@kirrosh/zond 0.26.1 → 0.27.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (261) hide show
  1. package/CHANGELOG.md +65 -0
  2. package/README.md +39 -22
  3. package/bin/zond.mjs +23 -0
  4. package/package.json +36 -23
  5. package/scripts/npm/postinstall.mjs +76 -0
  6. package/src/CLAUDE.md +0 -112
  7. package/src/bun-types.d.ts +0 -5
  8. package/src/cli/argv.ts +0 -122
  9. package/src/cli/commands/add-api.ts +0 -146
  10. package/src/cli/commands/api/annotate/idempotency.ts +0 -59
  11. package/src/cli/commands/api/annotate/index.ts +0 -880
  12. package/src/cli/commands/api/annotate/lifecycle.ts +0 -74
  13. package/src/cli/commands/api/annotate/overlay.ts +0 -206
  14. package/src/cli/commands/api/annotate/pagination.ts +0 -64
  15. package/src/cli/commands/api/annotate/prompts.ts +0 -220
  16. package/src/cli/commands/api/annotate/readback.ts +0 -58
  17. package/src/cli/commands/api/annotate/resources.ts +0 -91
  18. package/src/cli/commands/api/annotate/seed-bodies.ts +0 -61
  19. package/src/cli/commands/audit.ts +0 -786
  20. package/src/cli/commands/catalog.ts +0 -97
  21. package/src/cli/commands/check.ts +0 -361
  22. package/src/cli/commands/checks.ts +0 -1072
  23. package/src/cli/commands/ci-init.ts +0 -223
  24. package/src/cli/commands/clean.ts +0 -212
  25. package/src/cli/commands/cleanup.ts +0 -236
  26. package/src/cli/commands/completions.ts +0 -192
  27. package/src/cli/commands/coverage.ts +0 -872
  28. package/src/cli/commands/db.ts +0 -611
  29. package/src/cli/commands/describe.ts +0 -120
  30. package/src/cli/commands/discover.ts +0 -1356
  31. package/src/cli/commands/doctor.ts +0 -661
  32. package/src/cli/commands/fixtures.ts +0 -402
  33. package/src/cli/commands/generate.ts +0 -577
  34. package/src/cli/commands/init/agents-md.ts +0 -61
  35. package/src/cli/commands/init/bootstrap.ts +0 -111
  36. package/src/cli/commands/init/index.ts +0 -244
  37. package/src/cli/commands/init/skills.ts +0 -141
  38. package/src/cli/commands/init/templates/agents.md +0 -86
  39. package/src/cli/commands/init/templates/markdown.d.ts +0 -4
  40. package/src/cli/commands/init/templates/skills/warm-up-target.md +0 -122
  41. package/src/cli/commands/init/templates/skills/zond-checks.md +0 -621
  42. package/src/cli/commands/init/templates/skills/zond-seed.md +0 -114
  43. package/src/cli/commands/init/templates/skills/zond-triage.md +0 -272
  44. package/src/cli/commands/init/templates/skills/zond.md +0 -861
  45. package/src/cli/commands/init/templates/zond-config.yml +0 -14
  46. package/src/cli/commands/prepare-fixtures.ts +0 -97
  47. package/src/cli/commands/probe/_seed-bodies.ts +0 -52
  48. package/src/cli/commands/probe/mass-assignment.ts +0 -594
  49. package/src/cli/commands/probe/security.ts +0 -537
  50. package/src/cli/commands/probe/static.ts +0 -255
  51. package/src/cli/commands/probe/webhooks.ts +0 -163
  52. package/src/cli/commands/probe.ts +0 -535
  53. package/src/cli/commands/reference.ts +0 -87
  54. package/src/cli/commands/refresh-api.ts +0 -227
  55. package/src/cli/commands/remove-api.ts +0 -150
  56. package/src/cli/commands/report-bundle.ts +0 -310
  57. package/src/cli/commands/report.ts +0 -241
  58. package/src/cli/commands/request.ts +0 -548
  59. package/src/cli/commands/run.ts +0 -1162
  60. package/src/cli/commands/schema-from-runs.ts +0 -128
  61. package/src/cli/commands/secrets.ts +0 -133
  62. package/src/cli/commands/session.ts +0 -244
  63. package/src/cli/commands/use.ts +0 -74
  64. package/src/cli/index.ts +0 -55
  65. package/src/cli/json-envelope.ts +0 -108
  66. package/src/cli/json-schemas.ts +0 -314
  67. package/src/cli/output.ts +0 -40
  68. package/src/cli/program.ts +0 -219
  69. package/src/cli/resolve.ts +0 -105
  70. package/src/cli/runtime.ts +0 -7
  71. package/src/cli/safe-live.ts +0 -24
  72. package/src/cli/status-filter.ts +0 -114
  73. package/src/cli/util/api-context.ts +0 -85
  74. package/src/cli/version.ts +0 -8
  75. package/src/core/audit/persist.ts +0 -183
  76. package/src/core/checks/budget.ts +0 -59
  77. package/src/core/checks/checks/_crud-helpers.ts +0 -133
  78. package/src/core/checks/checks/_negative_mutator.ts +0 -133
  79. package/src/core/checks/checks/_readback-helpers.ts +0 -133
  80. package/src/core/checks/checks/content_type_conformance.ts +0 -39
  81. package/src/core/checks/checks/cross_call_references.ts +0 -147
  82. package/src/core/checks/checks/cursor_boundary_fuzzing.ts +0 -219
  83. package/src/core/checks/checks/ensure_resource_availability.ts +0 -62
  84. package/src/core/checks/checks/idempotency_replay.ts +0 -242
  85. package/src/core/checks/checks/ignored_auth.ts +0 -254
  86. package/src/core/checks/checks/index.ts +0 -68
  87. package/src/core/checks/checks/lifecycle_transitions.ts +0 -416
  88. package/src/core/checks/checks/missing_required_header.ts +0 -40
