@kirrosh/zond 0.22.0 → 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +811 -0
- package/README.md +59 -6
- package/package.json +9 -7
- package/src/CLAUDE.md +112 -0
- package/src/cli/argv.ts +122 -0
- package/src/cli/commands/add-api.ts +146 -0
- package/src/cli/commands/api/annotate/idempotency.ts +59 -0
- package/src/cli/commands/api/annotate/index.ts +880 -0
- package/src/cli/commands/api/annotate/lifecycle.ts +74 -0
- package/src/cli/commands/api/annotate/overlay.ts +206 -0
- package/src/cli/commands/api/annotate/pagination.ts +64 -0
- package/src/cli/commands/api/annotate/prompts.ts +220 -0
- package/src/cli/commands/api/annotate/readback.ts +58 -0
- package/src/cli/commands/api/annotate/resources.ts +91 -0
- package/src/cli/commands/api/annotate/seed-bodies.ts +61 -0
- package/src/cli/commands/audit.ts +786 -0
- package/src/cli/commands/catalog.ts +35 -0
- package/src/cli/commands/check.ts +361 -0
- package/src/cli/commands/checks.ts +1072 -0
- package/src/cli/commands/ci-init.ts +43 -0
- package/src/cli/commands/clean.ts +212 -0
- package/src/cli/commands/cleanup.ts +236 -0
- package/src/cli/commands/completions.ts +16 -0
- package/src/cli/commands/coverage.ts +823 -132
- package/src/cli/commands/db.ts +486 -12
- package/src/cli/commands/describe.ts +37 -2
- package/src/cli/commands/discover.ts +1356 -0
- package/src/cli/commands/doctor.ts +661 -0
- package/src/cli/commands/fixtures.ts +402 -0
- package/src/cli/commands/generate.ts +438 -47
- package/src/cli/commands/init/bootstrap.ts +34 -2
- package/src/cli/commands/{init.ts → init/index.ts} +99 -5
- package/src/cli/commands/init/skills.ts +99 -3
- package/src/cli/commands/init/templates/agents.md +77 -64
- package/src/cli/commands/init/templates/skills/warm-up-target.md +122 -0
- package/src/cli/commands/init/templates/skills/zond-checks.md +621 -0
- package/src/cli/commands/init/templates/skills/zond-seed.md +114 -0
- package/src/cli/commands/init/templates/skills/zond-triage.md +272 -0
- package/src/cli/commands/init/templates/skills/zond.md +802 -125
- package/src/cli/commands/init/templates/zond-config.yml +8 -9
- package/src/cli/commands/prepare-fixtures.ts +97 -0
- package/src/cli/commands/probe/_seed-bodies.ts +52 -0
- package/src/cli/commands/probe/mass-assignment.ts +594 -0
- package/src/cli/commands/probe/security.ts +537 -0
- package/src/cli/commands/probe/static.ts +255 -0
- package/src/cli/commands/probe/webhooks.ts +163 -0
- package/src/cli/commands/probe.ts +535 -0
- package/src/cli/commands/reference.ts +87 -0
- package/src/cli/commands/refresh-api.ts +227 -0
- package/src/cli/commands/remove-api.ts +150 -0
- package/src/cli/commands/report-bundle.ts +310 -0
- package/src/cli/commands/report.ts +241 -0
- package/src/cli/commands/request.ts +495 -4
- package/src/cli/commands/run.ts +870 -53
- package/src/cli/commands/schema-from-runs.ts +128 -0
- package/src/cli/commands/secrets.ts +133 -0
- package/src/cli/commands/session.ts +244 -0
- package/src/cli/commands/use.ts +18 -1
- package/src/cli/index.ts +20 -3
- package/src/cli/json-envelope.ts +92 -3
- package/src/cli/json-schemas.ts +314 -0
- package/src/cli/output.ts +17 -1
- package/src/cli/program.ts +199 -635
- package/src/cli/resolve.ts +105 -0
- package/src/cli/safe-live.ts +24 -0
- package/src/cli/status-filter.ts +114 -0
- package/src/cli/util/api-context.ts +85 -0
- package/src/cli/version.ts +5 -0
- package/src/core/audit/persist.ts +183 -0
- package/src/core/checks/budget.ts +59 -0
- package/src/core/checks/checks/_crud-helpers.ts +133 -0
- package/src/core/checks/checks/_negative_mutator.ts +133 -0
- package/src/core/checks/checks/_readback-helpers.ts +133 -0
- package/src/core/checks/checks/content_type_conformance.ts +39 -0
- package/src/core/checks/checks/cross_call_references.ts +147 -0
- package/src/core/checks/checks/cursor_boundary_fuzzing.ts +219 -0
- package/src/core/checks/checks/ensure_resource_availability.ts +62 -0
- package/src/core/checks/checks/idempotency_replay.ts +242 -0
- package/src/core/checks/checks/ignored_auth.ts +254 -0
- package/src/core/checks/checks/index.ts +68 -0
- package/src/core/checks/checks/lifecycle_transitions.ts +416 -0
- package/src/core/checks/checks/missing_required_header.ts +40 -0
- package/src/core/checks/checks/negative_data_rejection.ts +148 -0
- package/src/core/checks/checks/not_a_server_error.ts +35 -0
- package/src/core/checks/checks/open_cors_on_sensitive.ts +160 -0
- package/src/core/checks/checks/pagination_invariants.ts +419 -0
- package/src/core/checks/checks/positive_data_acceptance.ts +33 -0
- package/src/core/checks/checks/rate_limit_headers_absent.ts +77 -0
- package/src/core/checks/checks/response_headers_conformance.ts +74 -0
- package/src/core/checks/checks/response_schema_conformance.ts +30 -0
- package/src/core/checks/checks/status_code_conformance.ts +132 -0
- package/src/core/checks/checks/unsupported_method.ts +63 -0
- package/src/core/checks/checks/use_after_free.ts +78 -0
