auto-api-discovery 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Anooj Shete
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,79 @@
+# 🕸️ ApiGen
+
+> **Automated API Discovery System with HITL Authentication**
+
+![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)
+![TypeScript](https://img.shields.io/badge/TypeScript-007ACC?logo=typescript&logoColor=white)
+![Node.js](https://img.shields.io/badge/Node.js-43853D?logo=node.js&logoColor=white)
+![Playwright](https://img.shields.io/badge/Playwright-2EAD33?logo=playwright&logoColor=white)
+
+---
+
+## 🚀 What is it?
+
+Modern web applications often rely on undocumented, "hidden" internal APIs. Reverse-engineering these endpoints manually by staring at the network tab in DevTools is a tedious, error-prone, and highly time-consuming process.
+
+**ApiGen** solves this pain point by automating the discovery and documentation of these hidden APIs. It seamlessly intercepts network traffic (XHR, Fetch, GraphQL), gracefully handles complex authentication barriers via a Human-in-the-Loop (HITL) system, recursively maps internal paths automatically via headless spidering, and outputs a strict, structurally sound OpenAPI 3.0 representation.
+
+---
+
+## 🏗️ Architecture
+
+ApiGen utilizes a **Hybrid API Discovery Approach** consisting of:
+
+1. **Passive Recording (Capture Mode):** Uses a headful instance of Playwright. You navigate a target web application as a real user—bypassing CAPTCHAs, 2FA, and complex login flows. Under the hood, ApiGen intercepts all network requests/responses and logs them securely into a local SQLite database. Upon closing the browser, it actively exports your authenticated session state into `.apigen-session.json`.
+2. **Auto-Spidering (Crawl Mode):** Takes the previously captured authenticated session state and launches a headless Playwright Breadth-First-Search (BFS) spider. It organically navigates the application just like an authenticated user would, discovering and hitting protected routes, intelligently avoiding generic WAF traps using randomized latency offsets, and feeding new underlying API traffic deeply into the local SQLite store.
+3. **OpenAPI Generation (Export):** A local robust schema inference engine processes thousands of SQLite records. It aggressively deduplicates dynamic URLs (folding Object IDs and UUIDs into neat path parameters), accurately infers nested JSON payload structures recursively, and compiles them to a strict, standard OpenAPI 3.0 json specification document.
+
+---
+
+## ⚙️ Tech Stack
+
+- **[Node.js](https://nodejs.org/en/) & [TypeScript](https://www.typescriptlang.org/)** - For robust type-safe runtime execution.
+- **[Playwright](https://playwright.dev/)** - For complete DOM navigation, session persistence, and native underlying browser CDP network interception workflows.
+- **[Better-SQLite3](https://github.com/WiseLibs/better-sqlite3)** - Highly scalable, local WAL-mode database used as the high-throughput primary storage layer.
+- **[Commander.js](https://github.com/tj/commander.js/)** - For building the intuitive Command Line Interface.
+- **[Chalk](https://github.com/chalk/chalk)** - For beautiful and clear terminal logging feedback.
+
+---
+
+## 🛠️ Getting Started
+
+### Installation
+
+Clone the repository and install dependencies:
+
+```bash
+git clone https://github.com/anoojshete/auto-api-discovery.git
+cd auto-api-discovery
+npm install
+npx playwright install chromium
+npm run build
+```
+
+*(Note: The project leverages `npm run apigen` as the execution entrypoint hooked to `ts-node src/index.ts`)*
+
+### Usage
+
+#### 1. Capture Mode
+Boot into target application interactively, bypass authentications, and capture underlying APIs. When you close the browser, your cookies are saved securely to your local working directory.
+
+```bash
+npm run apigen capture https://example.com
+```
+
+#### 2. Crawl Mode
+Trigger the automated, authenticated headless spider to deeply map internal features and capture the underlying APIs organically mapping to those components.
+
+```bash
+# Options: -d / --depth, -p / --pages
+npm run apigen crawl https://example.com --depth 3 --pages 50
+```
+
+#### 3. Export OpenAPI Schema
+Transform your densely populated local SQLite database into a unified, natively grouped and inferred OpenAPI 3.0 Document.
+
+```bash
+# Options: -b / --base-url
+npm run apigen export ./openapi.json --base-url https://api.example.com
+```

