@hasna/testers 0.0.28 → 0.0.30

package/dist/cli/index.js

@@ -2148,7 +2148,8 @@ function scenarioFromRow(row) {
     createdAt: row.created_at,
     updatedAt: row.updated_at,
     lastPassedAt: row.last_passed_at ?? null,
-    lastPassedUrl: row.last_passed_url ?? null
+    lastPassedUrl: row.last_passed_url ?? null,
+    parameters: row.parameters ? JSON.parse(row.parameters) : null
   };
 }
 function runFromRow(row) {
@@ -2168,7 +2169,14 @@ function runFromRow(row) {
     metadata: row.metadata ? JSON.parse(row.metadata) : null,
     isBaseline: row.is_baseline === 1,
     samples: row.samples ?? 1,
-    flakinessThreshold: row.flakiness_threshold ?? 0.95
+    flakinessThreshold: row.flakiness_threshold ?? 0.95,
+    prNumber: row.pr_number ?? null,
+    prTitle: row.pr_title ?? null,
+    prBranch: row.pr_branch ?? null,
+    prBaseBranch: row.pr_base_branch ?? null,
+    prCommitSha: row.pr_commit_sha ?? null,
+    prUrl: row.pr_url ?? null,
+    ghAppInstallationId: row.gh_app_installation_id ?? null
   };
 }
 function resultFromRow(row) {
@@ -2189,7 +2197,8 @@ function resultFromRow(row) {
     createdAt: row.created_at,
     personaId: row.persona_id ?? null,
     personaName: row.persona_name ?? null,
-    failureAnalysis: row.failure_analysis ? JSON.parse(row.failure_analysis) : null
+    failureAnalysis: row.failure_analysis ? JSON.parse(row.failure_analysis) : null,
+    harPath: row.har_path ?? null
   };
 }
 function screenshotFromRow(row) {
@@ -2281,7 +2290,10 @@ function personaFromRow(row) {
       email: row.auth_email,
       password: row.auth_password,
       loginPath: row.auth_login_path ?? "/login",
-      cookies: row.auth_cookies ? JSON.parse(row.auth_cookies) : null
+      cookies: row.auth_cookies ? JSON.parse(row.auth_cookies) : null,
+      strategy: row.auth_strategy ?? "form-login",
+      headers: row.auth_headers ? JSON.parse(row.auth_headers) : undefined,
+      customScript: row.auth_script ?? undefined
     } : null
   };
 }
@@ -12200,6 +12212,43 @@ ALTER TABLE scenarios ADD COLUMN required_role TEXT;
     machine_id TEXT,
     created_at TEXT NOT NULL DEFAULT (datetime('now'))
   );
+  `,
+    `
+ALTER TABLE results ADD COLUMN har_path TEXT;
+  `,
+    `
+ALTER TABLE scenarios ADD COLUMN parameters TEXT;
+  `,
+    `
+ALTER TABLE personas ADD COLUMN auth_strategy TEXT DEFAULT 'form-login';
+ALTER TABLE personas ADD COLUMN auth_headers TEXT;
+ALTER TABLE personas ADD COLUMN auth_script TEXT;
+  `,
+    `
+CREATE TABLE IF NOT EXISTS step_results (
+  id TEXT PRIMARY KEY,
+  result_id TEXT NOT NULL REFERENCES results(id) ON DELETE CASCADE,
+  step_number INTEGER NOT NULL,
+  action TEXT NOT NULL,
+  status TEXT NOT NULL DEFAULT 'running' CHECK(status IN ('passed','failed','error','running','skipped')),
+  tool_name TEXT,
+  tool_input TEXT,
+  tool_result TEXT,
+  thinking TEXT,
+  error TEXT,
+  duration_ms INTEGER,
+  screenshot_id TEXT REFERENCES screenshots(id),
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+  `,
+    `
+ALTER TABLE runs ADD COLUMN pr_number INTEGER;
+ALTER TABLE runs ADD COLUMN pr_title TEXT;
+ALTER TABLE runs ADD COLUMN pr_branch TEXT;
+ALTER TABLE runs ADD COLUMN pr_base_branch TEXT;
+ALTER TABLE runs ADD COLUMN pr_commit_sha TEXT;
+ALTER TABLE runs ADD COLUMN pr_url TEXT;
+ALTER TABLE runs ADD COLUMN gh_app_installation_id TEXT;
   `
   ];
 });
@@ -12207,6 +12256,7 @@ ALTER TABLE scenarios ADD COLUMN required_role TEXT;
 // src/db/scenarios.ts
 var exports_scenarios = {};
 __export(exports_scenarios, {
+  upsertScenario: () => upsertScenario,
   updateScenarioPassedCache: () => updateScenarioPassedCache,
   updateScenario: () => updateScenario,
   listScenarios: () => listScenarios,
@@ -12235,9 +12285,9 @@ function createScenario(input) {
   const short_id = nextShortId(input.projectId);
   const timestamp = now();
   db2.query(`
-    INSERT INTO scenarios (id, short_id, project_id, name, description, steps, tags, priority, model, timeout_ms, target_path, requires_auth, auth_config, metadata, assertions, version, created_at, updated_at)
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, ?, ?)
-  `).run(id, short_id, input.projectId ?? null, input.name, input.description, JSON.stringify(input.steps ?? []), JSON.stringify(input.tags ?? []), input.priority ?? "medium", input.model ?? null, input.timeoutMs ?? null, input.targetPath ?? null, input.requiresAuth ? 1 : 0, input.authConfig ? JSON.stringify(input.authConfig) : null, input.metadata ? JSON.stringify(input.metadata) : null, JSON.stringify(input.assertions ?? []), timestamp, timestamp);
+    INSERT INTO scenarios (id, short_id, project_id, name, description, steps, tags, priority, model, timeout_ms, target_path, requires_auth, auth_config, metadata, assertions, parameters, version, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, ?, ?)
+  `).run(id, short_id, input.projectId ?? null, input.name, input.description, JSON.stringify(input.steps ?? []), JSON.stringify(input.tags ?? []), input.priority ?? "medium", input.model ?? null, input.timeoutMs ?? null, input.targetPath ?? null, input.requiresAuth ? 1 : 0, input.authConfig ? JSON.stringify(input.authConfig) : null, input.metadata ? JSON.stringify(input.metadata) : null, JSON.stringify(input.assertions ?? []), input.parameters ? JSON.stringify(input.parameters) : null, timestamp, timestamp);
   return getScenario(id);
 }
 function getScenario(id) {
@@ -12387,6 +12437,10 @@ function updateScenario(id, input, version) {
     sets.push("assertions = ?");
     params.push(JSON.stringify(input.assertions));
   }
+  if (input.parameters !== undefined) {
+    sets.push("parameters = ?");
+    params.push(JSON.stringify(input.parameters));
+  }
   if (sets.length === 0) {
     return existing;
   }
@@ -12459,6 +12513,75 @@ function deleteScenario(id) {
   const result = db2.query("DELETE FROM scenarios WHERE id = ?").run(scenario.id);
   return result.changes > 0;
 }
+function upsertScenario(input) {
+  const db2 = getDatabase();
+  const existing = db2.query("SELECT * FROM scenarios WHERE name = ? AND project_id IS NOT DISTINCT FROM ?").get(input.name, input.projectId ?? null);
+  if (!existing) {
+    return { scenario: createScenario(input), action: "created" };
+  }
+  const existingSteps = JSON.parse(existing.steps);
+  const existingTags = JSON.parse(existing.tags);
+  const newSteps = input.steps ?? [];
+  const newTags = input.tags ?? [];
+  const isIdentical = existing.description === (input.description ?? "") && existingSteps.length === newSteps.length && existingSteps.every((s, i) => s === newSteps[i]) && existingTags.length === newTags.length && existingTags.every((t, i) => t === newTags[i]) && existing.priority === (input.priority ?? "medium");
+  if (isIdentical) {
+    return { scenario: scenarioFromRow(existing), action: "deduped" };
+  }
+  const sets = [];
+  const params = [];
+  if (input.description !== undefined) {
+    sets.push("description = ?");
+    params.push(input.description);
+  }
+  if (input.steps !== undefined) {
+    sets.push("steps = ?");
+    params.push(JSON.stringify(input.steps));
+  }
+  if (input.tags !== undefined) {
+    sets.push("tags = ?");
+    params.push(JSON.stringify(input.tags));
+  }
+  if (input.priority !== undefined) {
+    sets.push("priority = ?");
+    params.push(input.priority);
+  }
+  if (input.model !== undefined) {
+    sets.push("model = ?");
+    params.push(input.model);
+  }
+  if (input.timeoutMs !== undefined) {
+    sets.push("timeout_ms = ?");
+    params.push(input.timeoutMs);
+  }
+  if (input.targetPath !== undefined) {
+    sets.push("target_path = ?");
+    params.push(input.targetPath);
+  }
+  if (input.requiresAuth !== undefined) {
+    sets.push("requires_auth = ?");
+    params.push(input.requiresAuth ? 1 : 0);
+  }
+  if (input.authConfig !== undefined) {
+    sets.push("auth_config = ?");
+    params.push(JSON.stringify(input.authConfig));
+  }
+  if (input.metadata !== undefined) {
+    sets.push("metadata = ?");
+    params.push(JSON.stringify(input.metadata));
+  }
+  if (input.assertions !== undefined) {
+    sets.push("assertions = ?");
+    params.push(JSON.stringify(input.assertions));
+  }
+  sets.push("version = ?", "updated_at = ?");
+  params.push(existing.version + 1, now());
+  params.push(existing.id);
+  const result = db2.query(`UPDATE scenarios SET ${sets.join(", ")} WHERE id = ?`).run(...params);
+  if (result.changes === 0) {
+    return { scenario: scenarioFromRow(existing), action: "deduped" };
+  }
+  return { scenario: getScenario(existing.id), action: "updated" };
+}
 var init_scenarios = __esm(() => {
   init_types();
   init_database();
@@ -12468,8 +12591,12 @@ var init_scenarios = __esm(() => {
 var exports_runs = {};
 __export(exports_runs, {
   updateRun: () => updateRun,
+  updatePrRunMetadata: () => updatePrRunMetadata,
   listRuns: () => listRuns,
+  listPrRuns: () => listPrRuns,
+  getRunsByPr: () => getRunsByPr,
   getRun: () => getRun,
+  getLatestPrRun: () => getLatestPrRun,
   deleteRun: () => deleteRun,
   createRun: () => createRun,
   countRuns: () => countRuns
@@ -12479,9 +12606,9 @@ function createRun(input) {
   const id = uuid();
   const timestamp = now();
   db2.query(`
-    INSERT INTO runs (id, project_id, status, url, model, headed, parallel, total, passed, failed, started_at, finished_at, metadata, samples, flakiness_threshold)
-    VALUES (?, ?, 'pending', ?, ?, ?, ?, 0, 0, 0, ?, NULL, ?, ?, ?)
-  `).run(id, input.projectId ?? null, input.url, input.model, input.headed ? 1 : 0, input.parallel ?? 1, timestamp, input.model ? JSON.stringify({}) : null, input.samples ?? 1, input.flakinessThreshold ?? 0.95);
+    INSERT INTO runs (id, project_id, status, url, model, headed, parallel, total, passed, failed, started_at, finished_at, metadata, samples, flakiness_threshold, pr_number, pr_title, pr_branch, pr_base_branch, pr_commit_sha, pr_url, gh_app_installation_id)
+    VALUES (?, ?, 'pending', ?, ?, ?, ?, 0, 0, 0, ?, NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(id, input.projectId ?? null, input.url, input.model, input.headed ? 1 : 0, input.parallel ?? 1, timestamp, JSON.stringify({}), input.samples ?? 1, input.flakinessThreshold ?? 0.95, input.prNumber ?? null, input.prTitle ?? null, input.prBranch ?? null, input.prBaseBranch ?? null, input.prCommitSha ?? null, input.prUrl ?? null, input.ghAppInstallationId ?? null);
   return getRun(id);
 }
 function getRun(id) {
@@ -12509,6 +12636,14 @@ function listRuns(filter) {
     conditions.push("status = ?");
     params.push(filter.status);
   }
+  if (filter?.since) {
+    conditions.push("started_at >= ?");
+    params.push(filter.since);
+  }
+  if (filter?.until) {
+    conditions.push("started_at <= ?");
+    params.push(filter.until);
+  }
   let sql = "SELECT * FROM runs";
   if (conditions.length > 0) {
     sql += " WHERE " + conditions.join(" AND ");
@@ -12540,6 +12675,14 @@ function countRuns(filter) {
     conditions.push("status = ?");
     params.push(filter.status);
   }
+  if (filter?.since) {
+    conditions.push("started_at >= ?");
+    params.push(filter.since);
+  }
+  if (filter?.until) {
+    conditions.push("started_at <= ?");
+    params.push(filter.until);
+  }
   let sql = "SELECT COUNT(*) as count FROM runs";
   if (conditions.length > 0)
     sql += " WHERE " + conditions.join(" AND ");
@@ -12617,6 +12760,52 @@ function deleteRun(id) {
   const result = db2.query("DELETE FROM runs WHERE id = ?").run(run.id);
   return result.changes > 0;
 }
+function getRunsByPr(prNumber) {
+  const db2 = getDatabase();
+  const rows = db2.query("SELECT * FROM runs WHERE pr_number = ? ORDER BY started_at DESC").all(prNumber);
+  return rows.map(runFromRow);
+}
+function getLatestPrRun(prNumber) {
+  const db2 = getDatabase();
+  const row = db2.query("SELECT * FROM runs WHERE pr_number = ? ORDER BY started_at DESC, rowid DESC LIMIT 1").get(prNumber);
+  return row ? runFromRow(row) : null;
+}
+function listPrRuns(filter) {
+  const db2 = getDatabase();
+  const conditions = ["pr_number IS NOT NULL"];
+  const params = [];
+  if (filter?.branch) {
+    conditions.push("pr_branch = ?");
+    params.push(filter.branch);
+  }
+  if (filter?.baseBranch) {
+    conditions.push("pr_base_branch = ?");
+    params.push(filter.baseBranch);
+  }
+  let sql = "SELECT * FROM runs WHERE " + conditions.join(" AND ") + " ORDER BY started_at DESC";
+  if (filter?.limit) {
+    sql += " LIMIT ?";
+    params.push(filter.limit);
+  }
+  if (filter?.offset) {
+    sql += " OFFSET ?";
+    params.push(filter.offset);
+  }
+  const rows = db2.query(sql).all(...params);
+  return rows.map(runFromRow);
+}
+function updatePrRunMetadata(runId, prData) {
+  const db2 = getDatabase();
+  const existing = getRun(runId);
+  if (!existing) {
+    throw new Error(`Run not found: ${runId}`);
+  }
+  db2.query(`
+    UPDATE runs SET pr_number = ?, pr_title = ?, pr_branch = ?, pr_base_branch = ?, pr_commit_sha = ?, pr_url = ?, gh_app_installation_id = ?
+    WHERE id = ?
+  `).run(prData.prNumber, prData.prTitle ?? null, prData.prBranch ?? null, prData.prBaseBranch ?? null, prData.prCommitSha ?? null, prData.prUrl ?? null, prData.ghAppInstallationId ?? null, runId);
+  return getRun(runId);
+}
 var init_runs = __esm(() => {
   init_types();
   init_database();
@@ -13382,6 +13571,16 @@ async function launchBrowser(options) {
   const headless = options?.headless ?? true;
   const viewport = options?.viewport ?? DEFAULT_VIEWPORT;
   try {
+    if (engine === "playwright-firefox") {
+      const { firefox } = await import("playwright");
+      const browser = await firefox.launch({ headless });
+      return browser;
+    }
+    if (engine === "playwright-webkit") {
+      const { webkit } = await import("playwright");
+      const browser = await webkit.launch({ headless });
+      return browser;
+    }
     return await launchPlaywright({ headless, viewport });
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
@@ -13498,8 +13697,9 @@ async function installBrowser(engine) {
     const { installLightpanda: installLightpanda2 } = await Promise.resolve().then(() => (init_browser_lightpanda(), exports_browser_lightpanda));
     return installLightpanda2();
   }
+  const browserName = engine === "playwright-firefox" ? "firefox" : engine === "playwright-webkit" ? "webkit" : "chromium";
   try {
-    execSync("bunx playwright install chromium", {
+    execSync(`bunx playwright install ${browserName}`, {
       stdio: "inherit"
     });
   } catch (error) {
@@ -13631,7 +13831,7 @@ function getDefaultConfig() {
     browser: {
       headless: true,
       viewport: { width: 1280, height: 720 },
-      timeout: 60000
+      timeout: 120000
     },
     screenshots: {
       dir: join9(getTestersDir(), "screenshots"),
@@ -13661,7 +13861,8 @@ function loadConfig() {
     judgeModel: fileConfig.judgeModel,
     judgeProvider: fileConfig.judgeProvider,
     selfHeal: fileConfig.selfHeal ?? false,
-    conversationsSpace: fileConfig.conversationsSpace
+    conversationsSpace: fileConfig.conversationsSpace,
+    prodDebug: fileConfig.prodDebug
   };
   const envModel = process.env["TESTERS_MODEL"];
   if (envModel) {
@@ -15657,6 +15858,76 @@ var init_costs = __esm(() => {
   };
 });
 
