@qulib/core 0.2.2 → 0.3.1

package/dist/tools/auth-surface-analyzer.js

@@ -0,0 +1,154 @@
+import { randomUUID } from 'node:crypto';
+import { launchBrowser } from './browser.js';
+async function waitNetworkIdleBestEffort(page) {
+    try {
+        await page.waitForLoadState('networkidle', { timeout: 5000 });
+    }
+    catch {
+        /* best-effort */
+    }
+}
+export async function analyzeAuthSurfaceGaps(url, detection, timeoutMs) {
+    if (!detection.hasAuth) {
+        return [];
+    }
+    const gaps = [];
+    const browser = await launchBrowser();
+    try {
+        const context = await browser.newContext();
+        const page = await context.newPage();
+        const resp = await page.goto(url, { timeout: timeoutMs, waitUntil: 'domcontentloaded' }).catch(() => null);
+        if (!resp || !resp.ok()) {
+            gaps.push({
+                id: randomUUID(),
+                path: new URL(url).pathname || '/',
+                severity: 'critical',
+                category: 'auth-surface',
+                reason: 'Sign-in surface did not load successfully for evaluation.',
+                description: 'The auth entry URL failed to load or returned a non-OK status before DOM checks could run.',
+                recommendation: 'Verify DNS, TLS, and that the URL is reachable from the scan environment.',
+            });
+            return gaps;
+        }
+        await waitNetworkIdleBestEffort(page);
+        const title = await page.title().catch(() => '');
+        if (!title || title.trim().length < 3) {
+            gaps.push({
+                id: randomUUID(),
+                path: '/',
+                severity: 'medium',
+                category: 'auth-surface',
+                reason: 'Missing or trivial document title on the sign-in surface.',
+                description: 'Users and assistive tech rely on a meaningful window title.',
+                recommendation: 'Set a concise, unique <title> for the login experience.',
+            });
+        }
+        const metaDesc = await page.locator('meta[name="description"]').getAttribute('content').catch(() => null);
+        if (!metaDesc || metaDesc.trim().length < 8) {
+            gaps.push({
+                id: randomUUID(),
+                path: '/',
+                severity: 'low',
+                category: 'auth-surface',
+                reason: 'No meta description on the sign-in surface.',
+                description: 'Search and sharing previews benefit from meta description on public entry pages.',
+                recommendation: 'Add <meta name="description" content="..."> with a short summary of the product.',
+            });
+        }
+        const h1Count = await page.locator('h1').count();
+        if (h1Count === 0) {
+            gaps.push({
+                id: randomUUID(),
+                path: '/',
+                severity: 'medium',
+                category: 'auth-surface',
+                reason: 'No visible primary heading (h1) on the sign-in surface.',
+                description: 'A primary heading helps users orient on the login page.',
+                recommendation: 'Add a single descriptive <h1> for the sign-in view.',
+            });
+        }
+        const oauthButtons = page.locator('button, a[href], [role="button"]');
+        const n = await oauthButtons.count();
+        for (let i = 0; i < Math.min(n, 25); i++) {
+            const el = oauthButtons.nth(i);
+            const text = ((await el.textContent()) ?? '').trim();
+            if (!text || text.length > 120)
+                continue;
+            const isOAuthish = /google|microsoft|github|apple|sso|sign in with|log in with|continue with|oauth/i.test(text);
+            if (!isOAuthish)
+                continue;
+            const role = await el.getAttribute('role');
+            const tag = await el.evaluate((node) => node.tagName.toLowerCase());
+            const tabIndex = await el.getAttribute('tabindex');
+            const aria = await el.getAttribute('aria-label');
+            const keyboardable = tag === 'button' || tag === 'a' || role === 'button';
+            const labeled = Boolean(aria && aria.trim().length > 0) || text.length > 0;
+            if (!keyboardable || tabIndex === '-1') {
+                gaps.push({
+                    id: randomUUID(),
+                    path: '/',
+                    severity: 'high',
+                    category: 'auth-surface',
+                    reason: `OAuth control "${text.slice(0, 60)}" may not be keyboard-accessible.`,
+                    description: 'SSO entry points should be real buttons or links with focus support.',
+                    recommendation: 'Use <button> or <a href> with visible label; avoid tabindex=-1 on the only sign-in path.',
+                });
+            }
+            else if (!labeled) {
+                gaps.push({
+                    id: randomUUID(),
+                    path: '/',
+                    severity: 'medium',
+                    category: 'auth-surface',
+                    reason: `OAuth control "${text.slice(0, 60)}" lacks aria-label and has weak visible text.`,
+                    description: 'Assistive technologies need a clear accessible name for IdP buttons.',
+                    recommendation: 'Add aria-label or visible text that names the provider and action.',
+                });
+            }
+        }
+        const hasPassword = (await page.locator('input[type="password"]').count()) > 0;
+        const hasEmailLink = await page.getByText(/magic link|email.*link|passwordless/i).count();
+        const hasOAuthUi = detection.oauthButtons.length > 0 ||
+            (await page.getByText(/sign in with|continue with google|microsoft|github/i).count()) > 0;
+        if (hasOAuthUi && !hasPassword && !hasEmailLink) {
+            gaps.push({
+                id: randomUUID(),
+                path: '/',
+                severity: 'medium',
+                category: 'auth-surface',
+                reason: 'OAuth-only entry with no visible password or magic-link fallback.',
+                description: 'Users who cannot use a social IdP need another path (email/password, help, or support).',
+                recommendation: 'Add a documented fallback (email/password, help desk link, or alternate IdP).',
+            });
+        }
+        const errorSelectors = '[role="alert"], [data-testid*="error" i], .error, .alert-danger, [class*="error" i]';
+        const errCount = await page.locator(errorSelectors).count();
+        if (errCount === 0 && hasOAuthUi) {
+            gaps.push({
+                id: randomUUID(),
+                path: '/',
+                severity: 'low',
+                category: 'auth-surface',
+                reason: 'No obvious in-DOM error container found for OAuth sign-in failures.',
+                description: 'IdP failures should surface recoverable feedback in the page.',
+                recommendation: 'Reserve a live region or inline alert for OAuth errors returned from the provider.',
+            });
+        }
+        const help = await page.getByText(/forgot password|need help|contact support|get help/i).count();
+        if (help === 0 && hasOAuthUi) {
+            gaps.push({
+                id: randomUUID(),
+                path: '/',
+                severity: 'low',
+                category: 'auth-surface',
+                reason: 'No visible “forgot password” or help path detected near OAuth controls.',
+                description: 'Users locked out of an IdP need a support or recovery affordance.',
+                recommendation: 'Link to account recovery, IT help, or a support URL near the sign-in actions.',
+            });
+        }
+    }
+    finally {
+        await browser.close();
+    }
+    return gaps;
+}

