@jaimevalasek/aioson 1.17.2 → 1.18.0

package/template/.aioson/agents/tester.md

@@ -12,7 +12,7 @@ Do not implement features. Do not review the product. Test what exists.
 
 - `@tester` validates behavior, regressions, coverage gaps, and reproducibility of implemented code.
 - `@tester` does not perform offensive review, threat modeling, exploit discovery, or adversarial probing. Those belong to `@pentester`.
-- If `.aioson/context/security-findings-{slug}.json` exists, you may read it as auxiliary risk input to prioritize tests or reproduce an already-documented path.
+- If `.aioson/context/security-findings-{slug}.json` exists, read it to: (1) prioritize tests by risk, (2) reproduce already-documented paths, and (3) **generate security regression tests** (see Phase 4.6) that prevent fixed vulnerabilities from recurring.
 - Do not create or close security findings, reclassify severity, or take ownership of residual security risk.
 - If testing reveals a likely security issue that is not already documented, record the evidence in `test-plan.md` or `test-inventory.md` and route it to `@pentester` or `@qa`.
 
@@ -339,6 +339,119 @@ Before declaring Phase 4 done, run this checklist against every test file writte
 
 For deep refactor guidance, load `.aioson/docs/tester/coverage-quality.md` § 4.
 
+## Phase 4.6 — Security regression tests (from @pentester findings)
+
+**Trigger:** `.aioson/context/security-findings-{slug}.json` exists with findings that have `status: fixed` or `status: open` with `recommended_owner: dev`.
+
+**Purpose:** Convert one-shot pentester findings into persistent Playwright tests that run in CI and catch regressions. The pentester discovers; the tester prevents recurrence.
+
+**Do NOT perform adversarial probing or threat modeling.** This phase generates regression tests only for vulnerabilities already documented by `@pentester`.
+
+### Step 1 — Read findings
+
+1. Load `security-findings-{slug}.json`.
+2. Filter findings relevant for regression testing: any finding with `severity ≥ medium` that has concrete `reproduction_steps` and `affected_artifacts`.
+3. Group by surface type — each group becomes a test describe block.
+
+### Step 2 — Generate tests by surface type
+
+Create `tests/security-regression.test.{ext}` (or `tests/security-regression-{slug}.test.{ext}` for feature-scoped). Use Playwright when the finding requires a browser; use the project's test runner for code-level findings.
+
+**Test patterns by surface:**
+
+| Finding surface | Test pattern | Example assertion |
+|---|---|---|
+| `app_target_browser_exposure` | Playwright: fetch main page, inspect response headers | `expect(headers['content-security-policy']).toBeTruthy()` |
+| `app_target_browser_exposure` (cookies) | Playwright: authenticate, inspect cookies | `expect(sessionCookie.httpOnly).toBe(true)` |
+| `app_target_browser_exposure` (storage) | Playwright: authenticate, evaluate localStorage | `expect(storageKeys).not.toContain('token')` |
+| `app_target_browser_exposure` (CORS) | Playwright/fetch: request with evil Origin | `expect(acao).not.toBe('*')` |
+| `app_target_browser_exposure` (source maps) | Playwright: try fetching `*.js.map` | `expect(mapResponse.status()).not.toBe(200)` |
+| `app_target_secrets_crypto` | Grep/read: scan rendered HTML for secret patterns | `expect(html).not.toMatch(/sk-[a-zA-Z0-9]{20,}/)` |
+| `app_target_injection_xss` | Playwright: inject payload in inputs, check for execution | `expect(xssFired).toBe(false)` |
+| `app_target_ownership_idor` | HTTP: request resource as wrong user | `expect(response.status).toBe(403)` |
+| `app_target_auth_rate_limit` | HTTP: send N+1 wrong passwords | `expect(response.status).toBe(429)` after threshold |
+| `app_target_logging_monitoring` | Read log output after security event | `expect(logEntry).toContain('login_failed')` |
+
+### Step 3 — Playwright security regression template
+
+For browser-based findings, generate tests following this structure:
