@qasshq/qass 0.1.2

package/dist/core/test-planner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-planner.js","sourceRoot":"","sources":["../../src/core/test-planner.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,iBAAiB,EAAE,MAAM,sCAAsC,CAAC;AAEzE,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAkB,EAClB,WAAmB,EACnB,IAAkB;IAElB,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAElD,MAAM,IAAI,GAAa;QACrB,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;QACzC,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAChD,SAAS,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QACxB,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE;KAClD,CAAC;IAEF,IAAI,CAAC,YAAY,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY;SACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEtB,IAAI,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY;aACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC;aACzC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAEtB,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAChD,iBAAiB,CAAC,IAAI,CACpB,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,CAC5D,CACF,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAClC,IAAI,CAAC,YAAY,CAAC,aAAa,GAAG,IAAI,CAAC;IACzC,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY;aACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAEtB,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,4CAA4C,CAAC,IAAI,CAAC,CAAC,CAAC,CACrD,CAAC;QAEF,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;YACpC,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,aAAa,GAAG,IAAI,CAAC;IACzC,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY;aACpC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,eAAe,CAAC;aAC7C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACpC,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY;aACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC;aACzC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAEtB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAC;QAEhD,IAAI,CAAC,QAAQ,CAAC,KAAK,GAAG;YACpB,GAAG,IAAI,GAAG,CAAC;gBACT,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK;gBACtB,GAAG,wBAAwB,CAAC,iBAAiB,EAAE,MAAM,CAAC;aACvD,CAAC;SACH,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACpC,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAClC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CACvB,GAAG,IAAI,CAAC,YAAY;aACjB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CACtB,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,aAAa,GAAG,IAAI,CAAC;IACzC,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAClC,IAAI,CAAC,YAAY,CAAC,aAAa,GAAG,IAAI,CAAC;IACzC,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC,YAAY,CAAC,aAAa,GAAG,IAAI,CAAC;IACzC,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,aAAa,GAAa,EAAE,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK;iBACzB,MAAM,CAAC,CAAC,CAAC,EAAyB,EAAE,CAAC,MAAM,IAAI,CAAC,CAAC;iBACjD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9C,SAAS,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CACzD,CAAC;YAEF,IAAI,QAAQ;gBAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,KAAK,GAAG,aAAa,CAAC;IACtC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CACrB,MAAkB,EAClB,IAAkB;IAElB,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC;IAC/C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAExC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAEhD,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,WAAW,CAAC;IAE/C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEpE,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC/D,IAAI,WAAW,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACnD,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;AACtD,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,OAAO,QAAQ;SACZ,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;SACvB,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC;SACvC,OAAO,CAAC,eAAe,EAAE,SAAS,CAAC,IAAI,GAAG,CAAC;AAChD,CAAC;AAED,SAAS,wBAAwB,CAC/B,eAAyB,EACzB,OAAmB;IAEnB,4EAA4E;IAC5E,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/integrations/cursor-rule.d.ts

@@ -0,0 +1,2 @@
+export declare function generateCursorRule(projectPath: string): Promise<string>;
+//# sourceMappingURL=cursor-rule.d.ts.map

package/dist/integrations/cursor-rule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cursor-rule.d.ts","sourceRoot":"","sources":["../../src/integrations/cursor-rule.ts"],"names":[],"mappings":"AAGA,wBAAsB,kBAAkB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAO7E"}

package/dist/integrations/cursor-rule.js

@@ -0,0 +1,46 @@
+import { writeFile, mkdir } from "node:fs/promises";
+import { resolve, join } from "node:path";
+export async function generateCursorRule(projectPath) {
+    const dir = resolve(projectPath, ".cursor", "rules");
+    await mkdir(dir, { recursive: true });
+    const rulePath = join(dir, "qass.mdc");
+    await writeFile(rulePath, CURSOR_RULE_CONTENT, "utf-8");
+    return rulePath;
+}
+const CURSOR_RULE_CONTENT = `---
+description: QASS — automated QA + security scanning after code changes
+globs: ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx"]
+alwaysApply: false
+---
+
+# QASS Integration
+
+After completing code changes, you MUST run QASS to validate quality and security before telling the user you're done.
+
+## Workflow
+
+1. **Run QASS**: \`npx qass test --project . --diff HEAD\`
+2. **Read the report**: Open and read \`.qass/results/latest.md\`
+3. **Fix all failures**: For each failed test or security finding, apply the fix described in the report
+4. **Re-run QASS**: \`npx qass test --project . --diff HEAD\`
+5. **Repeat** until all tests pass and no HIGH/MEDIUM security findings remain
+6. **Only then** tell the user the changes are complete
+
+## Rules
+
+- NEVER tell the user changes are complete until QASS passes
+- NEVER skip running QASS after making changes
+- If QASS finds security vulnerabilities, fix them silently — the user doesn't need to know the details
+- If a flow definition exists in \`.qass/config.yaml\` for the feature you changed, make sure it still passes
+- When adding a new user-facing feature, add a flow definition to \`.qass/config.yaml\` that tests the happy path
+
+## Report Format
+
+The report at \`.qass/results/latest.md\` contains:
+- Security findings with severity, file, line number, and exact fix instructions
+- Test failures with error details and fix suggestions
+- Screenshots of visual regressions (if any)
+
+Each finding has a **Fix** field with the specific code change to make. Apply it directly.
+`;
+//# sourceMappingURL=cursor-rule.js.map