package/dist/tools/cypress-explorer.d.ts

@@ -1,7 +1,8 @@
 import type { AppExplorer } from './explorer.interface.js';
 import type { HarnessConfig } from '../schemas/config.schema.js';
 import type { RouteInventory } from '../schemas/route-inventory.schema.js';
+import type { RunArtifactsOptions } from '../harness/run-options.js';
 export declare class CypressExplorer implements AppExplorer {
-    explore(baseUrl: string, config: HarnessConfig): Promise<RouteInventory>;
+    explore(_baseUrl: string, _config: HarnessConfig, _artifacts?: RunArtifactsOptions): Promise<RouteInventory>;
 }
 //# sourceMappingURL=cypress-explorer.d.ts.map

package/dist/tools/cypress-explorer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cypress-explorer.d.ts","sourceRoot":"","sources":["../../src/tools/cypress-explorer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAE3E,qBAAa,eAAgB,YAAW,WAAW;IAC3C,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;CAG/E"}
+{"version":3,"file":"cypress-explorer.d.ts","sourceRoot":"","sources":["../../src/tools/cypress-explorer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAErE,qBAAa,eAAgB,YAAW,WAAW;IAC3C,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,UAAU,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;CAGnH"}

package/dist/tools/cypress-explorer.js

@@ -1,5 +1,5 @@
 export class CypressExplorer {
-    async explore(baseUrl, config) {
+    async explore(_baseUrl, _config, _artifacts) {
         throw new Error('Not implemented');
     }
 }

package/dist/tools/explorer.interface.d.ts

@@ -1,6 +1,7 @@
 import type { HarnessConfig } from '../schemas/config.schema.js';
 import type { RouteInventory } from '../schemas/route-inventory.schema.js';
+import type { RunArtifactsOptions } from '../harness/run-options.js';
 export interface AppExplorer {
-    explore(baseUrl: string, config: HarnessConfig): Promise<RouteInventory>;
+    explore(baseUrl: string, config: HarnessConfig, artifacts?: RunArtifactsOptions): Promise<RouteInventory>;
 }
 //# sourceMappingURL=explorer.interface.d.ts.map

