@kirrosh/zond 0.11.0 → 0.12.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kirrosh/zond",
-  "version": "0.11.0",
+  "version": "0.12.1",
   "description": "API testing platform — define tests in YAML, run from CLI or WebUI, generate from OpenAPI specs",
   "license": "MIT",
   "module": "index.ts",

package/src/core/generator/index.ts

@@ -12,4 +12,4 @@ export { compressEndpointsWithSchemas, buildGenerationGuide } from "./guide-buil
 export type { GuideOptions } from "./guide-builder.ts";
 export type { EndpointWarning, WarningCode } from "./endpoint-warnings.ts";
 export type { EndpointInfo, ResponseInfo, GenerateOptions, SecuritySchemeInfo, CrudGroup } from "./types.ts";
-export { generateSuites, generateStep, detectCrudGroups, generateCrudSuite } from "./suite-generator.ts";
+export { generateSuites, generateStep, detectCrudGroups, generateCrudSuite, findUnresolvedVars } from "./suite-generator.ts";

package/src/core/generator/suite-generator.ts

@@ -117,6 +117,14 @@ function getCaptureField(ep: EndpointInfo): string {
   return "id";
 }
 
+const AUTH_PATH_PATTERNS = /\/(auth|login|signin|signup|register|token|oauth)\b/i;
+
+function isAuthEndpoint(ep: EndpointInfo): boolean {
+  if (AUTH_PATH_PATTERNS.test(ep.path)) return true;
+  if (ep.tags?.some(t => /^auth/i.test(t))) return true;
+  return false;
+}
+
 // ──────────────────────────────────────────────
 // Public API
 // ──────────────────────────────────────────────
@@ -292,6 +300,32 @@ export function generateCrudSuite(
   return suite;
 }
 
+/** Find unresolved template variables in a suite (excluding known globals, captured vars, and env keys) */
+export function findUnresolvedVars(suite: RawSuite, envKeys?: Set<string>): string[] {
+  const KNOWN = new Set(["base_url", "auth_token", "api_key"]);
+  if (envKeys) for (const k of envKeys) KNOWN.add(k);
+  const captured = new Set<string>();
+  for (const step of suite.tests) {
+    if (step.expect?.body) {
+      for (const val of Object.values(step.expect.body)) {
+        if (val && typeof val === "object" && "capture" in val) captured.add((val as any).capture);
+      }
+    }
+  }
+  const vars = new Set<string>();
+  const scan = (obj: unknown) => {
+    if (typeof obj === "string") {
+      for (const m of obj.matchAll(/\{\{([^$}][^}]*)\}\}/g)) {
+        if (!KNOWN.has(m[1]) && !captured.has(m[1])) vars.add(m[1]);
+      }
+    } else if (obj && typeof obj === "object") {
+      for (const v of Object.values(obj)) scan(v);
+    }
+  };
+  scan(suite);
+  return [...vars];
+}
+
 /** Main entry point: generate all suites from endpoints */
 export function generateSuites(opts: {
   endpoints: EndpointInfo[];
@@ -302,8 +336,12 @@ export function generateSuites(opts: {
   // Filter deprecated
   const active = endpoints.filter(ep => !ep.deprecated);
 
+  // Separate auth endpoints
+  const authEndpoints = active.filter(isAuthEndpoint);
+  const nonAuth = active.filter(ep => !isAuthEndpoint(ep));
+
   // 1. Detect CRUD groups
-  const crudGroups = detectCrudGroups(active);
+  const crudGroups = detectCrudGroups(nonAuth);
 
   // Collect endpoints consumed by CRUD groups
   const crudEndpointKeys = new Set<string>();
@@ -315,8 +353,8 @@ export function generateSuites(opts: {
     if (g.delete) crudEndpointKeys.add(`${g.delete.method.toUpperCase()} ${g.delete.path}`);
   }
 
-  // Remaining endpoints (not in any CRUD group)
-  const remaining = active.filter(ep => !crudEndpointKeys.has(`${ep.method.toUpperCase()} ${ep.path}`));
+  // Remaining endpoints (not in any CRUD group, not auth)
+  const remaining = nonAuth.filter(ep => !crudEndpointKeys.has(`${ep.method.toUpperCase()} ${ep.path}`));
 
   const suites: RawSuite[] = [];
 
@@ -384,5 +422,30 @@ export function generateSuites(opts: {
     suites.push(generateCrudSuite(group, securitySchemes));
   }
 
