npm - qa360 - Versions diffs - 1.0.4 → 1.1.0 - Mend

qa360 1.0.4 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/dist/commands/history.js +1 -1
package/dist/commands/pack.js +1 -1
package/dist/commands/run.d.ts +1 -1
package/dist/commands/run.d.ts.map +1 -1
package/dist/commands/run.js +1 -1
package/dist/commands/secrets.js +1 -1
package/dist/commands/serve.js +1 -1
package/dist/commands/verify.js +1 -1
package/dist/core/adapters/gitleaks-secrets.d.ts +115 -0
package/dist/core/adapters/gitleaks-secrets.d.ts.map +1 -0
package/dist/core/adapters/gitleaks-secrets.js +410 -0
package/dist/core/adapters/k6-perf.d.ts +86 -0
package/dist/core/adapters/k6-perf.d.ts.map +1 -0
package/dist/core/adapters/k6-perf.js +398 -0
package/dist/core/adapters/osv-deps.d.ts +124 -0
package/dist/core/adapters/osv-deps.d.ts.map +1 -0
package/dist/core/adapters/osv-deps.js +372 -0
package/dist/core/adapters/playwright-api.d.ts +82 -0
package/dist/core/adapters/playwright-api.d.ts.map +1 -0
package/dist/core/adapters/playwright-api.js +252 -0
package/dist/core/adapters/playwright-ui.d.ts +115 -0
package/dist/core/adapters/playwright-ui.d.ts.map +1 -0
package/dist/core/adapters/playwright-ui.js +346 -0
package/dist/core/adapters/semgrep-sast.d.ts +100 -0
package/dist/core/adapters/semgrep-sast.d.ts.map +1 -0
package/dist/core/adapters/semgrep-sast.js +322 -0
package/dist/core/adapters/zap-dast.d.ts +134 -0
package/dist/core/adapters/zap-dast.d.ts.map +1 -0
package/dist/core/adapters/zap-dast.js +424 -0
package/dist/core/hooks/compose.d.ts +62 -0
package/dist/core/hooks/compose.d.ts.map +1 -0
package/dist/core/hooks/compose.js +225 -0
package/dist/core/hooks/runner.d.ts +69 -0
package/dist/core/hooks/runner.d.ts.map +1 -0
package/dist/core/hooks/runner.js +303 -0
package/dist/core/index.d.ts +74 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +39 -0
package/dist/core/pack/migrator.d.ts +52 -0
package/dist/core/pack/migrator.d.ts.map +1 -0
package/dist/core/pack/migrator.js +304 -0
package/dist/core/pack/validator.d.ts +43 -0
package/dist/core/pack/validator.d.ts.map +1 -0
package/dist/core/pack/validator.js +292 -0
package/dist/core/proof/bundle.d.ts +138 -0
package/dist/core/proof/bundle.d.ts.map +1 -0
package/dist/core/proof/bundle.js +160 -0
package/dist/core/proof/canonicalize.d.ts +48 -0
package/dist/core/proof/canonicalize.d.ts.map +1 -0
package/dist/core/proof/canonicalize.js +105 -0
package/dist/core/proof/index.d.ts +14 -0
package/dist/core/proof/index.d.ts.map +1 -0
package/dist/core/proof/index.js +18 -0
package/dist/core/proof/schema.d.ts +218 -0
package/dist/core/proof/schema.d.ts.map +1 -0
package/dist/core/proof/schema.js +263 -0
package/dist/core/proof/signer.d.ts +112 -0
package/dist/core/proof/signer.d.ts.map +1 -0
package/dist/core/proof/signer.js +226 -0
package/dist/core/proof/verifier.d.ts +98 -0
package/dist/core/proof/verifier.d.ts.map +1 -0
package/dist/core/proof/verifier.js +302 -0
package/dist/core/runner/phase3-runner.d.ts +102 -0
package/dist/core/runner/phase3-runner.d.ts.map +1 -0
package/dist/core/runner/phase3-runner.js +471 -0
package/dist/core/secrets/crypto.d.ts +76 -0
package/dist/core/secrets/crypto.d.ts.map +1 -0