+// src/db/step-results.ts
+function createStepResult(input) {
+  const db2 = getDatabase();
+  const id = uuid();
+  const timestamp = now();
+  db2.query(`
+    INSERT INTO step_results (id, result_id, step_number, action, status, tool_name, tool_input, thinking, created_at)
+    VALUES (?, ?, ?, ?, 'running', ?, ?, ?, ?)
+  `).run(id, input.resultId, input.stepNumber, input.action, input.toolName ?? null, input.toolInput ? JSON.stringify(input.toolInput) : null, input.thinking ?? null, timestamp);
+  return getStepResult(id);
+}
+function getStepResult(id) {
+  const db2 = getDatabase();
+  const row = db2.query("SELECT * FROM step_results WHERE id = ?").get(id);
+  return row ? stepResultFromRow(row) : null;
+}
+function updateStepResult(id, updates) {
+  const db2 = getDatabase();
+  const existing = getStepResult(id);
+  if (!existing)
+    return null;
+  const sets = [];
+  const params = [];
+  if (updates.status !== undefined) {
+    sets.push("status = ?");
+    params.push(updates.status);
+  }
+  if (updates.toolResult !== undefined) {
+    sets.push("tool_result = ?");
+    params.push(updates.toolResult);
+  }
+  if (updates.error !== undefined) {
+    sets.push("error = ?");
+    params.push(updates.error);
+  }
+  if (updates.durationMs !== undefined) {
+    sets.push("duration_ms = ?");
+    params.push(updates.durationMs);
+  }
+  if (updates.screenshotId !== undefined) {
+    sets.push("screenshot_id = ?");
+    params.push(updates.screenshotId);
+  }
+  if (sets.length === 0)
+    return existing;
+  params.push(id);
+  db2.query(`UPDATE step_results SET ${sets.join(", ")} WHERE id = ?`).run(...params);
+  return getStepResult(id);
+}
+function stepResultFromRow(row) {
+  return {
+    id: row.id,
+    resultId: row.result_id,
+    stepNumber: row.step_number,
+    action: row.action,
+    status: row.status,
+    toolName: row.tool_name,
+    toolInput: row.tool_input ? JSON.parse(row.tool_input) : null,
+    toolResult: row.tool_result,
+    thinking: row.thinking,
+    error: row.error,
+    durationMs: row.duration_ms,
+    screenshotId: row.screenshot_id,
+    createdAt: row.created_at
+  };
+}
+var init_step_results = __esm(() => {
+  init_database();
+});
+
 // src/db/personas.ts
 function createPersona(input) {
   const db2 = getDatabase();
@@ -15664,9 +15935,9 @@ function createPersona(input) {
   const short_id = shortUuid();
   const timestamp = now();
   db2.query(`
-    INSERT INTO personas (id, short_id, project_id, name, description, role, instructions, traits, goals, behaviors, expertise_level, demographics, pain_points, metadata, enabled, auth_email, auth_password, auth_login_path, version, created_at, updated_at)
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, ?, ?)
-  `).run(id, short_id, input.projectId ?? null, input.name, input.description ?? "", input.role, input.instructions ?? "", JSON.stringify(input.traits ?? []), JSON.stringify(input.goals ?? []), JSON.stringify(input.behaviors ?? []), input.expertiseLevel ?? "intermediate", JSON.stringify(input.demographics ?? {}), JSON.stringify(input.painPoints ?? []), input.metadata ? JSON.stringify(input.metadata) : "{}", input.enabled === false ? 0 : 1, input.authEmail ?? null, input.authPassword ?? null, input.authLoginPath ?? null, timestamp, timestamp);
+    INSERT INTO personas (id, short_id, project_id, name, description, role, instructions, traits, goals, behaviors, expertise_level, demographics, pain_points, metadata, enabled, auth_email, auth_password, auth_login_path, auth_cookies, auth_strategy, auth_headers, auth_script, version, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, ?, ?)
+  `).run(id, short_id, input.projectId ?? null, input.name, input.description ?? "", input.role, input.instructions ?? "", JSON.stringify(input.traits ?? []), JSON.stringify(input.goals ?? []), JSON.stringify(input.behaviors ?? []), input.expertiseLevel ?? "intermediate", JSON.stringify(input.demographics ?? {}), JSON.stringify(input.painPoints ?? []), input.metadata ? JSON.stringify(input.metadata) : "{}", input.enabled === false ? 0 : 1, input.authEmail ?? null, input.authPassword ?? null, input.authLoginPath ?? null, null, input.authStrategy ?? "form-login", input.authHeaders ? JSON.stringify(input.authHeaders) : null, input.authCustomScript ?? null, timestamp, timestamp);
   return getPersona(id);
 }
 function getPersona(id) {
@@ -15953,6 +16224,11 @@ function resolveCredential(value) {
   }
   return value;
 }
+function isCredentialReference(value) {
+  if (!value)
+    return false;
+  return value.startsWith("@secrets:") || value.startsWith("$");
+}
 var init_secrets_resolver = () => {};
 
