vaspera 2.9.2 → 2.10.1

package/dist/scanners/logic/types.js

@@ -0,0 +1,142 @@
+/**
+ * Business Logic Vulnerability Types
+ *
+ * Types for detecting BOLA, IDOR, BFLA, and other
+ * authorization/business logic vulnerabilities.
+ *
+ * @module scanners/logic/types
+ */
+/**
+ * CWE mappings for logic vulnerabilities
+ */
+export const LOGIC_VULN_CWE_MAP = {
+    "bola": ["CWE-639", "CWE-284"],
+    "idor": ["CWE-639", "CWE-284", "CWE-285"],
+    "bfla": ["CWE-285", "CWE-863"],
+    "mass-assignment": ["CWE-915"],
+    "race-condition-auth": ["CWE-362", "CWE-367"],
+    "privilege-escalation": ["CWE-269", "CWE-250"],
+    "missing-auth": ["CWE-306"],
+    "missing-authz": ["CWE-862"],
+    "direct-db-access": ["CWE-639", "CWE-284"],
+    "horizontal-priv-esc": ["CWE-639"],
+    "vertical-priv-esc": ["CWE-269"],
+};
+/**
+ * OWASP references for logic vulnerabilities
+ */
+export const LOGIC_VULN_OWASP_MAP = {
+    "bola": ["OWASP API1:2023", "OWASP A01:2021"],
+    "idor": ["OWASP API1:2023", "OWASP A01:2021"],
+    "bfla": ["OWASP API5:2023", "OWASP A01:2021"],
+    "mass-assignment": ["OWASP API6:2023", "OWASP A08:2021"],
+    "race-condition-auth": ["OWASP API4:2023"],
+    "privilege-escalation": ["OWASP API5:2023", "OWASP A01:2021"],
+    "missing-auth": ["OWASP API2:2023", "OWASP A07:2021"],
+    "missing-authz": ["OWASP API1:2023", "OWASP A01:2021"],
+    "direct-db-access": ["OWASP API1:2023"],
+    "horizontal-priv-esc": ["OWASP API1:2023"],
+    "vertical-priv-esc": ["OWASP API5:2023"],
+};
+/**
+ * Default severity for each vulnerability type
+ */
+export const LOGIC_VULN_SEVERITY_MAP = {
+    "bola": "high",
+    "idor": "high",
+    "bfla": "high",
+    "mass-assignment": "medium",
+    "race-condition-auth": "high",
+    "privilege-escalation": "critical",
+    "missing-auth": "critical",
+    "missing-authz": "high",
+    "direct-db-access": "high",
+    "horizontal-priv-esc": "high",
+    "vertical-priv-esc": "critical",
+};
+/**
+ * Patterns for detecting framework types
+ */
+export const FRAMEWORK_DETECTION_PATTERNS = {
+    nextjs: {
+        packageNames: ["next"],
+        filePatterns: [/next\.config\.(js|mjs|ts)$/, /pages\/api\//, /app\/api\//],
+        codePatterns: [/NextApiRequest|NextRequest/],
+    },
+    express: {
+        packageNames: ["express"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/express\(\)|Router\(\)|app\.(get|post|put|delete|patch)/],
+    },
+    fastify: {
+        packageNames: ["fastify"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/fastify\.(get|post|put|delete|patch)/],
+    },
+    koa: {
+        packageNames: ["koa"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/new Koa\(\)|router\.(get|post|put|delete)/],
+    },
+    hapi: {
+        packageNames: ["@hapi/hapi"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/Hapi\.server\(|server\.route\(/],
+    },
+    nestjs: {
+        packageNames: ["@nestjs/core"],
+        filePatterns: [/\.controller\.ts$/, /\.module\.ts$/],
+        codePatterns: [/@Controller|@Get|@Post|@Put|@Delete/],
+    },
+    django: {
+        packageNames: ["django"],
+        filePatterns: [/urls\.py$/, /views\.py$/],
+        codePatterns: [/path\(|re_path\(|@api_view/],
+    },
+    flask: {
+        packageNames: ["flask"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/@app\.route|Flask\(/],
+    },
+    fastapi: {
+        packageNames: ["fastapi"],
+        filePatterns: [/routers?\//],
+        codePatterns: [/FastAPI\(|@app\.(get|post|put|delete)/],
+    },
+    rails: {
+        packageNames: ["rails"],
+        filePatterns: [/routes\.rb$/, /controllers\//],
+        codePatterns: [/resources\s+:|get\s+'|post\s+'|Rails\.application/],
+    },
+    spring: {
+        packageNames: ["spring-boot"],
+        filePatterns: [/Controller\.java$/, /RestController/],
+        codePatterns: [/@RestController|@GetMapping|@PostMapping/],
+    },
+    laravel: {
+        packageNames: ["laravel/framework"],
+        filePatterns: [/routes\/web\.php$/, /routes\/api\.php$/],
+        codePatterns: [/Route::(get|post|put|delete)/],
+    },
+    gin: {
+        packageNames: ["github.com/gin-gonic/gin"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/gin\.(Default|New)\(|r\.(GET|POST|PUT|DELETE)/],
+    },
+    echo: {
