@riddledc/riddle-proof 0.7.126 → 0.7.127

package/dist/cli.cjs

@@ -7076,6 +7076,9 @@ function valueFromOwn(input, ...keys) {
 function numberValue(value) {
   return typeof value === "number" && Number.isFinite(value) ? value : void 0;
 }
+function booleanValue(value) {
+  return typeof value === "boolean" ? value : void 0;
+}
 function horizontalBoundsOverflowPx(value) {
   if (!isRecord(value)) return 0;
   let max = maxPositiveNumber(
@@ -7170,6 +7173,156 @@ function toJsonValue(value) {
   if (isRecord(value)) return Object.fromEntries(Object.entries(value).map(([key, child]) => [key, toJsonValue(child)]));
   return String(value);
 }
+function jsonValueType(value) {
+  if (value === null) return "null";
+  if (Array.isArray(value)) return "array";
+  if (typeof value === "boolean") return "boolean";
+  if (typeof value === "number") return "number";
+  if (typeof value === "string") return "string";
+  return "object";
+}
+function deepJsonEqual(left, right) {
+  if (left === right) return true;
+  if (typeof left !== typeof right) return false;
+  if (left === null || right === null) return left === right;
+  if (typeof left !== "object" || typeof right !== "object") return false;
+  if (Array.isArray(left) || Array.isArray(right)) {
+    if (!Array.isArray(left) || !Array.isArray(right) || left.length !== right.length) return false;
+    return left.every((item, index) => deepJsonEqual(item, right[index]));
+  }
+  if (!isRecord(left) || !isRecord(right)) return false;
+  const leftKeys = Object.keys(left).sort();
+  const rightKeys = Object.keys(right).sort();
+  if (!deepJsonEqual(leftKeys, rightKeys)) return false;
+  return leftKeys.every((key) => deepJsonEqual(left[key], right[key]));
+}
+function jsonContains(observed, expected) {
+  if (typeof observed === "string" && typeof expected === "string") {
+    return observed.includes(expected);
+  }
+  if (Array.isArray(observed)) {
+    return observed.some((item) => deepJsonEqual(item, expected));
+  }
+  if (isRecord(observed) && isRecord(expected)) {
+    return Object.entries(expected).every(([key, value]) => hasOwn(observed, key) && deepJsonEqual(observed[key], value));
+  }
+  return false;
+}
+function parseJsonPathSegments(path7) {
+  let input = path7.trim();
+  if (!input) throw new Error("path is empty");
+  if (input === "$") return [];
+  if (input.startsWith("$.")) input = input.slice(2);
+  else if (input.startsWith("$[")) input = input.slice(1);
+  const segments = [];
+  let token = "";
+  const pushToken = () => {
+    if (!token) return;
+    segments.push(token);
+    token = "";
+  };
+  for (let index = 0; index < input.length; index += 1) {
+    const char = input[index];
+    if (char === ".") {
+      pushToken();
+      continue;
+    }
+    if (char !== "[") {
+      token += char;
+      continue;
+    }
+    pushToken();
+    const closeIndex = input.indexOf("]", index + 1);
+    if (closeIndex === -1) throw new Error(`unterminated bracket at ${index}`);
+    const bracket = input.slice(index + 1, closeIndex).trim();
+    if (!bracket) throw new Error(`empty bracket at ${index}`);
+    if (/^\d+$/.test(bracket)) {
+      segments.push(Number(bracket));
+    } else if (bracket.startsWith('"') && bracket.endsWith('"') || bracket.startsWith("'") && bracket.endsWith("'")) {
+      const quoted = bracket.startsWith("'") ? `"${bracket.slice(1, -1).replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"` : bracket;
+      segments.push(String(JSON.parse(quoted)));
+    } else {
+      segments.push(bracket);
+    }
+    index = closeIndex;
+  }
+  pushToken();
+  return segments;
+}
+function resolveJsonPath(root, path7) {
+  let segments;
+  try {
+    segments = parseJsonPathSegments(path7);
+  } catch (error) {
+    return { exists: false, error: String(error instanceof Error ? error.message : error) };
+  }
+  let current = root;
+  for (const segment of segments) {
+    if (typeof segment === "number") {
+      if (!Array.isArray(current) || segment < 0 || segment >= current.length) return { exists: false };
+      current = current[segment];
+      continue;
+    }
+    if (!isRecord(current) || !hasOwn(current, segment)) return { exists: false };
+    current = current[segment];
