npm - api-tests-coverage - Versions diffs - 1.0.0 → 1.0.2 - Mend

api-tests-coverage 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

package/dist/dashboard/reports/security-coverage.json ADDED Viewed

@@ -0,0 +1,299 @@
+{
+  "total": 27,
+  "covered": 7,
+  "percentage": 23.08,
+  "scanFindings": 0,
+  "categorySummary": {
+    "authentication": {
+      "total": 1,
+      "covered": 1
+    },
+    "authorization": {
+      "total": 13,
+      "covered": 0
+    },
+    "input-validation": {
+      "total": 11,
+      "covered": 5
+    },
+    "cryptography": {
+      "total": 1,
+      "covered": 0
+    },
+    "session-management": {
+      "total": 0,
+      "covered": 0
+    }
+  },
+  "controls": [
+    {
+      "id": "authentication:bearerAuth",
+      "category": "authentication",
+      "description": "Authentication via security scheme \"bearerAuth\" (http/bearer)",
+      "covered": true,
+      "matchedTests": [
+        "returns 401 when no token",
+        "returns 401 when no token provided",
+        "returns 401 for invalid token",
+        "returns 401 without auth"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "cryptography:https",
+      "category": "cryptography",
+      "description": "API servers include non-HTTPS URLs – cryptographic transport security may be missing",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:get:/wallets",
+      "category": "authorization",
+      "description": "Authorization check for GET /wallets",
+      "endpoint": "GET /wallets",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/wallets",
+      "category": "authorization",
+      "description": "Authorization check for POST /wallets",
+      "endpoint": "POST /wallets",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/wallets",
+      "category": "input-validation",
+      "description": "Input validation for POST /wallets",
+      "endpoint": "POST /wallets",
+      "covered": true,
+      "matchedTests": [
+        "returns 400 when currency is missing",
+        "returns 400 for unsupported currency",
+        "returns 422 for insufficient funds",
+        "returns 401 for invalid token",
+        "returns 400 for invalid currency",
+        "returns 422 with insufficient funds"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:get:/wallets/{id}",
+      "category": "authorization",
+      "description": "Authorization check for GET /wallets/{id}",
+      "endpoint": "GET /wallets/{id}",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:get:/wallets/{id}",
+      "category": "input-validation",
+      "description": "Input validation for GET /wallets/{id}",
+      "endpoint": "GET /wallets/{id}",
+      "covered": true,
+      "matchedTests": [
+        "returns 422 for insufficient funds",
+        "returns 400 for invalid currency",
+        "returns 422 with insufficient funds"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:delete:/wallets/{id}",
+      "category": "authorization",
+      "description": "Authorization check for DELETE /wallets/{id}",
+      "endpoint": "DELETE /wallets/{id}",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:delete:/wallets/{id}",
+      "category": "input-validation",
+      "description": "Input validation for DELETE /wallets/{id}",
+      "endpoint": "DELETE /wallets/{id}",
+      "covered": true,
+      "matchedTests": [
+        "returns 422 for insufficient funds",
+        "returns 400 for invalid currency",
+        "returns 422 with insufficient funds"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:patch:/wallets/{id}/freeze",
+      "category": "authorization",
+      "description": "Authorization check for PATCH /wallets/{id}/freeze",
+      "endpoint": "PATCH /wallets/{id}/freeze",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:patch:/wallets/{id}/freeze",
+      "category": "input-validation",
+      "description": "Input validation for PATCH /wallets/{id}/freeze",
+      "endpoint": "PATCH /wallets/{id}/freeze",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:patch:/wallets/{id}/unfreeze",
+      "category": "authorization",
+      "description": "Authorization check for PATCH /wallets/{id}/unfreeze",
+      "endpoint": "PATCH /wallets/{id}/unfreeze",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:patch:/wallets/{id}/unfreeze",
+      "category": "input-validation",
+      "description": "Input validation for PATCH /wallets/{id}/unfreeze",
+      "endpoint": "PATCH /wallets/{id}/unfreeze",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/wallets/{id}/fund",
+      "category": "authorization",
+      "description": "Authorization check for POST /wallets/{id}/fund",
+      "endpoint": "POST /wallets/{id}/fund",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/wallets/{id}/fund",
+      "category": "input-validation",
+      "description": "Input validation for POST /wallets/{id}/fund",
+      "endpoint": "POST /wallets/{id}/fund",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/wallets/{id}/debit",
+      "category": "authorization",
+      "description": "Authorization check for POST /wallets/{id}/debit",
+      "endpoint": "POST /wallets/{id}/debit",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/wallets/{id}/debit",
+      "category": "input-validation",
+      "description": "Input validation for POST /wallets/{id}/debit",
+      "endpoint": "POST /wallets/{id}/debit",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/wallets/{id}/transfer",
+      "category": "authorization",
+      "description": "Authorization check for POST /wallets/{id}/transfer",
+      "endpoint": "POST /wallets/{id}/transfer",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/wallets/{id}/transfer",
+      "category": "input-validation",
+      "description": "Input validation for POST /wallets/{id}/transfer",
+      "endpoint": "POST /wallets/{id}/transfer",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/payments",
+      "category": "authorization",
+      "description": "Authorization check for POST /payments",
+      "endpoint": "POST /payments",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/payments",
+      "category": "input-validation",
+      "description": "Input validation for POST /payments",
+      "endpoint": "POST /payments",
+      "covered": true,
+      "matchedTests": [
+        "returns 400 for missing required fields",
+        "returns 422 for invalid (non-existent) wallet",
+        "returns 422 when refunding a non-completed payment"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:get:/payments/{id}",
+      "category": "authorization",
+      "description": "Authorization check for GET /payments/{id}",
+      "endpoint": "GET /payments/{id}",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:get:/payments/{id}",
+      "category": "input-validation",
+      "description": "Input validation for GET /payments/{id}",
+      "endpoint": "GET /payments/{id}",
+      "covered": true,
+      "matchedTests": [
+        "returns 422 when refunding a non-completed payment"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/payments/{id}/refund",
+      "category": "authorization",
+      "description": "Authorization check for POST /payments/{id}/refund",
+      "endpoint": "POST /payments/{id}/refund",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/payments/{id}/refund",
+      "category": "input-validation",
+      "description": "Input validation for POST /payments/{id}/refund",
+      "endpoint": "POST /payments/{id}/refund",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:get:/transactions",
+      "category": "authorization",
+      "description": "Authorization check for GET /transactions",
+      "endpoint": "GET /transactions",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authentication:JWT",
+      "category": "authentication",
+      "description": "JWT token signature and expiry validation",
+      "covered": true,
+      "matchedTests": [
+        "returns 401 for expired JWT",
+        "returns 401 for invalid JWT signature"
+      ],
+      "coveredByScanReport": false
+    }
+  ]
+}