 // src/lib/persona-auth.ts
@@ -16215,6 +16491,24 @@ function signPayload(body, secret) {
   }
   return `sha256=${Math.abs(hash).toString(16).padStart(16, "0")}`;
 }
+function formatDiscordPayload(payload) {
+  const isPassed = payload.run.status === "passed";
+  const color = isPassed ? 2278750 : 15680580;
+  return {
+    username: "open-testers",
+    embeds: [
+      {
+        title: `Test Run ${payload.run.status.toUpperCase()}`,
+        color,
+        description: `URL: ${payload.run.url}
+` + `Results: ${payload.run.passed}/${payload.run.total} passed` + (payload.run.failed > 0 ? ` (${payload.run.failed} failed)` : "") + (payload.schedule ? `
+Schedule: ${payload.schedule.name}` : ""),
+        timestamp: payload.timestamp,
+        footer: { text: "open-testers" }
+      }
+    ]
+  };
+}
 function formatSlackPayload(payload) {
   const status = payload.run.status === "passed" ? ":white_check_mark:" : ":x:";
   const color = payload.run.status === "passed" ? "#22c55e" : "#ef4444";
@@ -16257,7 +16551,8 @@ async function dispatchWebhooks(event, run, schedule) {
     if (!webhook.events.includes(event) && !webhook.events.includes("*"))
       continue;
     const isSlack = webhook.url.includes("hooks.slack.com");
-    const body = isSlack ? JSON.stringify(formatSlackPayload(payload)) : JSON.stringify(payload);
+    const isDiscord = webhook.url.includes("discord.com/api/webhooks") || webhook.url.includes("discordapp.com/api/webhooks");
+    const body = isSlack ? JSON.stringify(formatSlackPayload(payload)) : isDiscord ? JSON.stringify(formatDiscordPayload(payload)) : JSON.stringify(payload);
     const headers = {
       "Content-Type": "application/json"
     };
@@ -16744,6 +17039,8 @@ __export(exports_runner, {
   runBatch: () => runBatch,
   onRunEvent: () => onRunEvent
 });
+import { mkdirSync as mkdirSync8 } from "fs";
+import { join as join13 } from "path";
 import { enableNetworkLogging } from "@hasna/browser";
 function onRunEvent(handler) {
   eventHandler = handler;
@@ -16829,13 +17126,35 @@ async function runSingleScenario(scenario, runId, options) {
   emit({ type: "scenario:start", scenarioId: scenario.id, scenarioName: scenario.name, resultId: result.id, runId });
   let browser = null;
   let page = null;
+  let context = null;
+  let harPath = null;
   let stopNetworkLogging = null;
   const networkErrors = [];
   try {
     browser = await launchBrowser({ headless: !(effectiveOptions.headed ?? false), engine: effectiveOptions.engine });
-    page = await getPage(browser, {
-      viewport: config.browser.viewport
-    });
+    const useHar = effectiveOptions.engine !== "lightpanda" && effectiveOptions.engine !== "bun";
+    if (useHar) {
+      const testersDir = process.env["HASNA_TESTERS_DIR"] || join13(process.env["HOME"] || "", ".hasna", "testers");
+      const harDir = join13(testersDir, "hars");
+      mkdirSync8(harDir, { recursive: true });
+      harPath = join13(harDir, `${result.id}.har`);
+      const contextOptions = {
+        viewport: config.browser.viewport,
+        recordHar: { path: harPath, mode: "full" }
+      };
+      if (effectiveOptions.recordVideo) {
+        const videoDir = join13(testersDir, "videos");
+        mkdirSync8(videoDir, { recursive: true });
+        contextOptions.recordVideo = { dir: videoDir, size: config.browser.viewport };
+      }
+      context = await browser.newContext(contextOptions);
+      page = await context.newPage();
+    } else {
+      page = await getPage(browser, {
+        viewport: config.browser.viewport,
+        engine: effectiveOptions.engine
+      });
+    }
     const targetUrl = scenario.targetPath ? `${options.url.replace(/\/$/, "")}${scenario.targetPath}` : options.url;
     const scenarioTimeout = scenario.timeoutMs ?? options.timeout ?? config.browser.timeout ?? 60000;
     registerSession({
@@ -16855,7 +17174,11 @@ async function runSingleScenario(scenario, runId, options) {
       }
     });
     const consoleErrors = [];
+    const consoleLogs = [];
+    let currentStep = 0;
     page.on("console", (msg) => {
+      const logEntry = { step: currentStep > 0 ? currentStep : null, type: msg.type(), text: msg.text(), timestamp: Date.now() };
+      consoleLogs.push(logEntry);
       if (msg.type() === "error")
         consoleErrors.push(msg.text());
     });
@@ -16887,6 +17210,7 @@ async function runSingleScenario(scenario, runId, options) {
     }
     await page.goto(targetUrl, { timeout: Math.min(scenarioTimeout, 30000) });
     const stepStartTimes = new Map;
+    const stepResultIds = new Map;
     const agentResult = await withTimeout(runAgentLoop({
       client,
       page,
@@ -16909,13 +17233,32 @@ async function runSingleScenario(scenario, runId, options) {
       onStep: (stepEvent) => {
         let stepDurationMs;
         if (stepEvent.type === "tool_call") {
+          currentStep = stepEvent.stepNumber;
           stepStartTimes.set(stepEvent.stepNumber, Date.now());
+          const stepResult = createStepResult({
+            resultId: result.id,
+            stepNumber: stepEvent.stepNumber,
+            action: stepEvent.toolName ?? `step-${stepEvent.stepNumber}`,
+            toolName: stepEvent.toolName,
+            toolInput: stepEvent.toolInput,
+            thinking: stepEvent.thinking
+          });
+          stepResultIds.set(stepEvent.stepNumber, stepResult.id);
         } else if (stepEvent.type === "tool_result") {
           const startTime = stepStartTimes.get(stepEvent.stepNumber);
           if (startTime !== undefined) {
             stepDurationMs = Date.now() - startTime;
             stepStartTimes.delete(stepEvent.stepNumber);
           }
+          const stepResultId = stepResultIds.get(stepEvent.stepNumber);
+          if (stepResultId) {
+            const isSuccess = !stepEvent.toolResult?.toLowerCase().includes("error") && !stepEvent.toolResult?.toLowerCase().includes("failed");
+            updateStepResult(stepResultId, {
+              status: isSuccess ? "passed" : "failed",
+              toolResult: stepEvent.toolResult,
+              durationMs: stepDurationMs
+            });
+          }
         }
         emit({
           type: `step:${stepEvent.type}`,
@@ -16964,7 +17307,7 @@ async function runSingleScenario(scenario, runId, options) {
       durationMs: Date.now() - new Date(result.createdAt).getTime(),
       tokensUsed: agentResult.tokensUsed,
       costCents: estimateCost(model, agentResult.tokensUsed),
-      metadata: networkErrors.length > 0 ? networkMeta : undefined
+      metadata: { consoleLogs, ...networkErrors.length > 0 ? networkMeta : {} }
     });
     if (agentResult.status === "failed" || agentResult.status === "error") {
       const failureAnalysis = analyzeFailure(null, agentResult.reasoning ?? null);
@@ -17000,8 +17343,16 @@ async function runSingleScenario(scenario, runId, options) {
     emit({ type: "scenario:error", scenarioId: scenario.id, scenarioName: scenario.name, error: errorMsg, runId });
     return updatedResult;
   } finally {
-    if (browser)
-      await closeBrowser(browser, effectiveOptions.engine);
+    if (harPath) {
+      try {
+        updateResult(result.id, { metadata: { harPath } });
+      } catch {}
+    }
+    if (browser) {
+      try {
+        await closeBrowser(browser, effectiveOptions.engine);
+      } catch {}
+    }
   }
 }
 async function runBatch(scenarios, options) {
@@ -17297,6 +17648,7 @@ var init_runner = __esm(() => {
   init_results();
   init_costs();
   init_screenshots();
+  init_step_results();
   init_scenarios();
   init_personas();
   init_browser();
@@ -24387,8 +24739,10 @@ var init_pii = __esm(() => {
 // src/lib/ci.ts
 var exports_ci = {};
 __export(exports_ci, {
+  resolvePullRequestNumber: () => resolvePullRequestNumber,
   postGitHubComment: () => postGitHubComment,
-  generateGitHubActionsWorkflow: () => generateGitHubActionsWorkflow
+  generateGitHubActionsWorkflow: () => generateGitHubActionsWorkflow,
+  formatPRComment: () => formatPRComment
 });
 function generateGitHubActionsWorkflow() {
   return `name: AI QA Tests
@@ -24397,6 +24751,10 @@ on:
   push:
     branches: [main]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -24411,6 +24769,7 @@ jobs:
           TEST_URL: \${{ vars.TEST_URL || 'http://localhost:3000' }}
           GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
       - run: testers report --latest --output report.html
+        if: always()
       - uses: actions/upload-artifact@v4
         if: always()
         with:
@@ -24421,46 +24780,73 @@ jobs:
 `;
 }
 function formatPRComment(run, results, dashboardUrl) {
-  const icon = run.status === "passed" ? "\u2705" : "\u274C";
+  const icon = run.status === "passed" ? "\u2705" : run.status === "failed" ? "\u274C" : "\u26A0\uFE0F";
   const passRate = run.total > 0 ? Math.round(run.passed / run.total * 100) : 0;
-  const rows = results.slice(0, 20).map((r) => {
-    const s = r.status === "passed" ? "\u2705" : r.status === "failed" ? "\u274C" : "\u26A0\uFE0F";
+  const ordered = [...results].sort((a, b) => {
+    const rank = (s) => s === "failed" ? 0 : s === "error" ? 1 : s === "flaky" ? 2 : s === "skipped" ? 3 : 4;
+    return rank(a.status) - rank(b.status);
+  });
+  const MAX_ROWS = 20;
+  const rows = ordered.slice(0, MAX_ROWS).map((r) => {
+    const rowIcon = r.status === "passed" ? "\u2705" : r.status === "failed" ? "\u274C" : r.status === "error" ? "\u26A0\uFE0F" : r.status === "flaky" ? "\uD83D\uDFE1" : "\u23ED\uFE0F";
     const dur = r.durationMs > 0 ? `${(r.durationMs / 1000).toFixed(1)}s` : "\u2014";
-    const err = r.error ? ` \u2014 ${r.error.slice(0, 80)}` : "";
-    return `| ${s} | ${r.status} | ${dur} |${err}`;
+    const scenario = (() => {
+      try {
+        return getScenario(r.scenarioId);
+      } catch {
+        return null;
+      }
+    })();
+    const name = scenario ? scenario.name : r.scenarioId.slice(0, 8);
+    const safeName = name.replace(/\|/g, "\\|");
+    const errSource = r.error ?? r.reasoning ?? "";
+    const err = errSource ? ` ${errSource.replace(/\s+/g, " ").slice(0, 140).replace(/\|/g, "\\|")}` : "";
+    return `| ${rowIcon} | ${safeName} | ${r.status} | ${dur} |${err} |`;
   }).join(`
 `);
-  const truncated = results.length > 20 ? `
-_...and ${results.length - 20} more_` : "";
+  const truncated = results.length > MAX_ROWS ? `
+_...and ${results.length - MAX_ROWS} more_` : "";
   const dashLink = dashboardUrl ? `
 
 [View full report \u2192](${dashboardUrl}/runs/${run.id})` : "";
+  const totalCostCents = results.reduce((sum, r) => sum + (r.costCents ?? 0), 0);
+  const costStr = totalCostCents > 0 ? ` \xB7 $${(totalCostCents / 100).toFixed(4)}` : "";
+  const headerRow = `| | Scenario | Status | Duration | Details |
+|---|---|---|---|---|`;
+  const body = results.length > 0 ? `${headerRow}
+${rows}${truncated}` : `_No scenarios ran. Use \`testers add\` to create scenarios or run with a URL to auto-generate them._`;
   return `## ${icon} AI QA Tests \u2014 ${run.status.toUpperCase()}
 
-**${run.passed}/${run.total} passed** (${passRate}%) \xB7 URL: \`${run.url}\`
+**${run.passed}/${run.total} passed** (${passRate}%) \xB7 URL: \`${run.url}\`${costStr}
 
-| | Status | Duration |
-|---|---|---|
-${rows}
-${truncated}${dashLink}
+${body}${dashLink}
 