+  // 4. Auth suite (separate — requires real credentials)
+  if (authEndpoints.length > 0) {
+    const tests = authEndpoints.map(ep => generateStep(ep, securitySchemes));
+    const headers = getSuiteHeaders(authEndpoints, securitySchemes);
+
+    const suite: RawSuite = {
+      name: "auth",
+      tags: ["auth"],
+      fileStem: "auth",
+      base_url: "{{base_url}}",
+      tests,
+    };
+
+    if (headers) {
+      suite.headers = headers;
+      for (const t of tests) {
+        if (t.headers && JSON.stringify(t.headers) === JSON.stringify(headers)) {
+          delete (t as any).headers;
+        }
+      }
+    }
+
+    suites.push(suite);
+  }
+
   return suites;
 }

package/src/core/runner/execute-run.ts

@@ -17,6 +17,7 @@ export interface ExecuteRunOptions {
   tag?: string[];
   envVars?: Record<string, string>;
   dryRun?: boolean;
+  rerunFilter?: Set<string>;  // "suite_name::test_name" keys to rerun
 }
 
 export interface ExecuteRunResult {
@@ -40,6 +41,17 @@ export async function executeRun(options: ExecuteRunOptions): Promise<ExecuteRun
     }
   }
 
+  // Rerun filter: keep only specific failed tests
+  if (options.rerunFilter && options.rerunFilter.size > 0) {
+    for (const suite of suites) {
+      suite.tests = suite.tests.filter(t => options.rerunFilter!.has(`${suite.name}::${t.name}`));
+    }
+    suites = suites.filter(s => s.tests.length > 0);
+    if (suites.length === 0) {
+      throw new Error("No matching tests found for rerun filter");
+    }
+  }
+
   // Safe mode: filter to GET-only tests
   if (safe) {
     for (const suite of suites) {

package/src/core/setup-api.ts

@@ -14,7 +14,7 @@ function toYaml(vars: Record<string, string>): string {
 }
 
 export interface SetupApiOptions {
-  name: string;
+  name?: string;
   spec?: string;
   dir?: string;
   envVars?: Record<string, string>;
@@ -29,13 +29,49 @@ export interface SetupApiResult {
   testPath: string;
   baseUrl: string;
   specEndpoints: number;
+  pathParams?: Record<string, string>;
 }
 
 export async function setupApi(options: SetupApiOptions): Promise<SetupApiResult> {
-  const { name, spec, dbPath } = options;
+  const { spec, dbPath } = options;
 
   getDb(dbPath);
 
+  // Try to load and validate spec, extract base_url
+  let openapiSpec: string | null = null;
+  let baseUrl = "";
+  let endpointCount = 0;
+  const pathParams = new Map<string, string>();
+  let specTitle: string | undefined;
+  if (spec) {
+    const doc = await readOpenApiSpec(spec);
+    openapiSpec = spec;
+    if ((doc as any).servers?.[0]?.url) {
+      baseUrl = (doc as any).servers[0].url;
+    }
+    specTitle = (doc as any).info?.title;
+    const endpoints = extractEndpoints(doc);
+    endpointCount = endpoints.length;
+
+    // Collect unique path parameters with default values
+    for (const ep of endpoints) {
+      for (const param of (ep.parameters ?? []).filter(p => p.in === "path")) {
+        if (pathParams.has(param.name)) continue;
+        const schema = param.schema as any;
+        if (param.example !== undefined) pathParams.set(param.name, String(param.example));
+        else if (schema?.example !== undefined) pathParams.set(param.name, String(schema.example));
+        else if (schema?.type === "integer" || schema?.type === "number") pathParams.set(param.name, "1");
+        else pathParams.set(param.name, "example");
+      }
+    }
+  }
+
+  // Derive name: explicit > spec title > filename
+  const name = options.name
+    ?? specTitle?.replace(/[^a-zA-Z0-9_\-\.]/g, "-").toLowerCase()
+    ?? spec?.split(/[/\\]/).pop()?.replace(/\.\w+$/, "")
+    ?? "api";
+
   // Validate name uniqueness (or force-replace)
   const existing = findCollectionByNameOrId(name);
   if (existing) {
@@ -54,22 +90,13 @@ export async function setupApi(options: SetupApiOptions): Promise<SetupApiResult
   // Create directories
   mkdirSync(testPath, { recursive: true });
 
-  // Try to load and validate spec, extract base_url
-  let openapiSpec: string | null = null;
-  let baseUrl = "";
-  let endpointCount = 0;
-  if (spec) {
-    const doc = await readOpenApiSpec(spec);
-    openapiSpec = spec;
-    if ((doc as any).servers?.[0]?.url) {
-      baseUrl = (doc as any).servers[0].url;
-    }
-    endpointCount = extractEndpoints(doc).length;
-  }
-
   // Build environment variables
   const envVars: Record<string, string> = {};
   if (baseUrl) envVars.base_url = baseUrl;
+  // Add path parameter defaults (before user overrides)
+  for (const [k, v] of pathParams) {
+    if (!(k in envVars)) envVars[k] = v;
+  }
   if (options.envVars) {
     Object.assign(envVars, options.envVars);
   }
@@ -102,6 +129,8 @@ export async function setupApi(options: SetupApiOptions): Promise<SetupApiResult
     openapi_spec: openapiSpec ?? undefined,
   });
 
