qazen-cli 0.1.0

package/README.md

@@ -0,0 +1,35 @@
+# QAZen CLI
+
+Capture authenticated browser sessions for enterprise app testing — including SSO, ADFS, Okta, Cognito, and MFA flows.
+
+## Quick Start
+
+```bash
+# Install
+npm install -g qazen-cli
+
+# Connect (get the token from QAZen → Settings → Authentication)
+qazen login --token <your-cli-token> --api-url https://qa-zen-ai.replit.app
+
+# Record a session (opens a real browser)
+qazen record --project "My App"
+
+# Check status
+qazen status
+```
+
+## Why this works for HttpOnly cookies
+
+Playwright's Chrome DevTools Protocol (CDP) has direct access to all browser state, including HttpOnly cookies that JavaScript cannot read. This is the only reliable way to capture enterprise SSO sessions.
+
+Your credentials never reach QAZen servers — only the resulting session storage state is uploaded.
+
+## Commands
+
+- `qazen login --token <key>` — store the CLI token locally
+- `qazen record [--project <name>] [--url <url>]` — open a browser, let you log in, capture the session, upload to QAZen
+- `qazen status` — verify connection and list projects
+
+## Config location
+
+The CLI stores its API URL and token under `conf`'s standard location (`~/.config/qazen-cli/config.json` on Linux, `~/Library/Preferences/qazen-cli-nodejs/` on macOS, `%APPDATA%\qazen-cli-nodejs\` on Windows).

package/dist/commands/login.js

@@ -0,0 +1,32 @@
+import chalk from "chalk";
+import { saveConfig } from "../lib/config.js";
+import { fetchProjects } from "../lib/api.js";
+export async function loginCommand(options) {
+    if (!options.token) {
+        console.log(chalk.red("\n  Error: --token is required"));
+        console.log(chalk.gray("  Usage: qazen login --token <your-cli-token>\n"));
+        process.exit(1);
+    }
+    const apiUrl = options.apiUrl.replace(/\/$/, "");
+    process.stdout.write(chalk.gray(`\n  Connecting to ${apiUrl}...`));
+    try {
+        const projects = await fetchProjects(apiUrl, options.token);
+        saveConfig({ apiUrl, cliToken: options.token });
+        console.log(chalk.green(" ✓"));
+        console.log(chalk.green("\n  ✓ Logged in successfully"));
+        console.log(chalk.gray(`  Found ${projects.length} project(s)`));
+        projects.slice(0, 3).forEach((p) => {
+            console.log(chalk.gray(`    • ${p.name} (${p.url})`));
+        });
+        if (projects.length > 3) {
+            console.log(chalk.gray(`    ... and ${projects.length - 3} more`));
+        }
+        console.log(chalk.gray("\n  Run: ") + chalk.white("qazen record") + chalk.gray(" to capture a session\n"));
+    }
+    catch (err) {
+        console.log(chalk.red(" ✗"));
+        const msg = err instanceof Error ? err.message : String(err);
+        console.log(chalk.red(`\n  Error: ${msg}\n`));
+        process.exit(1);
+    }
+}