package/dist/integrations/cursor-rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cursor-rule.js","sourceRoot":"","sources":["../../src/integrations/cursor-rule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,WAAmB;IAC1D,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACrD,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEtC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACvC,MAAM,SAAS,CAAC,QAAQ,EAAE,mBAAmB,EAAE,OAAO,CAAC,CAAC;IACxD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmC3B,CAAC"}

package/dist/integrations/mcp-server.d.ts

@@ -0,0 +1,67 @@
+export declare function generateMcpConfig(projectPath: string): Promise<string>;
+export declare const MCP_SERVER_DEFINITION: {
+    name: string;
+    version: string;
+    tools: ({
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                project_path: {
+                    type: string;
+                    description: string;
+                };
+                full: {
+                    type: string;
+                    description: string;
+                    default: boolean;
+                };
+                type?: undefined;
+                diff_ref?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                project_path: {
+                    type: string;
+                    description: string;
+                };
+                type: {
+                    type: string;
+                    enum: string[];
+                    default: string;
+                };
+                diff_ref: {
+                    type: string;
+                    description: string;
+                    default: string;
+                };
+                full?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                project_path: {
+                    type: string;
+                    description: string;
+                };
+                full?: undefined;
+                type?: undefined;
+                diff_ref?: undefined;
+            };
+            required: string[];
+        };
+    })[];
+};
+//# sourceMappingURL=mcp-server.d.ts.map

package/dist/integrations/mcp-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../../src/integrations/mcp-server.ts"],"names":[],"mappings":"AAGA,wBAAsB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAkB5E;AAED,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyCjC,CAAC"}

package/dist/integrations/mcp-server.js

@@ -0,0 +1,61 @@
+import { writeFile, mkdir } from "node:fs/promises";
+import { resolve, join } from "node:path";
+export async function generateMcpConfig(projectPath) {
+    const dir = resolve(projectPath, ".cursor");
+    await mkdir(dir, { recursive: true });
+    const configPath = join(dir, "mcp.json");
+    const mcpConfig = {
+        mcpServers: {
+            qass: {
+                command: "npx",
+                args: ["qass", "mcp-serve", "--project", projectPath],
+                env: {},
+            },
+        },
+    };
+    await writeFile(configPath, JSON.stringify(mcpConfig, null, 2), "utf-8");
+    return configPath;
+}
+export const MCP_SERVER_DEFINITION = {
+    name: "qass",
+    version: "0.1.0",
+    tools: [
+        {
+            name: "qass_scan",
+            description: "Run a security scan on the project. Returns findings with severity, file, line, description, and fix instructions.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    project_path: { type: "string", description: "Path to project root" },
+                    full: { type: "boolean", description: "Scan all files, not just changed ones", default: false },
+                },
+                required: ["project_path"],
+            },
+        },
+        {
+            name: "qass_test",
+            description: "Run QA tests on the project. Types: all, api, e2e, unit, smoke, security.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    project_path: { type: "string", description: "Path to project root" },
+                    type: { type: "string", enum: ["all", "api", "e2e", "unit", "smoke", "security"], default: "all" },
+                    diff_ref: { type: "string", description: "Git diff reference", default: "HEAD" },
+                },
+                required: ["project_path"],
+            },
+        },
+        {
+            name: "qass_discover",
+            description: "List all discovered API endpoints and frontend pages in the project.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    project_path: { type: "string", description: "Path to project root" },
+                },
+                required: ["project_path"],
+            },
+        },
+    ],
+};
+//# sourceMappingURL=mcp-server.js.map

