api-tests-coverage 1.0.19 → 1.0.20

package/dist/src/index.js

@@ -1403,7 +1403,7 @@ program
     .option('--port <port>', 'Port for the dashboard server (requires --dashboard)', parseInt)
     .option('--open', 'Open the dashboard in your browser automatically (requires --dashboard)')
     .action(async (options) => {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q;
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u, _v, _w;
     const { metricsPort, serviceName } = setupObservability();
     const logger = (0, observability_1.getLogger)();
     const configPath = program.opts()['config'];
@@ -1456,7 +1456,7 @@ program
     }
     // ── 3. Integration flow inference ──────────────────────────────────────
     if (doInferFlows) {
-        inferredFlowsResult = (0, integrationFlowInference_1.inferIntegrationFlows)(artifacts.testFiles, warnings);
+        inferredFlowsResult = (0, integrationFlowInference_1.inferIntegrationFlows)(artifacts.testFiles, warnings, artifacts.serviceFiles);
         const flowsPath = (0, integrationFlowInference_1.writeInferredIntegrationFlows)(inferredFlowsResult, reportsDir);
         console.log(`\nIntegration Flow Inference`);
         console.log(`  Multi-step flows detected in tests: ${inferredFlowsResult.flows.length}`);
@@ -1514,6 +1514,13 @@ program
             while ((m = TEST_DECL_RE.exec(content)) !== null) {
                 descriptions.push(m[2].toLowerCase());
             }
+            // Generic: extract test function/method names for Python (def test_xxx),
+            // Ruby (def test_xxx), and similar frameworks where test names are method names.
+            const GENERIC_TEST_FN_RE = /\bdef\s+((?:test|should|spec)_\w+)\s*\(/g;
+            GENERIC_TEST_FN_RE.lastIndex = 0;
+            while ((m = GENERIC_TEST_FN_RE.exec(content)) !== null) {
+                descriptions.push(m[1].replace(/_/g, ' ').toLowerCase());
+            }
         }
         return [{ file: tf, contentLower, descriptions, isJavaLike }];
     });
@@ -1910,6 +1917,137 @@ program
         allCoverageResults.push(flowResult);
         console.log(`  ${syntheticReport.complete}/${syntheticReport.total} multi-step flows detected and covered (100%)`);
     }
+    // ── 4f-perf. Performance & resilience coverage ────────────────────────────
+    // When load-test files (JMeter/k6/Gatling) are available, use them.
+    // When none are found, infer performance/resilience evidence from test content.
+    {
+        // ─ Keywords ──────────────────────────────────────────────────────────────
+        const PERF_KEYWORDS = [
+            'load', 'performance', 'stress', 'throughput', 'latency', 'benchmark',
+            'concurrent', 'response time', 'response_time', 'timing', 'timed',
+            'slow', 'fast', 'speed', 'millisecond', 'ms ', ' ms',
+        ];
+        const RESILIENCE_KEYWORD_MAP = {
+            'timeout': ['timeout', 'timed out', 'connection timeout', 'request timeout', 'read timeout'],
+            'retry': ['retry', 'retries', 'retried', 'attempt', 'backoff', 'back-off'],
+            'circuit-breaker': ['circuit breaker', 'circuit_breaker', 'circuitbreaker', 'open circuit'],
+            'fallback': ['fallback', 'fall back', 'fall-back', 'default response', 'degraded'],
+            'rate-limiting': ['rate limit', 'rate_limit', 'ratelimit', '429', 'too many requests', 'throttl'],
+            'bulkhead': ['bulkhead', 'semaphore', 'queue full', 'concurrency limit'],
+        };
+        if (artifacts.performanceFiles.length > 0) {
+            // ─ Explicit: JMeter / k6 / Gatling files found ─────────────────────
+            try {
+                console.log(`\nAnalyzing performance coverage (${artifacts.performanceFiles.length} load-test file(s))...`);
+                const endpointItems = (_s = (_r = (_q = allCoverageResults.find((r) => r.type === 'endpoint')) === null || _q === void 0 ? void 0 : _q.details) === null || _r === void 0 ? void 0 : _r.items) !== null && _s !== void 0 ? _s : [];
