@kirrosh/zond 0.26.0 → 0.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (261) hide show
  1. package/CHANGELOG.md +59 -0
  2. package/README.md +22 -21
  3. package/bin/zond.mjs +23 -0
  4. package/package.json +13 -16
  5. package/scripts/npm/postinstall.mjs +76 -0
  6. package/src/CLAUDE.md +0 -112
  7. package/src/bun-types.d.ts +0 -5
  8. package/src/cli/argv.ts +0 -122
  9. package/src/cli/commands/add-api.ts +0 -146
  10. package/src/cli/commands/api/annotate/idempotency.ts +0 -59
  11. package/src/cli/commands/api/annotate/index.ts +0 -880
  12. package/src/cli/commands/api/annotate/lifecycle.ts +0 -74
  13. package/src/cli/commands/api/annotate/overlay.ts +0 -206
  14. package/src/cli/commands/api/annotate/pagination.ts +0 -64
  15. package/src/cli/commands/api/annotate/prompts.ts +0 -220
  16. package/src/cli/commands/api/annotate/readback.ts +0 -58
  17. package/src/cli/commands/api/annotate/resources.ts +0 -91
  18. package/src/cli/commands/api/annotate/seed-bodies.ts +0 -61
  19. package/src/cli/commands/audit.ts +0 -786
  20. package/src/cli/commands/catalog.ts +0 -97
  21. package/src/cli/commands/check.ts +0 -361
  22. package/src/cli/commands/checks.ts +0 -1072
  23. package/src/cli/commands/ci-init.ts +0 -223
  24. package/src/cli/commands/clean.ts +0 -212
  25. package/src/cli/commands/cleanup.ts +0 -236
  26. package/src/cli/commands/completions.ts +0 -192
  27. package/src/cli/commands/coverage.ts +0 -872
  28. package/src/cli/commands/db.ts +0 -611
  29. package/src/cli/commands/describe.ts +0 -120
  30. package/src/cli/commands/discover.ts +0 -1356
  31. package/src/cli/commands/doctor.ts +0 -661
  32. package/src/cli/commands/fixtures.ts +0 -402
  33. package/src/cli/commands/generate.ts +0 -577
  34. package/src/cli/commands/init/agents-md.ts +0 -61
  35. package/src/cli/commands/init/bootstrap.ts +0 -111
  36. package/src/cli/commands/init/index.ts +0 -244
  37. package/src/cli/commands/init/skills.ts +0 -141
  38. package/src/cli/commands/init/templates/agents.md +0 -86
  39. package/src/cli/commands/init/templates/markdown.d.ts +0 -4
  40. package/src/cli/commands/init/templates/skills/warm-up-target.md +0 -122
  41. package/src/cli/commands/init/templates/skills/zond-checks.md +0 -621
  42. package/src/cli/commands/init/templates/skills/zond-seed.md +0 -114
  43. package/src/cli/commands/init/templates/skills/zond-triage.md +0 -272
  44. package/src/cli/commands/init/templates/skills/zond.md +0 -861
  45. package/src/cli/commands/init/templates/zond-config.yml +0 -14
  46. package/src/cli/commands/prepare-fixtures.ts +0 -97
  47. package/src/cli/commands/probe/_seed-bodies.ts +0 -52
  48. package/src/cli/commands/probe/mass-assignment.ts +0 -594
  49. package/src/cli/commands/probe/security.ts +0 -537
  50. package/src/cli/commands/probe/static.ts +0 -255
  51. package/src/cli/commands/probe/webhooks.ts +0 -163
  52. package/src/cli/commands/probe.ts +0 -535
  53. package/src/cli/commands/reference.ts +0 -87
  54. package/src/cli/commands/refresh-api.ts +0 -227
  55. package/src/cli/commands/remove-api.ts +0 -150
  56. package/src/cli/commands/report-bundle.ts +0 -310
  57. package/src/cli/commands/report.ts +0 -241
  58. package/src/cli/commands/request.ts +0 -548
  59. package/src/cli/commands/run.ts +0 -1142
  60. package/src/cli/commands/schema-from-runs.ts +0 -128
  61. package/src/cli/commands/secrets.ts +0 -133
  62. package/src/cli/commands/session.ts +0 -244
  63. package/src/cli/commands/use.ts +0 -74
  64. package/src/cli/index.ts +0 -55
  65. package/src/cli/json-envelope.ts +0 -108
  66. package/src/cli/json-schemas.ts +0 -314
  67. package/src/cli/output.ts +0 -40
  68. package/src/cli/program.ts +0 -219
  69. package/src/cli/resolve.ts +0 -105
  70. package/src/cli/runtime.ts +0 -7
  71. package/src/cli/safe-live.ts +0 -24
  72. package/src/cli/status-filter.ts +0 -114
  73. package/src/cli/util/api-context.ts +0 -85
  74. package/src/cli/version.ts +0 -8
  75. package/src/core/audit/persist.ts +0 -183
  76. package/src/core/checks/budget.ts +0 -59
  77. package/src/core/checks/checks/_crud-helpers.ts +0 -133
  78. package/src/core/checks/checks/_negative_mutator.ts +0 -133
  79. package/src/core/checks/checks/_readback-helpers.ts +0 -133
  80. package/src/core/checks/checks/content_type_conformance.ts +0 -39
  81. package/src/core/checks/checks/cross_call_references.ts +0 -147
  82. package/src/core/checks/checks/cursor_boundary_fuzzing.ts +0 -219
  83. package/src/core/checks/checks/ensure_resource_availability.ts +0 -62
  84. package/src/core/checks/checks/idempotency_replay.ts +0 -242
  85. package/src/core/checks/checks/ignored_auth.ts +0 -254
  86. package/src/core/checks/checks/index.ts +0 -68
  87. package/src/core/checks/checks/lifecycle_transitions.ts +0 -416
  88. package/src/core/checks/checks/missing_required_header.ts +0 -40
  89. package/src/core/checks/checks/negative_data_rejection.ts +0 -148
  90. package/src/core/checks/checks/not_a_server_error.ts +0 -35
  91. package/src/core/checks/checks/open_cors_on_sensitive.ts +0 -160