+        packageNames: ["github.com/labstack/echo"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/echo\.New\(|e\.(GET|POST|PUT|DELETE)/],
+    },
+    fiber: {
+        packageNames: ["github.com/gofiber/fiber"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/fiber\.New\(|app\.(Get|Post|Put|Delete)/],
+    },
+    auto: {
+        packageNames: [],
+        filePatterns: [],
+        codePatterns: [],
+    },
+};
+//# sourceMappingURL=types.js.map

package/dist/scanners/logic/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/scanners/logic/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA0UH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAoC;IACjE,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;IACzC,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,iBAAiB,EAAE,CAAC,SAAS,CAAC;IAC9B,qBAAqB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC7C,sBAAsB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9C,cAAc,EAAE,CAAC,SAAS,CAAC;IAC3B,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,kBAAkB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC1C,qBAAqB,EAAE,CAAC,SAAS,CAAC;IAClC,mBAAmB,EAAE,CAAC,SAAS,CAAC;CACjC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAoC;IACnE,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IAC7C,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IAC7C,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IAC7C,iBAAiB,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IACxD,qBAAqB,EAAE,CAAC,iBAAiB,CAAC;IAC1C,sBAAsB,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IAC7D,cAAc,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IACrD,eAAe,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IACtD,kBAAkB,EAAE,CAAC,iBAAiB,CAAC;IACvC,qBAAqB,EAAE,CAAC,iBAAiB,CAAC;IAC1C,mBAAmB,EAAE,CAAC,iBAAiB,CAAC;CACzC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAoC;IACtE,MAAM,EAAE,MAAM;IACd,MAAM,EAAE,MAAM;IACd,MAAM,EAAE,MAAM;IACd,iBAAiB,EAAE,QAAQ;IAC3B,qBAAqB,EAAE,MAAM;IAC7B,sBAAsB,EAAE,UAAU;IAClC,cAAc,EAAE,UAAU;IAC1B,eAAe,EAAE,MAAM;IACvB,kBAAkB,EAAE,MAAM;IAC1B,qBAAqB,EAAE,MAAM;IAC7B,mBAAmB,EAAE,UAAU;CAChC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAIpC;IACH,MAAM,EAAE;QACN,YAAY,EAAE,CAAC,MAAM,CAAC;QACtB,YAAY,EAAE,CAAC,4BAA4B,EAAE,cAAc,EAAE,YAAY,CAAC;QAC1E,YAAY,EAAE,CAAC,4BAA4B,CAAC;KAC7C;IACD,OAAO,EAAE;QACP,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,yDAAyD,CAAC;KAC1E;IACD,OAAO,EAAE;QACP,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,sCAAsC,CAAC;KACvD;IACD,GAAG,EAAE;QACH,YAAY,EAAE,CAAC,KAAK,CAAC;QACrB,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,2CAA2C,CAAC;KAC5D;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,CAAC,YAAY,CAAC;QAC5B,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,gCAAgC,CAAC;KACjD;IACD,MAAM,EAAE;QACN,YAAY,EAAE,CAAC,cAAc,CAAC;QAC9B,YAAY,EAAE,CAAC,mBAAmB,EAAE,eAAe,CAAC;QACpD,YAAY,EAAE,CAAC,qCAAqC,CAAC;KACtD;IACD,MAAM,EAAE;QACN,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,YAAY,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC;QACzC,YAAY,EAAE,CAAC,4BAA4B,CAAC;KAC7C;IACD,KAAK,EAAE;QACL,YAAY,EAAE,CAAC,OAAO,CAAC;QACvB,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,qBAAqB,CAAC;KACtC;IACD,OAAO,EAAE;QACP,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,YAAY,EAAE,CAAC,YAAY,CAAC;QAC5B,YAAY,EAAE,CAAC,uCAAuC,CAAC;KACxD;IACD,KAAK,EAAE;QACL,YAAY,EAAE,CAAC,OAAO,CAAC;QACvB,YAAY,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC;QAC9C,YAAY,EAAE,CAAC,mDAAmD,CAAC;KACpE;IACD,MAAM,EAAE;QACN,YAAY,EAAE,CAAC,aAAa,CAAC;QAC7B,YAAY,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;QACrD,YAAY,EAAE,CAAC,0CAA0C,CAAC;KAC3D;IACD,OAAO,EAAE;QACP,YAAY,EAAE,CAAC,mBAAmB,CAAC;QACnC,YAAY,EAAE,CAAC,mBAAmB,EAAE,mBAAmB,CAAC;QACxD,YAAY,EAAE,CAAC,8BAA8B,CAAC;KAC/C;IACD,GAAG,EAAE;QACH,YAAY,EAAE,CAAC,0BAA0B,CAAC;QAC1C,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,+CAA+C,CAAC;KAChE;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,CAAC,0BAA0B,CAAC;QAC1C,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,sCAAsC,CAAC;KACvD;IACD,KAAK,EAAE;QACL,YAAY,EAAE,CAAC,0BAA0B,CAAC;QAC1C,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,yCAAyC,CAAC;KAC1D;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,EAAE;KACjB;CACF,CAAC"}

package/dist/scanners/runtime/app-launcher.d.ts

@@ -0,0 +1,33 @@
+/**
+ * App Launcher
+ *
+ * Detects framework, starts dev server, and verifies app health.
