@bonyadnouri/autoend 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -10,7 +10,7 @@ npx @bonyadnouri/autoend init # guided setup — takes a minute
10
10
  npx @bonyadnouri/autoend # agents test your app, a report opens
11
11
  ```
12
12
 
13
- ![autoend report showing a hard failure verdict with tiered findings](docs/assets/report-failure.png)
13
+ ![autoend report overview showing a hard failure verdict with tiered findings and a heal to verify](docs/assets/viewer-overview.png)
14
14
 
15
15
  ## What is autoend?
16
16
 
@@ -102,7 +102,7 @@ A browser tab opens with the verdict up top and findings below, sorted by how mu
102
102
 
103
103
  Every finding carries a video. Watch it before you read another line of logs.
104
104
 
105
- ![autoend report showing the all clear state](docs/assets/report-all-clear.png)
105
+ ![autoend report showing the all clear state](docs/assets/viewer-all-clear.png)
106
106
 
107
107
  ### 4. Choose your effort
108
108
 
@@ -133,6 +133,10 @@ autoend clean delete all local Run artifacts
133
133
 
134
134
  Agents act on your app **for real**: they submit forms and click buttons. Two rails are built in — agents never navigate off the Target's origin, and they're instructed to avoid destructive or irreversible actions. The third rail is yours: **point autoend at an environment where real actions are safe** (localhost, staging with test data), never at production.
135
135
 
136
+ ### Generated scripts run in-process (trust boundary)
137
+
138
+ Discovered and replayed Flow scripts are LLM-authored and executed in the Run's own Node process (verify-by-running, ADR-0002). That's a real trust boundary: a bad generation — or a prompt-injected Target page — could emit a script that reaches for the Node runtime. Two defense-in-depth mitigations are in place today: proposed scripts that reference disallowed APIs (`process.env`, `child_process`, dynamic `import()`/`require`, `eval`, …) are rejected before execution, and secret-looking environment variables (e.g. `CURSOR_API_KEY`) are stripped from `process.env` while any generated script runs. These are mitigations, not a sandbox — running scripts in a locked-down child process is tracked as follow-up work.
139
+
136
140
  ## The Flow Map is yours
137
141
 
138
142
  ```
package/dist/cli.js CHANGED
@@ -104,7 +104,7 @@ async function main() {
104
104
  console.log(pc.dim(`Artifact: ${artifactDir}`));
105
105
  if (values['no-serve'])
106
106
  return;
107
- const viewer = await serveReport(artifactDir, Number(values.port));
107
+ const viewer = await serveReport(artifactDir, Number(values.port), repoRoot);
108
108
  console.log(`Report: ${pc.underline(viewer.url)} ${pc.dim('(Ctrl+C to stop)')}`);
109
109
  if (!values['no-open'])
110
110
  openInBrowser(viewer.url);
package/dist/cli.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAe,MAAM,iBAAiB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,KAAK,GAAG;;;;;;;;2BAQa,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;;;;;CAKnD,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC;QACxC,gBAAgB,EAAE,IAAI;QACtB,OAAO,EAAE;YACP,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YACtC,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YAC9C,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YAC/C,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE;YACtC,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;SACtD;KACF,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAE/B,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC/B,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC5B,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1C,uEAAuE;IACvE,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACzB,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;YAC/B,OAAO;QACT,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,iFAAiF,CAAC,CAAC;QACjG,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,IAAI,MAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,WAAW,OAAO,sBAAsB,CAAC,CAAC;QACxD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,EAAE,MAAM,IAAI,KAAK,CAAC;IAC7D,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,0BAA0B,WAAW,eAAe,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,MAAM,MAAM,GAAW,WAAW,CAAC;IAEnC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;QAChC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,qGAAqG,CAAC,CAAC,CAAC;IACjI,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,cAAc,EAAE,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,wEAAwE,CAAC,CAAC,CAAC;IACpG,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,CAAC,YAAY,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,MAAM,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IACjF,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAE7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,MAAM,CAAC;IACnF,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,MAAM,CAAC;IACpF,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,OAAO,GACX,QAAQ,GAAG,WAAW,GAAG,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,QAAQ,mBAAmB,WAAW,cAAc,CAAC;QACjE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CACT,GAAG,EAAE,CAAC,IAAI,CAAC,mBAAmB,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,aAAa,eAAe,QAAQ,CAAC,eAAe,iBAAiB,OAAO,EAAE;QACpI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,WAAW,UAAU,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CACxH,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,WAAW,EAAE,CAAC,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,UAAU,CAAC;QAAE,OAAO;IAE/B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;IACjF,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QAAE,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC;IAC/F,KAAK,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;AAC1G,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
1
