webguardx 0.1.0

package/dist/bin/cli.cjs

@@ -0,0 +1,1944 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// node_modules/tsup/assets/cjs_shims.js
+var getImportMetaUrl, importMetaUrl;
+var init_cjs_shims = __esm({
+  "node_modules/tsup/assets/cjs_shims.js"() {
+    "use strict";
+    getImportMetaUrl = () => typeof document === "undefined" ? new URL(`file:${__filename}`).href : document.currentScript && document.currentScript.tagName.toUpperCase() === "SCRIPT" ? document.currentScript.src : new URL("main.js", document.baseURI).href;
+    importMetaUrl = /* @__PURE__ */ getImportMetaUrl();
+  }
+});
+
+// src/utils/logger.ts
+var import_chalk, log;
+var init_logger = __esm({
+  "src/utils/logger.ts"() {
+    "use strict";
+    init_cjs_shims();
+    import_chalk = __toESM(require("chalk"), 1);
+    log = {
+      info(msg) {
+        console.log(import_chalk.default.blue("i"), msg);
+      },
+      success(msg) {
+        console.log(import_chalk.default.green("\u2713"), msg);
+      },
+      warn(msg) {
+        console.log(import_chalk.default.yellow("\u26A0"), msg);
+      },
+      error(msg) {
+        console.log(import_chalk.default.red("\u2717"), msg);
+      },
+      dim(msg) {
+        console.log(import_chalk.default.dim(msg));
+      },
+      plain(msg) {
+        console.log(msg);
+      }
+    };
+  }
+});
+
+// src/utils/fs.ts
+function ensureDir(dir) {
+  if (!import_fs2.default.existsSync(dir)) {
+    import_fs2.default.mkdirSync(dir, { recursive: true });
+  }
+}
+function cleanDir(dir) {
+  if (import_fs2.default.existsSync(dir)) {
+    import_fs2.default.rmSync(dir, { recursive: true, force: true });
+  }
+}
+function writeJson(filePath, data) {
+  ensureDir(import_path2.default.dirname(filePath));
+  import_fs2.default.writeFileSync(filePath, JSON.stringify(data, null, 2));
+}
+var import_fs2, import_path2;
+var init_fs = __esm({
+  "src/utils/fs.ts"() {
+    "use strict";
+    init_cjs_shims();
+    import_fs2 = __toESM(require("fs"), 1);
+    import_path2 = __toESM(require("path"), 1);
+  }
+});
+
+// src/reporters/html.ts
+var html_exports = {};
+__export(html_exports, {
+  reportHtml: () => reportHtml
+});
+function escapeHtml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function severityIcon(severity) {
+  switch (severity) {
+    case "pass":
+      return "&#x2713;";
+    case "fail":
+      return "&#x2717;";
+    case "warning":
+      return "&#x26A0;";
+    case "skip":
+      return "&#x25CB;";
+    default:
+      return "?";
+  }
+}
+function severityClass(severity) {
+  return `severity-${severity}`;
+}
+function renderAuditRow(audit) {
+  return `
+    <tr class="${severityClass(audit.severity)}">
+      <td class="icon">${severityIcon(audit.severity)}</td>
+      <td>${escapeHtml(audit.audit)}</td>
+      <td>${escapeHtml(audit.message)}</td>
+      <td class="duration">${audit.duration ? `${audit.duration}ms` : "\u2014"}</td>
+    </tr>`;
+}
+function renderPageSection(page) {
+  const failCount = page.audits.filter((a) => a.severity === "fail").length;
+  const status = failCount > 0 ? "fail" : "pass";
+  return `
+    <div class="page-section">
+      <h2 class="page-header ${status}">
+        <span class="page-name">${escapeHtml(page.page)}</span>
+        <span class="page-path">${escapeHtml(page.path)}</span>
+        <span class="page-duration">${(page.duration / 1e3).toFixed(1)}s</span>
+      </h2>
+      <table class="audit-table">
+        <thead>
+          <tr>
+            <th class="icon-col"></th>
+            <th>Audit</th>
+            <th>Result</th>
+            <th>Duration</th>
+          </tr>
+        </thead>
+        <tbody>
+          ${page.audits.map(renderAuditRow).join("")}
+        </tbody>
+      </table>
+    </div>`;
+}
+function buildHtml(result) {
+  const { summary } = result;
+  const overallStatus = summary.failed > 0 ? "FAIL" : summary.warnings > 0 ? "PASS (with warnings)" : "PASS";
+  const statusClass = summary.failed > 0 ? "fail" : summary.warnings > 0 ? "warning" : "pass";
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Webguardx Report \u2014 ${escapeHtml(result.config.baseURL)}</title>
+  <style>
+    :root {
+      --pass: #22c55e;
+      --fail: #ef4444;
+      --warning: #f59e0b;
+      --skip: #94a3b8;
+      --bg: #0f172a;
+      --surface: #1e293b;
+      --text: #e2e8f0;
+      --text-dim: #94a3b8;
+      --border: #334155;
+    }
+
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: var(--bg);
+      color: var(--text);
+      line-height: 1.6;
+      padding: 2rem;
+    }
+
+    .container { max-width: 900px; margin: 0 auto; }
+
+    header {
+      text-align: center;
+      margin-bottom: 2rem;
+      padding-bottom: 1.5rem;
+      border-bottom: 1px solid var(--border);
+    }
+
+    header h1 {
+      font-size: 1.75rem;
+      font-weight: 700;
+      margin-bottom: 0.5rem;
+    }
+
+    header .meta {
+      color: var(--text-dim);
+      font-size: 0.875rem;
+    }
+
+    .summary-grid {
+      display: grid;
+      grid-template-columns: repeat(auto-fit, minmax(140px, 1fr));
+      gap: 1rem;
+      margin-bottom: 2rem;
+    }
+
+    .summary-card {
+      background: var(--surface);
+      border-radius: 8px;
+      padding: 1rem;
+      text-align: center;
+      border: 1px solid var(--border);
+    }
+
+    .summary-card .value {
+      font-size: 2rem;
+      font-weight: 700;
+    }
+
+    .summary-card .label {
+      font-size: 0.75rem;
+      color: var(--text-dim);
+      text-transform: uppercase;
+      letter-spacing: 0.05em;
+    }
+
+    .summary-card.pass .value { color: var(--pass); }
+    .summary-card.fail .value { color: var(--fail); }
+    .summary-card.warning .value { color: var(--warning); }
+    .summary-card.skip .value { color: var(--skip); }
+
+    .overall-status {
+      text-align: center;
+      font-size: 1.25rem;
+      font-weight: 700;
+      padding: 0.75rem;
+      border-radius: 8px;
+      margin-bottom: 2rem;
+    }
+
+    .overall-status.pass { background: rgba(34,197,94,0.15); color: var(--pass); }
+    .overall-status.fail { background: rgba(239,68,68,0.15); color: var(--fail); }
+    .overall-status.warning { background: rgba(245,158,11,0.15); color: var(--warning); }
+
+    .page-section {
+      background: var(--surface);
+      border-radius: 8px;
+      margin-bottom: 1.5rem;
+      border: 1px solid var(--border);
+      overflow: hidden;
+    }
+
+    .page-header {
+      padding: 1rem 1.25rem;
+      display: flex;
+      align-items: center;
+      gap: 0.75rem;
+      border-bottom: 1px solid var(--border);
+    }
+
+    .page-header.fail { border-left: 4px solid var(--fail); }
+    .page-header.pass { border-left: 4px solid var(--pass); }
+
+    .page-name { font-weight: 600; }
+    .page-path { color: var(--text-dim); font-size: 0.875rem; }
+    .page-duration { margin-left: auto; color: var(--text-dim); font-size: 0.875rem; }
+
+    .audit-table {
+      width: 100%;
+      border-collapse: collapse;
+    }
+
+    .audit-table th {
+      text-align: left;
+      padding: 0.5rem 1rem;
+      font-size: 0.75rem;
+      text-transform: uppercase;
+      color: var(--text-dim);
+      border-bottom: 1px solid var(--border);
+    }
+
+    .audit-table td {
+      padding: 0.6rem 1rem;
+      border-bottom: 1px solid var(--border);
+    }
+
