npm - @qulib/core - Versions diffs - 0.4.1 → 0.4.3 - Mend

@qulib/core 0.4.1 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (135) hide show

package/README.md +56 -8
package/dist/analyze.d.ts.map +1 -1
package/dist/analyze.js +86 -7
package/dist/cli/auth-login-resolve.d.ts +14 -0
package/dist/cli/auth-login-resolve.d.ts.map +1 -0
package/dist/cli/auth-login-resolve.js +68 -0
package/dist/cli/auth-login-run.d.ts +13 -0
package/dist/cli/auth-login-run.d.ts.map +1 -0
package/dist/cli/auth-login-run.js +152 -0
package/dist/cli/index.js +60 -7
package/dist/harness/state-manager.d.ts +10 -0
package/dist/harness/state-manager.d.ts.map +1 -1
package/dist/harness/state-manager.js +15 -0
package/dist/index.d.ts +8 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +7 -6
package/dist/phases/act.js +3 -3
package/dist/phases/observe.js +5 -5
package/dist/phases/think.js +1 -1
package/dist/schemas/automation-maturity.schema.d.ts +40 -0
package/dist/schemas/automation-maturity.schema.d.ts.map +1 -1
package/dist/schemas/automation-maturity.schema.js +27 -0
package/dist/schemas/index.d.ts +1 -1
package/dist/schemas/index.d.ts.map +1 -1
package/dist/schemas/index.js +1 -1
package/dist/schemas/repo-analysis.schema.d.ts +22 -0
package/dist/schemas/repo-analysis.schema.d.ts.map +1 -1
package/dist/schemas/repo-analysis.schema.js +1 -0
package/dist/telemetry/emit.d.ts +22 -0
package/dist/telemetry/emit.d.ts.map +1 -1
package/dist/telemetry/emit.js +37 -0
package/dist/telemetry/telemetry.interface.d.ts +1 -1
package/dist/telemetry/telemetry.interface.d.ts.map +1 -1
package/dist/tools/apply-auth.d.ts +4 -0
package/dist/tools/apply-auth.d.ts.map +1 -0
package/dist/tools/apply-auth.js +35 -0
package/dist/tools/auth/apply.d.ts +4 -0
package/dist/tools/auth/apply.d.ts.map +1 -0
package/dist/tools/auth/apply.js +35 -0
package/dist/tools/auth/block-gap.d.ts +9 -0
package/dist/tools/auth/block-gap.d.ts.map +1 -0
package/dist/tools/auth/block-gap.js +52 -0
package/dist/tools/auth/custom-providers.d.ts +15 -0
package/dist/tools/auth/custom-providers.d.ts.map +1 -0
package/dist/tools/auth/custom-providers.js +62 -0
package/dist/tools/auth/detect.d.ts +23 -0
package/dist/tools/auth/detect.d.ts.map +1 -0
package/dist/tools/auth/detect.js +526 -0
package/dist/tools/auth/detector.d.ts +23 -0
package/dist/tools/auth/detector.d.ts.map +1 -0
package/dist/tools/auth/detector.js +526 -0
package/dist/tools/auth/explore.d.ts +4 -0
package/dist/tools/auth/explore.d.ts.map +1 -0
package/dist/tools/auth/explore.js +346 -0
package/dist/tools/auth/explorer.d.ts +4 -0
package/dist/tools/auth/explorer.d.ts.map +1 -0
package/dist/tools/auth/explorer.js +346 -0
package/dist/tools/auth/gaps.d.ts +9 -0
package/dist/tools/auth/gaps.d.ts.map +1 -0
package/dist/tools/auth/gaps.js +52 -0
package/dist/tools/auth/oauth-providers.d.ts +7 -0
package/dist/tools/auth/oauth-providers.d.ts.map +1 -0
package/dist/tools/auth/oauth-providers.js +21 -0
package/dist/tools/auth/providers.d.ts +7 -0
package/dist/tools/auth/providers.d.ts.map +1 -0
package/dist/tools/auth/providers.js +21 -0
package/dist/tools/auth/surface-analyzer.d.ts +4 -0
package/dist/tools/auth/surface-analyzer.d.ts.map +1 -0
package/dist/tools/auth/surface-analyzer.js +170 -0
package/dist/tools/auth/surface.d.ts +4 -0