+
+```javascript
+const { test, expect } = require('@playwright/test');
+
+test.describe('Security regression — {slug}', () => {
+
+  test('SF-{slug}-01: CSP header present and no unsafe-inline', async ({ page }) => {
+    const response = await page.goto(process.env.TARGET_URL || 'http://localhost:3000');
+    const csp = response.headers()['content-security-policy'] || '';
+    expect(csp).toBeTruthy();
+    expect(csp).not.toContain("'unsafe-inline'");
+  });
+
+  test('SF-{slug}-02: session cookie has HttpOnly and Secure flags', async ({ context }) => {
+    const cookies = await context.cookies();
+    const session = cookies.find(c => /session|token|auth|sid/i.test(c.name));
+    if (session) {
+      expect(session.httpOnly).toBe(true);
+      expect(session.secure).toBe(true);
+      expect(session.sameSite).not.toBe('None');
+    }
+  });
+
+  test('SF-{slug}-03: no secrets in localStorage', async ({ page }) => {
+    await page.goto(process.env.TARGET_URL || 'http://localhost:3000');
+    const storage = await page.evaluate(() => {
+      const data = {};
+      for (let i = 0; i < localStorage.length; i++) {
+        const key = localStorage.key(i);
+        data[key] = localStorage.getItem(key);
+      }
+      return JSON.stringify(data);
+    });
+    expect(storage).not.toMatch(/sk-[a-zA-Z0-9]{20,}/);
+    expect(storage).not.toMatch(/eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}/);
+  });
+
+  test('SF-{slug}-04: source maps not accessible in production', async ({ page }) => {
+    const jsFiles = [];
+    page.on('response', (res) => {
+      if (res.url().endsWith('.js') && res.status() === 200) jsFiles.push(res.url());
+    });
+    await page.goto(process.env.TARGET_URL || 'http://localhost:3000', { waitUntil: 'networkidle' });
+    for (const js of jsFiles.slice(0, 5)) {
+      const mapRes = await page.request.get(js + '.map');
+      expect(mapRes.status()).not.toBe(200);
+    }
+  });
+
+});
+```
+
+### Step 4 — Traceability
+
+Each test name must include the finding ID from `security-findings-{slug}.json` (e.g., `SF-checkout-03`). This creates a traceable link: finding → regression test → CI pass/fail.
+
+In `test-plan.md`, add a **Security regression coverage** section:
+
+```markdown
+## Security regression coverage
+
+| Finding ID | Severity | Surface | Test file | Test name | Status |
+|---|---|---|---|---|---|
+| SF-checkout-01 | high | browser_exposure | tests/security-regression.test.js | CSP header present | ✓ passing |
+| SF-checkout-03 | critical | secrets_crypto | tests/security-regression.test.js | no secrets in localStorage | ✓ passing |
+```
+
+### Step 5 — Verify all regression tests pass
+
+Run the security regression tests. If any fail, it means the fix is incomplete — report in `test-plan.md` as `[fix-incomplete]` and route to `@dev`.
+
+### When to skip this phase
+
+- No `security-findings-{slug}.json` exists — skip silently
+- All findings have `severity: info` or `severity: low` — skip (not worth regression test maintenance)
+- Project has no browser UI and all findings are code-level — skip Playwright tests, use unit/integration tests only
+
 ## Adjacent quality layers — opt-in by trigger
 
 Don't auto-load. Add only when the trigger fires. Full details: `.aioson/docs/tester/coverage-quality.md` § 6.
@@ -517,7 +630,7 @@ Register: `aioson agent:done . --agent=tester --summary="<one-line summary>" 2>/
 ---
 ## ▶ Próximo passo
 **[Se aprovado: @dev para próxima fase | Se gaps: @dev com lista de falhas]**
-Ative: `/dev`
+Ative: `/aioson:agent:dev`
 > Recomendado: `/clear` antes — janela de contexto fresca
 ---
 

package/template/.aioson/docs/briefing/briefing-craft.md

@@ -33,6 +33,22 @@ Goal of every briefing: give `@product` enough confidence to either commit to a
 - **Themes that repeat the table of contents** instead of partitioning concerns.
 - **PM-only briefing** with no engineering or design eyes — a feasibility delusion is hiding somewhere.
 
