api-tests-coverage 1.0.21 → 1.0.22

package/dist/src/generation/template-renderer.js

@@ -0,0 +1,526 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OWASP_INJECTION_STRINGS = void 0;
+exports.renderFileHeader = renderFileHeader;
+exports.renderTemplate = renderTemplate;
+exports.getTemplateName = getTemplateName;
+/** Common OWASP injection strings for security tests */
+exports.OWASP_INJECTION_STRINGS = [
+    "' OR '1'='1",
+    "'; DROP TABLE users; --",
+    '<script>alert("xss")</script>',
+    '../../../etc/passwd',
+    '${7*7}',
+    '{{7*7}}',
+    '; ls -la',
+    '\\x00',
+    '%00',
+    '<img src=x onerror=alert(1)>',
+];
+/** Standard file header injected into every generated test file */
+function renderFileHeader(gapId, gapType) {
+    return [
+        '// AUTO-GENERATED by api-test-coverage-analyzer',
+        `// Gap ID: ${gapId} | Type: ${gapType}`,
+        '// DO NOT EDIT — regenerate with: node dist/src/index.js generate-tests',
+        '// TODO: Review and adjust before committing',
+        '',
+    ].join('\n');
+}
+/** Simple string interpolation — replaces {{key}} tokens with values */
+function interpolate(template, vars) {
+    return template.replace(/\{\{(\w+)\}\}/g, (_, key) => { var _a; return (_a = vars[key]) !== null && _a !== void 0 ? _a : `{{${key}}}`; });
+}
+// ─── TypeScript / Jest templates ─────────────────────────────────────────────
+function renderEndpointMissing(gap, ctx) {
+    var _a, _b, _c, _d;
+    const method = (_b = (_a = gap.endpoint) === null || _a === void 0 ? void 0 : _a.method) !== null && _b !== void 0 ? _b : 'GET';
+    const endpointPath = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.path) !== null && _d !== void 0 ? _d : '/unknown';
+    const methodLower = method.toLowerCase();
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+describe('${method} ${endpointPath}', () => {
+  it('should return 200 with valid response', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN'); // TODO: add valid token
+
+    expect(response.status).toBe(200);
+    expect(response.body).toMatchObject({}); // TODO: add expected shape
+  });
+
+  it('should return 401 when not authenticated', async () => {
+    const response = await request(app).${methodLower}('${endpointPath}');
+    expect(response.status).toBe(401);
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderParameterMissing(gap, ctx) {
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+    const paramName = (_b = (_a = gap.parameter) === null || _a === void 0 ? void 0 : _a.name) !== null && _b !== void 0 ? _b : 'param';
+    const paramIn = (_d = (_c = gap.parameter) === null || _c === void 0 ? void 0 : _c.in) !== null && _d !== void 0 ? _d : 'query';
+    const required = (_f = (_e = gap.parameter) === null || _e === void 0 ? void 0 : _e.required) !== null && _f !== void 0 ? _f : false;
+    const endpointPath = (_h = (_g = gap.endpoint) === null || _g === void 0 ? void 0 : _g.path) !== null && _h !== void 0 ? _h : '/api/endpoint';
+    const method = (_k = (_j = gap.endpoint) === null || _j === void 0 ? void 0 : _j.method) !== null && _k !== void 0 ? _k : 'GET';
+    const methodLower = method.toLowerCase();
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+describe('${method} ${endpointPath} — parameter: ${paramName}', () => {
+  it('should accept a valid ${paramName} ${paramIn} parameter', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      ${paramIn === 'query' ? `.query({ ${paramName}: 'valid-value' }) // TODO: provide valid value` : `.send({ ${paramName}: 'valid-value' }) // TODO: provide valid value`}
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN'); // TODO: add valid token
+
+    expect(response.status).toBe(200);
+    expect(response.body).toMatchObject({}); // TODO: add expected shape
+  });
+${required
+        ? `
+  it('should return 400 when ${paramName} is missing', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN'); // TODO: add valid token
+
+    expect(response.status).toBe(400);
+  });
+`
+        : ''}
