@qulib/core 0.5.2 → 0.6.0

package/README.md

@@ -49,13 +49,13 @@ This opens a real browser. Log in normally (OAuth, magic link, password manager,
 
 ### Automated form login (`auth login`)
 
-When **`detect-auth`** shows **`authOptions`** with **`type: "form-login"`** and **`requirements.method: "credentials"`** (including click-to-reveal paths such as Scholastic Sync), you can save a storage state **without** manual clicking:
+When **`detect-auth`** shows **`authOptions`** with **`type: "form-login"`** and **`requirements.method: "credentials"`** (including click-to-reveal paths such as NQ Login), you can save a storage state **without** manual clicking:
 
 ```bash
-qulib auth login --base-url https://platform.scholastic.com \
-  --auth-path scholastic-sync \
-  --credentials-file ~/.qulib/scholastic-creds.json \
-  --out ~/.qulib/scholastic-state.json
+qulib auth login --base-url https://notquality.com \
+  --auth-path nq-login \
+  --credentials-file ~/.qulib/nq-creds.json \
+  --out ~/.qulib/nq-state.json
 ```
 
 The JSON file must map **field `name`** values from `authOptions` to secrets, e.g. `{"username":"…","password":"…","hidden.datasource":"…"}`. Prefer **`--credentials-file`** over **`--credentials`** so values are not stored in shell history.
@@ -63,8 +63,8 @@ The JSON file must map **field `name`** values from `authOptions` to secrets, e.
 Then analyze with the saved session:
 
 ```bash
-qulib analyze --url https://platform.scholastic.com \
-  --auth-storage-state ~/.qulib/scholastic-state.json
+qulib analyze --url https://notquality.com \
+  --auth-storage-state ~/.qulib/nq-state.json
 ```
 
 Use **`--auth-path <id>`** when multiple **`form-login`** paths appear in **`authOptions`**. Use **`--success-url-contains <substring>`** for stricter success detection; otherwise Qulib infers success from URL changes or the password field disappearing (and warns if it cannot confirm).
@@ -102,9 +102,9 @@ For unfamiliar apps (especially enterprise SSO with several buttons), run **`qul
 Unknown SSO buttons include **`unrecognizedButtons`** with a hint. Teach this machine to recognize a label next time:
 
 ```bash
-qulib auth providers add --id scholastic-sync --label "Scholastic Sync" --pattern "scholastic sync"
+qulib auth providers add --id nq-login --label "NQ Login" --pattern "nq login"
 qulib auth providers list
-qulib auth providers remove --id scholastic-sync
+qulib auth providers remove --id nq-login
 ```
 
 Patterns live in **`~/.qulib/providers.json`** (per user, not in the repo). Built-in public platforms stay in qulib’s curated list; tenant-specific names are never shipped as built-ins.

package/dist/agent-summary.d.ts

@@ -0,0 +1,52 @@
+import type { AnalyzeResult } from './analyze.js';
+import type { CostIntelligence } from './schemas/cost-intelligence.schema.js';
+/**
+ * Agent-readable summary of an AnalyzeResult. Intended for orchestrators
+ * (CI gates, external agent loops) that need a small, stable JSON shape.
+ *
+ * QLIB-001 spec: see docs/agent-summary-output.md.
+ * C02 helper; exposed via CLI (`--agent-summary`) and MCP (`agentSummary: true`).
+ * Field names below are the v1 contract for `toAgentSummary`.
+ */
+export type AgentGate = 'pass' | 'warn' | 'fail';
+export type CoverageStatus = 'ok' | 'thin' | 'blocked-by-auth' | 'budget-exceeded' | 'navigation-failures' | 'unknown';
+export interface AgentSummaryCostSummary {
+    maxOutputTokensPerLlmCall: number;
+    totalInputTokens: number;
+    totalOutputTokens: number;
+    budgetWarningCount: number;
+    dataQuality: CostIntelligence['usageSummary']['dataQuality'];
+    maturityLevel: number;
+    maturityLabel: string;
+}
+export interface AgentSummary {
+    schemaVersion: 1;
+    gate: AgentGate;
+    releaseConfidence: number | null;
+    coverageStatus: CoverageStatus;
+    topRisks: string[];
+    recommendedNextChecks: string[];
+    honestyNotes: string[];
+    costSummary: AgentSummaryCostSummary | null;
+    deterministicFollowUps: string[];
+}
+export interface AgentSummaryPolicy {
+    /** Confidence at or above this number is required for `pass`. Default 80. */
+    passConfidenceThreshold?: number;
+    /** Confidence below this triggers `fail` (when no harder failure already applies). Default 30. */
+    failConfidenceThreshold?: number;
+    /** Max risks/checks/notes to include in each list. Default 5. */
+    maxListLength?: number;
+    /**
+     * Treat `mode === 'auth-required'` as `fail` (default) or `warn`.
+     * Honest default: a deployment that was never exercised past auth cannot pass.
+     */
+    authRequiredGate?: 'fail' | 'warn';
+}
+/**
+ * Convert an `AnalyzeResult` into a small agent-facing summary.
+ *
+ * Pure function. No I/O. CLI / MCP wiring belongs to QLIB-001-C03 and -C04.
+ */
+export declare function toAgentSummary(result: AnalyzeResult, policy?: AgentSummaryPolicy): AgentSummary;
+//# sourceMappingURL=agent-summary.d.ts.map

