@qulib/core 0.10.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/README.md +2 -0
  2. package/dist/baseline/baseline.schema.d.ts +26 -26
  3. package/dist/baseline/baseline.schema.d.ts.map +1 -1
  4. package/dist/baseline/baseline.schema.js +1 -0
  5. package/dist/cli/confidence-run.js +5 -5
  6. package/dist/index.d.ts +6 -1
  7. package/dist/index.d.ts.map +1 -1
  8. package/dist/index.js +3 -0
  9. package/dist/llm/provider.interface.d.ts +4 -1
  10. package/dist/llm/provider.interface.d.ts.map +1 -1
  11. package/dist/llm/providers/anthropic.d.ts +2 -2
  12. package/dist/llm/providers/anthropic.d.ts.map +1 -1
  13. package/dist/llm/providers/anthropic.js +2 -1
  14. package/dist/phases/think.d.ts.map +1 -1
  15. package/dist/phases/think.js +4 -1
  16. package/dist/reporters/heatmap.d.ts +1 -1
  17. package/dist/reporters/heatmap.d.ts.map +1 -1
  18. package/dist/reporters/heatmap.js +2 -0
  19. package/dist/schemas/bug-report-score.schema.d.ts +163 -0
  20. package/dist/schemas/bug-report-score.schema.d.ts.map +1 -0
  21. package/dist/schemas/bug-report-score.schema.js +32 -0
  22. package/dist/schemas/confidence.schema.d.ts +35 -35
  23. package/dist/schemas/confidence.schema.d.ts.map +1 -1
  24. package/dist/schemas/confidence.schema.js +1 -0
  25. package/dist/schemas/decision-score.schema.d.ts +157 -0
  26. package/dist/schemas/decision-score.schema.d.ts.map +1 -0
  27. package/dist/schemas/decision-score.schema.js +39 -0
  28. package/dist/schemas/gap-analysis.schema.d.ts +8 -8
  29. package/dist/schemas/gap-analysis.schema.js +1 -1
  30. package/dist/schemas/golden-manifest.schema.d.ts +137 -0
  31. package/dist/schemas/golden-manifest.schema.d.ts.map +1 -0
  32. package/dist/schemas/golden-manifest.schema.js +25 -0
  33. package/dist/schemas/index.d.ts +3 -0
  34. package/dist/schemas/index.d.ts.map +1 -1
  35. package/dist/schemas/index.js +3 -0
  36. package/dist/schemas/public-surface.schema.d.ts +15 -5
  37. package/dist/schemas/public-surface.schema.d.ts.map +1 -1
  38. package/dist/schemas/route-inventory.schema.d.ts +20 -0
  39. package/dist/schemas/route-inventory.schema.d.ts.map +1 -1
  40. package/dist/schemas/route-inventory.schema.js +4 -0
  41. package/dist/schemas/views.schema.d.ts +12 -12
  42. package/dist/tools/scoring/bug-report-score.d.ts +34 -0
  43. package/dist/tools/scoring/bug-report-score.d.ts.map +1 -0
  44. package/dist/tools/scoring/bug-report-score.js +320 -0
  45. package/dist/tools/scoring/confidence.d.ts.map +1 -1
  46. package/dist/tools/scoring/confidence.js +140 -14
  47. package/dist/tools/scoring/prompt-leakage.d.ts +29 -0
  48. package/dist/tools/scoring/prompt-leakage.d.ts.map +1 -0
  49. package/dist/tools/scoring/prompt-leakage.js +256 -0
  50. package/dist/tools/scoring/score-decisions.d.ts +30 -0
  51. package/dist/tools/scoring/score-decisions.d.ts.map +1 -0
  52. package/dist/tools/scoring/score-decisions.js +348 -0
  53. package/package.json +2 -2
package/README.md CHANGED
@@ -368,6 +368,8 @@ A minimal structural snapshot looks like:
368
368
  | `qulib_score_automation` | Score local repo test-automation maturity | absolute `repoPath`, optional `includeFullDimensions` |
369
369
  | `qulib_score_api` | Discover API endpoints and score their test coverage | absolute `repoPath`, optional `enableTier3`, `includeEndpointDetail` |
370
370
  | `qulib_scaffold_tests` | Generate Cypress scaffold from a live URL (`cypress-e2e` only; playwright not yet implemented) | `url`, optional `framework`, `maxPagesToScan`, `recipes` |
371
+ | **`qulib_score_bug_report`** | LLM-as-judge of a learner bug report vs planted-bug target | `report` (title, description, steps, severity), `target` (description, type, severity, expectedBehavior) |
372
+ | **`qulib_score_decisions`** | Pivotal-decision evaluation at agent forks | absolute `forksPath` (JSONL), optional `enableLlmJudge` |
371
373
  | `qulib_explore_auth` | Deeper auth-path discovery on unfamiliar apps | `url`, optional `timeoutMs` |
372
374
  | `qulib_detect_auth` | Fast single-pass auth pattern guess | `url`, optional `timeoutMs` |
373
375
  | `analyze_app` | Legacy alias for `qulib_analyze_app` — kept for backwards compatibility | same as `qulib_analyze_app` |
package/dist/baseline/baseline.schema.d.ts CHANGED
@@ -7,18 +7,18 @@ import { z } from 'zod';
7
7
  export declare const BaselineGapSchema: z.ZodObject<{
8
8
  path: z.ZodString;
9
9
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
10
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
10
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
11
11
  reason: z.ZodString;
12
12
  }, "strip", z.ZodTypeAny, {
13
13
  path: string;
14
14
  severity: "critical" | "high" | "medium" | "low";
15
15
  reason: string;
16
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
16
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
17
17
  }, {
18
18
  path: string;
19
19
  severity: "critical" | "high" | "medium" | "low";
20
20
  reason: string;
21
