npm - @odavl/guardian - Versions diffs - 2.0.0 → 2.0.1 - Mend

@odavl/guardian 2.0.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (172) hide show

package/CHANGELOG.md +210 -210
package/LICENSE +21 -21
package/README.md +297 -184
package/bin/guardian.js +2242 -2221
package/config/README.md +59 -59
package/config/guardian.config.json +54 -54
package/config/guardian.policy.json +12 -12
package/config/profiles/docs.yaml +18 -18
package/config/profiles/ecommerce.yaml +17 -17
package/config/profiles/landing-demo.yaml +16 -16
package/config/profiles/marketing.yaml +18 -18
package/config/profiles/saas.yaml +21 -21
package/flows/example-login-flow.json +36 -36
package/flows/example-signup-flow.json +44 -44
package/package.json +124 -116
package/policies/enterprise.json +12 -12
package/policies/landing-demo.json +22 -22
package/policies/saas.json +12 -12
package/policies/startup.json +12 -12
package/src/enterprise/audit-logger.js +166 -166
package/src/enterprise/pdf-exporter.js +267 -267
package/src/enterprise/rbac-gate.js +142 -142
package/src/enterprise/rbac.js +239 -239
package/src/enterprise/site-manager.js +180 -180
package/src/founder/feedback-system.js +156 -156
package/src/founder/founder-tracker.js +213 -213
package/src/founder/usage-signals.js +141 -141
package/src/guardian/action-hints.js +439 -439
package/src/guardian/alert-ledger.js +121 -121
package/src/guardian/artifact-sanitizer.js +56 -56
package/src/guardian/attempt-engine.js +1069 -1029
package/src/guardian/attempt-registry.js +267 -267
package/src/guardian/attempt-relevance.js +106 -106
package/src/guardian/attempt-reporter.js +513 -507
package/src/guardian/attempt.js +274 -273
package/src/guardian/attempts-filter.js +63 -63
package/src/guardian/auto-attempt-builder.js +283 -283
package/src/guardian/baseline-registry.js +177 -177
package/src/guardian/baseline-reporter.js +143 -143
package/src/guardian/baseline-storage.js +285 -285
package/src/guardian/baseline.js +535 -534
package/src/guardian/behavioral-signals.js +261 -261
package/src/guardian/breakage-intelligence.js +224 -224
package/src/guardian/browser-pool.js +131 -131
package/src/guardian/browser.js +119 -119
package/src/guardian/canonical-truth.js +308 -308
package/src/guardian/ci-cli.js +121 -121
package/src/guardian/ci-gate.js +96 -96
package/src/guardian/ci-mode.js +15 -15
package/src/guardian/ci-output.js +55 -38
package/src/guardian/cli-summary.js +102 -102
package/src/guardian/confidence-signals.js +251 -251
package/src/guardian/config-loader.js +161 -161
package/src/guardian/config-validator.js +285 -283
package/src/guardian/coverage-model.js +239 -239
package/src/guardian/coverage-packs.js +58 -58
package/src/guardian/crawler.js +142 -142
package/src/guardian/data-guardian-detector.js +189 -189
package/src/guardian/decision-authority.js +746 -725
package/src/guardian/detection-layers.js +271 -271
package/src/guardian/determinism.js +146 -146
package/src/guardian/discovery-engine.js +661 -661
package/src/guardian/drift-detector.js +100 -100
package/src/guardian/enhanced-html-reporter.js +522 -522
package/src/guardian/env-guard.js +128 -127
package/src/guardian/error-clarity.js +399 -399
package/src/guardian/export-contract.js +196 -196
package/src/guardian/fail-safe.js +212 -212
package/src/guardian/failure-intelligence.js +173 -173
package/src/guardian/failure-taxonomy.js +169 -169
package/src/guardian/final-outcome.js +206 -206
package/src/guardian/first-run-profile.js +89 -89
package/src/guardian/first-run.js +65 -67
package/src/guardian/flag-validator.js +111 -111
package/src/guardian/flow-executor.js +641 -639
package/src/guardian/flow-registry.js +67 -67
package/src/guardian/honesty.js +394 -394
package/src/guardian/html-reporter.js +416 -416
package/src/guardian/human-intent-resolver.js +296 -296
package/src/guardian/human-interaction-model.js +351 -351
package/src/guardian/human-journey-context.js +184 -184
package/src/guardian/human-navigator.js +544 -544
package/src/guardian/human-reporter.js +435 -431
package/src/guardian/index.js +226 -221
package/src/guardian/init-command.js +143 -143
package/src/guardian/intent-detector.js +148 -146
package/src/guardian/journey-definitions.js +132 -132
package/src/guardian/journey-scan-cli.js +142 -145
package/src/guardian/journey-scanner.js +583 -583