package/dist/agent-summary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-summary.d.ts","sourceRoot":"","sources":["../src/agent-summary.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAElD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AAE9E;;;;;;;GAOG;AAEH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAEjD,MAAM,MAAM,cAAc,GACtB,IAAI,GACJ,MAAM,GACN,iBAAiB,GACjB,iBAAiB,GACjB,qBAAqB,GACrB,SAAS,CAAC;AAEd,MAAM,WAAW,uBAAuB;IACtC,yBAAyB,EAAE,MAAM,CAAC;IAClC,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,gBAAgB,CAAC,cAAc,CAAC,CAAC,aAAa,CAAC,CAAC;IAC7D,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,aAAa,EAAE,CAAC,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;IAChB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,cAAc,EAAE,cAAc,CAAC;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,WAAW,EAAE,uBAAuB,GAAG,IAAI,CAAC;IAC5C,sBAAsB,EAAE,MAAM,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,6EAA6E;IAC7E,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,kGAAkG;IAClG,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iEAAiE;IACjE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACpC;AAmLD;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,aAAa,EACrB,MAAM,CAAC,EAAE,kBAAkB,GAC1B,YAAY,CAiBd"}

package/dist/agent-summary.js

@@ -0,0 +1,187 @@
+const DEFAULT_POLICY = {
+    passConfidenceThreshold: 80,
+    failConfidenceThreshold: 30,
+    maxListLength: 5,
+    authRequiredGate: 'fail',
+};
+const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+function resolvePolicy(p) {
+    return {
+        passConfidenceThreshold: p?.passConfidenceThreshold ?? DEFAULT_POLICY.passConfidenceThreshold,
+        failConfidenceThreshold: p?.failConfidenceThreshold ?? DEFAULT_POLICY.failConfidenceThreshold,
+        maxListLength: p?.maxListLength ?? DEFAULT_POLICY.maxListLength,
+        authRequiredGate: p?.authRequiredGate ?? DEFAULT_POLICY.authRequiredGate,
+    };
+}
+function countBySeverity(gaps) {
+    const counts = { critical: 0, high: 0, medium: 0, low: 0 };
+    for (const g of gaps)
+        counts[g.severity]++;
+    return counts;
+}
+function deriveCoverageStatus(result) {
+    const g = result.gapAnalysis;
+    if (g.mode === 'auth-required' || g.coverageWarning === 'auth-required') {
+        return 'blocked-by-auth';
+    }
+    if (g.coverageWarning === 'budget-exceeded' || g.coverageBudgetExceeded) {
+        return 'budget-exceeded';
+    }
+    if (g.coverageWarning === 'navigation-failures') {
+        return 'navigation-failures';
+    }
+    if (g.coverageWarning === 'low-coverage') {
+        return 'thin';
+    }
+    if (g.coveragePagesScanned === 0) {
+        return 'unknown';
+    }
+    return 'ok';
+}
+function buildTopRisks(result, limit) {
+    const risks = [];
+    const status = deriveCoverageStatus(result);
+    if (status === 'blocked-by-auth') {
+        risks.push('Auth blocked the scan; protected routes were not exercised.');
+    }
+    else if (status === 'thin') {
+        risks.push('Crawl coverage was below the confidence floor.');
+    }
+    else if (status === 'budget-exceeded') {
+        risks.push('Crawl budget exceeded; coverage is partial.');
+    }
+    else if (status === 'navigation-failures') {
+        risks.push('Navigation errors limited what could be scanned.');
+    }
+    const sorted = [...result.gaps].sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+    for (const g of sorted) {
+        if (risks.length >= limit)
+            break;
+        risks.push(`[${g.severity}] ${g.category} — ${g.path}`);
+    }
+    return risks.slice(0, limit);
+}
+function buildRecommendedNextChecks(result, limit) {
+    const out = [];
+    const status = deriveCoverageStatus(result);
+    if (status === 'blocked-by-auth') {
+        out.push('Provide auth (form login or storage state) and re-run, or use explore_auth.');
+    }
+    if (status === 'thin') {
+        out.push('Increase crawl budget or supply deeper entry URLs to raise coverage above the floor.');
+    }
+    if (status === 'budget-exceeded') {
+        out.push('Increase maxPagesToScan or narrow scope to bring the crawl under budget.');
+    }
+    const byCat = new Map();
+    for (const g of result.gaps)
+        byCat.set(g.category, (byCat.get(g.category) ?? 0) + 1);
+    const topCats = [...byCat.entries()].sort((a, b) => b[1] - a[1]).slice(0, 3);
+    for (const [cat, n] of topCats) {
+        if (out.length >= limit)
+            break;