package/dist/tools/explorer.interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"explorer.interface.d.ts","sourceRoot":"","sources":["../../src/tools/explorer.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAE3E,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;CAC1E"}
+{"version":3,"file":"explorer.interface.d.ts","sourceRoot":"","sources":["../../src/tools/explorer.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAErE,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;CAC3G"}

package/dist/tools/gap-engine.d.ts

@@ -1,6 +1,8 @@
-import { type GapAnalysis } from '../schemas/gap-analysis.schema.js';
+import { type GapAnalysis, type Gap } from '../schemas/gap-analysis.schema.js';
 import type { RouteInventory } from '../schemas/route-inventory.schema.js';
 import type { RepoAnalysis } from '../schemas/repo-analysis.schema.js';
 import type { HarnessConfig } from '../schemas/config.schema.js';
+export declare function computeQualityScoreFromGaps(gaps: Gap[]): number;
+export declare function computeCoverageScore(routes: RouteInventory): number | null;
 export declare function analyzeGaps(routes: RouteInventory, repo: RepoAnalysis | null, mode: 'url-only' | 'url-repo', config: HarnessConfig): Omit<GapAnalysis, 'scenarios' | 'generatedTests'>;
 //# sourceMappingURL=gap-engine.d.ts.map

package/dist/tools/gap-engine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"gap-engine.d.ts","sourceRoot":"","sources":["../../src/tools/gap-engine.ts"],"names":[],"mappings":"AACA,OAAO,EAAa,KAAK,WAAW,EAAY,MAAM,mCAAmC,CAAC;AAC1F,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,wBAAgB,WAAW,CACzB,MAAM,EAAE,cAAc,EACtB,IAAI,EAAE,YAAY,GAAG,IAAI,EACzB,IAAI,EAAE,UAAU,GAAG,UAAU,EAC7B,MAAM,EAAE,aAAa,GACpB,IAAI,CAAC,WAAW,EAAE,WAAW,GAAG,gBAAgB,CAAC,CA0GnD"}
+{"version":3,"file":"gap-engine.d.ts","sourceRoot":"","sources":["../../src/tools/gap-engine.ts"],"names":[],"mappings":"AACA,OAAO,EAAa,KAAK,WAAW,EAAE,KAAK,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAC1F,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,CAY/D;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,GAAG,IAAI,CAa1E;AAED,wBAAgB,WAAW,CACzB,MAAM,EAAE,cAAc,EACtB,IAAI,EAAE,YAAY,GAAG,IAAI,EACzB,IAAI,EAAE,UAAU,GAAG,UAAU,EAC7B,MAAM,EAAE,aAAa,GACpB,IAAI,CAAC,WAAW,EAAE,WAAW,GAAG,gBAAgB,CAAC,CAqGnD"}

