@qasshq/qass 0.1.2

package/dist/runners/security/static-analyzer.js

@@ -0,0 +1,87 @@
+import { resolve } from "node:path";
+import chalk from "chalk";
+import { glob } from "../../util/glob.js";
+import { runAuthMiddlewareRule } from "./rules/auth-middleware.js";
+import { runInputSanitizationRule } from "./rules/input-sanitization.js";
+import { runSecretsScanRule } from "./rules/secrets-scan.js";
+import { runXssVectorsRule } from "./rules/xss-vectors.js";
+import { runConfigAuditRule } from "./rules/config-audit.js";
+import { runRateLimitAuditRule } from "./rules/rate-limit-audit.js";
+import { runDepAuditRule } from "./rules/dep-audit.js";
+const RULES = [
+    { name: "auth-middleware", run: runAuthMiddlewareRule },
+    { name: "input-sanitization", run: runInputSanitizationRule },
+    { name: "secrets-scan", run: runSecretsScanRule },
+    { name: "xss-vectors", run: runXssVectorsRule },
+    { name: "config-audit", run: runConfigAuditRule },
+    { name: "rate-limit-audit", run: runRateLimitAuditRule },
+    { name: "dep-audit", run: runDepAuditRule },
+];
+export async function runStaticAnalysis(config, projectPath, diff) {
+    const enabledRules = config.security?.static_rules ?? RULES.map((r) => r.name);
+    const threshold = config.security?.severity_threshold ?? "LOW";
+    const defaultIgnore = [
+        "**/*.test.*",
+        "**/*.spec.*",
+        "**/node_modules/**",
+        "**/runners/security/rules/**",
+        "**/runners/security/dynamic-checker.*",
+    ];
+    const ignorePatterns = config.security?.ignore_paths
+        ? [...config.security.ignore_paths, ...defaultIgnore]
+        : defaultIgnore;
+    const filesToScan = await getFilesToScan(projectPath, config, diff, ignorePatterns);
+    if (filesToScan.length === 0) {
+        console.log(chalk.dim("  No files to scan"));
+        return [];
+    }
+    console.log(chalk.dim(`  Scanning ${filesToScan.length} files...`));
+    const findings = [];
+    for (const rule of RULES) {
+        if (!enabledRules.includes(rule.name))
+            continue;
+        try {
+            const ruleFindings = await rule.run(filesToScan, config, projectPath);
+            findings.push(...ruleFindings);
+        }
+        catch (e) {
+            console.log(chalk.dim(`  Rule ${rule.name} failed: ${e instanceof Error ? e.message : "unknown"}`));
+        }
+    }
+    return findings.filter((f) => severityRank(f.severity) >= severityRank(threshold));
+}
+async function getFilesToScan(projectPath, config, diff, ignorePatterns) {
+    const { readFile } = await import("node:fs/promises");
+    const { minimatch } = await import("minimatch");
+    let filePaths;
+    if (diff) {
+        filePaths = diff.changedFiles
+            .filter((f) => f.status !== "deleted")
+            .map((f) => f.path);
+    }
+    else {
+        filePaths = await glob("**/*.{ts,tsx,js,jsx,json,yaml,yml}", resolve(projectPath));
+    }
+    const filtered = filePaths.filter((f) => !ignorePatterns.some((pattern) => minimatch(f, pattern)));
+    const files = [];
+    for (const fp of filtered) {
+        try {
+            const content = await readFile(resolve(projectPath, fp), "utf-8");
+            files.push({ path: fp, content });
+        }
+        catch {
+            // skip unreadable files
+        }
+    }
+    return files;
+}
+function severityRank(s) {
+    const ranks = {
+        INFO: 0,
+        LOW: 1,
+        MEDIUM: 2,
+        HIGH: 3,
+    };
+    return ranks[s] ?? 0;
+}
+//# sourceMappingURL=static-analyzer.js.map