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
21
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
22
22
  }>;
23
23
  export type BaselineGap = z.infer<typeof BaselineGapSchema>;
24
24
  /**
@@ -34,18 +34,18 @@ export declare const BaselineSnapshotSchema: z.ZodObject<{
34
34
  gaps: z.ZodArray<z.ZodObject<{
35
35
  path: z.ZodString;
36
36
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
37
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
37
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
38
38
  reason: z.ZodString;
39
39
  }, "strip", z.ZodTypeAny, {
40
40
  path: string;
41
41
  severity: "critical" | "high" | "medium" | "low";
42
42
  reason: string;
43
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
43
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
44
44
  }, {
45
45
  path: string;
46
46
  severity: "critical" | "high" | "medium" | "low";
47
47
  reason: string;
48
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
48
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
49
49
  }>, "many">;
50
50
  label: z.ZodOptional<z.ZodString>;
51
51
  }, "strip", z.ZodTypeAny, {
@@ -56,7 +56,7 @@ export declare const BaselineSnapshotSchema: z.ZodObject<{
56
56
  path: string;
57
57
  severity: "critical" | "high" | "medium" | "low";
58
58
  reason: string;
59
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
59
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
60
60
  }[];
61
61
  gapCount: number;
62
62
  savedAt: string;
@@ -69,7 +69,7 @@ export declare const BaselineSnapshotSchema: z.ZodObject<{
69
69
  path: string;
70
70
  severity: "critical" | "high" | "medium" | "low";
71
71
  reason: string;
72
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
72
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
73
73
  }[];
74
74
  gapCount: number;
75
75
  savedAt: string;
@@ -81,7 +81,7 @@ export type BaselineSnapshot = z.infer<typeof BaselineSnapshotSchema>;
81
81
  */
82
82
  export declare const BaselineDeltaItemSchema: z.ZodObject<{
83
83
  path: z.ZodString;
84
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
84
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
85
85
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
86
86
  reason: z.ZodString;
87
87
  status: z.ZodEnum<["new", "resolved", "severity-increased", "severity-decreased"]>;
@@ -90,13 +90,13 @@ export declare const BaselineDeltaItemSchema: z.ZodObject<{
90
90
  path: string;
91
91
  severity: "critical" | "high" | "medium" | "low";
92
92
  reason: string;
93
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
93
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
94
94
  }, {
95
95
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
96
96
  path: string;
97
97
  severity: "critical" | "high" | "medium" | "low";
98
98
  reason: string;
99
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
99
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
100
100
  }>;
101
101
  export type BaselineDeltaItem = z.infer<typeof BaselineDeltaItemSchema>;
102
102
  /**
@@ -112,7 +112,7 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
112
112
  confidenceDelta: z.ZodNumber;
113
113
  newGaps: z.ZodArray<z.ZodObject<{
114
114
  path: z.ZodString;
115
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
115
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
116
116
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
117
117
  reason: z.ZodString;
118
118
  status: z.ZodEnum<["new", "resolved", "severity-increased", "severity-decreased"]>;
@@ -121,17 +121,17 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
121
121
  path: string;
122
122
  severity: "critical" | "high" | "medium" | "low";
123
123
  reason: string;
124
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
124
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
125
125
  }, {
126
126
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
127
127
  path: string;
128
128
  severity: "critical" | "high" | "medium" | "low";
129
129
  reason: string;
130
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
130
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
131
131
  }>, "many">;
132
132
  resolvedGaps: z.ZodArray<z.ZodObject<{
133
133
  path: z.ZodString;
134
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
134
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
135
135
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
136
136
  reason: z.ZodString;
137
137
  status: z.ZodEnum<["new", "resolved", "severity-increased", "severity-decreased"]>;
@@ -140,17 +140,17 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
140
140
  path: string;
141
141
  severity: "critical" | "high" | "medium" | "low";
142
142
  reason: string;
143
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
143
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
144
144
  }, {
145
145
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
146
146
  path: string;
147
147
  severity: "critical" | "high" | "medium" | "low";