+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAe,MAAM,iBAAiB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,KAAK,GAAG;;;;;;;;2BAQa,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;;;;;CAKnD,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC;QACxC,gBAAgB,EAAE,IAAI;QACtB,OAAO,EAAE;YACP,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YACtC,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YAC9C,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YAC/C,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE;YACtC,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;SACtD;KACF,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAE/B,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC/B,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC5B,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1C,uEAAuE;IACvE,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACzB,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;YAC/B,OAAO;QACT,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,iFAAiF,CAAC,CAAC;QACjG,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,IAAI,MAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,WAAW,OAAO,sBAAsB,CAAC,CAAC;QACxD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,EAAE,MAAM,IAAI,KAAK,CAAC;IAC7D,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,0BAA0B,WAAW,eAAe,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,MAAM,MAAM,GAAW,WAAW,CAAC;IAEnC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;QAChC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,qGAAqG,CAAC,CAAC,CAAC;IACjI,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,cAAc,EAAE,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,wEAAwE,CAAC,CAAC,CAAC;IACpG,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,GAAG,CAAC,YAAY,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,MAAM,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IACjF,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAE7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,MAAM,CAAC;IACnF,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,MAAM,CAAC;IACpF,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,OAAO,GACX,QAAQ,GAAG,WAAW,GAAG,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,QAAQ,mBAAmB,WAAW,cAAc,CAAC;QACjE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CACT,GAAG,EAAE,CAAC,IAAI,CAAC,mBAAmB,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,aAAa,eAAe,QAAQ,CAAC,eAAe,iBAAiB,OAAO,EAAE;QACpI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,WAAW,UAAU,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CACxH,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,WAAW,EAAE,CAAC,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,UAAU,CAAC;QAAE,OAAO;IAE/B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;IACjF,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QAAE,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC;IAC/F,KAAK,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;AAC1G,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
@@ -1,6 +1,6 @@
1
1
  import { type FlowMeta } from '../map/flow-map.js';
2
2
  import type { ExplorationBudget } from '../run/effort.js';
3
- import type { Finding } from '../report/types.js';
3
+ import type { Finding, FlowSnapshot } from '../report/types.js';
4
4
  export interface ExploreOptions {
5
5
  repoRoot: string;
6
6
  target: URL;
@@ -13,6 +13,8 @@ export interface ExploreOptions {
13
13
  export interface ExplorationResult {
14
14
  discovered: number;
15
15
  findings: Finding[];
16
+ /** A snapshot per newly discovered Flow — the Report's receipts (CONTEXT.md: Report). */
17
+ flows: FlowSnapshot[];
16
18
  }
17
19
  export interface ProposedFlow {
18
20
  id: string;
@@ -38,5 +40,6 @@ export declare function explore(opts: ExploreOptions): Promise<ExplorationResult
38
40
  export declare function parseExplorerReport(text: string): ExplorerReport | undefined;
39
41
  /** Dedupe proposed flows against the map and each other. Exported for tests. */
40
42
  export declare function collectProposedFlows(reports: Array<ExplorerReport | undefined>, knownFlows: FlowMeta[]): ProposedFlow[];
43
+ export declare function looksDangerous(script: string): boolean;
41
44
  /** Kebab-case a title into a flow id. Exported for tests. */
42
45
  export declare function slugify(value: string): string | undefined;
@@ -4,6 +4,7 @@ import { Agent } from '@cursor/sdk';
4
4
  import { chromium } from 'playwright';
5
5
  import { addFlow } from '../map/flow-map.js';
6
6
  import { runFlowScript } from '../replay/replay.js';
7
+ import { withoutSensitiveEnv } from '../run/sensitive-env.js';
7
8
  import { closeSession } from './hands.js';
8
9
  /** Each explorer gets a distinct lens so the fleet doesn't converge on one path. */
9
10
  const LENSES = [
@@ -29,7 +30,7 @@ export async function explore(opts) {
29
30
  const apiKey = process.env.CURSOR_API_KEY;
30
31
  if (!apiKey) {
31
32
  console.warn('exploration skipped: CURSOR_API_KEY not set — run `npx @bonyadnouri/autoend init`');
32
- return { discovered: 0, findings: [] };
33
+ return { discovered: 0, findings: [], flows: [] };
33
34
  }
34
35
  const workDir = join(opts.runDir, 'explore');
35
36
  await mkdir(workDir, { recursive: true });
@@ -51,29 +52,42 @@ export async function explore(opts) {
51
52
  }
52
53
  }
53
54
  const proposed = collectProposedFlows(reports, opts.knownFlows);
54
- let discovered = 0;
55
+ const flowSnapshots = [];
55
56
  if (proposed.length > 0) {
56
- const browser = await chromium.launch();
57
- try {
58
- for (const flow of proposed) {
59
- const scriptPath = join(workDir, `${flow.id}.mts`);
60
- await writeFile(scriptPath, flow.script);
61
- const outcome = await runFlowScript(browser, scriptPath, opts.target, opts.evidenceDir, `discovered-${flow.id}`);
62
- if (outcome.ok) {
63
- const now = new Date().toISOString();
64
- await addFlow(opts.repoRoot, { id: flow.id, title: flow.title, discoveredAt: now, lastPassedAt: now }, flow.script);
65
- discovered += 1;
66
- }
67
- else {
68
- console.warn(`proposed flow "${flow.id}" failed verification and was discarded: ${outcome.error}`);
57
+ // Verify-by-running executes LLM-authored scripts in-process (ADR-0002).