package/dist/runners/security/static-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"static-analyzer.js","sourceRoot":"","sources":["../../../src/runners/security/static-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAYvD,MAAM,KAAK,GAAmB;IAC5B,EAAE,IAAI,EAAE,iBAAiB,EAAE,GAAG,EAAE,qBAAqB,EAAE;IACvD,EAAE,IAAI,EAAE,oBAAoB,EAAE,GAAG,EAAE,wBAAwB,EAAE;IAC7D,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,kBAAkB,EAAE;IACjD,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,iBAAiB,EAAE;IAC/C,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,kBAAkB,EAAE;IACjD,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,qBAAqB,EAAE;IACxD,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,eAAe,EAAE;CAC5C,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAkB,EAClB,WAAmB,EACnB,IAAmB;IAEnB,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,YAAY,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC/E,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,EAAE,kBAAkB,IAAI,KAAK,CAAC;IAC/D,MAAM,aAAa,GAAG;QACpB,aAAa;QACb,aAAa;QACb,oBAAoB;QACpB,8BAA8B;QAC9B,uCAAuC;KACxC,CAAC;IACF,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,EAAE,YAAY;QAClD,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,GAAG,aAAa,CAAC;QACrD,CAAC,CAAC,aAAa,CAAC;IAElB,MAAM,WAAW,GAAG,MAAM,cAAc,CACtC,WAAW,EACX,MAAM,EACN,IAAI,EACJ,cAAc,CACf,CAAC;IAEF,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;QAC7C,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,WAAW,CAAC,MAAM,WAAW,CAAC,CAAC,CAAC;IAEpE,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAEhD,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;YACtE,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,IAAI,YAAY,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CACvF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;AACrF,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,WAAmB,EACnB,MAAkB,EAClB,IAA8B,EAC9B,cAAwB;IAExB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACtD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAEhD,IAAI,SAAmB,CAAC;IAExB,IAAI,IAAI,EAAE,CAAC;QACT,SAAS,GAAG,IAAI,CAAC,YAAY;aAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC;aACrC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,MAAM,IAAI,CAAC,oCAAoC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAC/B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAChE,CAAC;IAEF,MAAM,KAAK,GAAkB,EAAE,CAAC;IAChC,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,CAAW;IAC/B,MAAM,KAAK,GAA6B;QACtC,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,CAAC;QACN,MAAM,EAAE,CAAC;QACT,IAAI,EAAE,CAAC;KACR,CAAC;IACF,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;AACvB,CAAC"}

package/dist/runners/unit/unit-runner.d.ts

@@ -0,0 +1,3 @@
+import type { QassConfig, DiffAnalysis, TestResult } from "../../types.js";
+export declare function runUnitTests(config: QassConfig, projectPath: string, diff: DiffAnalysis): Promise<TestResult[]>;
+//# sourceMappingURL=unit-runner.d.ts.map

package/dist/runners/unit/unit-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"unit-runner.d.ts","sourceRoot":"","sources":["../../../src/runners/unit/unit-runner.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAI3E,wBAAsB,YAAY,CAChC,MAAM,EAAE,UAAU,EAClB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,UAAU,EAAE,CAAC,CAkGvB"}