148
148
  reason: string;
149
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
149
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
150
150
  }>, "many">;
151
151
  severityChanges: z.ZodArray<z.ZodObject<{
152
152
  path: z.ZodString;
153
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
153
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
154
154
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
155
155
  reason: z.ZodString;
156
156
  status: z.ZodEnum<["new", "resolved", "severity-increased", "severity-decreased"]>;
@@ -159,13 +159,13 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
159
159
  path: string;
160
160
  severity: "critical" | "high" | "medium" | "low";
161
161
  reason: string;
162
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
162
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
163
163
  }, {
164
164
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
165
165
  path: string;
166
166
  severity: "critical" | "high" | "medium" | "low";
167
167
  reason: string;
168
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
168
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
169
169
  }>, "many">;
170
170
  summary: z.ZodString;
171
171
  }, "strip", z.ZodTypeAny, {
@@ -182,21 +182,21 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
182
182
  path: string;
183
183
  severity: "critical" | "high" | "medium" | "low";
184
184
  reason: string;
185
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
185
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
186
186
  }[];
187
187
  resolvedGaps: {
188
188
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
189
189
  path: string;
190
190
  severity: "critical" | "high" | "medium" | "low";
191
191
  reason: string;
192
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
192
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
193
193
  }[];
194
194
  severityChanges: {
195
195
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
196
196
  path: string;
197
197
  severity: "critical" | "high" | "medium" | "low";
198
198
  reason: string;
199
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
199
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
200
200
  }[];
201
201
  }, {
202
202
  summary: string;
@@ -212,21 +212,21 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
212
212
  path: string;
213
213
  severity: "critical" | "high" | "medium" | "low";
214
214
  reason: string;
215
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
215
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
216
216
  }[];
217
217
  resolvedGaps: {
218
218
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
219
219
  path: string;
220
220
  severity: "critical" | "high" | "medium" | "low";
221
221
  reason: string;
222
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
222
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
223
223
  }[];
224
224
  severityChanges: {
225
225
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
226
226
  path: string;
227
227
  severity: "critical" | "high" | "medium" | "low";
228
228
  reason: string;
229
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
229
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
230
230
  }[];
231
231
  }>;
232
232
  export type BaselineDelta = z.infer<typeof BaselineDeltaSchema>;
package/dist/baseline/baseline.schema.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"baseline.schema.d.ts","sourceRoot":"","sources":["../../src/baseline/baseline.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;GAIG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;EAa5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,sBAAsB;IACjC,gFAAgF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQhF,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;EAMlC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC"}
1
+ {"version":3,"file":"baseline.schema.d.ts","sourceRoot":"","sources":["../../src/baseline/baseline.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;GAIG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;EAc5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,sBAAsB;IACjC,gFAAgF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQhF,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;EAMlC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC"}
package/dist/baseline/baseline.schema.js CHANGED
@@ -15,6 +15,7 @@ export const BaselineGapSchema = z.object({
15
15
  'auth-surface',
16
16
  'coverage',
17
17
  'untested-api-endpoint',
18
+ 'prompt-leakage',
18
19
  ]),
19
20
  reason: z.string(),
20
21
  });
package/dist/cli/confidence-run.js CHANGED
@@ -47,6 +47,11 @@ export function formatConfidenceReport(rc, subjectRef) {
47
47
  for (const b of rc.blockers)
48
48
  lines.push(` • ${b}`);
49
49
  }
50
+ if (rc.honestyNotes.length > 0) {
51
+ lines.push(' honesty notes:');
52
+ for (const n of rc.honestyNotes)
53
+ lines.push(` • ${n}`);
54
+ }
50
55
  lines.push(' contributions:');
51
56