+  }
+  return { exists: true, value: current };
+}
+function evaluateHttpStatusBodyJsonAssertion(root, assertion) {
+  const resolved = resolveJsonPath(root, assertion.path);
+  const errors = [];
+  const result = {
+    label: assertion.label || assertion.path,
+    path: assertion.path,
+    ok: true,
+    exists: resolved.exists,
+    observed_type: resolved.exists ? jsonValueType(resolved.value) : "missing"
+  };
+  if (resolved.exists) result.observed = toJsonValue(resolved.value);
+  if (resolved.error) errors.push(resolved.error);
+  if (hasOwn(assertion, "exists")) {
+    result.expected_exists = assertion.exists;
+    if (resolved.exists !== assertion.exists) errors.push(`expected exists=${assertion.exists}`);
+  }
+  if (hasOwn(assertion, "type")) {
+    result.type = assertion.type;
+    if (!resolved.exists || jsonValueType(resolved.value) !== assertion.type) errors.push(`expected type ${assertion.type}`);
+  }
+  if (hasOwn(assertion, "equals")) {
+    result.equals = assertion.equals;
+    if (!resolved.exists || !deepJsonEqual(resolved.value, assertion.equals)) errors.push("expected JSON value equality");
+  }
+  if (hasOwn(assertion, "not_equals")) {
+    result.not_equals = assertion.not_equals;
+    if (resolved.exists && deepJsonEqual(resolved.value, assertion.not_equals)) errors.push("expected JSON value inequality");
+  }
+  if (hasOwn(assertion, "contains")) {
+    result.contains = assertion.contains;
+    if (!resolved.exists || !jsonContains(resolved.value, assertion.contains)) errors.push("expected JSON value containment");
+  }
+  result.ok = errors.length === 0;
+  if (errors.length) result.errors = errors;
+  return result;
+}
+function evaluateHttpStatusBodyJsonAssertions(bodyText, assertions) {
+  const expected = assertions?.filter((assertion) => assertion.path) ?? [];
+  if (!expected.length) return [];
+  let parsed;
+  try {
+    parsed = JSON.parse(bodyText);
+  } catch (error) {
+    const message = `response body is not valid JSON: ${String(error instanceof Error ? error.message : error).slice(0, 200)}`;
+    return expected.map((assertion) => ({
+      label: assertion.label || assertion.path,
+      path: assertion.path,
+      ok: false,
+      exists: false,
+      observed_type: "missing",
+      errors: [message]
+    }));
+  }
+  return expected.map((assertion) => evaluateHttpStatusBodyJsonAssertion(parsed, assertion));
+}
 function compactProfileSetupSummaryText(value, limit = 160) {
   const text = typeof value === "string" ? value.replace(/\s+/g, " ").trim() : "";
   if (!text) return void 0;
@@ -7824,6 +7977,46 @@ function validateRegexPatterns(patterns, label) {
     }
   }
 }
+function normalizeHttpStatusBodyJsonAssertions(value, label) {
+  if (value === void 0) return void 0;
+  if (!Array.isArray(value)) throw new Error(`${label} must be an array.`);
+  if (!value.length) throw new Error(`${label} must not be empty.`);
+  return value.map((item, index) => {
+    const itemLabel = `${label}[${index}]`;
+    if (typeof item === "string") {
+      const path8 = stringValue2(item);
+      if (!path8) throw new Error(`${itemLabel} path must not be empty.`);
+      return { path: path8, exists: true };
+    }
+    if (!isRecord(item)) throw new Error(`${itemLabel} must be an object or JSON path string.`);
+    const path7 = stringFromOwn(item, "path", "json_path", "jsonPath", "key");
+    if (!path7) throw new Error(`${itemLabel}.path is required.`);
+    const assertion = {
+      label: stringValue2(item.label),
+      path: path7
+    };
+    const exists = booleanValue(valueFromOwn(item, "exists", "present"));
+    if (exists !== void 0) assertion.exists = exists;
+    const type = stringValue2(valueFromOwn(item, "type", "value_type", "valueType"));
+    if (type !== void 0) {
+      const allowedTypes = ["array", "boolean", "null", "number", "object", "string"];
+      if (!allowedTypes.includes(type)) {
+        throw new Error(`${itemLabel}.type must be one of ${allowedTypes.join(", ")}.`);
+      }
+      assertion.type = type;
+    }
+    const equalsValue = valueFromOwn(item, "equals", "expected", "expected_value", "expectedValue", "value");
+    if (equalsValue !== void 0) assertion.equals = toJsonValue(equalsValue);
