@dotsetlabs/bellwether 0.10.0

package/dist/baseline/saver.js

@@ -0,0 +1,554 @@
+/**
+ * Baseline save/load functionality.
+ */
+import { createHash } from 'crypto';
+import { readFileSync, writeFileSync, existsSync, statSync } from 'fs';
+import { z } from 'zod';
+import { computeConsensusSchemaHash } from './schema-compare.js';
+import { getBaselineVersion, parseVersion, formatVersion, } from './version.js';
+import { migrateBaseline, needsMigration } from './migrations.js';
+import { analyzeResponses } from './response-fingerprint.js';
+import { calculateMetrics, calculatePerformanceConfidence } from './performance-tracker.js';
+import { PATTERNS, PAYLOAD_LIMITS } from '../constants.js';
+import { getLogger } from '../logging/logger.js';
+/**
+ * Zod schema for behavioral assertion validation.
+ */
+const behavioralAssertionSchema = z.object({
+    tool: z.string(),
+    aspect: z.enum([
+        'response_format',
+        'response_structure',
+        'error_handling',
+        'error_pattern',
+        'security',
+        'performance',
+        'schema',
+        'description',
+    ]),
+    assertion: z.string(),
+    evidence: z.string().optional(),
+    isPositive: z.boolean(),
+});
+/**
+ * Zod schema for response fingerprint validation.
+ */
+const responseFingerprintSchema = z.object({
+    structureHash: z.string(),
+    contentType: z.enum(['text', 'object', 'array', 'primitive', 'empty', 'error', 'mixed', 'binary']),
+    fields: z.array(z.string()).optional(),
+    arrayItemStructure: z.string().optional(),
+    size: z.enum(['tiny', 'small', 'medium', 'large']),
+    isEmpty: z.boolean(),
+    sampleCount: z.number(),
+    confidence: z.number(),
+});
+/**
+ * Zod schema for inferred schema validation (recursive).
+ */
+const inferredSchemaSchema = z.lazy(() => z.object({
+    type: z.string(),
+    properties: z.record(inferredSchemaSchema).optional(),
+    items: inferredSchemaSchema.optional(),
+    required: z.array(z.string()).optional(),
+    nullable: z.boolean().optional(),
+    enum: z.array(z.unknown()).optional(),
+}));
+/**
+ * Zod schema for error pattern validation.
+ */
+const errorPatternSchema = z.object({
+    category: z.enum(['validation', 'not_found', 'permission', 'timeout', 'internal', 'unknown']),
+    patternHash: z.string(),
+    example: z.string(),
+    count: z.number(),
+});
+/**
+ * Zod schema for performance confidence validation.
+ */
+const performanceConfidenceSchema = z.object({
+    sampleCount: z.number(),
+    successfulSamples: z.number(),
+    validationSamples: z.number(),
+    totalTests: z.number(),
+    standardDeviation: z.number(),
+    coefficientOfVariation: z.number(),
+    confidenceLevel: z.enum(['low', 'medium', 'high']),
+    recommendation: z.string().optional(),
+});
+/**
+ * Zod schema for tool fingerprint validation.
+ */
+const toolFingerprintSchema = z.object({
+    name: z.string(),
+    description: z.string(),
+    schemaHash: z.string(),
+    inputSchema: z.record(z.unknown()).optional(),
+    assertions: z.array(behavioralAssertionSchema),
+    securityNotes: z.array(z.string()),
+    limitations: z.array(z.string()),
+    // Response fingerprinting fields (check mode enhancement)
+    responseFingerprint: responseFingerprintSchema.optional(),
+    inferredOutputSchema: inferredSchemaSchema.optional(),
+    errorPatterns: z.array(errorPatternSchema).optional(),
+    // Performance baseline fields
+    baselineP50Ms: z.number().optional(),
+    baselineP95Ms: z.number().optional(),
+    baselineSuccessRate: z.number().optional(),
+    performanceConfidence: performanceConfidenceSchema.optional(),
+});
+/**
+ * Zod schema for server fingerprint validation.
+ */
+const serverFingerprintSchema = z.object({
+    name: z.string(),
+    version: z.string(),
+    protocolVersion: z.string(),
+    capabilities: z.array(z.string()),
+});
+/**
+ * Zod schema for workflow signature validation.