  for (const c of rc.contributions) {
52
57
  const scoreLabel = c.score !== null ? `${c.score}/100` : 'n/a';
@@ -66,11 +71,6 @@ export function formatConfidenceReport(rc, subjectRef) {
66
71
  for (const r of rc.recommendedNextChecks)
67
72
  lines.push(` • ${r}`);
68
73
  }
69
- if (rc.honestyNotes.length > 0) {
70
- lines.push(' honesty notes:');
71
- for (const n of rc.honestyNotes)
72
- lines.push(` • ${n}`);
73
- }
74
74
  return lines.join('\n');
75
75
  }
76
76
  /**
package/dist/index.d.ts CHANGED
@@ -12,6 +12,11 @@ export { discoverApiSurface, discoverApiSurfaceWithRepo } from './tools/repo/api
12
12
  export type { ApiSurface, DiscoveredEndpoint, DiscoverApiSurfaceOptions } from './tools/repo/api-surface.js';
13
13
  export { computeAutomationMaturity } from './tools/scoring/automation-maturity.js';
14
14
  export { computeApiCoverage } from './tools/scoring/api-coverage.js';
15
+ export { detectPromptLeakage } from './tools/scoring/prompt-leakage.js';
16
+ export { scoreBugReport, scoreBugReportDeterministic, buildBugReportJudgePrompt, parseBugReportJudgeResponse, BUG_REPORT_JUDGE_MODEL, RUBRIC_MAX_PTS, SEVERITY_WEIGHT, hasQualityRepro, hasEvidence, delimitUntrusted, } from './tools/scoring/bug-report-score.js';
17
+ export type { ScoreBugReportOptions } from './tools/scoring/bug-report-score.js';
18
+ export { scoreDecisions, scoreForkDeterministic, loadDecisionForks, validateForksPath, resolveAllowedForksRoot, buildDecisionJudgePrompt, parseDecisionJudgeResponse, } from './tools/scoring/score-decisions.js';
19
+ export type { ScoreDecisionsOptions } from './tools/scoring/score-decisions.js';
15
20
  export type { ApiCoverageResult, ApiEndpointCoverage } from './tools/scoring/api-coverage.js';
16
21
  export { scaffoldTests } from './scaffold-tests.js';
17
22
  export type { ScaffoldOptions, ScaffoldResult, ProjectConfig } from './scaffold-tests.js';
@@ -26,7 +31,7 @@ export { NoopTelemetrySink } from './telemetry/telemetry.interface.js';
26
31
  export { redactUrlForTelemetry } from './telemetry/emit.js';
27
32
  export type { LlmCallResult, LlmProvider } from './llm/provider.interface.js';
28
33
  export type { CallLlmConfigSlice } from './llm/provider.js';
29
- export type { HarnessConfig, AuthConfig, RouteInventory, GapAnalysis, RepoAnalysis, DetectedAuth, AuthExploration, AuthPath, AuthPathRequirements, CostIntelligence, LlmUsageRecord, RepeatedAiPattern, DeterministicMaturity, PublicSurface, AutomationMaturity, AutomationMaturityDimension, FrameworkDetectionResult, DetectedFrameworkPrimary, RecipeId, RecipeConfig, } from './schemas/index.js';
34
+ export type { HarnessConfig, AuthConfig, RouteInventory, GapAnalysis, RepoAnalysis, DetectedAuth, AuthExploration, AuthPath, AuthPathRequirements, CostIntelligence, LlmUsageRecord, RepeatedAiPattern, DeterministicMaturity, PublicSurface, AutomationMaturity, AutomationMaturityDimension, FrameworkDetectionResult, DetectedFrameworkPrimary, RecipeId, RecipeConfig, BugReportScoreResult, BugReportRubric, BugReportInput, BugReportTarget, ScoreBugReportInput, DecisionScoreResult, ScoredDecisionFork, DecisionFork, ScoreDecisionsInput, } from './schemas/index.js';
30
35
  export { RecipeIdSchema } from './schemas/index.js';
31
36
  export { computeReleaseConfidence } from './tools/scoring/confidence.js';
32
37
  export { analyzeRunDiff, formatAnalyzeDiffMarkdown, loadGapAnalysisFile } from './cli/analyze-diff-run.js';
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EACL,UAAU,EACV,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,cAAc,EACd,gBAAgB,GACjB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,GACd,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,SAAS,EACT,cAAc,EACd,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,4BAA4B,EAC5B,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,yBAAyB,EACzB,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1G,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAC7F,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAC7G,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,YAAY,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC9F,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAC1F,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAClI,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,gCAAgC,EAAE,MAAM,4BAA4B,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACvF,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjF,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,GACnB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,YAAY,EACV,aAAa,EACb,UAAU,EACV,cAAc,EACd,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,QAAQ,EACR,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,wBAAwB,EACxB,wBAAwB,EACxB,QAAQ,EACR,YAAY,GACb,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAEzE,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAE3G,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACtH,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACrG,YAAY,