package/dist/tools/gap-engine.js

@@ -1,5 +1,36 @@
 import { randomUUID } from 'node:crypto';
 import { GapSchema } from '../schemas/gap-analysis.schema.js';
+export function computeQualityScoreFromGaps(gaps) {
+    let critical = 0;
+    let high = 0;
+    let medium = 0;
+    let low = 0;
+    for (const g of gaps) {
+        if (g.severity === 'critical')
+            critical++;
+        else if (g.severity === 'high')
+            high++;
+        else if (g.severity === 'medium')
+            medium++;
+        else
+            low++;
+    }
+    return Math.max(0, 100 - critical * 25 - high * 20 - medium * 8 - low * 3);
+}
+export function computeCoverageScore(routes) {
+    const scanned = routes.routes.length;
+    const skipped = routes.pagesSkipped;
+    const denom = scanned + skipped;
+    // TODO: return null here once the explorer exposes an explicit "discovered-but-unknown" signal
+    //       (i.e. routes were found but the full set couldn't be confirmed — a low score is misleading)
+    if (denom === 0) {
+        if (routes.budgetExceeded) {
+            return 0;
+        }
+        return scanned === 0 ? 0 : 100;
+    }
+    return Math.round((100 * scanned) / denom);
+}
 export function analyzeGaps(routes, repo, mode, config) {
     const coveredPaths = new Set();
     if (repo) {
@@ -57,11 +88,13 @@ export function analyzeGaps(routes, repo, mode, config) {
         }
         for (const violation of route.a11yViolations) {
             const impact = violation.impact.toLowerCase();
-            const severity = impact === 'critical' || impact === 'serious'
-                ? 'high'
-                : impact === 'moderate'
-                    ? 'medium'
-                    : 'low';
+            const severity = impact === 'critical'
+                ? 'critical'
+                : impact === 'serious'
+                    ? 'high'
+                    : impact === 'moderate'
+                        ? 'medium'
+                        : 'low';
             addGap({
                 id: randomUUID(),
                 path: route.path,
@@ -71,14 +104,8 @@ export function analyzeGaps(routes, repo, mode, config) {
             });
         }
     }
-    const highCount = gaps.filter((g) => g.severity === 'high').length;
-    const mediumCount = gaps.filter((g) => g.severity === 'medium').length;
-    const lowCount = gaps.filter((g) => g.severity === 'low').length;
-    let releaseConfidence = Math.max(0, 100 - highCount * 20 - mediumCount * 8 - lowCount * 3);
+    const releaseConfidence = computeQualityScoreFromGaps(gaps);
     const pagesScanned = routes.routes.length;
-    if (pagesScanned < config.minPagesForConfidence) {
-        releaseConfidence = Math.min(releaseConfidence, 40);
-    }
     let coverageWarning;
     if (routes.budgetExceeded) {
         coverageWarning = 'budget-exceeded';

package/dist/tools/playwright-explorer.d.ts

@@ -1,7 +1,8 @@
 import type { AppExplorer } from './explorer.interface.js';
 import { type RouteInventory } from '../schemas/route-inventory.schema.js';
 import type { HarnessConfig } from '../schemas/config.schema.js';
+import type { RunArtifactsOptions } from '../harness/run-options.js';
 export declare class PlaywrightExplorer implements AppExplorer {
-    explore(baseUrl: string, config: HarnessConfig): Promise<RouteInventory>;
+    explore(baseUrl: string, config: HarnessConfig, artifacts?: RunArtifactsOptions): Promise<RouteInventory>;
 }
 //# sourceMappingURL=playwright-explorer.d.ts.map

package/dist/tools/playwright-explorer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"playwright-explorer.d.ts","sourceRoot":"","sources":["../../src/tools/playwright-explorer.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAwB,KAAK,cAAc,EAAc,MAAM,sCAAsC,CAAC;AAC7G,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAgBjE,qBAAa,kBAAmB,YAAW,WAAW;IAC9C,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;CAqJ/E"}
+{"version":3,"file":"playwright-explorer.d.ts","sourceRoot":"","sources":["../../src/tools/playwright-explorer.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAwB,KAAK,cAAc,EAAc,MAAM,sCAAsC,CAAC;AAC7G,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAoBrE,qBAAa,kBAAmB,YAAW,WAAW;IAC9C,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;CAsKhH"}

