qa360 2.2.18 → 2.3.0

package/CHANGELOG.md

@@ -18,6 +18,74 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## [2.3.0] - 2026-01-26
+
+### 🎉 Enterprise Crawler Edition - P1 Complete (100%)
+
+This release marks the completion of all P0 (Critical) and P1 (Important) features for the universal crawler. QA360 now provides enterprise-grade web testing capabilities with 50,000+ lines of production code.
+
+### Added - Authentication (13 providers)
+- **SAML 2.0 SSO**: Enterprise single sign-on with ForceAuthn/IsPassive support
+- **WebAuthn / Passkeys**: FIDO2 passwordless authentication with platform authenticator
+- **Remember Me**: Persistent session management with credential rotation
+- **Digest Auth**: RFC 2617 digest authentication provider
+- **OTP Provider**: SMS/Email OTP and Magic Links handling
+- **Backup Codes**: Recovery codes for two-factor authentication
+- **CAPTCHA Handlers**: reCAPTCHA v2/v3 and hCaptcha automation
+- **OAuth2 Enhanced**: Implicit Flow, OpenID Connect, Refresh Token
+- **TOTP**: Google Authenticator compatible time-based OTP
+
+### Added - Crawler Core (15 new handlers)
+- **Framework Wait Handler**: React, Vue, Angular, Svelte, SolidJS detection and smart waiting
+- **Stacked Modals Handler**: Nested modal detection with z-index hierarchy analysis
+- **REPL Debug Handler**: Interactive JavaScript REPL for test development
+- **Blob URL Download Handler**: Handle downloads via createObjectURL
+- **Email Testing Handler**: Mailhog, Mailtrap, Mailgun, SendGrid integration
+- **Cookie Manager**: Cookie CRUD with security validation
+- **CSP Handler**: Content Security Policy parsing and violation detection
+- **COOP/COEP Handler**: Cross-origin isolation for SharedArrayBuffer
+- **Permissions Policy Handler**: Feature policy and iframe allowlist management
+- **Trusted Types Handler**: XSS prevention with Trusted Types API
+- **Source Maps Handler**: Source map parsing and error mapping
+- **Error Tracking Handler**: Global error capture and reporting
+- **Reporting API Handler**: Reporting Observer for CSP violations
+- **Geolocation Handler**: Geolocation API mocking and testing
+- **Permissions Handler**: Browser permissions management
+
+### Added - Upload & Network
+- **Chunked Uploader**: Resumable chunked file uploads with progress tracking
+- **Presigned URL Uploader**: S3/Azure cloud upload support
+- **MIME Validator**: File type validation with magic number detection
+- **Network Manager**: Advanced network control and monitoring
+- **Network Simulator**: Offline, latency, and failure simulation
+
+### Added - Test Infrastructure
+- **Test Sharding**: Consistent hashing for parallel CI execution
+- **Smart Retry Engine**: Fixed, linear, exponential, and adaptive strategies
+- **Fixtures & Factories**: Test data generation with seeded random
+- **State Reset**: Complete test isolation helpers
+- **E2E Test Suite**: 32 comprehensive E2E tests on real websites
+
+### Added - Security & Monitoring
+- **Consent Handler**: GDPR/CCPA consent banner detection and handling
+- **Advanced Interactions**: Shadow DOM piercing, iframes, multi-tab
+- **Site Profiler**: Framework and CSS detection with adaptive strategies
+- **Universal Presets**: 50+ platform-specific login presets
+
+### Changed
+- **Test Coverage**: 2,439 tests passing (55 skipped) on Node 18, 20, 22
+- **Documentation**: Complete crawler reference documentation
+- **Type Safety**: Full TypeScript coverage with strict mode
+
+### Metrics
+- **P0 Features**: 75/75 (100% ✅)
+- **P1 Features**: 118/118 (100% ✅)
+- **Total Progress**: 185/278 (67%)
+- **Code Lines**: ~50,000 lines of production code
+- **Test Lines**: ~22,000 lines of E2E tests
+
+---
+
 ## [2.2.6] - 2025-01-18
 