58
+ // Hide secrets from them for the duration (issue #3).
59
+ await withoutSensitiveEnv(async () => {
60
+ const browser = await chromium.launch();
61
+ try {
62
+ for (const flow of proposed) {
63
+ const scriptPath = join(workDir, `${flow.id}.mts`);
64
+ await writeFile(scriptPath, flow.script);
65
+ const outcome = await runFlowScript(browser, scriptPath, opts.target, opts.evidenceDir, `discovered-${flow.id}`);
66
+ if (outcome.ok) {
67
+ const now = new Date().toISOString();
68
+ await addFlow(opts.repoRoot, { id: flow.id, title: flow.title, discoveredAt: now, lastPassedAt: now }, flow.script);
69
+ flowSnapshots.push({
70
+ id: flow.id,
71
+ title: flow.title,
72
+ status: 'discovered',
73
+ discoveredAt: now,
74
+ lastPassedAt: now,
75
+ timeline: outcome.timeline,
76
+ evidence: outcome.evidence,
77
+ durationMs: outcome.durationMs,
78
+ });
79
+ }
80
+ else {
81
+ console.warn(`proposed flow "${flow.id}" failed verification and was discarded: ${outcome.error}`);
82
+ }
69
83
  }
70
84
  }
71
- }
72
- finally {
73
- await browser.close();
74
- }
85
+ finally {
86
+ await browser.close();
87
+ }
88
+ });
75
89
  }
76
- return { discovered, findings };
90
+ return { discovered: flowSnapshots.length, findings, flows: flowSnapshots };
77
91
  }
78
92
  async function runExplorer(index, apiKey, workDir, opts) {
79
93
  const session = `autoend-x${index}`;
@@ -183,9 +197,13 @@ export function parseExplorerReport(text) {
183
197
  for (const f of raw.flows) {
184
198
  const id = slugify(String(f?.id ?? f?.title ?? ''));
185
199
  const script = typeof f?.script === 'string' ? f.script : undefined;
186
- if (id && script && script.includes('export default')) {
187
- flows.push({ id, title: String(f.title ?? id), script });
200
+ if (!id || !script || !script.includes('export default'))
201
+ continue;
202
+ if (looksDangerous(script)) {
203
+ console.warn(`proposed flow "${id}" rejected: script uses a disallowed API (issue #3)`);
204
+ continue;
188
205
  }
206
+ flows.push({ id, title: String(f.title ?? id), script });
189
207
  }
190
208
  }
191
209
  const findings = [];
@@ -216,6 +234,27 @@ export function collectProposedFlows(reports, knownFlows) {
216
234
  }
217
235
  return out;
218
236
  }
237
+ /**
238
+ * Reject a proposed script that reaches for capabilities a Flow never needs
239
+ * (issue #3). A Flow only drives the Playwright `page`; anything touching the
240
+ * Node runtime, the environment, or dynamic module loading is a red flag —
241
+ * either a bad generation or prompt-injected exfiltration. Cheap denylist,
242
+ * defense-in-depth alongside `withoutSensitiveEnv`; not a substitute for a
243
+ * real sandbox. Exported for tests.
244
+ */
245
+ const DANGEROUS_SCRIPT_PATTERNS = [
246
+ /\bchild_process\b/,
247
+ /\bnode:/,
248
+ /\brequire\s*\(/,
249
+ /\bimport\s*\(/,
250
+ /\bprocess\s*\.\s*(env|exit|binding|kill|dlopen)/,
251
+ /\beval\s*\(/,
252
+ /\bglobalThis\b/,
253
+ /\bFunction\s*\(/,
254
+ ];
255
+ export function looksDangerous(script) {
256
+ return DANGEROUS_SCRIPT_PATTERNS.some((re) => re.test(script));
257
+ }
219
258
  /** Kebab-case a title into a flow id. Exported for tests. */
220
259
  export function slugify(value) {
221
260
  const slug = value
@@ -1 +1 @@
1
- {"version":3,"file":"explorer.js","sourceRoot":"","sources":["../../src/explore/explorer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACpC,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,OAAO,EAAiB,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA4B1C,oFAAoF;AACpF,MAAM,MAAM,GAAG;IACb,4HAA4H;IAC5H,2GAA2G;IAC3G,iGAAiG;IACjG,mHAAmH;CACpH,CAAC;AAEF;;;;;GAKG;AACH,MAAM,QAAQ,GAAG,MAAM,CAAC;AAExB;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAoB;IAChD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAC;QAClG,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACzC,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC7C,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAC/F,CAAC;IAEF,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,KAAK,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC;QACrC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAClE,GAAG,EAAE,CAAC,IAAI,EACV,GAAG,EAAE,CAAC,KAAK,CACZ,CAAC;QACF,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,EAAE;gBACvB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAChE,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;gBAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;gBACnD,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;gBACzC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,cAAc,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;gBACjH,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;oBACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;oBACrC,MAAM,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;oBACpH,UAAU,IAAI,CAAC,CAAC;gBAClB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,EAAE,4CAA4C,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBACrG,CAAC;YACH,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,KAAa,EACb,MAAc,EACd,OAAe,EACf,IAAoB;IAEpB,MAAM,OAAO,GAAG,YAAY,KAAK,