+  it('should return 400 when ${paramName} is invalid', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      ${paramIn === 'query' ? `.query({ ${paramName}: 'INVALID_VALUE' }) // TODO: provide invalid value` : `.send({ ${paramName}: 'INVALID_VALUE' }) // TODO: provide invalid value`}
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN'); // TODO: add valid token
+
+    expect(response.status).toBe(400);
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderParameterNotValidated(gap, ctx) {
+    var _a, _b, _c, _d, _e, _f;
+    const paramName = (_b = (_a = gap.parameter) === null || _a === void 0 ? void 0 : _a.name) !== null && _b !== void 0 ? _b : 'param';
+    const endpointPath = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.path) !== null && _d !== void 0 ? _d : '/api/endpoint';
+    const method = (_f = (_e = gap.endpoint) === null || _e === void 0 ? void 0 : _e.method) !== null && _f !== void 0 ? _f : 'GET';
+    const methodLower = method.toLowerCase();
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+describe('${method} ${endpointPath} — validation: ${paramName}', () => {
+  it('should reject empty ${paramName}', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .send({ ${paramName}: '' }) // TODO: adjust payload location
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+
+    expect(response.status).toBe(400);
+    expect(response.body).toMatchObject({ error: expect.any(String) }); // TODO: match actual error shape
+  });
+
+  it('should reject ${paramName} exceeding max length', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .send({ ${paramName}: 'x'.repeat(1000) }) // TODO: adjust max length
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+
+    expect(response.status).toBe(400);
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderBusinessMissing(gap, ctx) {
+    var _a, _b, _c, _d;
+    const ruleId = (_b = (_a = gap.businessRule) === null || _a === void 0 ? void 0 : _a.id) !== null && _b !== void 0 ? _b : 'BR-XXX';
+    const description = (_d = (_c = gap.businessRule) === null || _c === void 0 ? void 0 : _c.description) !== null && _d !== void 0 ? _d : 'Business rule';
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+// Business Rule: ${ruleId} — ${description}
+describe('Business Rule ${ruleId}: ${description}', () => {
+  it('should enforce rule when conditions are met', async () => {
+    // TODO: set up test data that triggers the business rule
+    const response = await request(app)
+      .post('/api/TODO_ENDPOINT') // TODO: replace with actual endpoint
+      .send({
+        // TODO: add request body that triggers the rule
+      })
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+
+    expect(response.status).toBe(422); // TODO: adjust expected status
+    expect(response.body).toMatchObject({
+      error: expect.any(String), // TODO: match actual error shape
+    });
+  });
+
+  it('should allow the operation when the rule is satisfied', async () => {
+    const response = await request(app)
+      .post('/api/TODO_ENDPOINT') // TODO: replace with actual endpoint
+      .send({
+        // TODO: add request body that satisfies the rule
+      })
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+
+    expect(response.status).toBe(200); // TODO: adjust expected status
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderIntegrationMissingStep(gap, ctx) {
+    var _a, _b, _c, _d, _e, _f;
+    const flowId = (_b = (_a = gap.integrationFlow) === null || _a === void 0 ? void 0 : _a.id) !== null && _b !== void 0 ? _b : 'flow-001';
+    const flowName = (_d = (_c = gap.integrationFlow) === null || _c === void 0 ? void 0 : _c.name) !== null && _d !== void 0 ? _d : 'Integration Flow';
+    const missingStep = (_f = (_e = gap.integrationFlow) === null || _e === void 0 ? void 0 : _e.missingStep) !== null && _f !== void 0 ? _f : 'step';
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+// Integration Flow: ${flowId} — ${flowName}
+describe('Integration Flow ${flowId}: ${flowName}', () => {
+  it('should complete the full flow including: ${missingStep}', async () => {
+    // Step 1: TODO — describe step 1
+    const step1 = await request(app)
