qa360 1.1.3 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/commands/doctor.js
CHANGED
|
@@ -251,7 +251,7 @@ export class QA360Doctor {
|
|
|
251
251
|
}
|
|
252
252
|
async checkProofKeys() {
|
|
253
253
|
try {
|
|
254
|
-
const { ensureProofKeys } = await import('
|
|
254
|
+
const { ensureProofKeys } = await import('../core/index.js');
|
|
255
255
|
const result = await ensureProofKeys(this.qa360Dir);
|
|
256
256
|
// Validate result
|
|
257
257
|
if (!result) {
|
|
@@ -328,7 +328,7 @@ export class QA360Doctor {
|
|
|
328
328
|
}
|
|
329
329
|
async checkProofRoundtrip() {
|
|
330
330
|
try {
|
|
331
|
-
const coreModule = await import('
|
|
331
|
+
const coreModule = await import('../core/index.js');
|
|
332
332
|
const { generateKeys, createProofBundle, verifyProofBundle } = coreModule;
|
|
333
333
|
// Guard: Verify exports are functions
|
|
334
334
|
if (typeof generateKeys !== 'function') {
|
|
@@ -263,9 +263,9 @@ export async function verifyPhase3Proof(filePath) {
|
|
|
263
263
|
}
|
|
264
264
|
// Decode public key from proof
|
|
265
265
|
const publicKey = new Uint8Array(Buffer.from(signature.publicKey, 'base64'));
|
|
266
|
-
// Canonicalize payload
|
|
266
|
+
// Canonicalize payload (same way it was signed)
|
|
267
267
|
const { canonicalize } = await import('./canonicalize.js');
|
|
268
|
-
const canonical = canonicalize(payload);
|
|
268
|
+
const canonical = canonicalize(payload) + '\n';
|
|
269
269
|
// Verify signature
|
|
270
270
|
const isValid = verify(canonical, signature.value, publicKey);
|
|
271
271
|
if (!isValid) {
|
|
@@ -429,7 +429,7 @@ export class Phase3Runner {
|
|
|
429
429
|
});
|
|
430
430
|
// Record gate executions
|
|
431
431
|
for (const gate of result.gates) {
|
|
432
|
-
await this.vault.recordGate(
|
|
432
|
+
await this.vault.recordGate(vaultRunId, {
|
|
433
433
|
name: gate.gate,
|
|
434
434
|
status: gate.success ? 'passed' : 'failed',
|
|
435
435
|
duration_ms: gate.duration,
|
|
@@ -437,7 +437,7 @@ export class Phase3Runner {
|
|
|
437
437
|
});
|
|
438
438
|
// Record finding if gate has error
|
|
439
439
|
if (gate.error) {
|
|
440
|
-
await this.vault.recordFinding(
|
|
440
|
+
await this.vault.recordFinding(vaultRunId, {
|
|
441
441
|
gate: gate.gate,
|
|
442
442
|
severity: 'high',
|
|
443
443
|
rule: 'gate-failure',
|
|
@@ -0,0 +1,236 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
3
|
+
"$id": "https://qa360.dev/schemas/pack.v1.json",
|
|
4
|
+
"title": "QA360 Pack Configuration v1",
|
|
5
|
+
"description": "Schema for QA360 test pack configuration files",
|
|
6
|
+
"type": "object",
|
|
7
|
+
"required": ["version", "name", "gates"],
|
|
8
|
+
"properties": {
|
|
9
|
+
"version": {
|
|
10
|
+
"type": "integer",
|
|
11
|
+
"const": 1,
|
|
12
|
+
"description": "Pack schema version"
|
|
13
|
+
},
|
|
14
|
+
"name": {
|
|
15
|
+
"type": "string",
|
|
16
|
+
"minLength": 1,
|
|
17
|
+
"maxLength": 100,
|
|
18
|
+
"pattern": "^[a-zA-Z0-9_-]+$",
|
|
19
|
+
"description": "Pack name (alphanumeric, underscore, hyphen only)"
|
|
20
|
+
},
|
|
21
|
+
"description": {
|
|
22
|
+
"type": "string",
|
|
23
|
+
"maxLength": 500,
|
|
24
|
+
"description": "Human-readable pack description"
|