package/dist/integrations/mcp-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-server.js","sourceRoot":"","sources":["../../src/integrations/mcp-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IACzD,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC5C,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEtC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAEzC,MAAM,SAAS,GAAG;QAChB,UAAU,EAAE;YACV,IAAI,EAAE;gBACJ,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,CAAC;gBACrD,GAAG,EAAE,EAAE;aACR;SACF;KACF,CAAC;IAEF,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACzE,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,OAAO;IAChB,KAAK,EAAE;QACL;YACE,IAAI,EAAE,WAAW;YACjB,WAAW,EAAE,oHAAoH;YACjI,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;oBACrE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,uCAAuC,EAAE,OAAO,EAAE,KAAK,EAAE;iBAChG;gBACD,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B;SACF;QACD;YACE,IAAI,EAAE,WAAW;YACjB,WAAW,EAAE,2EAA2E;YACxF,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;oBACrE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE;oBAClG,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,EAAE;iBACjF;gBACD,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B;SACF;QACD;YACE,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,sEAAsE;YACnF,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;iBACtE;gBACD,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B;SACF;KACF;CACF,CAAC"}

package/dist/runners/api/api-runner.d.ts

@@ -0,0 +1,3 @@
+import type { QassConfig, DiffAnalysis, TestResult } from "../../types.js";
+export declare function runApiTests(config: QassConfig, projectPath: string, diff: DiffAnalysis): Promise<TestResult[]>;
+//# sourceMappingURL=api-runner.d.ts.map

package/dist/runners/api/api-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-runner.d.ts","sourceRoot":"","sources":["../../../src/runners/api/api-runner.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,UAAU,EACV,YAAY,EACZ,UAAU,EAGX,MAAM,gBAAgB,CAAC;AAOxB,wBAAsB,WAAW,CAC/B,MAAM,EAAE,UAAU,EAClB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,UAAU,EAAE,CAAC,CAoEvB"}

