qa360 1.0.4 → 1.1.0

package/dist/commands/history.js

@@ -6,7 +6,7 @@ import { Command } from 'commander';
 import { existsSync, createWriteStream } from 'fs';
 import { join } from 'path';
 import chalk from 'chalk';
-import { EvidenceVault } from 'qa360-core';
+import { EvidenceVault } from '../core/index.js';
 export class QA360History {
     vault;
     constructor() { }

package/dist/commands/pack.js

@@ -7,7 +7,7 @@ import { join } from 'path';
 import chalk from 'chalk';
 import ora from 'ora';
 import * as yaml from 'js-yaml';
-import { PackValidator, PackMigrator } from 'qa360-core';
+import { PackValidator, PackMigrator } from '../core/index.js';
 export class QA360Pack {
     qa360Dir = join(process.cwd(), '.qa360');
     packPath = join(this.qa360Dir, 'pack.yml');

package/dist/commands/run.d.ts

@@ -6,7 +6,7 @@
  *   qa360 run --output ./results
  *   qa360 run --verbose
  */
-import { type Phase3RunResult, type PackConfigV1 } from 'qa360-core';
+import { type Phase3RunResult, type PackConfigV1 } from '../core/index.js';
 /**
  * CLI options for run command
  */

package/dist/commands/run.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,EAAgB,KAAK,eAAe,EAAkC,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AAEnH;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAwBtE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CA0BrD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,eAAe,GAAG,IAAI,CA8B5D;AAED;;GAEG;AACH,wBAAsB,UAAU,CAC9B,OAAO,CAAC,EAAE,MAAM,EAChB,OAAO,GAAE,UAAe,GACvB,OAAO,CAAC,IAAI,CAAC,CAiDf;AAGD,eAAe,UAAU,CAAC"}
+{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,EAAgB,KAAK,eAAe,EAAkC,KAAK,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEzH;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAwBtE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CA0BrD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,eAAe,GAAG,IAAI,CA8B5D;AAED;;GAEG;AACH,wBAAsB,UAAU,CAC9B,OAAO,CAAC,EAAE,MAAM,EAChB,OAAO,GAAE,UAAe,GACvB,OAAO,CAAC,IAAI,CAAC,CAiDf;AAGD,eAAe,UAAU,CAAC"}

package/dist/commands/run.js

@@ -10,7 +10,7 @@ import { existsSync, readFileSync } from 'fs';
 import { join, resolve } from 'path';
 import chalk from 'chalk';
 import { load } from 'js-yaml';
-import { Phase3Runner, PackValidator } from 'qa360-core';
+import { Phase3Runner, PackValidator } from '../core/index.js';
 /**
  * Load and validate pack configuration
  */

package/dist/commands/secrets.js

@@ -5,7 +5,7 @@
 import chalk from 'chalk';
 import ora from 'ora';
 import inquirer from 'inquirer';
-import { SecretsManager, SecretsCrypto } from 'qa360-core';
+import { SecretsManager, SecretsCrypto } from '../core/index.js';
 export class QA360Secrets {
     manager;
     constructor() {

package/dist/commands/serve.js

@@ -3,7 +3,7 @@
  * Démarre le serveur d'observabilité
  */
 import { Command } from 'commander';
-import { QA360Server } from 'qa360-core';
+import { QA360Server } from '../core/index.js';
 export function createServeCommand() {
     return new Command('serve')
         .description('Start QA360 observability server')

package/dist/commands/verify.js

@@ -14,7 +14,7 @@ import { readFileSync, existsSync, readdirSync, statSync } from 'fs';
 import { join, resolve, basename } from 'path';
 import chalk from 'chalk';
 // Import from core
-import { verifyProofFile, verifyPhase3Proof, VerificationCode, } from 'qa360-core';
+import { verifyProofFile, verifyPhase3Proof, VerificationCode, } from '../core/index.js';
 /**
  * Format verification result for human-readable output
  */