package/dist/tools/auth/surface.d.ts.map +1 -0
package/dist/tools/auth/surface.js +170 -0
package/dist/tools/auth/user-providers.d.ts +15 -0
package/dist/tools/auth/user-providers.d.ts.map +1 -0
package/dist/tools/auth/user-providers.js +62 -0
package/dist/tools/auth-block-gap.d.ts +6 -0
package/dist/tools/auth-block-gap.d.ts.map +1 -1
package/dist/tools/auth-block-gap.js +42 -9
package/dist/tools/auth-detector.d.ts +19 -0
package/dist/tools/auth-detector.d.ts.map +1 -1
package/dist/tools/auth-detector.js +186 -8
package/dist/tools/automation-maturity.d.ts.map +1 -1
package/dist/tools/automation-maturity.js +76 -20
package/dist/tools/explorers/browser.d.ts +3 -0
package/dist/tools/explorers/browser.d.ts.map +1 -0
package/dist/tools/explorers/browser.js +13 -0
package/dist/tools/explorers/cypress-explorer.d.ts +8 -0
package/dist/tools/explorers/cypress-explorer.d.ts.map +1 -0
package/dist/tools/explorers/cypress-explorer.js +5 -0
package/dist/tools/explorers/cypress.d.ts +8 -0
package/dist/tools/explorers/cypress.d.ts.map +1 -0
package/dist/tools/explorers/cypress.js +5 -0
package/dist/tools/explorers/explorer.interface.d.ts +7 -0
package/dist/tools/explorers/explorer.interface.d.ts.map +1 -0
package/dist/tools/explorers/explorer.interface.js +1 -0
package/dist/tools/explorers/factory.d.ts +4 -0
package/dist/tools/explorers/factory.d.ts.map +1 -0
package/dist/tools/explorers/factory.js +12 -0
package/dist/tools/explorers/playwright-explorer.d.ts +8 -0
package/dist/tools/explorers/playwright-explorer.d.ts.map +1 -0
package/dist/tools/explorers/playwright-explorer.js +172 -0
package/dist/tools/explorers/playwright.d.ts +8 -0
package/dist/tools/explorers/playwright.d.ts.map +1 -0
package/dist/tools/explorers/playwright.js +172 -0
package/dist/tools/explorers/types.d.ts +7 -0
package/dist/tools/explorers/types.d.ts.map +1 -0
package/dist/tools/explorers/types.js +1 -0
package/dist/tools/playwright-explorer.js +1 -1
package/dist/tools/repo/detect-framework.d.ts +15 -0
package/dist/tools/repo/detect-framework.d.ts.map +1 -0
package/dist/tools/repo/detect-framework.js +153 -0
package/dist/tools/repo/framework-detector.d.ts +15 -0
package/dist/tools/repo/framework-detector.d.ts.map +1 -0
package/dist/tools/repo/framework-detector.js +153 -0
package/dist/tools/repo/scan.d.ts +19 -0
package/dist/tools/repo/scan.d.ts.map +1 -0
package/dist/tools/repo/scan.js +181 -0
package/dist/tools/repo/scanner.d.ts +19 -0
package/dist/tools/repo/scanner.d.ts.map +1 -0
package/dist/tools/repo/scanner.js +181 -0
package/dist/tools/repo-scanner.d.ts.map +1 -1
package/dist/tools/repo-scanner.js +7 -2
package/dist/tools/scoring/automation-maturity.d.ts +4 -0
package/dist/tools/scoring/automation-maturity.d.ts.map +1 -0
package/dist/tools/scoring/automation-maturity.js +219 -0
package/dist/tools/scoring/gap-engine.d.ts +8 -0
package/dist/tools/scoring/gap-engine.d.ts.map +1 -0
package/dist/tools/scoring/gap-engine.js +138 -0
package/dist/tools/scoring/gaps.d.ts +8 -0
package/dist/tools/scoring/gaps.d.ts.map +1 -0
package/dist/tools/scoring/gaps.js +138 -0
package/dist/tools/scoring/public-surface.d.ts +5 -0
package/dist/tools/scoring/public-surface.d.ts.map +1 -0
package/dist/tools/scoring/public-surface.js +13 -0
package/package.json +3 -3