+    .audit-table tr:last-child td { border-bottom: none; }
+
+    .icon-col { width: 40px; }
+    .icon { text-align: center; font-size: 1.1rem; }
+    .duration { color: var(--text-dim); font-size: 0.875rem; }
+
+    .severity-pass .icon { color: var(--pass); }
+    .severity-fail .icon { color: var(--fail); }
+    .severity-warning .icon { color: var(--warning); }
+    .severity-skip .icon { color: var(--skip); }
+
+    footer {
+      text-align: center;
+      margin-top: 2rem;
+      padding-top: 1rem;
+      border-top: 1px solid var(--border);
+      color: var(--text-dim);
+      font-size: 0.75rem;
+    }
+
+    footer a { color: var(--text-dim); }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <header>
+      <h1>Webguardx Report</h1>
+      <div class="meta">
+        ${escapeHtml(result.config.baseURL)} &bull;
+        ${escapeHtml(result.timestamp)} &bull;
+        ${result.config.auditsEnabled.join(", ")}
+      </div>
+    </header>
+
+    <div class="overall-status ${statusClass}">${overallStatus}</div>
+
+    <div class="summary-grid">
+      <div class="summary-card">
+        <div class="value">${summary.totalAudits}</div>
+        <div class="label">Total</div>
+      </div>
+      <div class="summary-card pass">
+        <div class="value">${summary.passed}</div>
+        <div class="label">Passed</div>
+      </div>
+      <div class="summary-card fail">
+        <div class="value">${summary.failed}</div>
+        <div class="label">Failed</div>
+      </div>
+      <div class="summary-card warning">
+        <div class="value">${summary.warnings}</div>
+        <div class="label">Warnings</div>
+      </div>
+      <div class="summary-card skip">
+        <div class="value">${summary.skipped}</div>
+        <div class="label">Skipped</div>
+      </div>
+      <div class="summary-card">
+        <div class="value">${(summary.duration / 1e3).toFixed(1)}s</div>
+        <div class="label">Duration</div>
+      </div>
+    </div>
+
+    ${result.pages.map(renderPageSection).join("")}
+
+    <footer>
+      Generated by <a href="https://github.com/user/webguardx">webguardx</a>
+    </footer>
+  </div>
+</body>
+</html>`;
+}
+function reportHtml(result, runDir) {
+  const filePath = import_path12.default.join(runDir, "report.html");
+  ensureDir(runDir);
+  import_fs14.default.writeFileSync(filePath, buildHtml(result), "utf-8");
+  log.dim(`  HTML report: ${filePath}`);
+}
+var import_fs14, import_path12;
+var init_html = __esm({
+  "src/reporters/html.ts"() {
+    "use strict";
+    init_cjs_shims();
+    import_fs14 = __toESM(require("fs"), 1);
+    import_path12 = __toESM(require("path"), 1);
+    init_fs();
+    init_logger();
+  }
+});
+
+// src/bin/cli.ts
+init_cjs_shims();
+var import_commander = require("commander");
+var import_path15 = __toESM(require("path"), 1);
+var import_fs19 = __toESM(require("fs"), 1);
+var import_chalk3 = __toESM(require("chalk"), 1);
+
+// src/config/loader.ts
+init_cjs_shims();
+var import_path = __toESM(require("path"), 1);
+var import_fs = __toESM(require("fs"), 1);
+
+// src/config/schema.ts
+init_cjs_shims();
+var import_zod = require("zod");
+var AuthApiLoginSchema = import_zod.z.object({
+  method: import_zod.z.literal("api-login"),
+  loginUrl: import_zod.z.string().url(),
+  payload: import_zod.z.record(import_zod.z.string()),
+  headers: import_zod.z.record(import_zod.z.string()).optional()
+});
+var AuthFormLoginSchema = import_zod.z.object({
+  method: import_zod.z.literal("form-login"),
+  loginUrl: import_zod.z.string().url(),
+  fields: import_zod.z.array(
+    import_zod.z.object({
+      selector: import_zod.z.string(),
+      value: import_zod.z.string()
+    })
+  ),
+  submitSelector: import_zod.z.string(),
+  waitAfterLogin: import_zod.z.string().optional()
+});
+var AuthCookieSchema = import_zod.z.object({
+  method: import_zod.z.literal("cookie"),
+  cookies: import_zod.z.array(
+    import_zod.z.object({
+      name: import_zod.z.string(),
+      value: import_zod.z.string(),
+      domain: import_zod.z.string(),
+      path: import_zod.z.string().default("/")
+    })
+  )
+});
+var AuthBearerSchema = import_zod.z.object({
+  method: import_zod.z.literal("bearer-token"),
+  token: import_zod.z.string()
+});
+var AuthNoneSchema = import_zod.z.object({
+  method: import_zod.z.literal("none")
+});
+var AuthSchema = import_zod.z.discriminatedUnion("method", [
+  AuthApiLoginSchema,
+  AuthFormLoginSchema,
+  AuthCookieSchema,
+  AuthBearerSchema,
+  AuthNoneSchema
+]);
+var PageSchema = import_zod.z.object({
+  name: import_zod.z.string(),
+  path: import_zod.z.string(),
+  expectedStatus: import_zod.z.number().default(200),
+  skipAudits: import_zod.z.array(import_zod.z.string()).optional()
+});
+var LighthouseThresholdsSchema = import_zod.z.object({
+  performance: import_zod.z.number().min(0).max(100).default(50),
+  accessibility: import_zod.z.number().min(0).max(100).default(90),
+  bestPractices: import_zod.z.number().min(0).max(100).default(80),
+  seo: import_zod.z.number().min(0).max(100).default(80)
+}).partial();
+var WebguardConfigSchema = import_zod.z.object({
+  baseURL: import_zod.z.string().url(),
+  pages: import_zod.z.array(PageSchema).min(1),
+  auth: AuthSchema.default({ method: "none" }),
+  // Open record — built-in keys have defaults, custom audit keys are allowed
+  audits: import_zod.z.record(import_zod.z.string(), import_zod.z.boolean()).default({
+    httpStatus: true,
+    contentVisibility: true,
+    accessibility: true,
+    lighthouse: false,
+    brokenLinks: false,
+    consoleErrors: true
+  }),
+  // Custom audits defined inline in config
+  customAudits: import_zod.z.array(import_zod.z.any()).default([]),
+  // Plugins — objects or string paths to npm packages / local files
+  plugins: import_zod.z.array(import_zod.z.any()).default([]),
+  wcagTags: import_zod.z.array(import_zod.z.string()).default(["wcag2a", "wcag2aa", "wcag21a", "wcag21aa"]),
+  lighthouseThresholds: LighthouseThresholdsSchema.default({}),
+  retry: import_zod.z.object({
+    maxRetries: import_zod.z.number().min(1).default(3),
+    delayMs: import_zod.z.number().min(0).default(5e3)
+  }).default({}),
+  runner: import_zod.z.object({
+    concurrency: import_zod.z.number().min(1).default(1),
+    failFast: import_zod.z.boolean().default(false)
+  }).default({}),
+  browser: import_zod.z.object({
+    headless: import_zod.z.boolean().default(true),
+    timeout: import_zod.z.number().default(6e4),
+    viewport: import_zod.z.object({
+      width: import_zod.z.number().default(1280),
+      height: import_zod.z.number().default(720)
+    }).default({})
+  }).default({}),
+  output: import_zod.z.object({
+    dir: import_zod.z.string().default("./webguard-results"),
+    formats: import_zod.z.array(import_zod.z.enum(["terminal", "html", "json", "junit"])).default(["terminal", "html", "json"]),
+    screenshots: import_zod.z.boolean().default(true),
+    screenshotOnFailOnly: import_zod.z.boolean().default(false)
+  }).default({}),
+  baseline: import_zod.z.object({
+    enabled: import_zod.z.boolean().default(false),
+    updateOnPass: import_zod.z.boolean().default(true)
+  }).default({}),
+  notifications: import_zod.z.array(import_zod.z.any()).default([])
+});
+
+// src/config/loader.ts
+init_logger();
+var CONFIG_NAMES = [
+  "webguard.config.ts",
+  "webguard.config.js",
+  "webguard.config.mjs",