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,YAAY,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACtH,OAAO,EAAE,6BAA6B,EAAE,MAAM,0CAA0C,CAAC;AACzF,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAC7G,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,SAAS,EACT,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,GACX,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,oBAAoB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EACL,UAAU,EACV,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,cAAc,EACd,gBAAgB,GACjB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,GACd,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,SAAS,EACT,cAAc,EACd,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,4BAA4B,EAC5B,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,yBAAyB,EACzB,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1G,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAC7F,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAC7G,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EACL,cAAc,EACd,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC3B,sBAAsB,EACtB,cAAc,EACd,eAAe,EACf,eAAe,EACf,WAAW,EACX,gBAAgB,GACjB,MAAM,qCAAqC,CAAC;AAC7C,YAAY,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,wBAAwB,EACxB,0BAA0B,GAC3B,MAAM,oCAAoC,CAAC;AAC5C,YAAY,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAChF,YAAY,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC9F,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAC1F,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAClI,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,gCAAgC,EAAE,MAAM,4BAA4B,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACvF,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjF,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,GACnB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,YAAY,EACV,aAAa,EACb,UAAU,EACV,cAAc,EACd,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,QAAQ,EACR,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,wBAAwB,EACxB,wBAAwB,EACxB,QAAQ,EACR,YAAY,EACZ,oBAAoB,EACpB,eAAe,EACf,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAEzE,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAE3G,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACtH,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACrG,YAAY,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,YAAY,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACtH,OAAO,EAAE,6BAA6B,EAAE,MAAM,0CAA0C,CAAC;AACzF,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAC7G,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,SAAS,EACT,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,GACX,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,oBAAoB,CAAC"}
package/dist/index.js CHANGED
@@ -8,6 +8,9 @@ export { scanRepo } from './tools/repo/scan.js';
8
8
  export { discoverApiSurface, discoverApiSurfaceWithRepo } from './tools/repo/api-surface.js';
9
9
  export { computeAutomationMaturity } from './tools/scoring/automation-maturity.js';
10
10
  export { computeApiCoverage } from './tools/scoring/api-coverage.js';
11
+ export { detectPromptLeakage } from './tools/scoring/prompt-leakage.js';
12
+ export { scoreBugReport, scoreBugReportDeterministic, buildBugReportJudgePrompt, parseBugReportJudgeResponse, BUG_REPORT_JUDGE_MODEL, RUBRIC_MAX_PTS, SEVERITY_WEIGHT, hasQualityRepro, hasEvidence, delimitUntrusted, } from './tools/scoring/bug-report-score.js';
13
+ export { scoreDecisions, scoreForkDeterministic, loadDecisionForks, validateForksPath, resolveAllowedForksRoot, buildDecisionJudgePrompt, parseDecisionJudgeResponse, } from './tools/scoring/score-decisions.js';
11
14
  export { scaffoldTests } from './scaffold-tests.js';
12
15
  export { expandRecipes, buildAuthScenarios, buildA11yScenarios, buildNavScenarios, buildSeedScenarios } from './recipes/index.js';
13
16
  export { createProvider } from './llm/provider-registry.js';
package/dist/llm/provider.interface.d.ts CHANGED
@@ -8,9 +8,12 @@ export interface LlmCallResult {
8
8
  dataQuality: 'actual' | 'estimated';
9
9
  };
10
10
  }
11
+ export interface LlmCallOptions {
12
+ temperature?: number;
13
+ }
11
14
  export interface LlmProvider {
12
15
  readonly name: string;
13
16
  readonly model: string;
14
- call(prompt: string, maxOutputTokens: number): Promise<LlmCallResult>;
17
+ call(prompt: string, maxOutputTokens: number, options?: LlmCallOptions): Promise<LlmCallResult>;
15
18
  }
16
19
  //# sourceMappingURL=provider.interface.d.ts.map
package/dist/llm/provider.interface.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.interface.d.ts","sourceRoot":"","sources":["../../src/llm/provider.interface.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,QAAQ,GAAG,WAAW,CAAC;KACrC,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;CACvE"}
1
+ {"version":3,"file":"provider.interface.d.ts","sourceRoot":"","sources":["../../src/llm/provider.interface.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,QAAQ,GAAG,WAAW,CAAC;KACrC,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;CACjG"}
