afterburn-cli 1.0.0

package/dist/core/validation.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Check if an IP address is private or reserved (loopback, link-local, private ranges)
+ * Blocks: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, ::1, fc00::/7
+ */
+export declare function isPrivateOrReservedIP(ip: string): boolean;
+/**
+ * Validate that a URL uses http:// or https:// scheme.
+ * Rejects file://, javascript:, data:, and other dangerous schemes.
+ * Also rejects URLs resolving to private/loopback IPs (SSRF protection).
+ */
+export declare function validateUrl(url: string): string;
+export type HostLookupFn = (hostname: string) => Promise<string[]>;
+/**
+ * Enforce that a hostname resolves only to public IP addresses.
+ * Rejects localhost names, private ranges, and DNS failures.
+ */
+export declare function ensurePublicHostname(hostname: string, lookup?: HostLookupFn): Promise<void>;
+/**
+ * Validate URL format and ensure hostname resolves to public IP space.
+ */
+export declare function validatePublicUrl(url: string, lookup?: HostLookupFn): Promise<string>;
+/**
+ * Validate a filesystem path has no path traversal sequences.
+ * Resolves to absolute path and rejects ../ sequences.
+ */
+export declare function validatePath(inputPath: string, label: string, workspaceRoot?: string): string;
+/**
+ * Validate that a navigation URL stays within the same origin as the base URL.
+ * Allows same hostname or subdomains of the base hostname.
+ */
+export declare function validateNavigationUrl(navigationUrl: string, baseUrl: string): string;
+/**
+ * Validate and clamp maxPages to a safe range.
+ * Returns a safe integer between 1 and 500, defaulting to 50.
+ * Special case: 0 means "unlimited" but still capped at 500.
+ */
+export declare function validateMaxPages(value: number | undefined): number;
+/**
+ * Validate selector string length to prevent abuse.
+ * Returns the selector if valid, throws if too long.
+ */
+export declare function validateSelector(selector: string): string;
+/**
+ * Sanitize a string value by stripping potential script injection patterns.
+ * Removes <script> tags and javascript: URIs from step values.
+ */
+export declare function sanitizeValue(value: string): string;
+/**
+ * Sanitize session ID for filesystem usage
+ * Replaces invalid filename characters with underscores
+ */
+export declare function sanitizeSessionId(sessionId: string): string;

package/dist/core/validation.js

@@ -0,0 +1,228 @@
+// Input validation helpers for security hardening (URL, path, and numeric inputs)
+import path from 'node:path';
+import dns from 'node:dns/promises';
+const LOCALHOST_HOSTNAMES = new Set([
+    'localhost',
+    'localhost.localdomain',
+]);
+function allowPrivateUrls() {
+    return process.env.AFTERBURN_ALLOW_PRIVATE_URLS === '1';
+}
+function isIPv4Literal(value) {
+    return /^\d+\.\d+\.\d+\.\d+$/.test(value);
+}
+function isIPv6Literal(value) {
+    return value.includes(':');
+}
+function normalizeIpLiteral(ip) {
+    const lower = ip.trim().toLowerCase();
+    if (lower.startsWith('::ffff:')) {
+        return lower.slice('::ffff:'.length);
+    }
+    return lower;
+}
+/**
+ * Check if an IP address is private or reserved (loopback, link-local, private ranges)
+ * Blocks: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, ::1, fc00::/7
+ */
+export function isPrivateOrReservedIP(ip) {
+    const normalized = normalizeIpLiteral(ip);
+    // Unspecified / loopback / link-local IPv6
+    if (normalized === '::' || normalized === '::1' || normalized === '0000:0000:0000:0000:0000:0000:0000:0001') {
+        return true;
+    }
+    if (normalized.startsWith('fe80:')) {
+        return true;
+    }
+    // IPv6 private (fc00::/7)
+    if (normalized.startsWith('fc') || normalized.startsWith('fd')) {
+        return true;
+    }
+    // IPv6 loopback
+    // IPv4 patterns
+    const parts = normalized.split('.');
+    if (parts.length === 4) {
+        const first = parseInt(parts[0], 10);
+        const second = parseInt(parts[1], 10);
+        // 127.0.0.0/8 (loopback)
+        if (first === 127)
+            return true;
+        // 10.0.0.0/8 (private)
+        if (first === 10)
+            return true;
+        // 172.16.0.0/12 (private)
+        if (first === 172 && second >= 16 && second <= 31)
+            return true;
+        // 192.168.0.0/16 (private)
+        if (first === 192 && second === 168)
+            return true;
+        // 169.254.0.0/16 (link-local)
+        if (first === 169 && second === 254)
+            return true;
+    }
+    return false;
+}
+/**
+ * Validate that a URL uses http:// or https:// scheme.