+  "webguard.config.json"
+];
+async function loadConfig(configPath) {
+  const resolvedPath = configPath ? import_path.default.resolve(configPath) : findConfigFile();
+  if (!resolvedPath) {
+    throw new Error(
+      `No webguard config found. Run "webguardx init" to create one, or specify --config <path>.`
+    );
+  }
+  log.info(`Loading config from ${import_path.default.relative(process.cwd(), resolvedPath)}`);
+  let rawConfig;
+  if (resolvedPath.endsWith(".json")) {
+    const content = import_fs.default.readFileSync(resolvedPath, "utf-8");
+    rawConfig = JSON.parse(content);
+  } else {
+    const { createJiti } = await import("jiti");
+    const jiti = createJiti(importMetaUrl);
+    const mod = await jiti.import(resolvedPath);
+    rawConfig = mod.default ?? mod;
+  }
+  const result = WebguardConfigSchema.safeParse(rawConfig);
+  if (!result.success) {
+    const errors = result.error.issues.map((i) => `  - ${i.path.join(".")}: ${i.message}`).join("\n");
+    throw new Error(`Invalid webguard config:
+${errors}`);
+  }
+  return result.data;
+}
+function findConfigFile() {
+  const cwd = process.cwd();
+  for (const name of CONFIG_NAMES) {
+    const fullPath = import_path.default.join(cwd, name);
+    if (import_fs.default.existsSync(fullPath)) {
+      return fullPath;
+    }
+  }
+  return null;
+}
+
+// src/runner/index.ts
+init_cjs_shims();
+var import_playwright4 = require("playwright");
+
+// src/auth/index.ts
+init_cjs_shims();
+
+// src/auth/strategies/api-login.ts
+init_cjs_shims();
+var import_playwright = require("playwright");
+var import_path3 = __toESM(require("path"), 1);
+init_fs();
+async function apiLogin(config, outputDir) {
+  const authDir = import_path3.default.join(outputDir, ".auth");
+  ensureDir(authDir);
+  const storagePath = import_path3.default.join(authDir, "storageState.json");
+  const origin = new URL(config.loginUrl).origin;
+  const context = await import_playwright.request.newContext({ baseURL: origin });
+  const response = await context.post(config.loginUrl, {
+    data: config.payload,
+    headers: {
+      "content-type": "application/json",
+      accept: "application/json",
+      ...config.headers
+    }
+  });
+  if (!response.ok()) {
+    const body = await response.text();
+    await context.dispose();
+    throw new Error(`Login failed (HTTP ${response.status()}): ${body}`);
+  }
+  await context.storageState({ path: storagePath });
+  await context.dispose();
+  return { storageStatePath: storagePath };
+}
+
+// src/auth/strategies/form-login.ts
+init_cjs_shims();
+var import_playwright2 = require("playwright");
+var import_path4 = __toESM(require("path"), 1);
+init_fs();
+async function formLogin(config, outputDir) {
+  const authDir = import_path4.default.join(outputDir, ".auth");
+  ensureDir(authDir);
+  const storagePath = import_path4.default.join(authDir, "storageState.json");
+  const browser = await import_playwright2.chromium.launch({ headless: true });
+  const context = await browser.newContext();
+  const page = await context.newPage();
+  await page.goto(config.loginUrl);
+  for (const field of config.fields) {
+    await page.fill(field.selector, field.value);
+  }
+  await page.click(config.submitSelector);
+  if (config.waitAfterLogin) {
+    if (config.waitAfterLogin.startsWith("http")) {
+      await page.waitForURL(config.waitAfterLogin);
+    } else {
+      await page.waitForSelector(config.waitAfterLogin);
+    }
+  } else {
+    await page.waitForLoadState("networkidle");
+  }
+  await context.storageState({ path: storagePath });
+  await browser.close();
+  return { storageStatePath: storagePath };
+}
+
+// src/auth/strategies/cookie-inject.ts
+init_cjs_shims();
+var import_fs5 = __toESM(require("fs"), 1);
+var import_path5 = __toESM(require("path"), 1);
+init_fs();
+async function cookieInject(config, outputDir) {
+  const authDir = import_path5.default.join(outputDir, ".auth");
+  ensureDir(authDir);
+  const storagePath = import_path5.default.join(authDir, "storageState.json");
+  const storageState = {
+    cookies: config.cookies.map((c) => ({
+      name: c.name,
+      value: c.value,
+      domain: c.domain,
+      path: c.path || "/",
+      expires: -1,
+      httpOnly: false,
+      secure: true,
+      sameSite: "Lax"
+    })),
+    origins: []
+  };
+  import_fs5.default.writeFileSync(storagePath, JSON.stringify(storageState, null, 2));
+  return { storageStatePath: storagePath };
+}
+
+// src/auth/strategies/bearer-token.ts
+init_cjs_shims();
+var import_fs7 = __toESM(require("fs"), 1);
+var import_path6 = __toESM(require("path"), 1);
+init_fs();
+async function bearerToken(config, outputDir) {
+  const authDir = import_path6.default.join(outputDir, ".auth");
+  ensureDir(authDir);
+  const storagePath = import_path6.default.join(authDir, "storageState.json");
+  import_fs7.default.writeFileSync(
+    storagePath,
+    JSON.stringify({ cookies: [], origins: [] })
+  );
+  return {
+    storageStatePath: storagePath,
+    extraHeaders: { Authorization: `Bearer ${config.token}` }
+  };
+}
+
+// src/auth/index.ts
+init_logger();
+async function authenticate(authConfig, outputDir) {
+  if (authConfig.method === "none") {
+    return null;
+  }
+  log.info(`Authenticating via ${authConfig.method}...`);
+  let result;
+  switch (authConfig.method) {
+    case "api-login":
+      result = await apiLogin(authConfig, outputDir);
+      break;
+    case "form-login":
+      result = await formLogin(authConfig, outputDir);
+      break;
+    case "cookie":
+      result = await cookieInject(authConfig, outputDir);
+      break;
+    case "bearer-token":
+      result = await bearerToken(authConfig, outputDir);
+      break;
+  }
+  log.success("Authenticated successfully");
+  return result;
+}
+
+// src/audits/index.ts
+init_cjs_shims();
+
+// src/audits/http-status.ts
+init_cjs_shims();
+var HttpStatusAudit = {
+  name: "httpStatus",
+  description: "Verify the page returns the expected HTTP status code",
+  async run(ctx) {
+    const status = ctx.navigationResponse?.status() ?? 0;
+    const expected = ctx.pageEntry.expectedStatus ?? 200;
+    return {
+      audit: this.name,
+      page: ctx.pageEntry.name,
+      passed: status === expected,
+      severity: status === expected ? "pass" : "fail",
+      message: status === expected ? `HTTP ${status} OK` : `Expected HTTP ${expected}, got ${status}`,
+      details: { status, expected }
+    };
+  }
+};
+
+// src/audits/content-visibility.ts
+init_cjs_shims();
+var ContentVisibilityAudit = {
+  name: "contentVisibility",
+  description: "Verify the page has visible rendered content",
+  async run(ctx) {
+    const { page } = ctx;
+    const bodyVisible = await page.locator("body").isVisible().catch(() => false);
+    if (!bodyVisible) {
+      return {
+        audit: this.name,
+        page: ctx.pageEntry.name,
+        passed: false,
+        severity: "fail",
+        message: "Page body is not visible",
+        details: { bodyVisible: false, textLength: 0, elementCount: 0 }
+      };
+    }
+    const bodyText = await page.locator("body").innerText().catch(() => "");
+    const textLength = bodyText.trim().length;
+    const elementCount = await page.locator(
+      "body h1, body h2, body p, body main, body div, body section, body nav, body header"
+    ).count();