+      .post('/api/TODO_STEP_1') // TODO: replace with actual endpoint
+      .send({}) // TODO: add step 1 body
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+    expect(step1.status).toBe(200);
+
+    // Step 2: ${missingStep} (this was the missing step)
+    const step2 = await request(app)
+      .post('/api/TODO_STEP_2') // TODO: replace with actual endpoint
+      .send({}) // TODO: add step 2 body
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+    expect(step2.status).toBe(200);
+    expect(step2.body).toMatchObject({}); // TODO: verify step 2 result
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderErrorMissingStatus(gap, ctx) {
+    var _a, _b, _c, _d;
+    const endpointPath = (_b = (_a = gap.endpoint) === null || _a === void 0 ? void 0 : _a.path) !== null && _b !== void 0 ? _b : '/api/endpoint';
+    const method = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.method) !== null && _d !== void 0 ? _d : 'GET';
+    const methodLower = method.toLowerCase();
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+describe('${method} ${endpointPath} — error handling', () => {
+  it('should return 400 for invalid request body', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .send({ invalidField: 'bad-value' }) // TODO: craft invalid payload
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+
+    expect(response.status).toBe(400);
+    expect(response.body).toMatchObject({ error: expect.any(String) }); // TODO: match error shape
+  });
+
+  it('should return 401 when unauthenticated', async () => {
+    const response = await request(app).${methodLower}('${endpointPath}');
+    expect(response.status).toBe(401);
+  });
+
+  it('should return 404 for non-existent resource', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath.replace('{id}', 'nonexistent-99999')}')
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+    expect(response.status).toBe(404);
+  });
+
+  it('should return 500 when the service fails', async () => {
+    // TODO: mock the service to throw an error
+    // Example with jest.spyOn:
+    // jest.spyOn(someService, 'someMethod').mockRejectedValueOnce(new Error('Service error'));
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+    // TODO: trigger 500 condition
+    expect(response.status).toBeGreaterThanOrEqual(500);
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderSecurityMissingAuth(gap, ctx) {
+    var _a, _b, _c, _d;
+    const endpointPath = (_b = (_a = gap.endpoint) === null || _a === void 0 ? void 0 : _a.path) !== null && _b !== void 0 ? _b : '/api/endpoint';
+    const method = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.method) !== null && _d !== void 0 ? _d : 'GET';
+    const methodLower = method.toLowerCase();
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+describe('${method} ${endpointPath} — authentication', () => {
+  it('should return 401 when no token is provided', async () => {
+    const response = await request(app).${methodLower}('${endpointPath}');
+    expect(response.status).toBe(401);
+  });
+
+  it('should return 401 when an invalid token is provided', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer invalid-token-here');
+    expect(response.status).toBe(401);
+  });
+
+  it('should return 403 when the user lacks required permissions', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer TODO_LOW_PRIVILEGE_TOKEN'); // TODO: provide a low-privilege token
+    expect(response.status).toBe(403);
+  });
+
+  it('should succeed when a valid authorized token is provided', async () => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN'); // TODO: provide valid token
+    expect(response.status).toBe(200);
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderSecurityInjection(gap, ctx) {
+    var _a, _b, _c, _d;
+    const endpointPath = (_b = (_a = gap.endpoint) === null || _a === void 0 ? void 0 : _a.path) !== null && _b !== void 0 ? _b : '/api/endpoint';
+    const method = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.method) !== null && _d !== void 0 ? _d : 'POST';
+    const methodLower = method.toLowerCase();