+        out.push(`Add or tighten deterministic coverage for ${cat} (${n} gap(s) this scan).`);
+    }
+    return out.slice(0, limit);
+}
+function buildHonestyNotes(result) {
+    const notes = ['This scan does not guarantee production readiness.'];
+    const g = result.gapAnalysis;
+    if (g.mode === 'auth-required' || g.coverageWarning === 'auth-required') {
+        notes.push('Authenticated surface was not exercised: confidence does not reflect protected routes.');
+    }
+    if (g.coverageWarning === 'low-coverage') {
+        notes.push('Coverage was below the confidence threshold; treat the score as a ceiling.');
+    }
+    if (g.coverageBudgetExceeded || g.coverageWarning === 'budget-exceeded') {
+        notes.push('Crawl budget was exceeded; some routes were not scanned.');
+    }
+    if (g.coverageWarning === 'navigation-failures') {
+        notes.push('Navigation failures reduced effective coverage.');
+    }
+    if (result.status === 'partial') {
+        notes.push('Scan completed only partially; signals are derived from a subset of intended work.');
+    }
+    if (result.status === 'blocked') {
+        notes.push('Scan was blocked before producing a meaningful evaluation.');
+    }
+    return notes;
+}
+function buildCostSummary(ci) {
+    if (!ci)
+        return null;
+    return {
+        maxOutputTokensPerLlmCall: ci.maxOutputTokensPerLlmCall,
+        totalInputTokens: ci.usageSummary.totalInputTokens,
+        totalOutputTokens: ci.usageSummary.totalOutputTokens,
+        budgetWarningCount: ci.budgetWarnings.length,
+        dataQuality: ci.usageSummary.dataQuality,
+        maturityLevel: ci.deterministicMaturity.level,
+        maturityLabel: ci.deterministicMaturity.label,
+    };
+}
+function buildDeterministicFollowUps(ci, limit) {
+    if (!ci)
+        return [];
+    return ci.conversionRecommendations.slice(0, limit);
+}
+/**
+ * Default gate policy:
+ *   - fail when: any critical gap, status === 'blocked', releaseConfidence is null,
+ *                releaseConfidence < failConfidenceThreshold, or mode === 'auth-required'
+ *                under the default authRequiredGate.
+ *   - warn when: any high-severity gap, status === 'partial', coverage is thin /
+ *                budget-exceeded / navigation-failures, or confidence is below
+ *                passConfidenceThreshold (but at or above failConfidenceThreshold).
+ *   - pass when: confidence >= passConfidenceThreshold AND no blocking conditions.
+ *
+ * Honesty rule: an `auth-required` scan never silently `pass`es under defaults.
+ */
+function deriveGate(result, policy) {
+    const g = result.gapAnalysis;
+    const counts = countBySeverity(result.gaps);
+    if (counts.critical > 0)
+        return 'fail';
+    if (result.status === 'blocked')
+        return 'fail';
+    if (g.mode === 'auth-required' || g.coverageWarning === 'auth-required') {
+        return policy.authRequiredGate;
+    }
+    if (result.releaseConfidence === null)
+        return 'fail';
+    if (result.releaseConfidence < policy.failConfidenceThreshold)
+        return 'fail';
+    const hasCoverageIssue = g.coverageWarning === 'low-coverage' ||
+        g.coverageWarning === 'budget-exceeded' ||
+        g.coverageWarning === 'navigation-failures' ||
+        g.coverageBudgetExceeded;
+    if (counts.high > 0)
+        return 'warn';
+    if (result.status === 'partial')
+        return 'warn';
+    if (hasCoverageIssue)
+        return 'warn';
+    if (result.releaseConfidence < policy.passConfidenceThreshold)
+        return 'warn';
+    return 'pass';
+}
+/**
+ * Convert an `AnalyzeResult` into a small agent-facing summary.
+ *
+ * Pure function. No I/O. CLI / MCP wiring belongs to QLIB-001-C03 and -C04.
+ */
+export function toAgentSummary(result, policy) {
+    const resolved = resolvePolicy(policy);
+    const limit = resolved.maxListLength;
+    return {
+        schemaVersion: 1,
+        gate: deriveGate(result, resolved),
+        releaseConfidence: result.releaseConfidence,
+        coverageStatus: deriveCoverageStatus(result),
+        topRisks: buildTopRisks(result, limit),
+        recommendedNextChecks: buildRecommendedNextChecks(result, limit),
+        honestyNotes: buildHonestyNotes(result),
+        costSummary: buildCostSummary(result.gapAnalysis.costIntelligence),
+        deterministicFollowUps: buildDeterministicFollowUps(result.gapAnalysis.costIntelligence, limit),
+    };
+}

