npm - create-backlist - Versions diffs - 10.1.2 → 10.1.5 - Mend

create-backlist 10.1.2 → 10.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/src/qa/qa-engine.js CHANGED Viewed

@@ -76,7 +76,7 @@ async function getPlaywright() {
 }
 // ─────────────────────────────────────────────────────────────────────────
-//  NEW v15: Image hash for visual regression
+//  Image hash for visual regression
 // ─────────────────────────────────────────────────────────────────────────
 function hashBuffer(buf) {
   return crypto.createHash('md5').update(buf).digest('hex');
@@ -101,30 +101,30 @@ export class QASession {
   a11yResults   = [];
   seoResults    = [];
   playwrightMode = false;
-  // NEW v15 fields
-  visualRegressions = [];
-  cookieAudit       = [];
-  loadTestResults   = [];
-  brokenLinks       = [];
-  fontAudit         = [];
-  assetAudit        = [];
-  memorySnapshots   = [];
-  wsTests           = [];
-  darkModeResults   = [];
-  viewportResults   = {};
-  apiContracts      = [];
-  userFlowResults   = [];
-  redirectChains    = [];
+  // v15 fields
+  visualRegressions  = [];
+  cookieAudit        = [];
+  loadTestResults    = [];
+  brokenLinks        = [];
+  fontAudit          = [];
+  assetAudit         = [];
+  memorySnapshots    = [];
+  wsTests            = [];
+  darkModeResults    = [];
+  viewportResults    = {};
+  apiContracts       = [];
+  userFlowResults    = [];
+  redirectChains     = [];
   mixedContentIssues = [];
-  cspViolations     = [];
-  thirdPartyScripts = [];
-  errorPageTests    = [];
-  formTests         = [];
-  authTests         = [];
-  cacheHeaders      = [];
-  httpVersions      = {};
-  tlsInfo           = {};
-  dnsInfo           = {};
+  cspViolations      = [];
+  thirdPartyScripts  = [];
+  errorPageTests     = [];
+  formTests          = [];
+  authTests          = [];
+  cacheHeaders       = [];
+  httpVersions       = {};
+  tlsInfo            = {};
+  dnsInfo            = {};
   constructor(urls = {}) {
     this.id        = `QA-${shortId().toUpperCase()}`;
@@ -156,7 +156,7 @@ export class QASession {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  HTTP Probe — real HTTP requests with v15 extras
+//  HTTP Probe — real HTTP requests
 // ═══════════════════════════════════════════════════════════════════════════
 async function httpProbe(url, { method = 'GET', timeout = 12000, headers = {}, body: reqBody = null, followRedirects = true } = {}) {
   const t0 = Date.now();
@@ -201,7 +201,7 @@ async function httpProbe(url, { method = 'GET', timeout = 12000, headers = {}, b
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Redirect Chain Analyzer
+//  Redirect Chain Analyzer
 // ═══════════════════════════════════════════════════════════════════════════
 async function analyzeRedirectChain(url) {
   const chain = [];
@@ -243,7 +243,7 @@ async function analyzeRedirectChain(url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Load Test — concurrent requests
+//  Load Test — concurrent requests
 // ═══════════════════════════════════════════════════════════════════════════
 async function runLoadTest(url, { concurrency = 10, duration = 10000, rampUp = 2000 } = {}) {
   const results   = { requests: 0, errors: 0, timeouts: 0, responses: {} };
@@ -272,7 +272,7 @@ async function runLoadTest(url, { concurrency = 10, duration = 10000, rampUp = 2
       } catch {
         results.errors++;
       }
-      await sleep(50); // small breathing room
+      await sleep(50);
     }
   };
@@ -304,7 +304,7 @@ async function runLoadTest(url, { concurrency = 10, duration = 10000, rampUp = 2
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Cookie Audit
+//  Cookie Audit
 // ═══════════════════════════════════════════════════════════════════════════
 async function runCookieAudit(url) {
   const r       = await httpProbe(url);
@@ -343,7 +343,7 @@ async function runCookieAudit(url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Broken Link Scanner (deep)
+//  Broken Link Scanner (deep)
 // ═══════════════════════════════════════════════════════════════════════════
 async function scanBrokenLinks(url, { maxLinks = 100 } = {}) {
   const r     = await httpProbe(url);
@@ -389,7 +389,7 @@ async function scanBrokenLinks(url, { maxLinks = 100 } = {}) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: API Contract Tester
+//  API Contract Tester
 // ═══════════════════════════════════════════════════════════════════════════
 async function testAPIContract(endpoint, { expectedStatus = 200, expectedFields = [], method = 'GET', body = null, headers = {} } = {}) {
   const r = await httpProbe(endpoint, { method, body, headers, timeout: 10000 });
@@ -400,7 +400,7 @@ async function testAPIContract(endpoint, { expectedStatus = 200, expectedFields
   }
   if (r.parsed && expectedFields.length > 0) {
     for (const field of expectedFields) {
-      const hasField = field.includes('.')
+      const hasField = field.includes('.')
         ? field.split('.').reduce((obj, k) => obj?.[k], r.parsed) !== undefined
         : r.parsed[field] !== undefined || (Array.isArray(r.parsed) && r.parsed[0]?.[field] !== undefined);
       if (!hasField) issues.push(`Missing field: ${field}`);
@@ -422,7 +422,7 @@ async function testAPIContract(endpoint, { expectedStatus = 200, expectedFields
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Form Interaction Tester (Playwright)
+//  Form Interaction Tester (Playwright)
 // ═══════════════════════════════════════════════════════════════════════════
 async function testForms(page, url) {
   const results = [];
@@ -436,19 +436,16 @@ async function testForms(page, url) {
       const submits  = await form.$$('[type="submit"], button[type="submit"]');
       const hasSubmit = submits.length > 0;
-      // Test required field validation
       let validationWorks = false;
       if (hasSubmit) {
         try {
           await submits[0].click({ timeout: 2000 });
           await page.waitForTimeout(300);
-          // Check for validation messages
           const invalidFields = await page.$$(':invalid');
           validationWorks = invalidFields.length > 0 || (await page.evaluate(() => document.querySelector('.error, .invalid, [aria-invalid="true"]') !== null));
         } catch {}
       }
-      // Test placeholder/label
       let labelCount = 0;
       for (const inp of inputs) {
         const id      = await inp.getAttribute('id');
@@ -480,12 +477,11 @@ async function testForms(page, url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Memory Leak Detector (Playwright)
+//  Memory Leak Detector (Playwright)
 // ═══════════════════════════════════════════════════════════════════════════
 async function detectMemoryLeaks(page, url) {
   const snapshots = [];
   try {
-    // Snapshot 1: initial load
     const heap1 = await page.evaluate(() => {
       if (window.performance?.memory) {
         return { used: performance.memory.usedJSHeapSize, total: performance.memory.totalJSHeapSize };
