npm - qa360 - Versions diffs - 2.3.0 → 2.3.1 - Mend

qa360 2.3.0 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (507) hide show

package/{cli/dist → dist}/core/ai/ollama-provider.js RENAMED Viewed

@@ -32,16 +32,28 @@ export class OllamaProvider {
     }
     async isAvailable() {
         try {
-            // Use timeout with AbortSignal - wrap for compatibility
+            // Use a longer timeout (15 seconds) to accommodate slower systems
+            // Ollama can take time to respond, especially on first run or with many models
             const controller = new AbortController();
-            const timeoutId = setTimeout(() => controller.abort(), 5000);
+            const timeoutId = setTimeout(() => controller.abort(), 15000);
             const response = await fetch(`${this.baseUrl}/api/tags`, {
                 signal: controller.signal,
             });
             clearTimeout(timeoutId);
             return response.ok;
         }
-        catch {
+        catch (error) {
+            // Log the error for debugging (will be visible in verbose mode)
+            if (error instanceof Error) {
+                if (error.name === 'AbortError') {
+                    // Timeout - Ollama is slow to respond
+                    console.debug(`[Ollama] Connection to ${this.baseUrl} timed out after 15s`);
+                }
+                else {
+                    // Other error (ECONNREFUSED, ENOTFOUND, etc.)
+                    console.debug(`[Ollama] Connection error: ${error.message}`);
+                }
+            }
             return false;
         }
     }

package/{cli/dist → dist}/core/artifacts/ui-artifacts.js RENAMED Viewed

@@ -5,7 +5,7 @@
  * with content-addressable storage (CAS) integration
  */
 import { mkdirSync, existsSync, writeFileSync, readFileSync, unlinkSync } from 'fs';
-import { join } from 'path';
+import { join, dirname } from 'path';
 import { ContentAddressableStorage } from '../vault/cas.js';
 /**
  * UI Artifacts Manager
@@ -29,7 +29,10 @@ export class UIArtifactsManager {
         this.artifactDir = artifactDir;
         this.casDir = casDir;
         this.currentRunId = `run-${Date.now()}`;
-        this.cas = new ContentAddressableStorage(casDir);
+        // CAS constructor appends '/cas', so pass parent directory
+        // If casDir ends with '/cas', strip it to avoid double path
+        const casBaseDir = casDir.endsWith('/cas') ? casDir.slice(0, -4) : casDir;
+        this.cas = new ContentAddressableStorage(casBaseDir);
         this.ensureDirectories();
     }
     ensureDirectories() {
@@ -42,7 +45,6 @@ export class UIArtifactsManager {
             `${this.artifactDir}/console`,
             `${this.artifactDir}/coverage`,
             this.casDir,
-            `${this.casDir}/art`,
         ];
         for (const dir of dirs) {
             if (!existsSync(dir)) {
@@ -89,6 +91,11 @@ export class UIArtifactsManager {
         const casPath = this.getCasPath(hash);
         // Store in CAS if not exists
         if (!existsSync(casPath)) {
+            // Ensure directory exists before writing
+            const casDir = dirname(casPath);
+            if (!existsSync(casDir)) {
+                mkdirSync(casDir, { recursive: true });
+            }
             writeFileSync(casPath, screenshot);
         }
         const artifact = {
@@ -145,6 +152,10 @@ export class UIArtifactsManager {
         const hash = ContentAddressableStorage.hashContent(screenshot);
         const casPath = this.getCasPath(hash);
         if (!existsSync(casPath)) {
+            const casDir = dirname(casPath);
+            if (!existsSync(casDir)) {
+                mkdirSync(casDir, { recursive: true });
+            }
             writeFileSync(casPath, screenshot);
         }
         const artifact = {
@@ -181,6 +192,10 @@ export class UIArtifactsManager {
         const casPath = this.getCasPath(hash);
         // Store in CAS
         if (!existsSync(casPath)) {
+            const casDir = dirname(casPath);
+            if (!existsSync(casDir)) {
+                mkdirSync(casDir, { recursive: true });
+            }
             writeFileSync(casPath, video);
         }
         // Get video duration (basic estimate)
@@ -215,6 +230,10 @@ export class UIArtifactsManager {
         const hash = ContentAddressableStorage.hashContent(trace);
         const casPath = this.getCasPath(hash);
         if (!existsSync(casPath)) {
+            const casDir = dirname(casPath);
+            if (!existsSync(casDir)) {
+                mkdirSync(casDir, { recursive: true });
+            }
             writeFileSync(casPath, trace);
         }
         const artifact = {
@@ -274,7 +293,8 @@ export class UIArtifactsManager {
      */
     getCasPath(hash) {
         // hash is already a hex string from SHA256
-        return join(this.casDir, 'art', hash.substring(0, 2), hash.substring(2, 4), hash.substring(4));
+        // CAS root is at this.casDir/cas/ (ContentAddressableStorage appends '/cas')
+        return join(this.casDir, 'cas', 'art', hash.substring(0, 2), hash.substring(2, 4), hash.substring(4));
     }
     /**
      * Generate artifacts summary for reporting