+ * Supports Next.js, Vite, Express, FastAPI, and more.
+ *
+ * @module scanners/runtime/app-launcher
+ */
+import type { FrameworkDetection, AppLaunchConfig, AppLaunchResult } from "./types.js";
+/**
+ * Detect the framework used in a project
+ */
+export declare function detectFramework(projectPath: string): Promise<FrameworkDetection>;
+/**
+ * Launch the app and wait for it to be ready
+ */
+export declare function launchApp(config: AppLaunchConfig): Promise<AppLaunchResult>;
+/**
+ * Stop an app by project path or port
+ */
+export declare function stopApp(projectPath: string, port?: number): Promise<boolean>;
+/**
+ * Stop all running apps
+ */
+export declare function stopAllApps(): Promise<void>;
+/**
+ * Get list of running apps
+ */
+export declare function getRunningApps(): Array<{
+    key: string;
+    pid: number | undefined;
+}>;
+//# sourceMappingURL=app-launcher.d.ts.map

package/dist/scanners/runtime/app-launcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-launcher.d.ts","sourceRoot":"","sources":["../../../src/scanners/runtime/app-launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAEV,kBAAkB,EAClB,eAAe,EACf,eAAe,EAChB,MAAM,YAAY,CAAC;AAwFpB;;GAEG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,kBAAkB,CAAC,CA2G7B;AAuED;;GAEG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,eAAe,GACtB,OAAO,CAAC,eAAe,CAAC,CAqI1B;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA4BlF;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAUjD;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;CAAE,CAAC,CAKhF"}

package/dist/scanners/runtime/app-launcher.js

@@ -0,0 +1,419 @@
+/**
+ * App Launcher
+ *
+ * Detects framework, starts dev server, and verifies app health.
+ * Supports Next.js, Vite, Express, FastAPI, and more.
+ *
+ * @module scanners/runtime/app-launcher
+ */
+import { spawn } from "child_process";
+import { readFile, access } from "fs/promises";
+import { join } from "path";
+import { logger } from "../../logger.js";
+const DEFAULT_TIMEOUT = 60000;
+const HEALTH_CHECK_INTERVAL = 1000;
+const HEALTH_CHECK_MAX_RETRIES = 30;
+/**
+ * Framework detection patterns
+ */
+const FRAMEWORK_PATTERNS = [
+    {
+        framework: "nextjs",
+        files: ["next.config.js", "next.config.mjs", "next.config.ts"],
+        packageIndicators: ["next"],
+        devCommand: "npm run dev",
+        defaultPort: 3000,
+        healthEndpoint: "/",
+    },
+    {
+        framework: "vite",
+        files: ["vite.config.js", "vite.config.ts", "vite.config.mjs"],
+        packageIndicators: ["vite"],
+        devCommand: "npm run dev",
+        defaultPort: 5173,
+        healthEndpoint: "/",
+    },
+    {
+        framework: "create-react-app",
+        files: [],
+        packageIndicators: ["react-scripts"],
+        devCommand: "npm start",
+        defaultPort: 3000,
+        healthEndpoint: "/",
+    },
+    {
+        framework: "express",
+        files: ["app.js", "server.js", "index.js"],
+        packageIndicators: ["express"],
+        devCommand: "npm run dev",
+        defaultPort: 3000,
+        healthEndpoint: "/health",
+    },
+    {
+        framework: "fastapi",
+        files: ["main.py", "app.py"],
+        packageIndicators: ["fastapi", "uvicorn"],
+        devCommand: "uvicorn main:app --reload",
+        defaultPort: 8000,
+        healthEndpoint: "/health",
+    },
+    {
+        framework: "flask",
+        files: ["app.py", "wsgi.py"],
+        packageIndicators: ["flask"],
+        devCommand: "flask run",
+        defaultPort: 5000,
+        healthEndpoint: "/health",
+    },
+    {
+        framework: "django",
+        files: ["manage.py"],
+        packageIndicators: ["django"],
+        devCommand: "python manage.py runserver",
+        defaultPort: 8000,
+        healthEndpoint: "/",
+    },
+    {
+        framework: "rails",
+        files: ["Gemfile", "config/routes.rb"],
+        packageIndicators: ["rails"],
+        devCommand: "rails server",
+        defaultPort: 3000,
+        healthEndpoint: "/",
+    },
+];
+/**
+ * Active app processes (for cleanup)
+ */
+const activeProcesses = new Map();
+/**
+ * Detect the framework used in a project
+ */
+export async function detectFramework(projectPath) {
+    const indicators = [];
+    let bestMatch;
+    let bestConfidence = 0;
+    for (const pattern of FRAMEWORK_PATTERNS) {
+        let confidence = 0;
+        // Check for framework-specific files
+        for (const file of pattern.files) {
+            try {
+                await access(join(projectPath, file));