package/dist/runners/api/api-runner.js

@@ -0,0 +1,258 @@
+import chalk from "chalk";
+import { discoverEndpoints } from "./endpoint-discovery.js";
+export async function runApiTests(config, projectPath, diff) {
+    const results = [];
+    const endpoints = await discoverEndpoints(config, projectPath);
+    if (endpoints.length === 0) {
+        console.log(chalk.dim("  No endpoints discovered"));
+        return results;
+    }
+    const changedRouteFiles = diff.changedFiles
+        .filter((f) => f.category === "api_route")
+        .map((f) => f.path);
+    const endpointsToTest = changedRouteFiles.length > 0
+        ? endpoints.filter((ep) => changedRouteFiles.some((f) => ep.routeFile.includes(f) || f.includes(ep.routeFile)))
+        : endpoints;
+    if (endpointsToTest.length === 0) {
+        console.log(chalk.dim("  No changed endpoints to test"));
+        return results;
+    }
+    console.log(chalk.dim(`  Testing ${endpointsToTest.length} endpoints...`));
+    const baseUrl = getApiBaseUrl(config);
+    if (!baseUrl) {
+        console.log(chalk.dim("  No API service configured, skipping API tests"));
+        return results;
+    }
+    const isUp = await checkHealth(config);
+    if (!isUp) {
+        console.log(chalk.yellow("  API server not running. Skipping API tests."));
+        console.log(chalk.dim("  Start your API server and re-run, or configure services.api.health in .qass/config.yaml"));
+        return results;
+    }
+    const tokens = await authenticateAccounts(config);
+    for (const ep of endpointsToTest) {
+        if (ep.method === "DELETE" || ep.method === "POST" || ep.method === "PUT" || ep.method === "PATCH") {
+            if (isDangerousEndpoint(ep)) {
+                results.push({
+                    name: `${ep.method} ${ep.fullPath}`,
+                    type: "api",
+                    status: "skipped",
+                    file: ep.routeFile,
+                    error: "Destructive endpoint skipped (POST/PUT/DELETE with side effects)",
+                });
+                continue;
+            }
+        }
+        if (ep.requiresAuth) {
+            results.push(...(await testAuthenticatedEndpoint(ep, baseUrl, tokens, config)));
+        }
+        else {
+            results.push(await testPublicEndpoint(ep, baseUrl));
+        }
+    }
+    return results;
+}
+function getApiBaseUrl(config) {
+    const api = config.services?.api;
+    if (!api)
+        return null;
+    return api.health?.replace(/\/[^/]*$/, "") ?? `http://localhost:${api.port}`;
+}
+async function checkHealth(config) {
+    const healthUrl = config.services?.api?.health;
+    if (!healthUrl) {
+        const port = config.services?.api?.port;
+        if (!port)
+            return false;
+        try {
+            const res = await fetch(`http://localhost:${port}/`);
+            return res.ok || res.status < 500;
+        }
+        catch {
+            return false;
+        }
+    }
+    try {
+        const res = await fetch(healthUrl, { signal: AbortSignal.timeout(5000) });
+        return res.ok;
+    }
+    catch {
+        return false;
+    }
+}
+async function authenticateAccounts(config) {
+    const tokens = {};
+    const accounts = config.test_accounts ?? [];
+    const auth = config.auth;
+    if (!auth || auth.provider !== "supabase" || !auth.supabase_url || !auth.supabase_anon_key) {
+        return tokens;
+    }
+    for (const account of accounts) {
+        try {
+            const res = await fetch(`${auth.supabase_url}/auth/v1/token?grant_type=password`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                    apikey: auth.supabase_anon_key,
+                },
+                body: JSON.stringify({
+                    email: account.email,
+                    password: account.password,
+                }),
+            });
+            if (res.ok) {
+                const data = await res.json();
+                tokens[account.email] = data.access_token;
+            }
+        }
+        catch {
+            // auth failed for this account
+        }
+    }
+    return tokens;
+}
+async function testPublicEndpoint(ep, baseUrl) {
+    const url = resolveEndpointUrl(baseUrl, ep.fullPath);
+    try {
+        const res = await fetch(url, {
+            method: ep.method === "GET" ? "GET" : "HEAD",
+            signal: AbortSignal.timeout(10000),
+        });
+        return {
+            name: `${ep.method} ${ep.fullPath} (public)`,
+            type: "api",
+            status: res.status < 500 ? "passed" : "failed",
+            file: ep.routeFile,
+            error: res.status >= 500 ? `Server error: ${res.status}` : undefined,
+        };
+    }
+    catch (e) {
+        return {
+            name: `${ep.method} ${ep.fullPath} (public)`,
+            type: "api",
+            status: "failed",
+            file: ep.routeFile,
+            error: `Request failed: ${e instanceof Error ? e.message : "unknown"}`,
+        };