package/dist/core/secrets/crypto.js +225 -0
package/dist/core/secrets/manager.d.ts +77 -0
package/dist/core/secrets/manager.d.ts.map +1 -0
package/dist/core/secrets/manager.js +219 -0
package/dist/core/security/redaction-patterns-extended.d.ts +28 -0
package/dist/core/security/redaction-patterns-extended.d.ts.map +1 -0
package/dist/core/security/redaction-patterns-extended.js +247 -0
package/dist/core/security/redactor.d.ts +72 -0
package/dist/core/security/redactor.d.ts.map +1 -0
package/dist/core/security/redactor.js +279 -0
package/dist/core/serve/diagnostics-collector.d.ts +33 -0
package/dist/core/serve/diagnostics-collector.d.ts.map +1 -0
package/dist/core/serve/diagnostics-collector.js +149 -0
package/dist/core/serve/health-checker.d.ts +45 -0
package/dist/core/serve/health-checker.d.ts.map +1 -0
package/dist/core/serve/health-checker.js +219 -0
package/dist/core/serve/index.d.ts +9 -0
package/dist/core/serve/index.d.ts.map +1 -0
package/dist/core/serve/index.js +8 -0
package/dist/core/serve/metrics-collector.d.ts +25 -0
package/dist/core/serve/metrics-collector.d.ts.map +1 -0
package/dist/core/serve/metrics-collector.js +322 -0
package/dist/core/serve/process-manager.d.ts +37 -0
package/dist/core/serve/process-manager.d.ts.map +1 -0
package/dist/core/serve/process-manager.js +213 -0
package/dist/core/serve/server.d.ts +37 -0
package/dist/core/serve/server.d.ts.map +1 -0
package/dist/core/serve/server.js +191 -0
package/dist/core/types/pack-v1.d.ts +162 -0
package/dist/core/types/pack-v1.d.ts.map +1 -0
package/dist/core/types/pack-v1.js +5 -0
package/dist/core/types/trust-score.d.ts +70 -0
package/dist/core/types/trust-score.d.ts.map +1 -0
package/dist/core/types/trust-score.js +191 -0
package/dist/core/vault/cas.d.ts +87 -0
package/dist/core/vault/cas.d.ts.map +1 -0
package/dist/core/vault/cas.js +255 -0
package/dist/core/vault/index.d.ts +205 -0
package/dist/core/vault/index.d.ts.map +1 -0
package/dist/core/vault/index.js +631 -0
package/package.json +12 -6

package/dist/core/adapters/playwright-ui.js ADDED Viewed

@@ -0,0 +1,346 @@
+/**
+ * QA360 Playwright UI Adapter (Socle OOTB)
+ * UI smoke tests + accessibility via axe-core
+ */
+import { chromium } from '@playwright/test';
+import { SecurityRedactor } from '../security/redactor.js';
+export class PlaywrightUiAdapter {
+    browser;
+    context;
+    page;
+    redactor;
+    constructor() {
+        this.redactor = SecurityRedactor.forLogs();
+    }
+    /**
+     * Execute UI smoke tests with accessibility
+     */
+    async runSmokeTests(config) {
+        try {
+            await this.setupBrowser();
+            const results = [];
+            const pages = config.target.pages || [config.target.baseUrl];
+            console.log(`🖥️  Running UI smoke tests (${pages.length} pages)`);
+            // Optional login first
+            if (config.login) {
+                await this.performLogin(config.login);
+            }
+            for (const pageUrl of pages) {
+                const testResult = await this.testPage(pageUrl, config);
+                results.push(testResult);
+                if (testResult.success) {
+                    const a11yInfo = testResult.accessibility ?