 _Generated by [@hasna/testers](https://www.npmjs.com/package/@hasna/testers)_`;
 }
+function resolvePullRequestNumber(explicit) {
+  if (explicit && Number.isFinite(explicit))
+    return explicit;
+  const fromEnv = process.env["GITHUB_PR_NUMBER"];
+  if (fromEnv) {
+    const parsed = parseInt(fromEnv, 10);
+    if (Number.isFinite(parsed))
+      return parsed;
+  }
+  const ref = process.env["GITHUB_REF"] ?? "";
+  const match = ref.match(/refs\/pull\/(\d+)\//);
+  if (match && match[1]) {
+    const parsed = parseInt(match[1], 10);
+    if (Number.isFinite(parsed))
+      return parsed;
+  }
+  return null;
+}
 async function postGitHubComment(run, results, options) {
   const token = process.env["GITHUB_TOKEN"];
   if (!token)
     return false;
-  let prNumber = options?.prNumber;
-  if (!prNumber && process.env["GITHUB_PR_NUMBER"]) {
-    prNumber = parseInt(process.env["GITHUB_PR_NUMBER"], 10);
-  }
-  if (!prNumber) {
-    const ref = process.env["GITHUB_REF"] ?? "";
-    const match = ref.match(/refs\/pull\/(\d+)\//);
-    if (match)
-      prNumber = parseInt(match[1], 10);
-  }
-  if (!prNumber)
+  const prNumber = resolvePullRequestNumber(options?.prNumber);
+  if (prNumber === null)
     return false;
   const repo = process.env["GITHUB_REPOSITORY"];
   if (!repo)
@@ -24483,6 +24869,235 @@ async function postGitHubComment(run, results, options) {
     return false;
   }
 }
+var init_ci = __esm(() => {
+  init_scenarios();
+});
+
+// src/lib/crawl-and-generate.ts
+var exports_crawl_and_generate = {};
+__export(exports_crawl_and_generate, {
+  crawlAndGenerate: () => crawlAndGenerate
+});
+function shouldSkip(href, rootOrigin, skipPaths) {
+  try {
+    const u = new URL(href);
+    if (u.origin !== rootOrigin)
+      return true;
+    const path = u.pathname;
+    const allSkip = [...DEFAULT_SKIP_PATTERNS, ...skipPaths];
+    return allSkip.some((p) => path.startsWith(p) || path.includes(p));
+  } catch {
+    return true;
+  }
+}
+function normaliseUrl(href) {
+  try {
+    const u = new URL(href);
+    return `${u.origin}${u.pathname}`;
+  } catch {
+    return href;
+  }
+}
+async function getPageContext(browser, pageUrl, timeoutMs) {
+  const page = await getPage(browser, {});
+  try {
+    await page.goto(pageUrl, { timeout: timeoutMs, waitUntil: "domcontentloaded" });
+    await page.waitForTimeout(800).catch(() => {});
+    const [title, html, links, screenshot] = await Promise.all([
+      page.title().catch(() => ""),
+      page.evaluate(() => {
+        const body = document.body;
+        if (!body)
+          return "";
+        const clone = body.cloneNode(true);
+        clone.querySelectorAll("script,style,svg,noscript,iframe").forEach((el) => el.remove());
+        return clone.innerText?.slice(0, 3000) ?? clone.textContent?.slice(0, 3000) ?? "";
+      }).catch(() => ""),
+      page.evaluate((origin) => Array.from(document.querySelectorAll("a[href]")).map((a) => a.href).filter((h) => {
+        try {
+          return new URL(h).origin === origin;
+        } catch {
+          return false;
+        }
+      }), new URL(pageUrl).origin).catch(() => []),
+      page.screenshot({ fullPage: false }).catch(() => null)
+    ]);
+    return { title, path: new URL(pageUrl).pathname, html, screenshot, links };
+  } finally {
+    await page.close().catch(() => {});
+  }
+}
+async function generateScenariosForPage(client, model, pageContext, baseUrl, count) {
+  const Anthropic4 = (await import("@anthropic-ai/sdk")).default;
+  const anthropicClient = client;
+  const pageDesc = [
+    `URL: ${baseUrl.replace(/\/$/, "")}${pageContext.path}`,
+    `Title: ${pageContext.title || pageContext.path}`,
+    pageContext.html ? `
+Page content (text):
+${pageContext.html.slice(0, 2000)}` : ""
+  ].filter(Boolean).join(`
+`);
+  const prompt = `You are a QA engineer. Analyze this web page and write ${count} practical test scenarios.
+
+${pageDesc}
+
+Return ONLY a JSON array (no markdown, no explanation). Each scenario:
+{
+  "name": "short action-oriented name (e.g. 'User can log in with valid credentials')",
+  "description": "what this test verifies",
+  "steps": ["step 1", "step 2", "step 3"],
+  "tags": ["tag1"],
+  "priority": "low|medium|high|critical"
+}
+
+Rules:
+- Focus on user flows, not implementation details
+- Steps should be plain English instructions the browser agent can follow
+- Vary priorities: 1 critical/high per page for the main flow, rest medium/low
+- Keep steps concise (max 8 per scenario)
+- Tags should reflect the page area (e.g. "auth", "dashboard", "settings", "checkout")`;
+  const contentParts = [
+    ...pageContext.screenshot ? [{
+      type: "image",
+      source: {
+        type: "base64",
+        media_type: "image/png",
+        data: pageContext.screenshot.toString("base64")
+      }
+    }] : [],
+    { type: "text", text: prompt }
+  ];
+  const messages = [{ role: "user", content: contentParts }];
+  try {
+    const response = await anthropicClient.messages.create({
+      model,
+      max_tokens: 2048,
+      messages
+    });
+    const text = response.content.filter((b) => b.type === "text").map((b) => b.text).join("");
+    const match = text.match(/\[[\s\S]*\]/);
+    if (!match)
+      return [];
+    const parsed = JSON.parse(match[0]);
+    return parsed.map((s) => ({
+      name: s.name ?? "Untitled scenario",
+      description: s.description ?? "",
+      steps: s.steps ?? [],
+      tags: s.tags ?? [],
+      priority: s.priority ?? "medium"
+    }));
+  } catch {
+    return [];
+  }
+}
+async function crawlAndGenerate(options) {
+  const {
+    url,
+    projectId,
+    maxPages = 20,
+    scenariosPerPage = 3,
+    headed = false,
+    skipPaths = [],
+    tags: extraTags = []
+  } = options;
+  const config = loadConfig();
+  const model = resolveModel(options.model ?? config.defaultModel ?? "thorough");
+  const client = createClient(options.apiKey ?? config.anthropicApiKey);
+  const rootOrigin = new URL(url).origin;
+  const visited = new Set;
+  const queue = [url];
+  const pageContexts = [];
+  const skipped = [];
+  const browser = await launchBrowser({ headless: !headed });
+  try {
+    while (queue.length > 0 && visited.size < maxPages) {
+      const pageUrl = queue.shift();
+      const norm = normaliseUrl(pageUrl);
+      if (visited.has(norm))
+        continue;
+      if (shouldSkip(pageUrl, rootOrigin, skipPaths)) {
+        skipped.push(pageUrl);
+        continue;
+      }
+      visited.add(norm);
+      try {
+        const ctx = await getPageContext(browser, pageUrl, 15000);
+        pageContexts.push(ctx);
+        for (const link of ctx.links) {
+          const normLink = normaliseUrl(link);
+          if (!visited.has(normLink) && !shouldSkip(link, rootOrigin, skipPaths)) {
+            queue.push(link);
+          }
+        }
+      } catch {
+        skipped.push(pageUrl);
+      }
+    }
+  } finally {
+    await closeBrowser(browser).catch(() => {});
+  }
+  const pages = [];
+  let totalCreated = 0;
+  for (const ctx of pageContexts) {
+    const generated = await generateScenariosForPage(client, model, ctx, url, scenariosPerPage);
+    const createdScenarios = [];
+    for (const s of generated) {
+      try {
+        const priority = ["low", "medium", "high", "critical"].includes(s.priority) ? s.priority : "medium";
+        const scenario = createScenario({
+          name: s.name,
+          description: s.description,
+          steps: s.steps,
+          tags: [...s.tags ?? [], ...extraTags, "generated"],
+          priority,
+          targetPath: ctx.path,
+          projectId
+        });
+        createdScenarios.push({ id: scenario.id, shortId: scenario.shortId, name: scenario.name });
+        totalCreated++;
+      } catch {}
+    }
+    if (createdScenarios.length > 0) {
+      pages.push({
+        path: ctx.path,
+        title: ctx.title,
+        scenariosCreated: createdScenarios.length,
+        scenarios: createdScenarios
+      });
+    }
+  }
+  return {
+    projectId: projectId ?? null,
+    url,
+    pagesDiscovered: pageContexts.length,
+    pagesGenerated: pages.length,
+    totalScenariosCreated: totalCreated,
+    pages,
+    skipped
+  };
+}
+var DEFAULT_SKIP_PATTERNS;
+var init_crawl_and_generate = __esm(() => {
+  init_browser();
+  init_scenarios();
+  init_ai_client();
+  init_config2();
+  init_ai_client();
+  DEFAULT_SKIP_PATTERNS = [
+    "/logout",
+    "/sign-out",
+    "/signout",
+    "/static/",
+    "/assets/",
+    "/_next/",
+    "/__/",
+    "/favicon",
+    "/robots.txt",
+    "/sitemap",
+    "#"
+  ];
+});
 
 // src/lib/affected.ts
 var exports_affected = {};
@@ -25044,10 +25659,14 @@ var init_generator = __esm(() => {
 // src/lib/recorder.ts
 var exports_recorder = {};
 __export(exports_recorder, {
+  replayAuthState: () => replayAuthState,
   recordSession: () => recordSession,
+  recordAuthFlow: () => recordAuthFlow,
   recordAndSave: () => recordAndSave,
+  authStateToScenarioMetadata: () => authStateToScenarioMetadata,
   actionsToScenarioInput: () => actionsToScenarioInput
 });
+import { chromium as chromium2 } from "playwright";
 import { startRecording, stopRecording } from "@hasna/browser";
 import { launchPlaywright as launchPlaywright2 } from "@hasna/browser";
 async function recordSession(url, options) {
@@ -25212,6 +25831,99 @@ async function recordAndSave(url, name, projectId) {
   const scenario = createScenario(input);
   return { recording, scenario };
 }
+async function recordAuthFlow(loginUrl, options) {
+  const browser = await chromium2.launch({ headless: false });
+  const context = await browser.newContext({ viewport: { width: 1280, height: 720 } });
+  const page = await context.newPage();
+  const emailSelector = options.emailSelector ?? 'input[name="email"], input[type="email"], #email';
+  const passwordSelector = options.passwordSelector ?? 'input[name="password"], input[type="password"], #password';
+  const submitSelector = options.submitSelector ?? 'button[type="submit"], input[type="submit"]';
+  try {
+    await page.goto(loginUrl, { waitUntil: "domcontentloaded", timeout: options.timeoutMs ?? 30000 });
+    await page.fill(emailSelector, options.email);
+    await page.fill(passwordSelector, options.password);
+    await page.click(submitSelector);
+    if (options.waitForUrl) {
+      await page.waitForURL(options.waitForUrl, { timeout: options.timeoutMs ?? 30000 });
+    } else {
+      await page.waitForLoadState("networkidle", { timeout: options.timeoutMs ?? 30000 });
+    }
+    const cookies = await context.cookies();
+    const formattedCookies = cookies.map((c) => ({
+      name: c.name,
+      value: c.value,
+      domain: c.domain || "",
+      path: c.path || "/"
+    }));
+    const frames = page.frames();
+    const localStorageEntries = [];
+    for (const frame of frames) {
+      try {
+        const origin = frame.url();
+        if (origin && origin !== "about:blank") {
+          const entries = await frame.evaluate(() => {
+            const items = [];
+            for (let i = 0;i < localStorage.length; i++) {
+              const key = localStorage.key(i);
+              if (key)
+                items.push({ name: key, value: localStorage.getItem(key) || "" });
+            }
+            return items;
+          });
+          if (entries.length > 0) {
+            localStorageEntries.push({ origin, entries });
+          }
+        }
+      } catch {}
+    }
+    return {
+      cookies: formattedCookies,
+      localStorage: localStorageEntries,
+      loginUrl,
+      recordedAt: new Date().toISOString()
+    };
+  } finally {
+    await browser.close();
+  }
+}
+async function replayAuthState(context, authState) {
+  for (const cookie of authState.cookies) {
+    try {
+      await context.addCookies([{
+        name: cookie.name,
+        value: cookie.value,
+        domain: cookie.domain,
+        path: cookie.path,
+        expires: -1
+      }]);
+    } catch {}
+  }
+  const page = await context.newPage();
+  const origin = new URL(authState.loginUrl).origin;
+  await page.goto(`${origin}/about:blank`, { waitUntil: "domcontentloaded" }).catch(() => {});
+  for (const entry of authState.localStorage) {
+    try {
+      await page.evaluate((items) => {
+        for (const item of items) {
+          localStorage.setItem(item.name, item.value);
+        }
+      }, entry.entries);
+    } catch {}
+  }
+  await page.close();
+}
+function authStateToScenarioMetadata(authState, name, projectId) {
+  return createScenario({
+    name,
+    description: `Authenticated test scenario from recorded auth state at ${authState.loginUrl}`,
+    steps: [`Navigate to authenticated session`],
+    tags: ["auth", "recorded"],
+    requiresAuth: true,
+    authConfig: { loginPath: new URL(authState.loginUrl).pathname },
+    metadata: { authState: JSON.parse(JSON.stringify(authState)) },
+    projectId
+  });
+}
 var init_recorder = __esm(() => {
   init_scenarios();
 });
@@ -25683,7 +26395,7 @@ async function scanBrokenLinks(options) {
   try {
     while (queue.length > 0 && visited.size < maxPages) {
       const { pageUrl, sourceUrl } = queue.shift();
-      const normalised = normaliseUrl(pageUrl);
+      const normalised = normaliseUrl2(pageUrl);
       if (visited.has(normalised))
         continue;
       visited.add(normalised);
@@ -25748,7 +26460,7 @@ async function scanBrokenLinks(options) {
     issues
   };
 }
-function normaliseUrl(rawUrl) {
+function normaliseUrl2(rawUrl) {
   try {
     const u = new URL(rawUrl);
     return `${u.origin}${u.pathname}`;
@@ -26175,6 +26887,16 @@ async function runHealthScan(options) {
     });
     results.push(piiResult);
   }
+  if (scanners.includes("a11y")) {
+    const a11yResult = await scanA11y({
+      url,
+      pages,
+      wcagLevel: options.wcagLevel ?? "AA",
+      headed,
+      timeoutMs
+    });
+    results.push(a11yResult);
+  }
   const allIssues = results.flatMap((r) => r.issues);
   let newCount = 0;
   let regressedCount = 0;
@@ -27028,7 +27750,8 @@ async function runHybridScenario(scenario, options) {
           createdAt: new Date().toISOString(),
           updatedAt: new Date().toISOString(),
           lastPassedAt: null,
-          lastPassedUrl: null
+          lastPassedUrl: null,
+          parameters: null
         };
         try {
           const agentResult = await runAgentLoop({
@@ -27119,7 +27842,7 @@ import chalk6 from "chalk";
 // package.json
 var package_default = {
   name: "@hasna/testers",
-  version: "0.0.28",
+  version: "0.0.30",
   description: "AI-powered QA testing CLI \u2014 spawns cheap AI agents to test web apps with headless browsers",
   type: "module",
   main: "dist/index.js",
@@ -27184,7 +27907,7 @@ var package_default = {
   },
   repository: {
     type: "git",
-    url: "https://github.com/hasna/open-testers.git"
+    url: "https://github.com/hasna/testers.git"
   },
   license: "Apache-2.0",
   keywords: [
@@ -27214,13 +27937,13 @@ import { render, Box, Text, useInput, useApp } from "ink";
 import React, { useState } from "react";
 import { readFileSync as readFileSync8, readdirSync as readdirSync3, writeFileSync as writeFileSync4 } from "fs";
 import { createInterface } from "readline";
-import { join as join15, resolve } from "path";
+import { join as join16, resolve } from "path";
 