+                const endpoints = endpointItems.map((item) => {
+                    var _a, _b;
+                    const parts = item.id.split(' ');
+                    return { id: item.id, method: (_a = parts[0]) !== null && _a !== void 0 ? _a : 'GET', path: (_b = parts[1]) !== null && _b !== void 0 ? _b : item.id };
+                });
+                const metricsMap = (0, perfResilienceCoverage_1.parseLoadTestResults)(artifacts.performanceFiles);
+                const perfThresholds = { responseMs: 500, errorRate: 0.05 };
+                const perfCoverages = (0, perfResilienceCoverage_1.analyzePerformanceCoverage)(endpoints, metricsMap, perfThresholds);
+                const scenarios = (0, perfResilienceCoverage_1.buildResilienceScenarios)(endpoints);
+                const resilienceCoverages = await (0, perfResilienceCoverage_1.analyzeResilienceCoverage)(scenarios, testsGlob);
+                const report = (0, perfResilienceCoverage_1.buildPerfResilienceReport)(perfCoverages, resilienceCoverages);
+                const perfResult = {
+                    type: 'performance',
+                    totalItems: report.totalEndpoints,
+                    coveredItems: report.endpointsWithLoadData,
+                    coveragePercent: report.performanceCoveragePercent,
+                    details: report,
+                };
+                const resilienceResult = {
+                    type: 'resilience',
+                    totalItems: report.totalResilienceScenarios,
+                    coveredItems: report.coveredResilienceScenarios,
+                    coveragePercent: report.resilienceCoveragePercent,
+                    details: report,
+                };
+                allCoverageResults.push(perfResult, resilienceResult);
+                console.log(`  ${report.endpointsWithLoadData}/${report.totalEndpoints} endpoints have load-test data (${report.performanceCoveragePercent}%)`);
+                console.log(`  ${report.coveredResilienceScenarios}/${report.totalResilienceScenarios} resilience scenarios covered (${report.resilienceCoveragePercent}%)`);
+            }
+            catch (perfErr) {
+                warnings.push(`Performance coverage failed: ${perfErr instanceof Error ? perfErr.message : String(perfErr)}`);
+            }
+        }
+        else {
+            // ─ Inferred: no load-test files found — scan test content for signals ─
+            console.log(`\nPerformance & resilience coverage (inferred — no JMeter/k6/Gatling files found)...`);
+            // Build a flat list of all known endpoints from earlier coverage results
+            const knownEndpoints = ((_v = (_u = (_t = allCoverageResults.find((r) => r.type === 'endpoint')) === null || _t === void 0 ? void 0 : _t.details) === null || _u === void 0 ? void 0 : _u.items) !== null && _v !== void 0 ? _v : []).map((item) => item.id);
+            const allTestContent = testEntries.map((e) => e.contentLower);
+            const combinedTestContent = allTestContent.join('\n');
+            // ─ Performance inference ────────────────────────────────────────────
+            const hasPerfSignal = PERF_KEYWORDS.some((kw) => combinedTestContent.includes(kw));
+            const perfItems = knownEndpoints.map((endpointId) => {
+                var _a, _b;
+                const parts = endpointId.split(' ');
+                const epPath = ((_a = parts[1]) !== null && _a !== void 0 ? _a : endpointId).toLowerCase();
+                const epLeaf = (_b = epPath.split('/').filter(Boolean).pop()) !== null && _b !== void 0 ? _b : epPath;
+                const hasEvidenceInTests = testEntries.some(({ contentLower }) => {
+                    const mentionsEndpoint = epLeaf.length > 2
+                        ? contentLower.includes(epLeaf)
+                        : contentLower.includes(epPath);
+                    const hasPerfKw = PERF_KEYWORDS.some((kw) => contentLower.includes(kw));
+                    return mentionsEndpoint && hasPerfKw;
+                });