+ * Rejects file://, javascript:, data:, and other dangerous schemes.
+ * Also rejects URLs resolving to private/loopback IPs (SSRF protection).
+ */
+export function validateUrl(url) {
+    const trimmed = url.trim();
+    let parsed;
+    try {
+        parsed = new URL(trimmed);
+    }
+    catch {
+        throw new Error(`Invalid URL: "${trimmed}". Must be a valid http:// or https:// URL.`);
+    }
+    const allowedProtocols = ['http:', 'https:'];
+    if (!allowedProtocols.includes(parsed.protocol)) {
+        throw new Error(`Unsafe URL scheme "${parsed.protocol}" in "${trimmed}". Only http:// and https:// are allowed.`);
+    }
+    // SSRF protection: check if hostname resolves to private IP
+    // Note: This is a synchronous check for IP literals. DNS resolution is async and happens in link-validator.
+    const hostname = parsed.hostname;
+    // Check if hostname is already an IP literal
+    if (!allowPrivateUrls() && (isIPv4Literal(hostname) || isIPv6Literal(hostname))) {
+        if (isPrivateOrReservedIP(hostname)) {
+            throw new Error(`SSRF protection: URL "${trimmed}" resolves to private/loopback address "${hostname}". Only public URLs are allowed.`);
+        }
+    }
+    return trimmed;
+}
+const defaultHostLookup = async (hostname) => {
+    const records = await dns.lookup(hostname, { all: true, verbatim: true });
+    return records.map(record => record.address);
+};
+/**
+ * Enforce that a hostname resolves only to public IP addresses.
+ * Rejects localhost names, private ranges, and DNS failures.
+ */
+export async function ensurePublicHostname(hostname, lookup = defaultHostLookup) {
+    if (allowPrivateUrls()) {
+        return;
+    }
+    const normalizedHost = hostname.trim().toLowerCase();
+    if (LOCALHOST_HOSTNAMES.has(normalizedHost) || normalizedHost.endsWith('.localhost')) {
+        throw new Error(`SSRF protection: Hostname "${hostname}" resolves to localhost.`);
+    }
+    if (isIPv4Literal(normalizedHost) || isIPv6Literal(normalizedHost)) {
+        if (isPrivateOrReservedIP(normalizedHost)) {
+            throw new Error(`SSRF protection: Hostname "${hostname}" resolves to private/loopback address.`);
+        }
+        return;
+    }
+    let resolvedAddresses;
+    try {
+        resolvedAddresses = await lookup(normalizedHost);
+    }
+    catch (error) {
+        throw new Error(`DNS resolution failed for "${hostname}": ${error instanceof Error ? error.message : String(error)}`);
+    }
+    if (resolvedAddresses.length === 0) {
+        throw new Error(`DNS resolution failed for "${hostname}": no addresses returned`);
+    }
+    for (const address of resolvedAddresses) {
+        if (isPrivateOrReservedIP(address)) {
+            throw new Error(`SSRF protection: Hostname "${hostname}" resolves to private IP "${address}".`);
+        }
+    }
+}
+/**
+ * Validate URL format and ensure hostname resolves to public IP space.
