npm - @riddledc/riddle-proof - Versions diffs - 0.7.116 → 0.7.118 - Mend

@riddledc/riddle-proof 0.7.116 → 0.7.118

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +31 -4
package/examples/profiles/handled-recovery-action-malformed-success.json +126 -0
package/examples/profiles/handled-recovery-list-load.json +95 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -198,10 +198,37 @@ generic inline-script warning threshold. Use `--strict=true` when you
 deliberately want Riddle's non-critical script-safety warnings to block the run.
 Critical script-safety violations remain blocked by Riddle either way.
-The package includes a generic starter profile at
-`examples/profiles/page-content-basic.json`; copy that shape into a repository
-profile directory and replace the selector/text checks with app-specific
-invariants.
+The package includes generic starter profiles:
+- `examples/profiles/page-content-basic.json` for route/content/layout smoke profiles.
+- `examples/profiles/route-inventory-basic.json` for source-link and direct-route audits.
+- `examples/profiles/handled-recovery-list-load.json` for malformed list-load recovery profiles.
+- `examples/profiles/handled-recovery-action-malformed-success.json` for action recovery profiles where the request succeeds at HTTP level but returns an unusable body.
+Copy one of those shapes into a repository profile directory and replace the
+routes, selectors, mock URLs, and text checks with app-specific invariants.
+For handled recovery profiles, prefer proving the whole boundary instead of
+only checking that an error message appears. Mock one dependent endpoint into a
+malformed or failed response, keep independent endpoints healthy, and assert
+that the page still renders the independent evidence. Capture a setup
+screenshot immediately after the recovery state appears, before high-risk
+absence assertions, so failing runs keep durable visual evidence. Then reject
+raw parser text such as `SyntaxError`, `Expected property name`, and
+`[object Object]`; reject contradictory empty-state copy such as `No items yet`
+when the list failed to load; and keep `no_fatal_console_errors` plus
+`no_console_warnings` in the final checks. This pattern catches both visible
+recovery-quality bugs and hidden browser-health debt without requiring a
+separate CI or wrapper-specific path.
+For handled action recovery profiles, assert the action itself as well as the
+recovery UI. Capture the request body when the action payload matters, preserve
+the surrounding page state, and reject the success modal, toast, or row that
+would imply the action completed. A useful malformed-success profile returns a
+successful HTTP status with an invalid JSON body, waits for one generic failure
+message, captures a recovery screenshot, and keeps parser text plus browser
+console/page errors out of the final proof. This catches action paths that look
+recovered to a user but still poison the browser evidence stream.
 Checks normally apply to every captured viewport. Add `viewports` (or
 `viewport_names`) to a check when responsive UI intentionally exposes an

package/examples/profiles/handled-recovery-action-malformed-success.json ADDED Viewed

@@ -0,0 +1,126 @@
+{
+  "version": "riddle-proof.profile.v1",
+  "name": "handled-recovery-action-malformed-success",
+  "target": {
+    "route": "/account",
+    "viewports": [
+      { "name": "mobile", "width": 390, "height": 844 },
+      { "name": "tablet", "width": 820, "height": 1180 },
+      { "name": "desktop", "width": 1440, "height": 1000 }
+    ],
+    "timeout_sec": 300,
+    "wait_ms": 800,
+    "network_mocks": [
+      {
+        "label": "account-summary",
+        "url": "**/api/account/summary",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "json": {
+          "available_time": "4h 0m",
+          "active_jobs": 2
+        }
+      },
+      {
+        "label": "recent-jobs",
+        "url": "**/api/jobs?limit=10",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "json": {
+          "jobs": [
+            {
+              "id": "job_action_template_survives",
+              "status": "completed"
+            }
+          ]
+        }
+      },
+      {
+        "label": "existing-api-keys",
+        "url": "**/api/api-keys",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "json": {
+          "keys": [
+            {
+              "id": "key_action_template_existing",
+              "name": "Existing action template key",
+              "last4": "0001",
+              "status": "active"
+            }
+          ]
+        }
+      },
+      {
+        "label": "create-api-key-malformed-success",
+        "url": "**/api/api-keys",
+        "method": "POST",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "max_hit_count": 3,
+        "capture_request_body": true,
+        "request_body_contains": ["Action template malformed success key"],
+        "body": "{not valid create success json"
+      }
+    ],
+    "setup_actions": [
+      { "type": "clear_storage", "storage": "both", "reload": true },
+      { "type": "wait_for_selector", "selector": "[data-testid='account-page']", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "4h 0m", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "job_action_template_survives", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "Existing action template key", "timeout_ms": 30000 },
+      { "type": "fill", "selector": "[data-testid='new-key-name']", "value": "Action template malformed success key" },
+      { "type": "clear_console" },
+      { "type": "screenshot", "label": "before-malformed-success-action" },
+      { "type": "click", "selector": "[data-testid='create-key-button']", "text": "Create API key" },
+      { "type": "wait_for_text", "selector": "body", "text": "Failed to create API key", "timeout_ms": 30000 },
+      { "type": "assert_text_visible", "selector": "body", "text": "Existing action template key", "timeout_ms": 5000 },
+      { "type": "assert_text_visible", "selector": "body", "text": "Active", "timeout_ms": 5000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "API Key Created!", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "Expected property name", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "SyntaxError", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "[object Object]", "timeout_ms": 1000 },
+      { "type": "screenshot", "label": "malformed-success-action-visible-recovery" }
+    ]
+  },
+  "checks": [
+    { "type": "route_loaded", "expected_path": "/account" },
+    { "type": "selector_visible", "selector": "[data-testid='account-page']" },
+    { "type": "selector_visible", "selector": "[data-testid='api-key-create-error']" },
+    { "type": "text_visible", "text": "4h 0m" },
+    { "type": "text_visible", "text": "2 active" },
+    { "type": "text_visible", "text": "job_action_template_survives" },
+    { "type": "text_visible", "text": "Existing action template key" },
+    { "type": "text_visible", "text": "Failed to create API key" },
+    { "type": "text_visible", "text": "Active" },
+    { "type": "text_absent", "text": "API Key Created!" },
+    { "type": "text_absent", "text": "Expected property name" },
+    { "type": "text_absent", "text": "SyntaxError" },
+    { "type": "text_absent", "text": "[object Object]" },
+    { "type": "text_absent", "text": "Application error" },
+    { "type": "selector_count_equals", "selector": "[data-testid='api-key-create-error']", "expected_count": 1 },
+    { "type": "selector_count_equals", "selector": "[data-testid='recent-job-row']", "expected_count": 1 },
+    { "type": "selector_count_equals", "selector": "[data-testid='api-key-row']", "expected_count": 1 },
+    { "type": "selector_count_equals", "selector": "[data-testid='created-key-modal']", "expected_count": 0 },
+    { "type": "no_horizontal_overflow", "max_overflow_px": 1 },
+    { "type": "no_fatal_console_errors" },
+    { "type": "no_console_warnings" }
+  ],
+  "artifacts": ["screenshot", "console", "dom_summary", "proof_json"],
+  "baseline_policy": "invariant_only",
+  "failure_policy": {
+    "environment_blocked": "neutral",
+    "proof_insufficient": "fail",
+    "product_regression": "fail"
+  },
+  "metadata": {
+    "purpose": "Template for handled malformed action-success recovery: prove surrounding state still renders, the failed action shows one recovery message, success UI and raw parser text stay absent, the action request body is captured, and browser console evidence remains clean."
+  }
+}