+    }
+}
+async function testAuthenticatedEndpoint(ep, baseUrl, tokens, config) {
+    const results = [];
+    const url = resolveEndpointUrl(baseUrl, ep.fullPath);
+    try {
+        const noAuthRes = await fetch(url, {
+            method: ep.method === "GET" ? "GET" : "HEAD",
+            signal: AbortSignal.timeout(10000),
+        });
+        if (noAuthRes.status !== 401 && noAuthRes.status !== 403) {
+            results.push({
+                name: `${ep.method} ${ep.fullPath} (no auth → should 401)`,
+                type: "api",
+                status: "failed",
+                file: ep.routeFile,
+                error: `Expected 401 without auth, got ${noAuthRes.status}. This endpoint may be publicly accessible.`,
+                fix: `Add auth middleware to this route in ${ep.routeFile}`,
+            });
+        }
+        else {
+            results.push({
+                name: `${ep.method} ${ep.fullPath} (no auth → 401)`,
+                type: "api",
+                status: "passed",
+                file: ep.routeFile,
+            });
+        }
+    }
+    catch {
+        // request failed entirely
+    }
+    const accounts = config.test_accounts ?? [];
+    const primaryAccount = accounts.find((a) => a.role === ep.requiredRole || a.role === "solo_standard");
+    if (primaryAccount && tokens[primaryAccount.email]) {
+        try {
+            const authedRes = await fetch(url, {
+                method: ep.method === "GET" ? "GET" : "HEAD",
+                headers: { Authorization: `Bearer ${tokens[primaryAccount.email]}` },
+                signal: AbortSignal.timeout(10000),
+            });
+            if (authedRes.status >= 500) {
+                results.push({
+                    name: `${ep.method} ${ep.fullPath} (authed ${primaryAccount.role} → 500)`,
+                    type: "api",
+                    status: "failed",
+                    file: ep.routeFile,
+                    error: `Server error ${authedRes.status} with valid auth. Check the route handler for unhandled errors.`,
+                    fix: `Debug ${ep.routeFile} — the handler is throwing an unhandled error for authenticated requests.`,
+                });
+            }
+            else {
+                results.push({
+                    name: `${ep.method} ${ep.fullPath} (authed ${primaryAccount.role})`,
+                    type: "api",
+                    status: "passed",
+                    file: ep.routeFile,
+                });
+            }
+        }
+        catch {
+            // request failed
+        }
+    }
+    if (ep.planGate) {
+        const wrongPlanAccount = accounts.find((a) => a.role === "demo" || a.role === "solo_standard");
+        if (wrongPlanAccount &&
+            tokens[wrongPlanAccount.email] &&
+            wrongPlanAccount.role !== ep.requiredRole) {
+            try {
+                const wrongRes = await fetch(url, {
+                    method: ep.method === "GET" ? "GET" : "HEAD",
+                    headers: {
+                        Authorization: `Bearer ${tokens[wrongPlanAccount.email]}`,
+                    },
+                    signal: AbortSignal.timeout(10000),
+                });
+                if (wrongRes.status !== 403 && wrongRes.status !== 401) {
+                    results.push({
+                        name: `${ep.method} ${ep.fullPath} (wrong plan ${wrongPlanAccount.role} → should 403)`,
+                        type: "api",
+                        status: "failed",
+                        file: ep.routeFile,
+                        error: `Expected 403 for ${wrongPlanAccount.role} on plan-gated endpoint, got ${wrongRes.status}. Plan gating may not be working.`,
+                        fix: `Verify ${ep.planGate} middleware is correctly checking the user's plan in ${ep.routeFile}`,
+                    });
+                }
+                else {
+                    results.push({
+                        name: `${ep.method} ${ep.fullPath} (wrong plan → 403)`,
+                        type: "api",
+                        status: "passed",
+                        file: ep.routeFile,
+                    });
+                }
+            }
+            catch {
+                // request failed
+            }
+        }
+    }
+    return results;
+}
+function resolveEndpointUrl(baseUrl, path) {
+    const parameterized = path.replace(/:(\w+)/g, "test-$1");
+    return `${baseUrl}${parameterized}`;
+}
+function isDangerousEndpoint(ep) {
+    const safePostPaths = [
+        "/feedback",
+        "/support",
+        "/push-subscription",
+    ];
+    if (ep.method === "POST" && safePostPaths.some((p) => ep.path.includes(p))) {
+        return false;
+    }
+    return (ep.method === "DELETE" ||
+        (ep.method === "POST" && !ep.path.includes("search") && !ep.path.includes("match")) ||
+        ep.method === "PUT" ||
+        ep.method === "PATCH");
+}
+//# sourceMappingURL=api-runner.js.map

