@qulib/core 0.2.1 → 0.3.0

package/dist/schemas/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/schemas/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,GACtB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,oBAAoB,EACpB,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,KAAK,GACX,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,qBAAqB,EACrB,mBAAmB,EACnB,cAAc,EACd,6BAA6B,EAC7B,KAAK,WAAW,EAChB,KAAK,GAAG,EACR,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,QAAQ,EACb,KAAK,uBAAuB,GAC7B,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,kBAAkB,EAClB,KAAK,YAAY,GAClB,MAAM,2BAA2B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/schemas/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,gCAAgC,EAChC,gBAAgB,EAChB,kBAAkB,EAClB,0BAA0B,EAC1B,cAAc,EACd,qBAAqB,EACrB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,KAAK,QAAQ,EACb,KAAK,eAAe,GACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,GACtB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,oBAAoB,EACpB,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,KAAK,GACX,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,qBAAqB,EACrB,mBAAmB,EACnB,cAAc,EACd,6BAA6B,EAC7B,KAAK,WAAW,EAChB,KAAK,GAAG,EACR,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,QAAQ,EACb,KAAK,uBAAuB,GAC7B,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,kBAAkB,EAClB,KAAK,YAAY,GAClB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,mBAAmB,EACnB,4BAA4B,EAC5B,6BAA6B,EAC7B,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,4BAA4B,CAAC"}

package/dist/schemas/index.js

@@ -1,5 +1,7 @@
-export { HarnessConfigSchema, AuthConfigSchema, DetectedAuthSchema, } from './config.schema.js';
+export { HarnessConfigSchema, resolveMaxOutputTokensPerLlmCall, AuthConfigSchema, DetectedAuthSchema, AuthPathRequirementsSchema, AuthPathSchema, AuthExplorationSchema, } from './config.schema.js';
 export { DecisionLogEntrySchema, } from './decision-log.schema.js';
 export { RouteInventorySchema, RouteSchema, A11yViolationSchema, BrokenLinkSchema, } from './route-inventory.schema.js';
 export { GapAnalysisSchema, GapSchema, NeutralScenarioSchema, GeneratedTestSchema, TestStepSchema, FrameworkRecommendationSchema, } from './gap-analysis.schema.js';
+export { CostIntelligenceSchema, LlmUsageRecordSchema, LlmDataQualitySchema, LlmOperationTypeSchema, RepeatedAiPatternSchema, DeterministicMaturitySchema, } from './cost-intelligence.schema.js';
 export { RepoAnalysisSchema, } from './repo-analysis.schema.js';
+export { PublicSurfaceSchema, PublicSurfaceViolationSchema, PublicSurfaceBrokenLinkSchema, } from './public-surface.schema.js';