package/dist/llm/providers/anthropic.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { LlmCallResult, LlmProvider } from '../provider.interface.js';
1
+ import type { LlmCallOptions, LlmCallResult, LlmProvider } from '../provider.interface.js';
2
2
  import type { TelemetrySink } from '../../telemetry/telemetry.interface.js';
3
3
  export type AnthropicProviderOptions = {
4
4
  model?: string;
@@ -11,6 +11,6 @@ export declare class AnthropicProvider implements LlmProvider {
11
11
  private readonly telemetry?;
12
12
  private readonly sessionId;
13
13
  constructor(options?: AnthropicProviderOptions);
14
- call(prompt: string, maxOutputTokens: number): Promise<LlmCallResult>;
14
+ call(prompt: string, maxOutputTokens: number, options?: LlmCallOptions): Promise<LlmCallResult>;
15
15
  }
16
16
  //# sourceMappingURL=anthropic.d.ts.map
package/dist/llm/providers/anthropic.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"anthropic.d.ts","sourceRoot":"","sources":["../../../src/llm/providers/anthropic.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAC3E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wCAAwC,CAAC;AAS5E,MAAM,MAAM,wBAAwB,GAAG;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,qBAAa,iBAAkB,YAAW,WAAW;IACnD,QAAQ,CAAC,IAAI,eAAe;IAC5B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAgB;IAC3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,OAAO,CAAC,EAAE,wBAAwB;IAMxC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;CA+F5E"}
1
+ {"version":3,"file":"anthropic.d.ts","sourceRoot":"","sources":["../../../src/llm/providers/anthropic.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAC3F,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wCAAwC,CAAC;AAS5E,MAAM,MAAM,wBAAwB,GAAG;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,qBAAa,iBAAkB,YAAW,WAAW;IACnD,QAAQ,CAAC,IAAI,eAAe;IAC5B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAgB;IAC3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,OAAO,CAAC,EAAE,wBAAwB;IAMxC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;CAgGtG"}
package/dist/llm/providers/anthropic.js CHANGED
@@ -13,7 +13,7 @@ export class AnthropicProvider {
13
13
  this.telemetry = options?.telemetry;
14
14
  this.sessionId = options?.sessionId ?? 'anonymous';
15
15
  }
16
- async call(prompt, maxOutputTokens) {
16
+ async call(prompt, maxOutputTokens, options) {
17
17
  const apiKey = process.env.ANTHROPIC_API_KEY;
18
18
  if (!apiKey)
19
19
  throw new Error('ANTHROPIC_API_KEY is not set');
@@ -34,6 +34,7 @@ export class AnthropicProvider {
34
34
  body: JSON.stringify({
35
35
  model: this.model,
36
36
  max_tokens: maxOutputTokens,
37
+ ...(options?.temperature !== undefined ? { temperature: options.temperature } : {}),
37
38
  messages: [{ role: 'user', content: prompt }],
38
39
  }),
39
40
  });
package/dist/phases/think.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"think.d.ts","sourceRoot":"","sources":["../../src/phases/think.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,mCAAmC,CAAC;AACxF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAGlD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAIrE,wBAAsB,KAAK,CACzB,QAAQ,EAAE,aAAa,EACvB,MAAM,EAAE,aAAa,EACrB,SAAS,GAAE,mBAA8C,GACxD,OAAO,CAAC,WAAW,CAAC,CAmDtB;AAED,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC"}
1
+ {"version":3,"file":"think.d.ts","sourceRoot":"","sources":["../../src/phases/think.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,mCAAmC,CAAC;AACxF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAIlD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAIrE,wBAAsB,KAAK,CACzB,QAAQ,EAAE,aAAa,EACvB,MAAM,EAAE,aAAa,EACrB,SAAS,GAAE,mBAA8C,GACxD,OAAO,CAAC,WAAW,CAAC,CAyDtB;AAED,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC"}
package/dist/phases/think.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import { GapAnalysisSchema } from '../schemas/gap-analysis.schema.js';
2
2
  import { analyzeGaps } from '../tools/scoring/gaps.js';
3
+ import { detectPromptLeakage } from '../tools/scoring/prompt-leakage.js';
3
4
  import { logDecision } from '../harness/decision-logger.js';
4
5
  import { finalizeGapAnalysisFromDraft } from './think-finalize.js';
5
6
  import { emitTelemetry } from '../telemetry/emit.js';
@@ -13,6 +14,8 @@ export async function think(observed, config, artifacts = { writeArtifacts: true
13
14
  };
14
15
  emitTelemetry(artifacts.telemetry, 'phase.think.started', sessionId, { mode });
15
16
  const gapBlock = analyzeGaps(observed.routes, observed.repo, mode, config);
17
+ // Merge prompt-leakage gaps from all scanned routes (additive signal).
18
+ const promptLeakageGaps = observed.routes.routes.flatMap((route) => detectPromptLeakage(route));
16
19
  const draft = {
17
20
  analyzedAt: gapBlock.analyzedAt,
18
21
  mode: gapBlock.mode,
@@ -20,7 +23,7 @@ export async function think(observed, config, artifacts = { writeArtifacts: true
20
23