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC;QAC/B,IAAI,EAAE,oBAAoB,KAAK,EAAE;QACjC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;QACrB,MAAM;QACN,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE;KACxB,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC;YAClC,GAAG,CAAC,IAAI,EAAE;YACV,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,SAAkB,CAAC;SAC5E,CAAC,CAAkF,CAAC;QAErF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC,YAAY,KAAK,uCAAuC,CAAC,CAAC;YACvE,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,UAAU,IAAI,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,YAAY,KAAK,uBAAuB,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrI,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,MAAM,GAAG,mBAAmB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,IAAI,CAAC,YAAY,KAAK,iCAAiC,CAAC,CAAC;QAC9E,OAAO,MAAM,CAAC;IAChB,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAa,EAAE,OAAe,EAAE,IAAoB;IAC1E,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;IACzD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,WAAW,KAAK,OAAO,CAAC,CAAC;IAC7D,MAAM,KAAK,GACT,UAAU,CAAC,MAAM,GAAG,CAAC;QACnB,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QAClD,CAAC,CAAC,wDAAwD,CAAC;IAE/D,OAAO,6BAA6B,KAAK,4DAA4D,MAAM,CAAC,OAAO,4BAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;;UAElK,MAAM,CAAC,IAAI;aACR,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;;;iGAGuD,OAAO;;;;;4BAK5E,OAAO,gBAAgB,MAAM,CAAC,IAAI,mBAAmB,SAAS;;4BAE9D,OAAO;4BACP,OAAO;;4BAEP,OAAO;;;kCAGD,MAAM,CAAC,MAAM;;;;;;EAM7C,KAAK;;;;;;;;;;;;;;;;;;;;;qEAqB8D,CAAC;AACtE,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,KAAK;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACpE,MAAM,GAAG,GAAG,MAAiD,CAAC;IAE9D,MAAM,KAAK,GAAmB,EAAE,CAAC;IACjC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,KAAuC,EAAE,CAAC;YAC5D,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,IAAI,EAAE,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACtD,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAA+B,EAAE,CAAC;IAChD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,QAA0C,EAAE,CAAC;YAC/D,IAAI,OAAO,CAAC,EAAE,KAAK,KAAK,QAAQ;gBAAE,SAAS;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU;gBAC7D,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;aACrD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC7B,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,oBAAoB,CAClC,OAA0C,EAC1C,UAAsB;IAEtB,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnD,MAAM,GAAG,GAAmB,EAAE,CAAC;IAC/B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,KAAK,IAAI,EAAE,EAAE,CAAC;YACvC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YACjC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACnB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,MAAM,IAAI,GAAG,KAAK;SACf,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5C,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}
1
+ {"version":3,"file":"explorer.js","sourceRoot":"","sources":["../../src/explore/explorer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACpC,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,OAAO,EAAiB,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA8B1C,oFAAoF;AACpF,MAAM,MAAM,GAAG;IACb,4HAA4H;IAC5H,2GAA2G;IAC3G,iGAAiG;IACjG,mHAAmH;CACpH,CAAC;AAEF;;;;;GAKG;AACH,MAAM,QAAQ,GAAG,MAAM,CAAC;AAExB;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAoB;IAChD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAC;QAClG,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC7C,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAC/F,CAAC;IAEF,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,KAAK,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC;QACrC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAClE,GAAG,EAAE,CAAC,IAAI,EACV,GAAG,EAAE,CAAC,KAAK,CACZ,CAAC;QACF,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,EAAE;gBACvB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;aAC1C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAChE,MAAM,aAAa,GAAmB,EAAE,CAAC;IACzC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,yEAAyE;QACzE,sDAAsD;QACtD,MAAM,mBAAmB,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC;YACxC,IAAI,CAAC;gBACH,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;oBAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;oBACnD,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;oBACzC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,cAAc,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;oBACjH,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;wBACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;wBACrC,MAAM,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;wBACpH,aAAa,CAAC,IAAI,CAAC;4BACjB,EAAE,EAAE,IAAI,CAAC,EAAE;4BACX,KAAK,EAAE,IAAI,CAAC,KAAK;4BACjB,MAAM,EAAE,YAAY;4BACpB,YAAY,EAAE,GAAG;4BACjB,YAAY,EAAE,GAAG;4BACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;yBAC/B,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,EAAE,4CAA4C,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;oBACrG,CAAC;gBACH,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;YACxB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