package/dist/core/auth/backup-codes-provider.d.ts ADDED Viewed

@@ -0,0 +1,91 @@
+/**
+ * Backup Codes Authentication Provider
+ *
+ * Handles backup/recovery codes for 2FA scenarios.
+ * These are one-time use codes provided to users for account recovery.
+ *
+ * P1 Feature: Backup codes are essential for 2FA recovery
+ */
+import type { AuthProvider, AuthResult } from './index.js';
+import { type BackupCodesAuthConfig } from './index.js';
+/**
+ * Generates backup codes
+ * @param count Number of codes to generate
+ * @param groups Number of groups in each code (default 2)
+ * @param digits Digits per group (default 4)
+ * @returns Array of generated backup codes
+ */
+export declare function generateBackupCodes(count?: number, groups?: number, digits?: number): string[];
+/**
+ * Normalizes a backup code (removes spaces, converts to uppercase)
+ * @param code Backup code to normalize
+ */
+export declare function normalizeBackupCode(code: string): string;
+/**
+ * Validates backup code format
+ * @param code Backup code to validate
+ * @param groups Expected number of groups
+ * @param digits Expected digits per group
+ */
+export declare function validateBackupCodeFormat(code: string, groups?: number, digits?: number): boolean;
+/**
+ * Checks if a backup code matches (case-insensitive, ignores spaces and hyphens)
+ * @param code Input code
+ * @param validCode Valid code to compare against
+ */
+export declare function backupCodeMatches(code: string, validCode: string): boolean;
+/**
+ * Backup Codes Authentication Provider
+ */
+export declare class BackupCodesProvider implements AuthProvider<BackupCodesAuthConfig> {
+    readonly type: "backup_codes";
+    private usedCodes;
+    private codeStates;
+    authenticate(config: BackupCodesAuthConfig): Promise<AuthResult>;
+    /**
+     * Marks a backup code as used
+     */
+    markAsUsed(code: string): void;
+    /**
+     * Checks if a backup code has been used
+     */
+    isCodeUsed(code: string): boolean;
+    /**
+     * Gets count of remaining unused codes
+     */
+    getRemainingCount(totalCodes: number): number;
+    /**
+     * Generates a session token
+     */
+    private generateSessionToken;
+    /**
+     * Validates backup code configuration
+     */
+    validate(config: BackupCodesAuthConfig): Promise<boolean>;
+    /**
+     * Clears cached backup code state
+     */
+    clear(config: BackupCodesAuthConfig): Promise<void>;
+    /**
+     * Clears all backup code states
+     */
+    clearAllStates(): void;
+    /**
+     * Gets all used codes
+     */
+    getUsedCodes(): string[];
+    /**
+     * Resets a backup code (marks as unused)
+     * Use with caution - typically codes should not be reusable
+     */
+    resetCode(code: string): void;
+    /**
+     * Bulk sets codes as used
+     */
+    markMultipleAsUsed(codes: string[]): void;
+    private getCacheKey;
+}
+/**
+ * Creates a backup codes provider instance
+ */
+export declare function createBackupCodesProvider(): BackupCodesProvider;

