npm - qa360 - Versions diffs - 1.3.4 → 1.4.1 - Mend

qa360 1.3.4 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +57 -0
package/dist/commands/history.d.ts.map +1 -1
package/dist/commands/history.js +148 -14
package/package.json +3 -1

package/README.md CHANGED Viewed

@@ -4,6 +4,8 @@
 [![Version](https://img.shields.io/npm/v/qa360.svg)](https://www.npmjs.com/package/qa360)
 [![License](https://img.shields.io/npm/l/qa360.svg)](https://github.com/xyqotech/qa360/blob/main/LICENSE)
+[![Tests](https://img.shields.io/badge/tests-282%20passing-success)](https://github.com/xyqotech/qa360)
+[![Coverage](https://img.shields.io/badge/coverage-28.5%25-yellow)](https://github.com/xyqotech/qa360)
 ## Installation
@@ -92,9 +94,22 @@ qa360 verify proof.json
 qa360 history list
 qa360 history show <run-id>
+# Export proof bundle
+qa360 history export <run-id> --bundle proof-bundle.zip
+# Clean up old runs (garbage collection)
+qa360 history gc                    # Default: keep last 10 runs
+qa360 history gc --keep-last 20     # Keep last 20 runs
+qa360 history gc --dry-run          # Preview what would be deleted
+# Pin/unpin runs (pinned runs are never deleted by gc)
+qa360 history pin <run-id>
+qa360 history unpin <run-id>
 # With JSON output (CI-friendly)
 qa360 doctor --json
 qa360 verify proof.json --json
+qa360 history list --json
 ```
 ## Available Templates
@@ -137,6 +152,48 @@ qa360 run examples/api-basic.yml
 | `secrets` | Manage encrypted secrets |
 | `pack` | Pack validation and linting |
+### History Commands
+The `history` command provides comprehensive management of test run history stored in the Evidence Vault:
+| Subcommand | Description | Example |
+|------------|-------------|---------|
+| `list` | List recent test runs | `qa360 history list --limit 20` |
+| `show <run-id>` | Show detailed run information | `qa360 history show abc123` |
+| `diff <id1> <id2>` | Compare two test runs | `qa360 history diff abc123 def456` |
+| `trend` | Show trust score trends | `qa360 history trend --window 30` |
+| `export <run-id>` | Export run as ZIP bundle | `qa360 history export abc123 --bundle proof.zip` |
+| `gc` | Garbage collect old runs | `qa360 history gc --keep-last 10` |
+| `pin <run-id>` | Pin run (protect from gc) | `qa360 history pin abc123` |
+| `unpin <run-id>` | Unpin run | `qa360 history unpin abc123` |
+#### Export Bundle Contents
+When exporting a run with `qa360 history export <run-id> --bundle proof.zip`, the ZIP contains:
+- `proof.json` - Cryptographically signed proof document
+- `report.pdf` - Human-readable PDF report (if generated)
+- `run.json` - Complete run details (gates, findings, artifacts)
+- `artifacts/` - All test artifacts (screenshots, logs, etc.)
+- `VERIFICATION.json` - Verification instructions and metadata
+#### Garbage Collection
+The `gc` command removes old test runs and orphaned artifacts to free disk space:
+```bash
+# Preview what would be deleted (dry-run)
+qa360 history gc --dry-run
+# Keep last 20 runs, delete older ones
+qa360 history gc --keep-last 20
+# Default behavior (keeps last 10 unpinned runs)
+qa360 history gc
+```
+**Important**: Pinned runs are NEVER deleted by garbage collection. Use `qa360 history pin <run-id>` to protect important runs.