|
25
|
+
},
|
|
26
|
+
"gates": {
|
|
27
|
+
"type": "array",
|
|
28
|
+
"minItems": 1,
|
|
29
|
+
"uniqueItems": true,
|
|
30
|
+
"items": {
|
|
31
|
+
"type": "string",
|
|
32
|
+
"enum": ["api_smoke", "ui", "perf", "sast", "dast", "a11y"]
|
|
33
|
+
},
|
|
34
|
+
"description": "Quality gates to execute"
|
|
35
|
+
},
|
|
36
|
+
"targets": {
|
|
37
|
+
"type": "object",
|
|
38
|
+
"properties": {
|
|
39
|
+
"api": {
|
|
40
|
+
"type": "object",
|
|
41
|
+
"properties": {
|
|
42
|
+
"baseUrl": {
|
|
43
|
+
"type": "string",
|
|
44
|
+
"format": "uri",
|
|
45
|
+
"description": "Base URL for API testing"
|
|
46
|
+
},
|
|
47
|
+
"smoke": {
|
|
48
|
+
"type": "array",
|
|
49
|
+
"items": {
|
|
50
|
+
"type": "string",
|
|
51
|
+
"pattern": "^(GET|POST|PUT|DELETE|PATCH) .+ -> \\d{3}$",
|
|
52
|
+
"description": "Smoke test definition: METHOD path -> expectedStatus"
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
},
|
|
56
|
+
"required": ["baseUrl"]
|
|
57
|
+
},
|
|
58
|
+
"web": {
|
|
59
|
+
"type": "object",
|
|
60
|
+
"properties": {
|
|
61
|
+
"baseUrl": {
|
|
62
|
+
"type": "string",
|
|
63
|
+
"format": "uri",
|
|
64
|
+
"description": "Base URL for web testing"
|
|
65
|
+
},
|
|
66
|
+
"pages": {
|
|
67
|
+
"type": "array",
|
|
68
|
+
"items": {
|
|
69
|
+
"type": "string",
|
|
70
|
+
"description": "Page paths to test"
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
},
|
|
74
|
+
"required": ["baseUrl"]
|
|
75
|
+
}
|
|
76
|
+
},
|
|
77
|
+
"description": "Test targets configuration"
|
|
78
|
+
},
|
|
79
|
+
"budgets": {
|
|
80
|
+
"type": "object",
|
|
81
|
+
"properties": {
|
|
82
|
+
"perf_p95_ms": {
|
|
83
|
+
"type": "integer",
|
|
84
|
+
"minimum": 1,
|
|
85
|
+
"maximum": 30000,
|
|
86
|
+
"description": "Performance budget: 95th percentile response time in ms"
|
|
87
|
+
},
|
|
88
|
+
"a11y_min": {
|
|
89
|
+
"type": "integer",
|
|
90
|
+
"minimum": 0,
|
|
91
|
+
"maximum": 100,
|
|
92
|
+
"description": "Accessibility minimum score (0-100)"
|
|
93
|
+
}
|
|
94
|
+
},
|
|
95
|
+
"description": "Performance and quality budgets"
|
|
96
|
+
},
|
|
97
|
+
"security": {
|
|
98
|
+
"type": "object",
|
|
99
|
+
"properties": {
|
|
100
|
+
"sast_max_high": {
|
|
101
|
+
"type": "integer",
|
|
102
|
+
"minimum": 0,
|
|
103
|
+
"description": "Maximum allowed high-severity SAST findings"
|
|
104
|
+
},
|
|
105
|
+
"secrets_leak": {
|
|
106
|
+
"type": "integer",
|
|
107
|
+
"const": 0,
|
|
108
|
+
"description": "Secrets leak tolerance (must be 0)"
|
|
109
|
+
}
|
|
110
|
+
},
|
|
111
|
+
"description": "Security constraints"
|
|
112
|
+
},
|
|
113
|
+
"data": {
|
|
114
|
+
"type": "object",
|
|
115
|
+
"properties": {
|
|
116
|
+
"profile": {
|
|
117
|
+
"type": "string",
|
|
118
|
+
"enum": ["demo", "staging", "production"],
|
|
119
|
+
"description": "Data profile to use"
|
|
120
|
+
},
|
|
121
|
+
"seed": {
|
|
122
|
+
"type": "integer",
|
|
123
|
+
"minimum": 1,
|
|
124
|
+
"description": "Random seed for reproducible data generation"
|
|
125
|
+
}
|
|
126
|
+
},
|
|
127
|
+
"description": "Test data configuration"
|
|
128
|
+
},
|
|
129
|
+
"hooks": {
|
|
130
|
+
"type": "object",
|
|
131
|
+
"properties": {
|
|
132
|
+