package/dist/dashboard/vite.svg ADDED Viewed

@@ -0,0 +1 @@

+ <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>

package/dist/src/index.js CHANGED Viewed

@@ -59,6 +59,7 @@ const astAnalysisOrchestrator_1 = require("./ast/astAnalysisOrchestrator");
 const projectDiscovery_1 = require("./discovery/projectDiscovery");
 const businessRuleInference_1 = require("./inference/businessRuleInference");
 const integrationFlowInference_1 = require("./inference/integrationFlowInference");
+const serveDashboard_1 = require("./serveDashboard");
 // Register all language AST analyzers at startup.
 // This side-effect import ensures each language module's registerAnalyzer() call runs.
 (0, astAnalysisOrchestrator_1.registerAllAnalyzers)();
@@ -1344,8 +1345,11 @@ program
     .option('--export-inferred-rules', 'Export inferred rules/flows as editable YAML files')
     .option('--no-infer-business-rules', 'Disable business rule inference')
     .option('--no-infer-integration-flows', 'Disable integration flow inference')
+    .option('--dashboard', 'Start the coverage dashboard after analysis')
+    .option('--port <port>', 'Port for the dashboard server (requires --dashboard)', parseInt)
+    .option('--open', 'Open the dashboard in your browser automatically (requires --dashboard)')
     .action(async (options) => {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
     const { metricsPort, serviceName } = setupObservability();
     const logger = (0, observability_1.getLogger)();
     const configPath = program.opts()['config'];
@@ -1419,11 +1423,48 @@ program
             console.log('  Exported: generated-integration-flows.yaml');
         }
     }
-    // ── 4. Emit warnings ───────────────────────────────────────────────────
+    // ── 4. Endpoint coverage analysis → coverage-summary.json ─────────────
+    const allCoverageResults = [];
+    if (artifacts.specs.length > 0) {
+        const testsGlob = artifacts.testFiles.length > 0
+            ? '{' + artifacts.testFiles.join(',') + '}'
+            : path.join(rootDir, '**', '*');
+        const detectedLanguages = artifacts.languages;
+        for (const specPath of artifacts.specs) {
+            try {
+                console.log(`\nAnalyzing endpoint coverage for: ${path.basename(specPath)}`);
+                const endpoints = await (0, endpointCoverage_1.parseOpenApiSpec)(specPath);
+                const coverageMap = await (0, endpointCoverage_1.analyzeTestCoverage)(endpoints, testsGlob, detectedLanguages);
+                const report = (0, endpointCoverage_1.buildCoverageReport)(coverageMap);
+                const result = {
+                    type: 'endpoint',
+                    totalItems: report.total,
+                    coveredItems: report.covered,
+                    coveragePercent: report.percentage,
+                    details: report,
+                };
+                allCoverageResults.push(result);
+                console.log(`  ${report.covered}/${report.total} endpoints covered (${report.percentage}%)`);
+            }
+            catch (err) {
+                warnings.push(`Endpoint coverage failed for ${path.basename(specPath)}: ` +
+                    `${err instanceof Error ? err.message : String(err)}`);
+            }
+        }
+        if (allCoverageResults.length > 0) {
+            const observabilityInfo = (0, observability_1.buildObservabilityInfo)(metricsPort);
+            (0, reporting_1.generateMultiFormatReports)(allCoverageResults, ['json'], reportsDir, {}, observabilityInfo);
+            console.log(`\nReports written to: ${reportsDir}`);
+        }
+    }
+    else {
+        warnings.push('No API spec files found; endpoint coverage analysis skipped.');
+    }
+    // ── 5. Emit warnings ───────────────────────────────────────────────────
     for (const w of warnings) {
         console.warn(`[WARN] ${w}`);
     }
-    // ── 5. Configuration override log ──────────────────────────────────────
+    // ── 6. Configuration override log ──────────────────────────────────────
     if (options['inferBusinessRules'] === false) {
         console.log('\nConfiguration override detected: business rule inference disabled via CLI');
     }
@@ -1431,7 +1472,36 @@ program
         console.log('\nConfiguration override detected: integration flow inference disabled via CLI');
     }
     logger.info({ event: 'analyze_complete', warnings: warnings.length }, 'Agnostic project analysis complete');
-    await finaliseObservability([], {}, metricsPort, serviceName);
+    await finaliseObservability(allCoverageResults, {}, metricsPort, serviceName);
+    // ── 7. Optionally launch the dashboard ─────────────────────────────────
+    if (options['dashboard']) {
+        (0, serveDashboard_1.serveDashboard)({
+            reportsDir: reportsDir,
+            port: (_l = options['port']) !== null && _l !== void 0 ? _l : 4000,
+            open: Boolean(options['open']),
+        });
+        // Keep the process alive — the HTTP server holds the event loop open
+    }
+});
+// ─── serve command ────────────────────────────────────────────────────────────
+program
+    .command('serve')
+    .description('Start the coverage dashboard UI and serve reports from your reports directory.')
+    .option('--reports-dir <dir>', 'Directory containing report JSON files (default: reports/)')
+    .option('--port <port>', 'Port to listen on (default: 4000)', parseInt)
+    .option('--open', 'Open the dashboard in your browser automatically')
+    .action((options) => {
+    var _a, _b, _c, _d;
+    const configPath = program.opts()['config'];
+    const analyzerCfg = (0, config_1.loadCentralConfig)(configPath);
+    const reportsDir = (_c = (_a = options['reportsDir']) !== null && _a !== void 0 ? _a : (_b = analyzerCfg.reports) === null || _b === void 0 ? void 0 : _b.outputDir) !== null && _c !== void 0 ? _c : 'reports';
+    const port = (_d = options['port']) !== null && _d !== void 0 ? _d : 4000;
+    (0, serveDashboard_1.serveDashboard)({
+        reportsDir,
+        port,
+        open: Boolean(options['open']),
+    });
+    // Keep the process alive while the server runs
 });
 // Parse the command-line arguments
 program.parse(process.argv);