package/dist/crawler.js

@@ -0,0 +1,142 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startCrawler = startCrawler;
+const playwright_1 = require("playwright");
+const chalk_1 = __importDefault(require("chalk"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const interceptor_1 = require("./interceptor");
+const SESSION_FILE = path.resolve(process.cwd(), '.apigen-session.json');
+const sleep = (ms) => new Promise(r => setTimeout(r, ms));
+const randomDelay = (min, max) => sleep(Math.floor(Math.random() * (max - min + 1)) + min);
+async function startCrawler(targetUrl, maxDepth = 2, maxPages = 50) {
+    console.log(chalk_1.default.yellow(`Starting crawler for ${targetUrl} (Max Depth: ${maxDepth}, Max Pages: ${maxPages})...`));
+    let browser = null;
+    try {
+        browser = await playwright_1.chromium.launch({ headless: true });
+        const context = await browser.newContext();
+        // Load cookies if available to run fully authenticated
+        if (fs.existsSync(SESSION_FILE)) {
+            try {
+                const cookies = JSON.parse(fs.readFileSync(SESSION_FILE, 'utf-8'));
+                await context.addCookies(cookies);
+                console.log(chalk_1.default.green('Loaded session cookies successfully. Crawler is authenticated.'));
+            }
+            catch (err) {
+                console.error(chalk_1.default.red('Failed to load cookies from session file.'), err);
+            }
+        }
+        const page = await context.newPage();
+        // Attach the EXACT same interceptor from Milestone 1
+        (0, interceptor_1.attachInterceptor)(page);
+        let parsedTargetUrl;
+        try {
+            parsedTargetUrl = new URL(targetUrl);
+        }
+        catch {
+            console.error(chalk_1.default.red(`Invalid target URL: ${targetUrl}`));
+            return;
+        }
+        const domain = parsedTargetUrl.hostname;
+        // BFS Queue: { url, currentDepth }
+        const queue = [{ url: targetUrl, depth: 0 }];
+        const visited = new Set();
+        let pagesProcessed = 0;
+        console.log(chalk_1.default.blue('Beginning Breadth-First Spidering algorithm...'));
+        while (queue.length > 0 && pagesProcessed < maxPages) {
+            const current = queue.shift();
+            if (!current)
+                break;
+            const { url: currentUrl, depth } = current;
+            // Normalize URL (strip pure hash fragments to avoid duplicates)
+            let normalizedUrl = currentUrl;
+            try {
+                const pureUrl = new URL(currentUrl);
+                pureUrl.hash = '';
+                normalizedUrl = pureUrl.toString();
+            }
+            catch { }
+            if (visited.has(normalizedUrl))
+                continue;
+            visited.add(normalizedUrl);
+            console.log(chalk_1.default.cyan(`[Depth ${depth}] Crawling: ${normalizedUrl}`));
+            try {
+                await page.goto(normalizedUrl, { waitUntil: 'domcontentloaded', timeout: 15000 });
+                pagesProcessed++;
+                // Random delay to avoid aggressive WAF blocks
+                await randomDelay(500, 1500);
+                if (depth < maxDepth) {
+                    // Extract all <a> tags and map their absolute URLs
+                    const links = await page.$$eval('a', anchors => anchors.map(a => a.href));
+                    for (const link of links) {
+                        if (!link)
+                            continue;
+                        try {
+                            const parsedLink = new URL(link);
+                            // Filter out external links strictly based on target domain boundaries
+                            if (parsedLink.hostname === domain || parsedLink.hostname.endsWith(`.${domain}`)) {
+                                parsedLink.hash = '';
+                                const nextUrl = parsedLink.toString();
+                                // Add new links to queue
+                                if (!visited.has(nextUrl)) {
+                                    queue.push({ url: nextUrl, depth: depth + 1 });
+                                }
+                            }
+                        }
+                        catch (err) {
+                            // Ignore invalid or weird internal hrefs (`javascript:`, etc)
+                        }
+                    }
+                }
+            }
+            catch (navError) {
+                console.log(chalk_1.default.red(`Failed to crawl ${normalizedUrl} - `) + navError.message);
+            }
+        }
+        console.log(chalk_1.default.green(`Crawl completed! Processed ${pagesProcessed} pages and intercepted traffic.`));
+    }
+    catch (error) {
+        console.error(chalk_1.default.red('Crawler failed:'), error);
+    }
+    finally {
+        if (browser) {
+            await browser.close();
+        }
+    }
+}