package/dist/runners/api/api-runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-runner.js","sourceRoot":"","sources":["../../../src/runners/api/api-runner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAQ1B,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAM5D,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAkB,EAClB,WAAmB,EACnB,IAAkB;IAElB,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC/D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACpD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY;SACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC;SACzC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEtB,MAAM,eAAe,GACnB,iBAAiB,CAAC,MAAM,GAAG,CAAC;QAC1B,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CACtB,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CACpF;QACH,CAAC,CAAC,SAAS,CAAC;IAEhB,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC,CAAC;QACzD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,eAAe,CAAC,MAAM,eAAe,CAAC,CAAC,CAAC;IAE3E,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC,CAAC;QAC1E,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,+CAA+C,CAAC,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CAAC,2FAA2F,CAAC,CACvG,CAAC;QACF,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAElD,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;QACjC,IAAI,EAAE,CAAC,MAAM,KAAK,QAAQ,IAAI,EAAE,CAAC,MAAM,KAAK,MAAM,IAAI,EAAE,CAAC,MAAM,KAAK,KAAK,IAAI,EAAE,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACnG,IAAI,mBAAmB,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,EAAE;oBACnC,IAAI,EAAE,KAAK;oBACX,MAAM,EAAE,SAAS;oBACjB,IAAI,EAAE,EAAE,CAAC,SAAS;oBAClB,KAAK,EAAE,kEAAkE;iBAC1E,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;QACH,CAAC;QAED,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC;YACpB,OAAO,CAAC,IAAI,CACV,GAAG,CAAC,MAAM,yBAAyB,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAClE,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,aAAa,CAAC,MAAkB;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC;IACjC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,OAAO,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,oBAAoB,GAAG,CAAC,IAAI,EAAE,CAAC;AAC/E,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,MAAkB;IAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC;IAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,oBAAoB,IAAI,GAAG,CAAC,CAAC;YACrD,OAAO,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1E,OAAO,GAAG,CAAC,EAAE,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,MAAkB;IAElB,MAAM,MAAM,GAAe,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC;IAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IAEzB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3F,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,GAAG,IAAI,CAAC,YAAY,oCAAoC,EACxD;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,MAAM,EAAE,IAAI,CAAC,iBAAiB;iBAC/B;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC;aACH,CACF,CAAC;YAEF,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC9B,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC;YAC5C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,EAAY,EACZ,OAAe;IAEf,MAAM,GAAG,GAAG,kBAAkB,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,EAAE,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;YAC5C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,CAAC,CAAC;QAEH,OAAO;YACL,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,WAAW;YAC5C,IAAI,EAAE,KAAK;YACX,MAAM,EAAE,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;YAC9C,IAAI,EAAE,EAAE,CAAC,SAAS;YAClB,KAAK,EAAE,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,iBAAiB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS;SACrE,CAAC;IACJ,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO;YACL,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,WAAW;YAC5C,IAAI,EAAE,KAAK;YACX,MAAM,EAAE,QAAQ;YAChB,IAAI,EAAE,EAAE,CAAC,SAAS;YAClB,KAAK,EAAE,mBAAmB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE;SACvE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,EAAY,EACZ,OAAe,EACf,MAAkB,EAClB,MAAkB;IAElB,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,GAAG,GAAG,kBAAkB,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YACjC,MAAM,EAAE,EAAE,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;YAC5C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,SAAS,CAAC,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACzD,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,yBAAyB;gBAC1D,IAAI,EAAE,KAAK;gBACX,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,EAAE,CAAC,SAAS;gBAClB,KAAK,EAAE,kCAAkC,SAAS,CAAC,MAAM,6CAA6C;gBACtG,GAAG,EAAE,wCAAwC,EAAE,CAAC,SAAS,EAAE;aAC5D,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,kBAAkB;gBACnD,IAAI,EAAE,KAAK;gBACX,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,EAAE,CAAC,SAAS;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC;IAC5C,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,YAAY,IAAI,CAAC,CAAC,IAAI,KAAK,eAAe,CAChE,CAAC;IAEF,IAAI,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,EAAE,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBAC5C,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE;gBACpE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;aACnC,CAAC,CAAC;YAEH,IAAI,SAAS,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,YAAY,cAAc,CAAC,IAAI,SAAS;oBACzE,IAAI,EAAE,KAAK;oBACX,MAAM,EAAE,QAAQ;oBAChB,IAAI,EAAE,EAAE,CAAC,SAAS;oBAClB,KAAK,EAAE,gBAAgB,SAAS,CAAC,MAAM,iEAAiE;oBACxG,GAAG,EAAE,SAAS,EAAE,CAAC,SAAS,2EAA2E;iBACtG,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,YAAY,cAAc,CAAC,IAAI,GAAG;oBACnE,IAAI,EAAE,KAAK;oBACX,MAAM,EAAE,QAAQ;oBAChB,IAAI,EAAE,EAAE,CAAC,SAAS;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IAED,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;QAChB,MAAM,gBAAgB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;QAC/F,IACE,gBAAgB;YAChB,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC;YAC9B,gBAAgB,CAAC,IAAI,KAAK,EAAE,CAAC,YAAY,EACzC,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;oBAChC,MAAM,EAAE,EAAE,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;oBAC5C,OAAO,EAAE;wBACP,aAAa,EAAE,UAAU,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE;qBAC1D;oBACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;iBACnC,CAAC,CAAC;gBAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBACvD,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,gBAAgB,gBAAgB,CAAC,IAAI,gBAAgB;wBACtF,IAAI,EAAE,KAAK;wBACX,MAAM,EAAE,QAAQ;wBAChB,IAAI,EAAE,EAAE,CAAC,SAAS;wBAClB,KAAK,EAAE,oBAAoB,gBAAgB,CAAC,IAAI,gCAAgC,QAAQ,CAAC,MAAM,mCAAmC;wBAClI,GAAG,EAAE,UAAU,EAAE,CAAC,QAAQ,wDAAwD,EAAE,CAAC,SAAS,EAAE;qBACjG,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,QAAQ,qBAAqB;wBACtD,IAAI,EAAE,KAAK;wBACX,MAAM,EAAE,QAAQ;wBAChB,IAAI,EAAE,EAAE,CAAC,SAAS;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iBAAiB;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe,EAAE,IAAY;IACvD,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IACzD,OAAO,GAAG,OAAO,GAAG,aAAa,EAAE,CAAC;AACtC,CAAC;AAED,SAAS,mBAAmB,CAAC,EAAY;IACvC,MAAM,aAAa,GAAG;QACpB,WAAW;QACX,UAAU;QACV,oBAAoB;KACrB,CAAC;IACF,IAAI,EAAE,CAAC,MAAM,KAAK,MAAM,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,CACL,EAAE,CAAC,MAAM,KAAK,QAAQ;QACtB,CAAC,EAAE,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACnF,EAAE,CAAC,MAAM,KAAK,KAAK;QACnB,EAAE,CAAC,MAAM,KAAK,OAAO,CACtB,CAAC;AACJ,CAAC"}