package/dist/core/auth/backup-codes-provider.js ADDED Viewed

@@ -0,0 +1,215 @@
+/**
+ * Backup Codes Authentication Provider
+ *
+ * Handles backup/recovery codes for 2FA scenarios.
+ * These are one-time use codes provided to users for account recovery.
+ *
+ * P1 Feature: Backup codes are essential for 2FA recovery
+ */
+import { createCacheKey, authCache } from './index.js';
+/**
+ * Generates backup codes
+ * @param count Number of codes to generate
+ * @param groups Number of groups in each code (default 2)
+ * @param digits Digits per group (default 4)
+ * @returns Array of generated backup codes
+ */
+export function generateBackupCodes(count = 10, groups = 2, digits = 4) {
+    const codes = [];
+    for (let i = 0; i < count; i++) {
+        const codeGroups = [];
+        for (let j = 0; j < groups; j++) {
+            const min = Math.pow(10, digits - 1);
+            const max = Math.pow(10, digits) - 1;
+            codeGroups.push(Math.floor(min + Math.random() * (max - min + 1))
+                .toString()
+                .padStart(digits, '0'));
+        }
+        codes.push(codeGroups.join('-'));
+    }
+    return codes;
+}
+/**
+ * Normalizes a backup code (removes spaces, converts to uppercase)
+ * @param code Backup code to normalize
+ */
+export function normalizeBackupCode(code) {
+    return code.replace(/[\s-]/g, '').toUpperCase();
+}
+/**
+ * Validates backup code format
+ * @param code Backup code to validate
+ * @param groups Expected number of groups
+ * @param digits Expected digits per group
+ */
+export function validateBackupCodeFormat(code, groups = 2, digits = 4) {
+    // Remove spaces and hyphens for validation
+    const normalized = code.replace(/[\s-]/g, '');
+    // Build pattern for specified groups and digits
+    const expectedLength = groups * digits;
+    const regex = new RegExp(`^\\d{${expectedLength}}$`);
+    return regex.test(normalized);
+}
+/**
+ * Checks if a backup code matches (case-insensitive, ignores spaces and hyphens)
+ * @param code Input code
+ * @param validCode Valid code to compare against
+ */
+export function backupCodeMatches(code, validCode) {
+    return normalizeBackupCode(code) === normalizeBackupCode(validCode);
+}
+/**
+ * Backup Codes Authentication Provider
+ */
+export class BackupCodesProvider {
+    type = 'backup_codes';
+    usedCodes = new Set();
+    codeStates = new Map();
+    async authenticate(config) {
+        const { code, validCodes } = config;
+        if (!code) {
+            return {
+                success: false,
+                error: 'Backup code is required'
+            };
+        }
+        const normalizedCode = normalizeBackupCode(code);
+        // Check if code was already used
+        if (this.usedCodes.has(normalizedCode)) {
+            return {
+                success: false,
+                error: 'Backup code has already been used'
+            };
+        }
+        // If validCodes provided, verify against them
+        if (validCodes && validCodes.length > 0) {
+            const isValid = validCodes.some(validCode => backupCodeMatches(normalizedCode, validCode));
+            if (!isValid) {
+                return {
+                    success: false,
+                    error: 'Invalid backup code'
+                };
+            }
+        }
+        // Mark code as used
+        this.markAsUsed(normalizedCode);
+        // Generate session token
+        const token = this.generateSessionToken();
+        return {
+            success: true,
+            credentials: {
+                type: 'backup_codes',
+                headers: {
+                    'Authorization': `Bearer ${token}`,
+                },
+            },
+            expiresAt: Date.now() + 24 * 60 * 60 * 1000, // 24 hours
+        };
+    }
+    /**
+     * Marks a backup code as used
+     */
+    markAsUsed(code) {
+        const normalized = normalizeBackupCode(code);
+        this.usedCodes.add(normalized);
+        const existingState = this.codeStates.get(normalized);
+        if (existingState) {
+            existingState.used = true;
+        }
+        else {
+            this.codeStates.set(normalized, {
+                code: normalized,
+                used: true,
+                createdAt: Date.now(),
+            });
+        }
+    }
+    /**
+     * Checks if a backup code has been used
+     */
+    isCodeUsed(code) {
+        return this.usedCodes.has(normalizeBackupCode(code));
+    }
+    /**
+     * Gets count of remaining unused codes
+     */
+    getRemainingCount(totalCodes) {
+        return Math.max(0, totalCodes - this.usedCodes.size);
+    }
+    /**
+     * Generates a session token
+     */
+    generateSessionToken() {
+        const crypto = require('node:crypto');
+        return crypto.randomBytes(32).toString('hex');
+    }
+    /**
+     * Validates backup code configuration
+     */
+    async validate(config) {
+        if (!config.code) {
+            return false;
+        }
+        // Basic format validation (XXX-XXX or similar)
+        const normalized = normalizeBackupCode(config.code);
+        return /^\d{4,}-?\d{4,}$/.test(normalized);
+    }
+    /**
+     * Clears cached backup code state
+     */
+    async clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+        if (config.code) {
+            this.usedCodes.delete(normalizeBackupCode(config.code));
+        }
+    }
+    /**
+     * Clears all backup code states
+     */
+    clearAllStates() {
+        this.usedCodes.clear();
+        this.codeStates.clear();
+    }
+    /**
+     * Gets all used codes
+     */
+    getUsedCodes() {
+        return Array.from(this.usedCodes);
+    }
+    /**
+     * Resets a backup code (marks as unused)
+     * Use with caution - typically codes should not be reusable
+     */
+    resetCode(code) {
+        const normalized = normalizeBackupCode(code);
+        this.usedCodes.delete(normalized);
+        const state = this.codeStates.get(normalized);
+        if (state) {
+            state.used = false;
+        }
+    }
+    /**
+     * Bulk sets codes as used
+     */
+    markMultipleAsUsed(codes) {
+        codes.forEach(code => this.markAsUsed(code));
+    }
+    getCacheKey(config) {
+        const crypto = require('node:crypto');
+        const hash = crypto
+            .createHash('sha256')
+            .update(config.code || '')
+            .digest('hex')
+            .substring(0, 16);
+        return createCacheKey('backup_codes', hash);
+    }
+}
+/**
+ * Creates a backup codes provider instance
+ */
+export function createBackupCodesProvider() {
+    return new BackupCodesProvider();
+}
+// Re-export types and utilities
+// Types are exported from index.ts