package/dist/db.js

@@ -0,0 +1,60 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.insertEndpoint = insertEndpoint;
+exports.getAllEndpoints = getAllEndpoints;
+const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
+const path_1 = __importDefault(require("path"));
+// Initialize db
+const dbPath = path_1.default.resolve(process.cwd(), 'apigen.db');
+const db = new better_sqlite3_1.default(dbPath);
+db.pragma('journal_mode = WAL');
+// Create table
+db.exec(`
+  CREATE TABLE IF NOT EXISTS endpoints (
+    id TEXT PRIMARY KEY,
+    method TEXT NOT NULL,
+    url TEXT NOT NULL,
+    path_pattern TEXT NOT NULL,
+    request_headers TEXT,
+    request_body TEXT,
+    response_status INTEGER,
+    response_body TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+  )
+`);
+const insertStmt = db.prepare(`
+  INSERT INTO endpoints (
+    id, method, url, path_pattern, request_headers, request_body, response_status, response_body
+  ) VALUES (
+    @id, @method, @url, @path_pattern, @request_headers, @request_body, @response_status, @response_body
+  )
+`);
+function insertEndpoint(data) {
+    try {
+        insertStmt.run({
+            id: data.id,
+            method: data.method,
+            url: data.url,
+            path_pattern: data.path_pattern,
+            request_headers: JSON.stringify(data.request_headers),
+            request_body: data.request_body ? JSON.stringify(data.request_body) : null,
+            response_status: data.response_status,
+            response_body: data.response_body ? JSON.stringify(data.response_body) : null,
+        });
+    }
+    catch (error) {
+        console.error('Failed to insert endpoint into database:', error);
+    }
+}
+function getAllEndpoints() {
+    try {
+        return db.prepare('SELECT * FROM endpoints').all();
+    }
+    catch (error) {
+        console.error('Failed to get endpoints from database:', error);
+        return [];
+    }
+}