  92. package/src/core/checks/checks/pagination_invariants.ts +0 -419
  93. package/src/core/checks/checks/positive_data_acceptance.ts +0 -33
  94. package/src/core/checks/checks/rate_limit_headers_absent.ts +0 -77
  95. package/src/core/checks/checks/response_headers_conformance.ts +0 -74
  96. package/src/core/checks/checks/response_schema_conformance.ts +0 -30
  97. package/src/core/checks/checks/status_code_conformance.ts +0 -132
  98. package/src/core/checks/checks/unsupported_method.ts +0 -63
  99. package/src/core/checks/checks/use_after_free.ts +0 -78
  100. package/src/core/checks/index.ts +0 -30
  101. package/src/core/checks/mode.ts +0 -82
  102. package/src/core/checks/recommended-action.ts +0 -68
  103. package/src/core/checks/registry.ts +0 -78
  104. package/src/core/checks/runner.ts +0 -1461
  105. package/src/core/checks/sarif.ts +0 -230
  106. package/src/core/checks/spec-findings.ts +0 -308
  107. package/src/core/checks/stateful.ts +0 -121
  108. package/src/core/checks/types.ts +0 -305
  109. package/src/core/checks/zond-extensions.ts +0 -73
  110. package/src/core/classifier/recommended-action.ts +0 -251
  111. package/src/core/context/current.ts +0 -51
  112. package/src/core/context/session.ts +0 -78
  113. package/src/core/coverage/loader.ts +0 -216
  114. package/src/core/coverage/reasons.ts +0 -300
  115. package/src/core/diagnostics/db-analysis.ts +0 -666
  116. package/src/core/diagnostics/failure-class.ts +0 -140
  117. package/src/core/diagnostics/failure-hints.ts +0 -112
  118. package/src/core/diagnostics/spec-pointer.ts +0 -99
  119. package/src/core/diagnostics/suggested-fixes.ts +0 -155
  120. package/src/core/exporter/case-study/index.ts +0 -270
  121. package/src/core/exporter/curl.ts +0 -40
  122. package/src/core/exporter/exporter.ts +0 -48
  123. package/src/core/exporter/html-report/escape.ts +0 -24
  124. package/src/core/exporter/html-report/index.ts +0 -479
  125. package/src/core/exporter/html-report/script.ts +0 -100
  126. package/src/core/exporter/html-report/styles.ts +0 -408
  127. package/src/core/generator/catalog-builder.ts +0 -179
  128. package/src/core/generator/chunker.ts +0 -78
  129. package/src/core/generator/coverage-phase.ts +0 -0
  130. package/src/core/generator/coverage-scanner.ts +0 -87
  131. package/src/core/generator/data-factory.ts +0 -759
  132. package/src/core/generator/describe.ts +0 -302
  133. package/src/core/generator/endpoint-warnings.ts +0 -52
  134. package/src/core/generator/fixtures-builder.ts +0 -332
  135. package/src/core/generator/index.ts +0 -14
  136. package/src/core/generator/openapi-reader.ts +0 -297
  137. package/src/core/generator/path-param-disambig.ts +0 -140
  138. package/src/core/generator/resources-builder.ts +0 -898
  139. package/src/core/generator/schema-utils.ts +0 -112
  140. package/src/core/generator/serializer.ts +0 -343
  141. package/src/core/generator/suite-generator.ts +0 -1301
  142. package/src/core/generator/types.ts +0 -63
  143. package/src/core/identity/identity-file.ts +0 -0
  144. package/src/core/lint/affects.ts +0 -28
  145. package/src/core/lint/config.ts +0 -96
  146. package/src/core/lint/format.ts +0 -42
  147. package/src/core/lint/index.ts +0 -94
  148. package/src/core/lint/reporter.ts +0 -128
  149. package/src/core/lint/rules/consistency.ts +0 -158
  150. package/src/core/lint/rules/heuristics.ts +0 -97
  151. package/src/core/lint/rules/strictness.ts +0 -109
  152. package/src/core/lint/types.ts +0 -96
  153. package/src/core/lint/walker.ts +0 -248
  154. package/src/core/meta/meta-store.ts +0 -11
  155. package/src/core/output/README.md +0 -73
  156. package/src/core/output/index.ts +0 -13
  157. package/src/core/output/run.ts +0 -91
  158. package/src/core/output/types.ts +0 -122
  159. package/src/core/parser/dynamic-values.ts +0 -160
  160. package/src/core/parser/env-interpolation.ts +0 -104
  161. package/src/core/parser/filter.ts +0 -97
  162. package/src/core/parser/schema.ts +0 -359
  163. package/src/core/parser/types.ts +0 -117
  164. package/src/core/parser/variables.ts +0 -0
  165. package/src/core/parser/yaml-parser.ts +0 -181
  166. package/src/core/probe/bootstrap.ts +0 -34
  167. package/src/core/probe/dry-run-envelope.ts +0 -61
  168. package/src/core/probe/mass-assignment/classify.ts +0 -175
  169. package/src/core/probe/mass-assignment/cleanup.ts +0 -52
  170. package/src/core/probe/mass-assignment/digest.ts +0 -114
  171. package/src/core/probe/mass-assignment/orchestrator.ts +0 -459
  172. package/src/core/probe/mass-assignment/regression.ts +0 -141
  173. package/src/core/probe/mass-assignment/suspects.ts +0 -92
  174. package/src/core/probe/mass-assignment/types.ts +0 -135
  175. package/src/core/probe/mass-assignment-probe-class.ts +0 -198
  176. package/src/core/probe/mass-assignment-probe.ts +0 -27
  177. package/src/core/probe/mass-assignment-template.ts +0 -240
  178. package/src/core/probe/method-probe.ts +0 -164
  179. package/src/core/probe/method-shared.ts +0 -69
  180. package/src/core/probe/negative-probe.ts +0 -691
