-graphql-tester.js","sourceRoot":"","sources":["../../agents/42-graphql-tester.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC,MAAM,aAAa,GAAG,CAAC,UAAU,EAAE,cAAc,CAAU,CAAC;AAE5D,oCAAoC;AACpC,MAAM,mBAAmB,GAAG,iCAAiC,CAAC;AAE9D,wCAAwC;AACxC,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,GAAG,cAAc,CAAC;IAC3B,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,KAAK,IAAI,yDAAyD,CAAC;QACnE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC;IACD,KAAK,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvC,KAAK,IAAI,IAAI,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,OAAO,kBAAmB,SAAQ,SAAS;IACtC,OAAO,GAAG,EAAE,CAAC;IACb,SAAS,GAAG,gBAAgB,CAAC;IAC9B,OAAO,GAAG,EAAE,CAAC;IAEX,KAAK,CAAC,SAAS;QACvB,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC7B,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,4BAA4B;QAC5B,IAAI,UAAU,GAAkB,IAAI,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;YACrC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;oBAClC,KAAK,CAAC,GAAG,EAAE;wBACT,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;wBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;wBACjD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;qBAChD,CAAC;oBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;iBACF,CAAa,CAAC;gBAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC5B,UAAU,GAAG,GAAG,CAAC;oBACjB,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,aAAa;gBAChC,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,gBAAgB;gBACxB,WAAW,EAAE,uDAAuD;aACrE,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,wBAAwB;QACxB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACvE,QAAQ,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,CAAC;QAExC,sCAAsC;QACtC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAC;QAEhC,iCAAiC;QACjC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAC;QACtE,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QAE/B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,UAAkB;QAChD,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,KAAK,CAAC,UAAU,EAAE;oBAChB,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;oBACpD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;iBAChD,CAAC;gBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;aACF,CAAa,CAAC;YAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAuC,CAAC;gBACxE,IAAI,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC;oBACxB,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,wBAAwB;wBAC3C,IAAI,EAAE,mBAAmB;wBACzB,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,MAAM,EAAE,gBAAgB;wBACxB,WAAW,EAAE,iFAAiF;qBAC/F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,uBAAuB;gBAC7B,WAAW,EAAE,+BAA+B,QAAQ,CAAC,MAAM,EAAE;aAC9D,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,UAAkB;QAC7C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;QAErC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,KAAK,CAAC,UAAU,EAAE;oBAChB,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;oBAC1C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;iBAChD,CAAC;gBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;aACF,CAAa,CAAC;YAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA4B,CAAC;gBAC7D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;oBACjB,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,iBAAiB;wBACpC,IAAI,EAAE,mBAAmB;wBACzB,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,MAAM,EAAE,gBAAgB;wBACxB,WAAW,EAAE,0GAA0G;qBACxH,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,eAAe;gBACrB,WAAW,EAAE,uCAAuC,QAAQ,CAAC,MAAM,EAAE;aACtE,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,UAAkB;QACxD,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,8CAA8C;QAC9C,MAAM,KAAK,GAAG,wBAAwB,CAAC;QAEvC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAClC,KAAK,CAAC,UAAU,EAAE;oBAChB,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,0BAA0B;oBAC1B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;oBAC/B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;iBAChD,CAAC;gBACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CACnE;aACF,CAAa,CAAC;YAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAsC,CAAC;gBACvE,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrF,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,gBAAgB;wBACnC,IAAI,EAAE,mBAAmB;wBACzB,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,MAAM,EAAE,gBAAgB;wBACxB,WAAW,EAAE,yFAAyF;qBACvG,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EAAE,sCAAsC,QAAQ,CAAC,MAAM,EAAE;aACrE,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
@@ -0,0 +1,11 @@
1
+ import type { Finding } from '../core/types';
2
+ import { BaseAgent } from './base-agent';
3
+ export declare class DataConsistencyCheckerAgent extends BaseAgent {
4
+ readonly agentId = 43;
5
+ readonly agentName = "Data Consistency Checker";
6
+ private baseUrl;
7
+ protected preFlight(): Promise<void>;
8
+ protected execute(): Promise<Finding[]>;
9
+ private testCrudConsistency;
10
+ }
11
+ //# sourceMappingURL=43-data-consistency-checker.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"43-data-consistency-checker.d.ts","sourceRoot":"","sources":["../../agents/43-data-consistency-checker.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAMzC,qBAAa,2BAA4B,SAAQ,SAAS;IACxD,QAAQ,CAAC,OAAO,MAAM;IACtB,QAAQ,CAAC,SAAS,8BAA8B;IAChD,OAAO,CAAC,OAAO,CAAM;cAEL,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAK1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YA0C/B,mBAAmB;CAiJlC"}