+                confidence += 40;
+                indicators.push(`Found ${file}`);
+            }
+            catch {
+                // File doesn't exist
+            }
+        }
+        // Check package.json for dependencies
+        try {
+            const packageJsonPath = join(projectPath, "package.json");
+            const packageJson = JSON.parse(await readFile(packageJsonPath, "utf-8"));
+            const allDeps = {
+                ...packageJson.dependencies,
+                ...packageJson.devDependencies,
+            };
+            for (const indicator of pattern.packageIndicators) {
+                if (allDeps[indicator]) {
+                    confidence += 30;
+                    indicators.push(`Found ${indicator} in package.json`);
+                }
+            }
+            // Check for custom scripts
+            if (packageJson.scripts?.dev) {
+                confidence += 10;
+            }
+        }
+        catch {
+            // No package.json or parse error
+        }
+        // Check requirements.txt for Python projects
+        if (pattern.framework === "fastapi" || pattern.framework === "flask") {
+            try {
+                const requirements = await readFile(join(projectPath, "requirements.txt"), "utf-8");
+                for (const indicator of pattern.packageIndicators) {
+                    if (requirements.toLowerCase().includes(indicator)) {
+                        confidence += 30;
+                        indicators.push(`Found ${indicator} in requirements.txt`);
+                    }
+                }
+            }
+            catch {
+                // No requirements.txt
+            }
+        }
+        if (confidence > bestConfidence) {
+            bestConfidence = confidence;
+            bestMatch = pattern;
+        }
+    }
+    if (bestMatch && bestConfidence > 0) {
+        // Try to get version from package.json
+        let version;
+        try {
+            const packageJson = JSON.parse(await readFile(join(projectPath, "package.json"), "utf-8"));
+            const allDeps = {
+                ...packageJson.dependencies,
+                ...packageJson.devDependencies,
+            };
+            for (const indicator of bestMatch.packageIndicators) {
+                if (allDeps[indicator]) {
+                    version = allDeps[indicator].replace(/[\^~]/, "");
+                    break;
+                }
+            }
+        }
+        catch {
+            // Ignore
+        }
+        return {
+            framework: bestMatch.framework,
+            version,
+            confidence: Math.min(bestConfidence, 100),
+            devCommand: bestMatch.devCommand,
+            port: bestMatch.defaultPort,
+            healthEndpoint: bestMatch.healthEndpoint,
+            indicators,
+        };
+    }
+    return {
+        framework: "unknown",
+        confidence: 0,
+        devCommand: "npm run dev",
+        port: 3000,
+        healthEndpoint: "/",
+        indicators: ["No framework detected"],
+    };
+}
+/**
+ * Check if a port is available
+ */
+async function isPortAvailable(port) {
+    return new Promise((resolve) => {
+        const net = require("net");
+        const server = net.createServer();
+        server.once("error", () => resolve(false));
+        server.once("listening", () => {
+            server.close();
+            resolve(true);
+        });
+        server.listen(port);
+    });
+}
+/**
+ * Find an available port starting from the given port
+ */
+async function findAvailablePort(startPort) {
+    let port = startPort;
+    while (!(await isPortAvailable(port)) && port < startPort + 100) {
+        port++;
+    }
+    return port;
+}
+/**
+ * Wait for the app to be healthy
+ */
+async function waitForHealth(url, timeout) {
+    const startTime = Date.now();
+    const maxTime = startTime + timeout;
+    let lastError;
+    while (Date.now() < maxTime) {
+        try {
+            const checkStart = Date.now();
+            const response = await fetch(url, {
+                method: "GET",
+                signal: AbortSignal.timeout(5000),
+            });
+            if (response.ok || response.status < 500) {
+                return {
+                    healthy: true,
+                    responseTime: Date.now() - checkStart,
+                };
+            }
+        }
+        catch (error) {
+            lastError = error;
+        }
+        await new Promise((resolve) => setTimeout(resolve, HEALTH_CHECK_INTERVAL));