package/dist/cli/index.js

@@ -8,6 +8,7 @@ const requirePkg = createRequire(import.meta.url);
 const pkg = requirePkg('../../package.json');
 import { HarnessConfigSchema } from '../schemas/config.schema.js';
 import { analyzeApp } from '../analyze.js';
+import { toAgentSummary } from '../agent-summary.js';
 import { detectAuth } from '../tools/auth/detect.js';
 import { exploreAuth } from '../tools/auth/explore.js';
 import { assertExactlyOneCredentialSource, parseCredentialsJsonString, resolveAuthLoginConfig, } from './auth-login-resolve.js';
@@ -80,15 +81,22 @@ function mergeAuthFromCli(config, options) {
     return config;
 }
 async function runAnalyze(options) {
+    if (options.ephemeral && options.agentSummary) {
+        throw new Error('Use either --agent-summary or --ephemeral, not both — pick one stdout output mode.');
+    }
     const validatedUrl = AnalyzeUrlSchema.parse(options.url);
     const mode = options.repo ? 'url-repo' : 'url-only';
     const baseConfig = await loadConfigFile(options.configFile ?? 'qulib.config.ts');
     const config = mergeAuthFromCli(baseConfig, options);
     const ephemeral = options.ephemeral ?? false;
-    const writeArtifacts = !ephemeral;
+    const agentSummary = options.agentSummary ?? false;
+    const writeArtifacts = !ephemeral && !agentSummary;
     if (ephemeral) {
         console.error('[qulib] Ephemeral mode: no disk writes; full result JSON on stdout');
     }
+    else if (agentSummary) {
+        console.error('[qulib] Agent-summary mode: no disk writes; agent gate JSON on stdout');
+    }
     else {
         console.log('[qulib] Detected mode:', mode);
         console.log('[qulib] Active config:', redactConfigForLog(config));
@@ -100,6 +108,10 @@ async function runAnalyze(options) {
         writeArtifacts,
         skipAuthDetection: options.skipAuthDetection,
     });
+    if (agentSummary) {
+        console.log(JSON.stringify(toAgentSummary(result), null, 2));
+        return;
+    }
     if (ephemeral) {
         console.log(JSON.stringify({
             status: result.status,
@@ -158,6 +170,7 @@ program
     .option('--config <file>', 'Path to config file (relative to cwd)', 'qulib.config.ts')
     .option('--adapter <type>', 'Override default test adapter (playwright, cypress-e2e, cypress-component, api)', 'playwright')
     .option('--ephemeral', 'Do not write to disk — return full report as JSON on stdout (use for MCP/CI)', false)
+    .option('--agent-summary', 'Do not write to disk — return the compact agent-summary gate JSON on stdout (pass/warn/fail with honesty notes). Mutually exclusive with --ephemeral.', false)
     .option('--skip-auth-detection', 'Crawl the public surface even if auth is detected (useful for sites with sign-in CTAs on public pages)', false)
     .option('--auth-storage-state <path>', 'Path to a storage state JSON file (use after `qulib auth init`)')
     .option('--auth-form-login', 'Use form-login; requires --login-url, credentials, and selectors', false)
@@ -181,6 +194,7 @@ program
         repo: options.repo,
         configFile: options.config,
         ephemeral: options.ephemeral,
+        agentSummary: options.agentSummary,
         skipAuthDetection: Boolean(options.skipAuthDetection),
         authStorageState: options.authStorageState,
         authFormLogin,
@@ -225,9 +239,9 @@ providersCmd
 providersCmd
     .command('add')
     .description('Register a custom provider pattern (case-insensitive regex source)')
-    .requiredOption('--id <id>', 'Stable id (kebab-case), e.g. scholastic-sync')
+    .requiredOption('--id <id>', 'Stable id (kebab-case), e.g. nq-login')
     .requiredOption('--label <label>', 'Human-readable label')
-    .requiredOption('--pattern <regex>', 'Regex source, e.g. scholastic sync')
+    .requiredOption('--pattern <regex>', 'Regex source, e.g. nq login')
     .action(async (opts) => {
     try {
         new RegExp(opts.pattern, 'i');
@@ -289,7 +303,7 @@ authCmd
     .command('login')
     .description('Detect form-login on the URL, fill credentials, and save the storage state automatically (uses selectors from detect-auth)')
     .requiredOption('--base-url <url>', 'The base URL of the app to log into')
-    .option('--auth-path <id>', 'Specific authOption id to use (e.g. "scholastic-sync") when multiple form-login paths exist')
+    .option('--auth-path <id>', 'Specific authOption id to use (e.g. "nq-login") when multiple form-login paths exist')
     .option('--credentials <json>', 'JSON object mapping field name → value, e.g. \'{"username":"a","password":"b","hidden.datasource":"NYC"}\'')
     .option('--credentials-file <path>', 'Path to a JSON file with the credentials object (keeps secrets out of shell history)')
     .option('--out <path>', 'Output file path for the storage state JSON', './qulib-storage-state.json')