+                return { id: endpointId, hasEvidence: hasEvidenceInTests };
+            });
+            const perfCoveredCount = perfItems.filter((i) => i.hasEvidence).length;
+            const perfTotal = Math.max(perfItems.length, 1); // avoid 0-denominator
+            const perfPct = knownEndpoints.length === 0
+                ? (hasPerfSignal ? 30 : 0) // no routes but some signal
+                : Math.round((perfCoveredCount / perfItems.length) * 100);
+            const perfResult = {
+                type: 'performance',
+                totalItems: perfItems.length || 1,
+                coveredItems: knownEndpoints.length === 0 && hasPerfSignal ? 0 : perfCoveredCount,
+                coveragePercent: perfPct,
+                details: {
+                    inferred: true,
+                    note: 'No JMeter, k6, or Gatling files found. Coverage inferred from test content keywords.',
+                    totalEndpoints: perfItems.length,
+                    endpointsWithEvidence: perfCoveredCount,
+                    performanceCoveragePercent: perfPct,
+                    items: perfItems,
+                },
+            };
+            allCoverageResults.push(perfResult);
+            if (knownEndpoints.length > 0) {
+                console.log(`  ${perfCoveredCount}/${perfItems.length} endpoints have performance test evidence (${perfPct}%)`);
+            }
+            else {
+                console.log(`  Performance signal in tests: ${hasPerfSignal ? 'yes' : 'none'} (0% — no load-test files)`);
+            }
+            console.log(`  [NOTE] Add JMeter .jtl/.csv, k6 .json, or Gatling simulation.log files for accurate load-test metrics.`);
+            // ─ Resilience inference ──────────────────────────────────────────────
+            const resilienceItems = Object.entries(RESILIENCE_KEYWORD_MAP).map(([category, keywords]) => {
+                const covered = testEntries.some(({ contentLower }) => keywords.some((kw) => contentLower.includes(kw)));
+                return { id: `resilience:${category}`, category, covered };
+            });
+            const resCoveredCount = resilienceItems.filter((i) => i.covered).length;
+            const resPct = Math.round((resCoveredCount / resilienceItems.length) * 100);
+            const resilienceResult = {
+                type: 'resilience',
+                totalItems: resilienceItems.length,
+                coveredItems: resCoveredCount,
+                coveragePercent: resPct,
+                details: {
+                    inferred: true,
+                    note: 'Resilience coverage inferred from test content. No load-test files found.',
+                    totalResilienceScenarios: resilienceItems.length,
+                    coveredResilienceScenarios: resCoveredCount,
+                    resilienceCoveragePercent: resPct,
+                    items: resilienceItems,
+                },
+            };
+            allCoverageResults.push(resilienceResult);
+            console.log(`  ${resCoveredCount}/${resilienceItems.length} resilience categories have test evidence (${resPct}%)`);
+        }
+    }
     if (allCoverageResults.length > 0) {
         const observabilityInfo = (0, observability_1.buildObservabilityInfo)(metricsPort);
         (0, reporting_1.generateMultiFormatReports)(allCoverageResults, ['json'], reportsDir, {}, observabilityInfo);
@@ -2019,7 +2157,7 @@ program
     if (options['dashboard']) {
         (0, serveDashboard_1.serveDashboard)({
             reportsDir: reportsDir,
-            port: (_q = options['port']) !== null && _q !== void 0 ? _q : 4000,
+            port: (_w = options['port']) !== null && _w !== void 0 ? _w : 4000,
             open: Boolean(options['open']),
         });
         // Keep the process alive — the HTTP server holds the event loop open