+    const notEqualsValue = valueFromOwn(item, "not_equals", "notEquals", "forbidden", "forbidden_value", "forbiddenValue");
+    if (notEqualsValue !== void 0) assertion.not_equals = toJsonValue(notEqualsValue);
+    const containsValue = valueFromOwn(item, "contains", "includes", "contains_value", "containsValue", "include");
+    if (containsValue !== void 0) assertion.contains = toJsonValue(containsValue);
+    if (assertion.exists === void 0 && assertion.type === void 0 && !hasOwn(assertion, "equals") && !hasOwn(assertion, "not_equals") && !hasOwn(assertion, "contains")) {
+      assertion.exists = true;
+    }
+    return assertion;
+  });
+}
 function isDialogCountCheckType(type) {
   return type === "dialog_count_equals" || type === "dialog_accept_count_equals" || type === "dialog_dismiss_count_equals";
 }
@@ -7923,6 +8116,10 @@ function normalizeCheck(input, index) {
     `checks[${index}] body_not_patterns`
   ) : void 0;
   if (bodyNotPatterns?.length) validateRegexPatterns(bodyNotPatterns, `checks[${index}] body_not_patterns`);
+  const bodyJsonAssertions = isHttpStatusCheck ? normalizeHttpStatusBodyJsonAssertions(
+    input.body_json_assertions ?? input.bodyJsonAssertions ?? input.json_body_assertions ?? input.jsonBodyAssertions ?? input.json_assertions ?? input.jsonAssertions ?? input.response_json_assertions ?? input.responseJsonAssertions,
+    `checks[${index}] body_json_assertions`
+  ) : void 0;
   if (isLinkStatusCheck) {
     if (minCount !== void 0 && (!Number.isInteger(minCount) || minCount < 0)) {
       throw new Error(`checks[${index}] ${type} min_count must be a non-negative integer.`);
@@ -7948,6 +8145,7 @@ function normalizeCheck(input, index) {
     body_contains: bodyContains,
     body_not_contains: bodyNotContains,
     body_not_patterns: bodyNotPatterns,
+    body_json_assertions: bodyJsonAssertions,
     expected_texts: expectedTexts,
     link_selector: stringValue2(input.link_selector) || stringValue2(input.linkSelector),
     source_selector: stringValue2(input.source_selector) || stringValue2(input.sourceSelector),
@@ -8154,6 +8352,34 @@ function httpStatusBodyNotPatternFailures(result, check) {
   const observed = isRecord(result.body_not_patterns) ? result.body_not_patterns : {};
   return forbidden.filter((pattern) => observed[pattern] !== false);
 }
+function httpStatusBodyJsonAssertionFailures(result, check) {
+  const expected = check.body_json_assertions?.filter((assertion) => assertion.path) ?? [];
+  if (!expected.length) return [];
+  if (!Array.isArray(result.body_json_assertions)) {
+    return expected.map((assertion) => ({
+      label: assertion.label || assertion.path,
+      path: assertion.path,
+      ok: false,
+      exists: false,
+      observed_type: "missing",
+      errors: ["body_json_assertions evidence missing"]
+    }));
+  }
+  return result.body_json_assertions.filter((assertion) => isRecord(assertion) && assertion.ok !== true).map((assertion) => ({
+    label: stringValue2(assertion.label) || stringValue2(assertion.path) || "json assertion",
+    path: stringValue2(assertion.path) || "",
+    ok: false,
+    exists: assertion.exists === true,
+    observed: hasOwn(assertion, "observed") ? toJsonValue(assertion.observed) : void 0,
+    observed_type: stringValue2(assertion.observed_type) || "missing",
+    expected_exists: booleanValue(assertion.expected_exists),
+    equals: hasOwn(assertion, "equals") ? toJsonValue(assertion.equals) : void 0,
+    not_equals: hasOwn(assertion, "not_equals") ? toJsonValue(assertion.not_equals) : void 0,
+    contains: hasOwn(assertion, "contains") ? toJsonValue(assertion.contains) : void 0,
+    type: stringValue2(assertion.type),
+    errors: Array.isArray(assertion.errors) ? assertion.errors.map(String) : void 0
+  }));
+}
 function linkStatusResultOk(result, check) {
   const status = numberValue(result.status);
   if (!httpStatusIsAllowed(status, check)) return false;
@@ -8171,6 +8397,7 @@ function linkStatusResultOk(result, check) {
   if (httpStatusBodyContainsFailures(result, check).length) return false;
   if (httpStatusBodyNotContainsFailures(result, check).length) return false;
   if (httpStatusBodyNotPatternFailures(result, check).length) return false;