 // src/lib/init.ts
 init_paths();
 init_scenarios();
-import { existsSync as existsSync11, readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync8 } from "fs";
-import { join as join13, basename } from "path";
+import { existsSync as existsSync11, readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync9 } from "fs";
+import { join as join14, basename } from "path";
 
 // src/db/projects.ts
 init_types();
@@ -27258,7 +27981,7 @@ function ensureProject(name, path) {
 
 // src/lib/init.ts
 function detectFramework(dir) {
-  const pkgPath = join13(dir, "package.json");
+  const pkgPath = join14(dir, "package.json");
   if (!existsSync11(pkgPath))
     return null;
   let pkg;
@@ -27486,9 +28209,9 @@ function initProject(options) {
     }
   }).filter((s) => s !== null);
   const configDir = getTestersDir();
-  const configPath = join13(configDir, "config.json");
+  const configPath = join14(configDir, "config.json");
   if (!existsSync11(configDir)) {
-    mkdirSync8(configDir, { recursive: true });
+    mkdirSync9(configDir, { recursive: true });
   }
   let config = {};
   if (existsSync11(configPath)) {
@@ -27880,8 +28603,8 @@ init_results();
 init_runs();
 init_scenarios();
 init_database();
-import { readFileSync as readFileSync4, existsSync as existsSync12, mkdirSync as mkdirSync9 } from "fs";
-import { join as join14, dirname as dirname3 } from "path";
+import { readFileSync as readFileSync4, existsSync as existsSync12, mkdirSync as mkdirSync10 } from "fs";
+import { join as join15, dirname as dirname3 } from "path";
 import chalk4 from "chalk";
 var DEFAULT_THRESHOLD = 0.1;
 function setBaseline(runId) {
@@ -27936,8 +28659,8 @@ async function compareImages(image1Path, image2Path, options) {
     let diffImagePath;
     if (options?.saveDiff) {
       const dir = options.diffDir ?? dirname3(image2Path);
-      mkdirSync9(dir, { recursive: true });
-      diffImagePath = join14(dir, `diff-${Date.now()}.png`);
+      mkdirSync10(dir, { recursive: true });
+      diffImagePath = join15(dir, `diff-${Date.now()}.png`);
       await sharp.default(diffBuffer, { raw: { width: w, height: h, channels } }).png().toFile(diffImagePath);
     }
     return { diffPercent, diffPixels: changedPixels, totalPixels, diffImagePath };
@@ -28249,6 +28972,383 @@ function generateLatestReport() {
 