package/dist/src/serveDashboard.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * Built-in dashboard HTTP server.
+ *
+ * Serves the pre-built React dashboard from the npm package's
+ * `dashboard/dist/` directory and intercepts `/reports/*` requests to
+ * serve from the caller's actual reports directory — giving every user
+ * a live dashboard against their own coverage data with a single command.
+ *
+ * Usage (via CLI):
+ *   npx api-tests-coverage serve [--reports-dir reports/] [--port 4000] [--open]
+ */
+import * as http from 'http';
+export interface ServeDashboardOptions {
+    /** Directory containing coverage report JSON files. Default: reports/ */
+    reportsDir?: string;
+    /** Port to listen on. Default: 4000 */
+    port?: number;
+    /** Open the browser automatically. Default: false */
+    open?: boolean;
+}
+/**
+ * Start the dashboard HTTP server and return the server instance.
+ *
+ * The server:
+ *  1. Intercepts `/reports/*` → serves from `reportsDir`
+ *  2. Everything else → serves static files from `dashboard/dist/`
+ *  3. Unknown paths fall back to `index.html` (SPA client-side routing)
+ */
+export declare function serveDashboard(options?: ServeDashboardOptions): http.Server;
+//# sourceMappingURL=serveDashboard.d.ts.map

package/dist/src/serveDashboard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"serveDashboard.d.ts","sourceRoot":"","sources":["../../src/serveDashboard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAwD7B,MAAM,WAAW,qBAAqB;IACpC,yEAAyE;IACzE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,OAAO,GAAE,qBAA0B,GAAG,IAAI,CAAC,MAAM,CAkF/E"}