+    const passed = textLength > 0 && elementCount > 0;
+    return {
+      audit: this.name,
+      page: ctx.pageEntry.name,
+      passed,
+      severity: passed ? "pass" : "fail",
+      message: passed ? `${elementCount} elements visible` : `Content check failed (text: ${textLength} chars, elements: ${elementCount})`,
+      details: { bodyVisible: true, textLength, elementCount }
+    };
+  }
+};
+
+// src/audits/accessibility.ts
+init_cjs_shims();
+var import_playwright3 = __toESM(require("@axe-core/playwright"), 1);
+var import_path7 = __toESM(require("path"), 1);
+
+// src/utils/sanitize.ts
+init_cjs_shims();
+function sanitize(name) {
+  return name.replace(/[^a-zA-Z0-9_-]/g, "_");
+}
+
+// src/audits/accessibility.ts
+init_fs();
+var AccessibilityAudit = {
+  name: "accessibility",
+  description: "WCAG accessibility audit via axe-core",
+  async run(ctx) {
+    const results = await new import_playwright3.default({ page: ctx.page }).withTags(ctx.config.wcagTags).analyze();
+    const violations = results.violations;
+    if (violations.length > 0) {
+      const summary = violations.map((v) => ({
+        rule: v.id,
+        impact: v.impact,
+        description: v.description,
+        helpUrl: v.helpUrl,
+        elements: v.nodes.length
+      }));
+      const pageDir = import_path7.default.join(
+        ctx.runDir,
+        "screenshots",
+        sanitize(ctx.pageEntry.name)
+      );
+      writeJson(import_path7.default.join(pageDir, "a11y-violations.json"), summary);
+    }
+    return {
+      audit: this.name,
+      page: ctx.pageEntry.name,
+      passed: violations.length === 0,
+      severity: violations.length === 0 ? "pass" : "warning",
+      message: violations.length === 0 ? "0 violations" : `${violations.length} violation(s)`,
+      details: {
+        violationCount: violations.length,
+        violations: violations.map((v) => ({
+          rule: v.id,
+          impact: v.impact,
+          description: v.description,
+          elements: v.nodes.length
+        }))
+      }
+    };
+  }
+};
+
+// src/audits/lighthouse.ts
+init_cjs_shims();
+var import_path8 = __toESM(require("path"), 1);
+init_fs();
+var LighthouseAudit = {
+  name: "lighthouse",
+  description: "Lighthouse performance, accessibility, best practices, and SEO audit",
+  async run(ctx) {
+    let lighthouse;
+    let chromeLauncher;
+    try {
+      lighthouse = await import("lighthouse");
+      chromeLauncher = await import("chrome-launcher");
+    } catch {
+      return {
+        audit: this.name,
+        page: ctx.pageEntry.name,
+        passed: false,
+        severity: "skip",
+        message: "Lighthouse not installed. Run: npm install lighthouse chrome-launcher"
+      };
+    }
+    const chrome = await chromeLauncher.launch({
+      chromeFlags: ["--headless", "--no-sandbox"]
+    });
+    const url = `${ctx.config.baseURL}${ctx.pageEntry.path}`;
+    const thresholds = ctx.config.lighthouseThresholds;
+    try {
+      const result = await lighthouse.default(url, {
+        port: chrome.port,
+        output: "json",
+        logLevel: "error",
+        onlyCategories: [
+          "performance",
+          "accessibility",
+          "best-practices",
+          "seo"
+        ]
+      });
+      await chrome.kill();
+      if (!result?.lhr) {
+        return {
+          audit: this.name,
+          page: ctx.pageEntry.name,
+          passed: false,
+          severity: "fail",
+          message: "Lighthouse failed to produce results"
+        };
+      }
+      const scores = {
+        performance: Math.round(
+          (result.lhr.categories.performance?.score ?? 0) * 100
+        ),
+        accessibility: Math.round(
+          (result.lhr.categories.accessibility?.score ?? 0) * 100
+        ),
+        bestPractices: Math.round(
+          (result.lhr.categories["best-practices"]?.score ?? 0) * 100
+        ),
+        seo: Math.round((result.lhr.categories.seo?.score ?? 0) * 100)
+      };
+      const failures = [];
+      if (thresholds.performance && scores.performance < thresholds.performance)
+        failures.push(
+          `Performance: ${scores.performance} < ${thresholds.performance}`
+        );
+      if (thresholds.accessibility && scores.accessibility < thresholds.accessibility)
+        failures.push(
+          `Accessibility: ${scores.accessibility} < ${thresholds.accessibility}`
+        );
+      if (thresholds.bestPractices && scores.bestPractices < thresholds.bestPractices)
+        failures.push(
+          `Best Practices: ${scores.bestPractices} < ${thresholds.bestPractices}`
+        );
+      if (thresholds.seo && scores.seo < thresholds.seo)
+        failures.push(`SEO: ${scores.seo} < ${thresholds.seo}`);
+      const pageDir = import_path8.default.join(
+        ctx.runDir,
+        "screenshots",
+        sanitize(ctx.pageEntry.name)
+      );
+      ensureDir(pageDir);
+      writeJson(import_path8.default.join(pageDir, "lighthouse-report.json"), result.lhr);
+      return {
+        audit: this.name,
+        page: ctx.pageEntry.name,
+        passed: failures.length === 0,
+        severity: failures.length > 0 ? "fail" : "pass",
+        message: failures.length > 0 ? `Failed: ${failures.join("; ")}` : `perf=${scores.performance} a11y=${scores.accessibility} bp=${scores.bestPractices} seo=${scores.seo}`,
+        details: { scores, thresholds, failures }
+      };
+    } catch (err) {
+      await chrome.kill().catch(() => {
+      });
+      return {
+        audit: this.name,
+        page: ctx.pageEntry.name,
+        passed: false,
+        severity: "fail",
+        message: `Lighthouse error: ${err.message}`
+      };
+    }
+  }
+};
+
+// src/audits/broken-links.ts
+init_cjs_shims();
+var BrokenLinksAudit = {
+  name: "brokenLinks",
+  description: "Find broken links (4xx/5xx) on the page",
+  async run(ctx) {
+    const links = await ctx.page.$$eval(
+      "a[href]",
+      (anchors) => anchors.map((a) => a.getAttribute("href")).filter((href) => !!href)
+    );
+    const baseOrigin = new URL(ctx.config.baseURL).origin;
+    const uniqueLinks = [
+      ...new Set(
+        links.map((href) => {
+          try {
+            return new URL(href, ctx.config.baseURL).href;
+          } catch {
+            return null;
+          }
+        }).filter(
+          (url) => !!url && (url.startsWith("http://") || url.startsWith("https://"))
+        )
+      )
+    ];
+    const broken = [];
+    for (const url of uniqueLinks) {
+      try {
+        const response = await ctx.page.request.head(url, { timeout: 1e4 });
+        if (response.status() >= 400) {
+          broken.push({ url, status: response.status() });
+        }
+      } catch {
+        broken.push({ url, status: 0 });
+      }
+    }
+    return {
+      audit: this.name,
+      page: ctx.pageEntry.name,
+      passed: broken.length === 0,
+      severity: broken.length > 0 ? "warning" : "pass",
+      message: broken.length === 0 ? `All ${uniqueLinks.length} links valid` : `${broken.length} broken link(s) of ${uniqueLinks.length}`,
+      details: { totalLinks: uniqueLinks.length, broken }
+    };
+  }
+};
+
+// src/audits/console-errors.ts
+init_cjs_shims();
+var ConsoleErrorsAudit = {
+  name: "consoleErrors",
+  description: "Capture browser console errors and warnings",
+  async run(ctx) {
+    const messages = ctx.consoleMessages;