- package/src/core/checks/index.ts +30 -0
- package/src/core/checks/mode.ts +82 -0
- package/src/core/checks/recommended-action.ts +68 -0
- package/src/core/checks/registry.ts +78 -0
- package/src/core/checks/runner.ts +1461 -0
- package/src/core/checks/sarif.ts +230 -0
- package/src/core/checks/spec-findings.ts +308 -0
- package/src/core/checks/stateful.ts +121 -0
- package/src/core/checks/types.ts +305 -0
- package/src/core/checks/zond-extensions.ts +73 -0
- package/src/core/classifier/recommended-action.ts +251 -0
- package/src/core/context/current.ts +22 -6
- package/src/core/context/session.ts +78 -0
- package/src/core/coverage/loader.ts +216 -0
- package/src/core/coverage/reasons.ts +300 -0
- package/src/core/diagnostics/db-analysis.ts +293 -59
- package/src/core/diagnostics/failure-class.ts +140 -0
- package/src/core/diagnostics/failure-hints.ts +88 -89
- package/src/core/diagnostics/spec-pointer.ts +99 -0
- package/src/core/diagnostics/suggested-fixes.ts +155 -0
- package/src/core/exporter/case-study/index.ts +270 -0
- package/src/core/exporter/curl.ts +40 -0
- package/src/core/exporter/exporter.ts +48 -0
- package/src/core/exporter/html-report/escape.ts +24 -0
- package/src/core/exporter/html-report/index.ts +479 -0
- package/src/core/exporter/html-report/script.ts +100 -0
- package/src/core/exporter/html-report/styles.ts +408 -0
- package/src/core/generator/chunker.ts +38 -19
- package/src/core/generator/coverage-phase.ts +0 -0
- package/src/core/generator/data-factory.ts +586 -22
- package/src/core/generator/describe.ts +1 -1
- package/src/core/generator/fixtures-builder.ts +332 -0
- package/src/core/generator/index.ts +5 -5
- package/src/core/generator/openapi-reader.ts +135 -7
- package/src/core/generator/path-param-disambig.ts +140 -0
- package/src/core/generator/resources-builder.ts +898 -0
- package/src/core/generator/schema-utils.ts +33 -3
- package/src/core/generator/serializer.ts +103 -13
- package/src/core/generator/suite-generator.ts +583 -122
- package/src/core/generator/types.ts +14 -0
- package/src/core/identity/identity-file.ts +0 -0
- package/src/core/lint/affects.ts +28 -0
- package/src/core/lint/config.ts +96 -0
- package/src/core/lint/format.ts +42 -0
- package/src/core/lint/index.ts +94 -0
- package/src/core/lint/reporter.ts +128 -0
- package/src/core/lint/rules/consistency.ts +158 -0
- package/src/core/lint/rules/heuristics.ts +97 -0
- package/src/core/lint/rules/strictness.ts +109 -0
- package/src/core/lint/types.ts +96 -0
- package/src/core/lint/walker.ts +248 -0
- package/src/core/meta/meta-store.ts +6 -73
- package/src/core/output/README.md +73 -0
- package/src/core/output/index.ts +13 -0
- package/src/core/output/run.ts +91 -0
- package/src/core/output/types.ts +122 -0
- package/src/core/parser/dynamic-values.ts +160 -0
- package/src/core/parser/env-interpolation.ts +104 -0
- package/src/core/parser/filter.ts +57 -0
- package/src/core/parser/schema.ts +129 -4
- package/src/core/parser/types.ts +19 -1
- package/src/core/parser/variables.ts +0 -0
- package/src/core/parser/yaml-parser.ts +58 -12
- package/src/core/probe/bootstrap.ts +34 -0
- package/src/core/probe/dry-run-envelope.ts +61 -0
- package/src/core/probe/mass-assignment/classify.ts +175 -0
- package/src/core/probe/mass-assignment/cleanup.ts +52 -0
- package/src/core/probe/mass-assignment/digest.ts +114 -0
- package/src/core/probe/mass-assignment/orchestrator.ts +459 -0
- package/src/core/probe/mass-assignment/regression.ts +141 -0
- package/src/core/probe/mass-assignment/suspects.ts +92 -0
- package/src/core/probe/mass-assignment/types.ts +135 -0
- package/src/core/probe/mass-assignment-probe-class.ts +198 -0
- package/src/core/probe/mass-assignment-probe.ts +27 -0
- package/src/core/probe/mass-assignment-template.ts +240 -0
- package/src/core/probe/method-probe.ts +43 -76
- package/src/core/probe/method-shared.ts +69 -0
- package/src/core/probe/negative-probe.ts +183 -149
- package/src/core/probe/orphan-tracker.ts +188 -0
- package/src/core/probe/path-discovery.ts +439 -0
- package/src/core/probe/probe-harness.ts +119 -0
- package/src/core/probe/registry.ts +89 -0
- package/src/core/probe/runner.ts +136 -0
- package/src/core/probe/security/baseline.ts +174 -0
- package/src/core/probe/security/classify.ts +341 -0
- package/src/core/probe/security/cleanup.ts +125 -0
- package/src/core/probe/security/detectors.ts +71 -0
- package/src/core/probe/security/digest.ts +104 -0
- package/src/core/probe/security/orchestrator.ts +398 -0
- package/src/core/probe/security/regression.ts +103 -0
- package/src/core/probe/security/types.ts +151 -0
- package/src/core/probe/security-probe-class.ts +207 -0
- package/src/core/probe/security-probe.ts +32 -0
- package/src/core/probe/shared.ts +531 -0
- package/src/core/probe/static-probe-class.ts +125 -0
- package/src/core/probe/types.ts +165 -0
- package/src/core/probe/verdict-aggregator.ts +33 -0
