@flowspec-qa/runner-core 0.1.0

package/src/result-sanitizer.ts

@@ -0,0 +1,60 @@
+import { config } from './config.js';
+import type { TestResultItem } from './api-client.js';
+
+/**
+ * Sanitize test results before uploading to FlowSpecQA SaaS.
+ *
+ * Strips:
+ *  - HTTP/HTTPS URLs (base URLs of the client's environments)
+ *  - IP addresses
+ *  - Authorization / Bearer tokens
+ *  - Password patterns (key=value)
+ *  - Anything matching custom patterns in config
+ *
+ * The test name, status, and duration are NEVER modified.
+ * Only `error` messages are sanitized.
+ */
+export function sanitizeResults(results: TestResultItem[]): TestResultItem[] {
+  const patterns = config.get('sanitizerPatterns').map((p) => new RegExp(p, 'gi'));
+
+  return results.map((r) => ({
+    ...r,
+    error: r.error ? sanitizeString(r.error, patterns) : null,
+  }));
+}
+
+function sanitizeString(text: string, patterns: RegExp[]): string {
+  let sanitized = text;
+  for (const pattern of patterns) {
+    sanitized = sanitized.replace(pattern, '[REDACTED]');
+  }
+  // Additional pass: truncate very long error messages to 1500 chars
+  if (sanitized.length > 1500) {
+    sanitized = sanitized.slice(0, 1500) + '... [truncated]';
+  }
+  return sanitized;
+}
+
+/**
+ * Validate that no obvious secrets leaked through (belt-and-suspenders check).
+ * Throws if any result still contains a pattern that looks like a secret.
+ */
+export function assertNoSecrets(results: TestResultItem[]): void {
+  const dangerPatterns = [
+    /https?:\/\/[a-z0-9.-]+\.(internal|local|corp|dev|staging|test)[/:]?/i,
+    /Bearer\s+[A-Za-z0-9.\-_]{20,}/,
+    /\bpassword\b/i,
+  ];
+
+  for (const r of results) {
+    if (!r.error) continue;
+    for (const p of dangerPatterns) {
+      if (p.test(r.error)) {
+        throw new Error(
+          `Security check failed: error message for test "${r.name}" may contain sensitive data. ` +
+          `Run with --skip-security-check to bypass (not recommended).`
+        );
+      }
+    }
+  }
+}

package/src/suite-manager.ts

@@ -0,0 +1,73 @@
+import AdmZip from 'adm-zip';
+import fs from 'fs';
+import path from 'path';
+import { config } from './config.js';
+import { FlowSpecQAApi } from './api-client.js';
+
+export interface LocalSuite {
+  runId: string;
+  entityId: string;
+  framework: 'playwright' | 'cypress' | 'maestro';
+  suiteDir: string;
+  downloadedAt: Date;
+}
+
+/**
+ * Download a suite ZIP from FlowSpecQA SaaS and unzip it to the local cache.
+ * Returns the path to the unzipped suite directory.
+ */
+export async function downloadSuite(suiteId: string, entityId: string, framework: string): Promise<LocalSuite> {
+  const cacheDir = config.get('suiteCacheDir');
+  const suiteDir = path.join(cacheDir, entityId, suiteId);
+
+  // Avoid re-downloading if already cached
+  if (fs.existsSync(path.join(suiteDir, 'package.json'))) {
+    return {
+      runId: suiteId,
+      entityId,
+      framework: framework as LocalSuite['framework'],
+      suiteDir,
+      downloadedAt: fs.statSync(suiteDir).mtime,
+    };
+  }
+
+  const zipBuffer = await FlowSpecQAApi.downloadSuiteZip(suiteId);
+  fs.mkdirSync(suiteDir, { recursive: true });
+
+  const zip = new AdmZip(zipBuffer);
+  zip.extractAllTo(suiteDir, /* overwrite */ true);
+
+  return {
+    runId: suiteId,
+    entityId,
+    framework: framework as LocalSuite['framework'],
+    suiteDir,
+    downloadedAt: new Date(),
+  };
+}
+
+/**
+ * List all locally cached suites.
+ */
+export function listCachedSuites(): Array<{ entityId: string; runId: string; suiteDir: string }> {
+  const cacheDir = config.get('suiteCacheDir');
+  if (!fs.existsSync(cacheDir)) return [];
+
+  const result: Array<{ entityId: string; runId: string; suiteDir: string }> = [];
+  for (const entityId of fs.readdirSync(cacheDir)) {
+    const entityDir = path.join(cacheDir, entityId);
+    if (!fs.statSync(entityDir).isDirectory()) continue;
+    for (const runId of fs.readdirSync(entityDir)) {
+      result.push({ entityId, runId, suiteDir: path.join(entityDir, runId) });
+    }
+  }
+  return result;
+}
+
+/**
+ * Remove a cached suite directory.
+ */
+export function evictSuite(entityId: string, runId: string): void {
+  const suiteDir = path.join(config.get('suiteCacheDir'), entityId, runId);
+  fs.rmSync(suiteDir, { recursive: true, force: true });
+}

package/src/uploader.ts

@@ -0,0 +1,45 @@
+import { FlowSpecQAApi, type RunResultPayload } from './api-client.js';
+import { sanitizeResults, assertNoSecrets } from './result-sanitizer.js';
+import type { ExecutionResult } from './executor.js';
+
+const RUNNER_VERSION = '0.1.0';
+
+export interface UploadOptions {
+  runId: string;
+  entityId: string;
+  framework: string;
+  envLabel: string;
+  skipSecurityCheck?: boolean;
+}
+
+/**
+ * Sanitize + upload test results to FlowSpecQA SaaS.
+ * Returns the exec_id assigned by the server.
+ */
+export async function uploadResults(
+  execution: ExecutionResult,
+  options: UploadOptions
+): Promise<{ execId: string }> {
+  // Step 1: Sanitize — strip URLs, IPs, tokens from error messages
+  const sanitized = sanitizeResults(execution.results);
+
+  // Step 2: Belt-and-suspenders security check
+  if (!options.skipSecurityCheck) {
+    assertNoSecrets(sanitized);
+  }
+
+  // Step 3: Build payload
+  const payload: RunResultPayload = {
+    run_id: options.runId,
+    entity_id: options.entityId,
+    framework: options.framework,
+    env_label: options.envLabel,
+    results: sanitized,
+    started_at: execution.startedAt.toISOString(),
+    finished_at: execution.finishedAt.toISOString(),
+    runner_version: RUNNER_VERSION,
+  };
+
+  const response = await FlowSpecQAApi.submitRunResult(payload);
+  return { execId: response.exec_id };
+}

package/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist"
+  },
+  "include": ["src/**/*"]
+}