+### Mitigating weak markers — handoff stays `@product`
+
+When you detect a weak marker (especially **PM-only / single-voice / feasibility delusion**), the **canonical handoff does not change**: `@briefing → @product`. The mitigation is recorded *inside* the briefing, not in the handoff.
+
+- **Acknowledge the marker explicitly** in `## Risks` or `## Open questions` (e.g., *"Single-voice briefing — feasibility claims need second-voice validation"*).
+- **Name the specific items** that need expert review: which technical assumption, which sizing call, which architectural choice is at risk.
+- **Record the consultation as a recommendation for `@product`'s enrichment phase**, not as a handoff: *"`@product` should consult `@sheldon` during enrichment for second-voice on AST scope and sizing"*. The PRD is the input `@sheldon` needs to run.
+
+**Anti-pattern — never do this:**
+
+> ❌ *"Recommendation: pass through `@sheldon` before `@product` commits a PRD."*
+
+`@sheldon` operates **exclusively on PRDs not yet implemented** (see `sheldon.md` strict scope) and will refuse activation without a PRD (RF-01 block — documented incidents on 2026-05-19 `workflow-handoff-integrity-1-9-2` and 2026-05-21 `neural-chain`). Skipping `@product` breaks the chain.
+
+**Other weak markers map the same way:** mention the gap, name who should weigh in *during PRD enrichment*, hand off to `@product`.
+
 ## 2. Problem framing — Jobs-to-be-Done (JTBD)
 
 Customers don't "want a product"; they hire it to make progress. The job is the *progress*, not the surface task.

package/template/.aioson/docs/deyvin/runtime-handoffs.md

@@ -39,4 +39,4 @@ Plain natural-language agent activation in an external client does not create ru
 
 The runtime helpers above cover same-session handoffs (`live:handoff`, `runtime:session:finish`). For cross-session handoffs — when the next agent will run in a fresh terminal or after `/clear` — chat memory does not survive. Before suggesting `/clear`, persist the diagnostic to `plans/{slug}.md` so the next agent works from an artifact rather than from a seed prompt.
 
-Load `.aioson/docs/handoff-persistence.md` for the full pattern (when to apply, what to write, the exit-block template). Apply it whenever the recommended next agent is one that consumes raw plans (`/briefing` foremost, sometimes `/product`) or needs the full diagnostic to operate (`/analyst`, `/architect`, `/sheldon`). Skip when the next agent continues in the same session, or when the handoff is trivial.
+Load `.aioson/docs/handoff-persistence.md` for the full pattern (when to apply, what to write, the exit-block template). Apply it whenever the recommended next agent is one that consumes raw plans (`/aioson:agent:briefing` foremost, sometimes `/aioson:agent:product`) or needs the full diagnostic to operate (`/aioson:agent:analyst`, `/aioson:agent:architect`, `/aioson:agent:sheldon`). Skip when the next agent continues in the same session, or when the handoff is trivial.