 // src/cli/index.tsx
 init_costs();
+
+// src/lib/prod-debug.ts
+init_secrets_resolver();
+var UUID_RE = /\b[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}\b/i;
+var SENSITIVE_PARAM_RE = /token|secret|key|password|code|state|cookie|session|grant|credential|auth|jwt|access/i;
+var SENSITIVE_TEXT_RE = /\b(Bearer\s+[A-Za-z0-9._-]{12,}|sk-[A-Za-z0-9]{12,}|pk_[A-Za-z0-9]{12,}|eyJ[A-Za-z0-9._-]{12,})\b/g;
+var URL_TEXT_RE = /https?:\/\/[^\s"'<>]+/g;
+function safeUrl(raw) {
+  try {
+    const url = new URL(raw);
+    if (url.protocol !== "http:" && url.protocol !== "https:")
+      return null;
+    return url;
+  } catch {
+    return null;
+  }
+}
+function normalizeOrigin(raw) {
+  const url = safeUrl(raw);
+  if (url)
+    return url.origin;
+  const hostUrl = safeUrl(`https://${raw}`);
+  return hostUrl?.origin ?? null;
+}
+function redactProdDebugText(value) {
+  return value.replace(URL_TEXT_RE, (match) => {
+    const url = safeUrl(match);
+    return url ? redactUrl(url) : match;
+  }).replace(SENSITIVE_TEXT_RE, (match) => {
+    if (match.startsWith("Bearer "))
+      return "Bearer [redacted]";
+    return "[redacted]";
+  });
+}
+function redactUrl(url) {
+  const clone = new URL(url.toString());
+  for (const key of Array.from(clone.searchParams.keys())) {
+    if (SENSITIVE_PARAM_RE.test(key)) {
+      clone.searchParams.set(key, "[redacted]");
+    }
+  }
+  return clone.toString();
+}
+function redactUrlString(value) {
+  const url = safeUrl(value);
+  return url ? redactUrl(url) : redactProdDebugText(value);
+}
+function parseProdDebugTarget(target) {
+  const input = target.trim();
+  const url = safeUrl(input);
+  if (!url) {
+    const id = (input.match(UUID_RE)?.[0] ?? input) || null;
+    return {
+      url: null,
+      origin: null,
+      orgSlug: null,
+      projectRef: null,
+      sessionId: null,
+      agentId: null,
+      requestId: input.startsWith("req_") ? input : null,
+      rawId: id
+    };
+  }
+  const parts = url.pathname.split("/").filter(Boolean);
+  const projectsIndex = parts.indexOf("projects");
+  const sessionsIndex = parts.indexOf("sessions");
+  const orgSlug = projectsIndex > 0 ? parts[0] ?? null : null;
+  const projectRef = projectsIndex >= 0 ? parts[projectsIndex + 1] ?? null : null;
+  const sessionId = url.searchParams.get("session") ?? (sessionsIndex >= 0 ? parts[sessionsIndex + 1] ?? null : null);
+  return {
+    url: redactUrl(url),
+    origin: url.origin,
+    orgSlug,
+    projectRef,
+    sessionId,
+    agentId: url.searchParams.get("agent"),
+    requestId: url.searchParams.get("requestId") ?? url.searchParams.get("request_id"),
+    rawId: input.match(UUID_RE)?.[0] ?? null
+  };
+}
+function boundedTtl(value) {
+  if (!Number.isFinite(value))
+    return 15;
+  return Math.min(Math.max(Math.round(value ?? 15), 1), 60);
+}
+function makeCommand(command) {
+  return command.replace(/\s+/g, " ").trim();
+}
+function hostnameFromOrigin(origin) {
+  if (!origin)
+    return null;
+  return safeUrl(origin)?.hostname ?? null;
+}
+function originMatches(pattern, origin) {
+  if (!origin)
+    return false;
+  const normalizedPattern = normalizeOrigin(pattern);
+  const normalizedOrigin = normalizeOrigin(origin);
+  if (!normalizedOrigin)
+    return false;
+  if (normalizedPattern === normalizedOrigin)
+    return true;
+  const targetHost = hostnameFromOrigin(normalizedOrigin);
+  const patternHost = normalizedPattern ? hostnameFromOrigin(normalizedPattern) : pattern.replace(/^https?:\/\//, "");
+  if (!targetHost || !patternHost)
+    return false;
+  if (patternHost.startsWith("*.")) {
+    const suffix = patternHost.slice(1);
+    return targetHost.endsWith(suffix);
+  }
+  return targetHost === patternHost;
+}
+function resolveProfile(input, target, config) {
+  const apps = config?.apps ?? {};
+  const explicitKey = input.profile?.trim() || input.app?.trim() || config?.defaultProfile;
+  if (explicitKey && apps[explicitKey]) {
+    return {
+      key: explicitKey,
+      profile: apps[explicitKey],
+      matchedOrigin: target.origin
+    };
+  }
+  for (const [key, profile] of Object.entries(apps)) {
+    const match = profile.origins?.find((origin) => originMatches(origin, target.origin));
+    if (match) {
+      return { key, profile, matchedOrigin: match };
+    }
+  }
+  return { key: null, profile: null, matchedOrigin: null };
+}
+function firstResolvedCredential(...values) {
+  for (const value of values) {
+    if (!value?.trim())
+      continue;
+    const resolved = resolveCredential(value);
+    if (resolved)
+      return resolved;
+  }
+  return null;
+}
+function displayCredential(value, source) {
+  if (!value)
+    return null;
+  if (source && isCredentialReference(source))
+    return "[configured]";
+  return redactProdDebugText(value);
+}
+function replacementValues(target, input, supportGrant) {
+  const values = {
+    targetUrl: target.url ?? input.target,
+    origin: target.origin ?? "",
+    org: target.orgSlug ?? "",
+    project: target.projectRef ?? "",
+    session: target.sessionId ?? "",
+    agent: target.agentId ?? "",
+    request: target.requestId ?? "",
+    rawId: target.rawId ?? "",
+    reason: input.reason ?? "",
+    supportGrant: supportGrant ?? ""
+  };
+  for (const [key, value] of Object.entries({ ...values })) {
+    values[`${key}Encoded`] = encodeURIComponent(value);
+  }
+  return values;
+}
+function renderTemplate(template, values) {
+  return template.replace(/\{([a-zA-Z0-9_]+)\}/g, (_match, key) => values[key] ?? "");
+}
+function resolveSupportGrant(input, profile) {
+  if (input.supportGrantId?.trim()) {
+    return {
+      value: input.supportGrantId.trim(),
+      display: displayCredential(input.supportGrantId.trim()),
+      source: "input"
+    };
+  }
+  const source = profile?.supportGrantRef ?? profile?.supportGrantId ?? null;
+  const value = firstResolvedCredential(profile?.supportGrantRef, profile?.supportGrantId);
+  return { value, display: displayCredential(value, source ?? undefined), source };
+}
+function resolveSupportUrl(input, target, profile, supportGrant) {
+  if (input.supportUrl?.trim())
+    return input.supportUrl.trim();
+  const direct = firstResolvedCredential(profile?.supportUrlRef, profile?.supportUrl);
+  if (direct)
+    return direct;
+  if (profile?.supportUrlTemplate) {
+    const rendered = renderTemplate(profile.supportUrlTemplate, replacementValues(target, input, supportGrant)).trim();
+    return rendered || null;
+  }
+  return null;
+}
+function resolvePiiOrigin(profile, target) {
+  if (!profile?.piiOrigin)
+    return target.origin;
+  return redactUrlString(renderTemplate(profile.piiOrigin, replacementValues(target, { target: target.url ?? "" }, null)));
+}
+function resolveSupportRunTarget(supportUrl, input, target) {
+  if (supportUrl)
+    return redactUrlString(supportUrl);
+  return target.url ?? target.origin ?? redactProdDebugText(input.target);
+}
+function supportScenarioDescription(reason) {
+  return `Prod debug: ${reason}. Reproduce the user-visible issue, capture console and network errors, and do not enter secrets.`;
+}
+function configuredMissing(profile, supportUrl, supportGrant, includeLogs) {
+  const missing = [];
+  if (!profile) {
+    missing.push("optional: add prodDebug.apps.<profile>.origins to match this app automatically");
+  }
+  if (!supportUrl) {
+    missing.push("supportUrl/supportUrlRef/supportUrlTemplate for scoped browser debugging");
+  }
+  if (!supportGrant) {
+    missing.push("supportGrantId/supportGrantRef for auditable support access");
+  }
+  if (includeLogs && !profile?.logCommand) {
+    missing.push("logCommand for sanitized app/provider log lookup");
+  }
+  return missing;
+}
+function createProdDebugPlan(input, config) {
+  const target = parseProdDebugTarget(input.target);
+  const browserRequested = input.includeBrowser !== false;
+  const resolvedProfile = resolveProfile(input, target, config);
+  const supportGrant = resolveSupportGrant(input, resolvedProfile.profile);
+  const supportUrl = resolveSupportUrl(input, target, resolvedProfile.profile, supportGrant.value);
+  const supportBrowserReady = Boolean(supportUrl);
+  const app = input.app?.trim() || resolvedProfile.profile?.name || resolvedProfile.key || (target.origin ? new URL(target.origin).hostname : "app");
+  const reason = input.reason?.trim() || "production debug requested";
+  const actor = input.actor?.trim() || process.env["USER"] || "agent";
+  const ttlMinutes = boundedTtl(input.ttlMinutes);
+  const piiOrigin = resolvePiiOrigin(resolvedProfile.profile, target);
+  const logCommand = resolvedProfile.profile?.logCommand ? redactUrlString(renderTemplate(resolvedProfile.profile.logCommand, replacementValues(target, { ...input, reason }, supportGrant.value))) : null;
+  const safety = [
+    "read-only by default",
+    "no customer passwords or raw cookies",
+    "redact tokens, OAuth codes, session values, support grants, and secrets",
+    "verify org/user/session scope before reading data",
+    "require explicit approval for production writes",
+    `support access TTL capped at ${ttlMinutes} minutes`
+  ];
+  const checks = [];
+  const blocked = [];
+  if (target.url) {
+    checks.push({
+      id: "public-route-smoke",
+      status: "ready",
+      description: "Open the supplied production URL and capture console/network errors without credentials.",
+      command: makeCommand(`testers scan all ${JSON.stringify(target.url)} --json`)
+    });
+  }
+  checks.push({
+    id: "pii-redaction-scan",
+    status: piiOrigin ? "ready" : "blocked",
+    description: "Scan public/API responses for accidental sensitive data leakage.",
+    command: piiOrigin ? makeCommand(`testers scan pii ${JSON.stringify(piiOrigin)} --json`) : undefined,
+    reason: piiOrigin ? undefined : "Need a URL origin or prodDebug app profile piiOrigin to run the PII scan."
+  });
+  if (browserRequested) {
+    if (supportBrowserReady) {
+      checks.push({
+        id: "support-browser-repro",
+        status: "ready",
+        description: "Use an audited support browser/session URL to reproduce the user-visible issue.",
+        command: makeCommand(`testers run ${JSON.stringify(resolveSupportRunTarget(supportUrl, input, target))} ${JSON.stringify(supportScenarioDescription(reason))} --headed --json --overall-timeout 600000`)
+      });
+    } else {
+      const reasonText = supportGrant.value ? "An audited support grant was supplied, but open-testers still needs supportUrl/supportUrlRef/supportUrlTemplate or an app adapter to open a scoped browser session." : "No audited support browser/session grant was supplied. Do not use customer passwords, copied cookies, bearer tokens, or magic links.";
+      blocked.push(reasonText);
+      checks.push({
+        id: "support-browser-repro",
+        status: "blocked",
+        description: "Browser reproduction as the target user requires a short-lived audited support session.",
+        reason: reasonText
+      });
+    }
+  }
+  if (input.includeLogs) {
+    if (logCommand) {
+      checks.push({
+        id: "log-timeline",
+        status: "ready",
+        description: "Read sanitized app/provider logs by request ID, session ID, project ID, or support access ID.",
+        command: makeCommand(logCommand)
+      });
+    } else {
+      checks.push({
+        id: "log-timeline",
+        status: "blocked",
+        description: "Read sanitized app/provider logs by request ID, session ID, project ID, or support access ID.",
+        reason: "Configure prodDebug.apps.<profile>.logCommand or use an app-specific log MCP. Do not paste raw provider logs with headers/secrets."
+      });
+    }
+  }
+  if (input.allowWrites) {
+    blocked.push("Production writes are not part of prod-debug. Require a separate explicit approval and app-specific write tool.");
+  }
+  return {
+    target,
+    app,
+    actor,
+    reason,
+    ttlMinutes,
+    setup: {
+      profile: resolvedProfile.key,
+      matchedOrigin: resolvedProfile.matchedOrigin,
+      configured: {
+        supportUrl: Boolean(supportUrl),
+        supportGrant: Boolean(supportGrant.value),
+        piiOrigin: Boolean(piiOrigin),
+        logCommand: Boolean(logCommand)
+      },
+      missing: configuredMissing(resolvedProfile.profile, supportUrl, supportGrant.value, Boolean(input.includeLogs))
+    },
+    supportAccess: {
+      required: browserRequested,
+      grantId: supportGrant.display,
+      browserReady: supportBrowserReady,
+      note: supportBrowserReady ? "Use the provided audited support access; never print token/cookie values." : "Configure an audited support-browser/session URL, URL ref, or template before user-scoped browser debugging."
+    },
+    safety,
+    checks,
+    blocked
+  };
+}
+function formatProdDebugPlan(plan) {
+  const lines = [];
+  lines.push(`Prod debug plan for ${plan.app}`);
+  lines.push("");
+  lines.push("Target");
+  lines.push(`- url: ${plan.target.url ?? "(none)"}`);
+  lines.push(`- org: ${plan.target.orgSlug ?? "(unknown)"}`);
+  lines.push(`- project: ${plan.target.projectRef ?? "(unknown)"}`);
+  lines.push(`- session: ${plan.target.sessionId ?? "(unknown)"}`);
+  lines.push(`- agent: ${plan.target.agentId ?? "(unknown)"}`);
+  lines.push(`- request: ${plan.target.requestId ?? "(unknown)"}`);
+  lines.push("");
+  lines.push("Setup");
+  lines.push(`- profile: ${plan.setup.profile ?? "(none)"}`);
+  lines.push(`- matched origin: ${plan.setup.matchedOrigin ?? "(none)"}`);
+  if (plan.setup.missing.length > 0) {
+    for (const item of plan.setup.missing)
+      lines.push(`- missing: ${item}`);
+  }
+  lines.push("");
+  lines.push("Support access");
+  lines.push(`- actor: ${plan.actor}`);
+  lines.push(`- reason: ${plan.reason}`);
+  lines.push(`- ttl: ${plan.ttlMinutes} minutes`);
+  lines.push(`- grant: ${plan.supportAccess.grantId ?? "(none)"}`);
+  lines.push(`- browser ready: ${plan.supportAccess.browserReady ? "yes" : "no"}`);
+  lines.push(`- note: ${plan.supportAccess.note}`);
+  lines.push("");
+  lines.push("Checks");
+  for (const check of plan.checks) {
+    lines.push(`- ${check.id}: ${check.status} - ${check.description}`);
+    if (check.command)
+      lines.push(`  command: ${check.command}`);
+    if (check.reason)
+      lines.push(`  blocked: ${check.reason}`);
+  }
+  if (plan.blocked.length > 0) {
+    lines.push("");
+    lines.push("Blocked");
+    for (const item of plan.blocked)
+      lines.push(`- ${item}`);
+  }
+  lines.push("");
+  lines.push("Safety");
+  for (const item of plan.safety)
+    lines.push(`- ${item}`);
+  return lines.join(`
+`);
+}
+
+// src/cli/index.tsx
 init_personas();
 init_api_checks();
 