package/dist/tools/auth/block-gap.js ADDED Viewed

@@ -0,0 +1,52 @@
+function safeOriginAndPath(url) {
+    try {
+        const u = new URL(url);
+        return `${u.origin}${u.pathname}`;
+    }
+    catch {
+        return url;
+    }
+}
+function safeHost(url) {
+    try {
+        return new URL(url).hostname;
+    }
+    catch {
+        return url;
+    }
+}
+export function buildAuthBlockGap(url) {
+    const host = safeHost(url);
+    const safeUrl = safeOriginAndPath(url);
+    return {
+        id: 'auth-block',
+        path: '/',
+        severity: 'critical',
+        category: 'coverage',
+        reason: `Scan blocked by authentication. No authenticated pages were evaluated for ${host}.`,
+        description: 'Scan blocked by authentication. 0 authenticated pages were evaluated.',
+        recommendation: `Run \`qulib auth init --base-url ${safeUrl}\` to capture a storage state, then re-run with --auth storage-state.`,
+    };
+}
+export function buildStorageStateInvalidGap(input) {
+    const host = safeHost(input.url);
+    const safeUrl = safeOriginAndPath(input.url);
+    const recoveryByCode = {
+        'missing-file': `Storage state file was not found. Run \`qulib auth login --base-url ${safeUrl} --out <path>\` (or \`qulib auth init\`) to capture a fresh state, then re-run \`qulib analyze --url ${safeUrl} --auth-storage-state <path>\`.`,
+        'unreadable-file': `Storage state file exists but could not be read. Check file permissions, then re-run \`qulib auth login\` if needed.`,
+        'invalid-json': `Storage state file is not valid JSON. Run \`qulib auth login --base-url ${safeUrl} --out <path>\` again to regenerate it.`,
+        'wrong-origin': `Storage state belongs to a different origin than ${host}. Re-run \`qulib auth login --base-url ${safeUrl}\` against this target and pass the new file to \`qulib analyze\`.`,
+        'expired-or-unauthorized': `The session in the storage state has expired or is unauthorized. Run \`qulib auth login --base-url ${safeUrl}\` to capture a fresh state, then re-run \`qulib analyze --url ${safeUrl} --auth-storage-state <path>\`.`,
+        'no-auth-cookies': `Storage state file contains no cookies or localStorage entries — it is effectively empty. Run \`qulib auth login --base-url ${safeUrl}\` to capture a real session.`,
+        unknown: `Storage state could not be validated. Try \`qulib auth login --base-url ${safeUrl}\` again, and verify the file was saved on the same origin.`,
+    };
+    return {
+        id: 'storage-state-invalid',
+        path: '/',
+        severity: 'critical',
+        category: 'coverage',
+        reason: `Authenticated scan could not continue because the provided storage state is invalid for ${host}. Reason: ${input.reasonCode} — ${input.reason}.`,
+        description: `Storage state validation failed before crawling. The session was checked against ${host} and rejected with reason code "${input.reasonCode}".`,
+        recommendation: recoveryByCode[input.reasonCode],
+    };
+}

package/dist/tools/auth/custom-providers.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { OAuthProvider } from './providers.js';
+export interface SerializedProvider {
+    id: string;
+    label: string;
+    patterns: string[];
+}
+export declare function loadUserProviders(): OAuthProvider[];
+export declare function addUserProvider(input: {
+    id: string;
+    label: string;
+    pattern: string;
+}): void;
+export declare function removeUserProvider(id: string): boolean;
+export declare function listUserProviders(): SerializedProvider[];
+//# sourceMappingURL=custom-providers.d.ts.map

package/dist/tools/auth/custom-providers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"custom-providers.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/custom-providers.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAIpD,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,wBAAgB,iBAAiB,IAAI,aAAa,EAAE,CAOnD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAc3F;AAED,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAStD;AAED,wBAAgB,iBAAiB,IAAI,kBAAkB,EAAE,CAExD"}