+    }
+    logger.debug("runtime.health_check_failed", {
+        url,
+        error: lastError?.message,
+    });
+    return { healthy: false };
+}
+/**
+ * Launch the app and wait for it to be ready
+ */
+export async function launchApp(config) {
+    const startTime = Date.now();
+    const { projectPath, timeout = DEFAULT_TIMEOUT } = config;
+    // Detect framework if not specified
+    const detection = config.framework
+        ? { framework: config.framework, devCommand: "npm run dev", port: 3000, healthEndpoint: "/" }
+        : await detectFramework(projectPath);
+    const framework = detection.framework;
+    const command = config.command || detection.devCommand;
+    const requestedPort = config.port || detection.port;
+    const healthEndpoint = config.healthEndpoint || detection.healthEndpoint;
+    logger.info("runtime.launching_app", {
+        framework,
+        command,
+        port: requestedPort,
+    });
+    // Find available port
+    const port = await findAvailablePort(requestedPort);
+    if (port !== requestedPort) {
+        logger.info("runtime.port_changed", {
+            requested: requestedPort,
+            actual: port,
+        });
+    }
+    // Build environment
+    const env = {
+        ...process.env,
+        PORT: String(port),
+        NODE_ENV: "development",
+        ...config.env,
+    };
+    // Parse command
+    const [cmd, ...args] = command.split(" ");
+    // Start the process
+    const child = spawn(cmd, args, {
+        cwd: projectPath,
+        env,
+        stdio: ["ignore", "pipe", "pipe"],
+        detached: false,
+    });
+    // Store for cleanup
+    const processKey = `${projectPath}:${port}`;
+    activeProcesses.set(processKey, child);
+    // Capture output for debugging
+    let stdout = "";
+    let stderr = "";
+    child.stdout?.on("data", (data) => {
+        stdout += data.toString();
+        // Log server ready messages
+        const output = data.toString();
+        if (output.includes("ready") ||
+            output.includes("listening") ||
+            output.includes("started")) {
+            logger.debug("runtime.server_output", { output: output.trim() });
+        }
+    });
+    child.stderr?.on("data", (data) => {
+        stderr += data.toString();
+    });
+    // Handle process errors
+    const processError = new Promise((resolve) => {
+        child.on("error", (error) => {
+            resolve({
+                success: false,
+                framework,
+                port,
+                url: `http://localhost:${port}`,
+                healthStatus: "unhealthy",
+                startupTime: Date.now() - startTime,
+                error: `Process error: ${error.message}`,
+            });
+        });
+        child.on("exit", (code) => {
+            if (code !== 0 && code !== null) {
+                resolve({
+                    success: false,
+                    framework,
+                    port,
+                    url: `http://localhost:${port}`,
+                    healthStatus: "unhealthy",
+                    startupTime: Date.now() - startTime,
+                    error: `Process exited with code ${code}: ${stderr || stdout}`,
+                });
+            }
+        });
+    });
+    // Wait for health check
+    const url = `http://localhost:${port}`;
+    const healthUrl = `${url}${healthEndpoint}`;
+    const healthCheck = waitForHealth(healthUrl, timeout).then((result) => {
+        if (result.healthy) {
+            return {
+                success: true,
+                framework,
+                port,
+                pid: child.pid,
+                url,
+                healthStatus: "healthy",
+                startupTime: Date.now() - startTime,
+            };
+        }
+        else {
+            return {
+                success: false,
+                framework,
+                port,
+                pid: child.pid,
+                url,
+                healthStatus: "timeout",
+                startupTime: Date.now() - startTime,
+                error: `Health check timed out after ${timeout}ms`,
+            };
+        }
+    });
+    // Race between health check and process error
+    return Promise.race([healthCheck, processError]);
+}
+/**
+ * Stop an app by project path or port
+ */
+export async function stopApp(projectPath, port) {
+    // Find and kill the process
+    for (const [key, child] of activeProcesses) {