+ */
+const workflowSignatureSchema = z.object({
+    id: z.string(),
+    name: z.string(),
+    toolSequence: z.array(z.string()),
+    succeeded: z.boolean(),
+    summary: z.string().optional(),
+});
+/**
+ * Zod schema for accepted diff validation.
+ */
+const acceptedDiffSchema = z.object({
+    toolsAdded: z.array(z.string()),
+    toolsRemoved: z.array(z.string()),
+    toolsModified: z.array(z.string()),
+    severity: z.enum(['none', 'info', 'warning', 'breaking']),
+    breakingCount: z.number(),
+    warningCount: z.number(),
+    infoCount: z.number(),
+});
+/**
+ * Zod schema for drift acceptance validation.
+ */
+const driftAcceptanceSchema = z.object({
+    acceptedAt: z.string().or(z.date()),
+    acceptedBy: z.string().optional(),
+    reason: z.string().optional(),
+    acceptedDiff: acceptedDiffSchema,
+});
+/**
+ * Zod schema for baseline validation.
+ * Validates untrusted JSON to prevent injection attacks.
+ *
+ * Version can be:
+ * - A semver string like "1.0.0" (current format)
+ * - A legacy number like 1 (old format, will be migrated)
+ */
+const baselineSchema = z.object({
+    version: z.union([
+        z.string().regex(PATTERNS.SEMVER, 'Version must be semver format (e.g., "1.0.0")'),
+        z.number().int().positive(), // Legacy format support
+    ]),
+    createdAt: z.string().or(z.date()),
+    mode: z.enum(['check']).optional(),
+    serverCommand: z.string(),
+    server: serverFingerprintSchema,
+    tools: z.array(toolFingerprintSchema),
+    summary: z.string(),
+    assertions: z.array(behavioralAssertionSchema),
+    workflowSignatures: z.array(workflowSignatureSchema).optional(),
+    integrityHash: z.string(),
+    acceptance: driftAcceptanceSchema.optional(),
+});
+/**
+ * Create a behavioral baseline from interview results.
+ *
+ * Baselines can only be created from check mode results.
+ * Explore mode results are for documentation only.
+ */
+export function createBaseline(result, serverCommand) {
+    // Baselines are always check mode
+    const effectiveMode = 'check';
+    const server = createServerFingerprint(result);
+    // Create a map of tool name -> inputSchema from discovery
+    const schemaMap = new Map();
+    for (const tool of result.discovery.tools) {
+        if (tool.inputSchema) {
+            schemaMap.set(tool.name, tool.inputSchema);
+        }
+    }
+    const tools = result.toolProfiles.map(profile => createToolFingerprint(profile, schemaMap.get(profile.name)));
+    const assertions = extractAssertions(result);
+    const workflowSignatures = extractWorkflowSignatures(result);
+    const baselineData = {
+        version: getBaselineVersion(),
+        createdAt: new Date(),
+        mode: effectiveMode,
+        serverCommand,
+        server,
+        tools,
+        summary: result.summary,
+        assertions,
+        workflowSignatures,
+    };
+    // Calculate integrity hash
+    const integrityHash = calculateIntegrityHash(baselineData);
+    return {
+        ...baselineData,
+        integrityHash,
+    };
+}
+/**
+ * Save baseline to a file.
+ */
+export function saveBaseline(baseline, path) {
+    const serialized = JSON.stringify(baseline, null, 2);
+    writeFileSync(path, serialized, 'utf-8');
+}
+/**
+ * Load baseline from a file.
+ * Validates against Zod schema to prevent malicious JSON injection.