+    const errors = messages.filter((m) => m.type === "error");
+    const warnings = messages.filter((m) => m.type === "warning");
+    return {
+      audit: this.name,
+      page: ctx.pageEntry.name,
+      passed: errors.length === 0,
+      severity: errors.length > 0 ? "fail" : warnings.length > 0 ? "warning" : "pass",
+      message: errors.length === 0 && warnings.length === 0 ? "0 errors" : `${errors.length} error(s), ${warnings.length} warning(s)`,
+      details: {
+        errors: errors.map((e) => e.text),
+        warnings: warnings.map((w) => w.text)
+      }
+    };
+  }
+};
+
+// src/audits/index.ts
+var BUILTIN_AUDITS = {
+  httpStatus: HttpStatusAudit,
+  contentVisibility: ContentVisibilityAudit,
+  accessibility: AccessibilityAudit,
+  lighthouse: LighthouseAudit,
+  brokenLinks: BrokenLinksAudit,
+  consoleErrors: ConsoleErrorsAudit
+};
+function getEnabledAudits(auditsConfig, pluginAudits = [], customAudits = []) {
+  const allAudits = { ...BUILTIN_AUDITS };
+  for (const audit of [...pluginAudits, ...customAudits]) {
+    allAudits[audit.name] = audit;
+  }
+  const enabled = [];
+  for (const [name, audit] of Object.entries(allAudits)) {
+    const isEnabled = auditsConfig[name] ?? true;
+    if (isEnabled) {
+      enabled.push(audit);
+    }
+  }
+  return enabled;
+}
+
+// src/runner/page-runner.ts
+init_cjs_shims();
+var import_path9 = __toESM(require("path"), 1);
+
+// src/runner/retry.ts
+init_cjs_shims();
+
+// src/utils/sleep.ts
+init_cjs_shims();
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/runner/retry.ts
+init_logger();
+async function navigateWithRetry(page, url, retry, waitUntil = "domcontentloaded") {
+  let lastError = null;
+  for (let attempt = 1; attempt <= retry.maxRetries; attempt++) {
+    try {
+      const response = await page.goto(url, {
+        waitUntil,
+        timeout: 3e4
+      });
+      if (response && response.ok()) {
+        return response;
+      }
+      if (attempt < retry.maxRetries) {
+        log.warn(
+          `Attempt ${attempt}/${retry.maxRetries} for ${url} returned ${response?.status()}. Retrying in ${retry.delayMs / 1e3}s...`
+        );
+        await sleep(retry.delayMs);
+      }
+      if (attempt === retry.maxRetries) return response;
+    } catch (error) {
+      lastError = error;
+      if (attempt < retry.maxRetries) {
+        log.warn(
+          `Attempt ${attempt}/${retry.maxRetries} for ${url} failed. Retrying in ${retry.delayMs / 1e3}s...`
+        );
+        await sleep(retry.delayMs);
+      }
+    }
+  }
+  throw lastError ?? new Error(`Failed to load ${url} after ${retry.maxRetries} attempts`);
+}
+
+// src/runner/page-runner.ts
+init_fs();
+init_logger();
+async function runPageAudits(pageEntry, config, browserContext, audits, runDir, registry) {
+  const start = Date.now();
+  const url = `${config.baseURL}${pageEntry.path}`;
+  const page = await browserContext.newPage();
+  if (registry) {
+    await registry.runHook("beforePage", { config, pageEntry, page });
+  }
+  const consoleMessages = [];
+  page.on("console", (msg) => {
+    consoleMessages.push({ type: msg.type(), text: msg.text() });
+  });
+  let navigationResponse = null;
+  try {
+    navigationResponse = await navigateWithRetry(
+      page,
+      url,
+      config.retry,
+      "domcontentloaded"
+    );
+  } catch (err) {
+    log.error(`Failed to navigate to ${url}: ${err.message}`);
+  }
+  const ctx = {
+    page,
+    browserContext,
+    pageEntry,
+    config,
+    runDir,
+    navigationResponse,
+    consoleMessages
+  };
+  const pageAudits = audits.filter(
+    (a) => !pageEntry.skipAudits?.includes(a.name)
+  );
+  const auditResults = [];
+  for (const audit of pageAudits) {
+    if (registry) {
+      await registry.runHook("beforeAudit", { audit, auditContext: ctx });
+    }
+    const auditStart = Date.now();
+    let result;
+    try {
+      result = await audit.run(ctx);
+      result.duration = Date.now() - auditStart;
+    } catch (err) {
+      result = {
+        audit: audit.name,
+        page: pageEntry.name,
+        passed: false,
+        severity: "fail",
+        message: `Audit error: ${err.message}`,
+        duration: Date.now() - auditStart
+      };
+    }
+    auditResults.push(result);
+    if (registry) {
+      await registry.runHook("afterAudit", { audit, result });
+    }
+  }
+  let screenshotPath;
+  if (config.output.screenshots) {
+    const anyFailed = auditResults.some((r) => !r.passed);
+    if (!config.output.screenshotOnFailOnly || anyFailed) {
+      try {
+        const pageDir = import_path9.default.join(runDir, "screenshots", sanitize(pageEntry.name));
+        ensureDir(pageDir);
+        const status = anyFailed ? "fail" : "pass";
+        screenshotPath = import_path9.default.join(pageDir, `page-${status}.png`);
+        await page.screenshot({ path: screenshotPath, fullPage: true });
+      } catch {
+      }
+    }
+  }
+  const pageResult = {
+    page: pageEntry.name,
+    path: pageEntry.path,
+    url,
+    audits: auditResults,
+    screenshotPath,
+    duration: Date.now() - start
+  };
+  if (registry) {
+    await registry.runHook("afterPage", { config, pageEntry, pageResult });
+  }
+  await page.close();
+  return pageResult;
+}
+
+// src/runner/parallel.ts
+init_cjs_shims();
+init_logger();
+async function runPagesParallel(pages, config, browserContext, audits, runDir, registry, concurrency, failFast) {
+  const results = new Array(pages.length);
+  let currentIndex = 0;
+  let aborted = false;
+  async function worker() {
+    while (!aborted) {
+      const index = currentIndex++;
+      if (index >= pages.length) break;
+      const pageEntry = pages[index];
+      log.plain(`  [${index + 1}/${pages.length}] ${pageEntry.name} (${pageEntry.path})`);
+      const result = await runPageAudits(
+        pageEntry,
+        config,
+        browserContext,
+        audits,
+        runDir,
+        registry
+      );
+      results[index] = result;
+      for (const audit of result.audits) {
+        const icon = audit.passed ? "  \u2713" : audit.severity === "warning" ? "  \u26A0" : "  \u2717";
+        const duration = audit.duration ? `${audit.duration}ms` : "";
+        log.plain(
+          `${icon} ${audit.audit.padEnd(20)} ${audit.message.padEnd(30)} ${duration}`
+        );
+      }
+      log.plain("");
+      if (failFast && result.audits.some((a) => a.severity === "fail")) {
+        log.warn("Fail fast enabled \u2014 stopping after first failure");
+        aborted = true;
+      }
+    }
+  }
+  const workerCount = Math.min(concurrency, pages.length);
+  const workers = Array.from({ length: workerCount }, () => worker());
+  await Promise.all(workers);
+  return results.filter(Boolean);
+}
+
+// src/runner/setup.ts
+init_cjs_shims();
+var import_path10 = __toESM(require("path"), 1);
+init_fs();
+function setupRunDirectory(outputBaseDir) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+  const runDir = import_path10.default.join(outputBaseDir, `run-${timestamp}`);
+  const screenshotsDir = import_path10.default.join(runDir, "screenshots");
+  cleanDir(outputBaseDir);
+  ensureDir(screenshotsDir);
+  return { runDir, screenshotsDir };
+}
+
+// src/reporters/index.ts
+init_cjs_shims();
+
+// src/reporters/json.ts
+init_cjs_shims();
+var import_path11 = __toESM(require("path"), 1);