+ */
+export async function validatePublicUrl(url, lookup = defaultHostLookup) {
+    const validatedUrl = validateUrl(url);
+    const hostname = new URL(validatedUrl).hostname;
+    await ensurePublicHostname(hostname, lookup);
+    return validatedUrl;
+}
+/**
+ * Validate a filesystem path has no path traversal sequences.
+ * Resolves to absolute path and rejects ../ sequences.
+ */
+export function validatePath(inputPath, label, workspaceRoot) {
+    const trimmed = inputPath.trim();
+    // Reject obvious traversal patterns before resolving
+    // Security: prevent escaping intended directory boundaries
+    if (trimmed.includes('..')) {
+        throw new Error(`Path traversal detected in ${label}: "${trimmed}". Paths must not contain ".." sequences.`);
+    }
+    // Resolve to absolute path
+    const resolved = path.resolve(trimmed);
+    // If workspace root specified, enforce containment
+    if (workspaceRoot) {
+        const resolvedRoot = path.resolve(workspaceRoot);
+        // Use path.relative for proper containment check (prevents bypass via symlinks/normalization)
+        const relativePath = path.relative(resolvedRoot, resolved);
+        if (relativePath.startsWith('..') || path.isAbsolute(relativePath)) {
+            throw new Error(`${label} escapes workspace root "${resolvedRoot}". Got: "${resolved}"`);
+        }
+    }
+    return resolved;
+}
+/**
+ * Validate that a navigation URL stays within the same origin as the base URL.
+ * Allows same hostname or subdomains of the base hostname.
+ */
+export function validateNavigationUrl(navigationUrl, baseUrl) {
+    const validated = validateUrl(navigationUrl);
+    const navParsed = new URL(validated);
+    const baseParsed = new URL(baseUrl);
+    // Allow same hostname or subdomains
+    if (navParsed.hostname !== baseParsed.hostname &&
+        !navParsed.hostname.endsWith('.' + baseParsed.hostname)) {
+        throw new Error(`Navigation to "${navParsed.hostname}" blocked. Only same-origin navigation allowed (base: "${baseParsed.hostname}").`);
+    }
+    return validated;
+}
+/**
+ * Validate and clamp maxPages to a safe range.
+ * Returns a safe integer between 1 and 500, defaulting to 50.
+ * Special case: 0 means "unlimited" but still capped at 500.
+ */
+export function validateMaxPages(value) {
+    if (value === undefined || value === null || isNaN(value) || value < 0) {
+        return 50; // Safe default
+    }
+    // Special case: 0 means unlimited (but we still cap at 500 for safety)
+    if (value === 0) {
+        return 500;
+    }
+    // Clamp to [1, 500] range to prevent resource exhaustion
+    return Math.min(Math.max(Math.floor(value), 1), 500);
+}
+/**
+ * Validate selector string length to prevent abuse.
+ * Returns the selector if valid, throws if too long.
+ */
+export function validateSelector(selector) {
+    const MAX_SELECTOR_LENGTH = 500;
+    if (selector.length > MAX_SELECTOR_LENGTH) {
+        throw new Error(`Selector too long (${selector.length} chars, max ${MAX_SELECTOR_LENGTH}). Possible injection attempt.`);
+    }
+    return selector;
+}
+/**
+ * Sanitize a string value by stripping potential script injection patterns.
+ * Removes <script> tags and javascript: URIs from step values.
+ */
+export function sanitizeValue(value) {
+    // Strip <script> tags (case-insensitive, handles attributes)
+    let sanitized = value.replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, '');
+    // Strip javascript: URIs
+    sanitized = sanitized.replace(/javascript\s*:/gi, '');
+    // Strip event handlers in attributes (onclick=, onerror=, etc.)