+  if (httpStatusBodyJsonAssertionFailures(result, check).length) return false;
   return true;
 }
 function responseHeader(response, name) {
@@ -8239,7 +8466,7 @@ async function preflightHttpStatusCheck(check, index, targetUrl, fetchImpl) {
     statusText = typeof response.statusText === "string" ? response.statusText : "";
     result.content_type = responseHeader(response, "content-type");
     result.content_length = responseContentLength(response);
-    const shouldReadBody = check.require_nonzero_bytes === true || typeof check.min_bytes === "number" || Boolean(check.body_contains?.length) || Boolean(check.body_not_contains?.length) || Boolean(check.body_not_patterns?.length);
+    const shouldReadBody = check.require_nonzero_bytes === true || typeof check.min_bytes === "number" || Boolean(check.body_contains?.length) || Boolean(check.body_not_contains?.length) || Boolean(check.body_not_patterns?.length) || Boolean(check.body_json_assertions?.length);
     if (shouldReadBody && method !== "HEAD") {
       const body = await responseBodyText(response);
       result.bytes = body.bytes;
@@ -8252,6 +8479,9 @@ async function preflightHttpStatusCheck(check, index, targetUrl, fetchImpl) {
       if (check.body_not_patterns?.length) {
         result.body_not_patterns = Object.fromEntries(check.body_not_patterns.filter(Boolean).map((pattern) => [pattern, new RegExp(pattern).test(body.text)]));
       }
+      if (check.body_json_assertions?.length) {
+        result.body_json_assertions = evaluateHttpStatusBodyJsonAssertions(body.text, check.body_json_assertions);
+      }
     }
   } catch (caught) {
     error = String(caught instanceof Error ? caught.message : caught).slice(0, 500);
@@ -8260,6 +8490,7 @@ async function preflightHttpStatusCheck(check, index, targetUrl, fetchImpl) {
   const bodyContainsMissing = httpStatusBodyContainsFailures(result, check);
   const bodyNotContainsFound = httpStatusBodyNotContainsFailures(result, check);
   const bodyNotPatternsFound = httpStatusBodyNotPatternFailures(result, check);
+  const bodyJsonAssertionsFailed = httpStatusBodyJsonAssertionFailures(result, check);
   const ok = !error && linkStatusResultOk(result, check);
   return {
     index,
@@ -8278,7 +8509,9 @@ async function preflightHttpStatusCheck(check, index, targetUrl, fetchImpl) {
     body_not_contains: isRecord(result.body_not_contains) ? Object.fromEntries(Object.entries(result.body_not_contains).map(([key, value]) => [key, value === true])) : null,
     body_not_contains_found: bodyNotContainsFound,
     body_not_patterns: isRecord(result.body_not_patterns) ? Object.fromEntries(Object.entries(result.body_not_patterns).map(([key, value]) => [key, value === true])) : null,
-    body_not_patterns_found: bodyNotPatternsFound
+    body_not_patterns_found: bodyNotPatternsFound,
+    body_json_assertions: Array.isArray(result.body_json_assertions) ? result.body_json_assertions : null,
+    body_json_assertions_failed: bodyJsonAssertionsFailed
   };
 }
 async function preflightRiddleProofProfileHttpStatusChecks(profile, options = {}) {
@@ -8323,6 +8556,7 @@ function summarizeHttpStatusEvidence(viewport, check) {
   const bodyContainsMissing = httpStatusBodyContainsFailures(statusEvidence, check);
   const bodyNotContainsFound = httpStatusBodyNotContainsFailures(statusEvidence, check);
   const bodyNotPatternsFound = httpStatusBodyNotPatternFailures(statusEvidence, check);
+  const bodyJsonAssertionsFailed = httpStatusBodyJsonAssertionFailures(statusEvidence, check);
   if (!linkStatusResultOk(statusEvidence, check)) {
     failures.push({
       code: "http_status_failed",
@@ -8341,6 +8575,8 @@ function summarizeHttpStatusEvidence(viewport, check) {
       body_not_contains_found: bodyNotContainsFound,
       body_not_patterns: check.body_not_patterns ?? null,
       body_not_patterns_found: bodyNotPatternsFound,
+      body_json_assertions: check.body_json_assertions ?? null,
+      body_json_assertions_failed: bodyJsonAssertionsFailed.map((assertion) => toJsonValue(assertion)),
       body_sample: stringValue2(statusEvidence.body_sample) ?? null
     });
   }
@@ -8362,6 +8598,8 @@ function summarizeHttpStatusEvidence(viewport, check) {