package/dist/schemas/public-surface.schema.d.ts

@@ -0,0 +1,268 @@
+import { z } from 'zod';
+export declare const PublicSurfaceViolationSchema: z.ZodObject<{
+    id: z.ZodString;
+    impact: z.ZodString;
+    helpUrl: z.ZodString;
+    nodeCount: z.ZodNumber;
+} & {
+    path: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    path: string;
+    id: string;
+    impact: string;
+    helpUrl: string;
+    nodeCount: number;
+}, {
+    path: string;
+    id: string;
+    impact: string;
+    helpUrl: string;
+    nodeCount: number;
+}>;
+export declare const PublicSurfaceBrokenLinkSchema: z.ZodObject<{
+    url: z.ZodString;
+    status: z.ZodNullable<z.ZodNumber>;
+    reason: z.ZodOptional<z.ZodString>;
+} & {
+    path: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    status: number | null;
+    path: string;
+    url: string;
+    reason?: string | undefined;
+}, {
+    status: number | null;
+    path: string;
+    url: string;
+    reason?: string | undefined;
+}>;
+export declare const PublicSurfaceSchema: z.ZodObject<{
+    pages: z.ZodArray<z.ZodObject<{
+        path: z.ZodString;
+        pageTitle: z.ZodString;
+        links: z.ZodArray<z.ZodString, "many">;
+        formCount: z.ZodNumber;
+        buttonLabels: z.ZodArray<z.ZodString, "many">;
+        consoleErrors: z.ZodArray<z.ZodString, "many">;
+        brokenLinks: z.ZodArray<z.ZodObject<{
+            url: z.ZodString;
+            status: z.ZodNullable<z.ZodNumber>;
+            reason: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }, {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }>, "many">;
+        a11yViolations: z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            impact: z.ZodString;
+            helpUrl: z.ZodString;
+            nodeCount: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }, {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }>, "many">;
+        statusCode: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        pageTitle: string;
+        links: string[];
+        formCount: number;
+        buttonLabels: string[];
+        consoleErrors: string[];
+        brokenLinks: {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }[];
+        a11yViolations: {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }[];
+        statusCode?: number | undefined;
+    }, {
+        path: string;
+        pageTitle: string;
+        links: string[];
+        formCount: number;
+        buttonLabels: string[];
+        consoleErrors: string[];
+        brokenLinks: {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }[];
+        a11yViolations: {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }[];
+        statusCode?: number | undefined;
+    }>, "many">;
+    gaps: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        path: z.ZodString;
+        severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
+        reason: z.ZodString;
+        category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage"]>;
+        description: z.ZodOptional<z.ZodString>;
+        recommendation: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        id: string;
+        severity: "high" | "medium" | "low" | "critical";
+        reason: string;
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        recommendation?: string | undefined;
+        description?: string | undefined;
+    }, {
+        path: string;
+        id: string;
+        severity: "high" | "medium" | "low" | "critical";
+        reason: string;
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        recommendation?: string | undefined;
+        description?: string | undefined;
+    }>, "many">;
+    accessibilityViolations: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        impact: z.ZodString;
+        helpUrl: z.ZodString;
+        nodeCount: z.ZodNumber;
+    } & {
+        path: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        id: string;
+        impact: string;
+        helpUrl: string;
+        nodeCount: number;
+    }, {
+        path: string;
+        id: string;
+        impact: string;
+        helpUrl: string;
+        nodeCount: number;
+    }>, "many">;
+    brokenLinks: z.ZodArray<z.ZodObject<{
+        url: z.ZodString;
+        status: z.ZodNullable<z.ZodNumber>;
+        reason: z.ZodOptional<z.ZodString>;
+    } & {
+        path: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        status: number | null;
+        path: string;
+        url: string;
+        reason?: string | undefined;
+    }, {
+        status: number | null;
+        path: string;
+        url: string;
+        reason?: string | undefined;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    gaps: {
+        path: string;
+        id: string;
+        severity: "high" | "medium" | "low" | "critical";
+        reason: string;
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        recommendation?: string | undefined;
+        description?: string | undefined;
+    }[];
+    brokenLinks: {
+        status: number | null;
+        path: string;
+        url: string;
+        reason?: string | undefined;
+    }[];
+    pages: {
+        path: string;
+        pageTitle: string;
+        links: string[];
+        formCount: number;
+        buttonLabels: string[];
+        consoleErrors: string[];
+        brokenLinks: {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }[];
+        a11yViolations: {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }[];
+        statusCode?: number | undefined;
+    }[];
+    accessibilityViolations: {
+        path: string;
+        id: string;
+        impact: string;
+        helpUrl: string;
+        nodeCount: number;
+    }[];
+}, {
+    gaps: {
+        path: string;
+        id: string;
+        severity: "high" | "medium" | "low" | "critical";
+        reason: string;
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        recommendation?: string | undefined;
+        description?: string | undefined;
+    }[];
+    brokenLinks: {
+        status: number | null;
+        path: string;
+        url: string;
+        reason?: string | undefined;
+    }[];
+    pages: {
+        path: string;
+        pageTitle: string;
+        links: string[];
+        formCount: number;
+        buttonLabels: string[];
+        consoleErrors: string[];
+        brokenLinks: {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }[];
+        a11yViolations: {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }[];
+        statusCode?: number | undefined;
+    }[];
+    accessibilityViolations: {
+        path: string;
+        id: string;
+        impact: string;
+        helpUrl: string;
+        nodeCount: number;
+    }[];
+}>;
+export type PublicSurface = z.infer<typeof PublicSurfaceSchema>;
+export type PublicSurfaceViolation = z.infer<typeof PublicSurfaceViolationSchema>;
+export type PublicSurfaceBrokenLink = z.infer<typeof PublicSurfaceBrokenLinkSchema>;
+//# sourceMappingURL=public-surface.schema.d.ts.map

package/dist/schemas/public-surface.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"public-surface.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/public-surface.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;EAEvC,CAAC;AAEH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;EAExC,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAK9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC"}

package/dist/schemas/public-surface.schema.js

@@ -0,0 +1,15 @@
+import { z } from 'zod';
+import { GapSchema } from './gap-analysis.schema.js';
+import { A11yViolationSchema, BrokenLinkSchema, RouteSchema } from './route-inventory.schema.js';
+export const PublicSurfaceViolationSchema = A11yViolationSchema.extend({
+    path: z.string(),
+});
+export const PublicSurfaceBrokenLinkSchema = BrokenLinkSchema.extend({
+    path: z.string(),
+});
+export const PublicSurfaceSchema = z.object({
+    pages: z.array(RouteSchema),
+    gaps: z.array(GapSchema),
+    accessibilityViolations: z.array(PublicSurfaceViolationSchema),
+    brokenLinks: z.array(PublicSurfaceBrokenLinkSchema),
+});