+    sanitized = sanitized.replace(/\bon\w+\s*=/gi, '');
+    return sanitized;
+}
+/**
+ * Sanitize session ID for filesystem usage
+ * Replaces invalid filename characters with underscores
+ */
+export function sanitizeSessionId(sessionId) {
+    // Allow only alphanumeric, dash, and underscore
+    return sessionId.replace(/[^a-zA-Z0-9_-]/g, '_');
+}
+//# sourceMappingURL=validation.js.map

package/dist/core/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/core/validation.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAElF,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,GAAG,MAAM,mBAAmB,CAAC;AAEpC,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,WAAW;IACX,uBAAuB;CACxB,CAAC,CAAC;AAEH,SAAS,gBAAgB;IACvB,OAAO,OAAO,CAAC,GAAG,CAAC,4BAA4B,KAAK,GAAG,CAAC;AAC1D,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,OAAO,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,OAAO,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,kBAAkB,CAAC,EAAU;IACpC,MAAM,KAAK,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtC,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,EAAU;IAC9C,MAAM,UAAU,GAAG,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAE1C,2CAA2C;IAC3C,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,yCAAyC,EAAE,CAAC;QAC5G,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0BAA0B;IAC1B,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gBAAgB;IAChB,gBAAgB;IAChB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEtC,yBAAyB;QACzB,IAAI,KAAK,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAE/B,uBAAuB;QACvB,IAAI,KAAK,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAE9B,0BAA0B;QAC1B,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QAE/D,2BAA2B;QAC3B,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAEjD,8BAA8B;QAC9B,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;IACnD,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,iBAAiB,OAAO,6CAA6C,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC7C,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CACb,sBAAsB,MAAM,CAAC,QAAQ,SAAS,OAAO,2CAA2C,CACjG,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,4GAA4G;IAC5G,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAEjC,6CAA6C;IAC7C,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAChF,IAAI,qBAAqB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,yBAAyB,OAAO,2CAA2C,QAAQ,kCAAkC,CACtH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAID,MAAM,iBAAiB,GAAiB,KAAK,EAAE,QAAgB,EAAE,EAAE;IACjE,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1E,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAC/C,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAgB,EAChB,SAAuB,iBAAiB;IAExC,IAAI,gBAAgB,EAAE,EAAE,CAAC;QACvB,OAAO;IACT,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErD,IAAI,mBAAmB,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,cAAc,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACrF,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,0BAA0B,CAAC,CAAC;IACpF,CAAC;IAED,IAAI,aAAa,CAAC,cAAc,CAAC,IAAI,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;QACnE,IAAI,qBAAqB,CAAC,cAAc,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,yCAAyC,CAAC,CAAC;QACnG,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,iBAA2B,CAAC;IAChC,IAAI,CAAC;QACH,iBAAiB,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACxH,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,0BAA0B,CAAC,CAAC;IACpF,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,6BAA6B,OAAO,IAAI,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAW,EACX,SAAuB,iBAAiB;IAExC,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC;IAChD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC7C,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,KAAa,EAAE,aAAsB;IACnF,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IAEjC,qDAAqD;IACrD,2DAA2D;IAC3D,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,8BAA8B,KAAK,MAAM,OAAO,2CAA2C,CAC5F,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvC,mDAAmD;IACnD,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACjD,8FAA8F;QAC9F,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QAC3D,IAAI,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,4BAA4B,YAAY,YAAY,QAAQ,GAAG,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,aAAqB,EAAE,OAAe;IAC1E,MAAM,SAAS,GAAG,WAAW,CAAC,aAAa,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IAEpC,oCAAoC;IACpC,IAAI,SAAS,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;QAC1C,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CACb,kBAAkB,SAAS,CAAC,QAAQ,0DAA0D,UAAU,CAAC,QAAQ,KAAK,CACvH,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAyB;IACxD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACvE,OAAO,EAAE,CAAC,CAAC,eAAe;IAC5B,CAAC;IACD,uEAAuE;IACvE,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,OAAO,GAAG,CAAC;IACb,CAAC;IACD,yDAAyD;IACzD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,mBAAmB,GAAG,GAAG,CAAC;IAChC,IAAI,QAAQ,CAAC,MAAM,GAAG,mBAAmB,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,sBAAsB,QAAQ,CAAC,MAAM,eAAe,mBAAmB,gCAAgC,CACxG,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,6DAA6D;IAC7D,IAAI,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,qCAAqC,EAAE,EAAE,CAAC,CAAC;IACzE,yBAAyB;IACzB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;IACtD,gEAAgE;IAChE,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;IACnD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,gDAAgD;IAChD,OAAO,SAAS,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC"}

