qa360 2.0.11 → 2.0.13

package/dist/commands/init.js

@@ -1,5 +1,5 @@
 /**
- * QA360 Init Command - Interactive pack generator
+ * QA360 Init Command - Interactive pack generator (v2)
  *
  * Usage:
  *   qa360 init
@@ -15,97 +15,295 @@ import { dump } from 'js-yaml';
 // Use createRequire for CommonJS module inquirer
 const require = createRequire(import.meta.url);
 const inquirer = require('inquirer');
-/**
- * Available templates
- */
+// ============================================================
+// Available templates (v2)
+// ============================================================
 export const TEMPLATES = {
     'api-basic': {
         name: 'API Basic',
         description: 'Simple API smoke tests (REST/GraphQL)',
-        gates: ['api_smoke'],
+        gates: ['api-smoke'],
         icon: '🔌',
     },
     'ui-basic': {
         name: 'UI Basic',
         description: 'Basic UI/E2E browser tests',
-        gates: ['ui'],
+        gates: ['ui-smoke', 'a11y'],
         icon: '🌐',
     },
     'fullstack': {
         name: 'Full Stack',
         description: 'API + UI + Performance tests',
-        gates: ['api_smoke', 'ui', 'perf'],
+        gates: ['api-smoke', 'api-crud', 'ui-smoke', 'perf'],
         icon: '🎯',
     },
     'security': {
         name: 'Security',
-        description: 'SAST, DAST, secrets scanning, dependency checks',
-        gates: ['sast', 'dast', 'secrets', 'deps'],
+        description: 'SAST, DAST, secrets scanning',
+        gates: ['api-smoke', 'sast', 'dast', 'secrets'],
         icon: '🛡️',
     },
     'complete': {
         name: 'Complete',
         description: 'All quality gates (API, UI, Performance, Security, Accessibility)',
-        gates: ['api_smoke', 'ui', 'a11y', 'perf', 'sast', 'dast', 'secrets', 'deps'],
+        gates: ['api-smoke', 'api-crud', 'ui-smoke', 'a11y', 'perf', 'sast', 'dast', 'secrets'],
         icon: '✨',
     },
 };
-/**
- * Gate descriptions with beginner-friendly explanations
- */
+// ============================================================
+// Gate descriptions with beginner-friendly explanations
+// ============================================================
 export const GATE_DESCRIPTIONS = {
-    api_smoke: {
+    'api-smoke': {
         short: 'API smoke tests (REST/GraphQL health checks)',
         beginner: 'Tests if your API is alive and responds correctly. Like checking if the server is up.',
         example: 'Checks if GET /api/health returns 200 OK',
         icon: '🔌',
+        adapter: 'playwright-api',
+    },
+    'api-crud': {
+        short: 'API CRUD tests (Create, Read, Update, Delete)',
+        beginner: 'Tests the full lifecycle of your data operations.',
+        example: 'Tests POST /users, GET /users, PUT /users/1, DELETE /users/1',
+        icon: '🔧',
+        adapter: 'playwright-api',
     },
-    ui: {
+    'ui-smoke': {
         short: 'UI/E2E tests (browser automation)',
         beginner: 'Tests your website in a real browser. Checks if pages load and buttons work.',
         example: 'Opens your site and verifies the login form appears',
         icon: '🌐',
+        adapter: 'playwright-ui',
     },
-    a11y: {
+    'a11y': {
         short: 'Accessibility tests (WCAG compliance)',
         beginner: 'Tests if your site is usable by people with disabilities (screen readers, color blindness).',
         example: 'Checks if images have alt text for blind users',
         icon: '♿',
+        adapter: 'playwright-ui',
     },
-    perf: {
+    'perf': {
         short: 'Performance tests (load/stress testing)',
         beginner: 'Tests if your site stays fast when many people visit at once.',
         example: 'Simulates 100 users visiting simultaneously',
         icon: '⚡',
+        adapter: 'k6-perf',
     },
-    sast: {
+    'sast': {
         short: 'Static security analysis (code scanning)',
         beginner: 'Analyzes your source code for security vulnerabilities without running it.',
         example: 'Finds hardcoded passwords or unsafe functions',
         icon: '🔍',
+        adapter: 'semgrep-sast',
     },
-    dast: {
+    'dast': {
         short: 'Dynamic security testing (runtime scanning)',
         beginner: 'Attacks your running application to find security weaknesses.',
         example: 'Tries common attacks like SQL injection',
         icon: '⚔️',