package/template/.aioson/docs/handoff-persistence.md

@@ -25,21 +25,21 @@ Before suggesting `/clear` to the user, persist the actionable diagnostic to `pl
 2. /clear is safe — the next agent reads plans/{slug}.md
 ```
 
-`plans/` is the canonical input directory for `/briefing` (and a useful seed for `/product` too). The directory may not exist yet — create it.
+`plans/` is the canonical input directory for `/aioson:agent:briefing` (and a useful seed for `/aioson:agent:product` too). The directory may not exist yet — create it.
 
 ## When to apply
 
 | Situation | Persist? |
 |---|---|
-| Handoff routes to an agent that takes raw plans (`/briefing` first and foremost, sometimes `/product`) | Yes |
-| Handoff routes to an agent that needs a discovery pass (`/analyst`, `/architect`, `/sheldon`) | Yes — they read context from `.aioson/context/` AND from raw plans |
-| Same-session continuation (`/dev` keeps going, `/qa` reviews implementation just done) | No — context is in chat |
+| Handoff routes to an agent that takes raw plans (`/aioson:agent:briefing` first and foremost, sometimes `/aioson:agent:product`) | Yes |
+| Handoff routes to an agent that needs a discovery pass (`/aioson:agent:analyst`, `/aioson:agent:architect`, `/aioson:agent:sheldon`) | Yes — they read context from `.aioson/context/` AND from raw plans |
+| Same-session continuation (`/aioson:agent:dev` keeps going, `/aioson:agent:qa` reviews implementation just done) | No — context is in chat |
 | Handoff happens via tracked live session (`aioson live:handoff`) | No — telemetry already carries the trail |
-| Trivial routing ("you want `/setup` first") with no diagnostic to preserve | No |
+| Trivial routing ("you want `/aioson:agent:setup` first") with no diagnostic to preserve | No |
 
 ## What to write
 
-Structure of `plans/{slug}.md` (lightweight — `/briefing` will enrich it):
+Structure of `plans/{slug}.md` (lightweight — `/aioson:agent:briefing` will enrich it):
 
 ```md
 # {Short title} — raw plan
@@ -89,6 +89,6 @@ Session artifacts written:
 ## Anti-patterns
 
 - **Inlining 2 KB of diagnostic as a "seed prompt" in the routing message.** The user shouldn't have to copy-paste a wall of text. Persist it.
-- **Persisting trivial routings.** A user who asks "what does `/setup` do" doesn't need a `plans/` file written. Apply the table above.
+- **Persisting trivial routings.** A user who asks "what does `/aioson:agent:setup` do" doesn't need a `plans/` file written. Apply the table above.
 - **Persisting code archaeology.** Code lives in code; reading recommendations live in the artifact only when they would otherwise be lost across `/clear`.
 - **Forgetting to mention the file.** If you wrote `plans/{slug}.md` but the handoff message doesn't reference it, the user won't know to read it (or to let the next agent read it).