package/dist/commands/record.js

@@ -0,0 +1,107 @@
+import chalk from "chalk";
+import ora from "ora";
+import inquirer from "inquirer";
+import { getConfig, isConfigured } from "../lib/config.js";
+import { fetchProjects, uploadSession } from "../lib/api.js";
+import { recordSession } from "../lib/recorder.js";
+export async function recordCommand(options) {
+    if (!isConfigured()) {
+        console.log(chalk.red("\n  Not logged in."));
+        console.log(chalk.gray("  Run: qazen login --token <key>\n"));
+        process.exit(1);
+    }
+    const config = getConfig();
+    const apiUrl = config.apiUrl;
+    const cliToken = config.cliToken;
+    const spinner = ora("Loading projects...").start();
+    let projects;
+    try {
+        projects = await fetchProjects(apiUrl, cliToken);
+        spinner.stop();
+    }
+    catch (err) {
+        spinner.fail(chalk.red("Failed to load projects"));
+        console.error(chalk.red(err instanceof Error ? err.message : String(err)));
+        process.exit(1);
+    }
+    if (projects.length === 0) {
+        console.log(chalk.yellow("\n  No projects found."));
+        console.log(chalk.gray(`  Create one at ${apiUrl}\n`));
+        process.exit(1);
+    }
+    let project;
+    if (options.project) {
+        const needle = options.project.toLowerCase();
+        const found = projects.find((p) => p.name.toLowerCase().includes(needle) || String(p.id) === options.project);
+        if (!found) {
+            console.log(chalk.red(`\n  Project "${options.project}" not found\n`));
+            process.exit(1);
+        }
+        project = found;
+    }
+    else if (projects.length === 1) {
+        project = projects[0];
+        console.log(chalk.gray(`\n  Using project: ${project.name}`));
+    }
+    else {
+        const { projectId } = (await inquirer.prompt([
+            {
+                type: "list",
+                name: "projectId",
+                message: "Select project:",
+                choices: projects.map((p) => ({
+                    name: `${p.name}  ${chalk.gray(p.url)}  ${chalk.dim("[" + p.environment + "]")}`,
+                    value: p.id,
+                })),
+            },
+        ]));
+        project = projects.find((p) => p.id === projectId);
+    }
+    const targetUrl = options.url || project.url;
+    console.log("\n" + chalk.hex("#6366F1").bold("  QAZen Session Recorder"));
+    console.log(chalk.gray("  ──────────────────────────────────"));
+    console.log(`  ${chalk.gray("Project:")} ${chalk.white(project.name)}`);
+    console.log(`  ${chalk.gray("URL:")}     ${chalk.white(targetUrl)}`);
+    console.log(chalk.gray("  ──────────────────────────────────"));
+    console.log(chalk.yellow("\n  A browser window will open."));
+    console.log(chalk.white("  • Complete your full login flow"));
+    console.log(chalk.white("  • SSO, ADFS, Okta, MFA — all supported"));
+    console.log(chalk.white("  • When you see your dashboard,"));
+    console.log(chalk.hex("#6366F1").bold("    press [Enter] here") + chalk.white(" to capture\n"));
+    const { confirm } = (await inquirer.prompt([
+        { type: "confirm", name: "confirm", message: "Open browser and start recording?", default: true },
+    ]));
+    if (!confirm) {
+        console.log(chalk.gray("\n  Cancelled.\n"));
+        process.exit(0);
+    }
+    let result;
+    try {
+        result = await recordSession(targetUrl, () => {
+            console.log(chalk.gray("\n  Browser opened. Complete your login..."));
+        });
+    }
+    catch (err) {
+        console.log(chalk.red("\n  ✗ Recording failed"));
+        console.error(chalk.red(err instanceof Error ? err.message : String(err)));
+        process.exit(1);
+    }
+    console.log(chalk.green(`\n  ✓ Session captured`));
+    console.log(chalk.gray(`  Cookies: ${result.cookieCount} (including HttpOnly)`));
+    console.log(chalk.gray(`  Domain:  ${result.domain}`));
+    const uploadSpinner = ora("Uploading to QAZen...").start();
+    try {
+        await uploadSession(apiUrl, cliToken, project.id, result.storageState, result.domain, result.cookieCount);
+        uploadSpinner.succeed(chalk.green("Session saved to QAZen"));
+    }
+    catch (err) {
+        uploadSpinner.fail(chalk.red("Upload failed"));
+        console.error(chalk.red(err instanceof Error ? err.message : String(err)));
+        process.exit(1);
+    }
+    console.log("\n" + chalk.hex("#6366F1").bold("  ✓ Ready to test!\n"));
+    console.log(chalk.white("  Your session is active in QAZen."));
+    console.log(chalk.white("  Go to Discovery and run against:"));
+    console.log(chalk.hex("#6366F1")(`  ${targetUrl}\n`));
+    console.log(chalk.gray(`  ${apiUrl}/discovery\n`));
+}