package/dist/core/adapters/gitleaks-secrets.d.ts

@@ -0,0 +1,115 @@
+/**
+ * QA360 Gitleaks Secrets Adapter (Sécurité Réelle)
+ * Scan for hardcoded secrets in source code
+ */
+import { PackSecurity } from '../types/pack-v1.js';
+export interface GitleaksConfig {
+    workingDir: string;
+    security?: PackSecurity;
+    timeout?: number;
+    excludePaths?: string[];
+    configFile?: string;
+    verbose?: boolean;
+}
+export interface GitleaksFinding {
+    Description: string;
+    StartLine: number;
+    EndLine: number;
+    StartColumn: number;
+    EndColumn: number;
+    Match: string;
+    Secret: string;
+    File: string;
+    SymlinkFile: string;
+    Commit: string;
+    Entropy: number;
+    Author: string;
+    Email: string;
+    Date: string;
+    Message: string;
+    Tags: string[];
+    RuleID: string;
+    Fingerprint: string;
+}
+export interface GitleaksScanResult {
+    success: boolean;
+    findings: GitleaksFinding[];
+    summary: {
+        total: number;
+        by_rule: Record<string, number>;
+        by_file: Record<string, number>;
+        high_entropy: number;
+    };
+    budgetCheck: {
+        findings_passed: boolean;
+    };
+    scannedPath: string;
+    error?: string;
+    rawOutput?: string;
+    junit?: string;
+    errorCode?: string;
+}
+export declare class GitleaksSecretsAdapter {
+    private redactor;
+    private workingDir;
+    constructor(workingDir?: string);
+    /**
+     * Execute Gitleaks secrets scan
+     */
+    runSecretsScan(config: GitleaksConfig): Promise<GitleaksScanResult>;
+    /**
+     * Prepare gitleaks configuration
+     */
+    private prepareConfig;
+    /**
+     * Generate TOML config from object
+     */
+    private generateTomlConfig;
+    /**
+     * Execute gitleaks scanner
+     */
+    private executeGitleaks;
+    /**
+     * Parse gitleaks results
+     */
+    private parseGitleaksResults;
+    /**
+     * Fallback mock scan when gitleaks not available
+     */
+    private fallbackMockScan;
+    /**
+     * Calculate findings summary
+     */
+    private calculateSummary;
+    /**
+     * Generate budget check based on security config
+     */
+    private generateBudgetCheck;
+    /**
+     * Get empty summary structure
+     */
+    private getEmptySummary;
+    /**
+     * Get default budget check structure
+     */
+    private getDefaultBudgetCheck;
+    /**
+     * Generate JUnit XML report
+     */
+    private generateJUnit;
+    /**
+     * Validate gitleaks scan configuration
+     */
+    static validateConfig(config: GitleaksConfig): {
+        valid: boolean;
+        errors: string[];
+    };
+    /**
+     * Check if Gitleaks is available
+     */
+    static isAvailable(): Promise<{
+        available: boolean;
+        error?: string;
+    }>;
+}
+//# sourceMappingURL=gitleaks-secrets.d.ts.map

package/dist/core/adapters/gitleaks-secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gitleaks-secrets.d.ts","sourceRoot":"","sources":["../../../src/core/adapters/gitleaks-secrets.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGnD,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChC,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,WAAW,EAAE;QACX,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,UAAU,CAAS;gBAEf,UAAU,GAAE,MAAsB;IAK9C;;OAEG;IACG,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAkCzE;;OAEG;YACW,aAAa;IA+D3B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAmD1B;;OAEG;YACW,eAAe;IA+E7B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAgD5B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAexB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA0BxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAQ3B;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAM7B;;OAEG;IACH,OAAO,CAAC,aAAa;IAyBrB;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE;IAqBnF;;OAEG;WACU,WAAW,IAAI,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CA2B5E"}