@@ -494,7 +490,6 @@ async function detectMemoryLeaks(page, url) {
     });
     if (heap1) snapshots.push({ label: 'initial', ...heap1, time: 0 });
-    // Simulate user interactions to trigger potential leaks
     await page.evaluate(() => {
       for (let i = 0; i < 5; i++) {
         window.dispatchEvent(new Event('scroll'));
@@ -503,7 +498,6 @@ async function detectMemoryLeaks(page, url) {
     });
     await page.waitForTimeout(1000);
-    // Navigate away and back
     const currentUrl = page.url();
     await page.goto('about:blank', { waitUntil: 'load' }).catch(() => {});
     await page.goto(currentUrl, { waitUntil: 'networkidle', timeout: 15000 }).catch(() => {});
@@ -532,19 +526,17 @@ async function detectMemoryLeaks(page, url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Dark Mode Tester (Playwright)
+//  Dark Mode Tester (Playwright)
 // ═══════════════════════════════════════════════════════════════════════════
 async function testDarkMode(page, url, screenshotDir, sessionId) {
   const results = {};
   try {
-    // Light mode screenshot already taken — test dark mode
     await page.emulateMedia({ colorScheme: 'dark' });
     await page.waitForTimeout(800);
     const darkName = `${sessionId}-dark-${shortId()}.png`;
     const darkPath = path.join(screenshotDir, darkName);
     await page.screenshot({ path: darkPath, fullPage: false });
-    // Check if dark mode actually changes anything
     const hasMediaQuery = await page.evaluate(() => {
       const sheets = [...document.styleSheets];
       for (const sheet of sheets) {
@@ -558,7 +550,6 @@ async function testDarkMode(page, url, screenshotDir, sessionId) {
       return false;
     });
-    // Check body background color changes
     const darkBg = await page.evaluate(() => {
       return window.getComputedStyle(document.body).backgroundColor;
     });
@@ -567,7 +558,6 @@ async function testDarkMode(page, url, screenshotDir, sessionId) {
     results.hasMediaQuery = hasMediaQuery;
     results.supportsDark = hasMediaQuery;
-    // Reset to light
     await page.emulateMedia({ colorScheme: 'light' });
     await page.waitForTimeout(300);
@@ -584,11 +574,10 @@ async function testDarkMode(page, url, screenshotDir, sessionId) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Third-Party Script Auditor (Playwright)
+//  Third-Party Script Auditor (Playwright)
 // ═══════════════════════════════════════════════════════════════════════════
 async function auditThirdPartyScripts(page) {
   const origin   = new URL(page.url()).origin;
-  const scripts  = [];
   const requests = [];
   const handler = (req) => {
@@ -609,7 +598,6 @@ async function auditThirdPartyScripts(page) {
   await page.waitForTimeout(2000);
   page.off('request', handler);
-  // Deduplicate by domain
   const domainMap = {};
   for (const r of requests) {
     if (!domainMap[r.domain]) domainMap[r.domain] = { ...r, count: 0 };
@@ -642,7 +630,7 @@ function classifyThirdParty(hostname) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Font & Asset Auditor (Playwright)
+//  Font & Asset Auditor (Playwright)
 // ═══════════════════════════════════════════════════════════════════════════
 async function auditFontsAndAssets(page) {
   return await page.evaluate(() => {
@@ -673,12 +661,10 @@ async function auditFontsAndAssets(page) {
       }
     }
-    // Font analysis
     const fontFaces = document.fonts ? [...document.fonts].map(f => ({
       family: f.family, style: f.style, weight: f.weight, status: f.status,
     })) : [];
-    // Image format analysis
     const images = [...document.images].map(img => ({
       src: img.src?.split('/').pop().slice(0, 60),
       naturalWidth: img.naturalWidth, naturalHeight: img.naturalHeight,
@@ -700,7 +686,7 @@ async function auditFontsAndAssets(page) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: User Flow Simulator (Playwright)
+//  User Flow Simulator (Playwright)
 // ═══════════════════════════════════════════════════════════════════════════
 async function simulateUserFlow(page, url) {
   const steps = [];
@@ -770,7 +756,7 @@ async function simulateUserFlow(page, url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Multi-Viewport Screenshot + Layout Tester (Playwright)
+//  Multi-Viewport Screenshot + Layout Tester (Playwright)
 // ═══════════════════════════════════════════════════════════════════════════
 async function testAllViewports(page, url, screenshotDir, sessionId) {
   const results = {};
@@ -783,11 +769,9 @@ async function testAllViewports(page, url, screenshotDir, sessionId) {
       const fpath = path.join(screenshotDir, name);
       await page.screenshot({ path: fpath, fullPage: false });
-      // Check for overflow/horizontal scroll
       const hasHorizontalScroll = await page.evaluate(() =>
         document.documentElement.scrollWidth > document.documentElement.clientWidth
       );
-      // Check font size not too small
       const minFontSize = await page.evaluate(() => {
         const els = [...document.querySelectorAll('p, span, a, li, td')].slice(0, 20);
         return Math.min(...els.map(el => parseFloat(window.getComputedStyle(el).fontSize) || 16));
@@ -807,13 +791,12 @@ async function testAllViewports(page, url, screenshotDir, sessionId) {
       results[key] = { label: vp.label, width: vp.width, height: vp.height, error: err.message, passed: false };
     }
   }
-  // Reset to desktop
   await page.setViewportSize({ width: 1280, height: 900 });
   return results;
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Cache Headers Auditor
+//  Cache Headers Auditor
 // ═══════════════════════════════════════════════════════════════════════════
 async function auditCacheHeaders(url) {
   const r = await httpProbe(url);
@@ -848,7 +831,7 @@ async function auditCacheHeaders(url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Mixed Content & CSP Violation Checker (Playwright)
+//  Mixed Content & CSP Violation Checker (Playwright)
 // ═══════════════════════════════════════════════════════════════════════════
 async function checkMixedContent(page) {
   const mixed = [];
@@ -867,7 +850,7 @@ async function checkMixedContent(page) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: Error Page Tester (404, 500)
+//  Error Page Tester (404, 500)
 // ═══════════════════════════════════════════════════════════════════════════
 async function testErrorPages(baseUrl) {
   const tests = [
@@ -898,7 +881,7 @@ async function testErrorPages(baseUrl) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  NEW v15: HTTP Version & TLS Inspector
+//  HTTP Version & TLS Inspector
 // ═══════════════════════════════════════════════════════════════════════════
 async function inspectHTTPVersion(url) {
   const r = await httpProbe(url);
@@ -910,7 +893,7 @@ async function inspectHTTPVersion(url) {
   return {
     url, isHTTPS,
     altSvc: altSvc || null,
-    likelyHTTP2: hasH2 || isHTTPS, // Most modern HTTPS servers use H2