package/dist/discovery/crawler.d.ts

@@ -0,0 +1,58 @@
+import type { Page } from 'playwright';
+import type { BrowserManager } from '../browser/browser-manager.js';
+import type { CrawlResult, PageData } from '../types/discovery.js';
+/**
+ * Options for SiteCrawler configuration
+ */
+export interface CrawlerOptions {
+    maxConcurrency?: number;
+    maxPages?: number;
+    excludePatterns?: string[];
+    onPageCrawled?: (url: string, count: number) => void;
+    pageProcessor?: (page: Page, url: string) => Promise<Partial<PageData>>;
+    additionalUrls?: string[];
+}
+/**
+ * Recursive web crawler that visits all same-hostname pages
+ * Uses BrowserManager for stealth and cookie dismissal
+ */
+export declare class SiteCrawler {
+    private browserManager;
+    private visited;
+    private queue;
+    private pages;
+    private hostname;
+    private maxConcurrency;
+    private maxPages;
+    private excludePatterns;
+    private onPageCrawled?;
+    private pageProcessor?;
+    constructor(browserManager: BrowserManager, options?: CrawlerOptions);
+    /**
+     * Crawls all same-hostname pages starting from seedUrl
+     * @param seedUrl - Starting URL to crawl from
+     * @returns CrawlResult with all discovered pages
+     */
+    crawl(seedUrl: string, additionalUrls?: string[]): Promise<CrawlResult>;
+    /**
+     * Crawls a single page: navigate, extract data, discover links
+     */
+    private crawlPage;
+    /**
+     * Extracts all links from a page
+     */
+    private extractLinks;
+    /**
+     * Normalizes a URL for deduplication
+     * - Removes fragment (#...)
+     * - Removes trailing slash (except root /)
+     * - Lowercases hostname
+     * - Sorts query parameters
+     * - Removes default ports
+     */
+    private normalizeUrl;
+    /**
+     * Checks if URL matches any exclude pattern
+     */
+    private shouldExclude;
+}

package/dist/discovery/crawler.js

@@ -0,0 +1,240 @@
+// Recursive web crawler with URL queue, deduplication, and pageProcessor callback
+/**
+ * Recursive web crawler that visits all same-hostname pages
+ * Uses BrowserManager for stealth and cookie dismissal
+ */
+export class SiteCrawler {
+    browserManager;
+    visited; // normalized URLs already visited
+    queue; // URLs to visit
+    pages; // collected page data
+    hostname = ''; // seed URL hostname for filtering
+    maxConcurrency;
+    maxPages;
+    excludePatterns;
+    onPageCrawled;
+    pageProcessor;
+    constructor(browserManager, options) {
+        this.browserManager = browserManager;
+        this.visited = new Set();
+        this.queue = [];
+        this.pages = [];
+        this.maxConcurrency = options?.maxConcurrency ?? 3;
+        this.maxPages = options?.maxPages ?? 0;
+        this.excludePatterns = options?.excludePatterns ?? [];
+        this.onPageCrawled = options?.onPageCrawled;
+        this.pageProcessor = options?.pageProcessor;
+    }
+    /**
+     * Crawls all same-hostname pages starting from seedUrl
+     * @param seedUrl - Starting URL to crawl from
+     * @returns CrawlResult with all discovered pages
+     */
+    async crawl(seedUrl, additionalUrls) {
+        const startTime = Date.now();
+        // Extract hostname from seed URL
+        const seedUrlObj = new URL(seedUrl);
+        this.hostname = seedUrlObj.hostname;
+        // Add seed URL to queue
+        const normalizedSeed = this.normalizeUrl(seedUrl);
+        this.queue.push(normalizedSeed);
+        // Add additional URLs (e.g., from SPA route detection)
+        if (additionalUrls && additionalUrls.length > 0) {
+            for (const url of additionalUrls) {
+                try {
+                    const urlObj = new URL(url, seedUrl); // Resolve relative URLs
+                    if (urlObj.hostname === this.hostname) {
+                        const normalized = this.normalizeUrl(urlObj.href);
+                        if (!this.visited.has(normalized) && !this.queue.includes(normalized)) {
+                            this.queue.push(normalized);
+                        }