  89. package/src/core/checks/checks/negative_data_rejection.ts +0 -148
  90. package/src/core/checks/checks/not_a_server_error.ts +0 -35
  91. package/src/core/checks/checks/open_cors_on_sensitive.ts +0 -160
  92. package/src/core/checks/checks/pagination_invariants.ts +0 -419
  93. package/src/core/checks/checks/positive_data_acceptance.ts +0 -33
  94. package/src/core/checks/checks/rate_limit_headers_absent.ts +0 -77
  95. package/src/core/checks/checks/response_headers_conformance.ts +0 -74
  96. package/src/core/checks/checks/response_schema_conformance.ts +0 -30
  97. package/src/core/checks/checks/status_code_conformance.ts +0 -132
  98. package/src/core/checks/checks/unsupported_method.ts +0 -63
  99. package/src/core/checks/checks/use_after_free.ts +0 -78
  100. package/src/core/checks/index.ts +0 -30
  101. package/src/core/checks/mode.ts +0 -82
  102. package/src/core/checks/recommended-action.ts +0 -68
  103. package/src/core/checks/registry.ts +0 -78
  104. package/src/core/checks/runner.ts +0 -1461
  105. package/src/core/checks/sarif.ts +0 -230
  106. package/src/core/checks/spec-findings.ts +0 -308
  107. package/src/core/checks/stateful.ts +0 -121
  108. package/src/core/checks/types.ts +0 -305
  109. package/src/core/checks/zond-extensions.ts +0 -73
  110. package/src/core/classifier/recommended-action.ts +0 -251
  111. package/src/core/context/current.ts +0 -51
  112. package/src/core/context/session.ts +0 -78
  113. package/src/core/coverage/loader.ts +0 -216
  114. package/src/core/coverage/reasons.ts +0 -300
  115. package/src/core/diagnostics/db-analysis.ts +0 -666
  116. package/src/core/diagnostics/failure-class.ts +0 -140
  117. package/src/core/diagnostics/failure-hints.ts +0 -112
  118. package/src/core/diagnostics/spec-pointer.ts +0 -99
  119. package/src/core/diagnostics/suggested-fixes.ts +0 -155
  120. package/src/core/exporter/case-study/index.ts +0 -270
  121. package/src/core/exporter/curl.ts +0 -40
  122. package/src/core/exporter/exporter.ts +0 -48
  123. package/src/core/exporter/html-report/escape.ts +0 -24
  124. package/src/core/exporter/html-report/index.ts +0 -479
  125. package/src/core/exporter/html-report/script.ts +0 -100
  126. package/src/core/exporter/html-report/styles.ts +0 -408
  127. package/src/core/generator/catalog-builder.ts +0 -179
  128. package/src/core/generator/chunker.ts +0 -78
  129. package/src/core/generator/coverage-phase.ts +0 -0
  130. package/src/core/generator/coverage-scanner.ts +0 -87
  131. package/src/core/generator/data-factory.ts +0 -759
  132. package/src/core/generator/describe.ts +0 -302
  133. package/src/core/generator/endpoint-warnings.ts +0 -52
  134. package/src/core/generator/fixtures-builder.ts +0 -332
  135. package/src/core/generator/index.ts +0 -14
  136. package/src/core/generator/openapi-reader.ts +0 -297
  137. package/src/core/generator/path-param-disambig.ts +0 -140
  138. package/src/core/generator/resources-builder.ts +0 -898
  139. package/src/core/generator/schema-utils.ts +0 -112
  140. package/src/core/generator/serializer.ts +0 -343
  141. package/src/core/generator/suite-generator.ts +0 -1301
  142. package/src/core/generator/types.ts +0 -63
  143. package/src/core/identity/identity-file.ts +0 -0
  144. package/src/core/lint/affects.ts +0 -28
  145. package/src/core/lint/config.ts +0 -96
  146. package/src/core/lint/format.ts +0 -42
  147. package/src/core/lint/index.ts +0 -94
  148. package/src/core/lint/reporter.ts +0 -128
  149. package/src/core/lint/rules/consistency.ts +0 -158
  150. package/src/core/lint/rules/heuristics.ts +0 -97
  151. package/src/core/lint/rules/strictness.ts +0 -109
  152. package/src/core/lint/types.ts +0 -96
  153. package/src/core/lint/walker.ts +0 -248
  154. package/src/core/meta/meta-store.ts +0 -11
  155. package/src/core/output/README.md +0 -73
  156. package/src/core/output/index.ts +0 -13
  157. package/src/core/output/run.ts +0 -91
  158. package/src/core/output/types.ts +0 -122
  159. package/src/core/parser/dynamic-values.ts +0 -160
  160. package/src/core/parser/env-interpolation.ts +0 -104
  161. package/src/core/parser/filter.ts +0 -97
  162. package/src/core/parser/schema.ts +0 -359
  163. package/src/core/parser/types.ts +0 -117
  164. package/src/core/parser/variables.ts +0 -0
  165. package/src/core/parser/yaml-parser.ts +0 -181
  166. package/src/core/probe/bootstrap.ts +0 -34
  167. package/src/core/probe/dry-run-envelope.ts +0 -61
  168. package/src/core/probe/mass-assignment/classify.ts +0 -175
  169. package/src/core/probe/mass-assignment/cleanup.ts +0 -52
  170. package/src/core/probe/mass-assignment/digest.ts +0 -114
  171. package/src/core/probe/mass-assignment/orchestrator.ts +0 -459
  172. package/src/core/probe/mass-assignment/regression.ts +0 -141
  173. package/src/core/probe/mass-assignment/suspects.ts +0 -92