package/dist/commands/status.js

@@ -0,0 +1,28 @@
+import chalk from "chalk";
+import { getConfig, isConfigured, configPath } from "../lib/config.js";
+import { fetchProjects } from "../lib/api.js";
+export async function statusCommand() {
+    console.log("\n" + chalk.hex("#6366F1").bold("  QAZen CLI\n"));
+    if (!isConfigured()) {
+        console.log(chalk.red("  ✗ Not configured"));
+        console.log(chalk.gray("  Run: qazen login --token <key>\n"));
+        return;
+    }
+    const config = getConfig();
+    console.log(chalk.green("  ✓ Configured"));
+    console.log(chalk.gray(`  API:    ${config.apiUrl}`));
+    console.log(chalk.gray(`  Config: ${configPath()}`));
+    try {
+        const projects = await fetchProjects(config.apiUrl, config.cliToken);
+        console.log(chalk.green("  ✓ API connected"));
+        console.log(chalk.gray(`  Projects: ${projects.length}`));
+        projects.forEach((p) => {
+            console.log(chalk.gray(`    • ${p.name} — ${p.url}`));
+        });
+    }
+    catch (err) {
+        console.log(chalk.red("  ✗ API connection failed"));
+        console.error(chalk.red(`  ${err instanceof Error ? err.message : String(err)}`));
+    }
+    console.log();
+}

package/dist/index.js

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+import { program } from "commander";
+import chalk from "chalk";
+import { loginCommand } from "./commands/login.js";
+import { recordCommand } from "./commands/record.js";
+import { statusCommand } from "./commands/status.js";
+console.log(chalk.hex("#6366F1").bold("\n  QAZen") + chalk.gray(" — Autonomous QA Platform\n"));
+program
+    .name("qazen")
+    .description("QAZen CLI — capture authenticated sessions for enterprise app testing")
+    .version("0.1.0");
+program
+    .command("login")
+    .description("Connect CLI to your QAZen workspace")
+    .requiredOption("--token <token>", "CLI API token from QAZen Settings → Authentication")
+    .option("--api-url <url>", "QAZen API URL", "https://qa-zen-ai.replit.app")
+    .action(loginCommand);
+program
+    .command("record")
+    .description("Record an authenticated browser session")
+    .option("-p, --project <name>", "Project name or id to record for")
+    .option("-u, --url <url>", "Override the project URL")
+    .action(recordCommand);
+program
+    .command("status")
+    .description("Check CLI connection and list projects")
+    .action(statusCommand);
+program.parse();

package/dist/lib/api.js

@@ -0,0 +1,34 @@
+function authHeaders(token) {
+    return { "x-qazen-cli-token": token };
+}
+export async function fetchProjects(apiUrl, cliToken) {
+    const res = await fetch(`${apiUrl}/api/cli/projects`, {
+        headers: authHeaders(cliToken),
+    });
+    if (res.status === 401) {
+        throw new Error("Invalid CLI token. Run: qazen login --token <key>");
+    }
+    if (!res.ok) {
+        throw new Error(`Failed to fetch projects (HTTP ${res.status})`);
+    }
+    return (await res.json());
+}
+export async function uploadSession(apiUrl, cliToken, projectId, storageState, domain, cookieCount) {
+    const res = await fetch(`${apiUrl}/api/cli/projects/${projectId}/session`, {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json", ...authHeaders(cliToken) },
+        body: JSON.stringify({
+            storageState: JSON.stringify(storageState),
+            storageStateCapturedAt: new Date().toISOString(),
+            capturedDomain: domain,
+            cookieCount,
+            captureMethod: "cli",
+        }),
+    });
+    if (res.status === 401)
+        throw new Error("Invalid CLI token");
+    if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        throw new Error(`Upload failed (HTTP ${res.status}): ${text}`);
+    }
+}