package/dist/core/adapters/gitleaks-secrets.js

@@ -0,0 +1,410 @@
+/**
+ * QA360 Gitleaks Secrets Adapter (Sécurité Réelle)
+ * Scan for hardcoded secrets in source code
+ */
+import { spawn } from 'child_process';
+import { existsSync, writeFileSync, unlinkSync } from 'fs';
+import { join } from 'path';
+import { SecurityRedactor } from '../security/redactor.js';
+export class GitleaksSecretsAdapter {
+    redactor;
+    workingDir;
+    constructor(workingDir = process.cwd()) {
+        this.redactor = SecurityRedactor.forLogs();
+        this.workingDir = workingDir;
+    }
+    /**
+     * Execute Gitleaks secrets scan
+     */
+    async runSecretsScan(config) {
+        try {
+            console.log('🔍 Running Gitleaks secrets scan');
+            // Generate gitleaks config if needed
+            const configPath = await this.prepareConfig(config);
+            // Execute gitleaks
+            const result = await this.executeGitleaks(configPath, config);
+            // Cleanup temp config
+            if (configPath && configPath.includes('gitleaks-temp')) {
+                try {
+                    unlinkSync(configPath);
+                }
+                catch {
+                    // Ignore cleanup errors
+                }
+            }
+            return result;
+        }
+        catch (error) {
+            return {
+                success: false,
+                findings: [],
+                summary: this.getEmptySummary(),
+                budgetCheck: this.getDefaultBudgetCheck(),
+                scannedPath: config.workingDir,
+                error: this.redactor.redact(error instanceof Error ? error.message : 'Unknown error'),
+                errorCode: 'GL099'
+            };
+        }
+    }
+    /**
+     * Prepare gitleaks configuration
+     */
+    async prepareConfig(config) {
+        if (config.configFile && existsSync(config.configFile)) {
+            return config.configFile;
+        }
+        // Generate default config with QA360 exclusions
+        const gitleaksConfig = {
+            title: 'QA360 Gitleaks Config',
+            extend: {
+                useDefault: true
+            },
+            allowlist: {
+                description: 'QA360 allowlist',
+                paths: [
+                    '.qa360/**',
+                    'node_modules/**',
+                    'dist/**',
+                    'build/**',
+                    'coverage/**',
+                    '**/*.min.js',
+                    '**/*.map',
+                    ...(config.excludePaths || [])
+                ],
+                regexes: [
+                    'example',
+                    'test.*key',
+                    'dummy.*secret',
+                    'placeholder',
+                    'YOUR_.*_HERE'
+                ]
+            },
+            rules: [
+                {
+                    id: 'generic-api-key',
+                    description: 'Generic API Key',
+                    regex: '(?i)\\b[a-z0-9]{32,}\\b',
+                    entropy: 3.5,
+                    keywords: ['api', 'key', 'token']
+                },
+                {
+                    id: 'jwt-token',
+                    description: 'JWT Token',
+                    regex: 'eyJ[A-Za-z0-9_/+-]*\\.eyJ[A-Za-z0-9_/+-]*\\.[A-Za-z0-9_/+-]*',
+                    keywords: ['jwt', 'token']
+                },
+                {
+                    id: 'private-key',
+                    description: 'Private Key',
+                    regex: '-----BEGIN [A-Z]+ PRIVATE KEY-----',
+                    keywords: ['private', 'key']
+                }
+            ]
+        };
+        const configPath = join(config.workingDir, 'gitleaks-temp.toml');
+        // Convert to TOML format (simplified)
+        const tomlConfig = this.generateTomlConfig(gitleaksConfig);
+        writeFileSync(configPath, tomlConfig);
+        return configPath;
+    }
+    /**
+     * Generate TOML config from object
+     */
+    generateTomlConfig(config) {
+        let toml = `title = "${config.title}"\n\n`;
+        if (config.extend?.useDefault) {
+            toml += '[extend]\nuseDefault = true\n\n';
+        }
+        if (config.allowlist) {
+            toml += '[allowlist]\n';
+            toml += `description = "${config.allowlist.description}"\n`;
+            if (config.allowlist.paths) {
+                toml += 'paths = [\n';
+                for (const path of config.allowlist.paths) {
+                    toml += `  "${path}",\n`;
+                }
+                toml += ']\n';
+            }
+            if (config.allowlist.regexes) {
+                toml += 'regexes = [\n';
+                for (const regex of config.allowlist.regexes) {
+                    toml += `  "${regex}",\n`;
+                }
+                toml += ']\n\n';
+            }
+        }
+        if (config.rules) {
+            for (const rule of config.rules) {
+                toml += `[[rules]]\n`;
+                toml += `id = "${rule.id}"\n`;
+                toml += `description = "${rule.description}"\n`;
+                toml += `regex = '''${rule.regex}'''\n`;
+                if (rule.entropy) {
+                    toml += `entropy = ${rule.entropy}\n`;
+                }
+                if (rule.keywords) {
+                    toml += 'keywords = [\n';
+                    for (const keyword of rule.keywords) {
+                        toml += `  "${keyword}",\n`;
+                    }
+                    toml += ']\n';
+                }
+                toml += '\n';
+            }
+        }
+        return toml;
+    }
+    /**
+     * Execute gitleaks scanner
+     */
+    async executeGitleaks(configPath, config) {
+        return new Promise((resolve) => {
+            let output = '';
+            let error = '';
+            const args = [
+                'detect',
+                '--source', config.workingDir,
+                '--report-format', 'json',
+                '--no-git'
+            ];
+            if (configPath) {
+                args.push('--config', configPath);
+            }
+            if (config.verbose) {
+                args.push('--verbose');
+            }
+            const child = spawn('gitleaks', args, {
+                cwd: config.workingDir,
+                stdio: ['ignore', 'pipe', 'pipe']
+            });
+            const timeout = setTimeout(() => {
+                child.kill('SIGKILL');
+                resolve({
+                    success: false,
+                    findings: [],
+                    summary: this.getEmptySummary(),
+                    budgetCheck: this.getDefaultBudgetCheck(),
+                    scannedPath: config.workingDir,
+                    error: `Gitleaks scan timed out after ${config.timeout || 120000}ms`,
+                    errorCode: 'GL001'
+                });
+            }, config.timeout || 120000);
+            if (child.stdout) {
+                child.stdout.on('data', (data) => {
+                    output += data.toString();
+                });
+            }
+            if (child.stderr) {
+                child.stderr.on('data', (data) => {
+                    error += data.toString();
+                });
+            }
+            child.on('close', (code) => {
+                clearTimeout(timeout);
