@qulib/core 0.2.2 → 0.3.1

package/dist/schemas/public-surface.schema.d.ts

@@ -0,0 +1,268 @@
+import { z } from 'zod';
+export declare const PublicSurfaceViolationSchema: z.ZodObject<{
+    id: z.ZodString;
+    impact: z.ZodString;
+    helpUrl: z.ZodString;
+    nodeCount: z.ZodNumber;
+} & {
+    path: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    path: string;
+    id: string;
+    impact: string;
+    helpUrl: string;
+    nodeCount: number;
+}, {
+    path: string;
+    id: string;
+    impact: string;
+    helpUrl: string;
+    nodeCount: number;
+}>;
+export declare const PublicSurfaceBrokenLinkSchema: z.ZodObject<{
+    url: z.ZodString;
+    status: z.ZodNullable<z.ZodNumber>;
+    reason: z.ZodOptional<z.ZodString>;
+} & {
+    path: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    status: number | null;
+    path: string;
+    url: string;
+    reason?: string | undefined;
+}, {
+    status: number | null;
+    path: string;
+    url: string;
+    reason?: string | undefined;
+}>;
+export declare const PublicSurfaceSchema: z.ZodObject<{
+    pages: z.ZodArray<z.ZodObject<{
+        path: z.ZodString;
+        pageTitle: z.ZodString;
+        links: z.ZodArray<z.ZodString, "many">;
+        formCount: z.ZodNumber;
+        buttonLabels: z.ZodArray<z.ZodString, "many">;
+        consoleErrors: z.ZodArray<z.ZodString, "many">;
+        brokenLinks: z.ZodArray<z.ZodObject<{
+            url: z.ZodString;
+            status: z.ZodNullable<z.ZodNumber>;
+            reason: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }, {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }>, "many">;
+        a11yViolations: z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            impact: z.ZodString;
+            helpUrl: z.ZodString;
+            nodeCount: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }, {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }>, "many">;
+        statusCode: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        pageTitle: string;
+        links: string[];
+        formCount: number;
+        buttonLabels: string[];
+        consoleErrors: string[];
+        brokenLinks: {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }[];
+        a11yViolations: {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }[];
+        statusCode?: number | undefined;
+    }, {
+        path: string;
+        pageTitle: string;
+        links: string[];
+        formCount: number;
+        buttonLabels: string[];
+        consoleErrors: string[];
+        brokenLinks: {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }[];
+        a11yViolations: {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }[];
+        statusCode?: number | undefined;
+    }>, "many">;
+    gaps: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        path: z.ZodString;
+        severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
+        reason: z.ZodString;
+        category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage"]>;
+        description: z.ZodOptional<z.ZodString>;
+        recommendation: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        id: string;
+        severity: "high" | "medium" | "low" | "critical";
+        reason: string;
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        recommendation?: string | undefined;
+        description?: string | undefined;
+    }, {
+        path: string;
+        id: string;
+        severity: "high" | "medium" | "low" | "critical";
+        reason: string;
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        recommendation?: string | undefined;
+        description?: string | undefined;
+    }>, "many">;
+    accessibilityViolations: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        impact: z.ZodString;
+        helpUrl: z.ZodString;
+        nodeCount: z.ZodNumber;
+    } & {
+        path: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        id: string;
+        impact: string;
+        helpUrl: string;
+        nodeCount: number;
+    }, {
+        path: string;
+        id: string;
+        impact: string;
+        helpUrl: string;
+        nodeCount: number;
+    }>, "many">;
+    brokenLinks: z.ZodArray<z.ZodObject<{
+        url: z.ZodString;
+        status: z.ZodNullable<z.ZodNumber>;
+        reason: z.ZodOptional<z.ZodString>;
+    } & {
+        path: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        status: number | null;
+        path: string;
+        url: string;
+        reason?: string | undefined;
+    }, {
+        status: number | null;
+        path: string;
+        url: string;
+        reason?: string | undefined;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    gaps: {
+        path: string;
+        id: string;
+        severity: "high" | "medium" | "low" | "critical";
+        reason: string;
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        recommendation?: string | undefined;
+        description?: string | undefined;
+    }[];
+    brokenLinks: {
+        status: number | null;
+        path: string;
+        url: string;
+        reason?: string | undefined;
+    }[];
+    pages: {
+        path: string;
+        pageTitle: string;
+        links: string[];
+        formCount: number;
+        buttonLabels: string[];
+        consoleErrors: string[];
+        brokenLinks: {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }[];
+        a11yViolations: {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }[];
+        statusCode?: number | undefined;
+    }[];
+    accessibilityViolations: {
+        path: string;
+        id: string;
+        impact: string;
+        helpUrl: string;
+        nodeCount: number;
+    }[];
+}, {
+    gaps: {
+        path: string;
+        id: string;
+        severity: "high" | "medium" | "low" | "critical";
+        reason: string;
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        recommendation?: string | undefined;
+        description?: string | undefined;
+    }[];
+    brokenLinks: {
+        status: number | null;
+        path: string;
+        url: string;
+        reason?: string | undefined;
+    }[];
+    pages: {
+        path: string;
+        pageTitle: string;
+        links: string[];
+        formCount: number;
+        buttonLabels: string[];
+        consoleErrors: string[];
+        brokenLinks: {
+            status: number | null;
+            url: string;
+            reason?: string | undefined;
+        }[];
+        a11yViolations: {
+            id: string;
+            impact: string;
+            helpUrl: string;
+            nodeCount: number;
+        }[];
+        statusCode?: number | undefined;
+    }[];
+    accessibilityViolations: {
+        path: string;
+        id: string;
+        impact: string;
+        helpUrl: string;
+        nodeCount: number;
+    }[];
+}>;
+export type PublicSurface = z.infer<typeof PublicSurfaceSchema>;
+export type PublicSurfaceViolation = z.infer<typeof PublicSurfaceViolationSchema>;
+export type PublicSurfaceBrokenLink = z.infer<typeof PublicSurfaceBrokenLinkSchema>;
+//# sourceMappingURL=public-surface.schema.d.ts.map