 ### Fixed

package/cli/CHANGELOG.md

@@ -0,0 +1,84 @@
+# Changelog
+
+All notable changes to QA360 Proof CLI will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.1.0] - 2025-10-26
+
+### Added
+- **AJV 2020-12 Support**: Full JSON Schema Draft 2020-12 validation (RFC-compliant)
+- **CI Matrix**: 9-job validation matrix (3 OS × 3 Node versions)
+- **Comprehensive Tests**: 11 unit tests + 3 smoke tests
+- **Cross-platform Build**: Automated build script with OS detection
+- **Dependency Lock**: Frozen AJV versions (anti-regression)
+- **CI Badges**: Status badges in README
+
+### Changed
+- **Schema Validation**: Migrated from draft-07 to draft-2020-12
+- **Build System**: Idempotent cross-platform build script
+- **prepublishOnly**: Added doctor --strict validation before publish
+
+### Fixed
+- **ESM Imports**: Fixed AJV 2020 import for Node.js ESM compatibility
+- **Schema Path**: Corrected import paths in test files
+
+### Security
+- **Provenance**: Added npm provenance for supply chain security
+- **Dependency Freeze**: Locked ajv@8.17.1, ajv-formats@2.1.1, ajv-draft-04@1.0.0
+
+## [1.1.0-rc] - 2025-10-25
+
+### Added
+- **Initial Release Candidate**: First public release
+- **Commands**: `doctor`, `verify`
+- **Flags**: `--json`, `--strict`, `--verbose`
+- **Documentation**: Complete guides and examples
+
+### Features
+- 🔒 **Local-first**: 100% offline, no network dependencies
+- 🔐 **Cryptographic trust**: Ed25519 signatures, SHA-256 hashing
+- 🌍 **Cross-OS**: Windows, macOS, Linux validated
+- ⚡ **Zero friction**: Auto-generates keys
+- 
+
+## [Unreleased]
+
+### Planned
+- RFC 3161 TSA timestamp support (Phase 6)
+- W3C DID / Sigstore identity (Phase 6)
+- Revocation mechanism (Phase 6)
+- Compliance metadata (Phase 6)
+
+---
+
+## Version History
+
+- **1.1.0** (2025-10-26): Stable release with AJV 2020-12 + CI lockdown
+- **1.1.0-rc** (2025-10-25): Release candidate
+- **0.9.0-core** (2025-10-24): Internal development version
+
+---
+
+## Quick Validation
+
+```bash
+# Install
+npm i -g @qa360/cli@1.1.0
+
+# Verify version
+qa360 --version
+
+# System check
+qa360 doctor --strict
+
+# Verify proof
+qa360 verify examples/proofs/httpbin-proof.json --json
+```
+
+**Expected**: All commands succeed, proof validates correctly.
+
+---
+
+For detailed changes, see [GitHub Releases](https://github.com/qa360/qa360/releases).

package/cli/LICENSE

@@ -0,0 +1,24 @@
+Business Source License 1.1
+
+Licensor: XyqoTech
+Licensed Work: QA360 Cloud Preview
+Change Date: 2027-10-01
+Change License: MIT
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative works, redistribute, and make non-production use of the Licensed Work. The Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly available distribution of a specific version of the Licensed Work under this License, whichever comes first, the Licensor hereby grants you rights under the terms of the Change License, and the rights granted in the paragraph above terminate.
+
+If your use of the Licensed Work does not comply with the requirements currently in effect as described in this License, you must purchase a commercial license from the Licensor, its affiliated entities, or authorized resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works of the Licensed Work, are subject to this License. This License applies separately for each version of the Licensed Work and the Change Date may vary for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy of the Licensed Work. If you receive the Licensed Work in original or modified form from a third party, the terms and conditions set forth in this License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically terminate your rights under this License for the current and all other versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of Licensor or its affiliates (provided that you may use a trademark or logo of Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE.