+init_fs();
+init_logger();
+function reportJson(result, runDir) {
+  const filePath = import_path11.default.join(runDir, "results.json");
+  writeJson(filePath, result);
+  log.dim(`  JSON report: ${filePath}`);
+}
+
+// src/reporters/terminal.ts
+init_cjs_shims();
+var import_chalk2 = __toESM(require("chalk"), 1);
+function reportTerminal(result) {
+  const { summary } = result;
+  console.log("");
+  console.log(import_chalk2.default.bold("\u2500".repeat(60)));
+  console.log(import_chalk2.default.bold("  Summary"));
+  console.log(import_chalk2.default.bold("\u2500".repeat(60)));
+  console.log("");
+  console.log(`  Total audits:  ${summary.totalAudits}`);
+  console.log(
+    `  ${import_chalk2.default.green("\u2713 Passed:")}      ${summary.passed}`
+  );
+  if (summary.failed > 0) {
+    console.log(
+      `  ${import_chalk2.default.red("\u2717 Failed:")}      ${summary.failed}`
+    );
+  }
+  if (summary.warnings > 0) {
+    console.log(
+      `  ${import_chalk2.default.yellow("\u26A0 Warnings:")}    ${summary.warnings}`
+    );
+  }
+  if (summary.skipped > 0) {
+    console.log(
+      `  ${import_chalk2.default.dim("\u25CB Skipped:")}     ${summary.skipped}`
+    );
+  }
+  console.log(
+    `  Duration:      ${(summary.duration / 1e3).toFixed(1)}s`
+  );
+  console.log("");
+  const failedAudits = result.pages.flatMap(
+    (p) => p.audits.filter((a) => a.severity === "fail")
+  );
+  if (failedAudits.length > 0) {
+    console.log(import_chalk2.default.red.bold("  Failed Audits:"));
+    for (const audit of failedAudits) {
+      console.log(
+        import_chalk2.default.red(`    \u2717 ${audit.page} \u2192 ${audit.audit}: ${audit.message}`)
+      );
+    }
+    console.log("");
+  }
+  if (summary.failed > 0) {
+    console.log(
+      import_chalk2.default.red.bold(`  Result: FAIL (${summary.failed} failure(s))`)
+    );
+  } else if (summary.warnings > 0) {
+    console.log(
+      import_chalk2.default.yellow.bold(`  Result: PASS with ${summary.warnings} warning(s)`)
+    );
+  } else {
+    console.log(import_chalk2.default.green.bold("  Result: PASS"));
+  }
+  console.log("");
+}
+
+// src/reporters/index.ts
+init_html();
+
+// src/reporters/junit.ts
+init_cjs_shims();
+var import_fs16 = __toESM(require("fs"), 1);
+var import_path13 = __toESM(require("path"), 1);
+init_fs();
+init_logger();
+function escapeXml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+function buildTestCase(audit) {
+  const name = escapeXml(`${audit.page} - ${audit.audit}`);
+  const time = audit.duration ? (audit.duration / 1e3).toFixed(3) : "0.000";
+  if (audit.severity === "pass") {
+    return `    <testcase name="${name}" classname="${escapeXml(audit.page)}" time="${time}" />
+`;
+  }
+  if (audit.severity === "skip") {
+    return `    <testcase name="${name}" classname="${escapeXml(audit.page)}" time="${time}">
+      <skipped message="${escapeXml(audit.message)}" />
+    </testcase>
+`;
+  }
+  const tag = audit.severity === "fail" ? "failure" : "failure";
+  return `    <testcase name="${name}" classname="${escapeXml(audit.page)}" time="${time}">
+      <${tag} message="${escapeXml(audit.message)}" type="${escapeXml(audit.severity)}">${escapeXml(audit.message)}</${tag}>
+    </testcase>
+`;
+}
+function buildTestSuite(page, index) {
+  const tests = page.audits.length;
+  const failures = page.audits.filter((a) => a.severity === "fail").length;
+  const skipped = page.audits.filter((a) => a.severity === "skip").length;
+  const time = (page.duration / 1e3).toFixed(3);
+  let xml = `  <testsuite name="${escapeXml(page.page)}" tests="${tests}" failures="${failures}" skipped="${skipped}" time="${time}" id="${index}">
+`;
+  for (const audit of page.audits) {
+    xml += buildTestCase(audit);
+  }
+  xml += `  </testsuite>
+`;
+  return xml;
+}
+function reportJunit(result, runDir) {
+  const { summary } = result;
+  const time = (summary.duration / 1e3).toFixed(3);
+  let xml = `<?xml version="1.0" encoding="UTF-8"?>
+`;
+  xml += `<testsuites name="webguardx" tests="${summary.totalAudits}" failures="${summary.failed}" skipped="${summary.skipped}" time="${time}">
+`;
+  result.pages.forEach((page, i) => {
+    xml += buildTestSuite(page, i);
+  });
+  xml += `</testsuites>
+`;
+  const filePath = import_path13.default.join(runDir, "results.xml");
+  ensureDir(runDir);
+  import_fs16.default.writeFileSync(filePath, xml, "utf-8");
+  log.dim(`  JUnit report: ${filePath}`);
+}
+
+// src/reporters/screenshot.ts
+init_cjs_shims();
+init_logger();
+function reportScreenshots(result) {
+  const captured = result.pages.filter((p) => p.screenshotPath);
+  if (captured.length > 0) {
+    log.dim(`  Screenshots:  ${captured.length} page(s) captured`);
+  }
+}
+
+// src/reporters/index.ts
+init_logger();
+async function runReporters(result, config, runDir, pluginReporters = []) {
+  const formats = config.output.formats;
+  if (formats.includes("terminal")) {
+    reportTerminal(result);
+  }
+  log.dim("  Output:");
+  if (formats.includes("json")) {
+    reportJson(result, runDir);
+  }
+  if (formats.includes("html")) {
+    reportHtml(result, runDir);
+  }
+  if (formats.includes("junit")) {
+    reportJunit(result, runDir);
+  }
+  if (config.output.screenshots) {
+    reportScreenshots(result);
+  }
+  for (const reporter of pluginReporters) {
+    try {
+      await reporter.run(result, runDir, config);
+      log.dim(`  ${reporter.name}: done`);
+    } catch (err) {
+      log.warn(`Reporter '${reporter.name}' failed: ${err.message}`);
+    }
+  }
+  log.plain("");
+}
+
+// src/plugins/index.ts
+init_cjs_shims();
+
+// src/plugins/registry.ts
+init_cjs_shims();
+init_logger();
+var PluginRegistry = class {
+  plugins = [];
+  register(plugin) {
+    this.plugins.push(plugin);
+  }
+  getPluginAudits() {
+    return this.plugins.flatMap((p) => p.audits ?? []);
+  }
+  getPluginReporters() {
+    return this.plugins.flatMap((p) => p.reporters ?? []);
+  }
+  async runHook(hookName, ctx) {
+    for (const plugin of this.plugins) {
+      const hook = plugin.hooks?.[hookName];
+      if (hook) {
+        try {
+          await hook(ctx);
+        } catch (err) {
+          log.warn(
+            `Plugin '${plugin.name}' hook '${hookName}' failed: ${err.message}`
+          );
+        }
+      }
+    }
+  }
+};
+
+// src/plugins/loader.ts
+init_cjs_shims();
+init_logger();
+async function loadPlugins(pluginEntries) {
+  const plugins = [];
+  for (const entry of pluginEntries) {
+    if (typeof entry === "string") {
+      try {
+        const { createJiti } = await import("jiti");
+        const jiti = createJiti(importMetaUrl);
+        const mod = await jiti.import(entry);
+        const plugin = mod.default ?? mod;
+        plugins.push(plugin);
+        log.dim(`  Loaded plugin: ${plugin.name ?? entry}`);
+      } catch (err) {
+        log.warn(`Failed to load plugin '${entry}': ${err.message}`);
+      }
+    } else {
+      plugins.push(entry);
+    }
+  }
+  return plugins;
+}
+
+// src/runner/index.ts
+init_logger();
+async function run(config, options = {}) {
+  const start = Date.now();
+  if (options.headed !== void 0) {
+    config.browser.headless = !options.headed;
+  }
+  const registry = new PluginRegistry();
+  if (config.plugins.length > 0) {
+    const plugins = await loadPlugins(config.plugins);