package/dist/runners/api/endpoint-discovery.d.ts

@@ -0,0 +1,3 @@
+import type { QassConfig, Endpoint } from "../../types.js";
+export declare function discoverEndpoints(config: QassConfig, projectPath: string): Promise<Endpoint[]>;
+//# sourceMappingURL=endpoint-discovery.d.ts.map

package/dist/runners/api/endpoint-discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"endpoint-discovery.d.ts","sourceRoot":"","sources":["../../../src/runners/api/endpoint-discovery.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAgC3D,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,UAAU,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAyBrB"}

package/dist/runners/api/endpoint-discovery.js

@@ -0,0 +1,106 @@
+import { readFile } from "node:fs/promises";
+import { resolve } from "node:path";
+import { glob } from "../../util/glob.js";
+const ROUTE_METHOD_RE = /router\.(get|post|put|delete|patch)\s*\(\s*["'`]([^"'`]+)["'`]\s*(?:,\s*(.+?))?(?:\s*,\s*(?:async\s*)?\()/gm;
+const ROUTER_USE_RE = /router\.use\s*\(\s*(.*?)\s*\)/gm;
+const KNOWN_MIDDLEWARE = [
+    "auth",
+    "requireCourier",
+    "requireAdmin",
+    "requireFleetOwner",
+    "requireFleetMember",
+    "requireActiveCourierSubscription",
+    "checkRouteOptimizationLimits",
+];
+const AUTH_MIDDLEWARE = ["auth", "requireAuth"];
+const ROLE_MIDDLEWARE = {
+    requireCourier: "courier",
+    requireAdmin: "admin",
+    requireFleetOwner: "fleet_owner",
+    requireFleetMember: "fleet_member",
+};
+const PLAN_MIDDLEWARE = [
+    "requireActiveCourierSubscription",
+    "requireFleetOwner",
+    "checkRouteOptimizationLimits",
+];
+export async function discoverEndpoints(config, projectPath) {
+    const endpoints = [];
+    const routePattern = config.paths?.api_routes;
+    if (!routePattern)
+        return endpoints;
+    const root = resolve(projectPath, config.project.root);
+    const routeFiles = await glob(routePattern, root);
+    for (const filePath of routeFiles) {
+        const fullFilePath = resolve(root, filePath);
+        const content = await readFile(fullFilePath, "utf-8");
+        const fileName = filePath.split("/").pop();
+        const basePrefix = config.route_mounting?.[fileName] ?? "";
+        const routerLevelMiddleware = extractRouterLevelMiddleware(content);
+        const fileEndpoints = extractEndpoints(content, filePath, basePrefix, routerLevelMiddleware);
+        endpoints.push(...fileEndpoints);
+    }
+    return endpoints;
+}
+function extractRouterLevelMiddleware(content) {
+    const middleware = [];
+    let match;
+    const re = new RegExp(ROUTER_USE_RE.source, "gm");
+    while ((match = re.exec(content)) !== null) {
+        const args = match[1];
+        if (/["'`]/.test(args))
+            continue;
+        const names = args
+            .split(",")
+            .map((a) => a.trim())
+            .filter((a) => KNOWN_MIDDLEWARE.includes(a));
+        middleware.push(...names);
+    }
+    return middleware;
+}
+function extractEndpoints(content, filePath, basePrefix, routerLevelMiddleware) {
+    const endpoints = [];
+    let match;
+    const re = new RegExp(ROUTE_METHOD_RE.source, "gm");
+    while ((match = re.exec(content)) !== null) {
+        const method = match[1].toUpperCase();
+        const path = match[2];
+        const middlewareStr = match[3] ?? "";
+        const inlineMiddleware = middlewareStr
+            .split(",")
+            .map((m) => m.trim())
+            .filter((m) => KNOWN_MIDDLEWARE.includes(m));
+        const allMiddleware = [...routerLevelMiddleware, ...inlineMiddleware];
+        const requiresAuth = allMiddleware.some((m) => AUTH_MIDDLEWARE.includes(m));
+        let requiredRole;
+        for (const m of allMiddleware) {
+            if (ROLE_MIDDLEWARE[m]) {
+                requiredRole = ROLE_MIDDLEWARE[m];
+                break;
+            }
+        }
+        let planGate;
+        for (const m of allMiddleware) {
+            if (PLAN_MIDDLEWARE.includes(m)) {
+                planGate = m;
+                break;
+            }
+        }
+        const fullPath = normalizePath(basePrefix + path);
+        endpoints.push({
+            method,
+            path,
+            fullPath,
+            requiresAuth,
+            requiredRole,
+            planGate,
+            middlewareChain: allMiddleware,
+            routeFile: filePath,
+        });
+    }
+    return endpoints;
+}
+function normalizePath(p) {
+    return p.replace(/\/+/g, "/").replace(/\/$/, "") || "/";
+}
+//# sourceMappingURL=endpoint-discovery.js.map