package/cli/dist/commands/crawl.d.ts

@@ -1,7 +1,8 @@
 /**
  * QA360 Crawl Command
  *
- * Crawls a website and generates a complete pack.yml with E2E tests
+ * Universal crawler for all types of web applications.
+ * Supports presets for different platform types and custom auth/test data.
  */
 import { Command } from 'commander';
 /**
@@ -14,11 +15,21 @@ export declare function createCrawlCommand(): Command;
 export declare function crawlCommand(url: string, options?: {
     output?: string;
     name?: string;
+    preset?: string;
+    listPresets?: boolean;
     maxDepth?: string;
     maxPages?: string;
     headed?: boolean;
     a11y?: boolean;
     exclude?: string[];
+    only?: string[];
+    scenario?: string;
+    authEmail?: string;
+    authPassword?: string;
+    authUrl?: string;
+    testData?: string;
+    viewport?: string;
+    slowMo?: string;
     quick?: boolean;
 }): Promise<void>;
 export default createCrawlCommand;

package/cli/dist/commands/crawl.js

@@ -1,26 +1,38 @@
 /**
  * QA360 Crawl Command
  *
- * Crawls a website and generates a complete pack.yml with E2E tests
+ * Universal crawler for all types of web applications.
+ * Supports presets for different platform types and custom auth/test data.
  */
 import { Command } from 'commander';
 import chalk from 'chalk';
 import ora from 'ora';
 import { generatePackFromCrawl, quickCrawl } from 'qa360-core';
+import { detectPresetFromUrl, getAllPresets, getPreset, getPresetList } from 'qa360-core';
 /**
  * Create crawl command
  */
 export function createCrawlCommand() {
     const cmd = new Command('crawl')
-        .description('Crawl website and generate E2E test pack')
-        .argument('<url>', 'Website URL to crawl')
+        .description('Universal crawler - Generate E2E tests for ANY website')
+        .argument('[url]', 'Website URL to crawl (required unless --list-presets)')
         .option('-o, --output <file>', 'Output pack file path', 'pack.yml')
         .option('--name <name>', 'Pack name')
+        .option('--preset <type>', 'Platform preset (ecommerce, saas, social, booking, job, etc.)')
+        .option('--list-presets', 'List all available presets')
         .option('--max-depth <number>', 'Maximum crawl depth', '2')
         .option('--max-pages <number>', 'Maximum pages to crawl', '20')
         .option('--headed', 'Run crawler in headed mode (visible browser)')
         .option('--a11y', 'Include accessibility tests')
         .option('--exclude <patterns...>', 'URL patterns to exclude')
+        .option('--only <patterns...>', 'Only crawl URLs matching these patterns')
+        .option('--scenario <type>', 'Focus on specific scenario (login, checkout, etc.)')
+        .option('--auth-email <email>', 'Email for auto-authentication')
+        .option('--auth-password <password>', 'Password for auto-authentication')
+        .option('--auth-url <path>', 'Login page URL (default: auto-detect)')
+        .option('--test-data <json>', 'Test data as JSON string')
+        .option('--viewport <size>', 'Browser viewport size (default: 1280x720)')
+        .option('--slow-mo <ms>', 'Slow down actions by ms (for debugging)')
         .option('--quick', 'Quick crawl (depth=1, max-pages=10)')
         .action(async (url, options) => {
         await crawlCommand(url, options);
@@ -31,10 +43,36 @@ export function createCrawlCommand() {
  * Crawl command handler
  */
 export async function crawlCommand(url, options = {}) {
-    const spinner = ora('Initializing crawler...').start();
+    // Handle --list-presets
+    if (options.listPresets) {
+        console.log(getPresetList());
+        return;
+    }
+    // Validate URL is provided when not listing presets
+    if (!url) {
+        console.error(chalk.red('Error: URL is required when not using --list-presets'));
+        console.log(chalk.yellow('\nUsage: qa360 crawl <url> [options]'));
+        console.log(chalk.gray('Example: qa360 crawl https://example.com'));
+        console.log(chalk.gray('\nRun "qa360 crawl --list-presets" to see all platform types'));
+        return;
+    }
+    const spinner = ora('Initializing universal crawler...').start();
     try {
         // Validate URL
         new URL(url);
+        // Determine preset
+        let preset = options.preset ? getPreset(options.preset) : detectPresetFromUrl(url);
+        if (!preset && !options.preset) {