+    for (const plugin of plugins) {
+      registry.register(plugin);
+    }
+  }
+  const { runDir } = setupRunDirectory(config.output.dir);
+  const authResult = await authenticate(config.auth, runDir);
+  const browser = await import_playwright4.chromium.launch({
+    headless: config.browser.headless
+  });
+  const contextOptions = {
+    viewport: config.browser.viewport
+  };
+  if (authResult?.storageStatePath) {
+    contextOptions.storageState = authResult.storageStatePath;
+  }
+  if (authResult?.extraHeaders) {
+    contextOptions.extraHTTPHeaders = authResult.extraHeaders;
+  }
+  const browserContext = await browser.newContext(contextOptions);
+  await registry.runHook("beforeAll", { config, browserContext });
+  let audits = getEnabledAudits(
+    config.audits,
+    registry.getPluginAudits(),
+    config.customAudits
+  );
+  if (options.auditsFilter?.length) {
+    audits = audits.filter((a) => options.auditsFilter.includes(a.name));
+  }
+  const enabledAuditNames = audits.map((a) => a.name);
+  let pages = config.pages;
+  if (options.pagesFilter?.length) {
+    pages = pages.filter((p) => options.pagesFilter.includes(p.name));
+  }
+  log.plain("");
+  log.info(`Base URL: ${config.baseURL}`);
+  log.info(`Pages:    ${pages.length}`);
+  log.info(`Audits:   ${enabledAuditNames.join(", ")}`);
+  if (config.plugins.length > 0) {
+    log.info(`Plugins:  ${config.plugins.length}`);
+  }
+  if (config.runner.concurrency > 1) {
+    log.info(`Workers:  ${config.runner.concurrency}`);
+  }
+  log.plain("");
+  let pageResults;
+  if (config.runner.concurrency > 1) {
+    pageResults = await runPagesParallel(
+      pages,
+      config,
+      browserContext,
+      audits,
+      runDir,
+      registry,
+      config.runner.concurrency,
+      config.runner.failFast
+    );
+  } else {
+    pageResults = [];
+    for (let i = 0; i < pages.length; i++) {
+      const pageEntry = pages[i];
+      log.plain(`  [${i + 1}/${pages.length}] ${pageEntry.name} (${pageEntry.path})`);
+      const result = await runPageAudits(
+        pageEntry,
+        config,
+        browserContext,
+        audits,
+        runDir,
+        registry
+      );
+      pageResults.push(result);
+      for (const audit of result.audits) {
+        const icon = audit.passed ? "  \u2713" : audit.severity === "warning" ? "  \u26A0" : "  \u2717";
+        const duration = audit.duration ? `${audit.duration}ms` : "";
+        log.plain(`${icon} ${audit.audit.padEnd(20)} ${audit.message.padEnd(30)} ${duration}`);
+      }
+      log.plain("");
+      if (config.runner.failFast && result.audits.some((a) => a.severity === "fail")) {
+        log.warn("Fail fast enabled \u2014 stopping after first failure");
+        break;
+      }
+    }
+  }
+  await browserContext.close();
+  await browser.close();
+  const allAudits = pageResults.flatMap((p) => p.audits);
+  const runResult = {
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    config: {
+      baseURL: config.baseURL,
+      totalPages: pages.length,
+      auditsEnabled: enabledAuditNames
+    },
+    pages: pageResults,
+    summary: {
+      totalAudits: allAudits.length,
+      passed: allAudits.filter((a) => a.severity === "pass").length,
+      failed: allAudits.filter((a) => a.severity === "fail").length,
+      warnings: allAudits.filter((a) => a.severity === "warning").length,
+      skipped: allAudits.filter((a) => a.severity === "skip").length,
+      duration: Date.now() - start
+    }
+  };
+  await registry.runHook("afterAll", { config, result: runResult });
+  await runReporters(runResult, config, runDir, registry.getPluginReporters());
+  return runResult;
+}
+
+// src/baseline/index.ts
+init_cjs_shims();
+
+// src/baseline/storage.ts
+init_cjs_shims();
+var import_path14 = __toESM(require("path"), 1);
+var import_fs18 = __toESM(require("fs"), 1);
+init_logger();
+var BASELINE_FILENAME = "baseline.json";
+function saveBaseline(result, outputDir) {
+  const baselinePath = import_path14.default.join(outputDir, BASELINE_FILENAME);
+  import_fs18.default.writeFileSync(baselinePath, JSON.stringify(result, null, 2));
+  log.success(`Baseline saved: ${baselinePath}`);
+}
+function loadBaseline(outputDir) {
+  const baselinePath = import_path14.default.join(outputDir, BASELINE_FILENAME);
+  if (!import_fs18.default.existsSync(baselinePath)) return null;
+  try {
+    return JSON.parse(import_fs18.default.readFileSync(baselinePath, "utf-8"));
+  } catch {
+    log.warn("Failed to parse baseline file");
+    return null;
+  }
+}
+
+// src/baseline/diff.ts
+init_cjs_shims();
+function compareRuns(baseline, current) {
+  const changes = [];
+  const baselineMap = /* @__PURE__ */ new Map();
+  for (const page of baseline.pages) {
+    for (const audit of page.audits) {
+      baselineMap.set(`${page.page}::${audit.audit}`, {
+        severity: audit.severity,
+        message: audit.message
+      });
+    }
+  }
+  const currentMap = /* @__PURE__ */ new Map();
+  for (const page of current.pages) {
+    for (const audit of page.audits) {
+      const key = `${page.page}::${audit.audit}`;
+      const entry = { severity: audit.severity, message: audit.message };
+      currentMap.set(key, entry);
+      const prev = baselineMap.get(key);
+      if (!prev) {
+        changes.push({
+          page: page.page,
+          audit: audit.audit,
+          type: "new",
+          current: entry
+        });
+      } else if (prev.severity !== audit.severity) {
+        const type = audit.severity === "pass" || audit.severity === "skip" ? "improvement" : "regression";
+        changes.push({
+          page: page.page,
+          audit: audit.audit,
+          type,
+          baseline: prev,
+          current: entry
+        });
+      } else {
+        changes.push({
+          page: page.page,
+          audit: audit.audit,
+          type: "unchanged",
+          baseline: prev,
+          current: entry
+        });
+      }
+    }
+  }
+  for (const [key, val] of baselineMap) {
+    if (!currentMap.has(key)) {
+      const [page, audit] = key.split("::");
+      changes.push({ page, audit, type: "removed", baseline: val });
+    }
+  }
+  return {
+    baselineTimestamp: baseline.timestamp,
+    currentTimestamp: current.timestamp,
+    changes,
+    summary: {
+      regressions: changes.filter((c) => c.type === "regression").length,
+      improvements: changes.filter((c) => c.type === "improvement").length,
+      unchanged: changes.filter((c) => c.type === "unchanged").length,
+      newAudits: changes.filter((c) => c.type === "new").length,
+      removedAudits: changes.filter((c) => c.type === "removed").length
+    }
+  };
+}
+
+// src/bin/cli.ts
+init_logger();
+var pkg = JSON.parse(
+  import_fs19.default.readFileSync(new URL("../../package.json", importMetaUrl), "utf-8")
+);
+var program = new import_commander.Command();
+program.name("webguardx").description("Full-page web audit framework").version(pkg.version);
+program.command("init").description("Scaffold a webguard config in the current directory").action(async () => {
+  const cwd = process.cwd();
+  const configPath = import_path15.default.join(cwd, "webguard.config.ts");
+  if (import_fs19.default.existsSync(configPath)) {
+    log.warn("webguard.config.ts already exists. Skipping.");
+    return;
+  }
+  const templatesDir = import_path15.default.resolve(