@@ -28535,6 +29635,18 @@ var SCENARIO_TEMPLATES = {
   a11y: [
     { name: "Keyboard navigation", description: "Navigate the page using only keyboard (Tab, Enter, Escape). Verify all interactive elements are reachable and focusable.", tags: ["a11y", "keyboard"], priority: "high", steps: ["Press Tab to move through elements", "Verify focus indicators are visible", "Press Enter on buttons/links", "Verify actions trigger correctly", "Press Escape to close modals/dropdowns"] },
     { name: "Image alt text", description: "Check that all images have meaningful alt text attributes.", tags: ["a11y"], priority: "medium", steps: ["Find all images on the page", "Check each image has an alt attribute", "Verify alt text is descriptive, not empty or generic"] }
+  ],
+  checkout: [
+    { name: "Add item to cart", description: "Navigate to a product page, add an item to cart, and verify cart count increments.", tags: ["checkout", "cart"], priority: "critical", steps: ["Navigate to product detail page", "Click add to cart button", "Verify cart count badge updates", "Verify success notification appears"] },
+    { name: "Cart page shows added items", description: "Navigate to the cart page and verify previously added items are listed with correct prices and quantities.", tags: ["checkout", "cart"], priority: "high", steps: ["Navigate to cart page", "Verify all added items are listed", "Verify prices and quantities are correct", "Verify subtotal is calculated"] },
+    { name: "Checkout flow completion", description: "Complete the full checkout flow: cart -> shipping -> payment -> confirmation. Verify order is placed successfully.", tags: ["checkout", "smoke"], priority: "critical", steps: ["Navigate to cart", "Click proceed to checkout", "Fill shipping address", "Select shipping method", "Fill payment details", "Review order summary", "Place order", "Verify order confirmation page"] },
+    { name: "Apply coupon/discount code", description: "Enter a valid coupon code on the cart or checkout page and verify discount is applied to the total.", tags: ["checkout", "discount"], priority: "high", steps: ["Navigate to cart or checkout", "Enter coupon code", "Click apply", "Verify discount amount is shown", "Verify total is updated"] }
+  ],
+  search: [
+    { name: "Search returns relevant results", description: "Enter a known search term and verify relevant results appear. Check that results match the query intent.", tags: ["search"], priority: "high", steps: ["Navigate to search page or focus search bar", "Enter known search term", "Submit search", "Verify results appear", "Verify result titles contain search term"] },
+    { name: "Empty search handling", description: "Submit an empty search and verify the system handles it gracefully (show all results or a prompt, no errors).", tags: ["search", "validation"], priority: "medium", steps: ["Focus search bar", "Submit empty search", "Verify no crash or error state", "Verify fallback behavior (all results or prompt)"] },
+    { name: "No results handling", description: "Search for a term that returns no results and verify appropriate 'no results found' messaging is displayed.", tags: ["search"], priority: "medium", steps: ["Navigate to search", "Enter nonsense term like 'xyzqwrtp'", "Submit search", "Verify no results found message", "Verify no error states"] },
+    { name: "Search filters work", description: "Perform a search, apply a filter (category, date, price range), and verify results are narrowed down.", tags: ["search", "filter"], priority: "high", steps: ["Perform initial search", "Note initial result count", "Apply a filter", "Verify result count decreased", "Verify results match filter criteria"] }
   ]
 };
 function getTemplate(name) {
@@ -28653,6 +29765,10 @@ function getDefaultEnvironment() {
   const row = db2.query("SELECT * FROM environments WHERE is_default = 1 LIMIT 1").get();
   return row ? fromRow3(row) : null;
 }
+
+// src/cli/index.tsx
+init_ci();
+
 // src/lib/assertions.ts
 function parseAssertionString(str) {
   const trimmed = str.trim();
@@ -28709,12 +29825,44 @@ function parseAssertionString(str) {
     }
     throw new Error(`Unknown selector action: "${action}". Expected "visible" or "not-visible"`);
   }
+  if (trimmed.startsWith("cookie:exists:")) {
+    const name = trimmed.slice("cookie:exists:".length);
+    return { type: "cookie_exists", expected: name, description: `Cookie "${name}" exists` };
+  }
+  if (trimmed.startsWith("cookie:not-exists:")) {
+    const name = trimmed.slice("cookie:not-exists:".length);
+    return { type: "cookie_not_exists", expected: name, description: `Cookie "${name}" does not exist` };
+  }
+  if (trimmed.startsWith("cookie:value:")) {
+    const valueStr = trimmed.slice("cookie:value:".length);
+    return { type: "cookie_value", expected: valueStr, description: `Cookie value is "${valueStr}"` };
+  }
+  if (trimmed.startsWith("local:exists:")) {
+    const key = trimmed.slice("local:exists:".length);
+    return { type: "local_storage_exists", expected: key, description: `LocalStorage key "${key}" exists` };
+  }
+  if (trimmed.startsWith("local:not-exists:")) {
+    const key = trimmed.slice("local:not-exists:".length);
+    return { type: "local_storage_not_exists", expected: key, description: `LocalStorage key "${key}" does not exist` };
+  }
+  if (trimmed.startsWith("local:value:")) {
+    const valueStr = trimmed.slice("local:value:".length);
+    return { type: "local_storage_value", expected: valueStr, description: `LocalStorage value is "${valueStr}"` };
+  }
+  if (trimmed.startsWith("session:value:")) {
+    const valueStr = trimmed.slice("session:value:".length);
+    return { type: "session_storage_value", expected: valueStr, description: `SessionStorage value is "${valueStr}"` };
+  }
+  if (trimmed.startsWith("session:not-exists:")) {
+    const key = trimmed.slice("session:not-exists:".length);
+    return { type: "session_storage_not_exists", expected: key, description: `SessionStorage key "${key}" does not exist` };
+  }
   throw new Error(`Cannot parse assertion: "${str}". See --help for assertion formats.`);
 }
 