+        adapter: 'zap-dast',
     },
-    secrets: {
+    'secrets': {
         short: 'Secrets detection (credential scanning)',
         beginner: 'Scans for accidentally committed passwords, API keys, or tokens.',
         example: 'Finds AWS keys in your code',
         icon: '🔑',
-    },
-    deps: {
-        short: 'Dependency vulnerability checks',
-        beginner: 'Checks if your libraries have known security issues.',
-        example: 'Checks if you use an old version of a package with bugs',
-        icon: '📦',
+        adapter: 'gitleaks-secrets',
     },
 };
-/**
- * Beginner mode - Step by step guided experience
- */
+// ============================================================
+// Helper: Create gate config
+// ============================================================
+function createGate(adapter, baseUrl, extraConfig = {}) {
+    return {
+        adapter,
+        enabled: true,
+        config: {
+            baseUrl,
+            ...extraConfig,
+        },
+        options: {
+            timeout: 30000,
+            retries: 2,
+        },
+    };
+}
+// ============================================================
+// Helper: Generate v2 pack from selected gates
+// ============================================================
+function generateV2Pack(name, gates, apiTarget, webTarget) {
+    const pack = {
+        version: 2,
+        name,
+        description: `QA360 test pack for ${name}`,
+        gates: {},
+        execution: {
+            default_timeout: 30000,
+            default_retries: 2,
+            on_failure: 'continue',
+            parallel: true,
+        },
+    };
+    const apiBaseUrl = apiTarget ? `\${BASE_URL:-${apiTarget}}` : '${BASE_URL:-https://api.example.com}';
+    const webBaseUrl = webTarget ? `\${BASE_URL:-${webTarget}}` : '${BASE_URL:-https://example.com}';
+    // Build gates
+    for (const gate of gates) {
+        const gateInfo = GATE_DESCRIPTIONS[gate];
+        if (!gateInfo)
+            continue;
+        switch (gate) {
+            case 'api-smoke':
+                pack.gates['api-health'] = createGate('playwright-api', apiBaseUrl, {
+                    smoke: [
+                        'GET /health -> 200',
+                        'GET /status -> 200',
+                    ],
+                });
+                break;
+            case 'api-crud':
+                pack.gates['api-crud'] = createGate('playwright-api', apiBaseUrl, {
+                    smoke: [
+                        'GET /api/v1/users -> 200',
+                        'POST /api/v1/users -> 201',
+                        'PUT /api/v1/users/1 -> 200',
+                        'DELETE /api/v1/users/1 -> 204',
+                    ],
+                });
+                pack.gates['api-crud'].budgets = {
+                    p95_ms: 1000,
+                    error_rate: 0.01,
+                };
+                break;
+            case 'ui-smoke':
+                pack.gates['ui-smoke'] = createGate('playwright-ui', webBaseUrl, {
+                    pages: [
+                        {
+                            url: '/',
+                            expectedElements: ['body', 'main'],
+                        },
+                    ],
+                });
+                break;
+            case 'a11y':
+                pack.gates['a11y'] = {
+                    adapter: 'playwright-ui',
+                    enabled: true,
+                    config: {
+                        baseUrl: webBaseUrl,
+                        pages: [
+                            {
+                                url: '/',
+                                a11yRules: ['wcag2a', 'wcag2aa'],
+                            },
+                        ],
+                    },
+                    budgets: {
+                        violations: 10,
+                        a11y_score: 90,
+                    },
+                };
+                break;
+            case 'perf':
+                pack.gates['perf'] = {
+                    adapter: 'k6-perf',
+                    enabled: true,
+                    config: {
+                        script: `import http from 'k6/http';
+import { check } from 'k6';
+
+export const options = {
+  stages: [
+    { duration: '10s', target: 10 },
+    { duration: '20s', target: 50 },
+    { duration: '10s', target: 0 },