package/template/.aioson/docs/pentester/browser-dast-playbook.md

@@ -0,0 +1,398 @@
+---
+description: "Pentester browser DAST playbook — Playwright-based dynamic security probes for app_target surface TS-A08 (browser_exposure). Load when review_contract.target_mode = app_target AND the application has a browser-accessible UI."
+---
+
+# Pentester — Browser DAST Playbook
+
+Load this when `review_contract.target_mode = app_target` AND the target application serves a browser-accessible UI (web app, SPA, SSR page).
+
+## Prerequisites
+
+1. Application must be running and accessible at a known URL.
+2. Playwright installed: `npm install -g playwright && npx playwright install chromium`
+3. Verify readiness: `aioson qa:doctor`
+
+## Phase 0 — Baseline DAST (mandatory pre-step)
+
+Before running any manual Playwright probe, execute the AIOSON automated DAST baseline:
+
+```bash
+# Full run with hacker persona (secrets, XSS, IDOR, open redirect, SQL injection, debug routes)
+aioson qa:run --persona=hacker --url=<target-url>
+
+# Autonomous crawl scan (discovers routes, probes each one)
+aioson qa:scan --url=<target-url> --depth=3 --max-pages=50
+```
+
+Read `aios-qa-report.json` and import any `critical` or `high` findings into the pentester findings artifact as `status: needs_validation`. The pentester validates or reclassifies each — `qa:run` automates detection, pentester applies adversarial judgment.
+
+**Do NOT skip Phase 0.** The automated baseline catches low-hanging fruit (exposed secrets, accessible .env files, basic XSS) without burning manual probe time. Phase 1+ targets what automation misses.
+
+## Phase 1 — Security Headers Audit
+
+Navigate to the target URL with Playwright and capture response headers on the main document request.
+
+### Mandatory headers to check
+
+| Header | Expected | Severity if missing/weak |
+|---|---|---|
+| `Content-Security-Policy` | Present, no `unsafe-inline` for scripts, no `unsafe-eval` | `high` if missing entirely, `medium` if has `unsafe-inline`/`unsafe-eval` |
+| `Strict-Transport-Security` | `max-age>=31536000; includeSubDomains` | `medium` (localhost exempt) |
+| `X-Content-Type-Options` | `nosniff` | `medium` |
+| `X-Frame-Options` | `DENY` or `SAMEORIGIN` (check CSP `frame-ancestors` too) | `medium` |
+| `Referrer-Policy` | `strict-origin-when-cross-origin` or stricter | `low` |
+| `Permissions-Policy` | Present, restricts `camera`, `microphone`, `geolocation` at minimum | `low` |
+| `X-XSS-Protection` | `0` (modern recommendation — CSP supersedes; `1; mode=block` causes info leaks in old IE) | `info` |
+
+### Headers that SHOULD NOT be present
+
+| Header | Why | Severity |
+|---|---|---|
+| `Server` with version (e.g. `nginx/1.24.0`) | Reveals infrastructure version — aids targeted exploits | `low` |
+| `X-Powered-By` | Reveals framework (Express, PHP, ASP.NET) | `low` |
+| `X-AspNet-Version` / `X-AspNetMvc-Version` | .NET version disclosure | `low` |
+
+### Playwright probe pattern
+
+```javascript
+const response = await page.goto(targetUrl, { waitUntil: 'domcontentloaded' });
+const headers = response.headers();
+
+// Check presence and value of each security header
+const csp = headers['content-security-policy'] || '';
+const hsts = headers['strict-transport-security'] || '';
+const xcto = headers['x-content-type-options'] || '';
+const xfo = headers['x-frame-options'] || '';
+const rp = headers['referrer-policy'] || '';
+const pp = headers['permissions-policy'] || '';
+
+// Disclosure headers (should NOT be present with version info)
+const server = headers['server'] || '';
+const poweredBy = headers['x-powered-by'] || '';
+```
+
+**ASVS:** V3.4 (CSP), V12.1 (HSTS), V13.1.5 (security headers), V14.3.3 (server disclosure).
+
+## Phase 2 — Cookie Security Audit
+
+After authentication (if credentials are available), inspect all cookies set by the application.
+
+### Required attributes for session/auth cookies
+
+| Attribute | Expected | Severity if missing |
+|---|---|---|
+| `Secure` | `true` (except localhost) | `high` |