package/dist/schemas/public-surface.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"public-surface.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/public-surface.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;EAEvC,CAAC;AAEH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;EAExC,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAK9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC"}

package/dist/schemas/public-surface.schema.js

@@ -0,0 +1,15 @@
+import { z } from 'zod';
+import { GapSchema } from './gap-analysis.schema.js';
+import { A11yViolationSchema, BrokenLinkSchema, RouteSchema } from './route-inventory.schema.js';
+export const PublicSurfaceViolationSchema = A11yViolationSchema.extend({
+    path: z.string(),
+});
+export const PublicSurfaceBrokenLinkSchema = BrokenLinkSchema.extend({
+    path: z.string(),
+});
+export const PublicSurfaceSchema = z.object({
+    pages: z.array(RouteSchema),
+    gaps: z.array(GapSchema),
+    accessibilityViolations: z.array(PublicSurfaceViolationSchema),
+    brokenLinks: z.array(PublicSurfaceBrokenLinkSchema),
+});

package/dist/tools/auth-block-gap.d.ts

@@ -0,0 +1,3 @@
+import type { Gap } from '../schemas/gap-analysis.schema.js';
+export declare function buildAuthBlockGap(url: string): Gap;
+//# sourceMappingURL=auth-block-gap.d.ts.map

package/dist/tools/auth-block-gap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-block-gap.d.ts","sourceRoot":"","sources":["../../src/tools/auth-block-gap.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAE7D,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAiBlD"}

package/dist/tools/auth-block-gap.js

@@ -0,0 +1,19 @@
+export function buildAuthBlockGap(url) {
+    const host = (() => {
+        try {
+            return new URL(url).hostname;
+        }
+        catch {
+            return url;
+        }
+    })();
+    return {
+        id: 'auth-block',
+        path: '/',
+        severity: 'critical',
+        category: 'coverage',
+        reason: `Scan blocked by authentication. No authenticated pages were evaluated for ${host}.`,
+        description: 'Scan blocked by authentication. 0 authenticated pages were evaluated.',
+        recommendation: `Run \`qulib auth init --base-url ${url}\` to capture a storage state, then re-run with --auth storage-state.`,
+    };
+}