package/src/guardian/junit-reporter.js +281 -281
package/src/guardian/language-detection.js +99 -99
package/src/guardian/live-alert.js +56 -56
package/src/guardian/live-baseline-compare.js +146 -146
package/src/guardian/live-cli.js +95 -95
package/src/guardian/live-guardian.js +210 -210
package/src/guardian/live-scheduler-runner.js +137 -137
package/src/guardian/live-scheduler-state.js +167 -168
package/src/guardian/live-scheduler.js +146 -146
package/src/guardian/live-state.js +110 -110
package/src/guardian/market-criticality.js +335 -335
package/src/guardian/market-reporter.js +577 -577
package/src/guardian/network-trace.js +178 -178
package/src/guardian/obs-logger.js +110 -110
package/src/guardian/observed-capabilities.js +427 -427
package/src/guardian/output-contract.js +154 -0
package/src/guardian/output-readability.js +264 -264
package/src/guardian/parallel-executor.js +116 -116
package/src/guardian/path-safety.js +56 -56
package/src/guardian/pattern-analyzer.js +348 -348
package/src/guardian/policy.js +432 -434
package/src/guardian/prelaunch-gate.js +193 -193
package/src/guardian/prerequisite-checker.js +101 -101
package/src/guardian/preset-loader.js +152 -157
package/src/guardian/profile-loader.js +96 -96
package/src/guardian/reality.js +3025 -2826
package/src/guardian/realworld-scenarios.js +94 -94
package/src/guardian/reporter.js +167 -167
package/src/guardian/retry-policy.js +123 -123
package/src/guardian/root-cause-analysis.js +171 -171
package/src/guardian/rules-engine.js +558 -558
package/src/guardian/run-artifacts.js +212 -212
package/src/guardian/run-cleanup.js +207 -207
package/src/guardian/run-export.js +522 -522
package/src/guardian/run-latest.js +90 -90
package/src/guardian/run-list.js +211 -211
package/src/guardian/run-summary.js +20 -20
package/src/guardian/runtime-root.js +246 -246
package/src/guardian/safety.js +248 -248
package/src/guardian/scan-presets.js +133 -149
package/src/guardian/screenshot.js +152 -152
package/src/guardian/secret-hygiene.js +44 -44
package/src/guardian/selector-fallbacks.js +394 -394
package/src/guardian/semantic-contact-detection.js +255 -255
package/src/guardian/semantic-contact-finder.js +201 -201
package/src/guardian/semantic-targets.js +234 -234
package/src/guardian/site-intelligence.js +588 -588
package/src/guardian/site-introspection.js +257 -257
package/src/guardian/sitemap.js +225 -225
package/src/guardian/smoke.js +283 -258
package/src/guardian/snapshot-schema.js +177 -290
package/src/guardian/snapshot.js +430 -397
package/src/guardian/stability-scorer.js +169 -169
package/src/guardian/success-evaluator.js +214 -214
package/src/guardian/template-command.js +184 -184
package/src/guardian/text-formatters.js +426 -426
package/src/guardian/timeout-profiles.js +57 -57
package/src/guardian/truth/attempt.contract.js +158 -0
package/src/guardian/truth/decision.contract.js +275 -0
package/src/guardian/truth/snapshot.contract.js +363 -0
package/src/guardian/validators.js +323 -323
package/src/guardian/verdict-card.js +474 -474
package/src/guardian/verdict-clarity.js +298 -298
package/src/guardian/verdict-policy.js +363 -363
package/src/guardian/verdict.js +333 -333
package/src/guardian/verdicts.js +79 -74
package/src/guardian/visual-diff.js +247 -247
package/src/guardian/wait-for-outcome.js +119 -119
package/src/guardian/watch-runner.js +181 -181
package/src/guardian/watchdog-diff.js +167 -167
package/src/guardian/webhook.js +206 -206
package/src/payments/stripe-checkout.js +169 -169
package/src/plans/plan-definitions.js +148 -148
package/src/plans/plan-manager.js +211 -211
package/src/plans/usage-tracker.js +210 -210
package/src/recipes/recipe-engine.js +188 -188
package/src/recipes/recipe-failure-analysis.js +159 -159
package/src/recipes/recipe-registry.js +134 -134
package/src/recipes/recipe-runtime.js +507 -507
package/src/recipes/recipe-store.js +410 -410
package/SECURITY.md +0 -77
package/VERSIONING.md +0 -100
package/guardian-contract-v1.md +0 -502

package/src/guardian/safety.js CHANGED Viewed

@@ -1,248 +1,248 @@
-/**
- * Guardian Safety Guards Module
- * Prevents destructive or dangerous actions during testing
- */
-class GuardianSafety {
-  constructor(options = {}) {
-    // URL patterns to avoid (logout, delete, admin, etc.)