package/dist/schemas/repo-analysis.schema.d.ts

@@ -5,12 +5,12 @@ export declare const RepoRouteSchema: z.ZodObject<{
     method: z.ZodEnum<["GET", "POST", "PUT", "DELETE", "PATCH", "unknown"]>;
 }, "strip", z.ZodTypeAny, {
     path: string;
-    file: string;
     method: "unknown" | "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+    file: string;
 }, {
     path: string;
-    file: string;
     method: "unknown" | "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+    file: string;
 }>;
 export declare const TestFileSchema: z.ZodObject<{
     file: z.ZodString;
@@ -62,12 +62,12 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
         method: z.ZodEnum<["GET", "POST", "PUT", "DELETE", "PATCH", "unknown"]>;
     }, "strip", z.ZodTypeAny, {
         path: string;
-        file: string;
         method: "unknown" | "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+        file: string;
     }, {
         path: string;
-        file: string;
         method: "unknown" | "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+        file: string;
     }>, "many">;
     testFiles: z.ZodArray<z.ZodObject<{
         file: z.ZodString;
@@ -115,8 +115,8 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
     scannedAt: string;
     routes: {
         path: string;
-        file: string;
         method: "unknown" | "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+        file: string;
     }[];
     repoPath: string;
     testFiles: {
@@ -139,8 +139,8 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
     scannedAt: string;
     routes: {
         path: string;
-        file: string;
         method: "unknown" | "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+        file: string;
     }[];
     repoPath: string;
     testFiles: {

package/dist/tools/auth-block-gap.d.ts

@@ -0,0 +1,3 @@
+import type { Gap } from '../schemas/gap-analysis.schema.js';
+export declare function buildAuthBlockGap(url: string): Gap;
+//# sourceMappingURL=auth-block-gap.d.ts.map

package/dist/tools/auth-block-gap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-block-gap.d.ts","sourceRoot":"","sources":["../../src/tools/auth-block-gap.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAE7D,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAiBlD"}

package/dist/tools/auth-block-gap.js

@@ -0,0 +1,19 @@
+export function buildAuthBlockGap(url) {
+    const host = (() => {
+        try {
+            return new URL(url).hostname;
+        }
+        catch {
+            return url;
+        }
+    })();
+    return {
+        id: 'auth-block',
+        path: '/',
+        severity: 'critical',
+        category: 'coverage',
+        reason: `Scan blocked by authentication. No authenticated pages were evaluated for ${host}.`,
+        description: 'Scan blocked by authentication. 0 authenticated pages were evaluated.',
+        recommendation: `Run \`qulib auth init --base-url ${url}\` to capture a storage state, then re-run with --auth storage-state.`,
+    };
+}

package/dist/tools/auth-detector.d.ts

@@ -1,3 +1,4 @@
 import type { DetectedAuth } from '../schemas/config.schema.js';
-export declare function detectAuth(url: string, timeoutMs?: number): Promise<DetectedAuth>;
+import type { AnalyzeProgressSink } from '../harness/progress-log.js';
+export declare function detectAuth(url: string, timeoutMs?: number, progress?: AnalyzeProgressSink): Promise<DetectedAuth>;
 //# sourceMappingURL=auth-detector.d.ts.map

package/dist/tools/auth-detector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-detector.d.ts","sourceRoot":"","sources":["../../src/tools/auth-detector.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AA4DhE,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,OAAO,CAAC,YAAY,CAAC,CAkGtF"}
+{"version":3,"file":"auth-detector.d.ts","sourceRoot":"","sources":["../../src/tools/auth-detector.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAgEtE,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,EACX,SAAS,SAAQ,EACjB,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,OAAO,CAAC,YAAY,CAAC,CA8HvB"}