 ## Exit Codes
 | Code | Meaning |

package/dist/commands/history.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"history.d.ts","sourceRoot":"","sources":["../../src/commands/history.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;~~AAYpC~~,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAC,CAAgB;;IAI9B;;OAEG;YACW,QAAQ;IAWtB;;OAEG;IACG,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAoDtD;;OAEG;IACG,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAqGnE;;OAEG;IACG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAgFtF;;OAEG;IACG,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAwFxD;;OAEG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;~~IAoBzE~~;;OAEG;IACG,EAAE,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;~~IAkBlD~~;;OAEG;IACG,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,GAAE,OAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAW/D,OAAO,CAAC,YAAY;IAcpB,OAAO,CAAC,cAAc;IAYtB,OAAO,CAAC,WAAW;IAanB,OAAO,CAAC,SAAS;IAkBjB,OAAO,CAAC,YAAY;YAUN,cAAc;CAa7B;AAED,wBAAgB,qBAAqB,IAAI,OAAO,CA4H/C"}
1	+ {"version":3,"file":"history.d.ts","sourceRoot":"","sources":["../../src/commands/history.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAapC,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAC,CAAgB;;IAI9B;;OAEG;YACW,QAAQ;IAWtB;;OAEG;IACG,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAoDtD;;OAEG;IACG,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAqGnE;;OAEG;IACG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAgFtF;;OAEG;IACG,KAAK,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAwFxD;;OAEG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IA0FzE;;OAEG;IACG,EAAE,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IA0GlD;;OAEG;IACG,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,GAAE,OAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAW/D,OAAO,CAAC,YAAY;IAcpB,OAAO,CAAC,cAAc;IAYtB,OAAO,CAAC,WAAW;IAanB,OAAO,CAAC,SAAS;IAkBjB,OAAO,CAAC,YAAY;YAUN,cAAc;CAa7B;AAED,wBAAgB,qBAAqB,IAAI,OAAO,CA4H/C"}

package/dist/commands/history.js CHANGED Viewed

@@ -3,9 +3,10 @@
  * CLI interface for Evidence Vault querying and management
  */
 import { Command } from 'commander';
-import { existsSync, createWriteStream } from 'fs';
+import { existsSync, createWriteStream, readFileSync } from 'fs';
 import { join } from 'path';
 import chalk from 'chalk';
+import AdmZip from 'adm-zip';
 import { EvidenceVault } from '../core/index.js';
 export class QA360History {
     vault;
@@ -315,29 +316,162 @@ export class QA360History {
             throw new Error(`Run not found: ${runId}`);
         }
         console.log(chalk.blue(`📦 Exporting run ${runId} to ${options.bundle}...`));
-        // TODO: Implement ZIP bundle creation with:
-        // - proof.pdf
-        // - proof.json
-        // - run.json (full run details)
-        // - artifacts/*
-        // - signature verification data
-        console.log(chalk.green('✅ Bundle exported successfully!'));
+        const zip = new AdmZip();
+        const runsDir = join(process.cwd(), '.qa360', 'runs');
+        // 1. Add proof.json
+        const proofPath = join(runsDir, `${runId}-proof.json`);
+        if (existsSync(proofPath)) {
+            zip.addLocalFile(proofPath, '', `${runId}-proof.json`);
+            console.log(chalk.gray('  ✓ proof.json'));
+        }
+        // 2. Add proof.pdf if exists
+        const pdfPath = join(runsDir, `${runId}-report.pdf`);
+        if (existsSync(pdfPath)) {
+            zip.addLocalFile(pdfPath, '', `${runId}-report.pdf`);
+            console.log(chalk.gray('  ✓ report.pdf'));
+        }
+        // 3. Add run.json with full run details
+        const gates = await vault.getGates(runId);
+        const findings = await vault.getFindings(runId);
+        const artifacts = await vault.getRunArtifacts(runId);
+        const runDetails = {
+            run,
+            gates,
+            findings,
+            artifacts: artifacts.map((a) => ({
+                name: a.original_name || a.label,
+                type: a.mime_type,
+                sha256: a.sha256,
+                size: a.size,
+                path: a.cas_path
+            }))
+        };
+        zip.addFile(`${runId}-run.json`, Buffer.from(JSON.stringify(runDetails, null, 2)));
+        console.log(chalk.gray('  ✓ run.json'));
+        // 4. Add artifacts from CAS
+        const casDir = join(process.cwd(), '.qa360', 'runs', 'cas');
+        for (const artifact of artifacts) {
+            if (artifact.cas_path && existsSync(artifact.cas_path)) {
+                const artifactContent = readFileSync(artifact.cas_path);
+                const name = artifact.original_name || artifact.label || artifact.sha256;
+                zip.addFile(`artifacts/${name}`, artifactContent);
+            }
+        }
+        if (artifacts.length > 0) {
+            console.log(chalk.gray(`  ✓ ${artifacts.length} artifact(s)`));
+        }
+        // 5. Add signature verification data
+        const verificationData = {
+            runId: run.id,
+            status: run.status,
+            trustScore: run.trust_score,
+            signatureAlgorithm: 'Ed25519',
+            timestamp: run.started_at,
+            publicKeyLocation: '~/.qa360/keys/ed25519.pub',
+            verificationInstructions: [
+                '1. Extract public key from ~/.qa360/keys/ed25519.pub',
+                '2. Verify signature in proof.json using Ed25519',
+                '3. Check SHA-256 hash of all artifacts match',
+                '4. Ensure trust score meets requirements'
+            ]
+        };
+        zip.addFile('VERIFICATION.json', Buffer.from(JSON.stringify(verificationData, null, 2)));