package/dist/src/inference/businessRuleInference.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"businessRuleInference.d.ts","sourceRoot":"","sources":["../../../src/inference/businessRuleInference.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAOH,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;AACjD,MAAM,MAAM,QAAQ,GAChB,YAAY,GACZ,eAAe,GACf,gBAAgB,GAChB,YAAY,CAAC;AAEjB,MAAM,WAAW,oBAAoB;IACnC,0DAA0D;IAC1D,EAAE,EAAE,MAAM,CAAC;IACX,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,UAAU,CAAC;IACxB,IAAI,EAAE,QAAQ,CAAC;IACf,+CAA+C;IAC/C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,sDAAsD;IACtD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,8BAA8B;IAC9B,eAAe,EAAE,MAAM,CAAC;IACxB,+BAA+B;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,sFAAsF;IACtF,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,2BAA2B;IAC1C,KAAK,EAAE,oBAAoB,EAAE,CAAC;IAC9B,uCAAuC;IACvC,aAAa,EAAE,MAAM,CAAC;IACtB,wEAAwE;IACxE,QAAQ,EAAE,OAAO,CAAC;IAClB,uCAAuC;IACvC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AA2ID;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,oBAAoB,EAAE,CA4C3E;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,YAAY,EAAE,MAAM,EAAE,EACtB,QAAQ,GAAE,MAAM,EAAO,GACtB,2BAA2B,CAuB7B;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,2BAA2B,EACnC,UAAU,EAAE,MAAM,GACjB,MAAM,CAYR;AAID,eAAO,MAAM,kBAAkB,aAM7B,CAAC;AAEH;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,CAwCnE"}
+{"version":3,"file":"businessRuleInference.d.ts","sourceRoot":"","sources":["../../../src/inference/businessRuleInference.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAOH,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;AACjD,MAAM,MAAM,QAAQ,GAChB,YAAY,GACZ,eAAe,GACf,gBAAgB,GAChB,YAAY,CAAC;AAEjB,MAAM,WAAW,oBAAoB;IACnC,0DAA0D;IAC1D,EAAE,EAAE,MAAM,CAAC;IACX,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,UAAU,CAAC;IACxB,IAAI,EAAE,QAAQ,CAAC;IACf,+CAA+C;IAC/C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,sDAAsD;IACtD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,8BAA8B;IAC9B,eAAe,EAAE,MAAM,CAAC;IACxB,+BAA+B;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,sFAAsF;IACtF,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,2BAA2B;IAC1C,KAAK,EAAE,oBAAoB,EAAE,CAAC;IAC9B,uCAAuC;IACvC,aAAa,EAAE,MAAM,CAAC;IACtB,wEAAwE;IACxE,QAAQ,EAAE,OAAO,CAAC;IAClB,uCAAuC;IACvC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAwPD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,oBAAoB,EAAE,CA8C3E;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,YAAY,EAAE,MAAM,EAAE,EACtB,QAAQ,GAAE,MAAM,EAAO,GACtB,2BAA2B,CAuB7B;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,2BAA2B,EACnC,UAAU,EAAE,MAAM,GACjB,MAAM,CAYR;AAID,eAAO,MAAM,kBAAkB,aAM7B,CAAC;AAEH;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,CAwCnE"}

package/dist/src/inference/businessRuleInference.js

@@ -138,12 +138,104 @@ const INFERENCE_PATTERNS = [
         behaviorTemplate: (m) => `${m[1]} must not exceed ${m[2]}`,
         conditionTemplate: (m) => `${m[1]} > ${m[2]}`,
     },
+    // ── Flask / Python-specific patterns ──────────────────────────────────────
+    // Broader Python raise: any raise X() or raise X.y() not already ending in Exception/Error
+    // (Ordered after the existing raise patterns so deduplification by source location handles overlap)
+    {
+        type: 'business_logic',
+        pattern: /\braise\s+([\w]+(?:\.[\w]+)*)\s*(?:\(([^)]{0,60})\))?/,
+        nameTemplate: (m) => { var _a; return toSnakeCase((_a = m[1].split('.').pop()) !== null && _a !== void 0 ? _a : m[1]); },
+        behaviorTemplate: (m) => `Operation rejected: ${m[1]}`,
+        conditionTemplate: (m) => { var _a; return `raise ${m[1]}(${((_a = m[2]) !== null && _a !== void 0 ? _a : '').trim()})`; },
+    },
+    // Python `if not X:` null guard — idiomatic Python nil check
+    {
+        type: 'validation',
+        pattern: /if\s+not\s+([\w.]+)\s*(?::|and|or)/,
+        nameTemplate: (m) => `require_${toSnakeCase(m[1].replace(/\./g, '_'))}`,
+        behaviorTemplate: (m) => `${m[1]} must exist`,
+        conditionTemplate: (m) => `if not ${m[1]}`,
+    },
+    // Flask/Django auth decorators: @jwt_required, @login_required, etc.