+        if (key.startsWith(projectPath) || (port && key.endsWith(`:${port}`))) {
+            try {
+                child.kill("SIGTERM");
+                activeProcesses.delete(key);
+                // Wait a bit for graceful shutdown
+                await new Promise((resolve) => setTimeout(resolve, 1000));
+                // Force kill if still running
+                if (!child.killed) {
+                    child.kill("SIGKILL");
+                }
+                logger.info("runtime.app_stopped", { key });
+                return true;
+            }
+            catch (error) {
+                logger.error("runtime.stop_error", {
+                    key,
+                    error: error.message,
+                });
+            }
+        }
+    }
+    return false;
+}
+/**
+ * Stop all running apps
+ */
+export async function stopAllApps() {
+    for (const [key, child] of activeProcesses) {
+        try {
+            child.kill("SIGTERM");
+            logger.info("runtime.app_stopped", { key });
+        }
+        catch {
+            // Ignore errors
+        }
+    }
+    activeProcesses.clear();
+}
+/**
+ * Get list of running apps
+ */
+export function getRunningApps() {
+    return Array.from(activeProcesses.entries()).map(([key, child]) => ({
+        key,
+        pid: child.pid,
+    }));
+}
+//# sourceMappingURL=app-launcher.js.map

package/dist/scanners/runtime/app-launcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-launcher.js","sourceRoot":"","sources":["../../../src/scanners/runtime/app-launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAgB,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAQ,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAQzC,MAAM,eAAe,GAAG,KAAK,CAAC;AAC9B,MAAM,qBAAqB,GAAG,IAAI,CAAC;AACnC,MAAM,wBAAwB,GAAG,EAAE,CAAC;AAEpC;;GAEG;AACH,MAAM,kBAAkB,GAOnB;IACH;QACE,SAAS,EAAE,QAAQ;QACnB,KAAK,EAAE,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,gBAAgB,CAAC;QAC9D,iBAAiB,EAAE,CAAC,MAAM,CAAC;QAC3B,UAAU,EAAE,aAAa;QACzB,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,GAAG;KACpB;IACD;QACE,SAAS,EAAE,MAAM;QACjB,KAAK,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,CAAC;QAC9D,iBAAiB,EAAE,CAAC,MAAM,CAAC;QAC3B,UAAU,EAAE,aAAa;QACzB,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,GAAG;KACpB;IACD;QACE,SAAS,EAAE,kBAAkB;QAC7B,KAAK,EAAE,EAAE;QACT,iBAAiB,EAAE,CAAC,eAAe,CAAC;QACpC,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,GAAG;KACpB;IACD;QACE,SAAS,EAAE,SAAS;QACpB,KAAK,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,UAAU,CAAC;QAC1C,iBAAiB,EAAE,CAAC,SAAS,CAAC;QAC9B,UAAU,EAAE,aAAa;QACzB,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,SAAS;KAC1B;IACD;QACE,SAAS,EAAE,SAAS;QACpB,KAAK,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC;QAC5B,iBAAiB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QACzC,UAAU,EAAE,2BAA2B;QACvC,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,SAAS;KAC1B;IACD;QACE,SAAS,EAAE,OAAO;QAClB,KAAK,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;QAC5B,iBAAiB,EAAE,CAAC,OAAO,CAAC;QAC5B,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,SAAS;KAC1B;IACD;QACE,SAAS,EAAE,QAAQ;QACnB,KAAK,EAAE,CAAC,WAAW,CAAC;QACpB,iBAAiB,EAAE,CAAC,QAAQ,CAAC;QAC7B,UAAU,EAAE,4BAA4B;QACxC,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,GAAG;KACpB;IACD;QACE,SAAS,EAAE,OAAO;QAClB,KAAK,EAAE,CAAC,SAAS,EAAE,kBAAkB,CAAC;QACtC,iBAAiB,EAAE,CAAC,OAAO,CAAC;QAC5B,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE,IAAI;QACjB,cAAc,EAAE,GAAG;KACpB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAA8B,IAAI,GAAG,EAAE,CAAC;AAE7D;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,WAAmB;IAEnB,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,SAAqD,CAAC;IAC1D,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,qCAAqC;QACrC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC;gBACtC,UAAU,IAAI,EAAE,CAAC;gBACjB,UAAU,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;YACzE,MAAM,OAAO,GAAG;gBACd,GAAG,WAAW,CAAC,YAAY;gBAC3B,GAAG,WAAW,CAAC,eAAe;aAC/B,CAAC;YAEF,KAAK,MAAM,SAAS,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;gBAClD,IAAI,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;oBACvB,UAAU,IAAI,EAAE,CAAC;oBACjB,UAAU,CAAC,IAAI,CAAC,SAAS,SAAS,kBAAkB,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YAED,2BAA2B;YAC3B,IAAI,WAAW,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC;gBAC7B,UAAU,IAAI,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;QACnC,CAAC;QAED,6CAA6C;QAC7C,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,SAAS,KAAK,OAAO,EAAE,CAAC;YACrE,