+  ],
+};
+
+export default function () {
+  const res = http.get('${apiBaseUrl}/health');
+  check(res, {
+    'status is 200': (r) => r.status === 200,
+    'response time < 500ms': (r) => r.timings.duration < 500,
+  });
+}`,
+                    },
+                    budgets: {
+                        p95_ms: 2000,
+                        p99_ms: 5000,
+                        error_rate: 0.05,
+                    },
+                    options: {
+                        timeout: 60000,
+                        retries: 1,
+                    },
+                };
+                break;
+            case 'sast':
+                pack.gates['sast'] = {
+                    adapter: 'semgrep-sast',
+                    enabled: true,
+                    config: {
+                        rules: ['security', 'owasp-top-10'],
+                        paths: ['src/', 'lib/'],
+                    },
+                    budgets: {
+                        high_findings: 0,
+                        medium_findings: 10,
+                    },
+                };
+                break;
+            case 'dast':
+                pack.gates['dast'] = {
+                    adapter: 'zap-dast',
+                    enabled: true,
+                    config: {
+                        target: 'api',
+                        profile: 'baseline',
+                        url: apiBaseUrl,
+                        scanType: 'baseline',
+                    },
+                    budgets: {
+                        high_findings: 5,
+                        medium_findings: 20,
+                    },
+                    options: {
+                        timeout: 120000,
+                    },
+                };
+                break;
+            case 'secrets':
+                pack.gates['secrets'] = {
+                    adapter: 'gitleaks-secrets',
+                    enabled: true,
+                    config: {
+                        paths: ['.', 'src/', 'config/'],
+                    },
+                    budgets: {
+                        critical_findings: 0,
+                    },
+                };
+                break;
+        }
+    }
+    // Add hooks if needed
+    if (gates.includes('perf') || gates.includes('dast')) {
+        pack.hooks = {
+            beforeAll: [
+                {
+                    type: 'wait_on',
+                    wait_for: {
+                        resource: `${apiBaseUrl}/health`,
+                        timeout: 30000,
+                    },
+                },
+            ],
+        };
+    }
+    return pack;
+}
+// ============================================================
+// Beginner mode - Step by step guided experience
+// ============================================================
 async function beginnerMode() {
     console.log(chalk.bold.cyan('\n╔════════════════════════════════════════════════════════════╗'));
     console.log(chalk.bold.cyan('║       👋 Welcome to QA360 - Your Quality Assistant!          ║'));
@@ -136,25 +334,27 @@ async function beginnerMode() {
             name: 'appType',
             message: 'What type of application are you testing?',
             choices: [
-                { name: '🔌 API / Backend - REST or GraphQL API', value: 'api' },
-                { name: '🌐 Website / Frontend - Web application', value: 'web' },
+                { name: '🔌 API / Backend - REST or GraphQL API', value: 'api-basic' },
+                { name: '🌐 Website / Frontend - Web application', value: 'ui-basic' },
                 { name: '🎯 Full Stack - Both API and Website', value: 'fullstack' },
                 { name: '🛡️ Security Scan - Check for vulnerabilities', value: 'security' },
                 { name: '✨ Everything - All tests enabled', value: 'complete' },
             ],
         },
     ]);
-    console.log(chalk.green(`   ✓ You chose: ${appType}\n`));
+    console.log(chalk.green(`   ✓ You chose: ${TEMPLATES[appType].name}\n`));
     // Step 3: Gates explanation and selection
-    const suggestedGates = TEMPLATES[appType === 'complete' ? 'complete' : appType === 'fullstack' ? 'fullstack' : appType === 'api' ? 'api-basic' : appType === 'web' ? 'ui-basic' : 'security']?.gates || [];
+    const suggestedGates = TEMPLATES[appType].gates;
     console.log(chalk.bold('Step 3️⃣  - Quality Gates'));