- package/src/core/probe/webhooks-probe.ts +282 -0
- package/src/core/reporter/console.ts +41 -2
- package/src/core/reporter/index.ts +2 -3
- package/src/core/reporter/json.ts +11 -1
- package/src/core/reporter/junit.ts +27 -12
- package/src/core/reporter/ndjson.ts +37 -0
- package/src/core/reporter/types.ts +3 -0
- package/src/core/runner/assertions.ts +59 -2
- package/src/core/runner/async-pool.ts +108 -0
- package/src/core/runner/auth-path.ts +8 -0
- package/src/core/runner/ci-context.ts +72 -0
- package/src/core/runner/executor.ts +265 -36
- package/src/core/runner/form-encode.ts +41 -0
- package/src/core/runner/http-client.ts +112 -2
- package/src/core/runner/learn-drift.ts +293 -0
- package/src/core/runner/preflight-vars.ts +153 -0
- package/src/core/runner/progress-tracker.ts +73 -0
- package/src/core/runner/rate-limiter.ts +87 -33
- package/src/core/runner/run-kind.ts +45 -0
- package/src/core/runner/schema-validator.ts +308 -0
- package/src/core/runner/send-request.ts +158 -20
- package/src/core/runner/types.ts +44 -0
- package/src/core/secrets/registry.ts +164 -0
- package/src/core/secrets/secrets-file.ts +115 -0
- package/src/core/selectors/operation-filter.ts +144 -0
- package/src/core/setup-api.ts +457 -20
- package/src/core/severity/category.ts +94 -0
- package/src/core/severity/index.ts +58 -0
- package/src/core/spec/infer-schema.ts +102 -0
- package/src/core/spec/layers.ts +154 -0
- package/src/core/spec/merge-specs.ts +156 -0
- package/src/core/spec/schema-from-runs.ts +117 -0
- package/src/core/spec/schema-overlay.ts +130 -0
- package/src/core/util/ajv.ts +13 -0
- package/src/core/util/format-eta.ts +21 -0
- package/src/core/util/headers.ts +9 -0
- package/src/core/util/url.ts +24 -0
- package/src/core/utils.ts +5 -1
- package/src/core/workspace/config.ts +129 -0
- package/src/core/workspace/fixture-gap-report.ts +84 -0
- package/src/core/workspace/fixture-gaps.ts +71 -0
- package/src/core/workspace/manifest.ts +283 -0
- package/src/core/workspace/output-rotation.ts +62 -0
- package/src/core/workspace/root.ts +13 -11
- package/src/core/workspace/triage-path.ts +87 -0
- package/src/db/lint-runs.ts +47 -0
- package/src/db/migrate.ts +128 -0
- package/src/db/migrations/0001_run_kind.sql +25 -0
- package/src/db/migrations/0002_run_kind_request.sql +59 -0
- package/src/db/migrations/sql.d.ts +4 -0
- package/src/db/queries/collections.ts +133 -0
- package/src/db/queries/coverage.ts +9 -0
- package/src/db/queries/dashboard.ts +59 -0
- package/src/db/queries/results.ts +216 -0
- package/src/db/queries/runs.ts +289 -0
- package/src/db/queries/sessions.ts +42 -0
- package/src/db/queries/settings.ts +28 -0
- package/src/db/queries/types.ts +172 -0
- package/src/db/queries.ts +75 -802
- package/src/db/schema.ts +178 -50
- package/src/cli/commands/export.ts +0 -144
- package/src/cli/commands/guide.ts +0 -127
- package/src/cli/commands/init/templates/skills/scenarios.md +0 -97
- package/src/cli/commands/probe-methods.ts +0 -108
- package/src/cli/commands/probe-validation.ts +0 -124
- package/src/cli/commands/serve.ts +0 -114
- package/src/cli/commands/sync.ts +0 -268
- package/src/cli/commands/update.ts +0 -189
- package/src/cli/commands/validate.ts +0 -34
- package/src/core/diagnostics/render-md.ts +0 -112
- package/src/core/exporter/postman.ts +0 -963
- package/src/core/generator/guide-builder.ts +0 -253
- package/src/core/meta/types.ts +0 -19
- package/src/core/parser/index.ts +0 -21
- package/src/core/runner/execute-run.ts +0 -132
- package/src/core/runner/index.ts +0 -12
- package/src/core/sync/spec-differ.ts +0 -38
- package/src/web/data/collection-state.ts +0 -362
- package/src/web/routes/api.ts +0 -314
- package/src/web/routes/dashboard.ts +0 -350
- package/src/web/routes/runs.ts +0 -64
- package/src/web/schemas.ts +0 -121
- package/src/web/server.ts +0 -134
- package/src/web/static/htmx.min.cjs +0 -1
- package/src/web/static/style.css +0 -1148
- package/src/web/views/endpoints-tab.ts +0 -174
- package/src/web/views/explorer-tab.ts +0 -402
- package/src/web/views/health-strip.ts +0 -92
- package/src/web/views/layout.ts +0 -48
- package/src/web/views/results.ts +0 -210
- package/src/web/views/runs-tab.ts +0 -126
- package/src/web/views/suites-tab.ts +0 -181
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
-- ARV-265 (m-22): extend `runs.run_kind` CHECK constraint to include
|
|
2
|
+
-- 'request' (zond request in-session) and 'fixture' (prepare-fixtures
|
|
3
|
+
-- cascade list-calls), so audit-coverage can attribute HTTP touches
|
|
4
|
+
-- back to those producers.
|
|
5
|
+
--
|
|
6
|
+
-- The CHECK constraint can't be added with ALTER TABLE in SQLite. Bun's
|
|
7
|
+
-- bun:sqlite also locks `sqlite_master` against direct UPDATEs, so the
|
|
8
|
+
-- usual `PRAGMA writable_schema=1` rewrite is rejected. We use the
|
|
9
|
+
-- canonical SQLite 12-step rebuild: create a parallel table with the
|
|
10
|
+
-- new constraint, copy rows over, drop the old, rename.