package/dist/lib/config.js

@@ -0,0 +1,23 @@
+import Conf from "conf";
+const conf = new Conf({ projectName: "qazen-cli" });
+export function getConfig() {
+    return {
+        apiUrl: conf.get("apiUrl"),
+        cliToken: conf.get("cliToken"),
+    };
+}
+export function saveConfig(values) {
+    if (values.apiUrl)
+        conf.set("apiUrl", values.apiUrl);
+    if (values.cliToken)
+        conf.set("cliToken", values.cliToken);
+}
+export function clearConfig() {
+    conf.clear();
+}
+export function isConfigured() {
+    return Boolean(conf.get("apiUrl") && conf.get("cliToken"));
+}
+export function configPath() {
+    return conf.path;
+}

package/dist/lib/recorder.js

@@ -0,0 +1,62 @@
+import { chromium } from "playwright";
+import * as readline from "node:readline";
+/**
+ * Launch a real, headed Chromium and let the user complete any
+ * login flow (SSO, ADFS, Okta, MFA, …). When the user presses
+ * Enter in the terminal we snapshot the full storage state via
+ * CDP, which includes HttpOnly cookies that JavaScript cannot
+ * read — this is the reason the CLI exists.
+ */
+export async function recordSession(url, onReady) {
+    const browser = await chromium.launch({
+        headless: false,
+        args: [
+            "--no-sandbox",
+            "--disable-infobars",
+            "--start-maximized",
+            "--disable-blink-features=AutomationControlled",
+        ],
+        ignoreDefaultArgs: ["--enable-automation"],
+    });
+    const context = await browser.newContext({
+        viewport: null,
+        ignoreHTTPSErrors: true,
+        userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
+    });
+    const page = await context.newPage();
+    try {
+        await page.goto(url, { waitUntil: "domcontentloaded", timeout: 30_000 });
+    }
+    catch {
+        // Some apps redirect to a different origin immediately; that's fine — keep going.
+    }
+    onReady();
+    await waitForEnter();
+    const storageState = await context.storageState();
+    const cookieCount = storageState.cookies?.length ?? 0;
+    let domain = "unknown";
+    try {
+        domain = new URL(page.url()).hostname;
+    }
+    catch {
+        try {
+            domain = new URL(url).hostname;
+        }
+        catch {
+            /* leave as "unknown" */
+        }
+    }
+    await browser.close();
+    return { storageState, cookieCount, domain };
+}
+function waitForEnter() {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout, terminal: false });
+        process.stdout.write("\n  \x1b[33m→ Complete your login, then press [Enter] \x1b[0m");
+        rl.once("line", () => {
+            rl.close();
+            process.stdout.write("\n");
+            resolve();
+        });
+    });
+}

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "qazen-cli",
+  "version": "0.1.0",
+  "description": "QAZen CLI — capture authenticated browser sessions for enterprise SSO testing",
+  "license": "MIT",
+  "author": "QAZen",
+  "homepage": "https://qa-zen-ai.replit.app",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/akandula0309/qazen-cli.git"
+  },
+  "keywords": [
+    "qa",
+    "testing",
+    "automation",
+    "playwright",
+    "sso",
+    "enterprise"
+  ],
+  "type": "module",
+  "bin": {
+    "qazen": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc && chmod +x dist/index.js",
+    "dev": "tsx src/index.ts",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "pnpm run build"
+  },
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "conf": "^13.0.0",
+    "inquirer": "^9.2.0",
+    "ora": "^8.0.0",
+    "playwright": "^1.60.0"
+  },
+  "devDependencies": {
+    "@types/inquirer": "^9.0.7",
+    "@types/node": "catalog:",
+    "tsx": "catalog:",
+    "typescript": "^5.9.0"
+  }
+}