+| `HttpOnly` | `true` for session tokens | `high` |
+| `SameSite` | `Lax` or `Strict` | `medium` |
+| `Path` | Narrowest scope needed (prefer `/` only if necessary) | `info` |
+| `__Host-` prefix | Recommended for session cookies — enforces Secure + Path=/ + no Domain | `info` |
+| `__Secure-` prefix | Alternative — enforces Secure flag | `info` |
+| Max-Age / Expires | Session cookies should not persist beyond browser close unless explicitly justified | `low` |
+
+### Playwright probe pattern
+
+```javascript
+const cookies = await context.cookies();
+for (const cookie of cookies) {
+  const isSession = /session|token|auth|sid|jwt/i.test(cookie.name);
+  if (isSession) {
+    // Check Secure flag
+    if (!cookie.secure) { /* HIGH finding */ }
+    // Check HttpOnly flag
+    if (!cookie.httpOnly) { /* HIGH finding */ }
+    // Check SameSite
+    if (cookie.sameSite === 'None' && !cookie.secure) { /* MEDIUM finding */ }
+    if (!cookie.sameSite || cookie.sameSite === 'None') { /* MEDIUM finding — CSRF surface */ }
+  }
+}
+```
+
+**ASVS:** V7.1.1 (cookie attributes), V7.1.2 (HttpOnly), V7.1.3 (SameSite).
+
+## Phase 3 — Client-Side Storage Audit
+
+Check localStorage and sessionStorage for sensitive data that should never be stored client-side.
+
+### Sensitive patterns to flag
+
+| Pattern | Risk | Severity |
+|---|---|---|
+| JWT tokens (eyJ...) | Token theft via XSS gives full account takeover | `high` |
+| API keys (sk-*, pk_*, AKIA*, AIzaSy*) | Direct API abuse | `critical` |
+| Passwords / password hashes | Direct compromise | `critical` |
+| PII (email + name + phone + address combined) | Privacy violation, GDPR exposure | `medium` |
+| Credit card numbers / CVV | PCI-DSS violation | `critical` |
+| Session IDs | Session hijacking via XSS | `high` |
+
+### Playwright probe pattern
+
+```javascript
+const storageData = await page.evaluate(() => {
+  const data = { localStorage: {}, sessionStorage: {} };
+  for (let i = 0; i < localStorage.length; i++) {
+    const key = localStorage.key(i);
+    data.localStorage[key] = localStorage.getItem(key);
+  }
+  for (let i = 0; i < sessionStorage.length; i++) {
+    const key = sessionStorage.key(i);
+    data.sessionStorage[key] = sessionStorage.getItem(key);
+  }
+  return data;
+});
+
+// Check each value against SECRET_PATTERNS and JWT regex
+const jwtRegex = /eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}/;
+```
+
+**ASVS:** V14.1.3 (sensitive data in client storage), V8.2.2 (no sensitive data in browser storage).
+
+## Phase 4 — CORS Misconfiguration
+
+Test the server's CORS policy by sending requests with crafted `Origin` headers.
+
+### Probes
+
+1. **Wildcard origin**: send `Origin: https://evil.com` — if response has `Access-Control-Allow-Origin: *`, flag it.
+2. **Reflected origin**: send `Origin: https://evil.com` — if response reflects `Access-Control-Allow-Origin: https://evil.com`, flag it.
+3. **Null origin**: send `Origin: null` — some misconfigured servers allow this.
+4. **Credentials with wildcard**: `Access-Control-Allow-Credentials: true` with `Access-Control-Allow-Origin: *` is a browser-rejected but server-misconfigured pattern.
+5. **Subdomain regex bypass**: `Origin: https://evil-example.com` or `Origin: https://example.com.evil.com` — catches poor regex matching.
+
+### Playwright probe pattern
+
+```javascript
+// Playwright doesn't set custom Origin on navigation, use page.evaluate with fetch
+const corsResult = await page.evaluate(async (targetUrl) => {
+  try {
+    const res = await fetch(targetUrl, { mode: 'cors', credentials: 'include' });
+    return {
+      acao: res.headers.get('access-control-allow-origin'),
+      acac: res.headers.get('access-control-allow-credentials')
+    };
+  } catch { return { blocked: true }; }
+}, apiEndpoint);
+```
+
+For deeper CORS testing, use `page.route()` to intercept and modify request headers, or use the Playwright `request` API directly.
+
+**ASVS:** V4.3.1, V4.3.2 (CORS policy).
+
+## Phase 5 — Source Map Exposure
+