     body_not_contains_found: bodyNotContainsFound,
     body_not_patterns: isRecord(statusEvidence.body_not_patterns) ? toJsonValue(statusEvidence.body_not_patterns) : null,
     body_not_patterns_found: bodyNotPatternsFound,
+    body_json_assertions: Array.isArray(statusEvidence.body_json_assertions) ? toJsonValue(statusEvidence.body_json_assertions) : null,
+    body_json_assertions_failed: bodyJsonAssertionsFailed.map((assertion) => toJsonValue(assertion)),
     body_sample: stringValue2(statusEvidence.body_sample) ?? null,
     failures
   };
@@ -8998,6 +9236,7 @@ function assessCheckFromEvidence(check, evidence) {
         body_contains: check.body_contains ?? [],
         body_not_contains: check.body_not_contains ?? [],
         body_not_patterns: check.body_not_patterns ?? [],
+        body_json_assertions: toJsonValue(check.body_json_assertions ?? []),
         viewports: summaries.map((summary) => toJsonValue(summary)),
         failures: failed.flatMap((summary) => Array.isArray(summary.failures) ? summary.failures.map((failure) => toJsonValue({ viewport: stringValue2(summary.viewport) ?? null, failure })) : [])
       },
@@ -9725,6 +9964,36 @@ function httpStatusBodyNotPatternFailures(result, check) {
     : {};
   return forbidden.filter((pattern) => observed[pattern] !== false);
 }
+function httpStatusBodyJsonAssertionFailures(result, check) {
+  const expected = Array.isArray(check.body_json_assertions) ? check.body_json_assertions.filter((assertion) => assertion && assertion.path) : [];
+  if (!expected.length) return [];
+  if (!Array.isArray(result.body_json_assertions)) {
+    return expected.map((assertion) => ({
+      label: assertion.label || assertion.path,
+      path: assertion.path,
+      ok: false,
+      exists: false,
+      observed_type: "missing",
+      errors: ["body_json_assertions evidence missing"],
+    }));
+  }
+  return result.body_json_assertions
+    .filter((assertion) => assertion && typeof assertion === "object" && assertion.ok !== true)
+    .map((assertion) => ({
+      label: typeof assertion.label === "string" && assertion.label ? assertion.label : typeof assertion.path === "string" && assertion.path ? assertion.path : "json assertion",
+      path: typeof assertion.path === "string" ? assertion.path : "",
+      ok: false,
+      exists: assertion.exists === true,
+      observed: Object.hasOwn(assertion, "observed") ? assertion.observed : undefined,
+      observed_type: typeof assertion.observed_type === "string" && assertion.observed_type ? assertion.observed_type : "missing",
+      expected_exists: typeof assertion.expected_exists === "boolean" ? assertion.expected_exists : undefined,
+      equals: Object.hasOwn(assertion, "equals") ? assertion.equals : undefined,
+      not_equals: Object.hasOwn(assertion, "not_equals") ? assertion.not_equals : undefined,
+      contains: Object.hasOwn(assertion, "contains") ? assertion.contains : undefined,
+      type: typeof assertion.type === "string" ? assertion.type : undefined,
+      errors: Array.isArray(assertion.errors) ? assertion.errors.map(String) : undefined,
+    }));
+}
 function linkStatusResultOk(result, check) {
   if (!result || typeof result !== "object" || Array.isArray(result)) return false;
   if (!httpStatusIsAllowed(result.status, check)) return false;
@@ -9742,6 +10011,7 @@ function linkStatusResultOk(result, check) {
   if (httpStatusBodyContainsFailures(result, check).length) return false;
   if (httpStatusBodyNotContainsFailures(result, check).length) return false;
   if (httpStatusBodyNotPatternFailures(result, check).length) return false;
+  if (httpStatusBodyJsonAssertionFailures(result, check).length) return false;
   return true;
 }
 function summarizeHttpStatusEvidence(viewport, check) {
@@ -9762,6 +10032,7 @@ function summarizeHttpStatusEvidence(viewport, check) {
   const bodyContainsMissing = httpStatusBodyContainsFailures(statusEvidence, check);
   const bodyNotContainsFound = httpStatusBodyNotContainsFailures(statusEvidence, check);
   const bodyNotPatternsFound = httpStatusBodyNotPatternFailures(statusEvidence, check);
+  const bodyJsonAssertionsFailed = httpStatusBodyJsonAssertionFailures(statusEvidence, check);
   if (!linkStatusResultOk(statusEvidence, check)) {