+    {
+        type: 'authorization',
+        pattern: /@(jwt_required|login_required|require_auth|requires_auth|permission_required|auth_required|authenticated_user|require_permissions?)\b/i,
+        nameTemplate: (m) => `require_${toSnakeCase(m[1])}`,
+        behaviorTemplate: (m) => `Request requires authentication (${m[1]})`,
+        conditionTemplate: (m) => `@${m[1]}`,
+    },
+    // Flask `@use_kwargs` / `@validate_arguments` input validation
+    {
+        type: 'validation',
+        pattern: /@(use_kwargs|validate_arguments?|expects_json|validate_body)\s*\(\s*([\w]+)/i,
+        nameTemplate: (m) => { var _a; return `validate_input_${toSnakeCase((_a = m[2]) !== null && _a !== void 0 ? _a : 'schema')}`; },
+        behaviorTemplate: (m) => { var _a; return `Input validated against ${(_a = m[2]) !== null && _a !== void 0 ? _a : 'schema'}`; },
+        conditionTemplate: (m) => { var _a; return `@${m[1]}(${(_a = m[2]) !== null && _a !== void 0 ? _a : ''})`; },
+    },
+    // Python ownership / attribute comparison guard
+    {
+        type: 'authorization',
+        pattern: /if\s+[\w.]+\s*!=\s*[\w.]+\.(?:id|user_id|author_id|owner_id|profile\.id)/,
+        nameTemplate: () => 'ownership_check',
+        behaviorTemplate: () => 'Resource must belong to the requesting user',
+        conditionTemplate: (m) => m[0].trim(),
+    },
+    // ── Generic JS/TS/frontend patterns ───────────────────────────────────────
+    // Generic JS/TS `if (!expression)` null/falsy guard
+    // Matches meaningful presence checks like !JWT.get(), !User.current, !token
+    // Skips pure normalisation calls like .trim(), .length, .toLowerCase(), etc.
+    // via the skipIfGroup1Matches post-match filter.