+                    }
+                }
+                catch {
+                    // Skip invalid URLs
+                }
+            }
+        }
+        // Process queue in batches
+        while (this.queue.length > 0) {
+            // Check maxPages limit
+            if (this.maxPages > 0 && this.pages.length >= this.maxPages) {
+                break;
+            }
+            // Warn after 50 pages
+            if (this.pages.length === 50) {
+                console.warn('⚠️  Discovered 50+ pages. Crawl continuing...');
+            }
+            // Take batch of URLs
+            const batch = this.queue.splice(0, this.maxConcurrency);
+            // Process batch concurrently
+            const results = await Promise.allSettled(batch.map(url => this.crawlPage(url)));
+            // Log errors without failing entire crawl
+            results.forEach((result, index) => {
+                if (result.status === 'rejected') {
+                    console.error(`Error crawling ${batch[index]}: ${result.reason}`);
+                }
+            });
+        }
+        const duration = Date.now() - startTime;
+        return {
+            pages: this.pages,
+            brokenLinks: [], // Populated by link validator in later plan
+            totalPagesDiscovered: this.pages.length,
+            totalLinksChecked: 0, // Populated by link validator in later plan
+            crawlDuration: duration,
+            spaDetected: { framework: 'none' } // Populated by SPA detector in later plan
+        };
+    }
+    /**
+     * Crawls a single page: navigate, extract data, discover links
+     */
+    async crawlPage(url) {
+        // Skip if already visited or matches exclude pattern
+        if (this.visited.has(url)) {
+            return;
+        }
+        if (this.shouldExclude(url)) {
+            return;
+        }
+        this.visited.add(url);
+        let page = null;
+        try {
+            // Open page via BrowserManager (handles stealth + cookie dismissal)
+            page = await this.browserManager.newPage(url);
+            // Extract title
+            const title = await page.title();
+            // Extract links
+            const links = await this.extractLinks(page, url);
+            // Create minimal PageData
+            const pageData = {
+                url,
+                title,
+                forms: [],
+                buttons: [],
+                links,
+                menus: [],
+                otherInteractive: [],
+                crawledAt: new Date().toISOString()
+            };
+            // If pageProcessor provided, call it and merge results
+            if (this.pageProcessor) {
+                const extraData = await this.pageProcessor(page, url);
+                Object.assign(pageData, extraData);
+            }
+            // Store page data
+            this.pages.push(pageData);
+            // Notify progress callback
+            if (this.onPageCrawled) {
+                this.onPageCrawled(url, this.pages.length);
+            }
+            // Add discovered links to queue
+            for (const link of links) {
+                if (link.isInternal && !this.visited.has(link.href)) {
+                    const normalized = this.normalizeUrl(link.href);
+                    if (!this.queue.includes(normalized) && !this.visited.has(normalized)) {
+                        this.queue.push(normalized);
+                    }
+                }
+            }
+        }
+        finally {
+            // Always close page
+            if (page) {
+                await page.close();
+            }
+        }
+    }
+    /**
+     * Extracts all links from a page
+     */
+    async extractLinks(page, baseUrl) {
+        const links = await page.$$eval('a[href]', (anchors) => {
+            return anchors.map((a) => {
+                const anchor = a;
+                return {
+                    href: anchor.href, // Already resolved by browser
+                    text: anchor.textContent?.trim() || ''
+                };
+            });
+        });
+        // Classify links as internal/external
+        return links.map(link => {
+            try {
+                const linkUrl = new URL(link.href);
+                return {
+                    href: link.href,
+                    text: link.text,
+                    isInternal: linkUrl.hostname === this.hostname
+                };
+            }
+            catch {
+                // Invalid URL
+                return {
+                    href: link.href,
+                    text: link.text,
+                    isInternal: false
+                };
+            }
+        });
+    }
+    /**
+     * Normalizes a URL for deduplication
+     * - Removes fragment (#...)