package/dist/tools/auth-detector.d.ts

@@ -1,3 +1,4 @@
 import type { DetectedAuth } from '../schemas/config.schema.js';
-export declare function detectAuth(url: string, timeoutMs?: number): Promise<DetectedAuth>;
+import type { AnalyzeProgressSink } from '../harness/progress-log.js';
+export declare function detectAuth(url: string, timeoutMs?: number, progress?: AnalyzeProgressSink): Promise<DetectedAuth>;
 //# sourceMappingURL=auth-detector.d.ts.map

package/dist/tools/auth-detector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-detector.d.ts","sourceRoot":"","sources":["../../src/tools/auth-detector.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AA4DhE,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,OAAO,CAAC,YAAY,CAAC,CAkGtF"}
+{"version":3,"file":"auth-detector.d.ts","sourceRoot":"","sources":["../../src/tools/auth-detector.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAgEtE,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,EACX,SAAS,SAAQ,EACjB,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,OAAO,CAAC,YAAY,CAAC,CA8HvB"}

package/dist/tools/auth-detector.js

@@ -50,20 +50,31 @@ async function firstTextInputNameForLogin(page) {
     }
     return null;
 }
-export async function detectAuth(url, timeoutMs = 15000) {
+function debugAuth() {
+    return process.env.QULIB_DEBUG === '1';
+}
+export async function detectAuth(url, timeoutMs = 15000, progress) {
     const browser = await launchBrowser();
     try {
         const context = await browser.newContext();
         const page = await context.newPage();
+        progress?.info(`detect_auth URL=${url}`);
         await page.goto(url, { timeout: timeoutMs, waitUntil: 'domcontentloaded' });
         await waitNetworkIdleBestEffort(page);
+        if (debugAuth()) {
+            const html = await page.content();
+            progress?.debug(`detect_auth HTML byteLength=${Buffer.byteLength(html, 'utf8')}`);
+        }
         let loginUrl = url;
         const looksLikeLoginPage = /login|sign[- ]?in|auth/i.test(page.url()) ||
             (await page.locator('input[type="password"]').count()) > 0;
         if (!looksLikeLoginPage) {
             const loginLink = page.locator('a').filter({ hasText: /^(log ?in|sign ?in|sign in)$/i }).first();
-            if ((await loginLink.count()) > 0) {
+            const loginLinkCount = await loginLink.count();
+            progress?.debug(`detect_auth selector loginLink count=${loginLinkCount}`);
+            if (loginLinkCount > 0) {
                 const href = await loginLink.getAttribute('href');
+                progress?.debug(`detect_auth selector loginLink href matched=${Boolean(href)}`);
                 if (href) {
                     loginUrl = new URL(href, url).toString();
                     await page.goto(loginUrl, { timeout: timeoutMs, waitUntil: 'domcontentloaded' });
@@ -73,16 +84,24 @@ export async function detectAuth(url, timeoutMs = 15000) {
         }
         const passwordInputs = page.locator('input[type="password"]');
         const passwordCount = await passwordInputs.count();
+        progress?.debug(`detect_auth selector input[type=password] count=${passwordCount}`);
         const hasFormLogin = passwordCount > 0;
         const oauthButtons = [];
         const buttonTexts = await page.locator('button, a').allInnerTexts();
         for (const text of buttonTexts) {
             const trimmed = text.trim();
             if (!textLooksLikeOAuthIdpButton(trimmed)) {
+                if (debugAuth() && trimmed.length > 0 && trimmed.length <= 120) {
+                    progress?.debug(`detect_auth oauth text skipped (not Idp-shaped) sample="${trimmed.slice(0, 80)}"`);
+                }
                 continue;
             }
             for (const { provider, patterns } of OAUTH_PROVIDERS) {
-                if (patterns.some((p) => p.test(trimmed))) {
+                const matched = patterns.some((p) => p.test(trimmed));
+                if (debugAuth()) {
+                    progress?.debug(`detect_auth oauth pattern try provider=${provider} matched=${matched}`);
+                }
+                if (matched) {
                     if (!oauthButtons.find((b) => b.provider === provider)) {
                         oauthButtons.push({ provider, text: trimmed.slice(0, 100) });
                     }
@@ -114,6 +133,9 @@ export async function detectAuth(url, timeoutMs = 15000) {
                 passwordSelector: passwordName ? `input[name="${passwordName}"]` : null,
                 submitSelector: submitName ? `button[name="${submitName}"]` : 'button[type="submit"]',
             };
+            if (debugAuth()) {
+                progress?.debug(`detect_auth resolved selectors username=${observedSelectors.usernameSelector ?? 'null'} password=${observedSelectors.passwordSelector ?? 'null'} submit=${observedSelectors.submitSelector}`);
+            }
             recommendation = `Form login detected. Configure auth with type="form-login", credentials, and the selectors above. Test selectors in your browser dev tools to confirm.`;
         }
         else if (hasMagicLink) {
@@ -128,6 +150,9 @@ export async function detectAuth(url, timeoutMs = 15000) {
             type = 'none';
             recommendation = `No authentication required for the entry URL. Qulib can scan anonymously.`;
         }
+        const providerList = oauthButtons.length > 0 ? oauthButtons.map((b) => b.provider).join(', ') : provider ?? 'none';
+        const automatable = type === 'form-login';
+        progress?.info(`Auth detected: ${type} (${providerList}) automatable=${automatable}`);
         return {
             hasAuth: type !== 'none',
             type,