package/dist/tools/auth-detector.js

@@ -50,20 +50,31 @@ async function firstTextInputNameForLogin(page) {
     }
     return null;
 }
-export async function detectAuth(url, timeoutMs = 15000) {
+function debugAuth() {
+    return process.env.QULIB_DEBUG === '1';
+}
+export async function detectAuth(url, timeoutMs = 15000, progress) {
     const browser = await launchBrowser();
     try {
         const context = await browser.newContext();
         const page = await context.newPage();
+        progress?.info(`detect_auth URL=${url}`);
         await page.goto(url, { timeout: timeoutMs, waitUntil: 'domcontentloaded' });
         await waitNetworkIdleBestEffort(page);
+        if (debugAuth()) {
+            const html = await page.content();
+            progress?.debug(`detect_auth HTML byteLength=${Buffer.byteLength(html, 'utf8')}`);
+        }
         let loginUrl = url;
         const looksLikeLoginPage = /login|sign[- ]?in|auth/i.test(page.url()) ||
             (await page.locator('input[type="password"]').count()) > 0;
         if (!looksLikeLoginPage) {
             const loginLink = page.locator('a').filter({ hasText: /^(log ?in|sign ?in|sign in)$/i }).first();
-            if ((await loginLink.count()) > 0) {
+            const loginLinkCount = await loginLink.count();
+            progress?.debug(`detect_auth selector loginLink count=${loginLinkCount}`);
+            if (loginLinkCount > 0) {
                 const href = await loginLink.getAttribute('href');
+                progress?.debug(`detect_auth selector loginLink href matched=${Boolean(href)}`);
                 if (href) {
                     loginUrl = new URL(href, url).toString();
                     await page.goto(loginUrl, { timeout: timeoutMs, waitUntil: 'domcontentloaded' });
@@ -73,16 +84,24 @@ export async function detectAuth(url, timeoutMs = 15000) {
         }
         const passwordInputs = page.locator('input[type="password"]');
         const passwordCount = await passwordInputs.count();
+        progress?.debug(`detect_auth selector input[type=password] count=${passwordCount}`);
         const hasFormLogin = passwordCount > 0;
         const oauthButtons = [];
         const buttonTexts = await page.locator('button, a').allInnerTexts();
         for (const text of buttonTexts) {
             const trimmed = text.trim();
             if (!textLooksLikeOAuthIdpButton(trimmed)) {
+                if (debugAuth() && trimmed.length > 0 && trimmed.length <= 120) {
+                    progress?.debug(`detect_auth oauth text skipped (not Idp-shaped) sample="${trimmed.slice(0, 80)}"`);
+                }
                 continue;
             }
             for (const { provider, patterns } of OAUTH_PROVIDERS) {
-                if (patterns.some((p) => p.test(trimmed))) {
+                const matched = patterns.some((p) => p.test(trimmed));
+                if (debugAuth()) {
+                    progress?.debug(`detect_auth oauth pattern try provider=${provider} matched=${matched}`);
+                }
+                if (matched) {
                     if (!oauthButtons.find((b) => b.provider === provider)) {
                         oauthButtons.push({ provider, text: trimmed.slice(0, 100) });
                     }
@@ -114,6 +133,9 @@ export async function detectAuth(url, timeoutMs = 15000) {
                 passwordSelector: passwordName ? `input[name="${passwordName}"]` : null,
                 submitSelector: submitName ? `button[name="${submitName}"]` : 'button[type="submit"]',
             };
+            if (debugAuth()) {
+                progress?.debug(`detect_auth resolved selectors username=${observedSelectors.usernameSelector ?? 'null'} password=${observedSelectors.passwordSelector ?? 'null'} submit=${observedSelectors.submitSelector}`);
+            }
             recommendation = `Form login detected. Configure auth with type="form-login", credentials, and the selectors above. Test selectors in your browser dev tools to confirm.`;
         }
         else if (hasMagicLink) {
@@ -128,6 +150,9 @@ export async function detectAuth(url, timeoutMs = 15000) {
             type = 'none';
             recommendation = `No authentication required for the entry URL. Qulib can scan anonymously.`;
         }
+        const providerList = oauthButtons.length > 0 ? oauthButtons.map((b) => b.provider).join(', ') : provider ?? 'none';
+        const automatable = type === 'form-login';
+        progress?.info(`Auth detected: ${type} (${providerList}) automatable=${automatable}`);
         return {
             hasAuth: type !== 'none',
             type,

package/dist/tools/auth-explorer.d.ts

@@ -0,0 +1,4 @@
+import { type AuthExploration } from '../schemas/config.schema.js';
+import type { AnalyzeProgressSink } from '../harness/progress-log.js';
+export declare function exploreAuth(url: string, timeoutMs?: number, progress?: AnalyzeProgressSink): Promise<AuthExploration>;
+//# sourceMappingURL=auth-explorer.d.ts.map

package/dist/tools/auth-explorer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-explorer.d.ts","sourceRoot":"","sources":["../../src/tools/auth-explorer.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,eAAe,EAGrB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAiNtE,wBAAsB,WAAW,CAC/B,GAAG,EAAE,MAAM,EACX,SAAS,SAAQ,EACjB,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,OAAO,CAAC,eAAe,CAAC,CAgL1B"}