+                        ` | A11y: ${testResult.accessibility.score}% (${testResult.accessibility.violations.length} issues)` : '';
+                    console.log(`  ✅ ${pageUrl} -> ${testResult.loadTime}ms${a11yInfo}`);
+                }
+                else {
+                    console.log(`  ❌ ${pageUrl} -> ${testResult.error}`);
+                }
+            }
+            const summary = this.calculateSummary(results);
+            const junit = this.generateJUnit(results);
+            return {
+                success: summary.failed === 0,
+                results,
+                summary,
+                junit
+            };
+        }
+        finally {
+            await this.cleanup();
+        }
+    }
+    /**
+     * Test single page with accessibility
+     */
+    async testPage(pageUrl, config) {
+        try {
+            const startTime = Date.now();
+            // Navigate to page
+            const response = await this.page.goto(pageUrl, {
+                timeout: config.timeout || 30000,
+                waitUntil: 'networkidle'
+            });
+            const loadTime = Date.now() - startTime;
+            if (!response || !response.ok()) {
+                return {
+                    page: pageUrl,
+                    success: false,
+                    loadTime,
+                    error: `HTTP ${response?.status() || 'unknown'}: Failed to load page`
+                };
+            }
+            // Take screenshot
+            const screenshot = await this.takeScreenshot(pageUrl);
+            // Get DOM snapshot
+            const domSnapshot = await this.getDomSnapshot();
+            // Run accessibility tests
+            const accessibility = await this.runAccessibilityTests(config.budgets);
+            // Check if accessibility meets budget
+            const a11yPassed = !config.budgets?.a11y_min ||
+                (accessibility?.score !== undefined && accessibility.score >= config.budgets.a11y_min);
+            return {
+                page: pageUrl,
+                success: a11yPassed,
+                loadTime,
+                screenshot,
+                accessibility,
+                domSnapshot,
+                error: a11yPassed ? undefined :
+                    `Accessibility score ${accessibility?.score || 0}% below budget ${config.budgets?.a11y_min}%`
+            };
+        }
+        catch (error) {
+            return {
+                page: pageUrl,
+                success: false,
+                loadTime: 0,
+                error: this.redactor.redact(error instanceof Error ? error.message : 'Unknown error')
+            };
+        }
+    }
+    /**
+     * Perform login if configured
+     */
+    async performLogin(login) {
+        if (!login || !login.username || !login.password) {
+            return;
+        }
+        console.log(`  🔐 Performing login...`);
+        const loginUrl = login.url || this.page.url();
+        await this.page.goto(loginUrl);
+        // Fill login form
+        const usernameSelector = login.usernameSelector ||
+            'input[name="username"], input[name="email"], input[type="email"], #username, #email';
+        const passwordSelector = login.passwordSelector ||
+            'input[name="password"], input[type="password"], #password';
+        const submitSelector = login.submitSelector ||
+            'button[type="submit"], input[type="submit"], button:has-text("Login"), button:has-text("Sign in")';
+        await this.page.fill(usernameSelector, login.username);
+        await this.page.fill(passwordSelector, login.password);
+        await this.page.click(submitSelector);
+        // Wait for navigation or login completion
+        try {
+            await this.page.waitForLoadState('networkidle', { timeout: 10000 });
+        }
+        catch {
+            // Continue even if navigation doesn't complete
+        }
+    }
+    /**
+     * Run accessibility tests using axe-core
+     */
+    async runAccessibilityTests(budgets) {
+        try {
+            // Inject axe-core
+            await this.page.addScriptTag({
+                url: 'https://unpkg.com/axe-core@4.8.2/axe.min.js'
+            });
+            // Run axe analysis
+            const axeResults = await this.page.evaluate(() => {
+                return new Promise((resolve) => {
+                    // @ts-ignore - axe is injected
+                    if (typeof axe !== 'undefined') {
+                        // @ts-ignore
+                        axe.run((err, results) => {
+                            if (err) {
+                                resolve({ violations: [], passes: [], incomplete: [], inapplicable: [] });
+                            }
+                            else {
+                                resolve(results);
+                            }
+                        });
+                    }
+                    else {
+                        resolve({ violations: [], passes: [], incomplete: [], inapplicable: [] });