package/dist/index.js

@@ -0,0 +1,125 @@
+#!/usr/bin/env node
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const playwright_1 = require("playwright");
+const chalk_1 = __importDefault(require("chalk"));
+const interceptor_1 = require("./interceptor");
+const fs = __importStar(require("fs"));
+const db_1 = require("./db");
+const schema_engine_1 = require("./schema-engine");
+const openapi_generator_1 = require("./openapi-generator");
+const crawler_1 = require("./crawler");
+const path = __importStar(require("path"));
+const program = new commander_1.Command();
+program
+    .name('apigen')
+    .description('API discovery automation CLI')
+    .version('1.0.0');
+program
+    .command('capture <url>')
+    .description('Launch Playwright to capture API traffic')
+    .action(async (url) => {
+    console.log(chalk_1.default.yellow(`Starting capture engine...`));
+    console.log(chalk_1.default.blue(`Navigating to: ${url}`));
+    try {
+        const browser = await playwright_1.chromium.launch({ headless: false });
+        const context = await browser.newContext();
+        const page = await context.newPage();
+        (0, interceptor_1.attachInterceptor)(page);
+        await page.goto(url, { waitUntil: 'domcontentloaded' });
+        console.log(chalk_1.default.green('Navigation complete. Intercepting API traffic...'));
+        console.log(chalk_1.default.gray('Terminal output shows real-time capture. Close the browser window to exit.'));
+        // Save cookies safely in a loop to guarantee they are captured before exit
+        const sessionFile = path.resolve(process.cwd(), '.apigen-session.json');
+        let isRunning = true;
+        browser.on('disconnected', () => {
+            isRunning = false;
+            console.log(chalk_1.default.yellow('\nBrowser closed. Session saved. Exiting apigen gracefully...'));
+            process.exit(0);
+        });
+        // Periodically sync the cookies securely to avoid missing them if context is torn down quickly
+        while (isRunning) {
+            try {
+                const cookies = await context.cookies();
+                fs.writeFileSync(sessionFile, JSON.stringify(cookies, null, 2), 'utf-8');
+            }
+            catch (e) {
+                // Might hit target closed error silently during exit
+            }
+            await new Promise(resolve => setTimeout(resolve, 2000));
+        }
+    }
+    catch (error) {
+        console.error(chalk_1.default.red('Failed to start capture:'), error);
+        process.exit(1);
+    }
+});
+program
+    .command('export <output-file-json>')
+    .description('Export OpenAPI 3.0 specification from intercepted database traffic')
+    .option('-b, --base-url <url>', 'Base URL for OpenAPI specification', 'http://localhost')
+    .action((outputFile, options) => {
+    console.log(chalk_1.default.yellow('Reading endpoints from database...'));
+    const endpoints = (0, db_1.getAllEndpoints)();
+    if (endpoints.length === 0) {
+        console.log(chalk_1.default.red('No endpoints found in database to export.'));
+        process.exit(0);
+    }
+    console.log(chalk_1.default.blue(`Found ${endpoints.length} raw endpoints. Generating schema map...`));
+    // Process URLs and inference schemas
+    const schemaMap = (0, schema_engine_1.generateSchemaMap)(endpoints);
+    const finalMap = Object.values(schemaMap);
+    console.log(chalk_1.default.green(`Folded into ${finalMap.length} unique routes.`));
+    console.log(chalk_1.default.blue('Converting to OpenAPI 3.0 specification...'));
+    const openapiSpec = (0, openapi_generator_1.generateOpenAPI)(finalMap, options.baseUrl);
+    fs.writeFileSync(outputFile, JSON.stringify(openapiSpec, null, 2), 'utf-8');
+    console.log(chalk_1.default.green(`Export complete: ${outputFile}`));
+});
+program
+    .command('crawl <target-url>')
+    .description('Run authenticated headless crawler on target URL')
+    .option('-d, --depth <number>', 'Maximum BFS crawl depth', '2')
+    .option('-p, --pages <number>', 'Maximum pages to crawl', '50')
+    .action(async (targetUrl, options) => {
+    const maxDepth = parseInt(options.depth, 10);
+    const maxPages = parseInt(options.pages, 10);
+    await (0, crawler_1.startCrawler)(targetUrl, maxDepth, maxPages);
+});
+program.parse(process.argv);