+    likelyHTTP2: hasH2 || isHTTPS,
     likelyHTTP3: hasH3,
     hsts: r.headers['strict-transport-security'] || null,
     issues: [
@@ -920,7 +903,7 @@ async function inspectHTTPVersion(url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  PLAYWRIGHT REAL BROWSER ENGINE v15 — Enhanced
+//  PLAYWRIGHT REAL BROWSER ENGINE v15
 // ═══════════════════════════════════════════════════════════════════════════
 async function runPlaywrightScan(url, session, dash, options = {}) {
   const chromium = await getPlaywright();
@@ -966,7 +949,6 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
     page = await context.newPage();
-    // ── Mixed Content & CSP violations ──────────────────────────────────
     const mixedContent   = [];
     const cspViolations2 = [];
     page.on('console', (msg) => {
@@ -981,14 +963,12 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
       }
     });
-    // ── Capture JS errors ────────────────────────────────────────────────
     page.on('pageerror', (err) => {
       const entry = { message: err.message, stack: err.stack, url: page.url(), timestamp: Date.now() };
       results.jsErrors.push(entry);
       session.consoleErrors.push({ type: 'pageerror', text: err.message, url: page.url() });
     });
-    // ── Network monitoring ───────────────────────────────────────────────
     const requestTimings = new Map();
     page.on('request', (req) => {
       requestTimings.set(req.url(), Date.now());
@@ -1015,7 +995,6 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
       }
     });
-    // ── Navigate ─────────────────────────────────────────────────────────
     const navStart = Date.now();
     const response = await page.goto(url, {
       waitUntil: 'networkidle', timeout: 30000,
@@ -1029,7 +1008,7 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
     await fs.ensureDir(SCREENSHOT_DIR);
-    // ── 1. Desktop Screenshot ────────────────────────────────────────────
+    // 1. Desktop Screenshot
     const desktopName = `${session.id}-desktop-${shortId()}.png`;
     const desktopPath = path.join(SCREENSHOT_DIR, desktopName);
     await page.screenshot({ path: desktopPath, fullPage: true });
@@ -1037,7 +1016,7 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
     session.screenshots.push({ path: desktopPath, name: desktopName, type: 'desktop', url });
     dash?.log(chalk.green(`  📸 Desktop screenshot: ${desktopName}`));
-    // ── 2. Multi-Viewport Testing (v15) ──────────────────────────────────
+    // 2. Multi-Viewport Testing
     dash?.log(chalk.cyan('  📱 Testing all viewports...'));
     const vpResults = await testAllViewports(page, url, SCREENSHOT_DIR, session.id);
     results.viewportResults = vpResults;
@@ -1050,7 +1029,7 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
     const vpIssues = Object.values(vpResults).filter(v => !v.passed);
     dash?.log(chalk.green(`  ✓ Viewports: ${Object.keys(vpResults).length - vpIssues.length}/${Object.keys(vpResults).length} passed`));
-    // ── 3. Dark Mode Test (v15) ───────────────────────────────────────────
+    // 3. Dark Mode Test
     dash?.log(chalk.cyan('  🌙 Testing dark mode...'));
     const darkResult = await testDarkMode(page, url, SCREENSHOT_DIR, session.id);
     results.darkMode = darkResult;
@@ -1059,9 +1038,8 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
       session.screenshots.push({ path: darkResult.dark.screenshotPath, name: darkResult.dark.screenshotName, type: 'dark-mode', url });
     }
-    // ── 4. Real Web Vitals ────────────────────────────────────────────────
+    // 4. Real Web Vitals
     dash?.log(chalk.cyan('  ⚡ Measuring real Web Vitals...'));
-    // Navigate fresh for clean vitals
     await page.goto(url, { waitUntil: 'networkidle', timeout: 30000 }).catch(() => {});
     const vitals = await page.evaluate(() => {
       return new Promise((resolve) => {
@@ -1102,7 +1080,7 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
     results.vitals = { ...vitals, ...navTiming, navDuration };
     dash?.log(chalk.green(`  ✓ Vitals: TTFB=${navTiming.ttfb||'?'}ms LCP=${vitals.lcp||'?'}ms FCP=${vitals.fcp||'?'}ms CLS=${vitals.cls??'?'}`));
-    // ── 5. Memory Leak Detection (v15) ────────────────────────────────────
+    // 5. Memory Leak Detection
     dash?.log(chalk.cyan('  🧠 Detecting memory leaks...'));
     const memResult = await detectMemoryLeaks(page, url);
     results.memoryLeak = memResult;
@@ -1111,7 +1089,7 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
       dash?.log(chalk.yellow(`  ⚠ Memory leak detected: +${memResult.growthMB}MB`));
     }
-    // ── 6. DOM Checks ────────────────────────────────────────────────────
+    // 6. DOM Checks
     dash?.log(chalk.cyan('  🔍 Running DOM checks...'));
     await page.goto(url, { waitUntil: 'networkidle', timeout: 30000 }).catch(() => {});
     const domChecks = await page.evaluate(() => {
@@ -1136,7 +1114,6 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
       checks.push({ name: 'Viewport meta', pass: !!vp, value: vp?.content || 'missing' });
       const bodyStyle = window.getComputedStyle(document.body);
       checks.push({ name: 'Body has styles', pass: !!bodyStyle.backgroundColor || !!bodyStyle.color, value: 'CSS applied' });
-      // NEW v15 DOM checks
       const skipLink = document.querySelector('a[href="#main"], a[href="#content"], .skip-link');
       checks.push({ name: 'Skip navigation link', pass: !!skipLink, value: skipLink ? 'Present' : 'Missing (accessibility)' });
       const mainEl = document.querySelector('main, [role="main"]');
@@ -1161,25 +1138,25 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
     results.domChecks = domChecks;
     dash?.log(chalk.green(`  ✓ DOM: ${domChecks.filter(c => c.pass).length}/${domChecks.length} checks passed`));
-    // ── 7. Form Tests (v15) ───────────────────────────────────────────────
+    // 7. Form Tests
     dash?.log(chalk.cyan('  📝 Testing forms...'));
     const formResults = await testForms(page, url);
     results.forms = formResults;
     session.formTests.push(...formResults.map(f => ({ url, ...f })));
-    // ── 8. Third-Party Script Audit (v15) ─────────────────────────────────
+    // 8. Third-Party Script Audit
     dash?.log(chalk.cyan('  📦 Auditing third-party scripts...'));
     const thirdPartyScripts = await auditThirdPartyScripts(page);
     results.thirdParty = thirdPartyScripts;
     session.thirdPartyScripts.push(...thirdPartyScripts.map(s => ({ url, ...s })));
-    // ── 9. Font & Asset Audit (v15) ───────────────────────────────────────
+    // 9. Font & Asset Audit
     dash?.log(chalk.cyan('  🔤 Auditing fonts and assets...'));
     const assetData = await auditFontsAndAssets(page);
     results.fonts   = assetData;
     session.assetAudit.push({ url, ...assetData });
-    // ── 10. Interaction Tests ─────────────────────────────────────────────
+    // 10. Interaction Tests
     dash?.log(chalk.cyan('  🖱️  Testing interactions...'));