"beforeAll": {
|
|
133
|
+
"type": "array",
|
|
134
|
+
"items": {
|
|
135
|
+
"type": "object",
|
|
136
|
+
"properties": {
|
|
137
|
+
"run": {
|
|
138
|
+
"type": "string",
|
|
139
|
+
"description": "Command to execute"
|
|
140
|
+
},
|
|
141
|
+
"timeout": {
|
|
142
|
+
"type": "integer",
|
|
143
|
+
"minimum": 1000,
|
|
144
|
+
"default": 30000,
|
|
145
|
+
"description": "Timeout in milliseconds"
|
|
146
|
+
}
|
|
147
|
+
},
|
|
148
|
+
"required": ["run"]
|
|
149
|
+
},
|
|
150
|
+
"description": "Commands to run before all tests"
|
|
151
|
+
},
|
|
152
|
+
"afterAll": {
|
|
153
|
+
"type": "array",
|
|
154
|
+
"items": {
|
|
155
|
+
"type": "object",
|
|
156
|
+
"properties": {
|
|
157
|
+
"run": {
|
|
158
|
+
"type": "string",
|
|
159
|
+
"description": "Command to execute"
|
|
160
|
+
},
|
|
161
|
+
"timeout": {
|
|
162
|
+
"type": "integer",
|
|
163
|
+
"minimum": 1000,
|
|
164
|
+
"default": 30000,
|
|
165
|
+
"description": "Timeout in milliseconds"
|
|
166
|
+
}
|
|
167
|
+
},
|
|
168
|
+
"required": ["run"]
|
|
169
|
+
},
|
|
170
|
+
"description": "Commands to run after all tests"
|
|
171
|
+
}
|
|
172
|
+
},
|
|
173
|
+
"description": "Lifecycle hooks"
|
|
174
|
+
},
|
|
175
|
+
"execution": {
|
|
176
|
+
"type": "object",
|
|
177
|
+
"properties": {
|
|
178
|
+
"retry_on": {
|
|
179
|
+
"type": "array",
|
|
180
|
+
"items": {
|
|
181
|
+
"type": "string",
|
|
182
|
+
"enum": ["ECONNRESET", "ETIMEDOUT", "502", "503", "504", "element-detached", "navigation-timeout"]
|
|
183
|
+
},
|
|
184
|
+
"description": "Error patterns that trigger retries"
|
|
185
|
+
},
|
|
186
|
+
"max_retries": {
|
|
187
|
+
"type": "integer",
|
|
188
|
+
"minimum": 0,
|
|
189
|
+
"maximum": 5,
|
|
190
|
+
"default": 1,
|
|
191
|
+
"description": "Maximum number of retries per test"
|
|
192
|
+
},
|
|
193
|
+
"fail_on_readiness": {
|
|
194
|
+
"type": "boolean",
|
|
195
|
+
"default": true,
|
|
196
|
+
"description": "Fail if readiness checks fail"
|
|
197
|
+
},
|
|
198
|
+
"timeout": {
|
|
199
|
+
"type": "integer",
|
|
200
|
+
"minimum": 1000,
|
|
201
|
+
"default": 30000,
|
|
202
|
+
"description": "Global timeout per test in milliseconds"
|
|
203
|
+
}
|
|
204
|
+
},
|
|
205
|
+
"description": "Execution configuration"
|
|
206
|
+
},
|
|
207
|
+
"observability": {
|
|
208
|
+
"type": "object",
|
|
209
|
+
"properties": {
|
|
210
|
+
"metrics": {
|
|
211
|
+
"type": "boolean",
|
|
212
|
+
"default": true,
|
|
213
|
+
"description": "Enable metrics collection"
|
|
214
|
+
},
|
|
215
|
+
"trace": {
|
|
216
|
+
"type": "string",
|
|
217
|
+
"enum": ["none", "basic", "detailed"],
|
|
218
|
+
"default": "basic",
|
|
219
|
+
"description": "Tracing level"
|
|
220
|
+
}
|
|
221
|
+
},
|
|
222
|
+
"description": "Observability settings"
|
|
223
|
+
},
|
|
224
|
+
"environment": {
|
|
225
|
+
"type": "object",
|
|
226
|
+
"patternProperties": {
|
|
227
|
+
"^[A-Z_][A-Z0-9_]*$": {
|
|
228
|
+
"type": "string",
|
|
229
|
+
"description": "Environment variable value or secret reference"
|
|
230
|
+
}
|
|
231
|
+
},
|
|
232
|
+
"description": "Environment variables and secrets"
|
|
233
|
+
}
|
|
234
|
+
},
|
|
235
|
+
"additionalProperties": false
|
|
236
|
+
}
|