  174. package/src/core/probe/mass-assignment/types.ts +0 -135
  175. package/src/core/probe/mass-assignment-probe-class.ts +0 -198
  176. package/src/core/probe/mass-assignment-probe.ts +0 -27
  177. package/src/core/probe/mass-assignment-template.ts +0 -240
  178. package/src/core/probe/method-probe.ts +0 -164
  179. package/src/core/probe/method-shared.ts +0 -69
  180. package/src/core/probe/negative-probe.ts +0 -691
  181. package/src/core/probe/orphan-tracker.ts +0 -188
  182. package/src/core/probe/path-discovery.ts +0 -439
  183. package/src/core/probe/probe-harness.ts +0 -119
  184. package/src/core/probe/registry.ts +0 -89
  185. package/src/core/probe/runner.ts +0 -136
  186. package/src/core/probe/security/baseline.ts +0 -174
  187. package/src/core/probe/security/classify.ts +0 -341
  188. package/src/core/probe/security/cleanup.ts +0 -125
  189. package/src/core/probe/security/detectors.ts +0 -71
  190. package/src/core/probe/security/digest.ts +0 -104
  191. package/src/core/probe/security/orchestrator.ts +0 -398
  192. package/src/core/probe/security/regression.ts +0 -103
  193. package/src/core/probe/security/types.ts +0 -151
  194. package/src/core/probe/security-probe-class.ts +0 -207
  195. package/src/core/probe/security-probe.ts +0 -32
  196. package/src/core/probe/shared.ts +0 -531
  197. package/src/core/probe/static-probe-class.ts +0 -125
  198. package/src/core/probe/types.ts +0 -165
  199. package/src/core/probe/verdict-aggregator.ts +0 -33
  200. package/src/core/probe/webhooks-probe.ts +0 -282
  201. package/src/core/reporter/console.ts +0 -240
  202. package/src/core/reporter/index.ts +0 -22
  203. package/src/core/reporter/json.ts +0 -22
  204. package/src/core/reporter/junit.ts +0 -93
  205. package/src/core/reporter/ndjson.ts +0 -37
  206. package/src/core/reporter/types.ts +0 -15
  207. package/src/core/runner/assertions.ts +0 -383
  208. package/src/core/runner/async-pool.ts +0 -108
  209. package/src/core/runner/auth-path.ts +0 -8
  210. package/src/core/runner/ci-context.ts +0 -72
  211. package/src/core/runner/executor.ts +0 -652
  212. package/src/core/runner/expr-eval.ts +0 -41
  213. package/src/core/runner/form-encode.ts +0 -41
  214. package/src/core/runner/http-client.ts +0 -224
  215. package/src/core/runner/learn-drift.ts +0 -293
  216. package/src/core/runner/preflight-vars.ts +0 -153
  217. package/src/core/runner/progress-tracker.ts +0 -73
  218. package/src/core/runner/rate-limiter.ts +0 -185
  219. package/src/core/runner/run-kind.ts +0 -45
  220. package/src/core/runner/schema-validator.ts +0 -308
  221. package/src/core/runner/send-request.ts +0 -232
  222. package/src/core/runner/transforms.ts +0 -65
  223. package/src/core/runner/types.ts +0 -94
  224. package/src/core/secrets/registry.ts +0 -164
  225. package/src/core/secrets/secrets-file.ts +0 -115
  226. package/src/core/selectors/operation-filter.ts +0 -144
  227. package/src/core/setup-api.ts +0 -590
  228. package/src/core/severity/category.ts +0 -94
  229. package/src/core/severity/index.ts +0 -58
  230. package/src/core/spec/infer-schema.ts +0 -102
  231. package/src/core/spec/layers.ts +0 -154
  232. package/src/core/spec/merge-specs.ts +0 -156
  233. package/src/core/spec/schema-from-runs.ts +0 -117
  234. package/src/core/spec/schema-overlay.ts +0 -130
  235. package/src/core/util/ajv.ts +0 -13
  236. package/src/core/util/format-eta.ts +0 -21
  237. package/src/core/util/headers.ts +0 -9
  238. package/src/core/util/url.ts +0 -24
  239. package/src/core/utils.ts +0 -13
  240. package/src/core/workspace/config.ts +0 -129
  241. package/src/core/workspace/fixture-gap-report.ts +0 -84
  242. package/src/core/workspace/fixture-gaps.ts +0 -71
  243. package/src/core/workspace/manifest.ts +0 -283
  244. package/src/core/workspace/output-rotation.ts +0 -62
  245. package/src/core/workspace/root.ts +0 -96
  246. package/src/core/workspace/triage-path.ts +0 -87
  247. package/src/db/lint-runs.ts +0 -47
  248. package/src/db/migrate.ts +0 -128
  249. package/src/db/migrations/0001_run_kind.sql +0 -25
  250. package/src/db/migrations/0002_run_kind_request.sql +0 -59
  251. package/src/db/migrations/sql.d.ts +0 -4
  252. package/src/db/queries/collections.ts +0 -133
  253. package/src/db/queries/coverage.ts +0 -9
  254. package/src/db/queries/dashboard.ts +0 -59
  255. package/src/db/queries/results.ts +0 -216
  256. package/src/db/queries/runs.ts +0 -289
  257. package/src/db/queries/sessions.ts +0 -42
  258. package/src/db/queries/settings.ts +0 -28
  259. package/src/db/queries/types.ts +0 -172
  260. package/src/db/queries.ts +0 -75
  261. package/src/db/schema.ts +0 -298
@@ -1,128 +0,0 @@
1
- /**
2
- * ARV-175: `zond schema-from-runs` — mine 2xx response bodies from a
3
- * persisted run and emit `patch.schema.json` (inferred JSON Schema per
4
- * endpoint+status). Pairs with `refresh-api --merge-schema` (ARV-176).