+ *
+ * @param path - Path to the baseline file
+ * @param options - Load options
+ * @returns Loaded baseline (migrated to current version if needed)
+ */
+export function loadBaseline(path, options = {}) {
+    const { migrate = true, skipIntegrityCheck = false } = options;
+    if (!existsSync(path)) {
+        throw new Error(`Baseline file not found: ${path}`);
+    }
+    const content = readFileSync(path, 'utf-8');
+    // Check file size to prevent resource exhaustion
+    const contentSize = Buffer.byteLength(content, 'utf-8');
+    if (contentSize > PAYLOAD_LIMITS.MAX_BASELINE_SIZE) {
+        const sizeMB = (contentSize / (1024 * 1024)).toFixed(2);
+        const limitMB = (PAYLOAD_LIMITS.MAX_BASELINE_SIZE / (1024 * 1024)).toFixed(0);
+        throw new Error(`Baseline file too large: ${sizeMB}MB exceeds limit of ${limitMB}MB. ` +
+            `File may be corrupted or contain excessive data.`);
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(content);
+    }
+    catch (error) {
+        throw new Error(`Invalid JSON in baseline file ${path}: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+    // Validate against schema to prevent malicious JSON
+    const result = baselineSchema.safeParse(parsed);
+    if (!result.success) {
+        const issues = result.error.issues.map((issue) => {
+            const fieldPath = issue.path.join('.');
+            return `  - ${fieldPath}: ${issue.message}`;
+        });
+        throw new Error(`Invalid baseline format in ${path}:\n${issues.join('\n')}`);
+    }
+    let baseline = result.data;
+    // Check if migration is needed
+    if (needsMigration(baseline)) {
+        const currentVersion = parseVersion(baseline.version);
+        if (migrate) {
+            // Automatically migrate to current version
+            baseline = migrateBaseline(baseline);
+        }
+        else {
+            // Log warning but continue with the old format
+            getLogger('baseline').warn(`Baseline uses older CLI version ${formatVersion(currentVersion.raw)}. ` +
+                `Current CLI version is ${formatVersion(getBaselineVersion())}. ` +
+                `Run \`bellwether baseline migrate\` to upgrade.`);
+        }
+    }
+    const typedBaseline = baseline;
+    // Restore Date objects
+    typedBaseline.createdAt = new Date(typedBaseline.createdAt);
+    if (typedBaseline.acceptance?.acceptedAt) {
+        typedBaseline.acceptance.acceptedAt = new Date(typedBaseline.acceptance.acceptedAt);
+    }
+    // Verify integrity (unless skipped or just migrated)
+    if (!skipIntegrityCheck && !needsMigration(result.data)) {
+        if (!verifyIntegrity(typedBaseline)) {
+            throw new Error('Baseline integrity check failed - file may have been modified');
+        }
+    }
+    return typedBaseline;
+}
+/**
+ * Verify baseline integrity.
+ */
+export function verifyIntegrity(baseline) {
+    const { integrityHash, ...rest } = baseline;
+    const expectedHash = calculateIntegrityHash(rest);
+    return integrityHash === expectedHash;
+}
+/**
+ * Recalculate and update the integrity hash for a baseline.
+ * Useful after migration or manual modifications.
+ */
+export function recalculateIntegrityHash(baseline) {
+    const integrityHash = calculateIntegrityHash(baseline);
+    return {
+        ...baseline,
+        integrityHash,
+    };
+}
+/**
+ * Create server fingerprint from discovery result.
+ */
+function createServerFingerprint(result) {
+    const { discovery } = result;
+    const capabilities = [];
+    if (discovery.capabilities.tools)
+        capabilities.push('tools');
+    if (discovery.capabilities.prompts)
+        capabilities.push('prompts');
+    if (discovery.capabilities.resources)
+        capabilities.push('resources');
+    if (discovery.capabilities.logging)
+        capabilities.push('logging');
+    return {
+        name: discovery.serverInfo.name,
+        version: discovery.serverInfo.version,
+        protocolVersion: discovery.protocolVersion,
+        capabilities,
+    };
+}
+/**
+ * Create tool fingerprint from tool profile.
+ * Includes response fingerprinting for enhanced structural drift detection.