package/{cli/dist → dist}/core/auth/basic-auth-provider.d.ts RENAMED Viewed

@@ -2,6 +2,10 @@
  * Bearer Token and Basic Authentication Providers
  *
  * Handles generic bearer token and HTTP Basic Authentication.
+ *
+ * P0 Feature: Native browser Basic Auth popup (WWW-Authenticate headers)
+ * - useNativePopup: true uses Playwright's httpCredentials for browser popup
+ * - useNativePopup: false (default) uses Authorization header
  */
 import { AuthProvider, AuthResult, BearerAuthConfig, BasicAuthConfig } from './index.js';
 /**
@@ -16,6 +20,8 @@ export declare class BearerProvider implements AuthProvider<BearerAuthConfig> {
 }
 /**
  * Basic Authentication Provider
+ *
+ * P0: Supports both header-based and native browser popup authentication
  */
 export declare class BasicAuthProvider implements AuthProvider<BasicAuthConfig> {
     readonly type: "basic";

package/{cli/dist → dist}/core/auth/basic-auth-provider.js RENAMED Viewed

@@ -2,6 +2,10 @@
  * Bearer Token and Basic Authentication Providers
  *
  * Handles generic bearer token and HTTP Basic Authentication.
+ *
+ * P0 Feature: Native browser Basic Auth popup (WWW-Authenticate headers)
+ * - useNativePopup: true uses Playwright's httpCredentials for browser popup
+ * - useNativePopup: false (default) uses Authorization header
  */
 import { parseToken, encodeBasicAuth, authCache, createCacheKey } from './index.js';
 /**
@@ -57,11 +61,13 @@ export class BearerProvider {
 }
 /**
  * Basic Authentication Provider
+ *
+ * P0: Supports both header-based and native browser popup authentication
  */
 export class BasicAuthProvider {
     type = 'basic';
     async authenticate(config) {
-        const { username, password, cache } = config;
+        const { username, password, cache, useNativePopup, origin } = config;
         if (!username || !password) {
             return {
                 success: false,
@@ -78,10 +84,21 @@ export class BasicAuthProvider {
         }
         const credentials = {
             type: 'basic',
-            headers: {
-                'Authorization': encodeBasicAuth(username, password)
-            }
         };
+        // P0: Native browser popup (WWW-Authenticate)
+        if (useNativePopup) {
+            credentials.httpCredentials = {
+                username,
+                password,
+                origin
+            };
+        }
+        else {
+            // Default: Header-based auth
+            credentials.headers = {
+                'Authorization': encodeBasicAuth(username, password)
+            };
+        }
         // Cache if enabled
         if (cache?.enabled !== false) {
             const ttl = cache?.ttl || 3600;
@@ -105,7 +122,8 @@ export class BasicAuthProvider {
         return !!config.username && !!config.password;
     }
     getCacheKey(config) {
-        // Use username as identifier
-        return createCacheKey('basic', config.username || 'default');
+        // Use username + mode as identifier
+        const mode = config.useNativePopup ? 'native' : 'header';
+        return createCacheKey('basic', `${config.username || 'default'}-${mode}`);
     }
 }