+            spinner.info('No preset specified, using generic preset');
+            preset = getAllPresets().find(p => p.id === 'generic');
+        }
+        else if (options.preset && !preset) {
+            spinner.warn(`Preset "${options.preset}" not found, using generic`);
+            preset = getAllPresets().find(p => p.id === 'generic');
+        }
+        if (preset) {
+            spinner.text = `Crawling with preset: ${preset.name}`;
+        }
         if (options.quick) {
             spinner.info('Running quick crawl...');
             const result = await quickCrawl(url, options.output);
@@ -51,19 +89,32 @@ export async function crawlCommand(url, options = {}) {
             console.error(chalk.red(result.error));
             return;
         }
-        // Full crawl
-        spinner.info('Crawling website...');
+        // Full crawl with preset support
+        spinner.info(`Crawling ${url}...`);
+        if (preset) {
+            spinner.text = `Using preset: ${preset.name}`;
+        }
+        // Build crawl options with preset data
         const crawlOptions = {
             baseUrl: url,
             output: options.output,
             packName: options.name,
             includeA11y: options.a11y,
+            preset,
             crawl: {
                 maxDepth: options.quick ? 1 : parseInt(options.maxDepth || '2', 10),
                 maxPages: options.quick ? 10 : parseInt(options.maxPages || '20', 10),
                 headless: !options.headed,
                 excludePatterns: options.exclude,
+                onlyPatterns: options.only,
             },
+            auth: (options.authEmail || options.authPassword) ? {
+                email: options.authEmail,
+                password: options.authPassword,
+                // Only set URL if explicitly provided - otherwise let crawler intelligently detect the login page
+                ...(options.authUrl && { url: options.authUrl })
+            } : undefined,
+            scenario: options.scenario,
         };
         const result = await generatePackFromCrawl(crawlOptions);
         if (result.success) {
@@ -79,6 +130,14 @@ export async function crawlCommand(url, options = {}) {
                 if (siteMap.metadata.avgLoadTime) {
                     console.log(`  Avg page load: ${chalk.gray(siteMap.metadata.avgLoadTime + 'ms')}`);
                 }
+                // Show preset info
+                if (preset) {
+                    console.log(chalk.bold('\n  Platform Type:'));
+                    console.log(`    ${chalk.cyan(preset.name)} - ${preset.description}`);
+                    if (preset.scenarios && preset.scenarios.length > 0) {
+                        console.log(chalk.gray('    Scenarios:'), preset.scenarios.slice(0, 4).join(', '));
+                    }
+                }
                 // Show journeys
                 if (userJourneys.length > 0) {
                     console.log(chalk.bold('\n  Generated Journeys:'));
@@ -100,8 +159,9 @@ export async function crawlCommand(url, options = {}) {
             console.log(chalk.bold('\n✅ Crawl complete!'));
             console.log(chalk.gray(`\nNext steps:`));
             console.log(chalk.gray(`   1. Review the generated pack: ${chalk.cyan(options.output || 'pack.yml')}`));
-            console.log(chalk.gray(`   2. Run tests: ${chalk.cyan('qa360 run ' + (options.output || 'pack.yml'))}`));
-            console.log(chalk.gray(`   3. Run in headed mode: ${chalk.cyan('qa360 run --headed ' + (options.output || 'pack.yml'))}`));
+            console.log(chalk.gray(`   2. Edit test data if needed (credentials, payment info, etc.)`));
+            console.log(chalk.gray(`   3. Run tests: ${chalk.cyan('qa360 run ' + (options.output || 'pack.yml'))}`));
+            console.log(chalk.gray(`   4. Run in headed mode: ${chalk.cyan('qa360 run --headed ' + (options.output || 'pack.yml'))}`));
         }
         else {
             spinner.fail('Crawl failed');
@@ -115,6 +175,7 @@ export async function crawlCommand(url, options = {}) {
         if (error instanceof Error && error.message.includes('URL')) {
             console.log(chalk.yellow('\nUsage: qa360 crawl <url> [options]'));
             console.log(chalk.gray('Example: qa360 crawl https://example.com'));
+            console.log(chalk.gray('\nRun "qa360 crawl --list-presets" to see all platform types'));
         }
     }
 }