5
- */
6
- import { writeFile } from "node:fs/promises";
7
- import type { Command } from "commander";
8
- import { readOpenApiSpec, extractEndpoints } from "../../core/generator/index.ts";
9
- import { schemaFromRuns, type ResultRow } from "../../core/spec/schema-from-runs.ts";
10
- import { getResultsByRunId, getLatestRunId } from "../../db/queries.ts";
11
- import { getDb } from "../../db/schema.ts";
12
- import { resolveApiCollection, globalJson } from "../resolve.ts";
13
- import { getApi } from "../util/api-context.ts";
14
- import { jsonOk, jsonError, printJson } from "../json-envelope.ts";
15
- import { printError, printSuccess, printWarning } from "../output.ts";
16
- import { parsePositiveInt } from "../argv.ts";
17
-
18
- export interface SchemaFromRunsCliOptions {
19
- api?: string;
20
- spec?: string;
21
- db?: string;
22
- run?: number;
23
- minSamples?: number;
24
- out?: string;
25
- engine?: string;
26
- json?: boolean;
27
- }
28
-
29
- export async function schemaFromRunsCommand(
30
- opts: SchemaFromRunsCliOptions,
31
- cmd: Command,
32
- ): Promise<number> {
33
- const json = opts.json === true || globalJson(cmd);
34
- const label = "schema-from-runs";
35
-
36
- // ARV-175 AC#2: only `builtin` is wired. quicktype/genson would each pull
37
- // a large dependency tree, which contradicts zond's minimal-deps charter.
38
- const engine = (opts.engine ?? "builtin").toLowerCase();
39
- if (engine !== "builtin") {
40
- const msg = `--engine "${opts.engine}" is not available. Only 'builtin' is wired (quicktype/genson would add heavy deps; see src/CLAUDE.md).`;
41
- if (json) printJson(jsonError(label, [msg])); else printError(msg);
42
- return 2;
43
- }
44
-
45
- // Resolve spec: --spec wins, else --api / current-api collection.
46
- let spec = opts.spec;
47
- const apiFlag = opts.spec ? opts.api : getApi(cmd, opts as Record<string, unknown>);
48
- if (!spec && apiFlag) {
49
- const resolved = resolveApiCollection(apiFlag, opts.db);
50
- if ("error" in resolved) {
51
- if (json) printJson(jsonError(label, [resolved.error])); else printError(resolved.error);
52
- return resolved.error.startsWith("Failed") ? 2 : 1;
53
- }
54
- if (resolved.spec) spec = resolved.spec;
55
- }
56
- if (!spec) {
57
- const msg = "No spec: pass --spec <path> or --api <name> (or set a current API).";
58
- if (json) printJson(jsonError(label, [msg])); else printError(msg);
59
- return 2;
60
- }
61
-
62
- getDb(opts.db);
63
- const runId = opts.run ?? getLatestRunId();
64
- if (runId == null) {
65
- const msg = "No runs in the database. Run `zond run` / `zond checks run` first, then re-run schema-from-runs.";
66
- if (json) printJson(jsonError(label, [msg])); else printError(msg);
67
- return 2;
68
- }
69
-
70
- let doc;
71
- try {
72
- doc = await readOpenApiSpec(spec);
73
- } catch (err) {
74
- const msg = `Failed to read spec at "${spec}": ${(err as Error).message}`;
75
- if (json) printJson(jsonError(label, [msg])); else printError(msg);
76
- return 2;
77
- }
78
- const endpoints = extractEndpoints(doc);
79
-
80
- const rows = getResultsByRunId(runId) as unknown as ResultRow[];
81
- const minSamples = opts.minSamples ?? 2;
82
- const result = schemaFromRuns({ results: rows, endpoints, minSamples });
83
-
84
- const emitted = result.groups.filter((g) => g.emitted);
85
- const skipped = result.groups.filter((g) => !g.emitted);
86
- const out = opts.out ?? "patch.schema.json";
87
-
88
- if (emitted.length > 0) {
89
- await writeFile(out, JSON.stringify(result.patch, null, 2) + "\n", "utf-8");
90
- }
91
-
92
- if (json) {
93
- printJson(jsonOk(label, {
94
- run_id: runId,
95
- out: emitted.length > 0 ? out : null,
96
- min_samples: minSamples,
97
- emitted: emitted.map((g) => ({ endpoint: g.endpoint, status: g.status, samples: g.samples })),
98
- skipped: skipped.map((g) => ({ endpoint: g.endpoint, status: g.status, samples: g.samples, reason: g.reason })),
99
- }));
100
- return 0;
101
- }
102
-
103
- if (emitted.length === 0) {
104
- printWarning(`No schemas emitted from run #${runId}: no (endpoint, status) group reached --min-samples ${minSamples}. ${skipped.length} group(s) had too few 2xx JSON samples.`);
105
- return 0;
106
- }
107
- printSuccess(`Wrote ${emitted.length} response schema(s) from run #${runId} to ${out}`);
108
- for (const g of emitted) console.log(` ${g.endpoint} → ${g.status} (${g.samples} samples)`);
109
- for (const g of skipped) printWarning(`skipped ${g.endpoint} → ${g.status}: ${g.reason} (${g.samples} sample(s))`);
110
- console.log(`\nNext: zond refresh-api --api <name> --merge-schema ${out}`);
111
- return 0;
112
- }
113
-
114
- export function registerSchemaFromRuns(program: Command): void {
115
- program
116
- .command("schema-from-runs")
117
- .description("ARV-175: infer response JSON Schemas from a run's 2xx bodies → patch.schema.json (pairs with refresh-api --merge-schema). Revives response_schema_conformance on specs that declare no response schemas.")