+    {
+        type: 'validation',
+        pattern: /if\s*\(\s*!\s*([\w][\w.[\]]*(?:\.\w+\(\s*\))?)\s*\)/,
+        skipIfGroup1Matches: /\.(trim|length|split|join|toLowerCase|toUpperCase|toString|valueOf|slice|substr|substring|replace|indexOf|includes|startsWith|endsWith)\(\s*\)$/,
+        nameTemplate: (m) => `require_${toSnakeCase(m[1].replace(/[^a-zA-Z0-9]/g, '_').replace(/_+/g, '_').replace(/^_|_$/g, ''))}`,
+        behaviorTemplate: (m) => `${m[1]} must be present/truthy`,
+        conditionTemplate: (m) => `!${m[1]}`,
+    },
+    // HTTP status comparison guard (frontend interceptors): rejection.status === 401
+    {
+        type: 'validation',
+        pattern: /\.status\s*={1,3}\s*(4\d\d|5\d\d)/,
+        nameTemplate: (m) => `http_status_${m[1]}_check`,
+        behaviorTemplate: (m) => `Handle HTTP ${m[1]} error response`,
+        conditionTemplate: (m) => `status == ${m[1]}`,
+    },
+    // Ownership / identity comparison guard (username === author.username)
+    {
+        type: 'authorization',
+        pattern: /if\s*\(?\s*[\w.]+\.(?:username|userId|user_id|email|id)\s*!==?\s*[\w.]+\.(?:username|userId|user_id|email|id|author\.username)/,
+        nameTemplate: () => 'ownership_identity_check',
+        behaviorTemplate: () => 'Resource belongs to a specific user identity',
+        conditionTemplate: (m) => m[0].trim().replace(/^if\s*\(?/, '').replace(/\)?\s*$/, ''),
+    },
+    // Generic early-return guard: if (cond) return/throw on same or adjacent line
+    {
+        type: 'business_logic',
+        pattern: /if\s*\([^)]{3,80}\)\s*(?:\{[^}]{0,40}\})?\s*(?:return|throw|raise)\b/,
+        nameTemplate: () => 'guard_condition',
+        behaviorTemplate: () => 'Early return or error on condition',
+        conditionTemplate: (m) => {
+            const cond = m[0].match(/if\s*\(([^)]{3,80})\)/);
+            return cond ? cond[1].trim() : m[0].trim();
+        },
+    },
 ];
 // ─── Endpoint heuristics ──────────────────────────────────────────────────────
 /** Attempt to associate a rule with the nearest HTTP route/endpoint annotation. */
 function guessEndpoint(lines, ruleLineIdx) {
     // Search up to 40 lines above for common routing patterns
     const lookupLines = lines.slice(Math.max(0, ruleLineIdx - 40), ruleLineIdx);
+    // Flask: @blueprint.route('/path', methods=...) / @app.route('/path', ...)
+    for (let i = lookupLines.length - 1; i >= 0; i--) {
+        const fm = lookupLines[i].match(/@\w+\.route\s*\(\s*['"]([^'"]+)['"]/);
+        if (fm) {
+            // Try to find method from same line or near
+            const methodsMatch = lookupLines[i].match(/methods\s*=\s*[\[(]['"]?([\w]+)['"]?/);
+            const method = methodsMatch ? methodsMatch[1].toUpperCase() : 'GET';
+            return `${method} ${fm[1]}`;
+        }
+    }
     // Spring: @GetMapping("/path") / @PostMapping / @RequestMapping
     for (let i = lookupLines.length - 1; i >= 0; i--) {
         const m = lookupLines[i].match(/@(Get|Post|Put|Patch|Delete|Request)Mapping\s*\(\s*["']([^"']+)["']/i);
@@ -191,6 +283,9 @@ function inferRulesFromFile(filePath) {
             const match = line.match(ip.pattern);
             if (!match)
                 continue;
+            // Post-match filter: skip false positives based on first captured group
+            if (ip.skipIfGroup1Matches && match[1] && ip.skipIfGroup1Matches.test(match[1]))
+                continue;
             const condition = ip.conditionTemplate(match);
             const sourceLocation = `${filePath}:${lineIdx + 1}`;
             const dedupKey = `${filePath}:${lineIdx}:${condition}`;

package/dist/src/inference/integrationFlowInference.d.ts

@@ -44,10 +44,20 @@ export interface IntegrationFlowInferenceResult {
  * Infer integration flows from a single test file.
  */
 export declare function inferFlowsFromFile(filePath: string): InferredIntegrationFlow[];
+/**
+ * Infer integration flows from service source files (not test files).
+ *
+ * Used as a fallback when no test files are present (e.g. frontend-only projects).
+ * Only produces flows for source files that contain 2+ HTTP calls in the same function.
+ */
+export declare function inferFlowsFromSourceFiles(serviceFiles: string[]): InferredIntegrationFlow[];
 /**
  * Run flow inference across all provided test files.
+ *
+ * When `testFiles` is empty and `serviceFiles` is provided, flows are inferred
+ * from the service source code instead and tagged accordingly.