  181. package/src/core/probe/orphan-tracker.ts +0 -188
  182. package/src/core/probe/path-discovery.ts +0 -439
  183. package/src/core/probe/probe-harness.ts +0 -119
  184. package/src/core/probe/registry.ts +0 -89
  185. package/src/core/probe/runner.ts +0 -136
  186. package/src/core/probe/security/baseline.ts +0 -174
  187. package/src/core/probe/security/classify.ts +0 -341
  188. package/src/core/probe/security/cleanup.ts +0 -125
  189. package/src/core/probe/security/detectors.ts +0 -71
  190. package/src/core/probe/security/digest.ts +0 -104
  191. package/src/core/probe/security/orchestrator.ts +0 -398
  192. package/src/core/probe/security/regression.ts +0 -103
  193. package/src/core/probe/security/types.ts +0 -151
  194. package/src/core/probe/security-probe-class.ts +0 -207
  195. package/src/core/probe/security-probe.ts +0 -32
  196. package/src/core/probe/shared.ts +0 -531
  197. package/src/core/probe/static-probe-class.ts +0 -125
  198. package/src/core/probe/types.ts +0 -165
  199. package/src/core/probe/verdict-aggregator.ts +0 -33
  200. package/src/core/probe/webhooks-probe.ts +0 -282
  201. package/src/core/reporter/console.ts +0 -240
  202. package/src/core/reporter/index.ts +0 -22
  203. package/src/core/reporter/json.ts +0 -22
  204. package/src/core/reporter/junit.ts +0 -93
  205. package/src/core/reporter/ndjson.ts +0 -37
  206. package/src/core/reporter/types.ts +0 -15
  207. package/src/core/runner/assertions.ts +0 -383
  208. package/src/core/runner/async-pool.ts +0 -108
  209. package/src/core/runner/auth-path.ts +0 -8
  210. package/src/core/runner/ci-context.ts +0 -72
  211. package/src/core/runner/executor.ts +0 -652
  212. package/src/core/runner/expr-eval.ts +0 -41
  213. package/src/core/runner/form-encode.ts +0 -41
  214. package/src/core/runner/http-client.ts +0 -224
  215. package/src/core/runner/learn-drift.ts +0 -293
  216. package/src/core/runner/preflight-vars.ts +0 -153
  217. package/src/core/runner/progress-tracker.ts +0 -73
  218. package/src/core/runner/rate-limiter.ts +0 -185
  219. package/src/core/runner/run-kind.ts +0 -45
  220. package/src/core/runner/schema-validator.ts +0 -308
  221. package/src/core/runner/send-request.ts +0 -232
  222. package/src/core/runner/transforms.ts +0 -65
  223. package/src/core/runner/types.ts +0 -94
  224. package/src/core/secrets/registry.ts +0 -164
  225. package/src/core/secrets/secrets-file.ts +0 -115
  226. package/src/core/selectors/operation-filter.ts +0 -144
  227. package/src/core/setup-api.ts +0 -590
  228. package/src/core/severity/category.ts +0 -94
  229. package/src/core/severity/index.ts +0 -58
  230. package/src/core/spec/infer-schema.ts +0 -102
  231. package/src/core/spec/layers.ts +0 -154
  232. package/src/core/spec/merge-specs.ts +0 -156
  233. package/src/core/spec/schema-from-runs.ts +0 -117
  234. package/src/core/spec/schema-overlay.ts +0 -130
  235. package/src/core/util/ajv.ts +0 -13
  236. package/src/core/util/format-eta.ts +0 -21
  237. package/src/core/util/headers.ts +0 -9
  238. package/src/core/util/url.ts +0 -24
  239. package/src/core/utils.ts +0 -13
  240. package/src/core/workspace/config.ts +0 -129
  241. package/src/core/workspace/fixture-gap-report.ts +0 -84
  242. package/src/core/workspace/fixture-gaps.ts +0 -71
  243. package/src/core/workspace/manifest.ts +0 -283
  244. package/src/core/workspace/output-rotation.ts +0 -62
  245. package/src/core/workspace/root.ts +0 -96
  246. package/src/core/workspace/triage-path.ts +0 -87
  247. package/src/db/lint-runs.ts +0 -47
  248. package/src/db/migrate.ts +0 -128
  249. package/src/db/migrations/0001_run_kind.sql +0 -25
  250. package/src/db/migrations/0002_run_kind_request.sql +0 -59
  251. package/src/db/migrations/sql.d.ts +0 -4
  252. package/src/db/queries/collections.ts +0 -133
  253. package/src/db/queries/coverage.ts +0 -9
  254. package/src/db/queries/dashboard.ts +0 -59
  255. package/src/db/queries/results.ts +0 -216
  256. package/src/db/queries/runs.ts +0 -289
  257. package/src/db/queries/sessions.ts +0 -42
  258. package/src/db/queries/settings.ts +0 -28
  259. package/src/db/queries/types.ts +0 -172
  260. package/src/db/queries.ts +0 -75
  261. package/src/db/schema.ts +0 -298
@@ -1,223 +0,0 @@
1
- import { resolve, dirname } from "path";
2
- import { existsSync, mkdirSync, writeFileSync } from "fs";
3
- import { printSuccess, printError } from "../output.ts";
4
- import { jsonOk, printJson } from "../json-envelope.ts";
5
-
6
- export interface CiInitOptions {
7
- platform?: "github" | "gitlab";
8
- force: boolean;
9
- dir?: string;
10
- json?: boolean;
11
- }
12
-
13
- const GH_ACTIONS_TEMPLATE = `name: API Tests
14
- on:
15
- push:
16
- branches: [main]
17
- pull_request:
18
- schedule:
19
- - cron: "0 */6 * * *"
20
- workflow_dispatch:
21
- repository_dispatch:
22
- types: [api-updated]
23
-
24
- permissions:
25
- contents: read
26
- checks: write
27
- pull-requests: write
28
- # ARV-5: required for github/codeql-action/upload-sarif to surface
29
- # zond-checks findings in the Code Scanning tab.