     const interactions = [];
     const buttonCount  = await page.locator('button:visible').count().catch(() => 0);
@@ -1206,14 +1183,12 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
       const firstLink = page.locator('a:visible').first();
       if (await firstLink.count() > 0) { await firstLink.hover(); interactions.push({ name: 'Link hover', pass: true, value: 'Hover works' }); }
     } catch { interactions.push({ name: 'Link hover', pass: false, value: 'Hover failed' }); }
-    // NEW v15: right-click test
     try {
       await page.mouse.click(640, 400, { button: 'right' });
       await page.waitForTimeout(200);
       await page.keyboard.press('Escape');
       interactions.push({ name: 'Right-click (context menu)', pass: true, value: 'Works' });
     } catch { interactions.push({ name: 'Right-click', pass: false, value: 'Failed' }); }
-    // NEW v15: copy text test
     try {
       await page.keyboard.press('Control+a');
       await page.waitForTimeout(100);
@@ -1223,14 +1198,14 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
     results.interactions = interactions;
     dash?.log(chalk.green(`  ✓ Interactions: ${interactions.filter(i => i.pass).length}/${interactions.length} passed`));
-    // ── 11. User Flow Simulation (v15) ────────────────────────────────────
+    // 11. User Flow Simulation
     dash?.log(chalk.cyan('  🧑‍💻 Simulating user flow...'));
     const flowResult = await simulateUserFlow(page, url);
     results.userFlow = flowResult;
     session.userFlowResults.push(flowResult);
     dash?.log(chalk.green(`  ✓ User flow: ${flowResult.passed}/${flowResult.steps.length} steps passed`));
-    // ── 12. Resource Analysis ─────────────────────────────────────────────
+    // 12. Resource Analysis
     const resourceStats = await page.evaluate(() => {
       const entries = performance.getEntriesByType('resource');
       const byType  = {};
@@ -1251,7 +1226,6 @@ async function runPlaywrightScan(url, session, dash, options = {}) {
     results.mixedContent     = mixedContent;
     results.cspViolations    = cspViolations2;
-    // Store mixed content/CSP in session
     session.mixedContentIssues.push(...mixedContent.map(m => ({ url, text: m })));
     session.cspViolations.push(...cspViolations2.map(c => ({ url, text: c })));
@@ -1330,7 +1304,7 @@ async function crawlSite(baseUrl, { maxPages = 60, onRoute } = {}) {
     }
   }
-  // Common paths probe (v15 extended)
+  // Common paths probe
   const commonPaths = [
     '/api/health', '/health', '/api/status', '/api/v1/health',
     '/api/docs', '/robots.txt', '/sitemap.xml', '/manifest.json',
@@ -1358,7 +1332,7 @@ async function crawlSite(baseUrl, { maxPages = 60, onRoute } = {}) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  Security Scanner v15 — Extended
+//  Security Scanner v15
 // ═══════════════════════════════════════════════════════════════════════════
 async function runSecurityScan(url) {
   const findings = [];
@@ -1388,7 +1362,6 @@ async function runSecurityScan(url) {
       validate: v => !v || (!v.includes('/') && !/\d+\.\d+/.test(v)), rec: 'Genericize Server header' },
     { id: 'xpb',    name: 'X-Powered-By hidden',          header: 'x-powered-by',              sev: 'P2',
       validate: v => !v, rec: 'Remove X-Powered-By header' },
-    // NEW v15
     { id: 'coep',   name: 'Cross-Origin-Embedder-Policy', header: 'cross-origin-embedder-policy', sev: 'P3',
       validate: v => !!v, rec: 'Add COEP for isolation' },
     { id: 'coop',   name: 'Cross-Origin-Opener-Policy',   header: 'cross-origin-opener-policy',  sev: 'P3',
@@ -1421,7 +1394,6 @@ async function runSecurityScan(url) {
     recommendation: 'Never combine CORS * with allow-credentials',
   });
-  // NEW v15: Check for version disclosure in other headers
   const versionHeaders = ['x-aspnet-version', 'x-aspnetmvc-version', 'x-drupal-cache', 'x-generator'];
   for (const vh of versionHeaders) {
     if (h[vh]) findings.push({
@@ -1444,7 +1416,6 @@ async function runSecurityScan(url) {
     { path: '/api/openapi.json', name: 'OpenAPI docs exposed' },
     { path: '/config.json',      name: 'config.json exposed' },
     { path: '/debug',            name: 'Debug endpoint' },
-    // NEW v15
     { path: '/.DS_Store',        name: '.DS_Store exposed' },
     { path: '/wp-config.php',    name: 'WordPress config' },
     { path: '/package.json',     name: 'package.json exposed' },
@@ -1474,7 +1445,7 @@ async function runSecurityScan(url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  SEO Scanner v15 — Extended
+//  SEO Scanner v15
 // ═══════════════════════════════════════════════════════════════════════════
 async function runSEOScan(url) {
   const t0   = Date.now();
@@ -1535,7 +1506,6 @@ async function runSEOScan(url) {
   checks.push({ name: 'Server response time', pass: rt < 800, severity: rt > 2000 ? 'P1' : 'P2',
     category: 'performance-seo', detail: `TTFB: ${rt}ms (Google: <800ms)` });
-  // NEW v15: Heading hierarchy
   const headings = (html.match(/<h[1-6][^>]*>/gi) || []).map(h => parseInt(h[2]));
   let hierOk = true;
   for (let i = 1; i < headings.length; i++) {
@@ -1543,7 +1513,6 @@ async function runSEOScan(url) {
   }
   checks.push({ name: 'Heading hierarchy', pass: hierOk, severity: 'P2', category: 'structure', detail: hierOk ? 'Headings in order' : 'Skipped heading levels' });
-  // NEW v15: noindex check
   const noindex = has(/<meta[^>]+name=["']robots["'][^>]+content=["'][^"']*noindex/i);
   checks.push({ name: 'Not noindexed', pass: !noindex, severity: noindex ? 'P1' : 'INFO', category: 'crawling', detail: noindex ? 'Page is noindexed!' : 'Indexable' });
@@ -1562,7 +1531,7 @@ async function runSEOScan(url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  Accessibility Scanner v15 — Extended
+//  Accessibility Scanner v15
 // ═══════════════════════════════════════════════════════════════════════════
 async function runA11yScan(url) {
   const r    = await httpProbe(url, { timeout: 12000 });
@@ -1578,7 +1547,6 @@ async function runA11yScan(url) {
     { id: 'h1-present',     impact: 'moderate', test: () => !/<h1[^>]*>/i.test(html),                         pass: 'H1 heading present',      desc: 'Page should have H1' },
     { id: 'link-text',      impact: 'serious',  test: () => /<a[^>]*>\s*<\/a>/i.test(html),                  pass: 'Links have text',         desc: 'Links must have discernible text' },
     { id: 'form-labels',    impact: 'critical', test: () => /<input(?![^>]*(?:aria-label|aria-labelledby|id=))[^>]*type=(?!"hidden")[^>]*>/i.test(html), pass: 'Form inputs have labels', desc: 'Form elements must have labels' },
-    // NEW v15
     { id: 'skip-nav',       impact: 'moderate', test: () => !/<a[^>]*href=["']#(?:main|content|skip)[^"']*["']/i.test(html), pass: 'Skip nav link', desc: 'Page should have skip navigation link' },
     { id: 'table-headers',  impact: 'serious',  test: () => /<table/i.test(html) && !/<th/i.test(html),      pass: 'Tables have headers',     desc: 'Tables must have header cells' },