+     * - Removes trailing slash (except root /)
+     * - Lowercases hostname
+     * - Sorts query parameters
+     * - Removes default ports
+     */
+    normalizeUrl(url) {
+        try {
+            const urlObj = new URL(url);
+            // Remove fragment
+            urlObj.hash = '';
+            // Lowercase hostname
+            urlObj.hostname = urlObj.hostname.toLowerCase();
+            // Remove default ports
+            if ((urlObj.protocol === 'http:' && urlObj.port === '80') ||
+                (urlObj.protocol === 'https:' && urlObj.port === '443')) {
+                urlObj.port = '';
+            }
+            // Sort query parameters
+            const params = Array.from(urlObj.searchParams.entries()).sort((a, b) => a[0].localeCompare(b[0]));
+            urlObj.search = '';
+            params.forEach(([key, value]) => urlObj.searchParams.append(key, value));
+            // Remove trailing slash (except root)
+            let normalized = urlObj.href;
+            if (urlObj.pathname !== '/' && normalized.endsWith('/')) {
+                normalized = normalized.slice(0, -1);
+            }
+            return normalized;
+        }
+        catch {
+            return url; // Return as-is if parsing fails
+        }
+    }
+    /**
+     * Checks if URL matches any exclude pattern
+     */
+    shouldExclude(url) {
+        return this.excludePatterns.some(pattern => {
+            if (pattern.startsWith('*') && pattern.endsWith('*')) {
+                // *pattern* - contains
+                return url.includes(pattern.slice(1, -1));
+            }
+            else if (pattern.startsWith('*')) {
+                // *.ext - ends with
+                return url.endsWith(pattern.slice(1));
+            }
+            else if (pattern.endsWith('*')) {
+                // prefix* - starts with
+                return url.startsWith(pattern.slice(0, -1));
+            }
+            else {
+                // exact match
+                return url.includes(pattern);
+            }
+        });
+    }
+}
+//# sourceMappingURL=crawler.js.map

package/dist/discovery/crawler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crawler.js","sourceRoot":"","sources":["../../src/discovery/crawler.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAkBlF;;;GAGG;AACH,MAAM,OAAO,WAAW;IACd,cAAc,CAAiB;IAC/B,OAAO,CAAc,CAAS,kCAAkC;IAChE,KAAK,CAAW,CAAc,gBAAgB;IAC9C,KAAK,CAAa,CAAY,sBAAsB;IACpD,QAAQ,GAAW,EAAE,CAAC,CAAQ,kCAAkC;IAChE,cAAc,CAAS;IACvB,QAAQ,CAAS;IACjB,eAAe,CAAW;IAC1B,aAAa,CAAwC;IACrD,aAAa,CAA2D;IAEhF,YAAY,cAA8B,EAAE,OAAwB;QAClE,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC,eAAe,GAAG,OAAO,EAAE,eAAe,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,aAAa,GAAG,OAAO,EAAE,aAAa,CAAC;QAC5C,IAAI,CAAC,aAAa,GAAG,OAAO,EAAE,aAAa,CAAC;IAC9C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CAAC,OAAe,EAAE,cAAyB;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,iCAAiC;QACjC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;QAEpC,wBAAwB;QACxB,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAEhC,uDAAuD;QACvD,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;gBACjC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,wBAAwB;oBAC9D,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACtC,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBAClD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BACtE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBAC9B,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,oBAAoB;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,uBAAuB;YACvB,IAAI,IAAI,CAAC,QAAQ,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC5D,MAAM;YACR,CAAC;YAED,sBAAsB;YACtB,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAChE,CAAC;YAED,qBAAqB;YACrB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;YAExD,6BAA6B;YAC7B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CACtC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CACtC,CAAC;YAEF,0CAA0C;YAC1C,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE;gBAChC,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;oBACjC,OAAO,CAAC,KAAK,CAAC,kBAAkB,KAAK,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACpE,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAExC,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,EAAE,EAAG,4CAA4C;YAC9D,oBAAoB,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM;YACvC,iBAAiB,EAAE,CAAC,EAAG,4CAA4C;YACnE,aAAa,EAAE,QAAQ;YACvB,WAAW,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAE,0CAA0C;SAC/E,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