118
- .option("--api <name>", "Registered API (spec + DB lookup)")
119
- .option("--spec <path>", "Explicit OpenAPI spec path (overrides --api)")
120
- .option("--run <id>", "Run id to mine (default: latest)", parsePositiveInt("--run"))
121
- .option("--min-samples <n>", "Minimum 2xx samples per endpoint+status to emit (default 2)", parsePositiveInt("--min-samples"))
122
- .option("--out <path>", "Output path for patch.schema.json (default: patch.schema.json)")
123
- .option("--engine <name>", "Schema engine. Only 'builtin' is wired (default).", "builtin")
124
- .option("--db <path>", "SQLite path")
125
- .action(async (opts, cmd: Command) => {
126
- process.exitCode = await schemaFromRunsCommand(opts, cmd);
127
- });
128
- }
@@ -1,133 +0,0 @@
1
- /**
2
- * `zond secrets set <key> <value>` — write a raw secret into
3
- * `apis/<name>/.secrets.yaml` (ARV-377). Before this, rotating an expired
4
- * token meant hand-editing the gitignored file (or a python script), since
5
- * `zond fixtures add` only writes `.env.yaml` and the iron rules forbid an
6
- * agent reading `.secrets.yaml` directly.
7
- *
8
- * Two safety properties:
9
- * • the value is NEVER echoed back (stdout, stderr, or JSON envelope) —
10
- * only the key name and whether a Bearer prefix was stripped;
11
- * • a `.secrets.yaml.bak` backup is written before the file is touched,
12
- * mirroring `fixtures add --apply`.
13
- *
14
- * Bearer trap (ARV-367/AC3): `.secrets.yaml` holds the RAW token — zond's
15
- * runner adds the scheme prefix itself (`Authorization: Bearer <token>`).
16
- * A pasted `Bearer eyJ…` is therefore always a mistake, so we strip a
17
- * leading `Bearer ` (case-insensitive) and warn once. `--literal` keeps the
18
- * value verbatim for the rare case someone really means to store it.
19
- */
20
- import type { Command } from "commander";
21
- import { join } from "node:path";
22
- import { copyFile } from "node:fs/promises";
23
-
24
- import { getApi, MISSING_API_MESSAGE } from "../util/api-context.ts";
25
- import { resolveApiCollection } from "../resolve.ts";
26
- import { upsertEnvLine } from "./discover.ts";
27
- import { jsonOk, jsonError, printJson } from "../json-envelope.ts";
28
- import { printError, printSuccess } from "../output.ts";
29
- import { globalJson } from "../resolve.ts";
30
-
31
- interface SecretsSetOptions {
32
- api?: string;
33
- literal?: boolean;
34
- json?: boolean;
35
- }
36
-
37
- const BEARER_PREFIX_RE = /^\s*Bearer\s+/i;
38
-
39
- /** Normalise a pasted secret value: strip a leading `Bearer ` prefix (unless
40
- * `literal`) so `.secrets.yaml` holds the raw token zond's runner expects.
41
- * Exported for unit tests. */
42
- export function normalizeSecretValue(raw: string, literal?: boolean): { value: string; bearerStripped: boolean } {
43
- if (!literal && BEARER_PREFIX_RE.test(raw)) {
44
- return { value: raw.replace(BEARER_PREFIX_RE, ""), bearerStripped: true };
45
- }
46
- return { value: raw, bearerStripped: false };
47
- }
48
-
49
- /** Upsert one `key: "value"` line into `.secrets.yaml`, backing up first.
50
- * Exported for unit tests. */
51
- export async function applySecretWrite(
52
- secretsPath: string,
53
- key: string,
54
- value: string,
55
- ): Promise<{ backup: string | null }> {
56
- const file = Bun.file(secretsPath);
57
- const exists = await file.exists();
58
- let text = exists ? await file.text() : "";
59
- let backup: string | null = `${secretsPath}.bak`;
60
- if (exists) {
61
- try { await copyFile(secretsPath, backup); } catch { backup = null; }
62
- } else {
63
- backup = null;
64
- }
65
- text = upsertEnvLine(text, key, value);
66
- if (!text.endsWith("\n")) text += "\n";
67
- await Bun.write(secretsPath, text);
68
- return { backup };
69
- }
70
-
71
- async function setAction(key: string, valueParts: string[], cmd: Command): Promise<void> {
72
- const opts = cmd.opts<SecretsSetOptions>();
73
- const json = opts.json === true || globalJson(cmd);
74
-
75
- const fail = (m: string, code = 2) => {
76
- if (json) printJson(jsonError("secrets set", [m])); else printError(m);
77
- process.exit(code);
78
- };
79
-
80
- const apiName = getApi(cmd, { api: opts.api } as Record<string, unknown>);
81
- if (!apiName) return fail(MISSING_API_MESSAGE);
82
- const col = resolveApiCollection(apiName, undefined);
83
- if ("error" in col) return fail(col.error);
84
- if (!col.baseDir) return fail(`API '${apiName}' has no base_dir registered.`);
85
-
86
- const k = key.trim();
87
- if (!k) return fail("Secret key must not be empty. Usage: zond secrets set <key> <value>");
88
-
89
- // Join variadic value parts so an unquoted `Bearer eyJ…` paste (two argv
90
- // tokens) still lands as one value instead of dropping the token.