     { id: 'input-purpose',  impact: 'serious',  test: () => /<input[^>]*type=["'](email|tel|name)[^"']*["']/i.test(html) && !/<input[^>]*autocomplete/i.test(html), pass: 'Inputs have autocomplete', desc: 'Contact inputs should have autocomplete' },
@@ -1603,7 +1571,7 @@ async function runA11yScan(url) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  AI Bug Classifier v15 — Enhanced patterns
+//  AI Bug Classifier v15
 // ═══════════════════════════════════════════════════════════════════════════
 const SEV_PATTERNS = {
   P0: [/security|auth.*bypass|sql.inject|xss|rce|exposed.*secret|password.*leak|critical|\.env.*exposed|git.*config.*exposed|database.*dump/i, /crash|fatal|500|server.*down|data.*loss|memory.*leak.*critical/i],
@@ -1647,7 +1615,7 @@ function classifyBug(bug) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  Terminal Dashboard v15 — Enhanced live display
+//  Terminal Dashboard v15
 // ═══════════════════════════════════════════════════════════════════════════
 class TerminalDashboard {
   #session; #lines = 0; #active = false; #timer = null;
@@ -1777,7 +1745,7 @@ class TerminalDashboard {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  HTML Report Builder v15 — Ultra Rich
+//  HTML Report Builder v15
 // ═══════════════════════════════════════════════════════════════════════════
 function buildHTMLReport(session) {
   const summary   = session.getSummary();
@@ -1799,14 +1767,6 @@ function buildHTMLReport(session) {
   const esc = (s) => String(s||'').replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;');
-  // ── Screenshot gallery ───────────────────────────────────────────────────
-  const screenshotsByType = {};
-  for (const sc of session.screenshots) {
-    const t = sc.type || 'other';
-    if (!screenshotsByType[t]) screenshotsByType[t] = [];
-    screenshotsByType[t].push(sc);
-  }
   const screenshotCards = session.screenshots.length
     ? session.screenshots.map(sc => {
         let imgTag = '';
@@ -1831,7 +1791,6 @@ function buildHTMLReport(session) {
       }).join('')
     : '<p class="no-data">No screenshots (Playwright not available)</p>';
-  // ── Test rows ─────────────────────────────────────────────────────────────
   const testRows = session.results.map(r => `
     <tr class="result-row" data-type="${r.type}" data-status="${r.status}">
       <td>${esc(r.name)}</td>
@@ -1842,7 +1801,6 @@ function buildHTMLReport(session) {
       <td class="err-cell">${r.message ? `<details><summary>Details</summary><pre>${esc(String(r.message).slice(0,500))}</pre></details>` : '✓'}</td>
     </tr>`).join('');
-  // ── Bug cards ─────────────────────────────────────────────────────────────
   const bugCards = session.bugs.length
     ? session.bugs.map(b => `
     <div class="bug-card sev-border-${(b.aiSeverity||b.severity||'p3').toLowerCase()}" data-severity="${b.aiSeverity||b.severity}">
@@ -1859,7 +1817,6 @@ function buildHTMLReport(session) {
     </div>`).join('')
     : '<p class="no-data">No bugs detected 🎉</p>';
-  // ── Route rows ────────────────────────────────────────────────────────────
   const routeRows = session.routeMap.map(r => `
     <tr>
       <td><code class="url">${esc(r.url)}</code></td>
@@ -1870,7 +1827,6 @@ function buildHTMLReport(session) {
       <td>${r.error ? `<span class="fail">${esc(r.error)}</span>` : '✓'}</td>
     </tr>`).join('');
-  // ── Security rows ─────────────────────────────────────────────────────────
   const secRows = session.secFindings.map(f => `
     <tr class="${f.pass ? '' : 'fail-row'}">
       <td>${esc(f.check)}</td>
@@ -1881,7 +1837,6 @@ function buildHTMLReport(session) {
       <td>${f.recommendation ? `<span class="rec">${esc(f.recommendation)}</span>` : '–'}</td>
     </tr>`).join('');
-  // ── SEO section ───────────────────────────────────────────────────────────
   const seoSection = session.seoResults.map(r => `
     <div class="seo-page">
       <div class="seo-header">
@@ -1898,7 +1853,6 @@ function buildHTMLReport(session) {
       </table>
     </div>`).join('') || '<p class="no-data">No SEO scans</p>';
-  // ── A11y section ──────────────────────────────────────────────────────────
   const a11ySection = session.a11yResults.map(r => `
     <div class="a11y-page">
       <div class="a11y-header">
@@ -1912,7 +1866,6 @@ function buildHTMLReport(session) {
       </div>`).join('') || '<p class="no-data">No violations ✓</p>'}
     </div>`).join('') || '<p class="no-data">No accessibility scans</p>';
-  // ── Performance section ───────────────────────────────────────────────────
   const vitalCard = (name, value, threshold, unit) => {
     const na    = value === null || value === undefined;
     const pass2 = !na && value <= threshold;
@@ -1965,7 +1918,6 @@ function buildHTMLReport(session) {
     </div>`;
   }).join('') || '<p class="no-data">No performance data</p>';
-  // ── NEW v15: Load Test section ────────────────────────────────────────────
   const loadTestSection = session.loadTestResults.length
     ? session.loadTestResults.map(lt => `
     <div class="load-test-card ${lt.passed ? 'lt-pass' : 'lt-fail'}">
@@ -1980,9 +1932,8 @@ function buildHTMLReport(session) {
       <p style="color:#94a3b8;font-size:.8rem;margin-top:.75rem">${lt.requests} requests · ${lt.errors} errors · ${lt.timeouts} timeouts · ${formatDuration(lt.duration)}</p>
       <p style="color:#94a3b8;font-size:.78rem">Status codes: ${Object.entries(lt.responses||{}).map(([k,v]) => `${k}: ${v}`).join(', ')}</p>
     </div>`).join('')
-    : '<p class="no-data">Load test not run (use runUrlQA with loadTest:true)</p>';
+    : '<p class="no-data">Load test not run</p>';
-  // ── NEW v15: Viewport section ─────────────────────────────────────────────
   const vpSection = Object.keys(session.viewportResults || {}).length
     ? `<div class="viewport-grid">${Object.entries(session.viewportResults).map(([key, vp]) => `
       <div class="vp-card ${vp.passed ? '' : 'vp-fail'}">
@@ -1993,7 +1944,6 @@ function buildHTMLReport(session) {
       </div>`).join('')}</div>`
     : '<p class="no-data">No viewport tests (Playwright required)</p>';
-  // ── NEW v15: Broken links section ─────────────────────────────────────────
   const brokenLinksSection = session.brokenLinks.length
     ? session.brokenLinks.map(bl => `
     <div class="card" style="margin-bottom:1rem">
@@ -2009,7 +1959,6 @@ function buildHTMLReport(session) {
     </div>`).join('')
     : '<p class="no-data">No broken link scans run</p>';
-  // ── NEW v15: Cookie audit ─────────────────────────────────────────────────
   const cookieSection = session.cookieAudit.length
     ? session.cookieAudit.map(ca => `
     <div class="card" style="margin-bottom:1rem">
@@ -2027,7 +1976,6 @@ function buildHTMLReport(session) {
     </div>`).join('')
     : '<p class="no-data">No cookie audits</p>';
-  // ── NEW v15: Third-party scripts ──────────────────────────────────────────