     failures.push({
       code: "http_status_failed",
@@ -9780,6 +10051,8 @@ function summarizeHttpStatusEvidence(viewport, check) {
       body_not_contains_found: bodyNotContainsFound,
       body_not_patterns: Array.isArray(check.body_not_patterns) ? check.body_not_patterns : null,
       body_not_patterns_found: bodyNotPatternsFound,
+      body_json_assertions: Array.isArray(check.body_json_assertions) ? check.body_json_assertions : null,
+      body_json_assertions_failed: bodyJsonAssertionsFailed,
       body_sample: typeof statusEvidence.body_sample === "string" ? statusEvidence.body_sample : null,
     });
   }
@@ -9807,6 +10080,8 @@ function summarizeHttpStatusEvidence(viewport, check) {
       ? statusEvidence.body_not_patterns
       : null,
     body_not_patterns_found: bodyNotPatternsFound,
+    body_json_assertions: Array.isArray(statusEvidence.body_json_assertions) ? statusEvidence.body_json_assertions : null,
+    body_json_assertions_failed: bodyJsonAssertionsFailed,
     body_sample: typeof statusEvidence.body_sample === "string" ? statusEvidence.body_sample : null,
     failures,
   };
@@ -11909,6 +12184,155 @@ function linkProbeResponseFields(response, method) {
     content_length: contentLength,
   };
 }
+function jsonProbeValueType(value) {
+  if (value === null) return "null";
+  if (Array.isArray(value)) return "array";
+  if (typeof value === "boolean") return "boolean";
+  if (typeof value === "number") return "number";
+  if (typeof value === "string") return "string";
+  return "object";
+}
+function jsonProbeDeepEqual(left, right) {
+  if (left === right) return true;
+  if (typeof left !== typeof right) return false;
+  if (left === null || right === null) return left === right;
+  if (typeof left !== "object" || typeof right !== "object") return false;
+  if (Array.isArray(left) || Array.isArray(right)) {
+    if (!Array.isArray(left) || !Array.isArray(right) || left.length !== right.length) return false;
+    return left.every((item, index) => jsonProbeDeepEqual(item, right[index]));
+  }
+  const leftKeys = Object.keys(left).sort();
+  const rightKeys = Object.keys(right).sort();
+  if (!jsonProbeDeepEqual(leftKeys, rightKeys)) return false;
+  return leftKeys.every((key) => jsonProbeDeepEqual(left[key], right[key]));
+}
+function jsonProbeContains(observed, expected) {
+  if (typeof observed === "string" && typeof expected === "string") return observed.includes(expected);
+  if (Array.isArray(observed)) return observed.some((item) => jsonProbeDeepEqual(item, expected));
+  if (observed && expected && typeof observed === "object" && typeof expected === "object" && !Array.isArray(observed) && !Array.isArray(expected)) {
+    return Object.entries(expected).every(([key, value]) => Object.hasOwn(observed, key) && jsonProbeDeepEqual(observed[key], value));
+  }
+  return false;
+}
+function parseJsonProbePathSegments(path) {
+  let input = String(path || "").trim();
+  if (!input) throw new Error("path is empty");
+  if (input === "$") return [];
+  if (input.startsWith("$.")) input = input.slice(2);
+  else if (input.startsWith("$[")) input = input.slice(1);
+  const segments = [];
+  let token = "";
+  const pushToken = () => {
+    if (!token) return;
+    segments.push(token);
+    token = "";
+  };
+  for (let index = 0; index < input.length; index += 1) {
+    const char = input[index];
+    if (char === ".") {
+      pushToken();
+      continue;
+    }
+    if (char !== "[") {
+      token += char;
+      continue;
+    }
+    pushToken();
+    const closeIndex = input.indexOf("]", index + 1);
+    if (closeIndex === -1) throw new Error("unterminated bracket at " + index);
+    const bracket = input.slice(index + 1, closeIndex).trim();
+    if (!bracket) throw new Error("empty bracket at " + index);
+    if (/^\d+$/.test(bracket)) {
+      segments.push(Number(bracket));
+    } else if ((bracket.startsWith('"') && bracket.endsWith('"')) || (bracket.startsWith("'") && bracket.endsWith("'"))) {
+      const quoted = bracket.startsWith("'")
+        ? '"' + bracket.slice(1, -1).replace(/\\/g, "\\\\").replace(/"/g, "\\\"") + '"'
+        : bracket;
+      segments.push(String(JSON.parse(quoted)));
+    } else {