package/dist/runners/unit/unit-runner.js

@@ -0,0 +1,157 @@
+import chalk from "chalk";
+import { resolve, join, basename } from "node:path";
+import { mkdir, writeFile, readFile } from "node:fs/promises";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+const exec = promisify(execFile);
+export async function runUnitTests(config, projectPath, diff) {
+    const results = [];
+    const testableFiles = diff.changedFiles.filter((f) => f.status !== "deleted" &&
+        /\.(ts|tsx|js|jsx)$/.test(f.path) &&
+        !f.path.includes(".test.") &&
+        !f.path.includes(".spec.") &&
+        !f.path.includes("node_modules"));
+    if (testableFiles.length === 0) {
+        console.log(chalk.dim("  No testable files changed"));
+        return results;
+    }
+    const testDir = resolve(projectPath, ".qass", "tests", "unit");
+    await mkdir(testDir, { recursive: true });
+    let generatedCount = 0;
+    for (const file of testableFiles) {
+        try {
+            const content = await readFile(resolve(projectPath, file.path), "utf-8");
+            const testCode = generateTestForFile(file.path, content);
+            if (testCode) {
+                const testFileName = basename(file.path).replace(/\.(ts|tsx|js|jsx)$/, ".test.ts");
+                await writeFile(join(testDir, testFileName), testCode, "utf-8");
+                generatedCount++;
+            }
+        }
+        catch {
+            // skip files we can't read/generate for
+        }
+    }
+    if (generatedCount === 0) {
+        console.log(chalk.dim("  No tests generated"));
+        return results;
+    }
+    console.log(chalk.dim(`  Generated ${generatedCount} test file(s)`));
+    try {
+        const { stdout, stderr } = await exec("npx", ["vitest", "run", "--reporter=json", testDir], {
+            cwd: projectPath,
+            timeout: 60000,
+            env: { ...process.env, NODE_ENV: "test" },
+        });
+        const output = stdout || stderr;
+        try {
+            const vitestResult = JSON.parse(output);
+            if (vitestResult.testResults) {
+                for (const suite of vitestResult.testResults) {
+                    for (const test of suite.assertionResults ?? []) {
+                        results.push({
+                            name: test.fullName ?? test.title ?? "unknown test",
+                            type: "unit",
+                            status: test.status === "passed" ? "passed" : "failed",
+                            duration: test.duration,
+                            error: test.failureMessages?.join("\n"),
+                            file: suite.name,
+                        });
+                    }
+                }
+            }
+        }
+        catch {
+            results.push({
+                name: "Unit test suite",
+                type: "unit",
+                status: generatedCount > 0 ? "passed" : "skipped",
+            });
+        }
+    }
+    catch (e) {
+        const errMsg = e instanceof Error ? e.message : "unknown";
+        if (/vitest.*not found|Cannot find/i.test(errMsg)) {
+            console.log(chalk.yellow("  Vitest not installed. Run: npm i -D vitest"));
+        }
+        else {
+            results.push({
+                name: "Unit test suite",
+                type: "unit",
+                status: "failed",
+                error: errMsg,
+                fix: "Check the generated tests in .qass/tests/unit/ for issues.",
+            });
+        }
+    }
+    return results;
+}
+function generateTestForFile(filePath, content) {
+    const exports = extractExports(content);
+    if (exports.length === 0)
+        return null;
+    const isReactComponent = /\b(React|jsx|tsx)\b/.test(content) ||
+        /export\s+(?:default\s+)?function\s+\w+.*\(/.test(content) && /</.test(content);
+    const lines = [];
+    const modulePath = filePath.replace(/\.(ts|tsx|js|jsx)$/, "");
+    lines.push(`import { describe, it, expect } from "vitest";`);
+    if (isReactComponent) {
+        lines.push("");
+        lines.push(`describe("${basename(filePath)}", () => {`);
+        lines.push(`  it("module is importable", async () => {`);
+        lines.push(`    const mod = await import("${modulePath}").catch(e => e);`);
+        lines.push(`    expect(mod).toBeDefined();`);
+        lines.push(`  });`);
+        lines.push(`});`);
+    }
+    else {
+        lines.push("");
+        lines.push(`describe("${basename(filePath)}", () => {`);
+        for (const exp of exports) {
+            if (exp.type === "function") {
+                lines.push(`  describe("${exp.name}", () => {`);
+                lines.push(`    it("is a function", async () => {`);
+                lines.push(`      const mod = await import("${modulePath}");`);
+                lines.push(`      expect(typeof mod.${exp.name}).toBe("function");`);
+                lines.push(`    });`);
+                if (exp.params.length === 0) {
+                    lines.push(`    it("runs without errors when called with no args", async () => {`);
+                    lines.push(`      const mod = await import("${modulePath}");`);
+                    lines.push(`      expect(() => mod.${exp.name}()).not.toThrow();`);
+                    lines.push(`    });`);
+                }
+                lines.push(`  });`);
+                lines.push("");
+            }
+            else if (exp.type === "const") {
+                lines.push(`  it("exports ${exp.name}", async () => {`);
+                lines.push(`    const mod = await import("${modulePath}");`);
+                lines.push(`    expect(mod.${exp.name}).toBeDefined();`);
+                lines.push(`  });`);
+                lines.push("");
+            }
+        }
+        lines.push(`});`);
+    }
+    return lines.join("\n");
+}
+function extractExports(content) {
+    const exports = [];
+    const funcMatches = content.matchAll(/export\s+(?:async\s+)?function\s+(\w+)\s*\(([^)]*)\)/g);
+    for (const m of funcMatches) {
+        exports.push({
+            name: m[1],
+            type: "function",
+            params: m[2]
+                .split(",")
+                .map((p) => p.trim())
+                .filter(Boolean),
+        });
+    }
+    const constMatches = content.matchAll(/export\s+const\s+(\w+)\s*[=:]/g);
+    for (const m of constMatches) {
+        exports.push({ name: m[1], type: "const", params: [] });
+    }
+    return exports;
+}
+//# sourceMappingURL=unit-runner.js.map