package/dist/tools/auth/custom-providers.js ADDED Viewed

@@ -0,0 +1,62 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+const USER_PROVIDERS_PATH = join(homedir(), '.qulib', 'providers.json');
+export function loadUserProviders() {
+    const raw = loadSerialized();
+    return raw.map((p) => ({
+        id: p.id,
+        label: p.label,
+        patterns: p.patterns.map((src) => new RegExp(src, 'i')),
+    }));
+}
+export function addUserProvider(input) {
+    const existing = loadSerialized();
+    const idx = existing.findIndex((p) => p.id === input.id);
+    if (idx >= 0) {
+        const p = existing[idx];
+        if (!p.patterns.includes(input.pattern)) {
+            p.patterns.push(input.pattern);
+        }
+        p.label = input.label;
+    }
+    else {
+        existing.push({ id: input.id, label: input.label, patterns: [input.pattern] });
+    }
+    ensureDir();
+    writeFileSync(USER_PROVIDERS_PATH, JSON.stringify(existing, null, 2), 'utf-8');
+}
+export function removeUserProvider(id) {
+    const existing = loadSerialized();
+    const filtered = existing.filter((p) => p.id !== id);
+    if (filtered.length === existing.length) {
+        return false;
+    }
+    ensureDir();
+    writeFileSync(USER_PROVIDERS_PATH, JSON.stringify(filtered, null, 2), 'utf-8');
+    return true;
+}
+export function listUserProviders() {
+    return loadSerialized();
+}
+function loadSerialized() {
+    if (!existsSync(USER_PROVIDERS_PATH)) {
+        return [];
+    }
+    try {
+        const parsed = JSON.parse(readFileSync(USER_PROVIDERS_PATH, 'utf-8'));
+        if (!Array.isArray(parsed)) {
+            return [];
+        }
+        return parsed;
+    }
+    catch {
+        return [];
+    }
+}
+function ensureDir() {
+    const dir = dirname(USER_PROVIDERS_PATH);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+}

package/dist/tools/auth/detect.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { Page } from '@playwright/test';
+import type { DetectedAuth } from '../../schemas/config.schema.js';
+import type { AnalyzeProgressSink } from '../../harness/progress-log.js';
+export type StorageStateInvalidReason = 'missing-file' | 'unreadable-file' | 'invalid-json' | 'wrong-origin' | 'expired-or-unauthorized' | 'no-auth-cookies' | 'unknown';
+export interface StorageStateValidationResult {
+    valid: boolean;
+    reasonCode: StorageStateInvalidReason | 'ok';
+    reason: string;
+}
+export declare function evaluateStorageStateValidity(signals: {
+    expectedOrigin: string;
+    finalUrl: string;
+    visiblePasswordCount: number;
+    hadUnauthorizedHttp: boolean;
+}): StorageStateValidationResult;
+export declare function preflightStorageStateFile(storagePath: string): Promise<StorageStateValidationResult | null>;
+export declare function waitForReturnToOrigin(page: Page, baseUrl: string, timeoutMs?: number): Promise<{
+    returned: boolean;
+    finalUrl: string;
+}>;
+export declare function validateStorageState(url: string, storagePath: string, timeoutMs?: number): Promise<StorageStateValidationResult>;
+export declare function detectAuth(url: string, timeoutMs?: number, progress?: AnalyzeProgressSink): Promise<DetectedAuth>;
+//# sourceMappingURL=detect.d.ts.map

package/dist/tools/auth/detect.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/detect.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,KAAK,EAAY,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAIzE,MAAM,MAAM,yBAAyB,GACjC,cAAc,GACd,iBAAiB,GACjB,cAAc,GACd,cAAc,GACd,yBAAyB,GACzB,iBAAiB,GACjB,SAAS,CAAC;AAEd,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,yBAAyB,GAAG,IAAI,CAAC;IAC7C,MAAM,EAAE,MAAM,CAAC;CAChB;AAsQD,wBAAgB,4BAA4B,CAAC,OAAO,EAAE;IACpD,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,OAAO,CAAC;CAC9B,GAAG,4BAA4B,CA6B/B;AAOD,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,4BAA4B,GAAG,IAAI,CAAC,CAgD9C;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,EACf,SAAS,SAAQ,GAChB,OAAO,CAAC;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAelD;AAED,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,MAAM,EACX,WAAW,EAAE,MAAM,EACnB,SAAS,SAAQ,GAChB,OAAO,CAAC,4BAA4B,CAAC,CAyDvC;AAED,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,EACX,SAAS,SAAQ,EACjB,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,OAAO,CAAC,YAAY,CAAC,CAqJvB"}