|
|
11
|
+
--
|
|
12
|
+
-- The migration runner wraps this in a transaction. FK references from
|
|
13
|
+
-- `results.run_id` to `runs(id)` survive the DROP+RENAME because SQLite
|
|
14
|
+
-- resolves FK targets by name at row-modification time, not at table
|
|
15
|
+
-- definition time — when the new `runs` ends up with the same name the
|
|
16
|
+
-- soft reference is reattached transparently. Indexes are explicitly
|
|
17
|
+
-- recreated post-rename (they don't survive a DROP).
|
|
18
|
+
|
|
19
|
+
CREATE TABLE runs_new (
|
|
20
|
+
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
21
|
+
started_at TEXT NOT NULL,
|
|
22
|
+
finished_at TEXT,
|
|
23
|
+
total INTEGER NOT NULL DEFAULT 0,
|
|
24
|
+
passed INTEGER NOT NULL DEFAULT 0,
|
|
25
|
+
failed INTEGER NOT NULL DEFAULT 0,
|
|
26
|
+
skipped INTEGER NOT NULL DEFAULT 0,
|
|
27
|
+
trigger TEXT DEFAULT 'manual',
|
|
28
|
+
commit_sha TEXT,
|
|
29
|
+
branch TEXT,
|
|
30
|
+
environment TEXT,
|
|
31
|
+
duration_ms INTEGER,
|
|
32
|
+
collection_id INTEGER REFERENCES collections(id),
|
|
33
|
+
session_id TEXT,
|
|
34
|
+
tags TEXT,
|
|
35
|
+
run_kind TEXT NOT NULL DEFAULT 'regular'
|
|
36
|
+
CHECK (run_kind IN ('regular','probe','check','request','fixture'))
|
|
37
|
+
);
|
|
38
|
+
|
|
39
|
+
INSERT INTO runs_new (
|
|
40
|
+
id, started_at, finished_at, total, passed, failed, skipped, trigger,
|
|
41
|
+
commit_sha, branch, environment, duration_ms, collection_id, session_id,
|
|
42
|
+
tags, run_kind
|
|
43
|
+
)
|
|
44
|
+
SELECT
|
|
45
|
+
id, started_at, finished_at, total, passed, failed, skipped, trigger,
|
|
46
|
+
commit_sha, branch, environment, duration_ms, collection_id, session_id,
|
|
47
|
+
tags,
|
|
48
|
+
CASE
|
|
49
|
+
WHEN run_kind IN ('regular','probe','check','request','fixture') THEN run_kind
|
|
50
|
+
ELSE 'regular'
|
|
51
|
+
END
|
|
52
|
+
FROM runs;
|
|
53
|
+
|
|
54
|
+
DROP TABLE runs;
|
|
55
|
+
ALTER TABLE runs_new RENAME TO runs;
|
|
56
|
+
|
|
57
|
+
CREATE INDEX IF NOT EXISTS idx_runs_started ON runs(started_at DESC);
|
|
58
|
+
CREATE INDEX IF NOT EXISTS idx_runs_collection ON runs(collection_id);
|
|
59
|
+
CREATE INDEX IF NOT EXISTS idx_runs_session ON runs(session_id, started_at DESC);
|
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
import { getDb } from "../schema.ts";
|
|
2
|
+
import {
|
|
3
|
+
normalizePath,
|
|
4
|
+
type CollectionRecord,
|
|
5
|
+
type CollectionSummary,
|
|
6
|
+
type CreateCollectionOpts,
|
|
7
|
+
type RunRecord,
|
|
8
|
+
} from "./types.ts";
|
|
9
|
+
|
|
10
|
+
export function createCollection(opts: CreateCollectionOpts): number {
|
|
11
|
+
const db = getDb();
|
|
12
|
+
const stmt = db.prepare(`
|
|
13
|
+
INSERT INTO collections (name, base_dir, test_path, openapi_spec)
|
|
14
|
+
VALUES ($name, $base_dir, $test_path, $openapi_spec)
|
|
15
|
+
`);
|
|
16
|
+
const result = stmt.run({
|
|
17
|
+
$name: opts.name,
|
|
18
|
+
$base_dir: opts.base_dir ?? null,
|
|
19
|
+
$test_path: opts.test_path,
|
|
20
|
+
$openapi_spec: opts.openapi_spec ?? null,
|
|
21
|
+
});
|
|
22
|
+
return Number(result.lastInsertRowid);
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
export function getCollectionById(id: number): CollectionRecord | null {
|
|
26
|
+
const db = getDb();
|
|
27
|
+
return db.query("SELECT * FROM collections WHERE id = ?").get(id) as CollectionRecord | null;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
export function getLatestRunByCollection(
|
|
31
|
+
collectionId: number,
|
|
32
|
+
opts: { runKind?: import("../../core/runner/run-kind.ts").RunKind | "any" } = {},
|
|
33
|
+
): RunRecord | null {
|
|
34
|
+
const db = getDb();
|
|
35
|
+
// ARV-55: 'regular' is the default so coverage skips probe-only runs
|
|
36
|
+
// without an explicit predicate. 'any' opts back into the legacy
|
|
37
|
+
// behaviour (used by `coverage`'s probe-run hint logic).