package/dist/runners/unit/unit-runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unit-runner.js","sourceRoot":"","sources":["../../../src/runners/unit/unit-runner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAW,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC7D,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAEjC,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAkB,EAClB,WAAmB,EACnB,IAAkB;IAElB,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAC5C,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,MAAM,KAAK,SAAS;QACtB,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QACjC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC1B,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC1B,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CACnC,CAAC;IAEF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC,CAAC;QACtD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC/D,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YACzE,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzD,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAC9C,oBAAoB,EACpB,UAAU,CACX,CAAC;gBACF,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAChE,cAAc,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wCAAwC;QAC1C,CAAC;IACH,CAAC;IAED,IAAI,cAAc,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,cAAc,eAAe,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CACnC,KAAK,EACL,CAAC,QAAQ,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAC7C;YACE,GAAG,EAAE,WAAW;YAChB,OAAO,EAAE,KAAK;YACd,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE;SAC1C,CACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,MAAM,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACxC,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;gBAC7B,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;oBAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,gBAAgB,IAAI,EAAE,EAAE,CAAC;wBAChD,OAAO,CAAC,IAAI,CAAC;4BACX,IAAI,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,KAAK,IAAI,cAAc;4BACnD,IAAI,EAAE,MAAM;4BACZ,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;4BACtD,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC;4BACvC,IAAI,EAAE,KAAK,CAAC,IAAI;yBACjB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1D,IAAI,gCAAgC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,8CAA8C,CAAC,CAAC,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,4DAA4D;aAClE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAC1B,QAAgB,EAChB,OAAe;IAEf,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC1D,4CAA4C,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAElF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;IAE9D,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;IAE7D,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QACzD,KAAK,CAAC,IAAI,CAAC,iCAAiC,UAAU,mBAAmB,CAAC,CAAC;QAC3E,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAExD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC5B,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,CAAC,IAAI,YAAY,CAAC,CAAC;gBAChD,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;gBACpD,KAAK,CAAC,IAAI,CACR,mCAAmC,UAAU,KAAK,CACnD,CAAC;gBACF,KAAK,CAAC,IAAI,CAAC,2BAA2B,GAAG,CAAC,IAAI,qBAAqB,CAAC,CAAC;gBACrE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAEtB,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC5B,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAC;oBACnF,KAAK,CAAC,IAAI,CACR,mCAAmC,UAAU,KAAK,CACnD,CAAC;oBACF,KAAK,CAAC,IAAI,CAAC,0BAA0B,GAAG,CAAC,IAAI,oBAAoB,CAAC,CAAC;oBACnE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACxB,CAAC;gBAED,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;iBAAM,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBAChC,KAAK,CAAC,IAAI,CAAC,iBAAiB,GAAG,CAAC,IAAI,kBAAkB,CAAC,CAAC;gBACxD,KAAK,CAAC,IAAI,CACR,iCAAiC,UAAU,KAAK,CACjD,CAAC;gBACF,KAAK,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,IAAI,kBAAkB,CAAC,CAAC;gBACzD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAQD,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAClC,uDAAuD,CACxD,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACV,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;iBACT,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,OAAO,CAAC;SACnB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CACnC,gCAAgC,CACjC,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,153 @@
+export interface QassConfig {
+    project: {
+        name: string;
+        root: string;
+        type?: "monorepo" | "standalone";
+    };
+    services?: Record<string, {
+        start: string;
+        port: number;
+        health?: string;
+        url?: string;
+    }>;
+    auth?: {
+        provider: "supabase";
+        supabase_url: string;
+        supabase_anon_key: string;
+    };
+    test_accounts?: TestAccount[];
+    paths?: Record<string, string>;
+    route_mounting?: Record<string, string>;
+    feature_matrix?: Record<string, string[]>;
+    plan_error_codes?: string[];
+    security?: SecurityConfig;
+    e2e?: E2EConfig;
+    flows?: Record<string, FlowDefinition>;
+}
+export interface TestAccount {
+    email: string;
+    password: string;
+    role: string;