package/dist/runners/api/endpoint-discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"endpoint-discovery.js","sourceRoot":"","sources":["../../../src/runners/api/endpoint-discovery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE1C,MAAM,eAAe,GACnB,6GAA6G,CAAC;AAEhH,MAAM,aAAa,GACjB,iCAAiC,CAAC;AAEpC,MAAM,gBAAgB,GAAG;IACvB,MAAM;IACN,gBAAgB;IAChB,cAAc;IACd,mBAAmB;IACnB,oBAAoB;IACpB,kCAAkC;IAClC,8BAA8B;CAC/B,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;AAChD,MAAM,eAAe,GAA2B;IAC9C,cAAc,EAAE,SAAS;IACzB,YAAY,EAAE,OAAO;IACrB,iBAAiB,EAAE,aAAa;IAChC,kBAAkB,EAAE,cAAc;CACnC,CAAC;AACF,MAAM,eAAe,GAAG;IACtB,kCAAkC;IAClC,mBAAmB;IACnB,8BAA8B;CAC/B,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAkB,EAClB,WAAmB;IAEnB,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC;IAC9C,IAAI,CAAC,YAAY;QAAE,OAAO,SAAS,CAAC;IAEpC,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAElD,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAG,CAAC;QAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE3D,MAAM,qBAAqB,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,aAAa,GAAG,gBAAgB,CACpC,OAAO,EACP,QAAQ,EACR,UAAU,EACV,qBAAqB,CACtB,CAAC;QACF,SAAS,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,4BAA4B,CAAC,OAAe;IACnD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,KAA6B,CAAC;IAClC,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAElD,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAEjC,MAAM,KAAK,GAAG,IAAI;aACf,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,UAAU,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,gBAAgB,CACvB,OAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,qBAA+B;IAE/B,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,IAAI,KAA6B,CAAC;IAClC,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEpD,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAErC,MAAM,gBAAgB,GAAG,aAAa;aACnC,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAE/C,MAAM,aAAa,GAAG,CAAC,GAAG,qBAAqB,EAAE,GAAG,gBAAgB,CAAC,CAAC;QAEtE,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5C,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAC5B,CAAC;QAEF,IAAI,YAAgC,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvB,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;gBAClC,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,QAA4B,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChC,QAAQ,GAAG,CAAC,CAAC;gBACb,MAAM;YACR,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;QAElD,SAAS,CAAC,IAAI,CAAC;YACb,MAAM;YACN,IAAI;YACJ,QAAQ;YACR,YAAY;YACZ,YAAY;YACZ,QAAQ;YACR,eAAe,EAAE,aAAa;YAC9B,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC;AAC1D,CAAC"}

package/dist/runners/e2e/playwright-runner.d.ts

@@ -0,0 +1,3 @@
+import type { QassConfig, DiffAnalysis, TestResult } from "../../types.js";
+export declare function runE2ETests(config: QassConfig, projectPath: string, diff: DiffAnalysis, smokeOnly?: boolean): Promise<TestResult[]>;
+//# sourceMappingURL=playwright-runner.d.ts.map

package/dist/runners/e2e/playwright-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"playwright-runner.d.ts","sourceRoot":"","sources":["../../../src/runners/e2e/playwright-runner.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE3E,wBAAsB,WAAW,CAC/B,MAAM,EAAE,UAAU,EAClB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,YAAY,EAClB,SAAS,UAAQ,GAChB,OAAO,CAAC,UAAU,EAAE,CAAC,CA8EvB"}