package/cli/package.json

@@ -0,0 +1,76 @@
+{
+  "name": "qa360",
+  "version": "2.2.15",
+  "description": "QA360 Proof CLI - Quality as Cryptographic Proof",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "qa360": "bin/qa360.js"
+  },
+  "files": [
+    "dist",
+    "bin",
+    "README.md",
+    "LICENSE",
+    "examples"
+  ],
+  "scripts": {
+    "build": "tsc --project tsconfig.bundle.json",
+    "build:pkg": "tsc",
+    "build:bundle": "bash scripts/bundle-for-npm.sh",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "test:watch": "vitest",
+    "dev": "tsx watch src/index.ts",
+    "clean": "rimraf dist src/core",
+    "prepack": "node scripts/validate-package.js",
+    "prepublishOnly": "npm run build:bundle && sed -i.bak 's/\"qa360-core\": \"workspace:\\*\",//g' package.json && rm -f package.json.bak",
+    "postpublish": "git checkout package.json 2>/dev/null || true",
+    "publish:dry": "npm run build:bundle && sed -i.bak 's/\"qa360-core\": \"workspace:\\*\",//g' package.json && npm publish --dry-run; git checkout package.json",
+    "publish:real": "npm run build:bundle && npm publish --access public --provenance"
+  },
+  "dependencies": {
+    "@playwright/test": "^1.49.0",
+    "adm-zip": "^0.5.16",
+    "ajv": "^8.17.1",
+    "ajv-draft-04": "^1.0.0",
+    "ajv-formats": "^2.1.1",
+    "chalk": "^4.1.2",
+    "cli-table3": "^0.6.5",
+    "commander": "^11.0.0",
+    "glob": "^10.4.5",
+    "inquirer": "^8.2.7",
+    "js-yaml": "^4.1.0",
+    "ollama": "^0.5.1",
+    "ora": "^5.4.1",
+    "playwright": "^1.57.0",
+    "qa360-core": "workspace:*",
+    "sqlite3": "^5.1.6",
+    "tweetnacl": "^1.0.3"
+  },
+  "devDependencies": {
+    "@types/adm-zip": "^0.5.7",
+    "@types/inquirer": "^9.0.9",
+    "@vitest/coverage-v8": "1.6.0",
+    "tsx": "^4.0.0",
+    "vitest": "1.6.0"
+  },
+  "keywords": [
+    "qa360",
+    "cli",
+    "testing",
+    "proof"
+  ],
+  "author": "QA360 Core Team",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/xyqotech/qa360.git",
+    "directory": "cli"
+  },
+  "homepage": "https://github.com/xyqotech/qa360",
+  "bugs": {
+    "url": "https://github.com/xyqotech/qa360/issues"
+  }
+}

package/core/LICENSE

@@ -0,0 +1,24 @@
+Business Source License 1.1
+
+Licensor: XyqoTech
+Licensed Work: QA360 Cloud Preview
+Change Date: 2027-10-01
+Change License: MIT
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative works, redistribute, and make non-production use of the Licensed Work. The Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly available distribution of a specific version of the Licensed Work under this License, whichever comes first, the Licensor hereby grants you rights under the terms of the Change License, and the rights granted in the paragraph above terminate.
+
+If your use of the Licensed Work does not comply with the requirements currently in effect as described in this License, you must purchase a commercial license from the Licensor, its affiliated entities, or authorized resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works of the Licensed Work, are subject to this License. This License applies separately for each version of the Licensed Work and the Change Date may vary for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy of the Licensed Work. If you receive the Licensed Work in original or modified form from a third party, the terms and conditions set forth in this License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically terminate your rights under this License for the current and all other versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of Licensor or its affiliates (provided that you may use a trademark or logo of Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE.