+}
+export interface SecurityConfig {
+    enabled?: boolean;
+    severity_threshold?: Severity;
+    static_rules?: string[];
+    dynamic_checks?: boolean;
+    ignore_paths?: string[];
+    secrets_allowlist?: string[];
+    required_headers?: string[];
+}
+export interface E2EConfig {
+    viewports?: Viewport[];
+    smoke_crawl?: boolean;
+    visual_regression?: boolean;
+    visual_threshold?: number;
+    mask_selectors?: string[];
+    stuck_timeout?: number;
+    slow_response?: number;
+}
+export interface Viewport {
+    width: number;
+    height: number;
+    name: string;
+}
+export interface FlowDefinition {
+    as: string;
+    steps: FlowStep[];
+}
+export type FlowStep = {
+    goto: string;
+} | {
+    fill: string;
+} | {
+    click: string;
+} | {
+    wait: string;
+} | {
+    wait_url: string;
+} | {
+    assert_visible: string;
+} | {
+    assert_hidden: string;
+} | {
+    assert_url: string;
+};
+export type Severity = "HIGH" | "MEDIUM" | "LOW" | "INFO";
+export interface FileChange {
+    path: string;
+    status: "added" | "modified" | "deleted" | "renamed";
+    category: FileCategory;
+    diff?: string;
+}
+export type FileCategory = "api_route" | "middleware" | "frontend_page" | "component" | "shared_lib" | "migration" | "config" | "other";
+export interface DiffAnalysis {
+    changedFiles: FileChange[];
+    affectedFeatures: string[];
+    affectedRoles: string[];
+    changeCategories: FileCategory[];
+}
+export interface Endpoint {
+    method: string;
+    path: string;
+    fullPath: string;
+    requiresAuth: boolean;
+    requiredRole?: string;
+    planGate?: string;
+    middlewareChain: string[];
+    routeFile: string;
+}
+export interface TestResult {
+    name: string;
+    type: "api" | "e2e" | "unit" | "security";
+    status: "passed" | "failed" | "skipped";
+    duration?: number;
+    error?: string;
+    file?: string;
+    line?: number;
+    screenshot?: string;
+    fix?: string;
+}
+export interface SecurityFinding {
+    rule: string;
+    severity: Severity;
+    file: string;
+    line?: number;
+    description: string;
+    fix: string;
+}
+export interface QassReport {
+    timestamp: string;
+    scope: {
+        filesChanged: number;
+        featuresAffected: string[];
+    };
+    summary: {
+        total: number;
+        passed: number;
+        failed: number;
+        skipped: number;
+        securityFindings: number;
+    };
+    results: TestResult[];
+    securityFindings: SecurityFinding[];
+}
+export interface TestPlan {
+    apiTests: {
+        endpoints: Endpoint[];
+        accounts: TestAccount[];
+    };
+    e2eTests: {
+        pages: string[];
+        accounts: TestAccount[];
+        flows: string[];
+    };
+    unitTests: {
+        files: string[];
+    };
+    securityScan: {
+        files: string[];
+        dynamicChecks: boolean;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,UAAU,GAAG,YAAY,CAAC;KAClC,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CACf,MAAM,EACN;QACE,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CACF,CAAC;IACF,IAAI,CAAC,EAAE;QACL,QAAQ,EAAE,UAAU,CAAC;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,aAAa,CAAC,EAAE,WAAW,EAAE,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1C,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,QAAQ,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,SAAS;IACxB,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,QAAQ,EAAE,CAAC;CACnB;AAED,MAAM,MAAM,QAAQ,GAChB;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,GAChB;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,GAChB;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GACjB;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,GAChB;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,GACpB;IAAE,cAAc,EAAE,MAAM,CAAA;CAAE,GAC1B;IAAE,aAAa,EAAE,MAAM,CAAA;CAAE,GACzB;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAE3B,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE1D,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,CAAC;IACrD,QAAQ,EAAE,YAAY,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,MAAM,YAAY,GACpB,WAAW,GACX,YAAY,GACZ,eAAe,GACf,WAAW,GACX,YAAY,GACZ,WAAW,GACX,QAAQ,GACR,OAAO,CAAC;AAEZ,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,UAAU,EAAE,CAAC;IAC3B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,EAAE,YAAY,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1C,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE;QACL,YAAY,EAAE,MAAM,CAAC;QACrB,gBAAgB,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IACF,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,gBAAgB,EAAE,eAAe,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE;QAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QAAC,QAAQ,EAAE,WAAW,EAAE,CAAA;KAAE,CAAC;IAC7D,QAAQ,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,WAAW,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACxE,SAAS,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC/B,YAAY,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,aAAa,EAAE,OAAO,CAAA;KAAE,CAAC;CAC3D"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/util/glob.d.ts