CAAC,GAAW;QACjC,qDAAqD;QACrD,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtB,IAAI,IAAI,GAAgB,IAAI,CAAC;QAE7B,IAAI,CAAC;YACH,oEAAoE;YACpE,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAE9C,gBAAgB;YAChB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YAEjC,gBAAgB;YAChB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAEjD,0BAA0B;YAC1B,MAAM,QAAQ,GAAa;gBACzB,GAAG;gBACH,KAAK;gBACL,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,EAAE;gBACX,KAAK;gBACL,KAAK,EAAE,EAAE;gBACT,gBAAgB,EAAE,EAAE;gBACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC;YAEF,uDAAuD;YACvD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBACtD,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACrC,CAAC;YAED,kBAAkB;YAClB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAE1B,2BAA2B;YAC3B,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvB,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC7C,CAAC;YAED,gCAAgC;YAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpD,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;wBACtE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;oBAC9B,CAAC;gBACH,CAAC;YACH,CAAC;QAEH,CAAC;gBAAS,CAAC;YACT,oBAAoB;YACpB,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,IAAU,EAAE,OAAe;QACpD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE;YACrD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACvB,MAAM,MAAM,GAAG,CAAsB,CAAC;gBACtC,OAAO;oBACL,IAAI,EAAE,MAAM,CAAC,IAAI,EAAG,8BAA8B;oBAClD,IAAI,EAAE,MAAM,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE;iBACvC,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,sCAAsC;QACtC,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YACtB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnC,OAAO;oBACL,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,UAAU,EAAE,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ;iBAC/C,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,cAAc;gBACd,OAAO;oBACL,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,UAAU,EAAE,KAAK;iBAClB,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACK,YAAY,CAAC,GAAW;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAE5B,kBAAkB;YAClB,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;YAEjB,qBAAqB;YACrB,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YAEhD,uBAAuB;YACvB,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC;gBACrD,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBAC5D,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;YACnB,CAAC;YAED,wBAAwB;YACxB,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACrE,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzB,CAAC;YACF,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;YACnB,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;YAEzE,sCAAsC;YACtC,IAAI,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;YAC7B,IAAI,MAAM,CAAC,QAAQ,KAAK,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxD,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACvC,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAC,CAAE,gCAAgC;QAC/C,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,GAAW;QAC/B,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;YACzC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrD,uBAAuB;gBACvB,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5C,CAAC;iBAAM,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,oBAAoB;gBACpB,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,wBAAwB;gBACxB,OAAO,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,cAAc;gBACd,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/discovery/discovery-pipeline.d.ts

@@ -0,0 +1,22 @@
+import type { DiscoveryArtifact, SitemapNode, WorkflowPlan } from '../types/discovery.js';
+export interface DiscoveryOptions {
+    targetUrl: string;
+    sessionId: string;
+    userHints?: string[];
+    maxPages?: number;
+    headless?: boolean;
+    onProgress?: (message: string) => void;
+}
+export interface WorkflowPlanResolution {
+    workflowPlans: WorkflowPlan[];
+    usedHeuristicFallback: boolean;
+}
+export declare function resolveWorkflowPlans(planPromise: Promise<WorkflowPlan[]> | null, sitemap: SitemapNode): Promise<WorkflowPlanResolution>;
+/**
+ * Runs complete Phase 2 discovery pipeline: crawl, discover elements, detect SPA,
+ * validate links, build sitemap, generate workflow plans.
+ *
+ * @param options Discovery configuration
+ * @returns Complete discovery artifact with sitemap and workflow plans
+ */
+export declare function runDiscovery(options: DiscoveryOptions): Promise<DiscoveryArtifact>;