package/dist/src/serveDashboard.js ADDED Viewed

@@ -0,0 +1,191 @@
+"use strict";
+/**
+ * Built-in dashboard HTTP server.
+ *
+ * Serves the pre-built React dashboard from the npm package's
+ * `dashboard/dist/` directory and intercepts `/reports/*` requests to
+ * serve from the caller's actual reports directory — giving every user
+ * a live dashboard against their own coverage data with a single command.
+ *
+ * Usage (via CLI):
+ *   npx api-tests-coverage serve [--reports-dir reports/] [--port 4000] [--open]
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serveDashboard = serveDashboard;
+const http = __importStar(require("http"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const url = __importStar(require("url"));
+const child_process_1 = require("child_process");
+// ─── MIME type map ─────────────────────────────────────────────────────────────
+const MIME_TYPES = {
+    '.html': 'text/html; charset=utf-8',
+    '.js': 'application/javascript; charset=utf-8',
+    '.mjs': 'application/javascript; charset=utf-8',
+    '.css': 'text/css; charset=utf-8',
+    '.json': 'application/json; charset=utf-8',
+    '.svg': 'image/svg+xml',
+    '.png': 'image/png',
+    '.ico': 'image/x-icon',
+    '.woff': 'font/woff',
+    '.woff2': 'font/woff2',
+    '.ttf': 'font/ttf',
+    '.jtl': 'text/plain',
+    '.csv': 'text/csv',
+    '.xml': 'application/xml',
+};
+// ─── Dashboard location ───────────────────────────────────────────────────────
+/**
+ * Resolve the path to the pre-built dashboard static files.
+ *
+ * Checks two locations (first match wins):
+ *  1. dist/dashboard/  — npm-published package (prepublishOnly copies dashboard/dist here)
+ *  2. dashboard/dist/  — repo clone with dashboard already built (make dashboard-build)
+ */
+function resolveDashboardDir() {
+    // dist/src/serveDashboard.js → ../dashboard  →  dist/dashboard/  (npm package)
+    const inDist = path.resolve(__dirname, '..', 'dashboard');
+    if (fs.existsSync(path.join(inDist, 'index.html'))) {
+        return inDist;
+    }
+    // Fallback for local development: dist/src/ → ../../dashboard/dist  →  dashboard/dist/
+    const inRepo = path.resolve(__dirname, '..', '..', 'dashboard', 'dist');
+    if (fs.existsSync(path.join(inRepo, 'index.html'))) {
+        return inRepo;
+    }
+    throw new Error(`Dashboard build not found.\n` +
+        `Run: cd dashboard && npm run build\n` +
+        `Or:  make dashboard-build`);
+}
+/**
+ * Start the dashboard HTTP server and return the server instance.
+ *
+ * The server:
+ *  1. Intercepts `/reports/*` → serves from `reportsDir`
+ *  2. Everything else → serves static files from `dashboard/dist/`
+ *  3. Unknown paths fall back to `index.html` (SPA client-side routing)
+ */
+function serveDashboard(options = {}) {
+    var _a, _b;
+    const reportsDir = path.resolve((_a = options.reportsDir) !== null && _a !== void 0 ? _a : 'reports');
+    const port = (_b = options.port) !== null && _b !== void 0 ? _b : 4000;
+    const dashboardDir = resolveDashboardDir();
+    const server = http.createServer((req, res) => {
+        var _a, _b, _c, _d;
+        const parsedUrl = url.parse((_a = req.url) !== null && _a !== void 0 ? _a : '/');
+        let pathname = (_b = parsedUrl.pathname) !== null && _b !== void 0 ? _b : '/';
+        // ── 1. Serve /reports/* from the actual reports directory ──────────────
+        if (pathname.startsWith('/reports/')) {
+            const relative = pathname.slice('/reports/'.length);
+            const reportPath = path.join(reportsDir, relative);
+            // Security: prevent path traversal
+            if (!reportPath.startsWith(reportsDir + path.sep) && reportPath !== reportsDir) {
+                res.writeHead(403);
+                res.end('Forbidden');
+                return;