30
- security-events: write
31
-
32
- jobs:
33
- test:
34
- runs-on: ubuntu-latest
35
- steps:
36
- - uses: actions/checkout@v4
37
-
38
- - name: Install zond
39
- run: curl -fsSL https://raw.githubusercontent.com/kirrosh/zond/master/install.sh | sh
40
-
41
- - name: Check coverage
42
- run: zond coverage --api myapi --fail-on-coverage 60
43
- # Fails if coverage drops below 60% — adjust threshold as needed
44
-
45
- - name: Run smoke tests (read-only, safe for production)
46
- run: |
47
- mkdir -p test-results
48
- # --exclude-tag needs-id skips positive smoke that needs real IDs from .env.yaml
49
- zond run apis/ --tag smoke --exclude-tag needs-id --safe --report junit --no-db > test-results/smoke.xml
50
- # Use --env-var "API_KEY=\${{ secrets.API_KEY }}" to inject secrets without writing to disk
51
- continue-on-error: true
52
-
53
- - name: Run CRUD tests (staging only — ephemeral suites only)
54
- run: |
55
- # --exclude-tag persistent-write keeps only ephemeral CRUD (suites that DELETE what they create).
56
- # Drop --exclude-tag persistent-write to opt into write suites that leave residual data.
57
- zond run apis/ --tag crud --exclude-tag persistent-write --env staging --report junit --no-db > test-results/crud.xml
58
- # Add --env-var "BASE_URL=\${{ secrets.STAGING_URL }}" for staging URL
59
- continue-on-error: true
60
-
61
- - name: Run depth checks (SARIF for Code Scanning)
62
- run: |
63
- zond checks run --api myapi --report sarif --output test-results/zond-checks.sarif || true
64
- # ARV-5: \`|| true\` keeps the workflow green even when HIGH/CRITICAL
65
- # findings would otherwise exit 1 — Code Scanning will still get the
66
- # SARIF and gate on the alerts via branch protection if desired.
67
- continue-on-error: true
68
-
69
- - name: Upload SARIF to GitHub Code Scanning
70
- if: always()
71
- uses: github/codeql-action/upload-sarif@v3
72
- with:
73
- sarif_file: test-results/zond-checks.sarif
74
- category: zond-checks
75
-
76
- - name: Publish test results
77
- uses: EnricoMi/publish-unit-test-result-action@v2
78
- if: always()
79
- with:
80
- files: test-results/*.xml
81
-
82
- - uses: actions/upload-artifact@v4
83
- if: always()
84
- with:
85
- name: test-results
86
- path: test-results/
87
- `;
88
-
89
- const GITLAB_CI_TEMPLATE = `# Trigger via API: curl -X POST --form ref=main --form token=TRIGGER_TOKEN $CI_API_V4_URL/projects/$CI_PROJECT_ID/trigger/pipeline
90
-
91
- variables:
92
- # Set API_KEY in GitLab CI/CD → Settings → Variables
93
- API_KEY: ""
94
-
95
- api-coverage:
96
- image: ubuntu:latest
97
- before_script:
98
- - apt-get update -qq && apt-get install -y -qq curl
99
- - curl -fsSL https://raw.githubusercontent.com/kirrosh/zond/master/install.sh | sh
100
- script:
101
- - zond coverage --api myapi --fail-on-coverage 60
102
-
103
- api-smoke:
104
- image: ubuntu:latest
105
- before_script:
106
- - apt-get update -qq && apt-get install -y -qq curl
107
- - curl -fsSL https://raw.githubusercontent.com/kirrosh/zond/master/install.sh | sh
108
- script:
109
- - mkdir -p test-results
110
- # Use --env-var to inject secrets without writing to disk.
111
- # --exclude-tag needs-id skips positive smoke that needs real IDs from .env.yaml.
112
- - zond run apis/ --tag smoke --exclude-tag needs-id --safe --report junit --no-db --env-var "API_KEY=$API_KEY" > test-results/smoke.xml
113
- allow_failure:
114
- exit_codes: 1
115
- artifacts:
116
- when: always
117
- reports:
118
- junit: test-results/smoke.xml
119
-
120
- api-crud:
121
- image: ubuntu:latest
122
- before_script:
123
- - apt-get update -qq && apt-get install -y -qq curl
124
- - curl -fsSL https://raw.githubusercontent.com/kirrosh/zond/master/install.sh | sh
125
- script:
126
- - mkdir -p test-results
127
- # --exclude-tag persistent-write keeps only ephemeral CRUD (suites that DELETE what they create).
128
- # Drop --exclude-tag persistent-write to opt into write suites that leave residual data.