package/dist/core/auth/digest-auth-provider.d.ts ADDED Viewed

@@ -0,0 +1,116 @@
+/**
+ * Digest Authentication Provider
+ *
+ * Implements HTTP Digest Authentication (RFC 2617).
+ * Handles challenge-response flow with nonce handling.
+ *
+ * P1 Feature: Digest Auth is more secure than Basic Auth as it doesn't send
+ * the password in plaintext. Instead, it uses a challenge-response mechanism
+ * with MD5 hashing.
+ *
+ * Algorithm:
+ * 1. Client makes request without auth
+ * 2. Server responds with 401 and WWW-Authenticate header containing:
+ *    - realm: Protection space
+ *    - nonce: Server-generated unique value
+ *    - qop: Quality of protection (auth or auth-int)
+ *    - opaque: Client should return unchanged
+ * 3. Client calculates response using MD5 and retries
+ *
+ * Response calculation:
+ * HA1 = MD5(username:realm:password)
+ * HA2 = MD5(method:digestURI)
+ * response = MD5(HA1:nonce:HA2)  // simplified
+ */
+import type { AuthProvider, AuthResult } from './index.js';
+import { type DigestAuthConfig } from './index.js';
+/**
+ * Parsed WWW-Authenticate header
+ */
+interface DigestChallenge {
+    realm: string;
+    nonce: string;
+    qop?: string;
+    opaque?: string;
+    algorithm?: string;
+    stale?: string;
+}
+/**
+ * Digest Authentication credentials
+ */
+export interface DigestCredentials {
+    type: 'digest';
+    username: string;
+    realm: string;
+    nonce: string;
+    uri: string;
+    response: string;
+    qop?: string;
+    opaque?: string;
+    nc: string;
+    cnonce: string;
+    algorithm: string;
+    headers: Record<string, string>;
+}
+/**
+ * Parses WWW-Authenticate header for Digest challenge
+ * @example
+ * parseDigestHeader('Digest realm="test", nonce="abc123", qop="auth"')
+ * // => { realm: 'test', nonce: 'abc123', qop: 'auth' }
+ */
+export declare function parseDigestHeader(header: string): DigestChallenge | null;
+/**
+ * Calculates Digest response
+ * @param username Username
+ * @param password Password
+ * @param realm Realm from challenge
+ * @param nonce Nonce from challenge
+ * @param method HTTP method
+ * @param uri Request URI
+ * @param qop Quality of protection
+ * @param opaque Opaque value from challenge
+ * @param nc Nonce count
+ * @param cnonce Client nonce
+ */
+export declare function calculateDigestResponse(username: string, password: string, realm: string, nonce: string, method: string, uri: string, qop?: string, opaque?: string, nc?: string, cnonce?: string): string;
+/**
+ * Digest Authentication Provider
+ */
+export declare class DigestAuthProvider implements AuthProvider<DigestAuthConfig> {
+    readonly type: "digest";
+    private storedChallenges;
+    private nonceCounters;
+    authenticate(config: DigestAuthConfig): Promise<AuthResult>;
+    /**
+     * Stores a Digest challenge received from server
+     */
+    storeChallenge(url: string, challenge: DigestChallenge): void;
+    /**
+     * Retrieves stored challenge for a URL
+     */
+    getChallenge(url: string): DigestChallenge | undefined;
+    /**
+     * Builds Authorization header for a request using stored challenge
+     */
+    buildAuthorizationHeader(url: string, method: string, config: DigestAuthConfig): Promise<string | null>;
+    /**
+     * Gets next nonce count for a given nonce
+     */
+    private getNonceCount;
+    /**
+     * Handles 401 response and returns new request headers
+     */
+    handleChallenge(url: string, method: string, authenticateHeader: string, config: DigestAuthConfig): Promise<Record<string, string> | null>;
+    clear(config: DigestAuthConfig): Promise<void>;
+    validate(config: DigestAuthConfig): Promise<boolean>;
+    private getCacheKey;
+    /**
+     * Clears stored challenges and counters
+     */
+    clearState(): void;
+}
+/**
+ * Creates a Digest auth provider instance
+ */
+export declare function createDigestAuthProvider(): DigestAuthProvider;
+export {};