91
- const rawValue = valueParts.join(" ");
92
- const { value, bearerStripped } = normalizeSecretValue(rawValue, opts.literal);
93
- const warnings: string[] = [];
94
- if (bearerStripped) {
95
- warnings.push(
96
- "Stripped a leading 'Bearer ' prefix — .secrets.yaml stores the raw token; zond adds the scheme prefix itself. Pass --literal to keep it verbatim.",
97
- );
98
- }
99
-
100
- const secretsPath = join(col.baseDir, ".secrets.yaml");
101
- const { backup } = await applySecretWrite(secretsPath, k, value);
102
-
103
- // NEVER echo the value — key + metadata only.
104
- if (json) {
105
- printJson(jsonOk("secrets set", {
106
- api: apiName,
107
- secrets: secretsPath,
108
- key: k,
109
- bearer_stripped: bearerStripped,
110
- backup,
111
- }, warnings));
112
- } else {
113
- printSuccess(`Set secret '${k}' in ${secretsPath}` + (backup ? ` (backup: ${backup})` : ""));
114
- process.stdout.write(" (value not echoed)\n");
115
- for (const w of warnings) process.stderr.write(`Warning: ${w}\n`);
116
- }
117
- process.exit(0);
118
- }
119
-
120
- export function registerSecrets(program: Command): void {
121
- const secrets = program
122
- .command("secrets")
123
- .description("Manage apis/<name>/.secrets.yaml (gitignored raw secret values, TASK-170). Values are never echoed back.");
124
-
125
- secrets
126
- .command("set <key> <value...>")
127
- .description("Write a secret to .secrets.yaml (with .secrets.yaml.bak backup). Auto-strips a pasted 'Bearer ' prefix unless --literal. Never prints the value.")
128
- .option("--api <name>", "Registered API (apis/<name>/.secrets.yaml). Falls back to ZOND_API / .zond/current-api.")
129
- .option("--literal", "Store the value verbatim; do not strip a leading 'Bearer ' prefix.")
130
- .action(async (key: string, value: string[], _opts, cmd: Command) => {
131
- await setAction(key, value, cmd);
132
- });
133
- }
@@ -1,244 +0,0 @@
1
- import { randomUUID } from "node:crypto";
2
- import {
3
- clearCurrentSession,
4
- readCurrentSession,
5
- sessionFilePath,
6
- writeCurrentSession,
7
- type SessionRecord,
8
- } from "../../core/context/session.ts";
9
- import { jsonError, jsonOk, printJson } from "../json-envelope.ts";
10
- import { printError, printSuccess } from "../output.ts";
11
- import { listSessions, countSessions } from "../../db/queries.ts";
12
- import { getDb } from "../../db/schema.ts";
13
- import { parsePositiveInt } from "../argv.ts";
14
-
15
- export interface SessionStartOptions {
16
- label?: string;
17
- id?: string;
18
- json?: boolean;
19
- /** ARV-155: replace the existing active session instead of erroring out
20
- * ("Session already active …"). Useful in ralph-loop iterations where a
21
- * previous turn left a stale `.zond/current-session` behind. */
22
- force?: boolean;
23
- }
24
-
25
- export interface SessionEndOptions {
26
- json?: boolean;
27
- }
28
-
29
- export interface SessionStatusOptions {
30
- json?: boolean;
31
- }
32
-
33
- function isValidUuid(s: string): boolean {
34
- // Permissive — accept any RFC4122-shaped UUID (v1-v8) and zero-UUID for tests.
35
- return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(s);
36
- }
37
-
38
- export async function sessionStartCommand(opts: SessionStartOptions): Promise<number> {
39
- const existing = readCurrentSession();
40
- if (existing && !opts.force) {
41
- const message =
42
- `Session already active (${existing.id}). Run 'zond session end' first, or pass --force to replace it.`;
43
- if (opts.json) printJson(jsonError("session", [message]));
44
- else printError(message);
45
- return 1;
46
- }
47
- if (existing && opts.force) {
48
- clearCurrentSession();
49
- if (!opts.json) {
50
- process.stdout.write(` Replaced active session ${existing.id}${existing.label ? ` (${existing.label})` : ""}.\n`);
51
- }
52
- }
53
-
54
- let id = opts.id?.trim();
55
- if (id && !isValidUuid(id)) {
56
- const message = `Invalid --id: ${id} is not a UUID`;
57
- if (opts.json) printJson(jsonError("session", [message]));
58
- else printError(message);
59
- return 1;
60
- }
61
- if (!id) id = randomUUID();
62
-
63
- const record: SessionRecord = {
64
- id,
65
- label: opts.label?.trim() || undefined,
66
- started_at: new Date().toISOString(),
67
- };
68
-
69
- let path: string;
70
- try {
71
- path = writeCurrentSession(record);
72
- } catch (err) {
73
- const message = err instanceof Error ? err.message : String(err);
74
- if (opts.json) printJson(jsonError("session", [message]));
75
- else printError(message);
76
- return 1;
77
- }
78
-
79
- if (opts.json) {
80
- printJson(jsonOk("session", { action: "started", ...record, path }));
81
- } else {
82
- printSuccess(`Session ${record.id} started${record.label ? ` (${record.label})` : ""}`);
83
- process.stdout.write(` All subsequent 'zond run' calls in this workspace inherit this session_id.\n`);
84
- process.stdout.write(` Stored at ${path}. Run 'zond session end' to clear.\n`);
85
- }
86
- return 0;
87
- }
88
-
89
- export async function sessionEndCommand(opts: SessionEndOptions): Promise<number> {
90
- const existing = readCurrentSession();
91
- const path = sessionFilePath();
92
- const removed = clearCurrentSession();
93
-
94
- if (opts.json) {
95
- printJson(jsonOk("session", {
96
- action: "ended",
97
- removed,
98
- previous_id: existing?.id ?? null,