129
- - zond run apis/ --tag crud --exclude-tag persistent-write --env staging --report junit --no-db > test-results/crud.xml
130
- allow_failure:
131
- exit_codes: 1
132
- artifacts:
133
- when: always
134
- reports:
135
- junit: test-results/crud.xml
136
- `;
137
-
138
- function writeIfMissing(filePath: string, content: string, force: boolean): boolean {
139
- if (!force && existsSync(filePath)) {
140
- console.log(` Skipped ${filePath} (already exists, use --force to overwrite)`);
141
- return false;
142
- }
143
- const dir = dirname(filePath);
144
- if (!existsSync(dir)) {
145
- mkdirSync(dir, { recursive: true });
146
- }
147
- writeFileSync(filePath, content, "utf-8");
148
- console.log(` Created ${filePath}`);
149
- return true;
150
- }
151
-
152
- function detectPlatform(cwd: string): "github" | "gitlab" | undefined {
153
- if (existsSync(resolve(cwd, ".github"))) return "github";
154
- if (existsSync(resolve(cwd, ".gitlab-ci.yml"))) return "gitlab";
155
- return undefined;
156
- }
157
-
158
- export async function ciInitCommand(options: CiInitOptions): Promise<number> {
159
- const cwd = options.dir ? resolve(options.dir) : process.cwd();
160
- let platform = options.platform;
161
-
162
- if (!platform) {
163
- platform = detectPlatform(cwd);
164
- if (!platform) {
165
- platform = "github";
166
- console.log("No CI platform detected, defaulting to GitHub Actions.\n");
167
- } else {
168
- console.log(`Detected ${platform === "github" ? "GitHub Actions" : "GitLab CI"}.\n`);
169
- }
170
- }
171
-
172
- console.log(`Generating ${platform === "github" ? "GitHub Actions" : "GitLab CI"} workflow...\n`);
173
-
174
- let created = false;
175
-
176
- if (platform === "github") {
177
- const targetPath = resolve(cwd, ".github/workflows/api-tests.yml");
178
- created = writeIfMissing(targetPath, GH_ACTIONS_TEMPLATE, options.force);
179
- } else {
180
- const targetPath = resolve(cwd, ".gitlab-ci.yml");
181
- created = writeIfMissing(targetPath, GITLAB_CI_TEMPLATE, options.force);
182
- }
183
-
184
- if (options.json) {
185
- const targetPath = platform === "github"
186
- ? resolve(cwd, ".github/workflows/api-tests.yml")
187
- : resolve(cwd, ".gitlab-ci.yml");
188
- printJson(jsonOk("ci init", {
189
- platform,
190
- filePath: targetPath,
191
- created,
192
- }));
193
- } else if (created) {
194
- printSuccess("CI workflow created. Commit and push to activate.");
195
- }
196
-
197
- return 0;
198
- }
199
-
200
- import type { Command } from "commander";
201
- import { globalJson } from "../resolve.ts";
202
-
203
- export function registerCi(program: Command): void {
204
- const ci = program.command("ci").description("CI/CD scaffolding");
205
- ci
206
- .command("init")
207
- .description("Generate CI/CD workflow (GitHub Actions, GitLab CI)")
208
- .option("--github", "Generate GitHub Actions workflow")
209
- .option("--gitlab", "Generate GitLab CI config")
210
- .option("--dir <path>", "Project root directory (default: current directory)")
211
- .option("--force", "Overwrite existing CI config")
212
- .action(async (opts, cmd: Command) => {
213
- let platform: "github" | "gitlab" | undefined;
214
- if (opts.github === true) platform = "github";
215
- else if (opts.gitlab === true) platform = "gitlab";
216
- process.exitCode = await ciInitCommand({
217
- platform,
218
- force: opts.force === true,
219
- dir: opts.dir,
220
- json: globalJson(cmd),
221
- });
222
- });
223
- }
@@ -1,212 +0,0 @@
1
- /**
2
- * `zond clean` — remove auto-generated files tracked in `.zond/manifest.json`.
3
- *
4
- * Default mode is dry-run; `--force` is required to actually delete. Files
5
- * whose sha256 no longer matches the manifest entry are treated as
6
- * manually-edited and skipped (TASK-156, m-9).
7
- */
8
-
9
- import { rmSync, rmdirSync, readdirSync, existsSync } from "node:fs";
10
- import { dirname, resolve } from "node:path";
11
- import { findWorkspaceRoot } from "../../core/workspace/root.ts";
12
- import {
13
- hasManifest,
14
- inspectEntries,
15
- loadManifest,
16
- removeManifestEntries,
17
- selectEntriesEx,
18
- type CleanItem,
19
- type ManifestCategory,
20
- } from "../../core/workspace/manifest.ts";
21
- import type { Command } from "commander";
22
- import { jsonOk, jsonError, printJson } from "../json-envelope.ts";
23
- import { printError, printSuccess } from "../output.ts";
24
- import { globalJson } from "../resolve.ts";
25
- import { getApi } from "../util/api-context.ts";
26
-
27
- export interface CleanOptions {
28
- api?: string;
29
- probes?: boolean;
30
- all?: boolean;
31
- force?: boolean;
32
- json?: boolean;
33
- }
34
-
35
- export async function cleanCommand(opts: CleanOptions): Promise<number> {
36
- const ws = findWorkspaceRoot();
37
- if (ws.fromFallback) {
38
- const m = "No workspace detected. Run `zond init` first.";
39
- if (opts.json) printJson(jsonError("clean", [m])); else printError(m);
40
- return 2;
41
- }
42
-
43
- if (!hasManifest(ws.root)) {
44
- const msg = `No .zond/manifest.json — nothing tracked yet. Run \`zond add api\`, \`zond generate\`, or a probe-* --emit first.`;
45
- if (opts.json) {
46
- printJson(jsonOk("clean", { dryRun: true, deleted: [], modified: [], missing: [], message: msg }));
47
- } else {
48
- console.log(msg);
49
- }
50
- return 0;
51
- }
52
-
53
- if (!opts.api && !opts.probes && !opts.all) {
54
- const m = "Specify a scope: --api <name>, --probes, or --all.";
55
- if (opts.json) printJson(jsonError("clean", [m])); else printError(m);
56
- return 2;
57
- }
58
-
59
- const manifest = loadManifest(ws.root);
60
- const category: ManifestCategory | undefined = opts.probes ? "probes" : undefined;
61
- const { selected: entries, probesPreserved } = selectEntriesEx(manifest, {