  */
-export declare function inferIntegrationFlows(testFiles: string[], warnings?: string[]): IntegrationFlowInferenceResult;
+export declare function inferIntegrationFlows(testFiles: string[], warnings?: string[], serviceFiles?: string[]): IntegrationFlowInferenceResult;
 /**
  * Write inferred integration flows to the reports directory.
  * Returns the path of the written file.

package/dist/src/inference/integrationFlowInference.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integrationFlowInference.d.ts","sourceRoot":"","sources":["../../../src/inference/integrationFlowInference.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAOH,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;AAEjD,MAAM,WAAW,QAAQ;IACvB,kBAAkB;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,uBAAuB;IACtC,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,UAAU,CAAC;IACxB,+BAA+B;IAC/B,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,iDAAiD;IACjD,eAAe,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,8BAA8B;IAC7C,KAAK,EAAE,uBAAuB,EAAE,CAAC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AA4KD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,uBAAuB,EAAE,CAW9E;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,MAAM,EAAE,EACnB,QAAQ,GAAE,MAAM,EAAO,GACtB,8BAA8B,CA2BhC;AAED;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,MAAM,EAAE,8BAA8B,EACtC,UAAU,EAAE,MAAM,GACjB,MAAM,CAYR"}
+{"version":3,"file":"integrationFlowInference.d.ts","sourceRoot":"","sources":["../../../src/inference/integrationFlowInference.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAOH,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;AAEjD,MAAM,WAAW,QAAQ;IACvB,kBAAkB;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,uBAAuB;IACtC,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,UAAU,CAAC;IACxB,+BAA+B;IAC/B,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,iDAAiD;IACjD,eAAe,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,8BAA8B;IAC7C,KAAK,EAAE,uBAAuB,EAAE,CAAC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAqLD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,uBAAuB,EAAE,CAW9E;AAED;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,uBAAuB,EAAE,CAgB3F;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,MAAM,EAAE,EACnB,QAAQ,GAAE,MAAM,EAAO,EACvB,YAAY,CAAC,EAAE,MAAM,EAAE,GACtB,8BAA8B,CAoChC;AAED;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,MAAM,EAAE,8BAA8B,EACtC,UAAU,EAAE,MAAM,GACjB,MAAM,CAYR"}

package/dist/src/inference/integrationFlowInference.js

@@ -48,6 +48,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.inferFlowsFromFile = inferFlowsFromFile;
+exports.inferFlowsFromSourceFiles = inferFlowsFromSourceFiles;
 exports.inferIntegrationFlows = inferIntegrationFlows;
 exports.writeInferredIntegrationFlows = writeInferredIntegrationFlows;
 const fs = __importStar(require("fs"));
@@ -63,6 +64,11 @@ const HTTP_CALL_PATTERNS = [
     { pattern: /\b(get|post|put|patch|delete)\s+['"`]([^'"`\s]+)['"`]/i, methodGroup: 1, pathGroup: 2 },
     // fetch('/path', { method: 'POST' })
     { pattern: /fetch\s*\(\s*['"`]([^'"`]+)['"`]\s*,\s*\{[^}]*method\s*:\s*['"`](GET|POST|PUT|PATCH|DELETE|HEAD)['"`]/i, methodGroup: 2, pathGroup: 1 },
+    // WebTest TestApp: testapp.post_json(url_for('endpoint'), data)
+    // Also handles: testapp.get(url_for('endpoint')), testapp.delete_json(...)