     console.log(chalk.gray('   Gates are different types of tests. We\'ll suggest some based on your choice.\n'));
     console.log(chalk.cyan('   Suggested gates for you:\n'));
     for (const gate of suggestedGates) {
         const info = GATE_DESCRIPTIONS[gate];
-        console.log(chalk.cyan(`     ${info?.icon} ${gate}`));
-        console.log(chalk.gray(`       ${info?.beginner}`));
-        console.log(chalk.gray(`       Example: ${info?.example}\n`));
+        if (info) {
+            console.log(chalk.cyan(`     ${info.icon} ${gate}`));
+            console.log(chalk.gray(`       ${info.beginner}`));
+            console.log(chalk.gray(`       Example: ${info.example}\n`));
+        }
     }
     const { useSuggested } = await inquirer.prompt([
         {
@@ -165,6 +365,8 @@ async function beginnerMode() {
         },
     ]);
     let gates = suggestedGates;
+    let apiTarget;
+    let webTarget;
     if (!useSuggested) {
         const { customGates } = await inquirer.prompt([
             {
@@ -172,7 +374,7 @@ async function beginnerMode() {
                 name: 'customGates',
                 message: 'Select the gates you want:',
                 choices: Object.entries(GATE_DESCRIPTIONS).map(([key, info]) => ({
-                    name: `${info?.icon} ${key} - ${info?.short}`,
+                    name: `${info.icon} ${key} - ${info.short}`,
                     value: key,
                 })),
                 validate: (input) => input.length > 0 || 'Select at least one gate',
@@ -184,8 +386,9 @@ async function beginnerMode() {
     // Step 4: URLs
     console.log(chalk.bold('Step 4️⃣  - Application URLs'));
     console.log(chalk.gray('   Where is your application running?\n'));
-    const targets = {};
-    if (gates.includes('api_smoke')) {
+    const hasApiGates = gates.some((g) => ['api-smoke', 'api-crud', 'perf', 'dast'].includes(g));
+    const hasUiGates = gates.some((g) => ['ui-smoke', 'a11y'].includes(g));
+    if (hasApiGates) {
         console.log(chalk.cyan('   📡 API Configuration'));
         const apiAnswers = await inquirer.prompt([
             {
@@ -195,20 +398,11 @@ async function beginnerMode() {
                 default: 'https://api.example.com',
                 validate: (input) => input.startsWith('http') || 'Must start with http:// or https://',
             },
-            {
-                type: 'input',
-                name: 'smokeTests',
-                message: 'Which endpoints should we test? (format: "METHOD /path -> status")',
-                default: 'GET /health -> 200',
-            },
         ]);
-        targets.api = {
-            baseUrl: apiAnswers.apiUrl,
-            smoke: [apiAnswers.smokeTests],
-        };
-        console.log(chalk.green(`   ✓ API: ${apiAnswers.apiUrl}\n`));
+        apiTarget = apiAnswers.apiUrl;
+        console.log(chalk.green(`   ✓ API: ${apiTarget}\n`));
     }
-    if (gates.includes('ui') || gates.includes('a11y')) {
+    if (hasUiGates) {
         console.log(chalk.cyan('   🌐 Website Configuration'));
         const uiAnswers = await inquirer.prompt([
             {
@@ -219,50 +413,22 @@ async function beginnerMode() {
                 validate: (input) => input.startsWith('http') || 'Must start with http:// or https://',
             },
         ]);
-        targets.web = {
-            baseUrl: uiAnswers.webUrl,
-            pages: [uiAnswers.webUrl],
-        };
-        console.log(chalk.green(`   ✓ Website: ${uiAnswers.webUrl}\n`));
+        webTarget = uiAnswers.webUrl;
+        console.log(chalk.green(`   ✓ Website: ${webTarget}\n`));
     }
     // Build pack
-    const pack = {
-        version: 1,
-        name,
-        gates: gates,
-        targets,
-    };
-    // Add budgets
-    if (gates.includes('perf') || gates.includes('a11y')) {
-        pack.budgets = {};
-        if (gates.includes('perf')) {
-            pack.budgets.perf_p95_ms = 2000;
-        }
-        if (gates.includes('a11y')) {
-            pack.budgets.a11y_min = 90;
-        }
-    }
-    // Add security config
-    if (gates.some((g) => ['sast', 'dast', 'secrets', 'deps'].includes(g))) {
-        pack.security = {};
-        if (gates.includes('sast')) {
-            pack.security.sast = { max_critical: 0, max_high: 3 };
-        }
-        if (gates.includes('dast')) {