+                    }
+                });
+            });
+            // Process violations
+            const violations = axeResults.violations?.map((violation) => ({
+                id: violation.id,
+                impact: violation.impact || 'minor',
+                description: violation.description || violation.help || 'Accessibility issue',
+                nodes: violation.nodes?.length || 0
+            })) || [];
+            // Calculate score (simple scoring: 100 - weighted violations)
+            const criticalCount = violations.filter((v) => v.impact === 'critical').length;
+            const seriousCount = violations.filter((v) => v.impact === 'serious').length;
+            const moderateCount = violations.filter((v) => v.impact === 'moderate').length;
+            const minorCount = violations.filter((v) => v.impact === 'minor').length;
+            const score = Math.max(0, 100 - (criticalCount * 25 +
+                seriousCount * 10 +
+                moderateCount * 5 +
+                minorCount * 1));
+            return {
+                score: Math.round(score),
+                violations
+            };
+        }
+        catch (error) {
+            console.log(`    ⚠️  Accessibility test failed: ${error}`);
+            return {
+                score: 0,
+                violations: [{
+                        id: 'axe-error',
+                        impact: 'critical',
+                        description: 'Failed to run accessibility analysis',
+                        nodes: 0
+                    }]
+            };
+        }
+    }
+    /**
+     * Get DOM snapshot for debugging
+     */
+    async getDomSnapshot() {
+        try {
+            const snapshot = await this.page.evaluate(() => {
+                return {
+                    title: document.title,
+                    url: window.location.href,
+                    elements: {
+                        buttons: document.querySelectorAll('button, input[type="button"], input[type="submit"]').length,
+                        links: document.querySelectorAll('a[href]').length,
+                        forms: document.querySelectorAll('form').length,
+                        inputs: document.querySelectorAll('input, textarea, select').length
+                    }
+                };
+            });
+            return snapshot;
+        }
+        catch {
+            return {
+                title: 'Unknown',
+                url: this.page.url(),
+                elements: { buttons: 0, links: 0, forms: 0, inputs: 0 }
+            };
+        }
+    }
+    /**
+     * Take screenshot for debugging
+     */
+    async takeScreenshot(pageUrl) {
+        try {
+            const screenshot = await this.page.screenshot({
+                type: 'png',
+                fullPage: false // Just viewport for performance
+            });
+            // Return base64 data URL for embedding
+            return `data:image/png;base64,${screenshot.toString('base64')}`;
+        }
+        catch {
+            return '';
+        }
+    }
+    /**
+     * Calculate test summary
+     */
+    calculateSummary(results) {
+        const total = results.length;
+        const passed = results.filter(r => r.success).length;
+        const failed = total - passed;
+        const avgLoadTime = total > 0 ?
+            Math.round(results.reduce((sum, r) => sum + r.loadTime, 0) / total) : 0;
+        const a11yScores = results
+            .map(r => r.accessibility?.score)
+            .filter((score) => typeof score === 'number');
+        const avgA11yScore = a11yScores.length > 0 ?
+            Math.round(a11yScores.reduce((sum, score) => sum + score, 0) / a11yScores.length) : 0;
+        return { total, passed, failed, avgLoadTime, avgA11yScore };
+    }
+    /**
+     * Generate JUnit XML fragment
+     */
+    generateJUnit(results) {
+        const summary = this.calculateSummary(results);
+        const timestamp = new Date().toISOString();
+        let junit = `<?xml version="1.0" encoding="UTF-8"?>
+<testsuite name="UI Smoke Tests" tests="${summary.total}" failures="${summary.failed}" time="${summary.avgLoadTime / 1000}" timestamp="${timestamp}">
+`;
+        for (const result of results) {
+            const testName = `UI Test: ${result.page}`;
+            const time = result.loadTime / 1000;
+            junit += `  <testcase name="${this.escapeXml(testName)}" time="${time}">
+`;
+            if (!result.success) {
+                junit += `    <failure message="${this.escapeXml(result.error || 'Test failed')}">${this.escapeXml(JSON.stringify(result, null, 2))}</failure>
+`;
+            }
+            junit += `  </testcase>
+`;
+        }
+        junit += `</testsuite>`;
+        return junit;
+    }
+    /**
+     * Escape XML special characters
+     */
+    escapeXml(str) {
+        return str
+            .replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&apos;');
+    }
+    /**
+     * Setup browser context
+     */