|
|
38
|
+
const kind = opts.runKind ?? "regular";
|
|
39
|
+
const kindClause = kind === "any" ? "" : "AND run_kind = ?";
|
|
40
|
+
const params: (string | number)[] = [collectionId];
|
|
41
|
+
if (kind !== "any") params.push(kind);
|
|
42
|
+
const row = db.query(`
|
|
43
|
+
SELECT * FROM runs
|
|
44
|
+
WHERE collection_id = ? AND finished_at IS NOT NULL ${kindClause}
|
|
45
|
+
ORDER BY started_at DESC
|
|
46
|
+
LIMIT 1
|
|
47
|
+
`).get(...params) as (Record<string, unknown> & { tags?: unknown }) | null;
|
|
48
|
+
if (!row) return null;
|
|
49
|
+
let tags: string[] | null = null;
|
|
50
|
+
if (typeof row.tags === "string") {
|
|
51
|
+
try {
|
|
52
|
+
const v = JSON.parse(row.tags);
|
|
53
|
+
if (Array.isArray(v) && v.every((x) => typeof x === "string")) tags = v;
|
|
54
|
+
} catch {
|
|
55
|
+
// legacy/corrupt — leave null
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
// ARV-55: normalise run_kind alongside tags so RunRecord stays consistent.
|
|
59
|
+
const rk = row.run_kind;
|
|
60
|
+
const run_kind: import("../../core/runner/run-kind.ts").RunKind =
|
|
61
|
+
rk === "probe" || rk === "check" || rk === "request" || rk === "fixture" ? rk : "regular";
|
|
62
|
+
return { ...(row as unknown as RunRecord), tags, run_kind };
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
export function listCollections(): CollectionSummary[] {
|
|
66
|
+
const db = getDb();
|
|
67
|
+
return db.query(`
|
|
68
|
+
SELECT
|
|
69
|
+
c.id, c.name, c.base_dir, c.test_path, c.openapi_spec, c.created_at,
|
|
70
|
+
COUNT(r.id) AS total_runs,
|
|
71
|
+
CASE WHEN SUM(r.total) > 0
|
|
72
|
+
THEN ROUND(SUM(r.passed) * 100.0 / SUM(r.total), 1)
|
|
73
|
+
ELSE 0 END AS pass_rate,
|
|
74
|
+
MAX(r.started_at) AS last_run_at,
|
|
75
|
+
COALESCE((SELECT passed FROM runs WHERE collection_id = c.id ORDER BY started_at DESC LIMIT 1), 0) AS last_run_passed,
|
|
76
|
+
COALESCE((SELECT failed FROM runs WHERE collection_id = c.id ORDER BY started_at DESC LIMIT 1), 0) AS last_run_failed,
|
|
77
|
+
COALESCE((SELECT total FROM runs WHERE collection_id = c.id ORDER BY started_at DESC LIMIT 1), 0) AS last_run_total
|
|
78
|
+
FROM collections c
|
|
79
|
+
LEFT JOIN runs r ON r.collection_id = c.id AND r.finished_at IS NOT NULL
|
|
80
|
+
GROUP BY c.id
|
|
81
|
+
ORDER BY c.name
|
|
82
|
+
`).all() as CollectionSummary[];
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
export function updateCollection(id: number, opts: Partial<CreateCollectionOpts>): boolean {
|
|
86
|
+
const db = getDb();
|
|
87
|
+
const sets: string[] = [];
|
|
88
|
+
const params: Record<string, any> = { $id: id };
|
|
89
|
+
|
|
90
|
+
if (opts.name !== undefined) { sets.push("name = $name"); params.$name = opts.name; }
|
|
91
|
+
if (opts.base_dir !== undefined) { sets.push("base_dir = $base_dir"); params.$base_dir = opts.base_dir; }
|
|
92
|
+
if (opts.test_path !== undefined) { sets.push("test_path = $test_path"); params.$test_path = opts.test_path; }
|
|
93
|
+
if (opts.openapi_spec !== undefined) { sets.push("openapi_spec = $openapi_spec"); params.$openapi_spec = opts.openapi_spec; }
|
|
94
|
+
|
|
95
|
+
if (sets.length === 0) return false;
|
|
96
|
+
|
|
97
|
+
const result = db.prepare(`UPDATE collections SET ${sets.join(", ")} WHERE id = $id`).run(params);
|
|
98
|
+
return result.changes > 0;
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
export function deleteCollection(id: number, deleteRuns = false): boolean {
|
|
102
|
+
const db = getDb();
|
|
103
|
+
if (deleteRuns) {
|
|
104
|
+
const runIds = db.query("SELECT id FROM runs WHERE collection_id = ?").all(id) as { id: number }[];
|
|
105
|
+
for (const row of runIds) {
|
|
106
|
+
db.prepare("DELETE FROM results WHERE run_id = ?").run(row.id);
|
|
107
|
+
}
|
|
108
|
+
db.prepare("DELETE FROM runs WHERE collection_id = ?").run(id);
|
|
109
|
+
} else {
|
|
110
|
+
db.prepare("UPDATE runs SET collection_id = NULL WHERE collection_id = ?").run(id);
|
|
111
|
+
}
|
|
112
|
+
const result = db.prepare("DELETE FROM collections WHERE id = ?").run(id);
|
|
113
|
+
return result.changes > 0;
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
export function findCollectionByTestPath(path: string): CollectionRecord | null {
|
|
117
|
+
const db = getDb();
|
|
118
|
+
const normalized = normalizePath(path);
|
|
119
|
+
return db.query("SELECT * FROM collections WHERE test_path = ?").get(normalized) as CollectionRecord | null;
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
export function findCollectionByNameOrId(nameOrId: string): CollectionRecord | null {
|
|
123
|
+
const db = getDb();
|
|
124
|
+
// Try as numeric ID first
|
|
125
|
+
const id = parseInt(nameOrId, 10);
|
|
126
|
+
if (!isNaN(id)) {
|
|
127
|
+
const byId = db.query("SELECT * FROM collections WHERE id = ?").get(id) as CollectionRecord | null;
|
|
128
|
+
if (byId) return byId;
|
|
129
|
+
}
|
|
130
|
+
// Then by name (case-insensitive)
|
|
131
|
+
return db.query("SELECT * FROM collections WHERE lower(name) = lower(?)").get(nameOrId) as CollectionRecord | null;
|
|
132
|
+
}
|
|
133
|
+
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Reserved for coverage-domain DB queries. As of TASK-187, coverage
|
|
3
|
+
* tables (`coverage_runs`, etc.) are still managed entirely from
|
|
4
|
+
* `src/core/coverage/`; nothing in `queries.ts` was coverage-specific to
|
|
5
|
+
* move here. The file exists so the per-domain layout is future-proof
|
|
6
|
+
* — when a coverage table-backed feature lands, queries land here and
|
|
7
|
+
* the cli/UI imports stay stable.