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CACjC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,EACrC,OAAO,CACR,CAAC;gBACF,KAAK,MAAM,SAAS,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;oBAClD,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;wBACnD,UAAU,IAAI,EAAE,CAAC;wBACjB,UAAU,CAAC,IAAI,CAAC,SAAS,SAAS,sBAAsB,CAAC,CAAC;oBAC5D,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;QAED,IAAI,UAAU,GAAG,cAAc,EAAE,CAAC;YAChC,cAAc,GAAG,UAAU,CAAC;YAC5B,SAAS,GAAG,OAAO,CAAC;QACtB,CAAC;IACH,CAAC;IAED,IAAI,SAAS,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;QACpC,uCAAuC;QACvC,IAAI,OAA2B,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAC5B,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAC3D,CAAC;YACF,MAAM,OAAO,GAAG;gBACd,GAAG,WAAW,CAAC,YAAY;gBAC3B,GAAG,WAAW,CAAC,eAAe;aAC/B,CAAC;YACF,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAC;gBACpD,IAAI,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;oBACvB,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;oBAClD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,OAAO;YACL,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,CAAC;YACzC,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,IAAI,EAAE,SAAS,CAAC,WAAW;YAC3B,cAAc,EAAE,SAAS,CAAC,cAAc;YACxC,UAAU;SACX,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,SAAS;QACpB,UAAU,EAAE,CAAC;QACb,UAAU,EAAE,aAAa;QACzB,IAAI,EAAE,IAAI;QACV,cAAc,EAAE,GAAG;QACnB,UAAU,EAAE,CAAC,uBAAuB,CAAC;KACtC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;QAElC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;YAC5B,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,SAAiB;IAChD,IAAI,IAAI,GAAG,SAAS,CAAC;IACrB,OAAO,CAAC,CAAC,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,SAAS,GAAG,GAAG,EAAE,CAAC;QAChE,IAAI,EAAE,CAAC;IACT,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAW,EACX,OAAe;IAEf,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,SAAS,GAAG,OAAO,CAAC;IACpC,IAAI,SAA4B,CAAC;IAEjC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;aAClC,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBACzC,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU;iBACtC,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAc,CAAC;QAC7B,CAAC;QAED,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;QAC1C,GAAG;QACH,KAAK,EAAE,SAAS,EAAE,OAAO;KAC1B,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAuB;IAEvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,WAAW,EAAE,OAAO,GAAG,eAAe,EAAE,GAAG,MAAM,CAAC;IAE1D,oCAAoC;IACpC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS;QAChC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE;QAC7F,CAAC,CAAC,MAAM,eAAe,CAAC,WAAW,CAAC,CAAC;IAEvC,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC;IACtC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,SAAS,CAAC,UAAU,CAAC;IACvD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,IAAI,SAAS,CAAC,IAAI,CAAC;IACpD,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,CAAC;IAEzE,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE;QACnC,SAAS;QACT,OAAO;QACP,IAAI,EAAE,aAAa;KACpB,CAAC,CAAC;IAEH,sBAAsB;IACtB,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC;IACpD,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAClC,SAAS,EAAE,aAAa;YACxB,MAAM,EAAE,IAAI;SACb,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB;IACpB,MAAM,GAAG,GAA2B;QAClC,GAAG,OAAO,CAAC,GAAG;QACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;QAClB,QAAQ,EAAE,aAAa;QACvB,GAAG,MAAM,CAAC,GAAG;KACd,CAAC;IAEF,gBAAgB;IAChB,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE1C,oBAAoB;IACpB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;QAC7B,GAAG,EAAE,WAAW;QAChB,GAAG;QACH,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;QACjC,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAC;IAEH,oBAAoB;IACpB,MAAM,UAAU,GAAG,GAAG,WAAW,IAAI,IAAI,EAAE,CAAC;IAC5C,eAAe,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAEvC,+BAA+B;IAC/B,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC1B,4BAA4B;QAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC/B,IACE,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;YACxB,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC5B,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAC1B,CAAC;YACD,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,wBAAwB;IACxB,MAAM,YAAY,GAAG,IAAI,OAAO,CAAkB,CAAC,OAAO,EAAE,EAAE;QAC5D,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,OAAO,CAAC;gBACN,OAAO,EAAE,KAAK;gBACd,SAAS;gBACT,IAAI;gBACJ,GAAG,EAAE,oBAAoB,IAAI,EAAE;gBAC/B,YAAY,EAAE,WAAW;gBACzB,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBACnC,KAAK,EAAE,kBAAkB,KAAK,CAAC,OAAO,EAAE;aACzC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAChC,OAAO,CAAC;oBACN,OAAO,EAAE,KAAK;oBACd,SAAS;oBACT,IAAI;oBACJ,GAAG,EAAE,oBAAoB,IAAI,EAAE;oBAC/B,YAAY,EAAE,WAAW;oBACzB,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBACnC,KAAK,EAAE,4BAA4B,IAAI,KAAK,MAAM,IAAI,MAAM,EAAE;iBAC/D,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wBAAwB;IACxB,MAAM,GAAG,GAAG,oBAAoB,IAAI,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,GAAG,GAAG,GAAG,cAAc,EAAE,CAAC;IAE5C,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACpE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,SAAS;gBACT,IAAI;gBACJ,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,GAAG;gBACH,YAAY,EAAE,SAAkB;gBAChC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACpC,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS;gBACT,IAAI;gBACJ,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,GAAG;gBACH,YAAY,EAAE,SAAkB;gBAChC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBACnC,KAAK,EAAE,gCAAgC,OAAO,IAAI;aACnD,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,8CAA8C;IAC9C,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,WAAmB,EAAE,IAAa;IAC9D,4BAA4B;IAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,eAAe,EAAE,CAAC;QAC3C,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACtB,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAE5B,mCAAmC;gBACnC,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;gBAE1D,8BAA8B;gBAC9B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;oBAClB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACxB,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC5C,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;oBACjC,GAAG;oBACH,KAAK,EAAG,KAAe,CAAC,OAAO;iBAChC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;IACH,CAAC;IACD,eAAe,CAAC,KAAK,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAClE,GAAG;QACH,GAAG,EAAE,KAAK,CAAC,GAAG;KACf,CAAC,CAAC,CAAC;AACN,CAAC"}

package/dist/scanners/runtime/golden-path-runner.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Golden Path Runner
+ *
+ * Executes user-defined flows against a running app using Playwright.
+ * Flows are defined in YAML files under .vaspera/flows/
+ *
+ * @module scanners/runtime/golden-path-runner
+ */
+import { type GoldenPathFlow, type GoldenPathResult } from "./types.js";
+/**
+ * Load a golden path flow from a YAML file
+ */
+export declare function loadFlow(flowPath: string): Promise<GoldenPathFlow>;
+/**
+ * Discover all flows in a project
+ */
+export declare function discoverFlows(projectPath: string): Promise<Array<{
+    path: string;
+    flow: GoldenPathFlow;
+}>>;
+/**
+ * Run a golden path flow
+ *
+ * By default uses lightweight HTTP-based execution.
+ * Pass usePlaywright: true to use full browser automation.
+ */
+export declare function runFlow(flow: GoldenPathFlow, baseUrl: string, options?: {
+    usePlaywright?: boolean;
+    headless?: boolean;
+    slowMo?: number;
+    screenshotsDir?: string;
+}): Promise<GoldenPathResult>;
+/**
+ * Run all flows in a project
+ */
+export declare function runAllFlows(projectPath: string, baseUrl: string, options?: {
+    priority?: GoldenPathFlow["priority"];
+    tags?: string[];
+    usePlaywright?: boolean;
+    headless?: boolean;
+    slowMo?: number;
+    screenshotsDir?: string;
+}): Promise<GoldenPathResult[]>;
+/**
+ * Generate a sample flow file
+ */
+export declare function generateSampleFlow(projectPath: string, name?: string): Promise<string>;
+//# sourceMappingURL=golden-path-runner.d.ts.map

package/dist/scanners/runtime/golden-path-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"golden-path-runner.d.ts","sourceRoot":"","sources":["../../../src/scanners/runtime/golden-path-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EAEtB,MAAM,YAAY,CAAC;AAKpB;;GAEG;AACH,wBAAsB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAIxE;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,cAAc,CAAA;CAAE,CAAC,CAAC,CA0BxD;AA2ID;;;;;GAKG;AACH,wBAAsB,OAAO,CAC3B,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IACP,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,CAAC;CACpB,GACL,OAAO,CAAC,gBAAgB,CAAC,CA8F3B;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IACP,QAAQ,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IACtC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,CAAC;CACpB,GACL,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAyD7B;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE,MAAiB,GACtB,OAAO,CAAC,MAAM,CAAC,CAiEjB"}