+                if (code === 0 || code === 1) { // 0 = no secrets, 1 = secrets found
+                    const result = this.parseGitleaksResults(output, config);
+                    resolve(result);
+                }
+                else {
+                    resolve({
+                        success: false,
+                        findings: [],
+                        summary: this.getEmptySummary(),
+                        budgetCheck: this.getDefaultBudgetCheck(),
+                        scannedPath: config.workingDir,
+                        error: this.redactor.redact(error || `Gitleaks exited with code ${code}`),
+                        rawOutput: this.redactor.redact(output),
+                        errorCode: 'GL002'
+                    });
+                }
+            });
+            child.on('error', (err) => {
+                clearTimeout(timeout);
+                // Fallback to mock scan
+                resolve(this.fallbackMockScan(config));
+            });
+        });
+    }
+    /**
+     * Parse gitleaks results
+     */
+    parseGitleaksResults(output, config) {
+        try {
+            let findings = [];
+            if (output.trim()) {
+                const data = JSON.parse(output);
+                findings = Array.isArray(data) ? data : [data];
+            }
+            // Redact sensitive information from findings
+            const redactedFindings = findings.map(finding => ({
+                ...finding,
+                Secret: this.redactor.redact(finding.Secret || ''),
+                Match: this.redactor.redact(finding.Match || ''),
+                Email: this.redactor.redact(finding.Email || ''),
+                Author: this.redactor.redact(finding.Author || '')
+            }));
+            const summary = this.calculateSummary(redactedFindings);
+            const budgetCheck = this.generateBudgetCheck(summary, config);
+            const success = budgetCheck.findings_passed;
+            const junit = this.generateJUnit(summary, success, config);
+            return {
+                success,
+                findings: redactedFindings,
+                summary,
+                budgetCheck,
+                scannedPath: config.workingDir,
+                rawOutput: this.redactor.redact(output),
+                junit
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                findings: [],
+                summary: this.getEmptySummary(),
+                budgetCheck: this.getDefaultBudgetCheck(),
+                scannedPath: config.workingDir,
+                error: `Failed to parse Gitleaks results: ${error}`,
+                rawOutput: this.redactor.redact(output),
+                errorCode: 'GL003'
+            };
+        }
+    }
+    /**
+     * Fallback mock scan when gitleaks not available
+     */
+    fallbackMockScan(config) {
+        console.log('⚠️  Gitleaks not found, using mock scan (install gitleaks for real scanning)');
+        return {
+            success: true,
+            findings: [],
+            summary: this.getEmptySummary(),
+            budgetCheck: this.getDefaultBudgetCheck(),
+            scannedPath: config.workingDir,
+            error: 'Gitleaks not available - install from https://github.com/gitleaks/gitleaks',
+            junit: this.generateJUnit(this.getEmptySummary(), true, config),
+            errorCode: 'GL004'
+        };
+    }
+    /**
+     * Calculate findings summary
+     */
+    calculateSummary(findings) {
+        const summary = {
+            total: findings.length,
+            by_rule: {},
+            by_file: {},
+            high_entropy: 0
+        };
+        for (const finding of findings) {
+            // Count by rule
+            const ruleId = finding.RuleID || 'unknown';
+            summary.by_rule[ruleId] = (summary.by_rule[ruleId] || 0) + 1;
+            // Count by file
+            const file = finding.File || 'unknown';
+            summary.by_file[file] = (summary.by_file[file] || 0) + 1;
+            // Count high entropy findings
+            if (finding.Entropy && finding.Entropy > 4.0) {
+                summary.high_entropy++;
+            }
+        }
+        return summary;
+    }
+    /**
+     * Generate budget check based on security config
+     */
+    generateBudgetCheck(summary, config) {
+        const secrets = config.security?.secrets;
+        return {
+            findings_passed: !secrets?.max_findings || summary.total <= secrets.max_findings
+        };
+    }
+    /**
+     * Get empty summary structure
+     */
+    getEmptySummary() {
+        return {
+            total: 0,
+            by_rule: {},
+            by_file: {},
+            high_entropy: 0
+        };
+    }
+    /**
+     * Get default budget check structure
+     */
+    getDefaultBudgetCheck() {
+        return {
+            findings_passed: true
+        };
+    }
+    /**
+     * Generate JUnit XML report
+     */
+    generateJUnit(summary, success, config) {
+        const timestamp = new Date().toISOString();
+        const duration = '0.1';
+        let junit = `<?xml version="1.0" encoding="UTF-8"?>
+<testsuite name="Gitleaks Secrets Scan" tests="1" failures="${success ? 0 : 1}" time="${duration}" timestamp="${timestamp}">
+  <testcase name="Secret Detection: ${config.workingDir}" time="${duration}">
+`;
+        if (!success) {
+            junit += `    <failure message="Secrets found in source code">
+Total findings: ${summary.total}
+High entropy: ${summary.high_entropy}
+Files affected: ${Object.keys(summary.by_file).length}
+Rules triggered: ${Object.keys(summary.by_rule).length}
+    </failure>
+`;
+        }
+        junit += `  </testcase>
+</testsuite>`;
+        return junit;
+    }
+    /**
+     * Validate gitleaks scan configuration
+     */
+    static validateConfig(config) {
+        const errors = [];
+        if (!config.workingDir) {
+            errors.push('Working directory is required');
+        }
+        if (!existsSync(config.workingDir)) {
+            errors.push(`Working directory does not exist: ${config.workingDir}`);
+        }
+        if (config.configFile && !existsSync(config.configFile)) {
+            errors.push(`Config file does not exist: ${config.configFile}`);
+        }
+        return {
+            valid: errors.length === 0,
+            errors
+        };
+    }
+    /**
+     * Check if Gitleaks is available
+     */
+    static async isAvailable() {
+        return new Promise((resolve) => {
+            const child = spawn('gitleaks', ['version'], { stdio: 'pipe' });
+            child.on('close', (code) => {
+                resolve({
+                    available: code === 0,
+                    error: code !== 0 ? 'gitleaks not found. Install from https://github.com/gitleaks/gitleaks' : undefined
+                });
+            });
+            child.on('error', () => {
+                resolve({
+                    available: false,
+                    error: 'gitleaks not found. Install from https://github.com/gitleaks/gitleaks'
+                });
+            });
+            setTimeout(() => {
+                child.kill();
+                resolve({
+                    available: false,
+                    error: 'gitleaks check timed out'
+                });
+            }, 5000);
+        });
+    }
+}