|
|
8
|
+
*/
|
|
9
|
+
export {};
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { getDb } from "../schema.ts";
|
|
2
|
+
import type {
|
|
3
|
+
DashboardStats,
|
|
4
|
+
PassRateTrendPoint,
|
|
5
|
+
SlowestTest,
|
|
6
|
+
FlakyTest,
|
|
7
|
+
} from "./types.ts";
|
|
8
|
+
|
|
9
|
+
export function getDashboardStats(): DashboardStats {
|
|
10
|
+
const db = getDb();
|
|
11
|
+
const row = db.query(`
|
|
12
|
+
SELECT
|
|
13
|
+
COUNT(*) AS totalRuns,
|
|
14
|
+
COALESCE(SUM(total), 0) AS totalTests,
|
|
15
|
+
CASE WHEN SUM(total) > 0
|
|
16
|
+
THEN ROUND(SUM(passed) * 100.0 / SUM(total), 1)
|
|
17
|
+
ELSE 0 END AS overallPassRate,
|
|
18
|
+
COALESCE(ROUND(AVG(duration_ms), 0), 0) AS avgDuration
|
|
19
|
+
FROM runs
|
|
20
|
+
WHERE finished_at IS NOT NULL
|
|
21
|
+
`).get() as { totalRuns: number; totalTests: number; overallPassRate: number; avgDuration: number };
|
|
22
|
+
return row;
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
export function getPassRateTrend(limit = 30): PassRateTrendPoint[] {
|
|
26
|
+
const db = getDb();
|
|
27
|
+
return db.query(`
|
|
28
|
+
SELECT id AS run_id, started_at,
|
|
29
|
+
CASE WHEN total > 0 THEN ROUND(passed * 100.0 / total, 1) ELSE 0 END AS pass_rate
|
|
30
|
+
FROM runs
|
|
31
|
+
WHERE finished_at IS NOT NULL
|
|
32
|
+
ORDER BY started_at DESC
|
|
33
|
+
LIMIT ?
|
|
34
|
+
`).all(limit) as PassRateTrendPoint[];
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
export function getSlowestTests(limit = 5): SlowestTest[] {
|
|
38
|
+
const db = getDb();
|
|
39
|
+
return db.query(`
|
|
40
|
+
SELECT suite_name, test_name, ROUND(AVG(duration_ms), 0) AS avg_duration
|
|
41
|
+
FROM results
|
|
42
|
+
GROUP BY suite_name, test_name
|
|
43
|
+
ORDER BY avg_duration DESC
|
|
44
|
+
LIMIT ?
|
|
45
|
+
`).all(limit) as SlowestTest[];
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
export function getFlakyTests(runsBack = 20, limit = 5): FlakyTest[] {
|
|
49
|
+
const db = getDb();
|
|
50
|
+
return db.query(`
|
|
51
|
+
SELECT r.suite_name, r.test_name, COUNT(DISTINCT r.status) AS distinct_statuses
|
|
52
|
+
FROM results r
|
|
53
|
+
INNER JOIN (SELECT id FROM runs ORDER BY started_at DESC LIMIT ?) recent ON r.run_id = recent.id
|
|
54
|
+
GROUP BY r.suite_name, r.test_name
|
|
55
|
+
HAVING COUNT(DISTINCT r.status) > 1
|
|
56
|
+
ORDER BY distinct_statuses DESC
|
|
57
|
+
LIMIT ?
|
|
58
|
+
`).all(runsBack, limit) as FlakyTest[];
|
|
59
|
+
}
|
|
@@ -0,0 +1,216 @@
|
|
|
1
|
+
import { getDb, withDbRetry } from "../schema.ts";
|
|
2
|
+
import type { TestRunResult } from "../../core/runner/types.ts";
|
|
3
|
+
import { getSecretRegistry } from "../../core/secrets/registry.ts";
|
|
4
|
+
import type { StoredStepResult } from "./types.ts";
|
|
5
|
+
|
|
6
|
+
function parseProvenance(raw: unknown): import("../../core/parser/types.ts").SourceMetadata | null {
|
|
7
|
+
if (typeof raw !== "string" || raw.length === 0) return null;
|
|
8
|
+
try {
|
|
9
|
+
const parsed = JSON.parse(raw);
|
|
10
|
+
return parsed && typeof parsed === "object" ? parsed : null;
|
|
11
|
+
} catch {
|
|
12
|
+
return null;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
export function saveResults(runId: number, suiteResults: TestRunResult[]): void {
|
|
17
|
+
const db = getDb();
|
|
18
|
+
|
|
19
|
+
const stmt = db.prepare(`
|
|
20
|
+
INSERT INTO results
|
|
21
|
+
(run_id, suite_name, test_name, status, duration_ms,
|
|
22
|
+
request_method, request_url, request_body,
|
|
23
|
+
response_status, response_body, response_headers, error_message, assertions, captures, suite_file, provenance, failure_class, failure_class_reason, spec_pointer, spec_excerpt)
|
|
24
|
+
VALUES
|
|
25
|
+
($run_id, $suite_name, $test_name, $status, $duration_ms,
|
|
26
|
+
$request_method, $request_url, $request_body,
|
|
27
|
+
$response_status, $response_body, $response_headers, $error_message, $assertions, $captures, $suite_file, $provenance, $failure_class, $failure_class_reason, $spec_pointer, $spec_excerpt)
|
|
28
|
+
`);
|
|
29
|
+
|
|
30
|
+
// TASK-167 (m-10): every string field that can carry a leaked secret
|
|
31
|
+
// (URL with token in query, body echo on 401, Set-Cookie header, etc.)