+Source maps (`.js.map`) in production reveal the full original source code, including comments, variable names, and internal logic.
+
+### Probes
+
+1. Capture all JS file URLs loaded by the page.
+2. For each `*.js` URL, try fetching `*.js.map`.
+3. Check the HTML source for `//# sourceMappingURL=` directives.
+4. Check response headers for `SourceMap:` or `X-SourceMap:` headers.
+
+### Playwright probe pattern
+
+```javascript
+const jsFiles = [];
+page.on('response', (response) => {
+  if (response.url().endsWith('.js') && response.status() === 200) {
+    jsFiles.push(response.url());
+  }
+});
+
+await page.goto(targetUrl, { waitUntil: 'networkidle' });
+
+for (const jsUrl of jsFiles) {
+  const mapUrl = jsUrl + '.map';
+  try {
+    const mapResponse = await page.goto(mapUrl, { waitUntil: 'commit', timeout: 3000 });
+    if (mapResponse && mapResponse.status() === 200) {
+      const body = await mapResponse.text();
+      if (body.includes('"sources"') || body.includes('"mappings"')) {
+        // HIGH finding — source map accessible
+      }
+    }
+  } catch { /* not accessible — good */ }
+}
+```
+
+**Severity:** `high` (reveals full source code including business logic, API routes, internal comments).
+
+**Fix:** Remove source maps from production builds. Configure bundler (webpack/vite/next) to exclude `.map` files from production output, or restrict via web server rules.
+
+## Phase 6 — Clickjacking (Frame Injection)
+
+Test if the target page can be embedded in an iframe on an attacker-controlled domain.
+
+### Probes
+
+1. Check `X-Frame-Options` header (covered in Phase 1).
+2. Check CSP `frame-ancestors` directive (more granular than X-Frame-Options).
+3. If neither is set, attempt to iframe the page:
+
+```javascript
+// Create a test page that iframes the target
+await page.setContent(`
+  <iframe id="target" src="${targetUrl}" width="800" height="600"></iframe>
+`);
+await page.waitForTimeout(2000);
+
+const iframeLoaded = await page.evaluate(() => {
+  const iframe = document.getElementById('target');
+  try {
+    // Cross-origin iframe access will throw — but loading without error means framing is allowed
+    return iframe.contentWindow.location.href !== 'about:blank';
+  } catch { return true; } // cross-origin = loaded but blocked by same-origin policy (still frameable)
+});
+```
+
+**ASVS:** V3.7 (clickjacking), V13.1.5 (frame protection).
+
+## Phase 7 — Subresource Integrity (SRI)
+
+Scripts and stylesheets loaded from CDNs or third-party origins should have `integrity` attributes to prevent supply-chain attacks (CDN compromise, DNS hijacking).
+
+### Probes
+
+```javascript
+const sriIssues = await page.evaluate(() => {
+  const issues = [];
+  const scripts = document.querySelectorAll('script[src]');
+  for (const s of scripts) {
+    const src = s.getAttribute('src') || '';
+    const isExternal = src.startsWith('http') && !src.includes(window.location.hostname);
+    if (isExternal && !s.getAttribute('integrity')) {
+      issues.push({ type: 'script', src: src.substring(0, 120) });
+    }
+  }
+  const links = document.querySelectorAll('link[rel="stylesheet"][href]');
+  for (const l of links) {
+    const href = l.getAttribute('href') || '';
+    const isExternal = href.startsWith('http') && !href.includes(window.location.hostname);
+    if (isExternal && !l.getAttribute('integrity')) {
+      issues.push({ type: 'stylesheet', src: href.substring(0, 120) });
+    }
+  }
+  return issues;
+});
+```
+
+**Severity:** `medium` per external resource without SRI. `high` if the resource is a payment or auth SDK.
+
+**ASVS:** V15.2 (SRI).
+
+## Phase 8 — Error Page Information Disclosure
+
+Trigger error conditions and inspect the response for framework-default error pages that leak internal information.
+
+### Probes
+
+1. **404 page**: navigate to a random non-existent path. Check for stack traces, framework names, file paths.
+2. **500 trigger**: if any form/endpoint is accessible, submit malformed data designed to cause server errors.