-    this.denyUrlPatterns = options.denyUrlPatterns || [
-      'logout',
-      'signout',
-      'sign-out',
-      'log-out',
-      'delete',
-      'remove',
-      'destroy',
-      'admin',
-      'settings',
-      'account/close',
-      'account/delete',
-      'unsubscribe',
-      'cancel',
-    ];
-    // CSS selectors to avoid clicking
-    this.denySelectors = options.denySelectors || [
-      '[data-danger]',
-      '[data-destructive]',
-      '.btn-delete',
-      '.btn-danger',
-      '.delete-button',
-      'button[type="reset"]',
-      'a[href*="logout"]',
-      'a[href*="delete"]',
-      'a[href*="remove"]',
-    ];
-    // Form submissions require explicit permission
-    this.blockFormSubmitsByDefault = options.blockFormSubmitsByDefault !== false;
-    // Payment-related actions require explicit permission
-    this.blockPaymentsByDefault = options.blockPaymentsByDefault !== false;
-    // Payment-related keywords
-    this.paymentKeywords = [
-      'payment',
-      'checkout',
-      'purchase',
-      'buy',
-      'pay',
-      'card',
-      'billing',
-      'stripe',
-      'paypal',
-    ];
-  }
-  /**
-   * Check if URL is safe to visit
-   * @param {string} url - URL to check
-   * @returns {object} { safe: boolean, reason: string }
-   */
-  isUrlSafe(url) {
-    try {
-      const urlLower = url.toLowerCase();
-      for (const pattern of this.denyUrlPatterns) {
-        if (urlLower.includes(pattern.toLowerCase())) {
-          return {
-            safe: false,
-            reason: `URL contains blocked pattern: "${pattern}"`,
-          };
-        }
-      }
-      return { safe: true, reason: null };
-    } catch (error) {
-      return {
-        safe: false,
-        reason: `Invalid URL: ${error.message}`,
-      };
-    }
-  }
-  /**
-   * Check if selector is safe to click
-   * @param {string} selector - CSS selector
-   * @returns {object} { safe: boolean, reason: string }
-   */
-  isSelectorSafe(selector) {
-    try {
-      const selectorLower = selector.toLowerCase();
-      for (const denyPattern of this.denySelectors) {
-        if (selectorLower.includes(denyPattern.toLowerCase())) {
-          return {
-            safe: false,
-            reason: `Selector matches blocked pattern: "${denyPattern}"`,
-          };
-        }
-      }
-      return { safe: true, reason: null };
-    } catch (error) {
-      return {
-        safe: false,
-        reason: `Invalid selector: ${error.message}`,
-      };
-    }
-  }
-  /**
-   * Check if element text suggests dangerous action
-   * @param {string} text - Element text content
-   * @returns {object} { safe: boolean, reason: string }
-   */
-  isTextSafe(text) {
-    if (!text) {
-      return { safe: true, reason: null };
-    }
-    const textLower = text.toLowerCase().trim();
-    const dangerousWords = [
-      'logout',
-      'log out',
-      'sign out',
-      'delete',
-      'remove',
-      'destroy',
-      'cancel account',
-      'close account',
-      'unsubscribe',
-    ];
-    for (const word of dangerousWords) {
-      if (textLower.includes(word)) {
-        return {
-          safe: false,
-          reason: `Text contains dangerous word: "${word}"`,
-        };
-      }
-    }
-    return { safe: true, reason: null };
-  }
-  /**
-   * Check if action involves payment
-   * @param {string} context - Context (URL, selector, or text)
-   * @returns {boolean} True if payment-related
-   */
-  isPaymentRelated(context) {
-    if (!context) {
-      return false;
-    }
-    const contextLower = context.toLowerCase();
-    for (const keyword of this.paymentKeywords) {
-      if (contextLower.includes(keyword)) {
-        return true;
-      }
-    }
-    return false;
-  }
-  /**
-   * Check if form submission is safe
-   * @param {string} formAction - Form action URL or selector
-   * @param {object} formData - Form data being submitted
-   * @returns {object} { safe: boolean, reason: string }
-   */
-  isFormSubmitSafe(formAction, formData = {}) {
-    // Check if form submissions are globally blocked
-    if (this.blockFormSubmitsByDefault) {