package/dist/tools/auth-explorer.d.ts

@@ -1,3 +1,4 @@
 import { type AuthExploration } from '../schemas/config.schema.js';
-export declare function exploreAuth(url: string, timeoutMs?: number): Promise<AuthExploration>;
+import type { AnalyzeProgressSink } from '../harness/progress-log.js';
+export declare function exploreAuth(url: string, timeoutMs?: number, progress?: AnalyzeProgressSink): Promise<AuthExploration>;
 //# sourceMappingURL=auth-explorer.d.ts.map

package/dist/tools/auth-explorer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-explorer.d.ts","sourceRoot":"","sources":["../../src/tools/auth-explorer.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,eAAe,EAGrB,MAAM,6BAA6B,CAAC;AA6MrC,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,OAAO,CAAC,eAAe,CAAC,CA2J1F"}
+{"version":3,"file":"auth-explorer.d.ts","sourceRoot":"","sources":["../../src/tools/auth-explorer.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,eAAe,EAGrB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAiNtE,wBAAsB,WAAW,CAC/B,GAAG,EAAE,MAAM,EACX,SAAS,SAAQ,EACjB,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,OAAO,CAAC,eAAe,CAAC,CAgL1B"}

package/dist/tools/auth-explorer.js

@@ -36,6 +36,9 @@ function slugifyLabel(text) {
 function onLoginishPage(url) {
     return /login|sign[- ]?in|auth|sso|oauth/i.test(new URL(url).pathname + new URL(url).hostname);
 }
+function debugExplore() {
+    return process.env.QULIB_DEBUG === '1';
+}
 function isHeuristicUnknownSso(text, loginish) {
     const t = text.trim();
     if (!loginish || t.length < 3 || t.length > 80) {
@@ -182,18 +185,26 @@ async function buildFormPaths(page) {
         },
     ];
 }
-export async function exploreAuth(url, timeoutMs = 20000) {
+export async function exploreAuth(url, timeoutMs = 20000, progress) {
     const browser = await launchBrowser();
     try {
         const context = await browser.newContext();
         const page = await context.newPage();
+        progress?.info(`explore_auth URL=${url}`);
         await page.goto(url, { timeout: timeoutMs, waitUntil: 'domcontentloaded' });
         await waitNetworkIdleBestEffort(page);
+        if (debugExplore()) {
+            const html = await page.content();
+            progress?.debug(`explore_auth HTML byteLength=${Buffer.byteLength(html, 'utf8')}`);
+        }
         const loginishAfterFirst = /login|sign[- ]?in|auth/i.test(page.url()) || (await page.locator('input[type="password"]').count()) > 0;
         if (!loginishAfterFirst) {
             const loginLink = page.locator('a').filter({ hasText: /^(log ?in|sign ?in|sign in)$/i }).first();
-            if ((await loginLink.count()) > 0) {
+            const cnt = await loginLink.count();
+            progress?.debug(`explore_auth selector loginLink count=${cnt}`);
+            if (cnt > 0) {
                 const href = await loginLink.getAttribute('href');
+                progress?.debug(`explore_auth selector loginLink href matched=${Boolean(href)}`);
                 if (href) {
                     const next = new URL(href, url).toString();
                     await page.goto(next, { timeout: timeoutMs, waitUntil: 'domcontentloaded' });
@@ -213,19 +224,23 @@ export async function exploreAuth(url, timeoutMs = 20000) {
             if (!text) {
                 continue;
             }
-            let matched = null;
+            let providerMatch = null;
             for (const p of allProviders) {
-                if (!matchProvider(text, p)) {