|
|
32
|
+
// goes through the registry sanitizer before INSERT.
|
|
33
|
+
const reg = getSecretRegistry();
|
|
34
|
+
const redactString = (s: string | null | undefined): string | null =>
|
|
35
|
+
s == null ? null : reg.redact(s);
|
|
36
|
+
const redactJson = (v: unknown): string | null => {
|
|
37
|
+
if (v == null) return null;
|
|
38
|
+
if (typeof v === "string") return reg.redact(v);
|
|
39
|
+
return reg.redact(JSON.stringify(v));
|
|
40
|
+
};
|
|
41
|
+
|
|
42
|
+
withDbRetry("saveResults", () => db.transaction(() => {
|
|
43
|
+
for (const suite of suiteResults) {
|
|
44
|
+
for (const step of suite.steps) {
|
|
45
|
+
const maxBodySize = 50_000;
|
|
46
|
+
const truncBody = (s: string | null | undefined) =>
|
|
47
|
+
s && s.length > maxBodySize ? s.slice(0, maxBodySize) + "\n...[truncated]" : (s ?? null);
|
|
48
|
+
stmt.run({
|
|
49
|
+
$run_id: runId,
|
|
50
|
+
$suite_name: suite.suite_name,
|
|
51
|
+
$test_name: step.name,
|
|
52
|
+
$status: step.status,
|
|
53
|
+
$duration_ms: step.duration_ms,
|
|
54
|
+
$request_method: step.request.method,
|
|
55
|
+
$request_url: redactString(step.request.url),
|
|
56
|
+
$request_body: redactString(truncBody(step.request.body)),
|
|
57
|
+
$response_status: step.response?.status ?? null,
|
|
58
|
+
$response_body: redactString(truncBody(step.response?.body)),
|
|
59
|
+
$response_headers: step.response?.headers
|
|
60
|
+
? redactJson(step.response.headers)
|
|
61
|
+
: null,
|
|
62
|
+
$error_message: redactString(step.error ?? null),
|
|
63
|
+
$assertions: step.assertions.length > 0 ? redactJson(step.assertions) : null,
|
|
64
|
+
$captures: Object.keys(step.captures).length > 0 ? redactJson(step.captures) : null,
|
|
65
|
+
$suite_file: suite.suite_file ?? null,
|
|
66
|
+
$provenance: step.provenance ? JSON.stringify(step.provenance) : null,
|
|
67
|
+
$failure_class: step.failure_class ?? null,
|
|
68
|
+
$failure_class_reason: step.failure_class_reason ?? null,
|
|
69
|
+
$spec_pointer: step.spec_pointer ?? null,
|
|
70
|
+
$spec_excerpt: redactString(step.spec_excerpt ?? null),
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
})());
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
export function getResultsByRunId(runId: number): StoredStepResult[] {
|
|
78
|
+
const db = getDb();
|
|
79
|
+
const rows = db.query("SELECT * FROM results WHERE run_id = ? ORDER BY id").all(runId) as Array<
|
|
80
|
+
Omit<StoredStepResult, "assertions" | "captures" | "provenance"> & {
|
|
81
|
+
assertions: string | null;
|
|
82
|
+
captures: string | null;
|
|
83
|
+
provenance: string | null;
|
|
84
|
+
}
|
|
85
|
+
>;
|
|
86
|
+
return rows.map((row) => ({
|
|
87
|
+
...row,
|
|
88
|
+
assertions: row.assertions ? JSON.parse(row.assertions) : [],
|
|
89
|
+
captures: row.captures ? JSON.parse(row.captures) : {},
|
|
90
|
+
provenance: parseProvenance(row.provenance),
|
|
91
|
+
}));
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
/**
|
|
95
|
+
* Row shape for the fixture-kind POST history matched by
|
|
96
|
+
* `getRecentFixturePosts`'s SQL LIKE pattern (typically the
|
|
97
|
+
* create-endpoint URL with `{var}` path params replaced by `%`).
|
|
98
|
+
*/
|
|
99
|
+
export interface LastFixtureAttempt {
|
|
100
|
+
request_method: string;
|
|
101
|
+
request_url: string;
|
|
102
|
+
request_body: string | null;
|
|
103
|
+
response_status: number | null;
|
|
104
|
+
response_body: string | null;
|
|
105
|
+
attempted_at: string;
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
/**
|
|
109
|
+
* ARV-278: return the most recent N fixture-POST attempts (most recent
|
|
110
|
+
* first). Powers `dump --with-last-attempt --history N` so the agent
|
|
111
|
+
* sees the progression of errors as the overlay was iterated — e.g.
|
|
112
|
+
* "first 400 said missing X, after fixing the body the next 400 said
|
|
113
|
+
* resource_missing customer" surfaces the cascade-staleness issue (see
|
|
114
|
+
* ARV-282) one level earlier than a single-snapshot view.