+    const injectionCases = exports.OWASP_INJECTION_STRINGS.slice(0, 4)
+        .map((s) => `    { input: ${JSON.stringify(s)}, label: 'injection: ${s.slice(0, 20)}...' },`)
+        .join('\n');
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+describe('${method} ${endpointPath} — injection security', () => {
+  const injectionPayloads = [
+${injectionCases}
+  ];
+
+  it.each(injectionPayloads)('should reject $label', async ({ input }) => {
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .send({ field: input }) // TODO: replace 'field' with actual vulnerable field name
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+
+    expect(response.status).toBe(400); // TODO: adjust — may be 422 or 200 with sanitised output
+    expect(response.body).not.toMatchObject({ data: input }); // TODO: verify injection is blocked
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderPerformanceMissingSla(gap, ctx) {
+    var _a, _b, _c, _d;
+    const endpointPath = (_b = (_a = gap.endpoint) === null || _a === void 0 ? void 0 : _a.path) !== null && _b !== void 0 ? _b : '/api/endpoint';
+    const method = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.method) !== null && _d !== void 0 ? _d : 'GET';
+    const methodLower = method.toLowerCase();
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+const SLA_RESPONSE_MS = 500; // TODO: adjust SLA threshold
+
+describe('${method} ${endpointPath} — performance SLA', () => {
+  it('should respond within SLA threshold', async () => {
+    const start = Date.now();
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+    const elapsed = Date.now() - start;
+
+    expect(response.status).toBe(200);
+    expect(elapsed).toBeLessThan(SLA_RESPONSE_MS);
+  });
+
+  it('should handle concurrent requests within SLA', async () => {
+    const concurrency = 5; // TODO: adjust concurrency level
+    const start = Date.now();
+    const responses = await Promise.all(
+      Array.from({ length: concurrency }, () =>
+        request(app)
+          .${methodLower}('${endpointPath}')
+          .set('Authorization', 'Bearer TODO_VALID_TOKEN'),
+      ),
+    );
+    const elapsed = Date.now() - start;
+
+    for (const response of responses) {
+      expect(response.status).toBe(200);
+    }
+    expect(elapsed / concurrency).toBeLessThan(SLA_RESPONSE_MS);
+  });
+});
+`;
+    return header + body.trimStart();
+}
+function renderResilienceMissingRetry(gap, ctx) {
+    var _a, _b, _c, _d;
+    const endpointPath = (_b = (_a = gap.endpoint) === null || _a === void 0 ? void 0 : _a.path) !== null && _b !== void 0 ? _b : '/api/endpoint';
+    const method = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.method) !== null && _d !== void 0 ? _d : 'GET';
+    const methodLower = method.toLowerCase();
+    const header = renderFileHeader(gap.id, gap.type);
+    const body = `
+import request from 'supertest'; // TODO: adjust import path
+import app from '../../../src/app'; // TODO: adjust import path
+
+describe('${method} ${endpointPath} — resilience / retry', () => {
+  it('should return 503 or retry-after header when service is unavailable', async () => {
+    // TODO: mock downstream dependency to simulate failure
+    // jest.spyOn(downstreamService, 'call').mockRejectedValueOnce(new Error('Downstream unavailable'));
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+
+    // Either the service retries successfully (200) or signals unavailability (503)
+    expect([200, 503]).toContain(response.status);
+    if (response.status === 503) {
+      expect(response.headers).toHaveProperty('retry-after'); // TODO: check actual header name
+    }
+  });
+
+  it('should handle circuit-breaker open state gracefully', async () => {
+    // TODO: trigger circuit breaker open state
+    const response = await request(app)
+      .${methodLower}('${endpointPath}')
+      .set('Authorization', 'Bearer TODO_VALID_TOKEN');
+
+    expect(response.status).toBe(503); // TODO: adjust expected status
+    expect(response.body).toMatchObject({ error: expect.any(String) });
+  });
+});
+`;
+    return header + body.trimStart();
+}