+ */
+function createToolFingerprint(profile, inputSchema) {
+    const assertions = extractToolAssertions(profile);
+    // Compute schema hash from all interactions (not just first)
+    // This includes argument types and infers schema from actual values
+    const interactions = profile.interactions.map(i => ({ args: i.question.args }));
+    const { hash: schemaHash } = computeConsensusSchemaHash(interactions);
+    // Analyze responses to create fingerprint (check mode enhancement)
+    const responseData = profile.interactions
+        .filter(i => !i.mocked)
+        .map(i => ({
+        response: i.response,
+        error: i.error,
+    }));
+    const responseAnalysis = analyzeResponses(responseData);
+    // Calculate performance metrics from interactions
+    const latencySamples = profile.interactions
+        .filter(i => i.toolExecutionMs !== undefined && !i.mocked)
+        .map(i => ({
+        toolName: profile.name,
+        durationMs: i.toolExecutionMs ?? 0,
+        success: !i.error && !i.response?.isError,
+        timestamp: new Date(),
+        expectedOutcome: i.question.expectedOutcome,
+        outcomeCorrect: i.outcomeAssessment?.correct,
+    }));
+    let baselineP50Ms;
+    let baselineP95Ms;
+    let baselineSuccessRate;
+    if (latencySamples.length > 0) {
+        const metrics = calculateMetrics(latencySamples);
+        if (metrics) {
+            baselineP50Ms = metrics.p50Ms;
+            baselineP95Ms = metrics.p95Ms;
+            baselineSuccessRate = metrics.successRate;
+        }
+    }
+    // Calculate performance confidence (sample count + coefficient of variation)
+    const performanceConfidence = calculatePerformanceConfidence(latencySamples);
+    return {
+        name: profile.name,
+        description: profile.description,
+        schemaHash,
+        inputSchema,
+        assertions,
+        securityNotes: [...profile.securityNotes],
+        limitations: [...profile.limitations],
+        // Response fingerprinting
+        responseFingerprint: responseAnalysis.fingerprint,
+        inferredOutputSchema: responseAnalysis.inferredSchema,
+        errorPatterns: responseAnalysis.errorPatterns.length > 0
+            ? responseAnalysis.errorPatterns
+            : undefined,
+        // Performance baseline
+        baselineP50Ms,
+        baselineP95Ms,
+        baselineSuccessRate,
+        performanceConfidence,
+    };
+}
+/**
+ * Extract behavioral assertions from a tool profile.
+ */
+function extractToolAssertions(profile) {
+    const assertions = [];
+    // Convert behavioral notes to assertions
+    for (const note of profile.behavioralNotes) {
+        assertions.push({
+            tool: profile.name,
+            aspect: 'response_format',
+            assertion: note,
+            isPositive: true,
+        });
+    }
+    // Convert limitations to negative assertions
+    for (const limitation of profile.limitations) {
+        assertions.push({
+            tool: profile.name,
+            aspect: 'error_handling',
+            assertion: limitation,
+            isPositive: false,
+        });
+    }
+    // Convert security notes to security assertions
+    for (const secNote of profile.securityNotes) {
+        assertions.push({
+            tool: profile.name,
+            aspect: 'security',
+            assertion: secNote,
+            isPositive: !secNote.toLowerCase().includes('risk') &&
+                !secNote.toLowerCase().includes('vulnerab') &&
+                !secNote.toLowerCase().includes('dangerous'),
+        });
+    }
+    return assertions;
+}
+/**
+ * Extract all assertions from interview result.
+ */
+function extractAssertions(result) {
+    const assertions = [];
+    // Extract from each tool
+    for (const profile of result.toolProfiles) {
+        assertions.push(...extractToolAssertions(profile));
+    }
+    // Add overall limitations as assertions
+    for (const limitation of result.limitations) {
+        assertions.push({
+            tool: 'server',
+            aspect: 'error_handling',
+            assertion: limitation,
+            isPositive: false,
+        });
+    }
+    return assertions;
+}
+/**
+ * Extract workflow signatures from interview result.
+ */
+function extractWorkflowSignatures(result) {
+    if (!result.workflowResults || result.workflowResults.length === 0) {
+        return [];
+    }
+    return result.workflowResults.map((wr) => ({
+        id: wr.workflow.id,
+        name: wr.workflow.name,
+        toolSequence: wr.workflow.steps.map((s) => s.tool),
+        succeeded: wr.success,
+        summary: wr.summary,
+    }));
+}
+/**
+ * Calculate integrity hash for baseline data.
+ */
+function calculateIntegrityHash(data) {
+    // Create a deterministic representation
+    const normalized = JSON.stringify(data, (_key, value) => {
+        // Normalize dates to ISO strings for consistent hashing
+        if (value instanceof Date) {
+            return value.toISOString();
+        }
+        return value;
+    });
+    return hashString(normalized);
+}
+/**
+ * Create a SHA-256 hash of a string.
+ */
+function hashString(input) {
+    return createHash('sha256').update(input).digest('hex').slice(0, 16);
+}
+/**
+ * Check if a baseline file exists.
+ * Returns false for directories - baselines must be files.