|
|
115
|
+
*/
|
|
116
|
+
export function getRecentFixturePosts(
|
|
117
|
+
urlLikePattern: string,
|
|
118
|
+
limit: number,
|
|
119
|
+
): LastFixtureAttempt[] {
|
|
120
|
+
if (!Number.isFinite(limit) || limit <= 0) return [];
|
|
121
|
+
const db = getDb();
|
|
122
|
+
const rows = db.query(`
|
|
123
|
+
SELECT
|
|
124
|
+
r.request_method AS request_method,
|
|
125
|
+
r.request_url AS request_url,
|
|
126
|
+
r.request_body AS request_body,
|
|
127
|
+
r.response_status AS response_status,
|
|
128
|
+
r.response_body AS response_body,
|
|
129
|
+
ru.started_at AS attempted_at
|
|
130
|
+
FROM results r
|
|
131
|
+
JOIN runs ru ON r.run_id = ru.id
|
|
132
|
+
WHERE ru.run_kind = 'fixture'
|
|
133
|
+
AND r.request_method = 'POST'
|
|
134
|
+
AND r.request_url LIKE ?
|
|
135
|
+
ORDER BY ru.started_at DESC, r.id DESC
|
|
136
|
+
LIMIT ?
|
|
137
|
+
`).all(urlLikePattern, Math.floor(limit)) as LastFixtureAttempt[];
|
|
138
|
+
return rows;
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
/**
|
|
142
|
+
* ARV-330: like `getRecentFixturePosts` but across ALL run kinds
|
|
143
|
+
* (`check`/`probe`/`run`/`request`/`fixture`). A root resource with no
|
|
144
|
+
* seed_body is `skip-no-create` by prepare-fixtures, so it never records
|
|
145
|
+
* a fixture-kind POST — yet a depth-check or probe may have POSTed the
|
|
146
|
+
* same create-path and captured the account-level capability error. The
|
|
147
|
+
* hard-blocked classifier reads this wider source so it can still
|
|
148
|
+
* diagnose the gate. Caller is responsible for filtering auth-probe
|
|
149
|
+
* noise (deliberately-broken-cred 401/403s).
|
|
150
|
+
*/
|
|
151
|
+
export function getRecentCreatePosts(
|
|
152
|
+
urlLikePattern: string,
|
|
153
|
+
limit: number,
|
|
154
|
+
excludeLikePattern?: string,
|
|
155
|
+
): LastFixtureAttempt[] {
|
|
156
|
+
if (!Number.isFinite(limit) || limit <= 0) return [];
|
|
157
|
+
const db = getDb();
|
|
158
|
+
// `excludeLikePattern` filters out child sub-resource POSTs in SQL (e.g.
|
|
159
|
+
// `%/v1/accounts/%` drops `/v1/accounts/{id}/reject`); without it the
|
|
160
|
+
// loose trailing wildcard lets a burst of probe sub-calls monopolize the
|
|
161
|
+
// LIMIT window and starve the real create-path attempts (ARV-330).
|
|
162
|
+
const rows = excludeLikePattern
|
|
163
|
+
? db.query(`
|
|
164
|
+
SELECT r.request_method AS request_method, r.request_url AS request_url,
|
|
165
|
+
r.request_body AS request_body, r.response_status AS response_status,
|
|
166
|
+
r.response_body AS response_body, ru.started_at AS attempted_at
|
|
167
|
+
FROM results r JOIN runs ru ON r.run_id = ru.id
|
|
168
|
+
WHERE r.request_method = 'POST' AND r.request_url LIKE ? AND r.request_url NOT LIKE ?
|
|
169
|
+
ORDER BY ru.started_at DESC, r.id DESC LIMIT ?
|
|
170
|
+
`).all(urlLikePattern, excludeLikePattern, Math.floor(limit))
|
|
171
|
+
: db.query(`
|
|
172
|
+
SELECT r.request_method AS request_method, r.request_url AS request_url,
|
|
173
|
+
r.request_body AS request_body, r.response_status AS response_status,
|
|
174
|
+
r.response_body AS response_body, ru.started_at AS attempted_at
|
|
175
|
+
FROM results r JOIN runs ru ON r.run_id = ru.id
|
|
176
|
+
WHERE r.request_method = 'POST' AND r.request_url LIKE ?
|
|
177
|
+
ORDER BY ru.started_at DESC, r.id DESC LIMIT ?
|
|
178
|
+
`).all(urlLikePattern, Math.floor(limit));
|
|
179
|
+
return rows as LastFixtureAttempt[];
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
export function getFilteredResults(
|
|
183
|
+
runId: number,
|
|
184
|
+
filters: {
|
|
185
|
+
method?: string;
|
|
186
|
+
/** Compiled SQL fragment for the `--status` filter (TASK-140). */
|
|
187
|
+
statusSql?: { sql: string; params: number[] };
|
|
188
|
+
},
|
|
189
|
+
): StoredStepResult[] {
|
|
190
|
+
const db = getDb();
|
|
191
|
+
const conditions = ["run_id = ?"];
|
|
192
|
+
const params: (string | number)[] = [runId];
|
|
193
|
+
|
|
194
|
+
if (filters.method) {
|
|
195
|
+
conditions.push("request_method = ?");
|
|
196
|
+
params.push(filters.method.toUpperCase());
|
|
197
|
+
}
|
|
198
|
+
if (filters.statusSql) {
|
|
199
|
+
conditions.push(filters.statusSql.sql);
|
|
200
|
+
params.push(...filters.statusSql.params);
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
const rows = db.query(`SELECT * FROM results WHERE ${conditions.join(" AND ")} ORDER BY id`).all(...params) as Array<
|
|
204
|
+
Omit<StoredStepResult, "assertions" | "captures" | "provenance"> & {
|
|
205
|
+
assertions: string | null;
|
|
206
|
+
captures: string | null;
|
|
207
|
+
provenance: string | null;
|
|
208
|
+
}
|
|
209
|
+
>;
|
|
210
|
+
return rows.map((row) => ({
|
|
211
|
+
...row,
|
|
212
|
+
assertions: row.assertions ? JSON.parse(row.assertions) : [],
|
|
213
|
+
captures: row.captures ? JSON.parse(row.captures) : {},
|
|
214
|
+
provenance: parseProvenance(row.provenance),
|
|
215
|
+
}));
|
|
216
|
+
}
|