-      return {
-        safe: false,
-        reason: 'Form submissions are blocked by default (safety guard)',
-      };
-    }
-    // Check if form action URL is safe
-    if (formAction) {
-      const urlCheck = this.isUrlSafe(formAction);
-      if (!urlCheck.safe) {
-        return urlCheck;
-      }
-      // Check if payment-related
-      if (this.blockPaymentsByDefault && this.isPaymentRelated(formAction)) {
-        return {
-          safe: false,
-          reason: 'Form submission appears payment-related (blocked by safety guard)',
-        };
-      }
-    }
-    // Check form data for sensitive fields
-    const formDataStr = JSON.stringify(formData).toLowerCase();
-    if (this.blockPaymentsByDefault && this.isPaymentRelated(formDataStr)) {
-      return {
-        safe: false,
-        reason: 'Form data contains payment-related fields (blocked by safety guard)',
-      };
-    }
-    return { safe: true, reason: null };
-  }
-  /**
-   * Filter URLs to remove unsafe ones
-   * @param {string[]} urls - Array of URLs
-   * @returns {object} { safe: string[], blocked: Array<{url, reason}> }
-   */
-  filterUrls(urls) {
-    const safe = [];
-    const blocked = [];
-    for (const url of urls) {
-      const check = this.isUrlSafe(url);
-      if (check.safe) {
-        safe.push(url);
-      } else {
-        blocked.push({ url, reason: check.reason });
-      }
-    }
-    return { safe, blocked };
-  }
-  /**
-   * Get safety summary (how many URLs/actions were blocked)
-   * @param {object} stats - Statistics object
-   * @returns {object} Safety summary
-   */
-  getSummary(stats = {}) {
-    return {
-      urlsBlocked: stats.urlsBlocked || 0,
-      selectorsBlocked: stats.selectorsBlocked || 0,
-      formsBlocked: stats.formsBlocked || 0,
-      totalBlocked: (stats.urlsBlocked || 0) + (stats.selectorsBlocked || 0) + (stats.formsBlocked || 0),
-      safetyEnabled: true,
-    };
-  }
-}
-module.exports = GuardianSafety;
+/**
+ * Guardian Safety Guards Module
+ * Prevents destructive or dangerous actions during testing
+ */
+class GuardianSafety {
+  constructor(options = {}) {
+    // URL patterns to avoid (logout, delete, admin, etc.)
+    this.denyUrlPatterns = options.denyUrlPatterns || [
+      'logout',
+      'signout',
+      'sign-out',
+      'log-out',
+      'delete',
+      'remove',
+      'destroy',
+      'admin',
+      'settings',
+      'account/close',
+      'account/delete',
+      'unsubscribe',
+      'cancel',
+    ];
+    // CSS selectors to avoid clicking
+    this.denySelectors = options.denySelectors || [
+      '[data-danger]',
+      '[data-destructive]',
+      '.btn-delete',
+      '.btn-danger',
+      '.delete-button',
+      'button[type="reset"]',
+      'a[href*="logout"]',
+      'a[href*="delete"]',
+      'a[href*="remove"]',
+    ];
+    // Form submissions require explicit permission
+    this.blockFormSubmitsByDefault = options.blockFormSubmitsByDefault !== false;
+    // Payment-related actions require explicit permission
+    this.blockPaymentsByDefault = options.blockPaymentsByDefault !== false;
+    // Payment-related keywords
+    this.paymentKeywords = [
+      'payment',
+      'checkout',
+      'purchase',
+      'buy',
+      'pay',
+      'card',
+      'billing',
+      'stripe',
+      'paypal',
+    ];
+  }
+  /**
+   * Check if URL is safe to visit
+   * @param {string} url - URL to check
+   * @returns {object} { safe: boolean, reason: string }
+   */
+  isUrlSafe(url) {
+    try {
+      const urlLower = url.toLowerCase();
+      for (const pattern of this.denyUrlPatterns) {
+        if (urlLower.includes(pattern.toLowerCase())) {
+          return {
+            safe: false,
+            reason: `URL contains blocked pattern: "${pattern}"`,
+          };
+        }
+      }
+      return { safe: true, reason: null };
+    } catch (error) {
+      return {
+        safe: false,
+        reason: `Invalid URL: ${error.message}`,
+      };
+    }
+  }
+  /**
+   * Check if selector is safe to click
+   * @param {string} selector - CSS selector
+   * @returns {object} { safe: boolean, reason: string }