62
- api: opts.api,
63
- category,
64
- all: opts.all && !opts.api && !opts.probes,
65
- });
66
-
67
- if (entries.length === 0 && probesPreserved.length === 0) {
68
- const m = "No matching auto-generated files in manifest.";
69
- if (opts.json) {
70
- printJson(jsonOk("clean", { dryRun: true, deleted: [], modified: [], missing: [], message: m }));
71
- } else {
72
- console.log(m);
73
- }
74
- return 0;
75
- }
76
-
77
- const items = inspectEntries(ws.root, entries);
78
- const toDelete = items.filter((i) => i.verdict === "delete");
79
- const modified = items.filter((i) => i.verdict === "modified");
80
- const missing = items.filter((i) => i.verdict === "missing");
81
-
82
- const dryRun = !opts.force;
83
-
84
- if (!dryRun) {
85
- for (const item of toDelete) {
86
- try {
87
- rmSync(item.absPath, { force: true });
88
- } catch {
89
- // best-effort
90
- }
91
- }
92
- pruneEmptyDirs(ws.root, toDelete);
93
- const removedPaths = [...toDelete, ...missing].map((i) => i.entry.path);
94
- removeManifestEntries(ws.root, removedPaths);
95
- }
96
-
97
- if (opts.json) {
98
- printJson(jsonOk("clean", {
99
- dryRun,
100
- scope: { api: opts.api, probes: !!opts.probes, all: !!opts.all },
101
- deleted: toDelete.map(itemSummary),
102
- modified: modified.map(itemSummary),
103
- missing: missing.map(itemSummary),
104
- probesPreserved: probesPreserved.map((e) => ({ path: e.path, api: e.api })),
105
- }));
106
- return 0;
107
- }
108
-
109
- const verb = dryRun ? "Would delete" : "Deleted";
110
- printSuccess(`${verb} ${toDelete.length} file(s); ${modified.length} skipped (manually edited); ${missing.length} already missing.`);
111
- if (toDelete.length > 0) {
112
- console.log("");
113
- console.log(`${verb}:`);
114
- for (const i of toDelete) console.log(` - ${i.entry.path}`);
115
- }
116
- if (modified.length > 0) {
117
- console.log("");
118
- console.log("Skipped (manually edited, sha256 mismatch):");
119
- for (const i of modified) console.log(` ! ${i.entry.path}`);
120
- }
121
- // TASK-258: probes belong to a separate pipeline. Scoping by --api alone
122
- // preserves them and surfaces the regen command so users don't lose
123
- // 30s+ of probe-validation/-methods work to a typo.
124
- if (probesPreserved.length > 0) {
125
- console.log("");
126
- console.log(`Preserved ${probesPreserved.length} probe-suite file(s) under apis/${opts.api ?? "<api>"}/probes/.`);
127
- console.log("Pass --probes to also remove them, or regenerate via:");
128
- console.log(` zond probe-validation --api ${opts.api} --output apis/${opts.api}/probes`);
129
- console.log(` zond probe-methods --api ${opts.api} --output apis/${opts.api}/probes`);
130
- }
131
- if (dryRun) {
132
- console.log("");
133
- console.log("Re-run with --force to actually delete.");
134
- }
135
- return 0;
136
- }
137
-
138
- function itemSummary(i: CleanItem) {
139
- return {
140
- path: i.entry.path,
141
- by: i.entry.by,
142
- ts: i.entry.ts,
143
- api: i.entry.api,
144
- category: i.entry.category,
145
- verdict: i.verdict,
146
- };
147
- }
148
-
149
- /**
150
- * After deleting tracked files, remove any directories that are now empty
151
- * and live inside the workspace. Best-effort: stops at first non-empty dir.
152
- */
153
- function pruneEmptyDirs(workspaceRoot: string, items: CleanItem[]): void {
154
- const dirs = new Set<string>();
155
- for (const i of items) dirs.add(dirname(i.absPath));
156
- // Process deepest first.
157
- const sorted = [...dirs].sort((a, b) => b.length - a.length);
158
- for (const d of sorted) {
159
- let cur = d;
160
- while (cur.startsWith(workspaceRoot) && cur !== workspaceRoot) {
161
- if (!existsSync(cur)) {
162
- cur = dirname(cur);
163
- continue;
164
- }
165
- let entries: string[] = [];
166
- try {
167
- entries = readdirSync(cur);
168
- } catch {
169
- break;
170
- }
171
- if (entries.length > 0) break;
172
- try {
173
- rmdirSync(cur);
174
- } catch {
175
- break;
176
- }
177
- cur = dirname(cur);
178
- }
179
- }
180
- // Keep `resolve` reachable for type-only imports.
181
- void resolve;
182
- }
183
-
184
- export function registerClean(program: Command): void {
185
- program
186
- .command("clean")
187
- .description("Remove auto-generated files tracked in .zond/manifest.json (TASK-156, m-9)")
188
- .option("--api <name>", "Limit to a single API (apis/<name>/). Preserves probes/ unless --probes is also passed (TASK-258)")
189
- .option(
190
- "--probes",
191
- "Scope deletion to probe-suite files only (apis/<api>/probes/). " +
192
- "TASK-265: this is effectively `--probes-only` — `tests/`, `spec.json`, " +
193
- "and `.api-catalog.yaml` are NEVER touched in this mode. Combine with " +
194
- "--api <name> to limit to one API; alone, removes probes for every API.",
195
- )
196
- .option("--all", "Remove every tracked auto-generated file in the workspace (includes probes/)")
197
- .option("--force", "Actually delete files (default is dry-run)")
198
- .action(async (opts, cmd: Command) => {
199
- // ARV-238 (R-03/F11/SD9): `--api` exists both at program level (TASK-290)
200
- // and on this subcommand; commander absorbs the value into the program
201
- // option, leaving `opts.api` undefined. Fall back via `getApi` so users
202
- // who follow `zond clean --api <name>` (per skill / --help) actually
203
- // scope the run instead of hitting "Specify a scope".
204
- process.exitCode = await cleanCommand({
205
- api: getApi(cmd, opts),
206
- probes: opts.probes === true,
207
- all: opts.all === true,
208
- force: opts.force === true,
209
- json: globalJson(cmd),
210
- });
211
- });
212
- }
@@ -1,236 +0,0 @@
1
- /**
2
- * `zond cleanup` — retry housekeeping that probes couldn't finish.