   const thirdPartySection = session.thirdPartyScripts.length
     ? `<table>
       <thead><tr><th>Vendor</th><th>Domain</th><th>Count</th><th>URL</th></tr></thead>
@@ -2040,7 +1988,6 @@ function buildHTMLReport(session) {
     </table>`
     : '<p class="no-data">No third-party scripts detected</p>';
-  // ── NEW v15: User Flow section ────────────────────────────────────────────
   const userFlowSection = session.userFlowResults.length
     ? session.userFlowResults.map(f => `
     <div class="card" style="margin-bottom:1rem">
@@ -2057,7 +2004,6 @@ function buildHTMLReport(session) {
     </div>`).join('')
     : '<p class="no-data">No user flow simulations</p>';
-  // ── NEW v15: Memory section ───────────────────────────────────────────────
   const memorySection = session.memorySnapshots.length
     ? session.memorySnapshots.map(m => `
     <div class="card" style="margin-bottom:1rem">
@@ -2068,11 +2014,10 @@ function buildHTMLReport(session) {
         ${m.snapshots[0] ? vitalCard('Init Heap', Math.round(m.snapshots[0].used/1024/1024), 50, 'MB') : ''}
         ${m.snapshots[1] ? vitalCard('After Nav', Math.round(m.snapshots[1].used/1024/1024), 60, 'MB') : ''}
       </div>
-      ${m.hasLeak ? `<div class="bug-rec" style="margin-top:.75rem">⚠️ Possible memory leak: +${m.growthMB}MB after navigation. Check for event listener leaks and detached DOM nodes.</div>` : '<p style="color:#22c55e;margin-top:.75rem">✓ No significant memory growth detected</p>'}
+      ${m.hasLeak ? `<div class="bug-rec" style="margin-top:.75rem">⚠️ Possible memory leak: +${m.growthMB}MB after navigation.</div>` : '<p style="color:#22c55e;margin-top:.75rem">✓ No significant memory growth detected</p>'}
     </div>`).join('')
     : '<p class="no-data">No memory tests (Playwright required)</p>';
-  // ── NEW v15: Dark mode section ────────────────────────────────────────────
   const darkModeSection = session.darkModeResults.length
     ? session.darkModeResults.map(dm => `
     <div class="card" style="margin-bottom:1rem">
@@ -2082,11 +2027,10 @@ function buildHTMLReport(session) {
         <div class="mc"><div class="ml">Media Query Found</div><div class="mv" style="font-size:1.2rem;color:${dm.hasMediaQuery?'#22c55e':'#64748b'}">${dm.hasMediaQuery ? '✓' : '–'}</div></div>
         <div class="mc"><div class="ml">Background Changes</div><div class="mv" style="font-size:1.2rem;color:${dm.differentFromLight?'#22c55e':'#64748b'}">${dm.differentFromLight ? '✓' : '–'}</div></div>
       </div>
-      ${!dm.supportsDark ? `<div class="bug-rec">💡 Consider adding dark mode with <code>@media (prefers-color-scheme: dark)</code></div>` : ''}
+      ${!dm.supportsDark ? `<div class="bug-rec">💡 Add dark mode with <code>@media (prefers-color-scheme: dark)</code></div>` : ''}
     </div>`).join('')
     : '<p class="no-data">No dark mode tests (Playwright required)</p>';
-  // ── NEW v15: Redirect chains section ─────────────────────────────────────
   const redirectSection = session.redirectChains.length
     ? session.redirectChains.map(rc => `
     <div class="card" style="margin-bottom:1rem">
@@ -2104,7 +2048,6 @@ function buildHTMLReport(session) {
     </div>`).join('')
     : '<p class="no-data">No redirect chains analyzed</p>';
-  // ── Form tests section ────────────────────────────────────────────────────
   const formTestSection = session.formTests.length
     ? session.formTests.map(f => `
     <div class="card" style="margin-bottom:1rem">
@@ -2119,7 +2062,6 @@ function buildHTMLReport(session) {
     </div>`).join('')
     : '<p class="no-data">No forms found or Playwright not available</p>';
-  // ── Cache headers section ─────────────────────────────────────────────────
   const cacheSection = session.cacheHeaders.length
     ? `<table>
       <thead><tr><th>URL</th><th>Cache-Control</th><th>ETag</th><th>Max-Age</th><th>CDN Cache</th><th>Status</th></tr></thead>
@@ -2134,7 +2076,6 @@ function buildHTMLReport(session) {
     </table>`
     : '<p class="no-data">No cache audits</p>';
-  // ── Error pages section ───────────────────────────────────────────────────
   const errorPageSection = session.errorPageTests.length
     ? `<table>
       <thead><tr><th>Test</th><th>Actual Status</th><th>Custom Page</th><th>Status</th></tr></thead>
@@ -2147,7 +2088,6 @@ function buildHTMLReport(session) {
     </table>`
     : '<p class="no-data">No error page tests</p>';
-  // ── Console errors table ──────────────────────────────────────────────────
   const consoleSection = session.consoleErrors.length
     ? `<table>
         <thead><tr><th>Type</th><th>Message</th><th>URL</th></tr></thead>
@@ -2159,7 +2099,6 @@ function buildHTMLReport(session) {
       </table>`
     : '<p class="no-data">No console errors 🎉</p>';
-  // ── Network failures table ────────────────────────────────────────────────
   const networkSection = session.networkLog.length
     ? `<table>
         <thead><tr><th>URL</th><th>Method</th><th>Failure</th></tr></thead>
@@ -2171,7 +2110,6 @@ function buildHTMLReport(session) {
       </table>`
     : '<p class="no-data">No network failures 🎉</p>';
-  // Mixed content
   const mixedContentSection = session.mixedContentIssues.length
     ? `<table>
         <thead><tr><th>URL</th><th>Issue</th></tr></thead>
@@ -2201,7 +2139,7 @@ function buildHTMLReport(session) {
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width,initial-scale=1">
-<title>Backlist QA v15 Report — ${esc(session.id)}</title>
+<title>Backlist QA v${VERSION} Report — ${esc(session.id)}</title>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.js"></script>
 <style>
 @import url('https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&family=Syne:wght@400;600;700;800&display=swap');
@@ -2309,7 +2247,7 @@ footer{text-align:center;color:var(--dim);font-size:.68rem;padding:2rem;border-t
 <body>
 <header>
   <div>
-    <div class="logo">⚡ Backlist Enterprise QA v15</div>
+    <div class="logo">⚡ Backlist Enterprise QA v${VERSION}</div>
     <div class="header-meta">
       Run: ${esc(session.id)} · ${new Date(session.startedAt).toLocaleString()} · ${formatDuration(summary.duration)} · v${VERSION}
     </div>
@@ -2349,7 +2287,6 @@ footer{text-align:center;color:var(--dim);font-size:.68rem;padding:2rem;border-t
 ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Browser Mode</strong> — Screenshots, Web Vitals, DOM tests, Interactions, User Flow, Memory, Dark Mode, All Viewports</div>' : ''}
 <div class="real-banner">✅ <strong>100% Real Runtime Data</strong> — All results from actual HTTP requests and live Chromium browser testing.</div>
-<!-- OVERVIEW -->
 <div id="tab-overview" class="tab-panel active">
   ${urlsStr ? `<div class="card"><div class="card-title">Target URLs</div>${urlsStr}</div>` : ''}
   <div class="metrics">
@@ -2376,7 +2313,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- SCREENSHOTS -->
 <div id="tab-screenshots" class="tab-panel">
   <div class="card">