+  const pathParamsObj = pathParams.size > 0 ? Object.fromEntries(pathParams) : undefined;
+
   return {
     created: true,
     collectionId,
@@ -109,5 +138,6 @@ export async function setupApi(options: SetupApiOptions): Promise<SetupApiResult
     testPath: normalizedTestPath,
     baseUrl,
     specEndpoints: endpointCount,
+    ...(pathParamsObj ? { pathParams: pathParamsObj } : {}),
   };
 }

package/src/mcp/tools/generate-and-save.ts

@@ -9,7 +9,9 @@ import {
   filterUncoveredEndpoints,
   serializeSuite,
   generateSuites,
+  findUnresolvedVars,
 } from "../../core/generator/index.ts";
+import { loadEnvironment } from "../../core/parser/variables.ts";
 import { compressEndpointsWithSchemas, buildGenerationGuide } from "../../core/generator/guide-builder.ts";
 import { planChunks, filterByTag } from "../../core/generator/chunker.ts";
 import { TOOL_DESCRIPTIONS } from "../descriptions.js";
@@ -130,10 +132,20 @@ export function registerGenerateAndSaveTool(server: McpServer) {
           });
         }
 
+        const warnings: string[] = [];
+        const env = await loadEnvironment(undefined, effectiveOutputDir);
+        const envKeys = new Set(Object.keys(env));
+        for (const suite of suites) {
+          const unresolved = findUnresolvedVars(suite, envKeys);
+          if (unresolved.length > 0)
+            warnings.push(`${suite.fileStem ?? suite.name}.yaml: unresolved [${unresolved.join(", ")}]`);
+        }
+
         const response: Record<string, unknown> = {
           mode: "generate",
           suitesGenerated: suites.length,
           files,
+          ...(warnings.length > 0 ? { warnings } : {}),
           hint: files.some(f => !f.saved)
             ? "Some files were not saved (already exist?). Use overwrite: true to replace."
             : "Files saved. Run run_tests to verify. Use mode: 'guide' for LLM-crafted tests with more detail.",

package/src/mcp/tools/query-db.ts

@@ -16,6 +16,27 @@ function parseBodySafe(raw: string | null | undefined): unknown {
   }
 }
 
+const USEFUL_HEADERS = new Set([
+  "content-type", "content-length", "location", "retry-after",
+  "www-authenticate", "allow",
+]);
+const USEFUL_PREFIXES = ["x-", "ratelimit"];
+
+function filterHeaders(raw: string | null | undefined): Record<string, string> | undefined {
+  if (!raw) return undefined;
+  try {
+    const h = JSON.parse(raw) as Record<string, string>;
+    const out: Record<string, string> = {};
+    for (const [k, v] of Object.entries(h)) {
+      const l = k.toLowerCase();
+      if (USEFUL_HEADERS.has(l) || USEFUL_PREFIXES.some(p => l.startsWith(p))) {
+        out[k] = v;
+      }
+    }
+    return Object.keys(out).length > 0 ? out : undefined;
+  } catch { return undefined; }
+}
+
 export function registerQueryDbTool(server: McpServer, dbPath?: string) {
   server.registerTool("query_db", {
     description: TOOL_DESCRIPTIONS.query_db,
@@ -137,9 +158,7 @@ export function registerQueryDbTool(server: McpServer, dbPath?: string) {
                 ...(hint ? { hint } : {}),
                 ...(sHint ? { schema_hint: sHint } : {}),
                 response_body: parseBodySafe(r.response_body),
-                response_headers: r.response_headers
-                  ? JSON.parse(r.response_headers)
-                  : undefined,
+                response_headers: filterHeaders(r.response_headers),
                 assertions: r.assertions,
                 duration_ms: r.duration_ms,
               };

package/src/mcp/tools/run-tests.ts

@@ -1,6 +1,10 @@
 import { z } from "zod";
+import { resolve } from "node:path";
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { executeRun } from "../../core/runner/execute-run.ts";
+import { getDb } from "../../db/schema.ts";
+import { getResultsByRunId, findCollectionByTestPath } from "../../db/queries.ts";
+import { readOpenApiSpec, extractEndpoints, scanCoveredEndpoints, filterUncoveredEndpoints } from "../../core/generator/index.ts";
 import { TOOL_DESCRIPTIONS } from "../descriptions.js";
 