-            pack.security.dast = { max_high: 5 };
-        }
-    }
+    const pack = generateV2Pack(name, gates, apiTarget, webTarget);
     // Final summary
     console.log(chalk.bold.cyan('\n✨ Almost done! Here\'s your test pack summary:\n'));
     console.log(chalk.white(`   Name: ${chalk.bold(name)}`));
     console.log(chalk.white(`   Gates: ${gates.map(g => `${GATE_DESCRIPTIONS[g]?.icon} ${g}`).join(', ')}`));
-    console.log(chalk.white(`   API: ${targets.api?.baseUrl || 'N/A'}`));
-    console.log(chalk.white(`   Website: ${targets.web?.baseUrl || 'N/A'}`));
+    console.log(chalk.white(`   API: ${apiTarget || 'N/A'}`));
+    console.log(chalk.white(`   Website: ${webTarget || 'N/A'}`));
     return pack;
 }
-/**
- * Interactive prompts
- */
+// ============================================================
+// Interactive prompts
+// ============================================================
 async function promptForConfig() {
     const answers = await inquirer.prompt([
         {
@@ -277,7 +443,7 @@ async function promptForConfig() {
             name: 'template',
             message: 'Choose a template:',
             choices: Object.entries(TEMPLATES).map(([key, value]) => ({
-                name: `${value.name} - ${value.description}`,
+                name: `${value.icon} ${value.name} - ${value.description}`,
                 value: key,
             })),
         },
@@ -296,7 +462,7 @@ async function promptForConfig() {
                 name: 'gates',
                 message: 'Select quality gates to enable:',
                 choices: Object.entries(GATE_DESCRIPTIONS).map(([key, desc]) => ({
-                    name: `${key} - ${desc.short}`,
+                    name: `${desc.icon} ${key} - ${desc.short}`,
                     value: key,
                     checked: gates.includes(key),
                 })),
@@ -307,7 +473,9 @@ async function promptForConfig() {
     }
     // Prompt for target URLs based on selected gates
     const targets = {};
-    if (gates.includes('api_smoke')) {
+    const hasApiGates = gates.some((g) => ['api-smoke', 'api-crud', 'perf', 'dast'].includes(g));
+    const hasUiGates = gates.some((g) => ['ui-smoke', 'a11y'].includes(g));
+    if (hasApiGates) {
         const apiAnswers = await inquirer.prompt([
             {
                 type: 'input',
@@ -316,19 +484,10 @@ async function promptForConfig() {
                 default: 'https://api.example.com',
                 validate: (input) => input.startsWith('http') || 'Must be a valid URL',
             },
-            {
-                type: 'input',
-                name: 'smokeTests',
-                message: 'Smoke test endpoints (comma-separated):',
-                default: 'GET /health -> 200, GET /status -> 200',
-            },
         ]);
-        targets.api = {
-            baseUrl: apiAnswers.apiUrl,
-            smoke: apiAnswers.smokeTests.split(',').map((s) => s.trim()),
-        };
+        targets.api = apiAnswers.apiUrl;
     }
-    if (gates.includes('ui') || gates.includes('a11y')) {
+    if (hasUiGates) {
         const uiAnswers = await inquirer.prompt([
             {
                 type: 'input',
@@ -337,117 +496,38 @@ async function promptForConfig() {
                 default: 'https://example.com',
                 validate: (input) => input.startsWith('http') || 'Must be a valid URL',
             },
-            {
-                type: 'input',
-                name: 'pages',
-                message: 'Pages to test (comma-separated):',
-                default: 'https://example.com, https://example.com/about',
-            },
         ]);
-        targets.web = {
-            baseUrl: uiAnswers.webUrl,
-            pages: uiAnswers.pages.split(',').map((s) => s.trim()),
-        };
-    }
-    // Build pack config
-    const pack = {
-        version: 1,
-        name: answers.name,
-        gates: gates,
-        targets,
-    };
-    // Add budgets if perf/a11y gates enabled
-    if (gates.includes('perf') || gates.includes('a11y')) {
-        pack.budgets = {};
-        if (gates.includes('perf')) {
-            pack.budgets.perf_p95_ms = 2000;
-        }
-        if (gates.includes('a11y')) {
-            pack.budgets.a11y_min = 90;
-        }
+        targets.web = uiAnswers.webUrl;
     }
-    // Add security config if security gates enabled
