argusqa-os 9.5.0 → 9.5.3

package/src/orchestration/orchestrator.js

@@ -1,5 +1,5 @@
 /**
- * Argus Orchestrator (v9.3.0)
+ * Argus Orchestrator
  *
  * Per-route crawl loop: cheap×2 flakiness pass + expensive×1 pass.
  * Extracted from crawl-and-report.js god object.
@@ -15,7 +15,6 @@ import 'dotenv/config';
 import { routes, config, auth, flows, apiContracts, severityOverrides, codebase, autoDiscover, thresholds } from '../config/targets.js';
 import { discoverRoutes }                                                from '../utils/route-discoverer.js';
 import { analyzeCodebase, detectDeadRoutes, INTERNAL_LINKS_SCRIPT }     from '../utils/codebase-analyzer.js';
-import { CSS_ANALYSIS_SCRIPT, parseCssAnalysisResult }                  from '../utils/css-analyzer.js';
 import { SEO_ANALYSIS_SCRIPT, parseSeoAnalysisResult }                  from '../utils/seo-analyzer.js';
 import { SECURITY_ANALYSIS_SCRIPT, parseSecurityAnalysisResult, analyzeSecurityConsole, analyzeSecurityNetwork } from '../utils/security-analyzer.js';
 import { CONTENT_ANALYSIS_SCRIPT, parseContentAnalysisResult }          from '../utils/content-analyzer.js';
@@ -26,6 +25,7 @@ import { analyzeApiFrequency }                                           from '.
 import { slugify }                                                       from '../utils/slug.js';
 import { unwrapEval, createMcpClient }                                   from '../utils/mcp-client.js';
 import { CdpBrowserAdapter }                                             from '../adapters/browser.js';
+import { getFigmaFrame }                                                 from '../adapters/figma.js';
 import { chunkArray }                                                    from '../utils/parallel-crawler.js';
 import { validateApiContracts }                                          from '../utils/contract-validator.js';
 import { checkLighthouse }                                               from '../utils/lighthouse-checker.js';
@@ -33,13 +33,16 @@ import { parseIssues }                                                   from '.
 import { parseNetworkTiming }                                            from '../utils/network-timing-analyzer.js';
 
 // Side-effect imports: each module calls registerExpensive() at load time.
-// lighthouse-checker.js also self-registers via its direct named import above (line 31).
+// lighthouse-checker.js also self-registers via its direct named import above.
 // Order below controls iteration order in crawlAndAnalyzeRoute — must match original call order.
+import '../utils/css-analyzer.js';
 import '../utils/responsive-analyzer.js';
 import '../utils/memory-analyzer.js';
 import '../utils/hover-analyzer.js';
 import '../utils/snapshot-analyzer.js';
 import '../utils/keyboard-analyzer.js';
+import '../utils/theme-analyzer.js';
+import '../utils/design-fidelity-analyzer.js';
 
 import { getExpensive }          from '../registry.js';
 import { deduplicateFindings as deduplicateErrors } from './report-processor.js';
@@ -54,6 +57,7 @@ const logger = childLogger('orchestrator');
 const __dirname   = path.dirname(fileURLToPath(import.meta.url));
 const BASE_URL    = process.env.TARGET_DEV_URL ?? 'http://localhost:3000';
 const OUTPUT_DIR  = path.resolve(__dirname, '../../', config.outputDir);
+const LIGHTHOUSE_TIMEOUT_MS = parseInt(process.env.ARGUS_LIGHTHOUSE_TIMEOUT ?? '120000', 10);
 
 // Thresholds for perf budgets and network analysis are centralized in targets.js.
 