+// ─── Python / pytest templates ────────────────────────────────────────────────
+function renderPythonEndpoint(gap, ctx) {
+    var _a, _b, _c, _d;
+    const method = (_b = (_a = gap.endpoint) === null || _a === void 0 ? void 0 : _a.method) !== null && _b !== void 0 ? _b : 'GET';
+    const endpointPath = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.path) !== null && _d !== void 0 ? _d : '/api/endpoint';
+    const methodLower = method.toLowerCase();
+    const header = renderFileHeader(gap.id, gap.type).replace(/\/\//g, '#');
+    const body = `
+import pytest
+import requests  # TODO: adjust import path
+
+BASE_URL = "${ctx.baseUrl}"  # TODO: adjust base URL
+AUTH_TOKEN = "TODO_VALID_TOKEN"  # TODO: add valid token
+
+
+class Test${method.charAt(0) + method.slice(1).toLowerCase()}${endpointPath.replace(/[^a-zA-Z0-9]/g, '_')}:
+    def test_returns_200_with_valid_request(self):
+        response = requests.${methodLower}(
+            f"{BASE_URL}${endpointPath}",
+            headers={"Authorization": f"Bearer {AUTH_TOKEN}"},
+        )
+        assert response.status_code == 200
+        assert response.json() is not None  # TODO: replace with specific assertion
+
+    def test_returns_401_when_unauthenticated(self):
+        response = requests.${methodLower}(f"{BASE_URL}${endpointPath}")
+        assert response.status_code == 401
+`;
+    return header + body.trimStart();
+}
+// ─── Java / JUnit5 templates ──────────────────────────────────────────────────
+function renderJavaEndpoint(gap, ctx) {
+    var _a, _b, _c, _d;
+    const method = (_b = (_a = gap.endpoint) === null || _a === void 0 ? void 0 : _a.method) !== null && _b !== void 0 ? _b : 'GET';
+    const endpointPath = (_d = (_c = gap.endpoint) === null || _c === void 0 ? void 0 : _c.path) !== null && _d !== void 0 ? _d : '/api/endpoint';
+    const className = `Test${gap.id.split('-').map((p) => p.charAt(0).toUpperCase() + p.slice(1)).join('')}`;
+    const header = renderFileHeader(gap.id, gap.type).replace(/\/\//g, '//');
+    const body = `
+package generated;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.web.servlet.MockMvc;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+// TODO: Add @SpringBootTest or @WebMvcTest and adjust imports
+@SpringBootTest
+class ${className} {
+
+    @Autowired
+    private MockMvc mockMvc; // TODO: inject MockMvc
+
+    @Test
+    void shouldReturn200WithValidRequest() throws Exception {
+        mockMvc.perform(${method.toLowerCase()}("${endpointPath}")
+                .header("Authorization", "Bearer TODO_VALID_TOKEN")) // TODO: add valid token
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$").isNotEmpty()); // TODO: replace with specific assertion
+    }
+
+    @Test
+    void shouldReturn401WhenUnauthenticated() throws Exception {
+        mockMvc.perform(${method.toLowerCase()}("${endpointPath}"))
+            .andExpect(status().isUnauthorized());
+    }
+}
+`;
+    return header + body.trimStart();
+}
+// ─── Public API ───────────────────────────────────────────────────────────────
+/** Render test file content for a given gap and context */
+function renderTemplate(gap, ctx) {
+    const { language } = ctx;
+    if (language === 'python') {
+        return renderPythonEndpoint(gap, ctx);
+    }
+    if (language === 'java' || language === 'kotlin') {
+        return renderJavaEndpoint(gap, ctx);
+    }
+    // TypeScript / JavaScript (Jest, Cypress, Playwright)
+    switch (gap.type) {
+        case 'endpoint:missing':
+            return renderEndpointMissing(gap, ctx);
+        case 'parameter:missing':
+            return renderParameterMissing(gap, ctx);
+        case 'parameter:not-validated':
+            return renderParameterNotValidated(gap, ctx);
+        case 'business:missing':
+            return renderBusinessMissing(gap, ctx);
+        case 'integration:missing-step':
+            return renderIntegrationMissingStep(gap, ctx);
+        case 'error:missing-status':
+            return renderErrorMissingStatus(gap, ctx);
+        case 'security:missing-auth':
+            return renderSecurityMissingAuth(gap, ctx);
+        case 'security:injection':