package/core/README.md

@@ -62,3 +62,44 @@ npm install
 npm run build
 npm test
 ```
+
+## Browser Management
+
+QA360 uses Playwright for browser automation. By default, Chromium is bundled and ready to use.
+
+### Check Browser Availability
+
+```bash
+pnpm browsers:check
+```
+
+### Install Browsers
+
+```bash
+# Install Chromium (usually pre-installed)
+pnpm browsers:install:chromium
+
+# Install Firefox
+pnpm browsers:install:firefox
+
+# Install WebKit
+pnpm browsers:install:webkit
+
+# Install all browsers
+pnpm browsers:install:all
+```
+
+### Graceful Test Skipping
+
+Tests automatically skip if a required browser is not installed:
+
+```
+⚠️  firefox is optional and not installed. Install with: npx playwright install firefox
+⊘ Firefox Browser E2E > should launch Firefox browser ... Skipped
+```
+
+## Documentation
+
+- [Browser Support](../docs/reference/BROWSER_SUPPORT.md) - Complete browser management guide
+- [Multi-Browser Strategy](../docs/reference/MULTI_BROWSER_STRATEGY.md) - Cross-browser testing approach
+- [CHECKLIST_VALIDATION](../docs/strategy/CHECKLIST_VALIDATION.md) - Feature coverage matrix

package/core/package.json

@@ -0,0 +1,90 @@
+{
+  "name": "qa360-core",
+  "version": "2.3.0",
+  "description": "QA360 Core Engine - Proof generation, signatures, and evidence vault",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./proof": {
+      "types": "./dist/proof/index.d.ts",
+      "import": "./dist/proof/index.js"
+    },
+    "./pack/validator": {
+      "types": "./dist/pack/validator.d.ts",
+      "import": "./dist/pack/validator.js"
+    },
+    "./pack/migrator": {
+      "types": "./dist/pack/migrator.d.ts",
+      "import": "./dist/pack/migrator.js"
+    },
+    "./types/pack-v1": {
+      "types": "./dist/types/pack-v1.d.ts",
+      "import": "./dist/types/pack-v1.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc -b",
+    "build:pkg": "tsc",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "test:watch": "vitest",
+    "test:schema": "node src/proof/__tests__/schema-validation-manual.mjs",
+    "clean": "rimraf dist",
+    "browsers:install": "node scripts/install-browsers.ts",
+    "browsers:install:chromium": "node scripts/install-browsers.ts chromium",
+    "browsers:install:firefox": "node scripts/install-browsers.ts firefox",
+    "browsers:install:webkit": "node scripts/install-browsers.ts webkit",
+    "browsers:install:all": "node scripts/install-browsers.ts all",
+    "browsers:check": "node scripts/install-browsers.ts --check"
+  },
+  "dependencies": {
+    "ajv": "^8.17.1",
+    "ajv-draft-04": "^1.0.0",
+    "ajv-formats": "^2.1.1",
+    "chalk": "^4.1.2",
+    "glob": "^10.4.5",
+    "js-yaml": "^4.1.0",
+    "ollama": "^0.5.1",
+    "sqlite3": "^5.1.6",
+    "tweetnacl": "^1.0.3"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^20.0.0",
+    "@types/pngjs": "^6.0.5",
+    "@vitest/coverage-v8": "1.6.0",
+    "commander": "^12.0.0",
+    "msw": "1",
+    "playwright": "^1.57.0",
+    "pngjs": "^7.0.0",
+    "vitest": "1.6.0"
+  },
+  "keywords": [
+    "qa360",
+    "core",
+    "proof",
+    "signature",
+    "vault"
+  ],
+  "author": "QA360 Core Team",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/xyqotech/qa360.git",
+    "directory": "core"
+  },