 // src/cli/index.tsx
 init_paths();
-import { existsSync as existsSync14, mkdirSync as mkdirSync10 } from "fs";
+import { existsSync as existsSync14, mkdirSync as mkdirSync11 } from "fs";
 import { jsxDEV } from "react/jsx-dev-runtime";
 var PRIORITIES = ["low", "medium", "high", "critical"];
 function AddForm({ onComplete }) {
@@ -28973,8 +30121,31 @@ function logError(...args) {
   console.error(...args);
 }
 program2.name("testers").version(package_default.version).description("AI-powered browser testing CLI").option("-q, --quiet", "Suppress all output", false).option("--no-color", "Disable color output");
+program2.command("prod-debug <target>").description("Create a safe production debug plan for a URL/session/request without leaking secrets").option("--app <name>", "App name for reporting").option("--profile <name>", "prodDebug app profile from testers config").option("--actor <name>", "Operator/agent identity for support audit context").option("--reason <text>", "Debug reason or support context").option("--support-url <url>", "Audited support browser/session URL minted by the target app").option("--support-grant <id>", "Audited support access grant ID").option("--ttl <minutes>", "Support access TTL in minutes, capped at 60", "15").option("--no-browser", "Do not include user-scoped browser reproduction").option("--logs", "Include log timeline adapter requirement", false).option("--allow-writes", "Document that a separate explicit approval is required for writes", false).option("--json", "Output JSON", false).option("-o, --output <filepath>", "Write plan to file").action((target, opts) => {
+  const config = loadConfig();
+  const plan = createProdDebugPlan({
+    target,
+    app: opts.app,
+    profile: opts.profile,
+    actor: opts.actor,
+    reason: opts.reason,
+    supportUrl: opts.supportUrl,
+    supportGrantId: opts.supportGrant,
+    ttlMinutes: parseInt(opts.ttl, 10),
+    includeBrowser: opts.browser,
+    includeLogs: opts.logs,
+    allowWrites: opts.allowWrites
+  }, config.prodDebug);
+  const output = opts.json ? JSON.stringify(plan, null, 2) : formatProdDebugPlan(plan);
+  if (opts.output) {
+    writeFileSync4(resolve(opts.output), output + `
+`);
+  } else {
+    log(output);
+  }
+});
 var CONFIG_DIR5 = getTestersDir();
-var CONFIG_PATH3 = join15(CONFIG_DIR5, "config.json");
+var CONFIG_PATH3 = join16(CONFIG_DIR5, "config.json");
 function getActiveProject() {
   try {
     if (existsSync14(CONFIG_PATH3)) {
@@ -29242,7 +30413,7 @@ program2.command("remove <id>").alias("uninstall").description("Remove a scenari
 program2.command("run [url] [description]").alias("test").description("Run test scenarios against a URL").option("-t, --tag <tag>", "Filter by tag (repeatable)", (val, acc) => {
   acc.push(val);
   return acc;
-}, []).option("-s, --scenario <id>", "Run specific scenario ID").option("-p, --priority <level>", "Filter by priority").option("--headed", "Run browser in headed mode", false).option("-m, --model <model>", "AI model to use").option("--parallel <n>", "Number of parallel browsers", "1").option("--json", "Output results as JSON", false).option("-o, --output <filepath>", "Write JSON results to file").option("--timeout <ms>", "Timeout in milliseconds").option("--from-todos", "Import scenarios from todos before running", false).option("--project <id>", "Project ID").option("-b, --background", "Start run in background and return immediately", false).option("--browser <engine>", "Browser engine: playwright (default), lightpanda (9x faster, no screenshots), or bun (native WKWebView, 11x faster, Bun canary required)", "playwright").option("--env <name>", "Use a named environment for the URL").option("--dry-run", "Print what would run without launching browser", false).option("--retry <n>", "Retry failed scenarios up to n times", "0").option("--samples <n>", "Run each scenario N times and report flakiness (pass rate)", "1").option("--flakiness-threshold <n>", "Pass rate threshold below which a scenario is marked flaky (0-1)", "0.95").option("--a11y [level]", "Run axe-core WCAG accessibility scan after each navigation (level: A, AA, AAA \u2014 default AA)").option("--self-heal", "Enable AI-powered selector repair when elements can't be found (requires judgeModel or ANTHROPIC_API_KEY)", false).option("--verbose", "Show per-step timing and full tool results", false).option("--watch-results", "When used with --background, poll and display live results table until run completes", false).option("--failed-only", "Only show failed/error scenarios in output (passed count shown as summary)", false).option("--smoke", "Run only smoke-tagged scenarios (fast validation suite, <2 min)", false).option("--minimal", "Fastest possible run: cheapest model, max parallelism, min turns (ideal for CI)", false).option("--github-comment", "Post pass/fail summary as a GitHub PR comment (requires GITHUB_TOKEN env var)", false).option("--pr <number>", "GitHub PR number (auto-detected from GITHUB_REF if not provided)").option("--persona <id>", "Override persona for this run (comma-separated IDs for divergence testing)").option("--max-cost <dollars>", "Hard budget cap in dollars \u2014 abort if estimated cost exceeds this (e.g. 0.50 for 50 cents)").option("--cache-max-age <seconds>", "Skip scenarios that passed at the same URL within this many seconds (0 = disabled)", "0").option("--diff", "Auto-detect changed files from git diff and run only relevant scenarios", false).action(async (urlArg, description, opts) => {
+}, []).option("-s, --scenario <id>", "Run specific scenario ID").option("-p, --priority <level>", "Filter by priority").option("--headed", "Run browser in headed mode", false).option("-m, --model <model>", "AI model to use").option("--parallel <n>", "Number of parallel browsers", "1").option("--json", "Output results as JSON", false).option("-o, --output <filepath>", "Write JSON results to file").option("--timeout <ms>", "Timeout in milliseconds").option("--from-todos", "Import scenarios from todos before running", false).option("--project <id>", "Project ID").option("-b, --background", "Start run in background and return immediately", false).option("--browser <engine>", "Browser engine: playwright (default), lightpanda (9x faster, no screenshots), or bun (native WKWebView, 11x faster, Bun canary required)", "playwright").option("--env <name>", "Use a named environment for the URL").option("--dry-run", "Print what would run without launching browser", false).option("--retry <n>", "Retry failed scenarios up to n times", "0").option("--samples <n>", "Run each scenario N times and report flakiness (pass rate)", "1").option("--flakiness-threshold <n>", "Pass rate threshold below which a scenario is marked flaky (0-1)", "0.95").option("--a11y [level]", "Run axe-core WCAG accessibility scan after each navigation (level: A, AA, AAA \u2014 default AA)").option("--self-heal", "Enable AI-powered selector repair when elements can't be found (requires judgeModel or ANTHROPIC_API_KEY)", false).option("--verbose", "Show per-step timing and full tool results", false).option("--watch-results", "When used with --background, poll and display live results table until run completes", false).option("--failed-only", "Only show failed/error scenarios in output (passed count shown as summary)", false).option("--smoke", "Run only smoke-tagged scenarios (fast validation suite, <2 min)", false).option("--minimal", "Fastest possible run: cheapest model, max parallelism, min turns (ideal for CI)", false).option("--github-comment", "Post pass/fail summary as a GitHub PR comment (requires GITHUB_TOKEN env var)", false).option("--pr <number>", "GitHub PR number (auto-detected from GITHUB_REF if not provided)").option("--persona <id>", "Override persona for this run (comma-separated IDs for divergence testing)").option("--max-cost <dollars>", "Hard budget cap in dollars \u2014 abort if estimated cost exceeds this (e.g. 0.50 for 50 cents)").option("--cache-max-age <seconds>", "Skip scenarios that passed at the same URL within this many seconds (0 = disabled)", "0").option("--diff", "Auto-detect changed files from git diff and run only relevant scenarios", false).option("--auto-generate", "If no scenarios exist, crawl the URL and generate scenarios automatically (enabled by default when a URL is given as the first arg)").option("--no-auto-generate", "Disable automatic scenario generation when no scenarios exist").option("--overall-timeout <ms>", "Hard overall timeout for the whole run in milliseconds (default 10 minutes)").option("-y, --yes", "Skip confirmation prompts (e.g. proceed past budget warnings)", false).action(async (urlArg, description, opts) => {
   try {
     const projectId = resolveProject(opts.project);
     let url = urlArg;
@@ -29263,7 +30434,51 @@ program2.command("run [url] [description]").alias("test").description("Run test
     }
     if (!url) {
       logError(chalk6.red("No URL provided. Pass a URL argument, use --env <name>, or set a default environment with 'testers env use <name>'."));
-      process.exit(1);
+      process.exit(2);
+    }
+    if (!opts.dryRun) {
+      const hasAnthropic = Boolean(process.env["ANTHROPIC_API_KEY"]);
+      const hasOpenAI = Boolean(process.env["OPENAI_API_KEY"]);
+      const hasGoogle = Boolean(process.env["GOOGLE_API_KEY"]);
+      const hasCerebras = Boolean(process.env["CEREBRAS_API_KEY"]);
+      if (!hasAnthropic && !hasOpenAI && !hasGoogle && !hasCerebras) {
+        logError(chalk6.red("No AI API key found. Set ANTHROPIC_API_KEY (recommended), or OPENAI_API_KEY / GOOGLE_API_KEY / CEREBRAS_API_KEY."));
+        logError(chalk6.red("For GitHub Actions, add ANTHROPIC_API_KEY to your repo secrets and pass it via: env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}"));
+        process.exit(2);
+      }
+    }
+    if (!opts.dryRun && !opts.background) {
+      const reachable = await (async () => {
+        try {
+          const ctrl = new AbortController;
+          const t = setTimeout(() => ctrl.abort(), 1e4);
+          let res;
+          try {
+            res = await fetch(url, { method: "HEAD", signal: ctrl.signal, redirect: "follow" });
+          } catch {
+            res = await fetch(url, { method: "GET", signal: ctrl.signal, redirect: "follow" });
+          }
+          clearTimeout(t);
+          if (res.status >= 500)
+            return { ok: false, reason: `HTTP ${res.status}` };
+          return { ok: true };
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          return { ok: false, reason: msg };
+        }
+      })();
+      if (!reachable.ok) {
+        logError(chalk6.red(`URL unreachable: ${url}${reachable.reason ? ` (${reachable.reason})` : ""}`));
+        logError(chalk6.red("Check that your preview deployment is up and the URL is correct."));
+        process.exit(2);
+      }
+    }
+    const overallTimeoutMs = opts.overallTimeout ? parseInt(opts.overallTimeout, 10) : 10 * 60 * 1000;
+    if (!opts.dryRun && !opts.background && overallTimeoutMs > 0) {
+      setTimeout(() => {
+        logError(chalk6.red(`Overall timeout reached (${Math.round(overallTimeoutMs / 1000)}s). Aborting.`));
+        process.exit(2);
+      }, overallTimeoutMs).unref();
     }
     if (!opts.dryRun && !opts.background) {
       const budgetResult = checkBudget(0);
@@ -29485,13 +30700,15 @@ program2.command("run [url] [description]").alias("test").description("Run test
         log(formatTerminal(run2, results2, { failedOnly: opts.failedOnly }));
       }
       if (opts.githubComment) {
-        const { postGitHubComment: postGitHubComment2 } = await Promise.resolve().then(() => exports_ci);
+        const { postGitHubComment: postGitHubComment2 } = await Promise.resolve().then(() => (init_ci(), exports_ci));
         const prNumber = opts.pr ? parseInt(opts.pr, 10) : undefined;
         const posted = await postGitHubComment2(run2, results2, { prNumber });
         if (posted) {
           log(chalk6.green("  GitHub PR comment posted."));
         } else if (!process.env["GITHUB_TOKEN"]) {
           log(chalk6.yellow("  --github-comment: GITHUB_TOKEN not set, skipping PR comment."));
+        } else {
+          log(chalk6.yellow("  --github-comment: could not post PR comment (check GITHUB_PR_NUMBER / GITHUB_REF / GITHUB_REPOSITORY env)."));
         }
       }
       process.exit(getExitCode(run2));
@@ -29502,6 +30719,33 @@ program2.command("run [url] [description]").alias("test").description("Run test
       log(chalk6.bold(`  Running all ${allScenarios.length} scenarios...`));
       log("");
     }
+    const shouldAutoGenerate = urlArg !== undefined && opts.autoGenerate !== false && noFilters;
+    if (shouldAutoGenerate) {
+      const existingScenarios = listScenarios({ projectId });
+      if (existingScenarios.length === 0) {
+        log(chalk6.blue("  No scenarios found \u2014 crawling URL to auto-generate scenarios..."));
+        log(chalk6.dim(`  (disable with --no-auto-generate)`));
+        try {
+          const { crawlAndGenerate: crawlAndGenerate2 } = await Promise.resolve().then(() => (init_crawl_and_generate(), exports_crawl_and_generate));
+          const crawlResult = await crawlAndGenerate2({
+            url,
+            projectId,
+            maxPages: 5,
+            scenariosPerPage: 2,
+            model: opts.model,
+            apiKey: process.env["ANTHROPIC_API_KEY"],
+            headed: opts.headed,
+            tags: ["auto-generated"]
+          });
+          log(chalk6.green(`  Generated ${crawlResult.totalScenariosCreated} scenarios from ${crawlResult.pagesGenerated} page(s).`));
+          log("");
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          log(chalk6.yellow(`  Auto-generate failed: ${msg}`));
+          log(chalk6.yellow(`  Continuing with 0 scenarios \u2014 the run will exit cleanly (0 passed, 0 failed).`));
+        }
+      }
+    }
     let diffScenarioIds;
     if (opts.diff) {
       try {
@@ -29564,6 +30808,18 @@ program2.command("run [url] [description]").alias("test").description("Run test
     } else {
       log(formatTerminal(run, results, { failedOnly: opts.failedOnly }));
     }
+    if (opts.githubComment) {
+      const { postGitHubComment: postGitHubComment2 } = await Promise.resolve().then(() => (init_ci(), exports_ci));
+      const prNumber = opts.pr ? parseInt(opts.pr, 10) : undefined;
+      const posted = await postGitHubComment2(run, results, { prNumber });
+      if (posted) {
+        log(chalk6.green("  GitHub PR comment posted."));
+      } else if (!process.env["GITHUB_TOKEN"]) {
+        log(chalk6.yellow("  --github-comment: GITHUB_TOKEN not set, skipping PR comment."));
+      } else {
+        log(chalk6.yellow("  --github-comment: could not post PR comment (check GITHUB_PR_NUMBER / GITHUB_REF / GITHUB_REPOSITORY env)."));
+      }
+    }
     process.exit(getExitCode(run));
   } catch (error) {
     logError(chalk6.red(`Error: ${error instanceof Error ? error.message : String(error)}`));
@@ -29741,7 +30997,7 @@ program2.command("import <dir>").description("Import markdown test files as scen
     }
     let imported = 0;
     for (const file of files) {
-      const content = readFileSync8(join15(absDir, file), "utf-8");
+      const content = readFileSync8(join16(absDir, file), "utf-8");
       const lines = content.split(`
 `);
       let name = file.replace(/\.md$/, "");
@@ -29802,7 +31058,7 @@ program2.command("export [format]").description("Export scenarios as JSON (defau
     }
     const outputDir = opts.output ?? ".";
     if (!existsSync14(outputDir)) {
-      mkdirSync10(outputDir, { recursive: true });
+      mkdirSync11(outputDir, { recursive: true });
     }
     for (const s of scenarios) {
       const lines = [];
@@ -29829,7 +31085,7 @@ program2.command("export [format]").description("Export scenarios as JSON (defau
         lines.push("");
       }
       const safeFilename = s.name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").slice(0, 80);
-      const filePath = join15(outputDir, `${s.shortId}-${safeFilename}.md`);
+      const filePath = join16(outputDir, `${s.shortId}-${safeFilename}.md`);
       writeFileSync4(filePath, lines.join(`
 `), "utf-8");
       log(chalk6.dim(`  ${s.shortId}: ${s.name} \u2192 ${filePath}`));
@@ -29854,7 +31110,7 @@ program2.command("status").description("Show database and auth status").action((
   try {
     const config = loadConfig();
     const hasApiKey = !!config.anthropicApiKey || !!process.env["ANTHROPIC_API_KEY"];
-    const dbPath = join15(getTestersDir(), "testers.db");
+    const dbPath = join16(getTestersDir(), "testers.db");
     log("");
     log(chalk6.bold("  Open Testers Status"));
     log("");
@@ -29974,7 +31230,7 @@ projectCmd.command("use <name>").description("Set active project (find or create
   try {
     const project = ensureProject(name, process.cwd());
     if (!existsSync14(CONFIG_DIR5)) {
-      mkdirSync10(CONFIG_DIR5, { recursive: true });
+      mkdirSync11(CONFIG_DIR5, { recursive: true });
     }
     let config = {};
     if (existsSync14(CONFIG_PATH3)) {
@@ -30207,6 +31463,25 @@ Shutting down scheduler daemon...`));
     process.exit(1);
   }
 });
+program2.command("ci [provider]").description("Print or write a CI workflow (default provider: github)").option("-o, --output <path>", "Write the workflow to a file (e.g. .github/workflows/qa.yml)").action(async (providerArg, opts) => {
+  const provider = (providerArg ?? "github").toLowerCase();
+  if (provider !== "github") {
+    logError(chalk6.red(`Unknown CI provider: ${provider}. Supported: github`));
+    process.exit(2);
+  }
+  const workflow = generateGitHubActionsWorkflow();
+  if (opts.output) {
+    const outPath = resolve(opts.output);
+    const outDir = outPath.replace(/\/[^/]*$/, "");
+    if (outDir && !existsSync14(outDir)) {
+      mkdirSync11(outDir, { recursive: true });
+    }
+    writeFileSync4(outPath, workflow, "utf-8");
+    log(chalk6.green(`Workflow written to ${outPath}`));
+    return;
+  }
+  process.stdout.write(workflow);
+});
 program2.command("init").description("Initialize a new testing project").option("-n, --name <name>", "Project name").option("-u, --url <url>", "Base URL").option("-p, --path <path>", "Project path").option("--ci <provider>", "Generate CI workflow (github)").option("-y, --yes", "Skip interactive prompts (non-interactive mode)", false).action(async (opts) => {
   try {
     const { project, scenarios, framework, url } = initProject({
@@ -30232,11 +31507,11 @@ program2.command("init").description("Initialize a new testing project").option(
       log(`    ${chalk6.dim(s.shortId)} ${s.name} ${chalk6.dim(`[${s.tags.join(", ")}]`)}`);
     }
     if (opts.ci === "github") {
-      const workflowDir = join15(process.cwd(), ".github", "workflows");
+      const workflowDir = join16(process.cwd(), ".github", "workflows");
       if (!existsSync14(workflowDir)) {
-        mkdirSync10(workflowDir, { recursive: true });
+        mkdirSync11(workflowDir, { recursive: true });
       }
-      const workflowPath = join15(workflowDir, "testers.yml");
+      const workflowPath = join16(workflowDir, "testers.yml");
       writeFileSync4(workflowPath, generateGitHubActionsWorkflow(), "utf-8");
       log(`  CI:         ${chalk6.green("GitHub Actions workflow written to .github/workflows/testers.yml")}`);
     } else if (opts.ci) {
@@ -31255,7 +32530,7 @@ program2.command("doctor").description("Check system setup and configuration").a
     log(chalk6.red("\u2717") + " ANTHROPIC_API_KEY is not set (required for AI-powered tests)");
     allPassed = false;
   }
-  const dbPath = join15(getTestersDir(), "testers.db");
+  const dbPath = join16(getTestersDir(), "testers.db");
   try {
     const { Database: Database4 } = await import("bun:sqlite");
     const db2 = new Database4(dbPath, { create: true });
@@ -31266,8 +32541,8 @@ program2.command("doctor").description("Check system setup and configuration").a
     allPassed = false;
   }
   try {
-    const { chromium: chromium2 } = await import("playwright");
-    const execPath = chromium2.executablePath();
+    const { chromium: chromium3 } = await import("playwright");
+    const execPath = chromium3.executablePath();
     const { existsSync: fsExists } = await import("fs");
     if (fsExists(execPath)) {
       log(chalk6.green("\u2713") + " Playwright chromium is installed");
@@ -31307,7 +32582,7 @@ program2.command("serve").description("Start the Open Testers web dashboard").op
   try {
     const port = parseInt(opts.port, 10);
     const url = `http://localhost:${port}`;
-    const serverBin = join15(resolve(process.execPath, ".."), "..", "dist", "server", "index.js");
+    const serverBin = join16(resolve(process.execPath, ".."), "..", "dist", "server", "index.js");
     const { join: pathJoin, resolve: pathResolve, dirname: dirname4 } = await import("path");
     const { fileURLToPath } = await import("url");
     const serverPath = pathJoin(dirname4(fileURLToPath(import.meta.url)), "..", "server", "index.js");