+3. **Verbose errors**: check if the response contains path separators (`/`, `\`), line numbers (`at line`), or framework markers (`Django`, `Rails`, `Express`, `Next.js`, `Laravel`, `Spring`).
+
+```javascript
+const errorPage = await page.goto(`${targetUrl}/nonexistent-${Date.now()}`, {
+  waitUntil: 'domcontentloaded', timeout: 5000
+});
+const errorHtml = await page.content();
+
+const leakPatterns = [
+  /at\s+\w+\s+\(.*:\d+:\d+\)/,        // JS stack trace
+  /File ".*", line \d+/,                // Python traceback
+  /vendor\/.*\.php:\d+/,                // PHP stack trace
+  /SQLSTATE\[/,                          // SQL error
+  /Traceback \(most recent/,            // Python traceback header
+  /(Django|Laravel|Rails|Express|Spring|Next\.js) (Debug|Error)/i
+];
+```
+
+**Severity:** `medium` for framework name disclosure, `high` for full stack traces with file paths.
+
+**ASVS:** V13.1.3 (error handling), V16.2 (information disclosure).
+
+## Phase 9 — HTML Meta & Comment Leaks
+
+Inspect the HTML source for metadata and comments that disclose internal information.
+
+### Probes
+
+```javascript
+const metaLeaks = await page.evaluate(() => {
+  const issues = [];
+
+  // Generator meta tags
+  const generator = document.querySelector('meta[name="generator"]');
+  if (generator) issues.push({ type: 'generator', value: generator.content });
+
+  // HTML comments with sensitive content
+  const walker = document.createTreeWalker(document, NodeFilter.SHOW_COMMENT);
+  while (walker.nextNode()) {
+    const text = walker.currentNode.textContent.trim();
+    if (/(TODO|FIXME|HACK|password|secret|key|token|debug)/i.test(text)) {
+      issues.push({ type: 'comment', value: text.substring(0, 100) });
+    }
+  }
+
+  // Hidden inputs with sensitive-looking names
+  const hiddenInputs = document.querySelectorAll('input[type="hidden"]');
+  for (const input of hiddenInputs) {
+    const name = input.name || '';
+    if (/(token|secret|key|csrf|nonce)/i.test(name) && input.value.length > 20) {
+      issues.push({ type: 'hidden_input', name, valueLength: input.value.length });
+    }
+  }
+
+  return issues;
+});
+```
+
+**Severity:** `low` for generator tags, `medium` for TODO/debug comments, `info` for CSRF tokens in hidden inputs (expected pattern, but verify they rotate).
+
+## Integration with pentester findings artifact
+
+Map every finding from this playbook to the standard pentester finding schema:
+
+```json
+{
+  "id": "SF-{slug}-NN",
+  "feature_slug": "{slug}",
+  "surface": "app_target_browser_exposure",
+  "severity": "...",
+  "title": "...",
+  "hypothesis": "Browser-based DAST probe via Playwright",
+  "preconditions": ["Application running at {url}", "Playwright + Chromium installed"],
+  "reproduction_steps": ["1. Run aioson qa:run --persona=hacker", "2. ..."],
+  "evidence": ["Response header dump", "Screenshot path"],
+  "impact": "...",
+  "affected_artifacts": ["URL or source file path"],
+  "suggested_fix": "...",
+  "recommended_owner": "dev",
+  "recommended_gate_status": "...",
+  "status": "open",
+  "safe_to_reproduce": true,
+  "asvs_ids": ["V..."]
+}
+```
+
+## Summary — probe priority order
+
+| Phase | What | Time estimate | Severity ceiling |
+|---|---|---|---|
+| 0 | `qa:run --persona=hacker` + `qa:scan` baseline | 2-5 min | critical |
+| 1 | Security headers | 30s | high |
+| 2 | Cookie attributes | 30s | high |
+| 3 | Client-side storage | 30s | critical |
+| 4 | CORS misconfiguration | 1 min | high |
+| 5 | Source map exposure | 1 min | high |
+| 6 | Clickjacking | 30s | medium |
+| 7 | SRI (CDN resources) | 30s | medium |
+| 8 | Error page disclosure | 30s | high |
+| 9 | HTML meta & comment leaks | 30s | medium |
+
+Total additional time beyond Phase 0: ~5-6 minutes of automated probing.
+
+## References
+
+- OWASP ASVS 5.0: Chapters V3, V4, V7, V8, V12, V13, V14, V15, V16
+- OWASP Testing Guide v4.2: OTG-CONFIG, OTG-INFO, OTG-SESS
+- Mozilla Observatory scoring methodology
+- Playwright API: https://playwright.dev/docs/api/class-response