 export function registerRunTestsTool(server: McpServer, dbPath?: string) {
@@ -13,8 +17,24 @@ export function registerRunTestsTool(server: McpServer, dbPath?: string) {
       tag: z.optional(z.array(z.string())).describe("Filter suites by tag (OR logic)"),
       envVars: z.optional(z.record(z.string(), z.string())).describe("Environment variables to inject (override env file, e.g. {\"TOKEN\": \"xxx\"})"),
       dryRun: z.optional(z.boolean()).describe("Show requests without sending them (always exits 0)"),
+      rerunFrom: z.optional(z.number().int()).describe("Re-run only tests that failed/errored in this run ID"),
     },
-  }, async ({ testPath, envName, safe, tag, envVars, dryRun }) => {
+  }, async ({ testPath, envName, safe, tag, envVars, dryRun, rerunFrom }) => {
+    // Build filter from previous failed run
+    let rerunFilter: Set<string> | undefined;
+    if (rerunFrom != null) {
+      getDb(dbPath);
+      const prevResults = getResultsByRunId(rerunFrom);
+      const failed = prevResults.filter(r => r.status === "fail" || r.status === "error");
+      if (failed.length === 0) {
+        return {
+          content: [{ type: "text" as const, text: JSON.stringify({ error: `Run ${rerunFrom} has no failures to rerun` }, null, 2) }],
+          isError: true,
+        };
+      }
+      rerunFilter = new Set(failed.map(r => `${r.suite_name}::${r.test_name}`));
+    }
+
     const { runId, results } = await executeRun({
       testPath,
       envName,
@@ -24,6 +44,7 @@ export function registerRunTestsTool(server: McpServer, dbPath?: string) {
       tag,
       envVars,
       dryRun,
+      rerunFilter,
     });
 
     const total = results.reduce((s, r) => s + r.total, 0);
@@ -45,6 +66,25 @@ export function registerRunTestsTool(server: McpServer, dbPath?: string) {
       }))
     );
 
+    // Best-effort coverage calculation
+    let coverage: { covered: number; total: number; percentage: number } | undefined;
+    try {
+      const resolvedPath = resolve(testPath);
+      const collection = findCollectionByTestPath(resolvedPath);
+      if (collection?.openapi_spec) {
+        const doc = await readOpenApiSpec(collection.openapi_spec);
+        const allEndpoints = extractEndpoints(doc);
+        const coveredEps = await scanCoveredEndpoints(collection.test_path);
+        const uncovered = filterUncoveredEndpoints(allEndpoints, coveredEps);
+        const coveredCount = allEndpoints.length - uncovered.length;
+        coverage = {
+          covered: coveredCount,
+          total: allEndpoints.length,
+          percentage: allEndpoints.length > 0 ? Math.round((coveredCount / allEndpoints.length) * 100) : 100,
+        };
+      }
+    } catch { /* coverage is best-effort, don't fail run */ }
+
     const hints: string[] = [];
     if (failedSteps.length > 0) {
       hints.push("Use query_db(action: 'diagnose_failure', runId: " + runId + ") for detailed failure analysis");
@@ -55,9 +95,6 @@ export function registerRunTestsTool(server: McpServer, dbPath?: string) {
         );
       }
     }
-    hints.push("Use manage_server(action: 'start') to launch the Web UI and view results visually in a browser at http://localhost:8080");
-    hints.push("Ask the user if they want to set up CI/CD to run these tests automatically on push. If yes, use ci_init to generate a workflow and help them push to GitHub/GitLab.");
-
     const summary = {
       runId,
       total,
@@ -67,6 +104,7 @@ export function registerRunTestsTool(server: McpServer, dbPath?: string) {
       suites: results.length,
       status: failed === 0 ? "all_passed" : "has_failures",
       ...(failedSteps.length > 0 ? { failures: failedSteps } : {}),
+      ...(coverage ? { coverage } : {}),
       hints,
     };
 

package/src/mcp/tools/setup-api.ts

@@ -22,7 +22,7 @@ export function registerSetupApiTool(server: McpServer, dbPath?: string) {
   server.registerTool("setup_api", {
     description: TOOL_DESCRIPTIONS.setup_api,
     inputSchema: {
-      name: z.string().describe("API name (e.g. 'petstore')"),
+      name: z.optional(z.string()).describe("API name (auto-detected from spec title if omitted)"),
       specPath: z.optional(z.string()).describe("Path or URL to OpenAPI spec"),
       dir: z.optional(z.string()).describe("Base directory (default: ./apis/<name>/)"),
       envVars: z.optional(z.string()).describe("Environment variables as JSON string (e.g. '{\"base_url\": \"...\", \"token\": \"...\"}')"),