package/dist/core/adapters/k6-perf.d.ts

@@ -0,0 +1,86 @@
+/**
+ * QA360 k6 Performance Adapter (Socle OOTB)
+ * Short performance tests with P95 calculation
+ */
+import { PackBudgets } from '../types/pack-v1.js';
+export interface K6TestConfig {
+    baseUrl: string;
+    budgets?: PackBudgets;
+    duration?: string;
+    vus?: number;
+    timeout?: number;
+    scenarios?: Record<string, any>;
+}
+export interface K6TestResult {
+    success: boolean;
+    metrics: {
+        http_req_duration_p95: number;
+        http_req_duration_avg: number;
+        http_req_failed_rate: number;
+        http_reqs_total: number;
+        vus_max: number;
+        iterations: number;
+    };
+    thresholds: {
+        [key: string]: {
+            passed: boolean;
+            value: number;
+            threshold: string;
+        };
+    };
+    error?: string;
+    rawOutput?: string;
+    junit?: string;
+}
+export declare class K6PerfAdapter {
+    private redactor;
+    private workingDir;
+    constructor(workingDir?: string);
+    /**
+     * Execute k6 performance test
+     */
+    runPerfTest(config: K6TestConfig): Promise<K6TestResult>;
+    /**
+     * Generate k6 test script
+     */
+    private generateK6Script;
+    /**
+     * Execute k6 command
+     */
+    private executeK6;
+    /**
+     * Parse k6 results from output
+     */
+    private parseK6Results;
+    /**
+     * Parse metrics from text output
+     */
+    private parseTextMetrics;
+    /**
+     * Parse thresholds from text output
+     */
+    private parseTextThresholds;
+    /**
+     * Generate JUnit XML
+     */
+    private generateJUnit;
+    /**
+     * Get default metrics structure
+     */
+    private getDefaultMetrics;
+    /**
+     * Check if k6 is available
+     */
+    static isAvailable(): Promise<{
+        available: boolean;
+        error?: string;
+    }>;
+    /**
+     * Validate performance test configuration
+     */
+    static validateConfig(config: K6TestConfig): {
+        valid: boolean;
+        errors: string[];
+    };
+}
+//# sourceMappingURL=k6-perf.d.ts.map