package/dist/index.d.ts

@@ -1,4 +1,6 @@
 export { analyzeApp } from './analyze.js';
+export { toAgentSummary } from './agent-summary.js';
+export type { AgentSummary, AgentSummaryPolicy, AgentGate, CoverageStatus, AgentSummaryCostSummary, } from './agent-summary.js';
 export { detectAuth, validateStorageState, evaluateStorageStateValidity, preflightStorageStateFile, waitForReturnToOrigin, } from './tools/auth/detect.js';
 export type { StorageStateInvalidReason, StorageStateValidationResult, } from './tools/auth/detect.js';
 export { exploreAuth } from './tools/auth/explore.js';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,4BAA4B,EAC5B,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,yBAAyB,EACzB,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1G,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,gCAAgC,EAAE,MAAM,4BAA4B,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACvF,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjF,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,GACnB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,YAAY,EACV,aAAa,EACb,UAAU,EACV,cAAc,EACd,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,QAAQ,EACR,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,SAAS,EACT,cAAc,EACd,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,4BAA4B,EAC5B,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,yBAAyB,EACzB,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1G,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,gCAAgC,EAAE,MAAM,4BAA4B,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACvF,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjF,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,GACnB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,YAAY,EACV,aAAa,EACb,UAAU,EACV,cAAc,EACd,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,QAAQ,EACR,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,oBAAoB,CAAC"}

package/dist/index.js

@@ -1,4 +1,5 @@
 export { analyzeApp } from './analyze.js';
+export { toAgentSummary } from './agent-summary.js';
 export { detectAuth, validateStorageState, evaluateStorageStateValidity, preflightStorageStateFile, waitForReturnToOrigin, } from './tools/auth/detect.js';
 export { exploreAuth } from './tools/auth/explore.js';
 export { addUserProvider, removeUserProvider, listUserProviders } from './tools/auth/custom-providers.js';

package/dist/tools/auth/detect.d.ts

@@ -7,6 +7,14 @@ export interface StorageStateValidationResult {
     reasonCode: StorageStateInvalidReason | 'ok';
     reason: string;
 }
+export declare function pickCredentialFieldName(attrs: {
+    name?: string | null;
+    id?: string | null;
+    autocomplete?: string | null;
+    type?: string | null;
+    placeholder?: string | null;
+    ariaLabel?: string | null;
+}): string;
 export declare function evaluateStorageStateValidity(signals: {
     expectedOrigin: string;
     finalUrl: string;

package/dist/tools/auth/detect.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/detect.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,KAAK,EAAY,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAIzE,MAAM,MAAM,yBAAyB,GACjC,cAAc,GACd,iBAAiB,GACjB,cAAc,GACd,cAAc,GACd,yBAAyB,GACzB,iBAAiB,GACjB,SAAS,CAAC;AAEd,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,yBAAyB,GAAG,IAAI,CAAC;IAC7C,MAAM,EAAE,MAAM,CAAC;CAChB;AAuRD,wBAAgB,4BAA4B,CAAC,OAAO,EAAE;IACpD,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,OAAO,CAAC;CAC9B,GAAG,4BAA4B,CA6B/B;AAOD,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,4BAA4B,GAAG,IAAI,CAAC,CAgD9C;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,EACf,SAAS,SAAQ,GAChB,OAAO,CAAC;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAelD;AAED,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,MAAM,EACX,WAAW,EAAE,MAAM,EACnB,SAAS,SAAQ,GAChB,OAAO,CAAC,4BAA4B,CAAC,CAyDvC;AAED,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,EACX,SAAS,SAAQ,EACjB,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,OAAO,CAAC,YAAY,CAAC,CAqJvB"}
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/detect.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,KAAK,EAAY,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAIzE,MAAM,MAAM,yBAAyB,GACjC,cAAc,GACd,iBAAiB,GACjB,cAAc,GACd,cAAc,GACd,yBAAyB,GACzB,iBAAiB,GACjB,SAAS,CAAC;AAEd,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,yBAAyB,GAAG,IAAI,CAAC;IAC7C,MAAM,EAAE,MAAM,CAAC;CAChB;AA4FD,wBAAgB,uBAAuB,CAAC,KAAK,EAAE;IAC7C,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,GAAG,MAAM,CAgBT;AAiMD,wBAAgB,4BAA4B,CAAC,OAAO,EAAE;IACpD,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,OAAO,CAAC;CAC9B,GAAG,4BAA4B,CA6B/B;AAOD,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,4BAA4B,GAAG,IAAI,CAAC,CAgD9C;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,EACf,SAAS,SAAQ,GAChB,OAAO,CAAC;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAelD;AAED,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,MAAM,EACX,WAAW,EAAE,MAAM,EACnB,SAAS,SAAQ,GAChB,OAAO,CAAC,4BAA4B,CAAC,CAyDvC;AAED,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,EACX,SAAS,SAAQ,EACjB,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,OAAO,CAAC,YAAY,CAAC,CAqJvB"}