+  "homepage": "https://github.com/xyqotech/qa360",
+  "bugs": {
+    "url": "https://github.com/xyqotech/qa360/issues"
+  }
+}

package/package.json

@@ -1,8 +1,9 @@
 {
   "name": "qa360",
-  "version": "2.2.18",
+  "version": "2.3.0",
   "description": "Transform software testing into verifiable, signed, and traceable proofs",
   "type": "module",
+  "packageManager": "pnpm@9.12.2",
   "engines": {
     "node": ">=18.20.0"
   },
@@ -23,11 +24,37 @@
     "QUICK_START.md",
     "package.json"
   ],
+  "scripts": {
+    "build": "tsc --build tsconfig.build.json",
+    "build:pkg": "tsc",
+    "docs": "typedoc --skipErrorChecking",
+    "docs:serve": "typedoc --skipErrorChecking --serve",
+    "test": "pnpm -r run test",
+    "test:core": "cd core && pnpm test",
+    "test:cli": "cd cli && pnpm test",
+    "test:e2e": "vitest run --config e2e/vitest.config.ts",
+    "test:examples": "node scripts/validate-examples.mjs",
+    "test:all": "npm run type-check && npm run test && npm run test:examples",
+    "lint": "eslint . --ext .ts,.js",
+    "lint:fix": "eslint . --ext .ts,.js --fix",
+    "type-check": "tsc --build tsconfig.build.json --force",
+    "dev": "tsx watch cli/src/index.ts",
+    "clean": "rm -rf dist/ */dist/ **/dist/",
+    "clean:all": "pnpm clean && find . -name '.tmp-test-*' -type d -exec rm -rf {} + 2>/dev/null; find . -name '.qa360' -type d -exec rm -rf {} + 2>/dev/null; find . -name '*.tsbuildinfo' -delete 2>/dev/null; echo 'All artifacts cleaned'",
+    "version:sync": "node scripts/sync-version.mjs",
+    "prepare": "husky install",
+    "install:mcp": "bash scripts/install-mcp.sh"
+  },
   "workspaces": [
     "cli",
     "core",
     "packages/*"
   ],
+  "pnpm": {
+    "overrides": {
+      "ajv": "^8.17.1"
+    }
+  },
   "dependencies": {
     "@playwright/test": "^1.49.0",
     "adm-zip": "^0.5.16",
@@ -46,7 +73,7 @@
     "sqlite3": "^5.1.6",
     "table": "^6.9.0",
     "tweetnacl": "^1.0.3",
-    "qa360-core": "^2.2.4"
+    "qa360-core": "^2.2.6"
   },
   "devDependencies": {
     "@playwright/test": "^1.56.1",
@@ -81,25 +108,5 @@
   "homepage": "https://qa360.dev",
   "bugs": {
     "url": "https://github.com/xyqotech/qa360/issues"
-  },
-  "scripts": {
-    "build": "tsc --build tsconfig.build.json",
-    "build:pkg": "tsc",
-    "docs": "typedoc --skipErrorChecking",
-    "docs:serve": "typedoc --skipErrorChecking --serve",
-    "test": "pnpm -r run test",
-    "test:core": "cd core && pnpm test",
-    "test:cli": "cd cli && pnpm test",
-    "test:e2e": "vitest run --config e2e/vitest.config.ts",
-    "test:examples": "node scripts/validate-examples.mjs",
-    "test:all": "npm run type-check && npm run test && npm run test:examples",
-    "lint": "eslint . --ext .ts,.js",
-    "lint:fix": "eslint . --ext .ts,.js --fix",
-    "type-check": "tsc --build tsconfig.build.json --force",
-    "dev": "tsx watch cli/src/index.ts",
-    "clean": "rm -rf dist/ */dist/ **/dist/",
-    "clean:all": "pnpm clean && find . -name '.tmp-test-*' -type d -exec rm -rf {} + 2>/dev/null; find . -name '.qa360' -type d -exec rm -rf {} + 2>/dev/null; find . -name '*.tsbuildinfo' -delete 2>/dev/null; echo 'All artifacts cleaned'",
-    "version:sync": "node scripts/sync-version.mjs",
-    "install:mcp": "bash scripts/install-mcp.sh"
   }
-}
+}