99
- path,
100
- }));
101
- return 0;
102
- }
103
-
104
- if (!removed) {
105
- process.stdout.write(`No active session (${path} not present).\n`);
106
- return 0;
107
- }
108
- printSuccess(`Session ${existing?.id ?? "(unknown)"} ended`);
109
- return 0;
110
- }
111
-
112
- export async function sessionStatusCommand(opts: SessionStatusOptions): Promise<number> {
113
- const record = readCurrentSession();
114
- const path = sessionFilePath();
115
- const env = process.env.ZOND_SESSION_ID?.trim() || null;
116
-
117
- if (opts.json) {
118
- printJson(jsonOk("session", {
119
- action: "status",
120
- active: !!record,
121
- session: record,
122
- env_session_id: env,
123
- path,
124
- }));
125
- return 0;
126
- }
127
-
128
- if (record) {
129
- process.stdout.write(`session_id: ${record.id}\n`);
130
- if (record.label) process.stdout.write(`label: ${record.label}\n`);
131
- process.stdout.write(`started_at: ${record.started_at}\n`);
132
- process.stdout.write(`path: ${path}\n`);
133
- if (env && env !== record.id) {
134
- process.stdout.write(`\nNote: ZOND_SESSION_ID is set to '${env}' and overrides the file.\n`);
135
- }
136
- return 0;
137
- }
138
-
139
- if (env) {
140
- process.stdout.write(`No active session file. ZOND_SESSION_ID is set to '${env}' (env wins).\n`);
141
- return 0;
142
- }
143
- process.stdout.write(
144
- `No active session. Run 'zond session start' to group subsequent 'zond run' calls.\n`,
145
- );
146
- return 0;
147
- }
148
-
149
- // ARV-43: list past sessions surfaced from the runs table so users can
150
- // discover session_ids for `zond coverage --union session --session-id <id>`
151
- // without dropping into sqlite. Labels live only in .zond/current-session
152
- // (not persisted per run), so we only show what's stored in the DB.
153
- export interface SessionListOptions {
154
- limit?: number;
155
- json?: boolean;
156
- dbPath?: string;
157
- }
158
-
159
- export async function sessionListCommand(opts: SessionListOptions): Promise<number> {
160
- const limit = opts.limit ?? 20;
161
- let sessions: ReturnType<typeof listSessions>;
162
- let total: number;
163
- try {
164
- getDb(opts.dbPath);
165
- sessions = listSessions(limit);
166
- total = countSessions();
167
- } catch (err) {
168
- const message = err instanceof Error ? err.message : String(err);
169
- if (opts.json) printJson(jsonError("session", [message]));
170
- else printError(message);
171
- return 1;
172
- }
173
-
174
- if (opts.json) {
175
- printJson(jsonOk("session", { action: "list", limit, total, sessions }));
176
- return 0;
177
- }
178
-
179
- if (sessions.length === 0) {
180
- process.stdout.write("No sessions recorded yet. Run 'zond session start' before 'zond run' to group runs.\n");
181
- return 0;
182
- }
183
- process.stdout.write(`Showing ${sessions.length} of ${total} session(s):\n\n`);
184
- process.stdout.write("session_id started_at finished_at runs pass/fail/skip\n");
185
- for (const s of sessions) {
186
- const started = s.started_at ? s.started_at.replace("T", " ").slice(0, 19) : "—".padEnd(19);
187
- const finished = s.finished_at ? s.finished_at.replace("T", " ").slice(0, 19) : "(open)".padEnd(19);
188
- const runs = String(s.run_count).padStart(4);
189
- const counts = `${s.passed}/${s.failed}/${s.skipped}`;
190
- process.stdout.write(`${s.session_id} ${started} ${finished} ${runs} ${counts}\n`);
191
- }
192
- return 0;
193
- }
194
-
195
- import type { Command } from "commander";
196
- import { globalJson } from "../resolve.ts";
197
-
198
- export function registerSession(program: Command): void {
199
- // Group multiple `zond run` calls under one session_id without juggling env
200
- // vars. `start` writes a UUID to .zond/current-session; subsequent `run`
201
- // calls auto-pick it up (priority: --session-id flag > ZOND_SESSION_ID env
202
- // > current-session file).
203
- const session = program.command("session").description("Manage run grouping (campaigns)");
204
- session
205
- .command("start")
206
- .description("Begin a session — group all subsequent 'zond run' calls under one session_id (.zond/current-session)")
207
- .option("--label <text>", "Optional human-readable label shown alongside the session in the UI")
208
- .option("--id <uuid>", "Reuse a specific UUID instead of generating one (useful for CI)")
209
- .option("--force", "Replace any already-active session instead of erroring out (ARV-155)")
210
- .action(async (opts, cmd: Command) => {
211
- process.exitCode = await sessionStartCommand({
212
- label: opts.label,
213
- id: opts.id,
214
- force: opts.force === true,
215
- json: globalJson(cmd),
216
- });
217
- });
218
- session
219
- .command("end")
220
- .description("End the current session — remove .zond/current-session")
221
- .action(async (_opts, cmd: Command) => {
222
- process.exitCode = await sessionEndCommand({ json: globalJson(cmd) });
223
- });
224
- session
225
- .command("status")
226
- .description("Show the active session (if any)")
227
- .action(async (_opts, cmd: Command) => {
228
- process.exitCode = await sessionStatusCommand({ json: globalJson(cmd) });
229
- });
230
- // ARV-43: complete the start/end/status/list quartet so coverage --union
231
- // session --session-id <id> is discoverable without sqlite spelunking.