package/dist/tools/auth/detect.js

@@ -83,21 +83,45 @@ async function resolveVisibleFieldLabel(page, el) {
     const typ = (await el.getAttribute('type'))?.trim();
     return typ && typ !== 'select' ? typ : 'text';
 }
-async function deriveCredentialFieldName(el) {
-    const name = (await el.getAttribute('name'))?.trim();
+function looksLikeExampleValue(s) {
+    return /@|:\/\//.test(s);
+}
+export function pickCredentialFieldName(attrs) {
+    const name = attrs.name?.trim();
     if (name)
         return name;
-    const placeholder = (await el.getAttribute('placeholder'))?.trim();
-    if (placeholder)
-        return slugify(placeholder);
-    const aria = (await el.getAttribute('aria-label'))?.trim();
-    if (aria)
-        return slugify(aria);
-    const id = (await el.getAttribute('id'))?.trim();
+    const id = attrs.id?.trim();
     if (id)
         return slugify(id);
+    const autocomplete = attrs.autocomplete?.trim().toLowerCase();
+    if (autocomplete === 'username' || autocomplete === 'email')
+        return autocomplete;
+    if (autocomplete === 'current-password' || autocomplete === 'new-password')
+        return 'password';
+    const type = attrs.type?.trim().toLowerCase();
+    if (type === 'email')
+        return 'email';
+    if (type === 'password')
+        return 'password';
+    const placeholder = attrs.placeholder?.trim();
+    if (placeholder && !looksLikeExampleValue(placeholder))
+        return slugify(placeholder);
+    const aria = attrs.ariaLabel?.trim();
+    if (aria && !looksLikeExampleValue(aria))
+        return slugify(aria);
     return 'field';
 }
+async function deriveCredentialFieldName(el) {
+    const [name, id, autocomplete, type, placeholder, ariaLabel] = await Promise.all([
+        el.getAttribute('name'),
+        el.getAttribute('id'),
+        el.getAttribute('autocomplete'),
+        el.getAttribute('type'),
+        el.getAttribute('placeholder'),
+        el.getAttribute('aria-label'),
+    ]);
+    return pickCredentialFieldName({ name, id, autocomplete, type, placeholder, ariaLabel });
+}
 async function buildCredentialFieldsFromVisibleForm(page) {
     const fields = [];
     const seen = new Set();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qulib/core",
-  "version": "0.5.2",
+  "version": "0.6.0",
   "description": "Qulib — analyze deployed web apps for honest quality gaps (CLI + programmatic API)",
   "license": "MIT",
   "author": "Tapesh Nagarwal",
@@ -48,7 +48,7 @@
     "analyze": "tsx src/cli/index.ts analyze",
     "clean": "tsx src/cli/index.ts clean",
     "build": "tsc",
-    "test": "node --import tsx/esm --test src/llm/__tests__/cost-intelligence.test.ts src/llm/__tests__/context-builder.test.ts src/tools/scoring/__tests__/gaps.test.ts src/tools/auth/__tests__/gaps.test.ts src/tools/auth/__tests__/detect.test.ts src/tools/scoring/__tests__/automation-maturity.test.ts src/harness/__tests__/state-manager.test.ts src/telemetry/__tests__/redact-url.test.ts src/cli/__tests__/auth-login.test.ts src/cli/__tests__/cli-version.test.ts src/__tests__/analyze.storage-state-invalid.test.ts src/__tests__/analyze.fixtures.test.ts",
+    "test": "node --import tsx/esm --test src/llm/__tests__/cost-intelligence.test.ts src/llm/__tests__/context-builder.test.ts src/tools/scoring/__tests__/gaps.test.ts src/tools/auth/__tests__/gaps.test.ts src/tools/auth/__tests__/detect.test.ts src/tools/scoring/__tests__/automation-maturity.test.ts src/harness/__tests__/state-manager.test.ts src/telemetry/__tests__/redact-url.test.ts src/cli/__tests__/auth-login.test.ts src/cli/__tests__/cli-version.test.ts src/__tests__/agent-summary.test.ts src/__tests__/cli-agent-summary.test.ts src/__tests__/analyze.storage-state-invalid.test.ts src/__tests__/analyze.fixtures.test.ts",
     "test:integration": "node --import tsx/esm --test src/__tests__/analyze.integration.test.ts",
     "smoke": "tsx src/cli/index.ts analyze --url https://example.com --ephemeral",
     "cost-doctor": "tsx src/cli/index.ts cost doctor"