  coveragePagesScanned: gapBlock.coveragePagesScanned,
21
24
  coverageBudgetExceeded: gapBlock.coverageBudgetExceeded,
22
25
  coverageWarning: gapBlock.coverageWarning,
23
- gaps: gapBlock.gaps,
26
+ gaps: [...gapBlock.gaps, ...promptLeakageGaps],
24
27
  };
25
28
  const partialAnalysis = GapAnalysisSchema.parse({
26
29
  ...draft,
package/dist/reporters/heatmap.d.ts CHANGED
@@ -10,7 +10,7 @@
10
10
  */
11
11
  import type { Gap } from '../schemas/gap-analysis.schema.js';
12
12
  /** The ordered set of gap categories that appear as heatmap columns. */
13
- export declare const HEATMAP_DIMENSIONS: readonly ["untested-route", "a11y", "console-error", "broken-link", "coverage", "untested-api-endpoint", "auth-surface"];
13
+ export declare const HEATMAP_DIMENSIONS: readonly ["untested-route", "a11y", "console-error", "broken-link", "coverage", "untested-api-endpoint", "auth-surface", "prompt-leakage"];
14
14
  export type HeatmapDimension = (typeof HEATMAP_DIMENSIONS)[number];
15
15
  /** Display labels for each dimension column header. */
16
16
  export declare const DIMENSION_LABELS: Record<HeatmapDimension, string>;
package/dist/reporters/heatmap.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"heatmap.d.ts","sourceRoot":"","sources":["../../src/reporters/heatmap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAM7D,wEAAwE;AACxE,eAAO,MAAM,kBAAkB,0HAQoB,CAAC;AAEpD,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEnE,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAQ7D,CAAC;AAuBF,6EAA6E;AAC7E,MAAM,MAAM,WAAW,GAAG;IACxB,4DAA4D;IAC5D,aAAa,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;IACtC,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,uEAAuE;AACvE,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,qFAAqF;IACrF,KAAK,EAAE,MAAM,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;IAC7C,2EAA2E;IAC3E,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,iEAAiE;AACjE,MAAM,MAAM,WAAW,GAAG;IACxB,oEAAoE;IACpE,IAAI,EAAE,UAAU,EAAE,CAAC;IACnB,0DAA0D;IAC1D,UAAU,EAAE,OAAO,kBAAkB,CAAC;IACtC,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAMF;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,WAAW,CAuDzD;AAMD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAmCjE"}
1
+ {"version":3,"file":"heatmap.d.ts","sourceRoot":"","sources":["../../src/reporters/heatmap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAM7D,wEAAwE;AACxE,eAAO,MAAM,kBAAkB,4IASoB,CAAC;AAEpD,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEnE,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAS7D,CAAC;AAuBF,6EAA6E;AAC7E,MAAM,MAAM,WAAW,GAAG;IACxB,4DAA4D;IAC5D,aAAa,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;IACtC,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,uEAAuE;AACvE,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,qFAAqF;IACrF,KAAK,EAAE,MAAM,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;IAC7C,2EAA2E;IAC3E,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,iEAAiE;AACjE,MAAM,MAAM,WAAW,GAAG;IACxB,oEAAoE;IACpE,IAAI,EAAE,UAAU,EAAE,CAAC;IACnB,0DAA0D;IAC1D,UAAU,EAAE,OAAO,kBAAkB,CAAC;IACtC,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAMF;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,WAAW,CAuDzD;AAMD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAmCjE"}
package/dist/reporters/heatmap.js CHANGED
@@ -20,6 +20,7 @@ export const HEATMAP_DIMENSIONS = [
20
20
  'coverage',
21
21
  'untested-api-endpoint',
22
22
  'auth-surface',
23
+ 'prompt-leakage',
23
24
  ];
24
25
  /** Display labels for each dimension column header. */
25
26
  export const DIMENSION_LABELS = {
@@ -30,6 +31,7 @@ export const DIMENSION_LABELS = {
30
31
  'coverage': 'Coverage',
31
32
  'untested-api-endpoint': 'API',
32
33
  'auth-surface': 'Auth',
34
+ 'prompt-leakage': 'PromptLeak',
33
35
  };
34
36
  /** Severity order — higher index = worse. */
35
37
  const SEVERITY_ORDER = {
package/dist/schemas/bug-report-score.schema.d.ts ADDED
@@ -0,0 +1,163 @@
1
+ import { z } from 'zod';
2
+ export declare const BugReportSeveritySchema: z.ZodEnum<["critical", "high", "medium", "low"]>;
3
+ export declare const BugReportInputSchema: z.ZodObject<{
4
+ title: z.ZodString;
5
+ description: z.ZodString;
6
+ steps: z.ZodString;
7
+ severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
8
+ }, "strip", z.ZodTypeAny, {
9
+ severity: "critical" | "high" | "medium" | "low";
10
+ description: string;
11
+ title: string;
12
+ steps: string;
13
+ }, {
14
+ severity: "critical" | "high" | "medium" | "low";
15
+ description: string;
16
+ title: string;
17
+ steps: string;
18
+ }>;
19
+ export declare const BugReportTargetSchema: z.ZodObject<{
20
+ description: z.ZodString;
21
+ type: z.ZodString;
22
+ severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
23
+ expectedBehavior: z.ZodString;
24
+ }, "strip", z.ZodTypeAny, {
25
+ type: string;
26
+ severity: "critical" | "high" | "medium" | "low";
27
+ description: string;
28
+ expectedBehavior: string;
29
+ }, {
30
+ type: string;
31