-    if (gates.some((g) => ['sast', 'dast', 'secrets', 'deps'].includes(g))) {
-        pack.security = {};
-        if (gates.includes('sast')) {
-            pack.security.sast = {
-                max_critical: 0,
-                max_high: 3,
-            };
-        }
-        if (gates.includes('dast')) {
-            pack.security.dast = {
-                max_high: 5,
-            };
-        }
-    }
-    return pack;
+    return generateV2Pack(answers.name, gates, targets.api, targets.web);
 }
-/**
- * Generate pack from template
- */
+// ============================================================
+// Generate pack from template
+// ============================================================
 function generateFromTemplate(templateKey, name) {
     const template = TEMPLATES[templateKey];
     if (!template) {
         throw new Error(`Unknown template: ${templateKey}`);
     }
-    const pack = {
-        version: 1,
-        name: name || `${templateKey}-tests`,
-        gates: template.gates,
-        targets: {},
-    };
-    // Add default targets based on gates
-    if (template.gates.includes('api_smoke')) {
-        pack.targets.api = {
-            baseUrl: 'https://api.example.com',
-            smoke: [
-                'GET /health -> 200',
-                'GET /status -> 200',
-            ],
-        };
+    // Determine targets based on template
+    let apiTarget;
+    let webTarget;
+    const hasApiGates = template.gates.some((g) => ['api-smoke', 'api-crud', 'perf', 'dast'].includes(g));
+    const hasUiGates = template.gates.some((g) => ['ui-smoke', 'a11y'].includes(g));
+    if (hasApiGates) {
+        apiTarget = 'https://api.example.com';
     }
-    if (template.gates.includes('ui') || template.gates.includes('a11y')) {
-        pack.targets.web = {
-            baseUrl: 'https://example.com',
-            pages: [
-                'https://example.com',
-            ],
-        };
+    if (hasUiGates) {
+        webTarget = 'https://example.com';
     }
-    // Add budgets
-    if (template.gates.includes('perf') || template.gates.includes('a11y')) {
-        pack.budgets = {};
-        if (template.gates.includes('perf')) {
-            pack.budgets.perf_p95_ms = 2000;
-        }
-        if (template.gates.includes('a11y')) {
-            pack.budgets.a11y_min = 90;
-        }
-    }
-    // Add security config
-    if (template.gates.some((g) => ['sast', 'dast', 'secrets', 'deps'].includes(g))) {
-        pack.security = {};
-        if (template.gates.includes('sast')) {
-            pack.security.sast = {
-                max_critical: 0,
-                max_high: 3,
-            };
-        }
-        if (template.gates.includes('dast')) {
-            pack.security.dast = {
-                max_high: 5,
-            };
-        }
-    }
-    return pack;
+    return generateV2Pack(name || `${templateKey}-tests`, template.gates, apiTarget, webTarget);
 }
-/**
- * Main init command
- */
+// ============================================================
+// Main init command
+// ============================================================
 export async function initCommand(options = {}) {
     try {
-        console.log(chalk.bold.cyan('\n🚀 QA360 Pack Generator\n'));
+        console.log(chalk.bold.cyan('\n🚀 QA360 Pack Generator (v2)\n'));
         // Determine output file
         const outputFile = options.output
             ? resolve(options.output)
@@ -492,6 +572,8 @@ export async function initCommand(options = {}) {
             indent: 2,
             lineWidth: 120,
             noRefs: true,
+            quotingType: '"',
+            forceQuotes: false,
         });
         // Ensure directory exists
         const dir = resolve(outputFile, '..');
@@ -502,7 +584,7 @@ export async function initCommand(options = {}) {
         writeFileSync(outputFile, yaml, 'utf-8');
         console.log(chalk.green.bold('\n✅ Pack created successfully!'));
         console.log(chalk.gray(`\n📄 File: ${outputFile}`));
-        console.log(chalk.gray(`📋 Gates: ${pack.gates?.join(', ')}`));
+        console.log(chalk.gray(`📋 Gates: ${Object.keys(pack.gates).join(', ')}`));
         console.log(chalk.cyan('\n📚 Next steps:'));
         console.log(chalk.gray('   1. Edit the pack file to customize your tests'));
         console.log(chalk.gray('   2. Run: qa360 run'));