,KAAa,EACb,MAAc,EACd,OAAe,EACf,IAAoB;IAEpB,MAAM,OAAO,GAAG,YAAY,KAAK,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC;QAC/B,IAAI,EAAE,oBAAoB,KAAK,EAAE;QACjC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;QACrB,MAAM;QACN,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE;KACxB,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC;YAClC,GAAG,CAAC,IAAI,EAAE;YACV,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,SAAkB,CAAC;SAC5E,CAAC,CAAkF,CAAC;QAErF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC,YAAY,KAAK,uCAAuC,CAAC,CAAC;YACvE,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,UAAU,IAAI,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,YAAY,KAAK,uBAAuB,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrI,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,MAAM,GAAG,mBAAmB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,IAAI,CAAC,YAAY,KAAK,iCAAiC,CAAC,CAAC;QAC9E,OAAO,MAAM,CAAC;IAChB,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAa,EAAE,OAAe,EAAE,IAAoB;IAC1E,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;IACzD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,WAAW,KAAK,OAAO,CAAC,CAAC;IAC7D,MAAM,KAAK,GACT,UAAU,CAAC,MAAM,GAAG,CAAC;QACnB,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QAClD,CAAC,CAAC,wDAAwD,CAAC;IAE/D,OAAO,6BAA6B,KAAK,4DAA4D,MAAM,CAAC,OAAO,4BAA4B,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;;UAElK,MAAM,CAAC,IAAI;aACR,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;;;iGAGuD,OAAO;;;;;4BAK5E,OAAO,gBAAgB,MAAM,CAAC,IAAI,mBAAmB,SAAS;;4BAE9D,OAAO;4BACP,OAAO;;4BAEP,OAAO;;;kCAGD,MAAM,CAAC,MAAM;;;;;;EAM7C,KAAK;;;;;;;;;;;;;;;;;;;;;qEAqB8D,CAAC;AACtE,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,KAAK;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACpE,MAAM,GAAG,GAAG,MAAiD,CAAC;IAE9D,MAAM,KAAK,GAAmB,EAAE,CAAC;IACjC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,KAAuC,EAAE,CAAC;YAC5D,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,IAAI,CAAC,EAAE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAAE,SAAS;YACnE,IAAI,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,qDAAqD,CAAC,CAAC;gBACxF,SAAS;YACX,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAA+B,EAAE,CAAC;IAChD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,QAA0C,EAAE,CAAC;YAC/D,IAAI,OAAO,CAAC,EAAE,KAAK,KAAK,QAAQ;gBAAE,SAAS;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU;gBAC7D,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;aACrD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC7B,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,oBAAoB,CAClC,OAA0C,EAC1C,UAAsB;IAEtB,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnD,MAAM,GAAG,GAAmB,EAAE,CAAC;IAC/B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,KAAK,IAAI,EAAE,EAAE,CAAC;YACvC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YACjC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACnB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,yBAAyB,GAAa;IAC1C,mBAAmB;IACnB,SAAS;IACT,gBAAgB;IAChB,eAAe;IACf,iDAAiD;IACjD,aAAa;IACb,gBAAgB;IAChB,iBAAiB;CAClB,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,MAAM,IAAI,GAAG,KAAK;SACf,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5C,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}
@@ -10,17 +10,63 @@
10
10
  * consuming repo's package.json declares, and it dodges test-runner globs
11
11
  * (vitest/jest match *.spec.* / *.test.* by default).
12
12
  */
13
+ /** Bump when the persisted shape of flow.json changes; enables migrations. */
14
+ export declare const FLOW_SCHEMA_VERSION = 1;
15
+ /**
16
+ * The script a Flow had *before* its most recent Heal, retained so a Reject
17
+ * (CONTEXT.md) can revert the Heal and refile the Flow as a Regression. A Heal
18
+ * overwrites flow.mts in place, so without this the pre-heal version would
19
+ * survive only in git history — unreachable from the Report.
20
+ */
21
+ export interface HealRecord {
22
+ /** flow.mts exactly as it was immediately before the Heal. */
23
+ previousScript: string;
24
+ /** ISO timestamp of the Heal. */
25
+ healedAt: string;
26
+ /** The Run that produced the Heal, if known. */
27
+ healedInRun?: string;
28
+ }
13
29
  export interface FlowMeta {
30
+ /** Schema version of this flow.json (absent = pre-versioning, treat as 1). */
31
+ schemaVersion?: number;
14
32
  id: string;
15
33
  title: string;
16
34
  discoveredAt: string;
17
35
  lastPassedAt?: string;
18
36
  /** Fingerprints of Suppressed Advisories attached to this Flow. */
19
37
  suppressedAdvisories?: string[];
38
+ /** Present iff the Flow's script was Healed; consumed by Reject. */
39
+ heal?: HealRecord;
20
40
  }
21
41
  export declare function flowMapDir(repoRoot: string): string;
42
+ /**
43
+ * Read every Flow's metadata. A single malformed or incomplete flow directory
44
+ * (missing/partial flow.json — e.g. an interrupted write, a merge conflict, a
45
+ * manually-created folder) is skipped with a warning rather than aborting the
46
+ * whole Run: the Flow Map is human-editable and lives in the user's repo, so it
47
+ * must never fail closed on one bad entry.