+      segments.push(bracket);
+    }
+    index = closeIndex;
+  }
+  pushToken();
+  return segments;
+}
+function resolveJsonProbePath(root, path) {
+  let segments;
+  try {
+    segments = parseJsonProbePathSegments(path);
+  } catch (error) {
+    return { exists: false, error: String(error && error.message ? error.message : error) };
+  }
+  let current = root;
+  for (const segment of segments) {
+    if (typeof segment === "number") {
+      if (!Array.isArray(current) || segment < 0 || segment >= current.length) return { exists: false };
+      current = current[segment];
+      continue;
+    }
+    if (!current || typeof current !== "object" || Array.isArray(current) || !Object.hasOwn(current, segment)) {
+      return { exists: false };
+    }
+    current = current[segment];
+  }
+  return { exists: true, value: current };
+}
+function evaluateJsonProbeAssertion(root, assertion) {
+  const resolved = resolveJsonProbePath(root, assertion.path);
+  const errors = [];
+  const result = {
+    label: assertion.label || assertion.path,
+    path: assertion.path,
+    ok: true,
+    exists: resolved.exists,
+    observed_type: resolved.exists ? jsonProbeValueType(resolved.value) : "missing",
+  };
+  if (resolved.exists) result.observed = resolved.value;
+  if (resolved.error) errors.push(resolved.error);
+  if (Object.hasOwn(assertion, "exists")) {
+    result.expected_exists = assertion.exists;
+    if (resolved.exists !== assertion.exists) errors.push("expected exists=" + assertion.exists);
+  }
+  if (Object.hasOwn(assertion, "type")) {
+    result.type = assertion.type;
+    if (!resolved.exists || jsonProbeValueType(resolved.value) !== assertion.type) errors.push("expected type " + assertion.type);
+  }
+  if (Object.hasOwn(assertion, "equals")) {
+    result.equals = assertion.equals;
+    if (!resolved.exists || !jsonProbeDeepEqual(resolved.value, assertion.equals)) errors.push("expected JSON value equality");
+  }
+  if (Object.hasOwn(assertion, "not_equals")) {
+    result.not_equals = assertion.not_equals;
+    if (resolved.exists && jsonProbeDeepEqual(resolved.value, assertion.not_equals)) errors.push("expected JSON value inequality");
+  }
+  if (Object.hasOwn(assertion, "contains")) {
+    result.contains = assertion.contains;
+    if (!resolved.exists || !jsonProbeContains(resolved.value, assertion.contains)) errors.push("expected JSON value containment");
+  }
+  result.ok = errors.length === 0;
+  if (errors.length) result.errors = errors;
+  return result;
+}
+function evaluateJsonProbeAssertions(text, assertions) {
+  const expected = Array.isArray(assertions) ? assertions.filter((assertion) => assertion && assertion.path) : [];
+  if (!expected.length) return [];
+  let parsed;
+  try {
+    parsed = JSON.parse(text);
+  } catch (error) {
+    const message = "response body is not valid JSON: " + String(error && error.message ? error.message : error).slice(0, 200);
+    return expected.map((assertion) => ({
+      label: assertion.label || assertion.path,
+      path: assertion.path,
+      ok: false,
+      exists: false,
+      observed_type: "missing",
+      errors: [message],
+    }));
+  }
+  return expected.map((assertion) => evaluateJsonProbeAssertion(parsed, assertion));
+}
 async function collectHttpStatus(check) {
   const url = httpStatusRequestUrl(check, page.url() || targetUrl);
   const method = httpStatusMethod(check);
@@ -11925,6 +12349,7 @@ async function collectHttpStatus(check) {
   const bodyContains = Array.isArray(check.body_contains) ? check.body_contains.filter(Boolean) : [];
   const bodyNotContains = Array.isArray(check.body_not_contains) ? check.body_not_contains.filter(Boolean) : [];
   const bodyNotPatterns = Array.isArray(check.body_not_patterns) ? check.body_not_patterns.filter(Boolean) : [];
+  const bodyJsonAssertions = Array.isArray(check.body_json_assertions) ? check.body_json_assertions.filter((assertion) => assertion && assertion.path) : [];
   const options = {
     method,
     redirect: "follow",
@@ -11950,17 +12375,18 @@ async function collectHttpStatus(check) {
     Object.assign(result, linkProbeResponseFields(response, method));
     result.url = url;
     result.status_text = response.statusText || "";