package/dist/tools/playwright-explorer.js

@@ -15,8 +15,12 @@ function isInternalHref(href, baseUrlStr) {
         return false;
     }
 }
+function debugMode() {
+    return process.env.QULIB_DEBUG === '1';
+}
 export class PlaywrightExplorer {
-    async explore(baseUrl, config) {
+    async explore(baseUrl, config, artifacts) {
+        const progress = artifacts?.progressLog;
         const browser = await launchBrowser();
         let context;
         try {
@@ -28,7 +32,10 @@ export class PlaywrightExplorer {
         }
         if (config.auth) {
             const label = config.auth.type === 'form-login' ? config.auth.credentials.username : 'storage-state';
-            console.error(`[qulib] authenticated as ${label}`);
+            progress?.info(`Authenticated context: ${label}`);
+            if (!progress) {
+                process.stderr.write(`[qulib] authenticated as ${label}\n`);
+            }
         }
         const visited = new Set();
         const queue = [baseUrl];
@@ -56,10 +63,15 @@ export class PlaywrightExplorer {
                     }
                 });
                 try {
-                    await page.goto(url, {
+                    const navResponse = await page.goto(url, {
                         timeout: config.timeoutMs,
                         waitUntil: 'domcontentloaded',
                     });
+                    const httpStatus = navResponse?.status() ?? 0;
+                    if (debugMode()) {
+                        const html = await page.content();
+                        progress?.debug(`page HTML byteLength=${Buffer.byteLength(html, 'utf8')} url=${normalized}`);
+                    }
                     const pageTitle = await page.title();
                     const formCount = await page.locator('form').count();
                     const buttonLabels = await page.locator('button').allInnerTexts();
@@ -92,6 +104,9 @@ export class PlaywrightExplorer {
                         const axeResults = await new AxeBuilder({ page })
                             .withTags(['wcag2a', 'wcag2aa'])
                             .analyze();
+                        if (debugMode()) {
+                            progress?.debug(`raw axe violations (pre-map) count=${axeResults.violations.length} json=${JSON.stringify(axeResults.violations)}`);
+                        }
                         a11yViolations = axeResults.violations.map((v) => ({
                             id: v.id,
                             impact: v.impact ?? 'unknown',
@@ -103,6 +118,7 @@ export class PlaywrightExplorer {
                         consoleErrors.push(`axe-core failure: ${String(err)}`);
                     }
                     const path = new URL(url).pathname || '/';
+                    progress?.info(`Crawled ${normalized} status=${httpStatus} a11yViolations=${a11yViolations.length}`);
                     routes.push({
                         path,
                         pageTitle,
@@ -112,6 +128,7 @@ export class PlaywrightExplorer {
                         consoleErrors,
                         brokenLinks,
                         a11yViolations,
+                        statusCode: httpStatus,
                     });
                 }
                 catch (err) {
@@ -123,6 +140,7 @@ export class PlaywrightExplorer {
                             return url;
                         }
                     })();
+                    progress?.info(`Crawled ${normalized} status=error a11yViolations=0 err=${String(err).slice(0, 120)}`);
                     routes.push({
                         path,
                         pageTitle: '',

package/dist/tools/public-surface.d.ts

@@ -0,0 +1,5 @@
+import type { RouteInventory } from '../schemas/route-inventory.schema.js';
+import type { Gap } from '../schemas/gap-analysis.schema.js';
+import type { PublicSurface } from '../schemas/public-surface.schema.js';
+export declare function buildPublicSurface(pages: RouteInventory['routes'], gaps: Gap[]): PublicSurface;
+//# sourceMappingURL=public-surface.d.ts.map

package/dist/tools/public-surface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"public-surface.d.ts","sourceRoot":"","sources":["../../src/tools/public-surface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAmD,MAAM,qCAAqC,CAAC;AAE1H,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,cAAc,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,aAAa,CAY9F"}

package/dist/tools/public-surface.js

@@ -0,0 +1,13 @@
+export function buildPublicSurface(pages, gaps) {
+    const accessibilityViolations = [];
+    const brokenLinks = [];
+    for (const r of pages) {
+        for (const v of r.a11yViolations) {
+            accessibilityViolations.push({ ...v, path: r.path });
+        }
+        for (const b of r.brokenLinks) {
+            brokenLinks.push({ ...b, path: r.path });
+        }
+    }
+    return { pages, gaps, accessibilityViolations, brokenLinks };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qulib/core",
-  "version": "0.2.2",
+  "version": "0.3.1",
   "description": "Qulib — analyze deployed web apps for honest quality gaps (CLI + programmatic API)",
   "license": "MIT",
   "author": "Tapesh Nagarwal",
@@ -31,13 +31,17 @@
     "README.md"
   ],
   "bin": {
-    "qulib": "./bin/qulib.js"
+    "qulib": "bin/qulib.js"
   },
   "scripts": {
     "dev": "tsx src/cli/index.ts",
     "analyze": "tsx src/cli/index.ts analyze",
     "clean": "tsx src/cli/index.ts clean",
-    "build": "tsc"
+    "build": "tsc",
+    "test": "node --import tsx/esm --test src/llm/cost-intelligence.test.ts src/tools/gap-engine.test.ts src/tools/auth-block-gap.test.ts",
+    "test:integration": "node --import tsx/esm --test src/analyze.integration.test.ts",
+    "smoke": "tsx src/cli/index.ts analyze --url https://example.com --ephemeral",
+    "cost-doctor": "tsx src/cli/index.ts cost doctor"
   },
   "dependencies": {
     "@axe-core/playwright": "^4.9.0",