+    async setupBrowser() {
+        this.browser = await chromium.launch({
+            headless: true,
+            args: ['--no-sandbox', '--disable-dev-shm-usage']
+        });
+        this.context = await this.browser.newContext({
+            viewport: { width: 1280, height: 720 },
+            userAgent: 'QA360-UI-Smoke/1.0'
+        });
+        this.page = await this.context.newPage();
+    }
+    /**
+     * Cleanup browser resources
+     */
+    async cleanup() {
+        if (this.page) {
+            await this.page.close();
+        }
+        if (this.context) {
+            await this.context.close();
+        }
+        if (this.browser) {
+            await this.browser.close();
+        }
+    }
+    /**
+     * Validate UI target configuration
+     */
+    static validateConfig(target) {
+        const errors = [];
+        if (!target.baseUrl) {
+            errors.push('UI target requires baseUrl');
+        }
+        else {
+            try {
+                new URL(target.baseUrl);
+            }
+            catch {
+                errors.push('UI target baseUrl must be a valid URL');
+            }
+        }
+        if (target.pages) {
+            for (const page of target.pages) {
+                try {
+                    new URL(page, target.baseUrl);
+                }
+                catch {
+                    errors.push(`Invalid page URL: ${page}`);
+                }
+            }
+        }
+        return {
+            valid: errors.length === 0,
+            errors
+        };
+    }
+}

package/dist/core/adapters/semgrep-sast.d.ts ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * QA360 Semgrep SAST Adapter (Socle OOTB)
+ * Static Application Security Testing with configurable severity thresholds
+ */
+import { PackSecurity } from '../types/pack-v1.js';
+export interface SemgrepTestConfig {
+    workingDir: string;
+    security?: PackSecurity;
+    rules?: string[];
+    paths?: string[];
+    timeout?: number;
+    configFile?: string;
+}
+export interface SemgrepFinding {
+    ruleId: string;
+    severity: 'INFO' | 'WARNING' | 'ERROR';
+    message: string;
+    file: string;
+    line: number;
+    column: number;
+    code?: string;
+    fix?: string;
+}
+export interface SemgrepTestResult {
+    success: boolean;
+    findings: SemgrepFinding[];
+    summary: {
+        total: number;
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        info: number;
+    };
+    thresholds: {
+        sast_max_high: {
+            passed: boolean;
+            actual: number;
+            budget: number;
+        };
+    };
+    error?: string;
+    rawOutput?: string;
+    junit?: string;
+}
+export declare class SemgrepSastAdapter {
+    private redactor;
+    constructor();
+    /**
+     * Execute Semgrep SAST scan
+     */
+    runSastScan(config: SemgrepTestConfig): Promise<SemgrepTestResult>;
+    /**
+     * Execute Semgrep command
+     */
+    private executeSemgrep;
+    /**
+     * Parse Semgrep JSON results
+     */
+    private parseSemgrepResults;
+    /**
+     * Map Semgrep severity to standard levels
+     */
+    private mapSeverity;
+    /**
+     * Calculate findings summary
+     */
+    private calculateSummary;
+    /**
+     * Check security thresholds
+     */
+    private checkThresholds;
+    /**
+     * Generate JUnit XML
+     */
+    private generateJUnit;
+    /**
+     * Get default summary structure
+     */
+    private getDefaultSummary;
+    /**
+     * Get default thresholds
+     */
+    private getDefaultThresholds;
+    /**
+     * Check if Semgrep is available
+     */
+    static isAvailable(): Promise<{
+        available: boolean;
+        error?: string;
+    }>;
+    /**
+     * Validate SAST configuration
+     */
+    static validateConfig(config: SemgrepTestConfig): {
+        valid: boolean;
+        errors: string[];
+    };
+}
+//# sourceMappingURL=semgrep-sast.d.ts.map

package/dist/core/adapters/semgrep-sast.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"semgrep-sast.d.ts","sourceRoot":"","sources":["../../../src/core/adapters/semgrep-sast.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGnD,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,UAAU,EAAE;QACV,aAAa,EAAE;YACb,MAAM,EAAE,OAAO,CAAC;YAChB,MAAM,EAAE,MAAM,CAAC;YACf,MAAM,EAAE,MAAM,CAAC;SAChB,CAAC;KACH,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAmB;;IAMnC;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAgCxE;;OAEG;YACW,cAAc;IAiF5B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA4D3B;;OAEG;IACH,OAAO,CAAC,WAAW;IAOnB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA2BxB;;OAEG;IACH,OAAO,CAAC,eAAe;IAYvB;;OAEG;IACH,OAAO,CAAC,aAAa;IA2BrB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAWzB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAU5B;;OAEG;WACU,WAAW,IAAI,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAoB3E;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,iBAAiB,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE;CA4BvF"}