     <div class="card-title">Browser Screenshots <span>${session.screenshots.length} captured (${vpCount} viewports + dark mode)</span></div>
@@ -2384,7 +2320,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- VIEWPORTS -->
 <div id="tab-viewports" class="tab-panel">
   <div class="card">
     <div class="card-title">Multi-Viewport Testing <span>${vpCount} viewports</span></div>
@@ -2392,7 +2327,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- TESTS -->
 <div id="tab-tests" class="tab-panel">
   <div class="search-bar">
     <input type="text" id="testSearch" placeholder="Search tests..." onkeyup="filterTests()">
@@ -2415,7 +2349,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- BUGS -->
 <div id="tab-bugs" class="tab-panel">
   <div class="search-bar">
     <input type="text" id="bugSearch" placeholder="Search bugs..." onkeyup="filterBugs()">
@@ -2432,7 +2365,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   <div id="bugList">${bugCards}</div>
 </div>
-<!-- ROUTES -->
 <div id="tab-routes" class="tab-panel">
   <div class="card">
     <div class="card-title">Discovered Routes <span>${session.routeMap.length} pages/APIs</span></div>
@@ -2443,7 +2375,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- SECURITY -->
 <div id="tab-security" class="tab-panel">
   <div class="card">
     <div class="card-title">Security Scan <span>${session.secFindings.length} checks · ${session.secFindings.filter(f=>!f.pass).length} issues</span></div>
@@ -2454,73 +2385,61 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- PERFORMANCE -->
 <div id="tab-performance" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Performance — Real Web Vitals (Playwright Chromium)</div>
   ${perfSection}
 </div>
-<!-- LOAD TEST -->
 <div id="tab-loadtest" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Load Testing — Concurrent Requests</div>
   ${loadTestSection}
 </div>
-<!-- A11Y -->
 <div id="tab-a11y" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Accessibility — WCAG 2.1 HTML Analysis (15 rules)</div>
   ${a11ySection}
 </div>
-<!-- SEO -->
 <div id="tab-seo" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">SEO Analysis — Googlebot User-Agent (21 checks)</div>
   ${seoSection}
 </div>
-<!-- DARK MODE -->
 <div id="tab-darkmode" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Dark Mode Testing</div>
   ${darkModeSection}
 </div>
-<!-- USER FLOW -->
 <div id="tab-userflow" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">User Flow Simulation</div>
   ${userFlowSection}
 </div>
-<!-- FORMS -->
 <div id="tab-forms" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Form Testing</div>
   ${formTestSection}
 </div>
-<!-- COOKIES -->
 <div id="tab-cookies" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Cookie Security Audit</div>
   ${cookieSection}
 </div>
-<!-- MEMORY -->
 <div id="tab-memory" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Memory Leak Detection</div>
   ${memorySection}
 </div>
-<!-- BROKEN LINKS -->
 <div id="tab-brokenlinks" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Broken Link Scanner</div>
   ${brokenLinksSection}
 </div>
-<!-- REDIRECTS -->
 <div id="tab-redirects" class="tab-panel">
   <div class="card-title" style="padding:.5rem 0 1rem">Redirect Chain Analysis</div>
   ${redirectSection}
 </div>
-<!-- THIRD PARTY -->
 <div id="tab-thirdparty" class="tab-panel">
   <div class="card">
     <div class="card-title">Third-Party Script Audit <span>${session.thirdPartyScripts.length} external scripts</span></div>
@@ -2528,7 +2447,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- CACHE -->
 <div id="tab-cache" class="tab-panel">
   <div class="card">
     <div class="card-title">Cache Headers Audit</div>
@@ -2536,7 +2454,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- ERROR PAGES -->
 <div id="tab-errorpages" class="tab-panel">
   <div class="card">
     <div class="card-title">Error Page Testing</div>
@@ -2544,7 +2461,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- MIXED CONTENT -->
 <div id="tab-mixed" class="tab-panel">
   <div class="card">
     <div class="card-title">Mixed Content Issues</div>
@@ -2552,7 +2468,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- CONSOLE -->
 <div id="tab-console" class="tab-panel">
   <div class="card">
     <div class="card-title">Console Errors &amp; Warnings <span>${session.consoleErrors.length} entries</span></div>
@@ -2560,7 +2475,6 @@ ${session.playwrightMode ? '<div class="pw-banner">🎭 <strong>BACKLIST Real Br
   </div>
 </div>
-<!-- NETWORK -->
 <div id="tab-network" class="tab-panel">
   <div class="card">
     <div class="card-title">Network Failures <span>${session.networkLog.length} failures</span></div>
@@ -2626,7 +2540,7 @@ async function runQAEngine(session, opts = {}) {
   };
   try {
-    // ── Phase 1: Discovery ───────────────────────────────────────────────
+    // Phase 1: Discovery
     dash.setPhase('🔍 Phase 1: Route Discovery & Crawling');
     for (const [label, url] of Object.entries(session.urls)) {
       if (!url) continue;
@@ -2644,7 +2558,7 @@ async function runQAEngine(session, opts = {}) {
         message: `Discovered ${routes.length} routes in ${Date.now()-t0}ms`, url, label });
     }
-    // ── Phase 2: Redirect Chain Analysis (v15) ───────────────────────────
+    // Phase 2: Redirect Chain Analysis
     dash.setPhase('↪ Phase 2: Redirect Chain Analysis');
     for (const [label, url] of Object.entries(session.urls)) {
       if (!url) continue;
@@ -2660,7 +2574,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 3: Playwright Real Browser ────────────────────────────────
+    // Phase 3: Playwright Real Browser
     dash.setPhase('🎭 Phase 3: Playwright Real Browser Tests');
     const chromium = await getPlaywright();
@@ -2698,7 +2612,6 @@ async function runQAEngine(session, opts = {}) {
             if (!i.pass) session.addBug({ title: `Interaction Failed: ${i.name}`, severity: 'P2', type: 'javascript', url, evidence: { value: i.value } });
           }
-          // Viewport results
           for (const [vk, vp] of Object.entries(pw.viewportResults || {})) {
             if (!vp.error) {
               addResult({ name: `Viewport: ${vp.label}`, type: 'viewport',
@@ -2707,7 +2620,6 @@ async function runQAEngine(session, opts = {}) {
             }
           }
-          // User flow
           if (pw.userFlow?.steps) {
             for (const step of pw.userFlow.steps) {
               addResult({ name: `Flow: ${step.name}`, type: 'user-flow',
@@ -2715,14 +2627,12 @@ async function runQAEngine(session, opts = {}) {
             }
           }
-          // Dark mode
           if (pw.darkMode && !pw.darkMode.error) {
             addResult({ name: `[${label}] Dark Mode Support`, type: 'dark-mode',
               status: pw.darkMode.supportsDark ? 'PASS' : 'FAIL',
               message: pw.darkMode.supportsDark ? 'prefers-color-scheme supported' : 'No dark mode support', url, label });
           }