package/dist/interceptor.js

@@ -0,0 +1,90 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.attachInterceptor = attachInterceptor;
+const crypto_1 = require("crypto");
+const chalk_1 = __importDefault(require("chalk"));
+const db_1 = require("./db");
+const IGNORED_RESOURCE_TYPES = new Set(['image', 'stylesheet', 'font', 'media', 'script', 'document']);
+const TARGET_RESOURCE_TYPES = new Set(['xhr', 'fetch']);
+function attachInterceptor(page) {
+    page.on('response', async (response) => {
+        const request = response.request();
+        const resourceType = request.resourceType();
+        // 1. Crucial Filter: ONLY capture traffic if it is XHR, Fetch etc.
+        if (!TARGET_RESOURCE_TYPES.has(resourceType)) {
+            return;
+        }
+        const url = request.url();
+        // Ignore tracking domains / static extensions
+        if (url.includes('google-analytics.com') ||
+            url.includes('googletagmanager.com') ||
+            url.match(/\.(png|jpg|jpeg|gif|css|woff2?|js|ico|svg)$/i)) {
+            return;
+        }
+        const method = request.method();
+        // Ignore preflight requests
+        if (method === 'OPTIONS')
+            return;
+        try {
+            const status = response.status();
+            const headers = request.headers();
+            let reqBodyParsed = null;
+            let resBodyParsed = null;
+            // Parse request post body
+            const postData = request.postData();
+            if (postData) {
+                try {
+                    reqBodyParsed = JSON.parse(postData);
+                }
+                catch {
+                    reqBodyParsed = postData; // Fallback to raw string
+                }
+            }
+            // Parse response body (JSON, text)
+            const contentType = response.headers()['content-type'] || '';
+            if (contentType.includes('application/json') || contentType.includes('text/')) {
+                try {
+                    const resBodyBuffer = await response.body();
+                    const resBodyString = resBodyBuffer.toString('utf-8');
+                    try {
+                        resBodyParsed = JSON.parse(resBodyString);
+                    }
+                    catch {
+                        resBodyParsed = resBodyString;
+                    }
+                }
+                catch (err) {
+                    resBodyParsed = null;
+                }
+            }
+            else {
+                resBodyParsed = "[Binary or Unsupported Content]";
+            }
+            // Extract basic path pattern
+            let pathPattern = '/';
+            try {
+                pathPattern = new URL(url).pathname;
+            }
+            catch { }
+            const data = {
+                id: (0, crypto_1.randomUUID)(),
+                method,
+                url,
+                path_pattern: pathPattern,
+                request_headers: headers,
+                request_body: reqBodyParsed,
+                response_status: status,
+                response_body: resBodyParsed
+            };
+            (0, db_1.insertEndpoint)(data);
+            const color = status >= 400 ? chalk_1.default.red : chalk_1.default.green;
+            console.log(`${chalk_1.default.cyan(`[${method}]`)} ${color(status)} - ${url}`);
+        }
+        catch (err) {
+            console.error(chalk_1.default.red('[Interceptor Error]'), err);
+        }
+    });
+}

package/dist/openapi-generator.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateOpenAPI = generateOpenAPI;
+function mapSchemaToOpenAPI(customSchema) {
+    if (customSchema === 'string')
+        return { type: 'string' };
+    if (customSchema === 'number')
+        return { type: 'number' };
+    if (customSchema === 'boolean')
+        return { type: 'boolean' };
+    if (customSchema === 'null')
+        return { nullable: true };
+    if (customSchema === 'any' || customSchema === 'unknown')
+        return {};
+    if (Array.isArray(customSchema)) {
+        let itemSchema = {};
+        if (customSchema.length > 0) {
+            itemSchema = mapSchemaToOpenAPI(customSchema[0]);
+        }
+        return { type: 'array', items: itemSchema };
+    }
+    if (typeof customSchema === 'object' && customSchema !== null) {
+        const properties = {};
+        for (const [key, value] of Object.entries(customSchema)) {
+            properties[key] = mapSchemaToOpenAPI(value);
+        }
+        return { type: 'object', properties };
+    }
+    return {}; // fallback
+}
+function extractPathParams(path) {
+    const matches = path.match(/\{([^}]+)\}/g);
+    if (!matches)
+        return [];
+    return matches.map(m => m.slice(1, -1));
+}
+function generateOpenAPI(customSchema, baseUrl) {
+    const openapi = {
+        openapi: '3.0.0',
+        info: {
+            title: 'Auto-Discovered API',
+            version: '1.0.0',
+            description: 'API documentation generated by apigen'
+        },
+        servers: [
+            { url: baseUrl }
+        ],
+        paths: {}
+    };
+    for (const entry of customSchema) {
+        const method = entry.method.toLowerCase();
+        const path = entry.foldedUrl;
+        if (!openapi.paths[path]) {
+            openapi.paths[path] = {};
+        }
+        const pathItem = openapi.paths[path];
+        const operation = {
+            responses: {}
+        };
+        const pathParams = extractPathParams(path);
+        if (pathParams.length > 0) {
+            operation.parameters = pathParams.map(param => ({
+                name: param,
+                in: 'path',
+                required: true,
+                schema: { type: 'string' }
+            }));
+        }
+        // Process responses
+        for (const [statusCode, schemaBody] of Object.entries(entry.responseSchemas)) {
+            operation.responses[statusCode] = {
+                description: `Response for status ${statusCode}`,
+                content: {
+                    'application/json': {
+                        schema: mapSchemaToOpenAPI(schemaBody)
+                    }
+                }
+            };
+        }
+        // Default response if empty
+        if (Object.keys(operation.responses).length === 0) {
+            operation.responses['200'] = { description: 'Success' };
+        }
+        pathItem[method] = operation;
+    }
+    return openapi;
+}