package/dist/tools/apply-auth.d.ts

@@ -1,4 +0,0 @@
-import type { Browser, BrowserContext } from '@playwright/test';
-import type { AuthConfig } from '../schemas/config.schema.js';
-export declare function createAuthenticatedContext(browser: Browser, auth: AuthConfig | undefined, timeoutMs: number): Promise<BrowserContext>;
-//# sourceMappingURL=apply-auth.d.ts.map

package/dist/tools/apply-auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"apply-auth.d.ts","sourceRoot":"","sources":["../../src/tools/apply-auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEhE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAE9D,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,UAAU,GAAG,SAAS,EAC5B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,cAAc,CAAC,CAsCzB"}

package/dist/tools/apply-auth.js

@@ -1,35 +0,0 @@
-import { resolve } from 'node:path';
-export async function createAuthenticatedContext(browser, auth, timeoutMs) {
-    if (!auth) {
-        return browser.newContext();
-    }
-    if (auth.type === 'storage-state') {
-        const storagePath = resolve(process.cwd(), auth.path);
-        return browser.newContext({ storageState: storagePath });
-    }
-    const context = await browser.newContext();
-    const page = await context.newPage();
-    try {
-        await page.goto(auth.loginUrl, { timeout: timeoutMs, waitUntil: 'domcontentloaded' });
-        await page.fill(auth.selectors.username, auth.credentials.username);
-        await page.fill(auth.selectors.password, auth.credentials.password);
-        await page.click(auth.selectors.submit);
-        const urlFragment = auth.successIndicator.urlContains;
-        if (urlFragment) {
-            await page.waitForURL((url) => url.toString().includes(urlFragment), {
-                timeout: timeoutMs,
-            });
-        }
-        const visibleSelector = auth.successIndicator.selectorVisible;
-        if (visibleSelector) {
-            await page.waitForSelector(visibleSelector, {
-                timeout: timeoutMs,
-                state: 'visible',
-            });
-        }
-    }
-    finally {
-        await page.close();
-    }
-    return context;
-}

package/dist/tools/auth/block-gap.d.ts

@@ -1,9 +0,0 @@
-import type { Gap } from '../../schemas/gap-analysis.schema.js';
-import type { StorageStateInvalidReason } from './detector.js';
-export declare function buildAuthBlockGap(url: string): Gap;
-export declare function buildStorageStateInvalidGap(input: {
-    url: string;
-    reasonCode: StorageStateInvalidReason;
-    reason: string;
-}): Gap;
-//# sourceMappingURL=block-gap.d.ts.map

package/dist/tools/auth/block-gap.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"block-gap.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/block-gap.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,sCAAsC,CAAC;AAChE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,eAAe,CAAC;AAmB/D,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAYlD;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE;IACjD,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,yBAAyB,CAAC;IACtC,MAAM,EAAE,MAAM,CAAC;CAChB,GAAG,GAAG,CAqBN"}