48
+ */
22
49
  export declare function listFlows(repoRoot: string): Promise<FlowMeta[]>;
23
50
  /** Update a Flow's metadata in place (e.g. lastPassedAt after a green replay). */
24
51
  export declare function saveFlowMeta(repoRoot: string, meta: FlowMeta): Promise<void>;
52
+ /**
53
+ * Dismiss (CONTEXT.md): permanent map surgery — the Flow leaves the Map. A
54
+ * plain file edit performed by the viewer server (ADR-0004).
55
+ */
56
+ export declare function removeFlow(repoRoot: string, flowId: string): Promise<void>;
25
57
  /** Flows enter the map automatically on first successful execution (ADR-0001). */
26
58
  export declare function addFlow(repoRoot: string, meta: FlowMeta, playwrightScript: string): Promise<void>;
59
+ /** Read a Flow's executable script (flow.mts). */
60
+ export declare function readFlowScript(repoRoot: string, id: string): Promise<string>;
61
+ /**
62
+ * Record a Heal (CONTEXT.md): overwrite flow.mts with the rewritten script
63
+ * while retaining the pre-heal version on the Flow's metadata, so a later
64
+ * Reject can revert. Returns the updated metadata.
65
+ */
66
+ export declare function healFlow(repoRoot: string, meta: FlowMeta, healedScript: string, healedInRun?: string): Promise<FlowMeta>;
67
+ /**
68
+ * Reject a Heal (CONTEXT.md): restore the pre-heal script and clear the heal
69
+ * record. Returns the reverted metadata. Throws if the Flow has no Heal to
70
+ * revert, so callers can surface a clear error.
71
+ */
72
+ export declare function revertHeal(repoRoot: string, meta: FlowMeta): Promise<FlowMeta>;
@@ -1,8 +1,32 @@
1
- import { mkdir, readFile, readdir, writeFile } from 'node:fs/promises';
1
+ import { mkdir, readFile, readdir, rm, writeFile } from 'node:fs/promises';
2
2
  import { join } from 'node:path';
3
+ /**
4
+ * The Flow Map (CONTEXT.md): the persistent record of every Flow agents have
5
+ * discovered and successfully executed. Committed to the user's repo like a
6
+ * lockfile — a branch carries its own baseline (ADR-0001).
7
+ *
8
+ * Layout: .autoend/flows/<flowId>/flow.json (metadata, this shape)
9
+ * .autoend/flows/<flowId>/flow.mts (the Playwright script, ADR-0002)
10
+ *
11
+ * .mts, deliberately: it is unambiguously ESM no matter what "type" the
12
+ * consuming repo's package.json declares, and it dodges test-runner globs
13
+ * (vitest/jest match *.spec.* / *.test.* by default).
14
+ */
15
+ /** Bump when the persisted shape of flow.json changes; enables migrations. */
16
+ export const FLOW_SCHEMA_VERSION = 1;
3
17
  export function flowMapDir(repoRoot) {
4
18
  return join(repoRoot, '.autoend', 'flows');
5
19
  }
20
+ function flowDir(repoRoot, id) {
21
+ return join(flowMapDir(repoRoot), id);
22
+ }
23
+ /**
24
+ * Read every Flow's metadata. A single malformed or incomplete flow directory
25
+ * (missing/partial flow.json — e.g. an interrupted write, a merge conflict, a
26
+ * manually-created folder) is skipped with a warning rather than aborting the
27
+ * whole Run: the Flow Map is human-editable and lives in the user's repo, so it
28
+ * must never fail closed on one bad entry.
29
+ */
6
30
  export async function listFlows(repoRoot) {
7
31
  let entries;
8
32
  try {
@@ -15,20 +39,89 @@ export async function listFlows(repoRoot) {
15
39
  for (const entry of entries) {
16
40
  if (!entry.isDirectory())
17
41
  continue;
18
- const raw = await readFile(join(flowMapDir(repoRoot), entry.name, 'flow.json'), 'utf8');
19
- flows.push(JSON.parse(raw));
42
+ const metaPath = join(flowMapDir(repoRoot), entry.name, 'flow.json');
43
+ try {
44
+ const meta = JSON.parse(await readFile(metaPath, 'utf8'));
45
+ if (typeof meta?.id !== 'string' ||
46
+ typeof meta?.title !== 'string' ||
47
+ typeof meta?.discoveredAt !== 'string') {
48
+ console.warn(`skipping flow "${entry.name}": flow.json is missing required fields`);
49
+ continue;
50
+ }
51
+ // The directory name is the flow's address — downstream code locates
52
+ // flow.mts via join(flowMapDir, flow.id, ...). A mismatch (from a manual
53
+ // edit or a botched merge) would silently read the wrong folder, so treat
54
+ // it as malformed rather than trusting the drifted id.