232
- session
233
- .command("list")
234
- .description("List recent sessions (id, started_at, finished_at, run counts) so coverage --session-id is discoverable")
235
- .option("--limit <n>", "Max sessions to print (default 20)", parsePositiveInt("--limit"))
236
- .option("--db <path>", "Path to SQLite database file")
237
- .action(async (opts, cmd: Command) => {
238
- process.exitCode = await sessionListCommand({
239
- limit: opts.limit,
240
- dbPath: opts.db,
241
- json: globalJson(cmd),
242
- });
243
- });
244
- }
@@ -1,74 +0,0 @@
1
- import {
2
- clearCurrentApi,
3
- currentApiPath,
4
- readCurrentApi,
5
- writeCurrentApi,
6
- } from "../../core/context/current.ts";
7
- import { jsonError, jsonOk, printJson } from "../json-envelope.ts";
8
- import { printError, printSuccess } from "../output.ts";
9
-
10
- export interface UseOptions {
11
- api?: string;
12
- clear?: boolean;
13
- json?: boolean;
14
- }
15
-
16
- export async function useCommand(opts: UseOptions): Promise<number> {
17
- const path = currentApiPath();
18
-
19
- if (opts.clear) {
20
- const removed = clearCurrentApi();
21
- if (opts.json) {
22
- printJson(jsonOk("use", { action: "cleared", path, removed }));
23
- } else if (removed) {
24
- printSuccess(`Cleared ${path}`);
25
- } else {
26
- process.stdout.write(`No .zond/current-api file in ${process.cwd()}\n`);
27
- }
28
- return 0;
29
- }
30
-
31
- if (opts.api) {
32
- try {
33
- writeCurrentApi(opts.api);
34
- } catch (err) {
35
- const message = err instanceof Error ? err.message : String(err);
36
- if (opts.json) printJson(jsonError("use", [message]));
37
- else printError(message);
38
- return 1;
39
- }
40
- if (opts.json) {
41
- printJson(jsonOk("use", { action: "set", api: opts.api, path }));
42
- } else {
43
- printSuccess(`Set current API to '${opts.api}' (${path})`);
44
- }
45
- return 0;
46
- }
47
-
48
- const current = readCurrentApi();
49
- if (opts.json) {
50
- printJson(jsonOk("use", { action: "show", api: current, path }));
51
- } else if (current) {
52
- process.stdout.write(`${current}\n`);
53
- } else {
54
- process.stdout.write(`No current API set. Run 'zond use <api>'.\n`);
55
- }
56
- return 0;
57
- }
58
-
59
- import type { Command } from "commander";
60
- import { globalJson } from "../resolve.ts";
61
-
62
- export function registerUse(program: Command): void {
63
- program
64
- .command("use [api]")
65
- .description("Set or show the current API for this workspace (.zond/current-api). TASK-290: resolution chain is per-cmd --api > global --api > ZOND_API env > this file.")
66
- .option("--clear", "Remove .zond/current-api from the workspace")
67
- .action(async (api: string | undefined, opts, cmd: Command) => {
68
- process.exitCode = await useCommand({
69
- api,
70
- clear: opts.clear === true,
71
- json: globalJson(cmd),
72
- });
73
- });
74
- }
package/src/cli/index.ts DELETED
@@ -1,55 +0,0 @@
1
- #!/usr/bin/env bun
2
-
3
- import { createHash } from "node:crypto";
4
- import { CommanderError } from "commander";
5
- import { buildProgram, preprocessArgv } from "./program.ts";
6
- import { VERSION } from "./version.ts";
7
-
8
- export { VERSION };
9
-
10
- /**
11
- * Anything that reaches this handler is an *unexpected* throw — command
12
- * implementations are expected to catch their own usage/config errors and
13
- * return exit 2 themselves. Tag these with `[zond:internal]` so operators
14
- * can tell them apart from sandbox/SIGKILL/OOM (137/143). See ZOND.md →
15
- * "Exit codes" for the full taxonomy.
16
- */
17
- function reportInternalError(err: unknown): void {
18
- const message = err instanceof Error ? err.message : String(err);
19
- const stack = err instanceof Error && err.stack ? err.stack : message;
20
- const stackHash = createHash("sha1").update(stack).digest("hex").slice(0, 8);
21
- process.stderr.write(`[zond:internal] zond ${VERSION} — uncaught ${message} (stack ${stackHash})\n`);
22
- if (err instanceof Error && err.stack) {
23
- process.stderr.write(err.stack + "\n");
24
- }
25
- }
26
-
27
- async function main(): Promise<void> {
28
- const program = buildProgram();
29
- try {
30
- await program.parseAsync(preprocessArgv(process.argv));
31
- } catch (err) {
32
- if (err instanceof CommanderError) {
33
- // Help/version — commander prints content itself, exit 0
34
- if (err.code === "commander.helpDisplayed" || err.code === "commander.version" || err.code === "commander.help") {
35
- process.exitCode = 0;
36
- return;
37
- }
38
- // Unknown command / unknown option / missing argument — exit 2 (already printed by commander/showHelpAfterError)
39
- process.exitCode = 2;
40
- return;
41
- }
42
- reportInternalError(err);
43
- process.exitCode = 3;
44
- }
45
- }
46
-
47
- const scriptPath = process.argv[1]?.replaceAll("\\", "/") ?? "";
48
- const metaFile = import.meta.filename?.replaceAll("\\", "/") ?? "";
49
- const isMain = scriptPath === metaFile
50
- || scriptPath.endsWith("cli/index.ts")
51
- || import.meta.main === true;
52
-
53
- if (isMain) {
54
- await main();
55
- }