3
- *
4
- * v1 ships only `--orphans`: read every record from
5
- * `~/.zond/orphans/<api>/<run-id>.jsonl` and re-issue the DELETE for any
6
- * resource that survived the probe's own cleanup attempts. 404 is treated
7
- * as success — the goal is "resource is gone", and the API getting there
8
- * before us is fine. (TASK-278.)
9
- */
10
- import { loadOrphans, markRemoved } from "../../core/probe/orphan-tracker.ts";
11
- import type { OrphanRecord } from "../../core/probe/orphan-tracker.ts";
12
- import { encodePathForRepro } from "../../core/probe/shared.ts";
13
- import { executeRequest } from "../../core/runner/http-client.ts";
14
- import { loadEnvironment, loadEnvMeta } from "../../core/parser/variables.ts";
15
- import { resolveTimeoutMs } from "../../core/workspace/config.ts";
16
- import { jsonOk, jsonError, printJson } from "../json-envelope.ts";
17
- import { printError, printWarning, printSuccess } from "../output.ts";
18
- import { readCurrentApi } from "../../core/context/current.ts";
19
- import type { Command } from "commander";
20
- import { globalJson } from "../resolve.ts";
21
-
22
- export interface CleanupOptions {
23
- orphans: boolean;
24
- api?: string;
25
- /** ARV-139: pass true to disable the default current-api scoping and look
26
- * at orphans across every API in the tracker. */
27
- allApis?: boolean;
28
- runId?: string;
29
- dryRun?: boolean;
30
- json?: boolean;
31
- /** Override base_url resolution. By default the env from cwd .env.yaml or
32
- * apis/<api>/.env.yaml is used. Tests inject a known URL via this. */
33
- baseUrl?: string;
34
- /** Per-request timeout, ms. */
35
- timeoutMs?: number;
36
- }
37
-
38
- /**
39
- * ARV-244 (R-04/F15): orphan records store `deletePath` as it was used at
40
- * probe time — typically built by concatenating literal id segments captured
41
- * from the response. CRLF / open-redirect probes can poison those ids with
42
- * raw `\r`, `\n`, spaces, etc. (e.g. label name `zond-safe\rX-Zond: yes`),
43
- * which makes the DELETE URL malformed: the API gets a request line with an
44
- * embedded CR and silently splits or routes elsewhere → 404 → record stays
45
- * in the queue and the resource leaks. Encoding is shared with the
46
- * security-probe digest via `core/probe/shared.ts#encodePathForRepro`.
47
- */
48
- export const encodeOrphanPath = encodePathForRepro;
49
-
50
- export async function cleanupCommand(opts: CleanupOptions): Promise<number> {
51
- if (!opts.orphans) {
52
- const m = "Nothing to do — pass --orphans to retry leaked probe resources.";
53
- if (opts.json) printJson(jsonError("cleanup", [m]));
54
- else printError(m);
55
- return 2;
56
- }
57
-
58
- // ARV-139: scope the orphan queue to the active API by default. The on-disk
59
- // tracker at ~/.zond/orphans/<api>/... is shared across the workspace, so
60
- // switching APIs (e.g. apis/resend → apis/sentry) would otherwise surface
61
- // orphans from previous work on unrelated APIs — including DELETE attempts
62
- // against endpoints that aren't even part of the active spec. Explicit
63
- // `--api <name>` wins; `--all-apis` opts back into the pre-ARV-139 behaviour.
64
- let scopedApi = opts.api;
65
- if (!scopedApi && !opts.allApis) {
66
- scopedApi = readCurrentApi() ?? undefined;
67
- }
68
-
69
- let records: OrphanRecord[];
70
- try {
71
- const filter: { api?: string; runId?: string } = {};
72
- if (scopedApi) filter.api = scopedApi;
73
- if (opts.runId) filter.runId = opts.runId;
74
- records = await loadOrphans(filter);
75
- } catch (err) {
76
- const m = `Failed to load orphan tracker: ${(err as Error).message}`;
77
- if (opts.json) printJson(jsonError("cleanup", [m]));
78
- else printError(m);
79
- return 2;
80
- }
81
-
82
- // ARV-102 (F7): split orphans into retriable (have a DELETE plan) and
83
- // manual-only (probe knew the resource was created but couldn't derive
84
- // a deletePath / id). Manual-only entries are surfaced separately —
85
- // we can't auto-DELETE them, but the operator must know they exist.
86
- const manualOnly = records.filter(r => r.requires_manual_cleanup === true || r.deletePath === "");
87
- const retriable = records.filter(r => !(r.requires_manual_cleanup === true || r.deletePath === ""));
88
-
89
- if (records.length === 0) {
90
- if (opts.json) printJson(jsonOk("cleanup", { retried: 0, removed: 0, failed: 0, items: [], manual_cleanup_required: [] }));
91
- else console.log("No orphan resources to retry.");
92
- return 0;
93
- }
94
-
95
- // Group by api so we resolve env once per API instead of per record.
96
- const baseUrlByApi = new Map<string, string>();
97
- if (opts.baseUrl) {
98
- for (const r of retriable) baseUrlByApi.set(r.api, opts.baseUrl);
99
- }
100
-
101
- if (opts.dryRun) {
102
- if (opts.json) printJson(jsonOk("cleanup", { dryRun: true, items: retriable, manual_cleanup_required: manualOnly }));
103
- else {
104
- console.log(`Dry-run: ${retriable.length} orphan(s) would be retried:`);
105
- for (const r of retriable) {
106
- console.log(` ${r.method} ${r.path} (id=${r.id}); DELETE ${r.deletePath} — last status: ${r.lastCleanupStatus ?? "n/a"}`);
107
- }
108
- if (manualOnly.length > 0) {
109
- console.log(`\nManual cleanup required: ${manualOnly.length} resource(s) (no DELETE plan):`);
110
- for (const r of manualOnly) {
111
- console.log(` ${r.method} ${r.path}${r.id ? ` (id=${r.id})` : ""} — ${r.lastCleanupError ?? "no DELETE counterpart"}`);
112
- }
113
- }
114
- }
115
- return 0;
116
- }
117
-
118
- // Per-API timeout: CLI flag → apis/<api>/.env.yaml `timeoutMs:` → workspace
119
- // `defaults.timeout_ms` → 30000.