+ severity: "critical" | "high" | "medium" | "low";
32
+ description: string;
33
+ expectedBehavior: string;
34
+ }>;
35
+ export declare const ScoreBugReportInputSchema: z.ZodObject<{
36
+ report: z.ZodObject<{
37
+ title: z.ZodString;
38
+ description: z.ZodString;
39
+ steps: z.ZodString;
40
+ severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
41
+ }, "strip", z.ZodTypeAny, {
42
+ severity: "critical" | "high" | "medium" | "low";
43
+ description: string;
44
+ title: string;
45
+ steps: string;
46
+ }, {
47
+ severity: "critical" | "high" | "medium" | "low";
48
+ description: string;
49
+ title: string;
50
+ steps: string;
51
+ }>;
52
+ target: z.ZodObject<{
53
+ description: z.ZodString;
54
+ type: z.ZodString;
55
+ severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
56
+ expectedBehavior: z.ZodString;
57
+ }, "strip", z.ZodTypeAny, {
58
+ type: string;
59
+ severity: "critical" | "high" | "medium" | "low";
60
+ description: string;
61
+ expectedBehavior: string;
62
+ }, {
63
+ type: string;
64
+ severity: "critical" | "high" | "medium" | "low";
65
+ description: string;
66
+ expectedBehavior: string;
67
+ }>;
68
+ }, "strip", z.ZodTypeAny, {
69
+ target: {
70
+ type: string;
71
+ severity: "critical" | "high" | "medium" | "low";
72
+ description: string;
73
+ expectedBehavior: string;
74
+ };
75
+ report: {
76
+ severity: "critical" | "high" | "medium" | "low";
77
+ description: string;
78
+ title: string;
79
+ steps: string;
80
+ };
81
+ }, {
82
+ target: {
83
+ type: string;
84
+ severity: "critical" | "high" | "medium" | "low";
85
+ description: string;
86
+ expectedBehavior: string;
87
+ };
88
+ report: {
89
+ severity: "critical" | "high" | "medium" | "low";
90
+ description: string;
91
+ title: string;
92
+ steps: string;
93
+ };
94
+ }>;
95
+ export declare const BugReportRubricSchema: z.ZodObject<{
96
+ coverage: z.ZodNumber;
97
+ severity: z.ZodNumber;
98
+ repro: z.ZodNumber;
99
+ evidence: z.ZodNumber;
100
+ }, "strip", z.ZodTypeAny, {
101
+ severity: number;
102
+ coverage: number;
103
+ evidence: number;
104
+ repro: number;
105
+ }, {
106
+ severity: number;
107
+ coverage: number;
108
+ evidence: number;
109
+ repro: number;
110
+ }>;
111
+ export declare const BugReportScoringPathSchema: z.ZodEnum<["llm-judge", "deterministic-fallback"]>;
112
+ export declare const BugReportScoreResultSchema: z.ZodObject<{
113
+ matched: z.ZodBoolean;
114
+ matchConfidence: z.ZodNumber;
115
+ rubric: z.ZodObject<{
116
+ coverage: z.ZodNumber;
117
+ severity: z.ZodNumber;
118
+ repro: z.ZodNumber;
119
+ evidence: z.ZodNumber;
120
+ }, "strip", z.ZodTypeAny, {
121
+ severity: number;
122
+ coverage: number;
123
+ evidence: number;
124
+ repro: number;
125
+ }, {
126
+ severity: number;
127
+ coverage: number;
128
+ evidence: number;
129
+ repro: number;
130
+ }>;
131
+ feedback: z.ZodString;
132
+ scoringPath: z.ZodEnum<["llm-judge", "deterministic-fallback"]>;
133
+ }, "strip", z.ZodTypeAny, {
134
+ matched: boolean;
135
+ matchConfidence: number;
136
+ rubric: {
137
+ severity: number;
138
+ coverage: number;
139
+ evidence: number;
140
+ repro: number;
141
+ };
142
+ feedback: string;
143
+ scoringPath: "llm-judge" | "deterministic-fallback";
144
+ }, {
145
+ matched: boolean;
146
+ matchConfidence: number;
147
+ rubric: {
148
+ severity: number;
149
+ coverage: number;
150
+ evidence: number;
151
+ repro: number;
152
+ };
153
+ feedback: string;
154
+ scoringPath: "llm-judge" | "deterministic-fallback";
155
+ }>;
156
+ export type BugReportSeverity = z.infer<typeof BugReportSeveritySchema>;
157
+ export type BugReportInput = z.infer<typeof BugReportInputSchema>;
158
+ export type BugReportTarget = z.infer<typeof BugReportTargetSchema>;
159
+ export type ScoreBugReportInput = z.infer<typeof ScoreBugReportInputSchema>;
160
+ export type BugReportRubric = z.infer<typeof BugReportRubricSchema>;
161
+ export type BugReportScoringPath = z.infer<typeof BugReportScoringPathSchema>;
162
+ export type BugReportScoreResult = z.infer<typeof BugReportScoreResultSchema>;
163
+ //# sourceMappingURL=bug-report-score.schema.d.ts.map
package/dist/schemas/bug-report-score.schema.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"bug-report-score.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/bug-report-score.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,uBAAuB,kDAAgD,CAAC;AAErF,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;EAK/B,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;EAKhC,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGpC,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;EAKhC,CAAC;AAEH,eAAO,MAAM,0BAA0B,oDAAkD,CAAC;AAE1F,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMrC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AACxE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACpE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACpE,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAC9E,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC"}