+    { pattern: /(?:testapp|self\.testapp)\.(get_json|post_json|put_json|patch_json|delete_json|get|post|put|patch|delete)\s*\(\s*url_for\s*\(\s*['"]([^'"]+)['"]/i, methodGroup: 1, pathGroup: 2 },
+    // WebTest without url_for: testapp.get('/path')
+    { pattern: /(?:testapp|self\.testapp)\.(get_json|post_json|put_json|patch_json|delete_json|get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`]/i, methodGroup: 1, pathGroup: 2 },
 ];
 /** Patterns for test function / scenario boundaries */
 const TEST_FUNCTION_PATTERNS = [
@@ -85,6 +91,8 @@ function extractHttpCallsFromLines(lines) {
             const m = line.match(p.pattern);
             if (m) {
                 const method = m[p.methodGroup].toUpperCase();
+                // Normalize WebTest _json suffix: POST_JSON → POST, GET_JSON → GET
+                const normalizedMethod = method.replace(/_JSON$/, '');
                 const rawPath = m[p.pathGroup];
                 // Skip unlikely paths (full URLs with domain, non-path values)
                 if (rawPath.startsWith('http') && !rawPath.includes('/api'))
@@ -92,7 +100,7 @@ function extractHttpCallsFromLines(lines) {
                 const cleanPath = extractPathFromUrl(rawPath);
                 if (!cleanPath)
                     continue;
-                calls.push({ method, path: cleanPath, lineIdx: i });
+                calls.push({ method: normalizedMethod, path: cleanPath, lineIdx: i });
                 break; // only first pattern match per line
             }
         }
@@ -102,6 +110,9 @@ function extractHttpCallsFromLines(lines) {
 function extractPathFromUrl(raw) {
     if (raw.startsWith('/'))
         return raw;
+    // url_for endpoint name: 'blueprint.function' — treat as pseudo-path
+    if (/^\w+\.\w+$/.test(raw))
+        return `/${raw.replace('.', '/')}`;
     try {
         const u = new URL(raw);
         return u.pathname || undefined;
@@ -203,10 +214,46 @@ function inferFlowsFromFile(filePath) {
     const calls = extractHttpCallsFromLines(lines);
     return groupCallsIntoFlows(calls, filePath, lines);
 }
+/**
+ * Infer integration flows from service source files (not test files).
+ *
+ * Used as a fallback when no test files are present (e.g. frontend-only projects).
+ * Only produces flows for source files that contain 2+ HTTP calls in the same function.
+ */
+function inferFlowsFromSourceFiles(serviceFiles) {
+    const allFlows = [];
+    for (const fp of serviceFiles) {
+        let content;
+        try {
+            content = fs.readFileSync(fp, 'utf-8');
+        }
+        catch {
+            continue;
+        }
+        const lines = content.split('\n');
+        const calls = extractHttpCallsFromLines(lines);
+        if (calls.length < 2)
+            continue;
+        const flows = groupCallsIntoFlows(calls, fp, lines);
+        allFlows.push(...flows);
+    }
+    return allFlows;
+}
 /**
  * Run flow inference across all provided test files.
+ *
+ * When `testFiles` is empty and `serviceFiles` is provided, flows are inferred
+ * from the service source code instead and tagged accordingly.
  */
-function inferIntegrationFlows(testFiles, warnings = []) {
+function inferIntegrationFlows(testFiles, warnings = [], serviceFiles) {
+    if (testFiles.length === 0 && serviceFiles && serviceFiles.length > 0) {
+        warnings.push('No test files found; integration flows inferred from service source code.');
+        const flows = inferFlowsFromSourceFiles(serviceFiles);
+        if (flows.length === 0) {
+            warnings.push('No multi-step HTTP call sequences detected in service source files; integration flow inference produced no results.');
+        }
+        return { flows, filesAnalyzed: serviceFiles.length, inferred: true, warnings };
+    }
     if (testFiles.length === 0) {
         warnings.push('No test files provided; integration flow inference skipped.');
         return { flows: [], filesAnalyzed: 0, inferred: true, warnings };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "api-tests-coverage",
-  "version": "1.0.19",
+  "version": "1.0.20",
   "description": "CLI and library to measure how thoroughly your test suite exercises your API surface area",
   "main": "dist/src/lib/index.js",
   "types": "dist/src/lib/index.d.ts",