120
- const timeoutByApi = new Map<string, number>();
121
- async function timeoutFor(api: string): Promise<number> {
122
- let t = timeoutByApi.get(api);
123
- if (t !== undefined) return t;
124
- let envTimeout: number | undefined;
125
- try {
126
- const meta = await loadEnvMeta(undefined, `apis/${api}`);
127
- envTimeout = meta.timeoutMs;
128
- } catch { /* meta is best-effort */ }
129
- t = resolveTimeoutMs(opts.timeoutMs, envTimeout);
130
- timeoutByApi.set(api, t);
131
- return t;
132
- }
133
-
134
- const results: Array<{ record: OrphanRecord; status: number | null; ok: boolean; error?: string }> = [];
135
- for (const r of retriable) {
136
- let baseUrl = baseUrlByApi.get(r.api);
137
- if (!baseUrl) {
138
- try {
139
- const env = await loadEnvironment(undefined, `apis/${r.api}`);
140
- baseUrl = env["base_url"];
141
- } catch { /* fall through */ }
142
- }
143
- if (!baseUrl) {
144
- results.push({ record: r, status: null, ok: false, error: `base_url missing — set ZOND_BASE_URL or apis/${r.api}/.env.yaml` });
145
- continue;
146
- }
147
- baseUrlByApi.set(r.api, baseUrl);
148
-
149
- const url = `${baseUrl.replace(/\/+$/, "")}${encodeOrphanPath(r.deletePath)}`;
150
- try {
151
- const resp = await executeRequest(
152
- { method: "DELETE", url, headers: {} },
153
- { timeout: await timeoutFor(r.api), retries: 0 },
154
- );
155
- // 404 = already gone → success. 2xx = just deleted → success.
156
- const ok = resp.status === 404 || (resp.status >= 200 && resp.status < 300);
157
- results.push({ record: r, status: resp.status, ok });
158
- if (ok) await markRemoved(r);
159
- } catch (err) {
160
- results.push({ record: r, status: null, ok: false, error: (err as Error).message });
161
- }
162
- }
163
-
164
- const removed = results.filter(r => r.ok).length;
165
- const failed = results.length - removed;
166
-
167
- if (opts.json) {
168
- printJson(jsonOk("cleanup", {
169
- retried: results.length,
170
- removed,
171
- failed,
172
- items: results.map(r => ({
173
- api: r.record.api,
174
- runId: r.record.runId,
175
- method: r.record.method,
176
- path: r.record.path,
177
- id: r.record.id,
178
- deletePath: r.record.deletePath,
179
- status: r.status,
180
- ok: r.ok,
181
- error: r.error ?? null,
182
- })),
183
- manual_cleanup_required: manualOnly.map(r => ({
184
- api: r.api,
185
- runId: r.runId,
186
- method: r.method,
187
- path: r.path,
188
- id: r.id,
189
- reason: r.lastCleanupError ?? "no DELETE counterpart",
190
- })),
191
- }));
192
- } else {
193
- if (removed > 0) printSuccess(`${removed} orphan(s) cleaned up.`);
194
- if (failed > 0) {
195
- printWarning(`${failed} orphan(s) still alive:`);
196
- for (const r of results) {
197
- if (r.ok) continue;
198
- const tail = r.status != null ? `→ ${r.status}` : (r.error ? `→ err: ${r.error}` : "");
199
- process.stderr.write(` ${r.record.method} ${r.record.path} (id=${r.record.id}); DELETE ${r.record.deletePath} ${tail}\n`);
200
- }
201
- }
202
- if (manualOnly.length > 0) {
203
- printWarning(`${manualOnly.length} resource(s) need manual cleanup (no DELETE plan):`);
204
- for (const r of manualOnly) {
205
- process.stderr.write(` ${r.method} ${r.path}${r.id ? ` (id=${r.id})` : ""} — ${r.lastCleanupError ?? "no DELETE counterpart"}\n`);
206
- }
207
- }
208
- }
209
-
210
- // Manual-only orphans count as "still alive" for exit-code purposes —
211
- // CI must fail loudly when probes leave un-deletable state behind.
212
- return failed > 0 || manualOnly.length > 0 ? 1 : 0;
213
- }
214
-
215
- export function registerCleanup(program: Command): void {
216
- program
217
- .command("cleanup")
218
- .description("Retry probe-leftover work. Currently only --orphans (TASK-278) — re-issues DELETE for resources captured in ~/.zond/orphans/.")
219
- .option("--orphans", "Retry DELETE for resources in the orphan tracker")
220
- .option("--api <name>", "Limit to a single API (matches the orphan-tracker subdirectory; defaults to the current API)")
221
- .option("--all-apis", "Include orphans from every API in the tracker (disables the default current-api scoping)")
222
- .option("--run <id>", "Limit to a single probe run id")
223
- .option("--dry-run", "Print the plan without sending DELETEs")
224
- .option("--timeout <ms>", "Per-request timeout in ms (overrides .env.yaml `timeoutMs` and zond.config.yml `defaults.timeout_ms`; default 30000)")
225
- .action(async (opts, cmd: Command) => {
226
- process.exitCode = await cleanupCommand({
227
- orphans: opts.orphans === true,
228
- api: typeof opts.api === "string" ? opts.api : undefined,
229
- allApis: opts.allApis === true,
230
- runId: typeof opts.run === "string" ? opts.run : undefined,
231
- dryRun: opts.dryRun === true,
232
- timeoutMs: typeof opts.timeout === "string" ? Number(opts.timeout) : undefined,
233
- json: globalJson(cmd),
234
- });
235
- });
236
- }