-    const shouldReadBody = check.require_nonzero_bytes === true || (typeof check.min_bytes === "number" && Number.isFinite(check.min_bytes)) || bodyContains.length > 0 || bodyNotContains.length > 0 || bodyNotPatterns.length > 0;
+    const shouldReadBody = check.require_nonzero_bytes === true || (typeof check.min_bytes === "number" && Number.isFinite(check.min_bytes)) || bodyContains.length > 0 || bodyNotContains.length > 0 || bodyNotPatterns.length > 0 || bodyJsonAssertions.length > 0;
     if (shouldReadBody) {
       try {
         const buffer = await response.arrayBuffer();
         result.bytes = buffer.byteLength;
-        if (bodyContains.length || bodyNotContains.length || bodyNotPatterns.length) {
+        if (bodyContains.length || bodyNotContains.length || bodyNotPatterns.length || bodyJsonAssertions.length) {
           const text = new TextDecoder().decode(buffer);
           result.body_sample = text.slice(0, 1000);
           if (bodyContains.length) result.body_contains = Object.fromEntries(bodyContains.map((expected) => [expected, text.includes(expected)]));
           if (bodyNotContains.length) result.body_not_contains = Object.fromEntries(bodyNotContains.map((forbidden) => [forbidden, text.includes(forbidden)]));
           if (bodyNotPatterns.length) result.body_not_patterns = Object.fromEntries(bodyNotPatterns.map((pattern) => [pattern, new RegExp(pattern).test(text)]));
+          if (bodyJsonAssertions.length) result.body_json_assertions = evaluateJsonProbeAssertions(text, bodyJsonAssertions);
         }
       } catch (error) {
         result.error = String(error && error.message ? error.message : error).slice(0, 500);
@@ -11973,6 +12399,7 @@ async function collectHttpStatus(check) {
       && (!bodyContains.length || bodyContains.every((expected) => result.body_contains && result.body_contains[expected] === true))
       && (!bodyNotContains.length || bodyNotContains.every((forbidden) => result.body_not_contains && result.body_not_contains[forbidden] === false))
       && (!bodyNotPatterns.length || bodyNotPatterns.every((pattern) => result.body_not_patterns && result.body_not_patterns[pattern] === false))
+      && (!bodyJsonAssertions.length || (Array.isArray(result.body_json_assertions) && result.body_json_assertions.every((assertion) => assertion.ok === true)))
       && !result.error;
     return result;
   } catch (error) {
@@ -13685,6 +14112,21 @@ function profileHttpStatusAssertionKeys(evidence, viewports, field) {
   }
   return [...keys];
 }
+function profileHttpStatusJsonAssertionCount(viewports) {
+  if (!viewports.length) return void 0;
+  let passed = 0;
+  let total = 0;
+  for (const viewport of viewports) {
+    if (!Array.isArray(viewport.body_json_assertions)) continue;
+    for (const assertion of viewport.body_json_assertions) {
+      const record = cliRecord(assertion);
+      if (!record) continue;
+      total += 1;
+      if (record.ok === true) passed += 1;
+    }
+  }
+  return total ? { passed, total } : void 0;
+}
 function profileHttpStatusSummaryMarkdown(result) {
   const httpStatusChecks = result.checks.filter((check) => check.type === "http_status");
   const lines = [];
@@ -13715,10 +14157,12 @@ function profileHttpStatusSummaryMarkdown(result) {
       profileHttpStatusAssertionKeys(evidence, viewports, "body_not_patterns"),
       false
     );
+    const bodyJsonAssertions = profileHttpStatusJsonAssertionCount(viewports);
     const bodyParts = [
       bodyContains ? `body_contains ${bodyContains.passed}/${bodyContains.total}` : "",
       bodyNotContains ? `body_not_contains clean ${bodyNotContains.passed}/${bodyNotContains.total}` : "",
-      bodyNotPatterns ? `body_not_patterns clean ${bodyNotPatterns.passed}/${bodyNotPatterns.total}` : ""
+      bodyNotPatterns ? `body_not_patterns clean ${bodyNotPatterns.passed}/${bodyNotPatterns.total}` : "",
+      bodyJsonAssertions ? `body_json_assertions ${bodyJsonAssertions.passed}/${bodyJsonAssertions.total}` : ""
     ].filter(Boolean);
     lines.push(
       `- ${label}: ${method}${url ? ` ${markdownInlineCode(url)}` : ""}, statuses ${statuses.length ? statuses.join("/") : "unknown"}${bodyParts.length ? `, ${bodyParts.join(", ")}` : ""}, failures ${failedTotal}`