+            }
+            try {
+                const content = fs.readFileSync(reportPath);
+                const mimeType = (_c = MIME_TYPES[path.extname(reportPath)]) !== null && _c !== void 0 ? _c : 'application/octet-stream';
+                res.writeHead(200, {
+                    'Content-Type': mimeType,
+                    'Cache-Control': 'no-cache',
+                    'Access-Control-Allow-Origin': '*',
+                });
+                res.end(content);
+            }
+            catch {
+                res.writeHead(404, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: `Report not found: ${relative}` }));
+            }
+            return;
+        }
+        // ── 2. Serve static dashboard assets ───────────────────────────────────
+        if (pathname === '/')
+            pathname = '/index.html';
+        const filePath = path.join(dashboardDir, pathname);
+        // Security: prevent escaping dashboard dir
+        if (!filePath.startsWith(dashboardDir)) {
+            res.writeHead(403);
+            res.end('Forbidden');
+            return;
+        }
+        try {
+            const content = fs.readFileSync(filePath);
+            const mimeType = (_d = MIME_TYPES[path.extname(filePath)]) !== null && _d !== void 0 ? _d : 'text/plain';
+            res.writeHead(200, {
+                'Content-Type': mimeType,
+                'Cache-Control': path.extname(filePath) === '.html' ? 'no-cache' : 'max-age=86400',
+            });
+            res.end(content);
+        }
+        catch {
+            // ── 3. SPA fallback — serve index.html for all unknown paths ───────
+            try {
+                const indexContent = fs.readFileSync(path.join(dashboardDir, 'index.html'));
+                res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8', 'Cache-Control': 'no-cache' });
+                res.end(indexContent);
+            }
+            catch {
+                res.writeHead(500, { 'Content-Type': 'text/plain' });
+                res.end('Dashboard build missing. Run: cd dashboard && npm run build');
+            }
+        }
+    });
+    server.listen(port, () => {
+        const serverUrl = `http://localhost:${port}`;
+        console.log(`\n=== API Coverage Dashboard ===`);
+        console.log(`  URL:         ${serverUrl}`);
+        console.log(`  Reports dir: ${reportsDir}`);
+        console.log(`\nPress Ctrl+C to stop.\n`);
+        if (options.open) {
+            openBrowser(serverUrl);
+        }
+    });
+    return server;
+}
+// ─── Browser opener ───────────────────────────────────────────────────────────
+function openBrowser(targetUrl) {
+    try {
+        const cmd = process.platform === 'darwin' ? `open "${targetUrl}"` :
+            process.platform === 'win32' ? `start "" "${targetUrl}"` :
+                `xdg-open "${targetUrl}"`;
+        (0, child_process_1.execSync)(cmd, { stdio: 'ignore' });
+    }
+    catch {
+        // Silently ignore — browser open is best-effort
+    }
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "api-tests-coverage",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "CLI and library to measure how thoroughly your test suite exercises your API surface area",
   "main": "dist/src/lib/index.js",
   "types": "dist/src/lib/index.d.ts",
@@ -10,6 +10,7 @@
   "files": [
     "dist/src/",
     "dist/action/",
+    "dist/dashboard/",
     "README.md",
     "config.yaml.example"
   ],
@@ -35,7 +36,7 @@
   "license": "MIT",
   "scripts": {
     "build": "tsc",
-    "prepublishOnly": "npm run build",
+    "prepublishOnly": "npm run build && cd dashboard && npm run build && cd .. && cp -r dashboard/dist dist/dashboard",
     "start": "node dist/src/index.js",
     "test": "jest",
     "coverage": "node scripts/run-coverage.js",