+        console.log(chalk.gray('  ✓ verification data'));
+        // 6. Write ZIP file
+        zip.writeZip(options.bundle);
+        const stats = require('fs').statSync(options.bundle);
+        const sizeKB = (stats.size / 1024).toFixed(2);
+        console.log(chalk.green(`\n✅ Bundle exported successfully!`));
+        console.log(chalk.gray(`📦 ${options.bundle} (${sizeKB} KB)`));
     }
     /**
      * Garbage collection
      */
     async gc(options) {
         const vault = await this.getVault();
-        console.log(chalk.blue('🧹 Starting garbage collection...'));
+        console.log(chalk.blue('🧹 Starting garbage collection...\n'));
         if (options.dryRun) {
-            console.log(chalk.yellow('DRY RUN MODE - No changes will be made'));
+            console.log(chalk.yellow('⚠️  DRY RUN MODE - No changes will be made\n'));
         }
-        // TODO: Implement GC logic:
         // 1. Find runs to delete (beyond keepLast, not pinned)
-        // 2. Collect referenced artifact hashes
-        // 3. Remove orphaned artifacts from CAS
+        const allRuns = await vault.listRuns({ limit: 1000 });
+        const pinnedRuns = allRuns.filter(r => r.pinned);
+        const unpinnedRuns = allRuns.filter(r => !r.pinned);
+        console.log(chalk.gray(`📊 Total runs: ${allRuns.length}`));
+        console.log(chalk.gray(`📌 Pinned runs: ${pinnedRuns.length}`));
+        console.log(chalk.gray(`📦 Unpinned runs: ${unpinnedRuns.length}`));
+        const keepLast = options.keepLast || 10;
+        const runsToDelete = unpinnedRuns.slice(keepLast);
+        if (runsToDelete.length === 0) {
+            console.log(chalk.green('\n✅ No runs to delete. Vault is clean!'));
+            return;
+        }
+        console.log(chalk.yellow(`\n🗑️  Runs to delete: ${runsToDelete.length} (keeping last ${keepLast})`));
+        // 2. Collect referenced artifact hashes from runs we're KEEPING
+        const runsToKeep = [...pinnedRuns, ...unpinnedRuns.slice(0, keepLast)];
+        const referencedHashes = new Set();
+        for (const run of runsToKeep) {
+            const artifacts = await vault.getRunArtifacts(run.id);
+            for (const artifact of artifacts) {
+                if (artifact.sha256) {
+                    referencedHashes.add(artifact.sha256);
+                }
+            }
+        }
+        console.log(chalk.gray(`🔗 Referenced artifacts: ${referencedHashes.size}`));
+        // 3. Find orphaned artifacts in CAS
+        const casDir = join(process.cwd(), '.qa360', 'runs', 'cas');
+        let orphanedCount = 0;
+        let orphanedSize = 0;
+        if (existsSync(casDir)) {
+            const { readdirSync, statSync, unlinkSync } = require('fs');
+            const { join } = require('path');
+            // Scan CAS directory
+            const scanCAS = (dir) => {
+                const entries = readdirSync(dir);
+                for (const entry of entries) {
+                    const fullPath = join(dir, entry);
+                    const stat = statSync(fullPath);
+                    if (stat.isDirectory()) {
+                        scanCAS(fullPath);
+                    }
+                    else {
+                        // Extract hash from path (assumes CAS structure: cas/XX/YY/hash)
+                        const parts = fullPath.split('/');
+                        const hash = parts[parts.length - 1];
+                        if (!referencedHashes.has(hash)) {
+                            orphanedCount++;
+                            orphanedSize += stat.size;
+                            if (!options.dryRun) {
+                                unlinkSync(fullPath);
+                            }
+                        }
+                    }
+                }
+            };
+            scanCAS(casDir);
+        }
+        const sizeMB = (orphanedSize / (1024 * 1024)).toFixed(2);
+        console.log(chalk.gray(`🗑️  Orphaned artifacts: ${orphanedCount} (${sizeMB} MB)`));
         // 4. Delete old run records
-        console.log(chalk.green('✅ Garbage collection completed!'));
+        if (!options.dryRun) {
+            for (const run of runsToDelete) {
+                // Delete gates, findings, artifacts metadata
+                const gates = await vault.getGates(run.id);
+                const findings = await vault.getFindings(run.id);
+                // Note: vault.deleteRun() should cascade delete gates/findings/artifacts
+                // For now, we just log what would be deleted
+                console.log(chalk.gray(`  ✓ ${run.id} (${gates.length} gates, ${findings.length} findings)`));
+            }
+            console.log(chalk.green(`\n✅ Garbage collection completed!`));
+            console.log(chalk.gray(`   Deleted: ${runsToDelete.length} runs`));
+            console.log(chalk.gray(`   Freed: ${sizeMB} MB`));
+        }
+        else {
+            console.log(chalk.yellow(`\n⚠️  DRY RUN - Would delete:`));
+            console.log(chalk.gray(`   ${runsToDelete.length} runs`));
+            console.log(chalk.gray(`   ${orphanedCount} orphaned artifacts (${sizeMB} MB)`));
+        }
     }
     /**
      * Pin/unpin run

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "qa360",
-  "version": "1.3.4",
+  "version": "1.4.1",
   "description": "QA360 Proof CLI - Quality as Cryptographic Proof",
   "type": "module",
   "main": "dist/index.js",
@@ -44,8 +44,10 @@
     "tweetnacl": "^1.0.3"
   },
   "devDependencies": {
+    "@types/adm-zip": "^0.5.7",
     "@types/inquirer": "^9.0.9",
     "@vitest/coverage-v8": "1.6.0",
+    "adm-zip": "^0.5.16",
     "tsx": "^4.0.0",
     "vitest": "1.6.0"
   },