+ */
+export function baselineExists(path) {
+    if (!existsSync(path)) {
+        return false;
+    }
+    try {
+        return statSync(path).isFile();
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Accept drift by updating a baseline with drift acceptance metadata.
+ *
+ * This marks the current state of the server as the new expected baseline,
+ * acknowledging that the detected changes were intentional.
+ *
+ * @param currentBaseline - The new baseline from the current server state
+ * @param diff - The diff that is being accepted
+ * @param options - Acceptance options (reason, acceptedBy)
+ * @returns The baseline with acceptance metadata attached
+ */
+export function acceptDrift(currentBaseline, diff, options = {}) {
+    // Create the accepted diff snapshot
+    const acceptedDiff = {
+        toolsAdded: [...diff.toolsAdded],
+        toolsRemoved: [...diff.toolsRemoved],
+        toolsModified: diff.toolsModified.map(t => t.tool),
+        severity: diff.severity,
+        breakingCount: diff.breakingCount,
+        warningCount: diff.warningCount,
+        infoCount: diff.infoCount,
+    };
+    // Create acceptance metadata
+    const acceptance = {
+        acceptedAt: new Date(),
+        acceptedBy: options.acceptedBy,
+        reason: options.reason,
+        acceptedDiff,
+    };
+    // Create new baseline with acceptance metadata
+    const baselineWithAcceptance = {
+        version: currentBaseline.version,
+        createdAt: currentBaseline.createdAt,
+        mode: currentBaseline.mode,
+        serverCommand: currentBaseline.serverCommand,
+        server: currentBaseline.server,
+        tools: currentBaseline.tools,
+        summary: currentBaseline.summary,
+        assertions: currentBaseline.assertions,
+        workflowSignatures: currentBaseline.workflowSignatures,
+        acceptance,
+    };
+    // Recalculate integrity hash with acceptance metadata
+    const integrityHash = calculateIntegrityHash(baselineWithAcceptance);
+    return {
+        ...baselineWithAcceptance,
+        integrityHash,
+    };
+}
+/**
+ * Check if a baseline has acceptance metadata.
+ */
+export function hasAcceptance(baseline) {
+    return baseline.acceptance !== undefined;
+}
+/**
+ * Clear acceptance metadata from a baseline.
+ * Useful when re-running checks after the accepted changes are no longer relevant.
+ * Returns a new baseline without acceptance, with recalculated integrity hash.
+ */
+export function clearAcceptance(baseline) {
+    // Destructure to exclude acceptance (and integrityHash which needs recalculating)
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const { acceptance: _removed, integrityHash: _oldHash, ...baselineWithoutAcceptance } = baseline;
+    return {
+        ...baselineWithoutAcceptance,
+        integrityHash: calculateIntegrityHash(baselineWithoutAcceptance),
+    };
+}
+//# sourceMappingURL=saver.js.map

package/dist/baseline/scenario-generator.d.ts

@@ -0,0 +1,151 @@
+/**
+ * Auto-generated test scenario generation from schema analysis.
+ *
+ * This module analyzes tool schemas and generates comprehensive test scenarios
+ * covering happy paths, edge cases, error handling, and security testing.
+ */
+import type { ToolFingerprint, BehavioralBaseline } from './types.js';
+/**
+ * Category of test scenario.
+ */
+export type ScenarioCategory = 'happy_path' | 'edge_cases' | 'error_handling' | 'security';
+/**
+ * Priority level for test scenarios.
+ */
+export type ScenarioPriority = 'critical' | 'high' | 'medium' | 'low';
+/**
+ * A single test scenario for a tool.
+ */
+export interface TestScenario {
+    /** Unique identifier for the scenario */
+    id: string;
+    /** Name of the tool this scenario tests */
+    toolName: string;
+    /** Category of test scenario */
+    category: ScenarioCategory;
+    /** Human-readable description of what is being tested */
+    description: string;
+    /** The input to provide to the tool */
+    input: Record<string, unknown>;
+    /** Expected behavior or assertion */
+    expectedBehavior: string;
+    /** Priority level for execution order */
+    priority: ScenarioPriority;
+    /** Tags for filtering/grouping */
+    tags: string[];
+    /** Why this scenario was generated */
+    rationale: string;
+    /** Parameter(s) being tested */
+    targetParameter?: string;
+}
+/**
+ * Collection of auto-generated test scenarios for a tool.