@@ -0,0 +1,2 @@
+export declare function glob(pattern: string, rootDir: string): Promise<string[]>;
+//# sourceMappingURL=glob.d.ts.map

package/dist/util/glob.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"glob.d.ts","sourceRoot":"","sources":["../../src/util/glob.ts"],"names":[],"mappings":"AAIA,wBAAsB,IAAI,CACxB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,EAAE,CAAC,CAInB"}

package/dist/util/glob.js

@@ -0,0 +1,32 @@
+import { readdir } from "node:fs/promises";
+import { join, relative } from "node:path";
+import { minimatch } from "minimatch";
+export async function glob(pattern, rootDir) {
+    const matches = [];
+    await walkDir(rootDir, rootDir, pattern, matches);
+    return matches.sort();
+}
+async function walkDir(dir, rootDir, pattern, matches) {
+    try {
+        const entries = await readdir(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = join(dir, entry.name);
+            if (entry.isDirectory()) {
+                if (entry.name === "node_modules" || entry.name === ".git" || entry.name === "dist") {
+                    continue;
+                }
+                await walkDir(fullPath, rootDir, pattern, matches);
+            }
+            else if (entry.isFile()) {
+                const relPath = relative(rootDir, fullPath).replace(/\\/g, "/");
+                if (minimatch(relPath, pattern)) {
+                    matches.push(relPath);
+                }
+            }
+        }
+    }
+    catch {
+        // skip inaccessible directories
+    }
+}
+//# sourceMappingURL=glob.js.map

package/dist/util/glob.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"glob.js","sourceRoot":"","sources":["../../src/util/glob.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,OAAe,EACf,OAAe;IAEf,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;AACxB,CAAC;AAED,KAAK,UAAU,OAAO,CACpB,GAAW,EACX,OAAe,EACf,OAAe,EACf,OAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBACpF,SAAS;gBACX,CAAC;gBACD,MAAM,OAAO,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACrD,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAChE,IAAI,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,CAAC;oBAChC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,68 @@
+{
+  "name": "@qasshq/qass",
+  "version": "0.1.2",
+  "description": "QA + Security Scanner for vibe-coded applications. Your AI writes code. QASS catches what it got wrong.",
+  "type": "module",
+  "bin": {
+    "qass": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "dev": "tsx src/cli.ts",
+    "build": "tsc",
+    "start": "node dist/cli.js",
+    "test": "vitest run"
+  },
+  "keywords": [
+    "qa",
+    "security",
+    "scanner",
+    "testing",
+    "vibe-coding",
+    "ai",
+    "cursor",
+    "windsurf",
+    "copilot",
+    "playwright"
+  ],
+  "license": "SEE LICENSE IN LICENSE",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Dujaun-Paul/QASS.git"
+  },
+  "homepage": "https://github.com/Dujaun-Paul/QASS",
+  "bugs": {
+    "url": "https://github.com/Dujaun-Paul/QASS/issues"
+  },
+  "engines": {
+    "node": ">=20.11.0"
+  },
+  "dependencies": {
+    "chalk": "^5.4.1",
+    "commander": "^13.1.0",
+    "minimatch": "^10.0.1",
+    "yaml": "^2.7.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.13.4",
+    "tsx": "^4.19.3",
+    "typescript": "^5.7.3",
+    "vitest": "^4.0.18"
+  },
+  "peerDependencies": {
+    "playwright": ">=1.40.0",
+    "vitest": ">=1.0.0"
+  },
+  "peerDependenciesMeta": {
+    "playwright": {
+      "optional": true
+    },
+    "vitest": {
+      "optional": true
+    }
+  }
+}