+   */
+  isSelectorSafe(selector) {
+    try {
+      const selectorLower = selector.toLowerCase();
+      for (const denyPattern of this.denySelectors) {
+        if (selectorLower.includes(denyPattern.toLowerCase())) {
+          return {
+            safe: false,
+            reason: `Selector matches blocked pattern: "${denyPattern}"`,
+          };
+        }
+      }
+      return { safe: true, reason: null };
+    } catch (error) {
+      return {
+        safe: false,
+        reason: `Invalid selector: ${error.message}`,
+      };
+    }
+  }
+  /**
+   * Check if element text suggests dangerous action
+   * @param {string} text - Element text content
+   * @returns {object} { safe: boolean, reason: string }
+   */
+  isTextSafe(text) {
+    if (!text) {
+      return { safe: true, reason: null };
+    }
+    const textLower = text.toLowerCase().trim();
+    const dangerousWords = [
+      'logout',
+      'log out',
+      'sign out',
+      'delete',
+      'remove',
+      'destroy',
+      'cancel account',
+      'close account',
+      'unsubscribe',
+    ];
+    for (const word of dangerousWords) {
+      if (textLower.includes(word)) {
+        return {
+          safe: false,
+          reason: `Text contains dangerous word: "${word}"`,
+        };
+      }
+    }
+    return { safe: true, reason: null };
+  }
+  /**
+   * Check if action involves payment
+   * @param {string} context - Context (URL, selector, or text)
+   * @returns {boolean} True if payment-related
+   */
+  isPaymentRelated(context) {
+    if (!context) {
+      return false;
+    }
+    const contextLower = context.toLowerCase();
+    for (const keyword of this.paymentKeywords) {
+      if (contextLower.includes(keyword)) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Check if form submission is safe
+   * @param {string} formAction - Form action URL or selector
+   * @param {object} formData - Form data being submitted
+   * @returns {object} { safe: boolean, reason: string }
+   */
+  isFormSubmitSafe(formAction, formData = {}) {
+    // Check if form submissions are globally blocked
+    if (this.blockFormSubmitsByDefault) {
+      return {
+        safe: false,
+        reason: 'Form submissions are blocked by default (safety guard)',
+      };
+    }
+    // Check if form action URL is safe
+    if (formAction) {
+      const urlCheck = this.isUrlSafe(formAction);
+      if (!urlCheck.safe) {
+        return urlCheck;
+      }
+      // Check if payment-related
+      if (this.blockPaymentsByDefault && this.isPaymentRelated(formAction)) {
+        return {
+          safe: false,
+          reason: 'Form submission appears payment-related (blocked by safety guard)',
+        };
+      }
+    }
+    // Check form data for sensitive fields
+    const formDataStr = JSON.stringify(formData).toLowerCase();
+    if (this.blockPaymentsByDefault && this.isPaymentRelated(formDataStr)) {
+      return {
+        safe: false,
+        reason: 'Form data contains payment-related fields (blocked by safety guard)',
+      };
+    }
+    return { safe: true, reason: null };
+  }
+  /**
+   * Filter URLs to remove unsafe ones
+   * @param {string[]} urls - Array of URLs
+   * @returns {object} { safe: string[], blocked: Array<{url, reason}> }
+   */
+  filterUrls(urls) {
+    const safe = [];
+    const blocked = [];
+    for (const url of urls) {
+      const check = this.isUrlSafe(url);
+      if (check.safe) {
+        safe.push(url);
+      } else {
+        blocked.push({ url, reason: check.reason });
+      }
+    }
+    return { safe, blocked };
+  }
+  /**
+   * Get safety summary (how many URLs/actions were blocked)
+   * @param {object} stats - Statistics object
+   * @returns {object} Safety summary
+   */
+  getSummary(stats = {}) {
+    return {
+      urlsBlocked: stats.urlsBlocked || 0,
+      selectorsBlocked: stats.selectorsBlocked || 0,
+      formsBlocked: stats.formsBlocked || 0,
+      totalBlocked: (stats.urlsBlocked || 0) + (stats.selectorsBlocked || 0) + (stats.formsBlocked || 0),
+      safetyEnabled: true,
+    };
+  }
+}
+module.exports = GuardianSafety;