@@ -362,7 +366,6 @@ function analyzeNetworkPerformance(perfEntries, pageUrl) {
 
 async function checkPerformanceBudgets(browser, url) {
   const violations = [];
-  const LIGHTHOUSE_TIMEOUT_MS = parseInt(process.env.ARGUS_LIGHTHOUSE_TIMEOUT ?? '120000', 10);
 
   try {
     await browser.startTrace();
@@ -397,7 +400,6 @@ async function checkPerformanceBudgets(browser, url) {
     logger.warn(`[ARGUS] Performance trace skipped for ${url}: ${err.message}`);
   }
 
-  void LIGHTHOUSE_TIMEOUT_MS; // referenced only here to prevent unused-var lint
   return violations;
 }
 
@@ -424,7 +426,8 @@ export async function crawlRouteCheap(route, baseUrl, mcp) {
 
   // 0. Snapshot session-wide baselines BEFORE this route starts (D5).
   const consoleBaseline = (await browser.listConsole().catch(() => [])).length;
-  const networkBaseline = (await browser.listNetwork().catch(() => [])).length;
+  const baselineNetList = await browser.listNetwork().catch(() => []);
+  const networkMaxReqId = baselineNetList.reduce((max, r) => Math.max(max, r._reqid ?? 0), 0);
   // listConsoleRaw returns raw MCP response — normalizeArray required before .length
   const issuesBaselineRaw = await browser.listConsoleRaw({ types: ['issue'] }).catch(() => null);
   const issuesBaseline    = normalizeArray(issuesBaselineRaw).length;
@@ -468,8 +471,14 @@ export async function crawlRouteCheap(route, baseUrl, mcp) {
     });
   }
 
-  // 5. Console messages — sliced from per-route baseline
-  const consoleMsgs = (await browser.listConsole().catch(() => [])).slice(consoleBaseline);
+  // 5. Console messages — sliced from per-route baseline.
+  // Guard: chrome-devtools-mcp list_console_messages resets per navigation. If the
+  // new page has fewer total messages than the pre-navigation baseline, the baseline
+  // refers to the previous page's context and slicing by it would give an empty array.
+  // Fall back to 0 (take all messages from the new page) in that case.
+  const allConsoleMsgs = await browser.listConsole().catch(() => []);
+  const consoleSliceAt = allConsoleMsgs.length > consoleBaseline ? consoleBaseline : 0;
+  const consoleMsgs = allConsoleMsgs.slice(consoleSliceAt);
   for (const msg of consoleMsgs) {
     const text = (msg.text ?? msg.message ?? '');
     if (text.toLowerCase().includes('has been blocked by cors policy')) continue;
@@ -500,9 +509,9 @@ export async function crawlRouteCheap(route, baseUrl, mcp) {
     }
   }
 
-  // 6. Network requests — sliced from per-route baseline (cap AFTER slice, not before)
-  const networkReqs = (await browser.listNetwork())
-    .slice(networkBaseline).slice(0, 500);
+  // 6. Network requests — filtered from per-route baseline by _reqid (cap AFTER filter, not before)
+  const networkReqs = (await browser.listNetwork().catch(() => []))
+    .filter(r => (r._reqid ?? 0) > networkMaxReqId).slice(0, 500);
   for (const req of networkReqs) {
     const severity = classifyNetworkRequest(req, route.critical);
     if (severity !== null) {
@@ -717,15 +726,7 @@ export async function crawlRouteCheap(route, baseUrl, mcp) {
     }
   } catch { /* URL parse failure */ }
 
-  // 10. CSS analysis
-  try {
-    const cssRaw = await browser.evaluate(CSS_ANALYSIS_SCRIPT);
-    result.errors.push(...parseCssAnalysisResult(unwrapEval(cssRaw), url));
-  } catch (err) {
-    logger.warn(`[ARGUS] CSS analysis skipped for ${url}: ${err.message}`);
-  }
-
-  // 11. Deduplicate within this cheap run
+  // 10. Deduplicate within this cheap run
   result.errors = deduplicateErrors(result.errors);
 
   // 12. Screenshot
@@ -798,8 +799,14 @@ export async function crawlRouteExpensive(route, baseUrl, mcp) {
   // Performance budget check
   errors.push(...(await checkPerformanceBudgets(browser, url)));
 