+                const hit = matchProvider(text, p);
+                if (debugExplore()) {
+                    progress?.debug(`explore_auth provider try id=${p.id} matched=${hit}`);
+                }
+                if (!hit) {
                     continue;
                 }
                 if (p.source === 'built-in' && !(textLooksLikeOAuthIdpButton(text) || loginish)) {
                     continue;
                 }
-                matched = { p, gate: textLooksLikeOAuthIdpButton(text) || loginish };
+                providerMatch = { p, gate: textLooksLikeOAuthIdpButton(text) || loginish };
                 break;
             }
-            if (matched) {
-                const { p, gate } = matched;
+            if (providerMatch) {
+                const { p, gate } = providerMatch;
                 const id = `oauth:${p.id}`;
                 if (consumed.has(id)) {
                     continue;
@@ -241,6 +256,7 @@ export async function exploreAuth(url, timeoutMs = 20000) {
                     confidence: oauthConfidence(p.source, loginish || gate),
                     requirements: storageRequirement(),
                 });
+                progress?.info(`explore_auth path id=${id} type=oauth provider=${p.id} automatable=false`);
                 continue;
             }
             if (isHeuristicUnknownSso(text, loginish)) {
@@ -260,6 +276,7 @@ export async function exploreAuth(url, timeoutMs = 20000) {
                     confidence: 'low',
                     requirements: storageRequirement(),
                 });
+                progress?.info(`explore_auth path id=${id} type=oauth-unknown automatable=false`);
                 const safePattern = text.slice(0, 48).replace(/\\/g, '\\\\').replace(/"/g, '\\"');
                 unrecognizedButtons.push({
                     label: text.slice(0, 100),
@@ -282,8 +299,13 @@ export async function exploreAuth(url, timeoutMs = 20000) {
                     instruction: 'Magic-link flows need a human in the loop. Use `qulib auth init --base-url <app-url>` and complete email or provider steps in the opened browser, then reuse the saved storage state for scans.',
                 },
             });
+            progress?.info('explore_auth path id=magic-link type=magic-link automatable=false');
+        }
+        const formPaths = await buildFormPaths(page);
+        for (const fp of formPaths) {
+            authPaths.push(fp);
+            progress?.info(`explore_auth path id=${fp.id} type=${fp.type} automatable=${fp.automatable}`);
         }
-        authPaths.push(...(await buildFormPaths(page)));
         const authRequired = authPaths.length > 0;
         let authScope = 'none';
         if (authRequired) {

package/dist/tools/auth-surface-analyzer.d.ts

@@ -0,0 +1,4 @@
+import type { DetectedAuth } from '../schemas/config.schema.js';
+import type { Gap } from '../schemas/gap-analysis.schema.js';
+export declare function analyzeAuthSurfaceGaps(url: string, detection: DetectedAuth, timeoutMs: number): Promise<Gap[]>;
+//# sourceMappingURL=auth-surface-analyzer.d.ts.map

package/dist/tools/auth-surface-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-surface-analyzer.d.ts","sourceRoot":"","sources":["../../src/tools/auth-surface-analyzer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAW7D,wBAAsB,sBAAsB,CAC1C,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,YAAY,EACvB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,GAAG,EAAE,CAAC,CAuJhB"}