-          // Memory
           if (pw.memoryLeak) {
             addResult({ name: `[${label}] Memory Leak Check`, type: 'memory',
               status: pw.memoryLeak.hasLeak ? 'FAIL' : 'PASS',
@@ -2730,39 +2640,33 @@ async function runQAEngine(session, opts = {}) {
             if (pw.memoryLeak.hasLeak) session.addBug({ title: `Memory leak: +${pw.memoryLeak.growthMB}MB`, severity: pw.memoryLeak.severity, type: 'performance', url, evidence: pw.memoryLeak });
           }
-          // Form tests
           for (const f of pw.forms || []) {
             addResult({ name: `Form #${f.formIndex+1}: ${f.action||'self'}`, type: 'form',
               status: f.passed ? 'PASS' : 'FAIL', message: (f.issues||[]).join(', ') || 'OK', url, label });
           }
-          // Third-party
           if (pw.thirdParty?.length > 0) {
             addResult({ name: `[${label}] Third-party scripts`, type: 'third-party',
               status: 'PASS', message: `${pw.thirdParty.length} external scripts: ${pw.thirdParty.map(t=>t.vendor).join(', ')}`, url, label });
           }
-          // JS errors
           for (const err of pw.jsErrors || []) {
             addResult({ name: `JS Error: ${err.message?.slice(0,60)}`, type: 'javascript',
               status: 'FAIL', message: err.message, url, label, severity: 'P2' });
             session.addBug({ title: `JS Error: ${err.message?.slice(0,80)}`, severity: 'P2', type: 'javascript', url, evidence: { message: err.message } });
           }
-          // Network failures
           for (const fail of pw.networkFails || []) {
             addResult({ name: `Network Fail: ${fail.url?.split('/').pop()?.slice(0,40)}`, type: 'network',
               status: 'FAIL', message: fail.failure || `HTTP ${fail.status}`, url: fail.url, label });
             session.addBug({ title: `Network Failure: ${fail.url?.split('/').pop()}`, severity: fail.status >= 500 ? 'P1' : 'P2', type: 'network', url: fail.url });
           }
-          // Mixed content
           for (const mc of pw.mixedContent || []) {
             addResult({ name: `Mixed Content`, type: 'security', status: 'FAIL', message: mc, url, label });
             session.addBug({ title: `Mixed Content detected`, severity: 'P1', type: 'security', url, evidence: { text: mc } });
           }
-          // Web Vitals
           const { lcp, fcp, cls, tbt, ttfb } = pw.vitals || {};
           const vitalTests = [
             { name: 'TTFB', val: ttfb || pw.vitals?.ttfb, threshold: 800 },
@@ -2807,7 +2711,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 4: API Validation ──────────────────────────────────────────
+    // Phase 4: API Validation
     dash.setPhase('📡 Phase 4: API Validation & Contract Testing');
     const apiRoutes = session.routeMap.filter(r => r.type === 'api' || r.url?.includes('/api/'));
     dash.log(`Validating ${apiRoutes.length} API endpoints...`);
@@ -2824,7 +2728,7 @@ async function runQAEngine(session, opts = {}) {
         description: contract.issues.join(', '), evidence: { status: contract.status, issues: contract.issues } });
     }
-    // ── Phase 5: Security ────────────────────────────────────────────────
+    // Phase 5: Security
     dash.setPhase('🛡️  Phase 5: Security Scan (20+ checks)');
     for (const [label, url] of Object.entries(session.urls)) {
       if (!url) continue;
@@ -2841,7 +2745,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 6: Cookie Audit (v15) ──────────────────────────────────────
+    // Phase 6: Cookie Audit
     dash.setPhase('🍪 Phase 6: Cookie Security Audit');
     for (const [label, url] of Object.entries(session.urls)) {
       if (!url) continue;
@@ -2858,7 +2762,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 7: Cache Headers (v15) ─────────────────────────────────────
+    // Phase 7: Cache Headers
     dash.setPhase('💾 Phase 7: Cache Headers Audit');
     for (const [label, url] of Object.entries(session.urls)) {
       if (!url) continue;
@@ -2869,7 +2773,7 @@ async function runQAEngine(session, opts = {}) {
         message: cacheResult.cacheControl || 'No cache headers', url, label });
     }
-    // ── Phase 8: Broken Links (v15) ──────────────────────────────────────
+    // Phase 8: Broken Links
     dash.setPhase('🔗 Phase 8: Broken Link Scanner');
     const pageRoutes8 = session.routeMap.filter(r => r.type === 'page').slice(0, 5);
     for (const route of pageRoutes8) {
@@ -2885,7 +2789,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 9: Error Pages (v15) ───────────────────────────────────────
+    // Phase 9: Error Pages
     dash.setPhase('🚫 Phase 9: Error Page Testing');
     for (const [label, url] of Object.entries(session.urls)) {
       if (!url) continue;
@@ -2898,7 +2802,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 10: Accessibility ──────────────────────────────────────────
+    // Phase 10: Accessibility
     dash.setPhase('♿ Phase 10: Accessibility Check (WCAG 2.1)');
     const pageRoutes10 = session.routeMap.filter(r => r.type === 'page' || r.type === 'auth').slice(0, 10);
     for (const route of pageRoutes10) {
@@ -2915,7 +2819,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 11: SEO ────────────────────────────────────────────────────
+    // Phase 11: SEO
     dash.setPhase('🔎 Phase 11: SEO Validation (21 checks)');
     const seoRoutes = session.routeMap.filter(r => r.type === 'page').slice(0, 10);
     for (const route of seoRoutes) {
@@ -2929,7 +2833,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 12: Load Test (v15) ────────────────────────────────────────
+    // Phase 12: Load Test
     if (opts.loadTest !== false) {
       dash.setPhase('🔥 Phase 12: Load Testing');
       for (const [label, url] of Object.entries(session.urls)) {
@@ -2946,7 +2850,7 @@ async function runQAEngine(session, opts = {}) {
       }
     }
-    // ── Phase 13: HTTP Version (v15) ─────────────────────────────────────
+    // Phase 13: HTTP Version
     dash.setPhase('🌐 Phase 13: HTTP Version & Protocol Check');
     for (const [label, url] of Object.entries(session.urls)) {
       if (!url) continue;
@@ -2956,7 +2860,7 @@ async function runQAEngine(session, opts = {}) {
         status: http.isHTTPS ? 'PASS' : 'FAIL', message: http.isHTTPS ? 'HTTPS in use' : 'HTTP only', url, label });
     }
-    // ── Phase 14: AI Classification ──────────────────────────────────────
+    // Phase 14: AI Classification
     dash.setPhase('🤖 Phase 14: AI Bug Classification');
     dash.log(`Classifying ${session.bugs.length} bugs...`);
     for (const bug of session.bugs) {
@@ -3045,7 +2949,7 @@ async function saveToHistory(session, htmlPath, jsonPath) {
 }
 // ═══════════════════════════════════════════════════════════════════════════
-//  Public API — runUrlQA (main entry point)
+//  Public API
 // ═══════════════════════════════════════════════════════════════════════════
 export async function runUrlQA({ localUrl, stagingUrl, prodUrl, loadTest = true } = {}) {
   const urls = {};