55
+ if (meta.id !== entry.name) {
56
+ console.warn(`skipping flow "${entry.name}": flow.json id "${meta.id}" does not match its directory`);
57
+ continue;
58
+ }
59
+ flows.push(meta);
60
+ }
61
+ catch (error) {
62
+ const reason = error instanceof Error ? error.message : String(error);
63
+ console.warn(`skipping flow "${entry.name}": could not read flow.json (${reason})`);
64
+ }
20
65
  }
21
66
  return flows;
22
67
  }
68
+ async function writeMeta(repoRoot, meta) {
69
+ // Stamp AFTER the spread so the current version always wins — a stale
70
+ // meta.schemaVersion must not survive a write, or migrations can never
71
+ // upgrade persisted metadata.
72
+ const stamped = { ...meta, schemaVersion: FLOW_SCHEMA_VERSION };
73
+ await writeFile(join(flowDir(repoRoot, meta.id), 'flow.json'), JSON.stringify(stamped, null, 2));
74
+ }
23
75
  /** Update a Flow's metadata in place (e.g. lastPassedAt after a green replay). */
24
76
  export async function saveFlowMeta(repoRoot, meta) {
25
- await writeFile(join(flowMapDir(repoRoot), meta.id, 'flow.json'), JSON.stringify(meta, null, 2));
77
+ await writeMeta(repoRoot, meta);
78
+ }
79
+ /**
80
+ * Dismiss (CONTEXT.md): permanent map surgery — the Flow leaves the Map. A
81
+ * plain file edit performed by the viewer server (ADR-0004).
82
+ */
83
+ export async function removeFlow(repoRoot, flowId) {
84
+ await rm(join(flowMapDir(repoRoot), flowId), { recursive: true, force: true });
26
85
  }
27
86
  /** Flows enter the map automatically on first successful execution (ADR-0001). */
28
87
  export async function addFlow(repoRoot, meta, playwrightScript) {
29
- const dir = join(flowMapDir(repoRoot), meta.id);
88
+ const dir = flowDir(repoRoot, meta.id);
30
89
  await mkdir(dir, { recursive: true });
31
- await writeFile(join(dir, 'flow.json'), JSON.stringify(meta, null, 2));
32
90
  await writeFile(join(dir, 'flow.mts'), playwrightScript);
91
+ await writeMeta(repoRoot, meta);
92
+ }
93
+ /** Read a Flow's executable script (flow.mts). */
94
+ export async function readFlowScript(repoRoot, id) {
95
+ return readFile(join(flowDir(repoRoot, id), 'flow.mts'), 'utf8');
96
+ }
97
+ /**
98
+ * Record a Heal (CONTEXT.md): overwrite flow.mts with the rewritten script
99
+ * while retaining the pre-heal version on the Flow's metadata, so a later
100
+ * Reject can revert. Returns the updated metadata.
101
+ */
102
+ export async function healFlow(repoRoot, meta, healedScript, healedInRun) {
103
+ const dir = flowDir(repoRoot, meta.id);
104
+ const previousScript = await readFlowScript(repoRoot, meta.id);
105
+ await writeFile(join(dir, 'flow.mts'), healedScript);
106
+ const healed = {
107
+ ...meta,
108
+ heal: { previousScript, healedAt: new Date().toISOString(), healedInRun },
109
+ };
110
+ await writeMeta(repoRoot, healed);
111
+ return healed;
112
+ }
113
+ /**
114
+ * Reject a Heal (CONTEXT.md): restore the pre-heal script and clear the heal
115
+ * record. Returns the reverted metadata. Throws if the Flow has no Heal to
116
+ * revert, so callers can surface a clear error.