-  // Full Lighthouse audit
-  errors.push(...(await checkLighthouse(browser, url)));
+  // Full Lighthouse audit (capped at LIGHTHOUSE_TIMEOUT_MS to prevent indefinite hang)
+  errors.push(...(await Promise.race([
+    checkLighthouse(browser, url),
+    new Promise((_, reject) => setTimeout(() => reject(new Error(`Lighthouse timed out after ${LIGHTHOUSE_TIMEOUT_MS}ms`)), LIGHTHOUSE_TIMEOUT_MS)),
+  ]).catch(err => {
+    logger.warn(`[ARGUS] Lighthouse skipped for ${url}: ${err.message}`);
+    return [];
+  })));
 
   // Broken internal link detection
   try {
@@ -873,24 +880,34 @@ async function crawlAndAnalyzeRoute(route, targetBaseUrl, mcp, sessionFile) {
       await refreshSession(browser, auth, targetBaseUrl);
       await restoreSession(browser, targetBaseUrl, sessionFile);
     } catch (err) {
-      logger.warn(`[ARGUS] Auth: session restore skipped for ${route.name}: ${err.message}`);
+      logger.warn(`[ARGUS] Auth: session restore skipped for ${route.name} (${route.path}): ${err.message}`);
     }
   }
 
   // Cheap pass × 2 → merge for flakiness
-  logger.info(`[ARGUS] ${route.name}: cheap run 1/2...`);
+  logger.info(`[ARGUS] ${route.name} (${route.path}): cheap run 1/2...`);
   const cheapRun1 = await startSpan('argus.crawl_route', { url, critical: String(!!route.critical), pass: 'cheap_1' }, () => crawlRouteCheap(route, targetBaseUrl, mcp));
-  logger.info(`[ARGUS] ${route.name}: cheap run 2/2 (flakiness check)...`);
+  logger.info(`[ARGUS] ${route.name} (${route.path}): cheap run 2/2 (flakiness check)...`);
   const cheapRun2 = await startSpan('argus.crawl_route', { url, critical: String(!!route.critical), pass: 'cheap_2' }, () => crawlRouteCheap(route, targetBaseUrl, mcp));
   const result    = mergeRunResults(cheapRun1, cheapRun2);
 
   // Expensive pass × 1
-  logger.info(`[ARGUS] ${route.name}: expensive analyzers (once)...`);
+  logger.info(`[ARGUS] ${route.name} (${route.path}): expensive analyzers (once)...`);
   const expensiveErrors = await startSpan('argus.crawl_route', { url, critical: String(!!route.critical), pass: 'expensive' }, () => crawlRouteExpensive(route, targetBaseUrl, mcp));
   result.errors.push(...expensiveErrors);
   result.errors = deduplicateErrors(result.errors);
 
-  // Post-crawl expensive analyzers via registry (responsive, memory, hover, snapshot, keyboard)
+  // D9: Pre-fetch Figma design tokens when route specifies a figmaFrameUrl.
+  // Attaches figmaData to the route object so design-fidelity-analyzer can consume it.
+  if (route.figmaFrameUrl && !route.figmaData) {
+    try {
+      route.figmaData = await getFigmaFrame(route.figmaFrameUrl);
+    } catch (err) {
+      logger.warn(`[ARGUS] D9: Figma fetch failed for ${route.name} (${route.path}): ${err.message}`);
+    }
+  }
+
+  // Post-crawl expensive analyzers via registry (css, responsive, memory, hover, snapshot, keyboard, theme, design-fidelity)
   for (const { name, analyze } of getExpensive()) {
     if (name === 'lighthouse') continue; // runs inside crawlRouteExpensive
     try {
@@ -916,7 +933,7 @@ async function crawlAndAnalyzeRoute(route, targetBaseUrl, mcp, sessionFile) {
         if (Object.keys(screenshotPaths).length > 0) result.responsiveScreenshots = screenshotPaths;
       }
     } catch (err) {
-      logger.warn(`[ARGUS] ${name} skipped for ${route.name}: ${err.message}`);
+      logger.warn(`[ARGUS] ${name} skipped for ${route.name} (${route.path}): ${err.message}`);
     }
   }
 