+ */
+export interface AutoGeneratedScenarios {
+    /** Tool being tested */
+    toolName: string;
+    /** Tool description for context */
+    toolDescription: string;
+    /** Success/valid input scenarios */
+    happyPath: TestScenario[];
+    /** Boundary conditions and unusual inputs */
+    edgeCases: TestScenario[];
+    /** Invalid input and error scenarios */
+    errorCases: TestScenario[];
+    /** Security-focused test cases */
+    securityTests: TestScenario[];
+    /** Total coverage percentage estimate */
+    coverageEstimate: number;
+    /** Parameters with generated scenarios */
+    coveredParameters: string[];
+    /** Parameters without scenarios (may need manual tests) */
+    uncoveredParameters: string[];
+    /** When scenarios were generated */
+    generatedAt: Date;
+}
+/**
+ * Summary of generated scenarios for an entire baseline.
+ */
+export interface ScenarioGenerationSummary {
+    /** Total tools processed */
+    toolsProcessed: number;
+    /** Tools that got scenarios generated */
+    toolsWithScenarios: number;
+    /** Tools skipped (no schema, etc.) */
+    toolsSkipped: number;
+    /** Total scenarios generated */
+    totalScenarios: number;
+    /** Breakdown by category */
+    scenariosByCategory: Record<ScenarioCategory, number>;
+    /** Breakdown by priority */
+    scenariosByPriority: Record<ScenarioPriority, number>;
+    /** Average coverage estimate across tools */
+    averageCoverage: number;
+    /** Tools with low coverage that need attention */
+    lowCoverageTools: string[];
+    /** Generated timestamp */
+    generatedAt: Date;
+}
+/**
+ * Result of scenario generation for a baseline.
+ */
+export interface ScenarioGenerationResult {
+    /** Per-tool scenario collections */
+    scenarios: AutoGeneratedScenarios[];
+    /** Overall summary */
+    summary: ScenarioGenerationSummary;
+}
+/**
+ * Configuration for scenario generation.
+ */
+export interface ScenarioGenerationConfig {
+    /** Maximum happy path scenarios per tool */
+    maxHappyPath?: number;
+    /** Maximum edge case scenarios per tool */
+    maxEdgeCases?: number;
+    /** Maximum error case scenarios per tool */
+    maxErrorCases?: number;
+    /** Maximum security scenarios per tool */
+    maxSecurityScenarios?: number;
+    /** Minimum coverage to aim for */
+    minCoverage?: number;
+    /** Categories to generate (defaults to all) */
+    categories?: ScenarioCategory[];
+    /** Specific tools to generate for (defaults to all) */
+    tools?: string[];
+    /** Include security payloads for injection testing */
+    includeSecurityPayloads?: boolean;
+}
+/**
+ * Generate test scenarios for a single tool.
+ */
+export declare function generateToolScenarios(tool: ToolFingerprint, config?: ScenarioGenerationConfig): AutoGeneratedScenarios;
+/**
+ * Generate test scenarios for all tools in a baseline.
+ */
+export declare function generateBaselineScenarios(baseline: BehavioralBaseline, config?: ScenarioGenerationConfig): ScenarioGenerationResult;
+/**
+ * Format scenarios as YAML for test execution.
+ */
+export declare function formatScenariosAsYaml(result: ScenarioGenerationResult): string;
+/**
+ * Format scenarios as a human-readable report.
+ */
+export declare function formatScenariosReport(result: ScenarioGenerationResult): string;
+/**
+ * Get scenarios filtered by priority.
+ */
+export declare function getScenariosByPriority(result: ScenarioGenerationResult, priority: ScenarioPriority): TestScenario[];
+/**
+ * Get scenarios filtered by category.
+ */
+export declare function getScenariosByCategory(result: ScenarioGenerationResult, category: ScenarioCategory): TestScenario[];
+/**
+ * Get critical scenarios for smoke testing.
+ */
+export declare function getCriticalScenarios(result: ScenarioGenerationResult): TestScenario[];
+/**
+ * Get security-focused scenarios.
+ */
+export declare function getSecurityScenarios(result: ScenarioGenerationResult): TestScenario[];
+//# sourceMappingURL=scenario-generator.d.ts.map