package/examples/profiles/handled-recovery-list-load.json ADDED Viewed

@@ -0,0 +1,95 @@
+{
+  "version": "riddle-proof.profile.v1",
+  "name": "handled-recovery-list-load",
+  "target": {
+    "route": "/account",
+    "viewports": [
+      { "name": "mobile", "width": 390, "height": 844 },
+      { "name": "tablet", "width": 820, "height": 1180 },
+      { "name": "desktop", "width": 1440, "height": 1000 }
+    ],
+    "timeout_sec": 300,
+    "wait_ms": 800,
+    "network_mocks": [
+      {
+        "label": "account-summary",
+        "url": "**/api/account/summary",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "json": {
+          "available_time": "4h 0m",
+          "active_jobs": 2
+        }
+      },
+      {
+        "label": "recent-jobs",
+        "url": "**/api/jobs?limit=10",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "json": {
+          "jobs": [
+            {
+              "id": "job_recovery_template_survives",
+              "status": "completed"
+            }
+          ]
+        }
+      },
+      {
+        "label": "saved-items-malformed-load",
+        "url": "**/api/saved-items",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "body": "{not valid saved items json"
+      }
+    ],
+    "setup_actions": [
+      { "type": "clear_storage", "storage": "both", "reload": true },
+      { "type": "wait_for_selector", "selector": "[data-testid='account-page']", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "4h 0m", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "job_recovery_template_survives", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "Failed to load saved items", "timeout_ms": 30000 },
+      { "type": "screenshot", "label": "saved-items-malformed-load-visible-recovery" },
+      { "type": "assert_text_absent", "selector": "body", "text": "No saved items yet", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "Expected property name", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "SyntaxError", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "[object Object]", "timeout_ms": 1000 }
+    ]
+  },
+  "checks": [
+    { "type": "route_loaded", "expected_path": "/account" },
+    { "type": "selector_visible", "selector": "[data-testid='account-page']" },
+    { "type": "selector_visible", "selector": "[data-testid='saved-items-error']" },
+    { "type": "text_visible", "text": "4h 0m" },
+    { "type": "text_visible", "text": "2 active" },
+    { "type": "text_visible", "text": "job_recovery_template_survives" },
+    { "type": "text_visible", "text": "Failed to load saved items" },
+    { "type": "text_absent", "text": "No saved items yet" },
+    { "type": "text_absent", "text": "Expected property name" },
+    { "type": "text_absent", "text": "SyntaxError" },
+    { "type": "text_absent", "text": "[object Object]" },
+    { "type": "text_absent", "text": "Application error" },
+    { "type": "selector_count_equals", "selector": "[data-testid='saved-items-error']", "expected_count": 1 },
+    { "type": "selector_count_equals", "selector": "[data-testid='recent-job-row']", "expected_count": 1 },
+    { "type": "selector_count_equals", "selector": "[data-testid='saved-item-row']", "expected_count": 0 },
+    { "type": "no_horizontal_overflow", "max_overflow_px": 1 },
+    { "type": "no_fatal_console_errors" },
+    { "type": "no_console_warnings" }
+  ],
+  "artifacts": ["screenshot", "console", "dom_summary", "proof_json"],
+  "baseline_policy": "invariant_only",
+  "failure_policy": {
+    "environment_blocked": "neutral",
+    "proof_insufficient": "fail",
+    "product_regression": "fail"
+  },
+  "metadata": {
+    "purpose": "Template for handled malformed list-load recovery: prove independent page data still renders, the failed list shows one recovery message, contradictory empty-state copy and raw parser text stay absent, and browser console evidence remains clean."
+  }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@riddledc/riddle-proof",
-  "version": "0.7.116",
+  "version": "0.7.118",
   "description": "Reusable Riddle Proof contracts and helpers for evidence-backed agent changes.",
   "license": "MIT",
   "author": "RiddleDC",