@@ -948,7 +965,7 @@ async function crawlShardWithClient(shard, targetBaseUrl, mcp, sessionFile) {
     const result = await crawlAndAnalyzeRoute(route, targetBaseUrl, mcp, sessionFile);
     const flakyCount = result.errors.filter(e => e.flaky).length;
     if (flakyCount > 0) {
-      logger.info(`[ARGUS/parallel] ${route.name}: ${flakyCount} finding(s) downgraded to info (flaky)`);
+      logger.info(`[ARGUS/parallel] ${route.name} (${route.path}): ${flakyCount} finding(s) downgraded to info (flaky)`);
     }
     results.push(result);
   }
@@ -1053,7 +1070,7 @@ export async function runCrawl(mcp, routeOverrides = null, baseUrlOverride = nul
 
       const flakyCount = result.errors.filter(e => e.flaky).length;
       if (flakyCount > 0) {
-        logger.info(`[ARGUS] ${route.name}: ${flakyCount} finding(s) downgraded to info (flaky — appeared in only one cheap run)`);
+        logger.info(`[ARGUS] ${route.name} (${route.path}): ${flakyCount} finding(s) downgraded to info (flaky — appeared in only one cheap run)`);
       }
 
       report.routes.push(result);

package/src/orchestration/report-processor.js

@@ -1,5 +1,5 @@
 /**
- * Argus Report Processor (v9.1.3)
+ * Argus Report Processor
  *
  * Post-crawl pipeline: dedup → severity overrides → summary rebuild →
  * baseline load/apply/save → trend append → JSON write.

package/src/orchestration/slack-notifier.js

@@ -54,7 +54,8 @@ async function slackPostWithBackoff(args) {
       const isRateLimit = err.code === 'slack_webapi_rate_limited'
         || err.message?.toLowerCase().includes('ratelimited');
       if (!isRateLimit || attempt === SLACK_RATE_LIMIT_RETRIES - 1) throw err;
-      const retryAfterMs = (err.retryAfter ?? 1) * 1000;
+      const jitter = Math.floor(Math.random() * 1000);
+      const retryAfterMs = (err.retryAfter ?? 1) * 1000 + jitter;
       logger.warn(`[ARGUS] Slack rate limited — retrying in ${retryAfterMs}ms (attempt ${attempt + 1})`);
       await new Promise(r => setTimeout(r, retryAfterMs));
     }

package/src/orchestration/watch-mode.js

@@ -172,7 +172,7 @@ const DASHBOARD_HTML = `<!DOCTYPE html>
  * @param {number}         port         — TCP port to listen on (default 3002)
  * @returns {http.Server}
  */
-function startDashboard(getFindings, target, port) {
+export function startDashboard(getFindings, target, port) {
   const server = http.createServer((req, res) => {
     if (req.url === '/data' || req.url?.startsWith('/data?')) {
       const payload = JSON.stringify({

package/src/registry.js

@@ -1,5 +1,5 @@
 /**
- * Argus Analyzer Plugin Registry (v9.1.2)
+ * Argus Analyzer Plugin Registry
  *
  * Analyzers self-register at module load time by calling registerCheap()
  * or registerExpensive(). The orchestrator iterates getCheap() / getExpensive()

package/src/utils/css-analyzer.js

@@ -26,6 +26,8 @@
  */
 
 import { childLogger } from './logger.js';
+import { registerExpensive } from '../registry.js';
+import { unwrapEval } from './mcp-client.js';
 
 const logger = childLogger('css-analyzer');
 
@@ -405,3 +407,8 @@ export function parseCssAnalysisResult(rawResult, url) {
 
   return bugs;
 }
+
+registerExpensive({ name: 'css', analyze: async (browser, url) => {
+  const cssRaw = await browser.evaluate(CSS_ANALYSIS_SCRIPT);
+  return parseCssAnalysisResult(unwrapEval(cssRaw), url);
+} });