117
+ */
118
+ export async function revertHeal(repoRoot, meta) {
119
+ if (!meta.heal) {
120
+ throw new Error(`flow "${meta.id}" has no Heal to revert`);
121
+ }
122
+ await writeFile(join(flowDir(repoRoot, meta.id), 'flow.mts'), meta.heal.previousScript);
123
+ const { heal: _discarded, ...reverted } = meta;
124
+ await writeMeta(repoRoot, reverted);
125
+ return reverted;
33
126
  }
34
127
  //# sourceMappingURL=flow-map.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"flow-map.js","sourceRoot":"","sources":["../../src/map/flow-map.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAuBjC,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,OAAO,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAgB;IAC9C,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,sCAAsC;IACnD,CAAC;IACD,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;YAAE,SAAS;QACnC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,CAAC,CAAC;QACxF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,kFAAkF;AAClF,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAc;IACjE,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACnG,CAAC;AAED,kFAAkF;AAClF,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,QAAgB,EAAE,IAAc,EAAE,gBAAwB;IACtF,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;IAChD,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACvE,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,gBAAgB,CAAC,CAAC;AAC3D,CAAC"}
1
+ {"version":3,"file":"flow-map.js","sourceRoot":"","sources":["../../src/map/flow-map.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC3E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC;;;;;;;;;;;GAWG;AAEH,8EAA8E;AAC9E,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AA8BrC,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,OAAO,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,OAAO,CAAC,QAAgB,EAAE,EAAU;IAC3C,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAgB;IAC9C,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,sCAAsC;IACnD,CAAC;IACD,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;YAAE,SAAS;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACrE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAa,CAAC;YACtE,IACE,OAAO,IAAI,EAAE,EAAE,KAAK,QAAQ;gBAC5B,OAAO,IAAI,EAAE,KAAK,KAAK,QAAQ;gBAC/B,OAAO,IAAI,EAAE,YAAY,KAAK,QAAQ,EACtC,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,kBAAkB,KAAK,CAAC,IAAI,yCAAyC,CAAC,CAAC;gBACpF,SAAS;YACX,CAAC;YACD,qEAAqE;YACrE,yEAAyE;YACzE,0EAA0E;YAC1E,uDAAuD;YACvD,IAAI,IAAI,CAAC,EAAE,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,kBAAkB,KAAK,CAAC,IAAI,oBAAoB,IAAI,CAAC,EAAE,gCAAgC,CAAC,CAAC;gBACtG,SAAS;YACX,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACtE,OAAO,CAAC,IAAI,CAAC,kBAAkB,KAAK,CAAC,IAAI,gCAAgC,MAAM,GAAG,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,IAAc;IACvD,sEAAsE;IACtE,uEAAuE;IACvE,8BAA8B;IAC9B,MAAM,OAAO,GAAa,EAAE,GAAG,IAAI,EAAE,aAAa,EAAE,mBAAmB,EAAE,CAAC;IAC1E,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACnG,CAAC;AAED,kFAAkF;AAClF,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAc;IACjE,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,MAAc;IAC/D,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,kFAAkF;AAClF,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,QAAgB,EAAE,IAAc,EAAE,gBAAwB;IACtF,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;IACvC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACzD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AAClC,CAAC;AAED,kDAAkD;AAClD,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,EAAU;IAC/D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC;AACnE,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,QAAgB,EAChB,IAAc,EACd,YAAoB,EACpB,WAAoB;IAEpB,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;IACvC,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/D,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,YAAY,CAAC,CAAC;IACrD,MAAM,MAAM,GAAa;QACvB,GAAG,IAAI;QACP,IAAI,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,WAAW,EAAE;KAC1E,CAAC;IACF,MAAM,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAClC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,IAAc;IAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,CAAC,EAAE,yBAAyB,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,UAAU,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACxF,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC;IAC/C,MAAM,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACpC,OAAO,QAAQ,CAAC;AAClB,CAAC"}
@@ -1,10 +1,14 @@
1
1
  import { type Browser, type Page } from 'playwright';
2
2
  import { type FlowMeta } from '../map/flow-map.js';
3
- import type { Finding, Heal } from '../report/types.js';
3
+ import type { ConsoleEntry, Finding, FlowSnapshot, Heal, NetworkEntry, Screenshot, StepResult } from '../report/types.js';
4
4
  export interface ReplayResult {
5
5
  replayed: number;
6
6
  findings: Finding[];
7
7
  heals: Heal[];
8
+ /** One snapshot per replayed Flow — the Report's receipts (CONTEXT.md: Report). */
9
+ flows: FlowSnapshot[];
10
+ /** Chromium build string, present when a browser was actually launched. */
11
+ browserVersion?: string;
8
12
  }
9
13
  /**
10
14
  * A Flow's executable steps (ADR-0002): a plain Playwright script, default-
@@ -21,11 +25,18 @@ export interface ScriptOutcome {
21
25
  error?: string;
22
26
  /** Evidence filename within evidenceDir (WebM). */
23
27
  evidence?: string;
28
+ console: ConsoleEntry[];
29
+ network: NetworkEntry[];
30
+ timeline: StepResult[];
31
+ screenshots: Screenshot[];
32
+ durationMs: number;
24
33
  }
25
34
  /**
26
35
  * Execute one Flow script in a fresh recording browser context. Shared by
27
36
  * replay (map scripts) and exploration (verify-by-running a proposed script
28
- * before it may enter the Flow Map, ADR-0002).
37
+ * before it may enter the Flow Map, ADR-0002). Alongside the WebM Evidence it
38
+ * captures the panels the viewer renders (ADR-0005): console/page errors,
39
+ * failed network, a navigation timeline, and before/after screenshots.
29
40
  */
30
41
  export declare function runFlowScript(browser: Browser, scriptPath: string, target: URL, evidenceDir: string, videoBase: string): Promise<ScriptOutcome>;
31
42
  /**