package/dist/schema-engine.js

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.foldUrl = foldUrl;
+exports.inferSchema = inferSchema;
+exports.generateSchemaMap = generateSchemaMap;
+const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+const OBJECT_ID_REGEX = /^[0-9a-fA-F]{24}$/;
+const INTEGER_REGEX = /^\d+$/;
+function isDynamicToken(token) {
+    if (UUID_REGEX.test(token))
+        return true;
+    if (OBJECT_ID_REGEX.test(token))
+        return true;
+    if (INTEGER_REGEX.test(token))
+        return true;
+    return false;
+}
+function foldUrl(url) {
+    try {
+        const parsed = new URL(url);
+        const parts = parsed.pathname.split('/').filter(Boolean);
+        let paramCounter = 1;
+        const foldedParts = parts.map(part => {
+            if (isDynamicToken(part)) {
+                return `{param${paramCounter++}}`;
+            }
+            return part;
+        });
+        return `/${foldedParts.join('/')}`;
+    }
+    catch {
+        return url;
+    }
+}
+function inferSchema(data) {
+    if (data === null)
+        return 'null';
+    if (typeof data === 'string')
+        return 'string';
+    if (typeof data === 'number')
+        return 'number';
+    if (typeof data === 'boolean')
+        return 'boolean';
+    if (Array.isArray(data)) {
+        if (data.length === 0)
+            return ['any'];
+        // Infer schema of the object inside the array
+        return [inferSchema(data[0])];
+    }
+    if (typeof data === 'object') {
+        const schema = {};
+        for (const key of Object.keys(data)) {
+            schema[key] = inferSchema(data[key]);
+        }
+        return schema;
+    }
+    return 'unknown';
+}
+function generateSchemaMap(endpoints) {
+    const map = {};
+    for (const ep of endpoints) {
+        const foldedUrl = foldUrl(ep.url);
+        const key = `${ep.method} ${foldedUrl}`;
+        if (!map[key]) {
+            map[key] = {
+                method: ep.method,
+                foldedUrl,
+                responseSchemas: {},
+            };
+        }
+        if (ep.response_status === 200 && ep.response_body) {
+            let bodyData = ep.response_body;
+            if (typeof bodyData === 'string') {
+                try {
+                    bodyData = JSON.parse(bodyData);
+                }
+                catch { } // Leave as string if parsing fails
+            }
+            if (bodyData && typeof bodyData === 'object') {
+                const schema = inferSchema(bodyData);
+                map[key].responseSchemas[200] = schema;
+            }
+        }
+    }
+    return map;
+}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "auto-api-discovery",
+  "version": "1.0.0",
+  "description": "API discovery automation CLI",
+  "main": "dist/index.js",
+  "bin": {
+    "apigen": "./dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "ts-node src/index.ts",
+    "prepublishOnly": "npm run build",
+    "postinstall": "playwright install"
+  },
+  "keywords": [
+    "api",
+    "openapi",
+    "cli",
+    "playwright",
+    "automation"
+  ],
+  "author": "Anooj Shete",
+  "license": "MIT",
+  "dependencies": {
+    "better-sqlite3": "^9.4.0",
+    "chalk": "^4.1.2",
+    "commander": "^12.0.0",
+    "playwright": "^1.42.1"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.9",
+    "@types/node": "^20.11.24",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.3.3"
+  }
+}