+            return renderSecurityInjection(gap, ctx);
+        case 'performance:missing-sla':
+            return renderPerformanceMissingSla(gap, ctx);
+        case 'resilience:missing-retry':
+            return renderResilienceMissingRetry(gap, ctx);
+        default:
+            return renderEndpointMissing(gap, ctx);
+    }
+}
+/** Returns the template name used for a given gap type */
+function getTemplateName(gap, ctx) {
+    return `${ctx.language}/${ctx.framework}/${gap.type}`;
+}

package/dist/src/generation/types.d.ts

@@ -0,0 +1,73 @@
+export type GapType = 'endpoint:missing' | 'parameter:missing' | 'parameter:not-validated' | 'business:missing' | 'integration:missing-step' | 'error:missing-status' | 'security:missing-auth' | 'security:injection' | 'performance:missing-sla' | 'resilience:missing-retry';
+export type Language = 'typescript' | 'javascript' | 'python' | 'java' | 'kotlin';
+export type Framework = 'jest' | 'pytest' | 'junit5' | 'cypress' | 'playwright';
+export interface DetectedGap {
+    id: string;
+    type: GapType;
+    endpoint?: {
+        method: string;
+        path: string;
+    };
+    parameter?: {
+        name: string;
+        in: 'query' | 'path' | 'header' | 'body';
+        required: boolean;
+    };
+    businessRule?: {
+        id: string;
+        description: string;
+    };
+    integrationFlow?: {
+        id: string;
+        name: string;
+        missingStep: string;
+    };
+    riskScore: number;
+    sourceFile?: string;
+    existingSimilarTests: string[];
+}
+export interface GenerationContext {
+    projectRoot: string;
+    language: Language;
+    framework: Framework;
+    testFramework: 'jest' | 'pytest' | 'junit5';
+    baseUrl: string;
+    authHeader?: string;
+    gaps: DetectedGap[];
+}
+export interface GeneratedFile {
+    outputPath: string;
+    content: string;
+    gapId: string;
+    templateUsed: string;
+    qualityScore?: number;
+}
+export interface TestQualityReport {
+    file: string;
+    overallScore: number;
+    dimensions: {
+        hasStatusAssertion: boolean;
+        hasBodyAssertion: boolean;
+        hasErrorPath: boolean;
+        hasNoGenericMatchers: boolean;
+        hasDescriptiveName: boolean;
+    };
+    violations: string[];
+}
+export interface AiReadyFlow {
+    id: string;
+    gapId: string;
+    gapType: GapType;
+    suggestedOutputPath: string;
+    copilotPrompt: string;
+    existingSimilarTests: string[];
+    estimatedComplexity: 'low' | 'medium' | 'high';
+    riskScore: number;
+}
+export interface AiReadyFlowsManifest {
+    generatedAt: string;
+    totalFlows: number;
+    byType: Record<GapType, number>;
+    flows: AiReadyFlow[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/generation/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/generation/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,OAAO,GACf,kBAAkB,GAClB,mBAAmB,GACnB,yBAAyB,GACzB,kBAAkB,GAClB,0BAA0B,GAC1B,sBAAsB,GACtB,uBAAuB,GACvB,oBAAoB,GACpB,yBAAyB,GACzB,0BAA0B,CAAC;AAE/B,MAAM,MAAM,QAAQ,GAAG,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;AAClF,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAC;AAEhF,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,SAAS,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC;IAC1F,YAAY,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IACnD,eAAe,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IACpE,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,MAAM,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,aAAa,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,WAAW,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE;QACV,kBAAkB,EAAE,OAAO,CAAC;QAC5B,gBAAgB,EAAE,OAAO,CAAC;QAC1B,YAAY,EAAE,OAAO,CAAC;QACtB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,kBAAkB,EAAE,OAAO,CAAC;KAC7B,CAAC;IACF,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,mBAAmB,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC/C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChC,KAAK,EAAE,WAAW,EAAE,CAAC;CACtB"}

package/dist/src/generation/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });