api-tests-coverage 1.0.21 → 1.0.23

package/dist/dashboard/dist/reports/security-coverage.json

@@ -0,0 +1,299 @@
+{
+  "total": 27,
+  "covered": 7,
+  "percentage": 23.08,
+  "scanFindings": 0,
+  "categorySummary": {
+    "authentication": {
+      "total": 1,
+      "covered": 1
+    },
+    "authorization": {
+      "total": 13,
+      "covered": 0
+    },
+    "input-validation": {
+      "total": 11,
+      "covered": 5
+    },
+    "cryptography": {
+      "total": 1,
+      "covered": 0
+    },
+    "session-management": {
+      "total": 0,
+      "covered": 0
+    }
+  },
+  "controls": [
+    {
+      "id": "authentication:bearerAuth",
+      "category": "authentication",
+      "description": "Authentication via security scheme \"bearerAuth\" (http/bearer)",
+      "covered": true,
+      "matchedTests": [
+        "returns 401 when no token",
+        "returns 401 when no token provided",
+        "returns 401 for invalid token",
+        "returns 401 without auth"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "cryptography:https",
+      "category": "cryptography",
+      "description": "API servers include non-HTTPS URLs – cryptographic transport security may be missing",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:get:/wallets",
+      "category": "authorization",
+      "description": "Authorization check for GET /wallets",
+      "endpoint": "GET /wallets",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/wallets",
+      "category": "authorization",
+      "description": "Authorization check for POST /wallets",
+      "endpoint": "POST /wallets",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/wallets",
+      "category": "input-validation",
+      "description": "Input validation for POST /wallets",
+      "endpoint": "POST /wallets",
+      "covered": true,
+      "matchedTests": [
+        "returns 400 when currency is missing",
+        "returns 400 for unsupported currency",
+        "returns 422 for insufficient funds",
+        "returns 401 for invalid token",
+        "returns 400 for invalid currency",
+        "returns 422 with insufficient funds"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:get:/wallets/{id}",
+      "category": "authorization",
+      "description": "Authorization check for GET /wallets/{id}",
+      "endpoint": "GET /wallets/{id}",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:get:/wallets/{id}",
+      "category": "input-validation",
+      "description": "Input validation for GET /wallets/{id}",
+      "endpoint": "GET /wallets/{id}",
+      "covered": true,
+      "matchedTests": [
+        "returns 422 for insufficient funds",
+        "returns 400 for invalid currency",
+        "returns 422 with insufficient funds"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:delete:/wallets/{id}",
+      "category": "authorization",
+      "description": "Authorization check for DELETE /wallets/{id}",
+      "endpoint": "DELETE /wallets/{id}",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:delete:/wallets/{id}",
+      "category": "input-validation",
+      "description": "Input validation for DELETE /wallets/{id}",
+      "endpoint": "DELETE /wallets/{id}",
+      "covered": true,
+      "matchedTests": [
+        "returns 422 for insufficient funds",
+        "returns 400 for invalid currency",
+        "returns 422 with insufficient funds"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:patch:/wallets/{id}/freeze",
+      "category": "authorization",
+      "description": "Authorization check for PATCH /wallets/{id}/freeze",
+      "endpoint": "PATCH /wallets/{id}/freeze",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:patch:/wallets/{id}/freeze",
+      "category": "input-validation",
+      "description": "Input validation for PATCH /wallets/{id}/freeze",
+      "endpoint": "PATCH /wallets/{id}/freeze",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:patch:/wallets/{id}/unfreeze",
+      "category": "authorization",
+      "description": "Authorization check for PATCH /wallets/{id}/unfreeze",
+      "endpoint": "PATCH /wallets/{id}/unfreeze",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:patch:/wallets/{id}/unfreeze",
+      "category": "input-validation",
+      "description": "Input validation for PATCH /wallets/{id}/unfreeze",
+      "endpoint": "PATCH /wallets/{id}/unfreeze",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/wallets/{id}/fund",
+      "category": "authorization",
+      "description": "Authorization check for POST /wallets/{id}/fund",
+      "endpoint": "POST /wallets/{id}/fund",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/wallets/{id}/fund",
+      "category": "input-validation",
+      "description": "Input validation for POST /wallets/{id}/fund",
+      "endpoint": "POST /wallets/{id}/fund",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/wallets/{id}/debit",
+      "category": "authorization",
+      "description": "Authorization check for POST /wallets/{id}/debit",
+      "endpoint": "POST /wallets/{id}/debit",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/wallets/{id}/debit",
+      "category": "input-validation",
+      "description": "Input validation for POST /wallets/{id}/debit",
+      "endpoint": "POST /wallets/{id}/debit",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/wallets/{id}/transfer",
+      "category": "authorization",
+      "description": "Authorization check for POST /wallets/{id}/transfer",
+      "endpoint": "POST /wallets/{id}/transfer",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/wallets/{id}/transfer",
+      "category": "input-validation",
+      "description": "Input validation for POST /wallets/{id}/transfer",
+      "endpoint": "POST /wallets/{id}/transfer",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/payments",
+      "category": "authorization",
+      "description": "Authorization check for POST /payments",
+      "endpoint": "POST /payments",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/payments",
+      "category": "input-validation",
+      "description": "Input validation for POST /payments",
+      "endpoint": "POST /payments",
+      "covered": true,
+      "matchedTests": [
+        "returns 400 for missing required fields",
+        "returns 422 for invalid (non-existent) wallet",
+        "returns 422 when refunding a non-completed payment"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:get:/payments/{id}",
+      "category": "authorization",
+      "description": "Authorization check for GET /payments/{id}",
+      "endpoint": "GET /payments/{id}",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:get:/payments/{id}",
+      "category": "input-validation",
+      "description": "Input validation for GET /payments/{id}",
+      "endpoint": "GET /payments/{id}",
+      "covered": true,
+      "matchedTests": [
+        "returns 422 when refunding a non-completed payment"
+      ],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:post:/payments/{id}/refund",
+      "category": "authorization",
+      "description": "Authorization check for POST /payments/{id}/refund",
+      "endpoint": "POST /payments/{id}/refund",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "input-validation:post:/payments/{id}/refund",
+      "category": "input-validation",
+      "description": "Input validation for POST /payments/{id}/refund",
+      "endpoint": "POST /payments/{id}/refund",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authorization:get:/transactions",
+      "category": "authorization",
+      "description": "Authorization check for GET /transactions",
+      "endpoint": "GET /transactions",
+      "covered": false,
+      "matchedTests": [],
+      "coveredByScanReport": false
+    },
+    {
+      "id": "authentication:JWT",
+      "category": "authentication",
+      "description": "JWT token signature and expiry validation",
+      "covered": true,
+      "matchedTests": [
+        "returns 401 for expired JWT",
+        "returns 401 for invalid JWT signature"
+      ],
+      "coveredByScanReport": false
+    }
+  ]
+}

package/dist/dashboard/dist/vite.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>

package/dist/src/generation/context-builder.d.ts

@@ -0,0 +1,6 @@
+import type { GenerationContext, DetectedGap } from './types';
+/**
+ * Assembles a GenerationContext from scan results and project detection.
+ */
+export declare function buildContext(projectRoot: string, gaps: DetectedGap[], overrides?: Partial<Pick<GenerationContext, 'language' | 'framework' | 'baseUrl' | 'authHeader'>>): GenerationContext;
+//# sourceMappingURL=context-builder.d.ts.map

package/dist/src/generation/context-builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context-builder.d.ts","sourceRoot":"","sources":["../../../src/generation/context-builder.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAuB,WAAW,EAAE,MAAM,SAAS,CAAC;AA6InF;;GAEG;AACH,wBAAgB,YAAY,CAC1B,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,WAAW,EAAE,EACnB,SAAS,GAAE,OAAO,CAAC,IAAI,CAAC,iBAAiB,EAAE,UAAU,GAAG,WAAW,GAAG,SAAS,GAAG,YAAY,CAAC,CAAM,GACpG,iBAAiB,CAgBnB"}

package/dist/src/generation/context-builder.js

@@ -0,0 +1,202 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildContext = buildContext;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+/**
+ * Detects the primary programming language from file extensions found in the project.
+ */
+function detectLanguage(projectRoot) {
+    const counters = {
+        typescript: 0,
+        javascript: 0,
+        python: 0,
+        java: 0,
+        kotlin: 0,
+    };
+    const extMap = {
+        '.ts': 'typescript',
+        '.tsx': 'typescript',
+        '.js': 'javascript',
+        '.jsx': 'javascript',
+        '.mjs': 'javascript',
+        '.cjs': 'javascript',
+        '.py': 'python',
+        '.java': 'java',
+        '.kt': 'kotlin',
+        '.kts': 'kotlin',
+    };
+    function walk(dir, depth) {
+        if (depth > 4)
+            return;
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (entry.name.startsWith('.') || entry.name === 'node_modules' || entry.name === 'dist') {
+                continue;
+            }
+            const fullPath = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                walk(fullPath, depth + 1);
+            }
+            else if (entry.isFile()) {
+                const ext = path.extname(entry.name).toLowerCase();
+                const lang = extMap[ext];
+                if (lang)
+                    counters[lang]++;
+            }
+        }
+    }
+    walk(projectRoot, 0);
+    const sorted = Object.entries(counters).sort((a, b) => b[1] - a[1]);
+    return sorted[0][1] > 0 ? sorted[0][0] : 'typescript';
+}
+/**
+ * Detects the primary test framework from project configuration files.
+ */
+function detectFramework(projectRoot) {
+    var _a, _b;
+    // Check package.json for jest/cypress/playwright
+    const pkgPath = path.join(projectRoot, 'package.json');
+    if (fs.existsSync(pkgPath)) {
+        try {
+            const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+            const allDeps = {
+                ...((_a = pkg['dependencies']) !== null && _a !== void 0 ? _a : {}),
+                ...((_b = pkg['devDependencies']) !== null && _b !== void 0 ? _b : {}),
+            };
+            if ('playwright' in allDeps || '@playwright/test' in allDeps)
+                return 'playwright';
+            if ('cypress' in allDeps)
+                return 'cypress';
+            if ('jest' in allDeps || 'ts-jest' in allDeps)
+                return 'jest';
+        }
+        catch {
+            // ignore parse errors
+        }
+    }
+    // Check for pytest (requirements.txt or setup.py/pyproject.toml)
+    const requirementsPath = path.join(projectRoot, 'requirements.txt');
+    if (fs.existsSync(requirementsPath)) {
+        try {
+            const content = fs.readFileSync(requirementsPath, 'utf-8').toLowerCase();
+            if (content.includes('pytest'))
+                return 'pytest';
+        }
+        catch {
+            // ignore
+        }
+    }
+    const pyprojectPath = path.join(projectRoot, 'pyproject.toml');
+    if (fs.existsSync(pyprojectPath)) {
+        try {
+            const content = fs.readFileSync(pyprojectPath, 'utf-8').toLowerCase();
+            if (content.includes('pytest'))
+                return 'pytest';
+        }
+        catch {
+            // ignore
+        }
+    }
+    // Check for JUnit5 (build.gradle or pom.xml)
+    const buildGradlePath = path.join(projectRoot, 'build.gradle');
+    const buildGradleKtsPath = path.join(projectRoot, 'build.gradle.kts');
+    for (const gradlePath of [buildGradlePath, buildGradleKtsPath]) {
+        if (fs.existsSync(gradlePath)) {
+            try {
+                const content = fs.readFileSync(gradlePath, 'utf-8').toLowerCase();
+                if (content.includes('junit') || content.includes('junit-jupiter'))
+                    return 'junit5';
+            }
+            catch {
+                // ignore
+            }
+        }
+    }
+    const pomPath = path.join(projectRoot, 'pom.xml');
+    if (fs.existsSync(pomPath)) {
+        try {
+            const content = fs.readFileSync(pomPath, 'utf-8').toLowerCase();
+            if (content.includes('junit-jupiter') || content.includes('junit5'))
+                return 'junit5';
+        }
+        catch {
+            // ignore
+        }
+    }
+    return 'jest';
+}
+/**
+ * Maps Framework to its corresponding test framework name.
+ */
+function resolveTestFramework(framework) {
+    switch (framework) {
+        case 'jest':
+        case 'cypress':
+        case 'playwright':
+            return 'jest';
+        case 'pytest':
+            return 'pytest';
+        case 'junit5':
+            return 'junit5';
+    }
+}
+/**
+ * Assembles a GenerationContext from scan results and project detection.
+ */
+function buildContext(projectRoot, gaps, overrides = {}) {
+    var _a, _b, _c;
+    const language = (_a = overrides.language) !== null && _a !== void 0 ? _a : detectLanguage(projectRoot);
+    const framework = (_b = overrides.framework) !== null && _b !== void 0 ? _b : detectFramework(projectRoot);
+    const testFramework = resolveTestFramework(framework);
+    const baseUrl = (_c = overrides.baseUrl) !== null && _c !== void 0 ? _c : 'http://localhost:3000';
+    const authHeader = overrides.authHeader;
+    return {
+        projectRoot,
+        language,
+        framework,
+        testFramework,
+        baseUrl,
+        authHeader,
+        gaps,
+    };
+}

package/dist/src/generation/engine.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Test Generation Engine (Feature F-TGE)
+ *
+ * Entry point: TestGenerationEngine
+ * CLI commands: generate-tests, export-ai-flows, score-tests
+ *
+ * Every generated file starts with: // AUTO-GENERATED by api-test-coverage-analyzer
+ * expect(response.status) ALWAYS before expect(response.body)
+ * NEVER use toBeTruthy() or toBeDefined() — use specific matchers
+ */
+import type { GeneratedFile, TestQualityReport, AiReadyFlowsManifest } from './types';
+export declare class TestGenerationEngine {
+    private projectRoot;
+    private reportsDir;
+    constructor(projectRoot: string, reportsDir?: string);
+    /**
+     * Generate test files for all detected coverage gaps.
+     * In dry-run mode, files are not written to disk.
+     */
+    generateTests(options?: {
+        dryRun?: boolean;
+        outDir?: string;
+        baseUrl?: string;
+        authHeader?: string;
+    }): GeneratedFile[];
+    /**
+     * Score existing test files for quality.
+     * Dimensions: statusAssertion, bodyAssertion, errorPath, noGenericMatchers, descriptiveName.
+     */
+    scoreTests(testsGlob: string): TestQualityReport[];
+    /**
+     * Export AI-ready flows: structured prompts for Copilot / LLM consumption.
+     * RULE-AI05: prompt ≤ 800 tokens (~3200 chars)
+     */
+    exportAiFlows(options?: {
+        sourceGlob?: string;
+        testsGlob?: string;
+    }): AiReadyFlowsManifest;
+}
+//# sourceMappingURL=engine.d.ts.map

package/dist/src/generation/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../../src/generation/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EAGV,aAAa,EACb,iBAAiB,EAEjB,oBAAoB,EAErB,MAAM,SAAS,CAAC;AAQjB,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,UAAU,CAAS;gBAEf,WAAW,EAAE,MAAM,EAAE,UAAU,GAAE,MAAkB;IAK/D;;;OAGG;IACH,aAAa,CAAC,OAAO,GAAE;QACrB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,aAAa,EAAE;IAmDxB;;;OAGG;IACH,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,iBAAiB,EAAE;IAoBlD;;;OAGG;IACH,aAAa,CAAC,OAAO,GAAE;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;KACf,GAAG,oBAAoB;CAuD9B"}