package/dist/tools/auth/block-gap.js

@@ -1,52 +0,0 @@
-function safeOriginAndPath(url) {
-    try {
-        const u = new URL(url);
-        return `${u.origin}${u.pathname}`;
-    }
-    catch {
-        return url;
-    }
-}
-function safeHost(url) {
-    try {
-        return new URL(url).hostname;
-    }
-    catch {
-        return url;
-    }
-}
-export function buildAuthBlockGap(url) {
-    const host = safeHost(url);
-    const safeUrl = safeOriginAndPath(url);
-    return {
-        id: 'auth-block',
-        path: '/',
-        severity: 'critical',
-        category: 'coverage',
-        reason: `Scan blocked by authentication. No authenticated pages were evaluated for ${host}.`,
-        description: 'Scan blocked by authentication. 0 authenticated pages were evaluated.',
-        recommendation: `Run \`qulib auth init --base-url ${safeUrl}\` to capture a storage state, then re-run with --auth storage-state.`,
-    };
-}
-export function buildStorageStateInvalidGap(input) {
-    const host = safeHost(input.url);
-    const safeUrl = safeOriginAndPath(input.url);
-    const recoveryByCode = {
-        'missing-file': `Storage state file was not found. Run \`qulib auth login --base-url ${safeUrl} --out <path>\` (or \`qulib auth init\`) to capture a fresh state, then re-run \`qulib analyze --url ${safeUrl} --auth-storage-state <path>\`.`,
-        'unreadable-file': `Storage state file exists but could not be read. Check file permissions, then re-run \`qulib auth login\` if needed.`,
-        'invalid-json': `Storage state file is not valid JSON. Run \`qulib auth login --base-url ${safeUrl} --out <path>\` again to regenerate it.`,
-        'wrong-origin': `Storage state belongs to a different origin than ${host}. Re-run \`qulib auth login --base-url ${safeUrl}\` against this target and pass the new file to \`qulib analyze\`.`,
-        'expired-or-unauthorized': `The session in the storage state has expired or is unauthorized. Run \`qulib auth login --base-url ${safeUrl}\` to capture a fresh state, then re-run \`qulib analyze --url ${safeUrl} --auth-storage-state <path>\`.`,
-        'no-auth-cookies': `Storage state file contains no cookies or localStorage entries — it is effectively empty. Run \`qulib auth login --base-url ${safeUrl}\` to capture a real session.`,
-        unknown: `Storage state could not be validated. Try \`qulib auth login --base-url ${safeUrl}\` again, and verify the file was saved on the same origin.`,
-    };
-    return {
-        id: 'storage-state-invalid',
-        path: '/',
-        severity: 'critical',
-        category: 'coverage',
-        reason: `Authenticated scan could not continue because the provided storage state is invalid for ${host}. Reason: ${input.reasonCode} — ${input.reason}.`,
-        description: `Storage state validation failed before crawling. The session was checked against ${host} and rejected with reason code "${input.reasonCode}".`,
-        recommendation: recoveryByCode[input.reasonCode],
-    };
-}

package/dist/tools/auth/detector.d.ts

@@ -1,23 +0,0 @@
-import type { Page } from '@playwright/test';
-import type { DetectedAuth } from '../../schemas/config.schema.js';
-import type { AnalyzeProgressSink } from '../../harness/progress-log.js';
-export type StorageStateInvalidReason = 'missing-file' | 'unreadable-file' | 'invalid-json' | 'wrong-origin' | 'expired-or-unauthorized' | 'no-auth-cookies' | 'unknown';
-export interface StorageStateValidationResult {
-    valid: boolean;
-    reasonCode: StorageStateInvalidReason | 'ok';
-    reason: string;
-}
-export declare function evaluateStorageStateValidity(signals: {
-    expectedOrigin: string;
-    finalUrl: string;
-    visiblePasswordCount: number;
-    hadUnauthorizedHttp: boolean;
-}): StorageStateValidationResult;
-export declare function preflightStorageStateFile(storagePath: string): Promise<StorageStateValidationResult | null>;
-export declare function waitForReturnToOrigin(page: Page, baseUrl: string, timeoutMs?: number): Promise<{
-    returned: boolean;
-    finalUrl: string;
-}>;
-export declare function validateStorageState(url: string, storagePath: string, timeoutMs?: number): Promise<StorageStateValidationResult>;
-export declare function detectAuth(url: string, timeoutMs?: number, progress?: AnalyzeProgressSink): Promise<DetectedAuth>;
-//# sourceMappingURL=detector.d.ts.map

package/dist/tools/auth/detector.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"detector.d.ts","sourceRoot":"","sources":["../../../src/tools/auth/detector.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,KAAK,EAAY,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAIzE,MAAM,MAAM,yBAAyB,GACjC,cAAc,GACd,iBAAiB,GACjB,cAAc,GACd,cAAc,GACd,yBAAyB,GACzB,iBAAiB,GACjB,SAAS,CAAC;AAEd,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,yBAAyB,GAAG,IAAI,CAAC;IAC7C,MAAM,EAAE,MAAM,CAAC;CAChB;AAsQD,wBAAgB,4BAA4B,CAAC,OAAO,EAAE;IACpD,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,OAAO,CAAC;CAC9B,GAAG,4BAA4B,CA6B/B;AAOD,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,4BAA4B,GAAG,IAAI,CAAC,CAgD9C;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,EACf,SAAS,SAAQ,GAChB,OAAO,CAAC;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAelD;AAED,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,MAAM,EACX,WAAW,EAAE,MAAM,EACnB,SAAS,SAAQ,GAChB,OAAO,CAAC,4BAA4B,CAAC,CAyDvC;AAED,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,EACX,SAAS,SAAQ,EACjB,QAAQ,CAAC,EAAE,mBAAmB,GAC7B,OAAO,CAAC,YAAY,CAAC,CAqJvB"}