+    new URL("../../templates/init", importMetaUrl).pathname
+  );
+  const templateConfig = import_path15.default.join(templatesDir, "webguard.config.ts");
+  if (import_fs19.default.existsSync(templateConfig)) {
+    import_fs19.default.copyFileSync(templateConfig, configPath);
+    log.success("Created webguard.config.ts");
+  } else {
+    import_fs19.default.writeFileSync(
+      configPath,
+      `import { defineConfig } from "webguardx";
+
+export default defineConfig({
+  baseURL: "https://example.com",
+
+  pages: [
+    { name: "Home", path: "/" },
+    { name: "About", path: "/about" },
+  ],
+
+  auth: {
+    method: "none",
+  },
+
+  audits: {
+    httpStatus: true,
+    contentVisibility: true,
+    accessibility: true,
+    lighthouse: false,
+    brokenLinks: false,
+    consoleErrors: true,
+  },
+
+  output: {
+    dir: "./webguard-results",
+    formats: ["terminal", "html", "json"],
+    screenshots: true,
+  },
+});
+`,
+      "utf-8"
+    );
+    log.success("Created webguard.config.ts");
+  }
+  const envExampleDest = import_path15.default.join(cwd, ".env.example");
+  if (!import_fs19.default.existsSync(envExampleDest)) {
+    const templateEnv = import_path15.default.join(templatesDir, ".env.example");
+    if (import_fs19.default.existsSync(templateEnv)) {
+      import_fs19.default.copyFileSync(templateEnv, envExampleDest);
+    } else {
+      import_fs19.default.writeFileSync(
+        envExampleDest,
+        `# Webguard environment variables
+# EMAIL=user@example.com
+# PASSWORD=your-password
+`,
+        "utf-8"
+      );
+    }
+    log.success("Created .env.example");
+  }
+  const gitignorePath = import_path15.default.join(cwd, ".gitignore");
+  const gitignoreEntries = ["webguard-results/", ".env"];
+  if (import_fs19.default.existsSync(gitignorePath)) {
+    const existing = import_fs19.default.readFileSync(gitignorePath, "utf-8");
+    const toAdd = gitignoreEntries.filter(
+      (e) => !existing.includes(e)
+    );
+    if (toAdd.length > 0) {
+      import_fs19.default.appendFileSync(
+        gitignorePath,
+        `
+# Webguard
+${toAdd.join("\n")}
+`
+      );
+      log.success("Updated .gitignore");
+    }
+  } else {
+    import_fs19.default.writeFileSync(
+      gitignorePath,
+      `node_modules/
+# Webguard
+${gitignoreEntries.join("\n")}
+`,
+      "utf-8"
+    );
+    log.success("Created .gitignore");
+  }
+  console.log("");
+  log.info("Next steps:");
+  log.plain("  1. Edit webguard.config.ts with your pages & auth");
+  log.plain("  2. Run: npx webguard run");
+  console.log("");
+});
+program.command("run").description("Run all audits").option("-c, --config <path>", "Path to config file").option("--headed", "Run browser in headed mode").option(
+  "--pages <names>",
+  "Comma-separated page names to audit",
+  (val) => val.split(",").map((s) => s.trim())
+).option(
+  "--audits <names>",
+  "Comma-separated audit names to run",
+  (val) => val.split(",").map((s) => s.trim())
+).option("--diff", "Compare results with saved baseline").action(async (opts) => {
+  try {
+    const dotenv = await import("dotenv");
+    dotenv.config();
+    console.log("");
+    console.log(
+      import_chalk3.default.bold(`  webguard ${import_chalk3.default.dim(`v${pkg.version}`)}`)
+    );
+    console.log("");
+    const config = await loadConfig(opts.config);
+    const result = await run(config, {
+      headed: opts.headed,
+      pagesFilter: opts.pages,
+      auditsFilter: opts.audits
+    });
+    if (opts.diff || config.baseline.enabled) {
+      const outputDir = import_path15.default.resolve(config.output.dir);
+      const baseline = loadBaseline(outputDir);
+      if (baseline) {
+        const comparison = compareRuns(baseline, result);
+        console.log(import_chalk3.default.bold("  Baseline Comparison:"));
+        if (comparison.summary.regressions > 0) {
+          console.log(import_chalk3.default.red(`    ${comparison.summary.regressions} regression(s)`));
+        }
+        if (comparison.summary.improvements > 0) {
+          console.log(import_chalk3.default.green(`    ${comparison.summary.improvements} improvement(s)`));
+        }
+        console.log(import_chalk3.default.dim(`    ${comparison.summary.unchanged} unchanged`));
+        if (comparison.summary.newAudits > 0) {
+          console.log(import_chalk3.default.blue(`    ${comparison.summary.newAudits} new audit(s)`));
+        }
+        console.log("");
+      } else {
+        log.dim("  No baseline found. Run 'webguard baseline save' to create one.");
+      }
+      if (config.baseline.updateOnPass && result.summary.failed === 0) {
+        saveBaseline(result, import_path15.default.resolve(config.output.dir));
+      }
+    }
+    if (result.summary.failed > 0) {
+      process.exit(1);
+    }
+  } catch (err) {
+    log.error(err.message);
+    process.exit(1);
+  }
+});
+program.command("report").description("Open or regenerate the HTML report from the last run").option("-c, --config <path>", "Path to config file").option("--open", "Open the report in default browser").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    const outputDir = import_path15.default.resolve(config.output.dir);
+    if (!import_fs19.default.existsSync(outputDir)) {
+      log.error(`No output directory found at ${outputDir}`);
+      process.exit(1);
+    }
+    const runs = import_fs19.default.readdirSync(outputDir).filter((d) => d.startsWith("run-")).sort().reverse();
+    if (runs.length === 0) {
+      log.error("No runs found. Run 'webguard run' first.");
+      process.exit(1);
+    }
+    const latestRun = import_path15.default.join(outputDir, runs[0]);
+    const htmlReport = import_path15.default.join(latestRun, "report.html");
+    const jsonReport = import_path15.default.join(latestRun, "results.json");
+    if (!import_fs19.default.existsSync(htmlReport) && import_fs19.default.existsSync(jsonReport)) {
+      const { reportHtml: reportHtml2 } = await Promise.resolve().then(() => (init_html(), html_exports));
+      const result = JSON.parse(import_fs19.default.readFileSync(jsonReport, "utf-8"));
+      reportHtml2(result, latestRun);
+      log.success("Regenerated HTML report");
+    }
+    if (import_fs19.default.existsSync(htmlReport)) {
+      log.info(`Report: ${htmlReport}`);
+      if (opts.open) {
+        const { exec } = await import("child_process");
+        const openCmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+        exec(`${openCmd} "${htmlReport}"`);
+      }
+    } else {
+      log.error("No HTML report found. Run 'webguard run' first.");
+      process.exit(1);
+    }
+  } catch (err) {
+    log.error(err.message);
+    process.exit(1);
+  }
+});
+program.command("validate").description("Validate config file without running audits").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    log.success("Config is valid");
+    log.info(`Base URL: ${config.baseURL}`);
+    log.info(`Pages:    ${config.pages.length}`);
+    log.info(`Audits:   ${Object.entries(config.audits).filter(([, v]) => v).map(([k]) => k).join(", ")}`);
+    if (config.plugins.length > 0) {
+      log.info(`Plugins:  ${config.plugins.length}`);
+    }
+  } catch (err) {
+    log.error(err.message);
+    process.exit(1);
+  }
+});
+var baselineCmd = program.command("baseline").description("Manage baseline for regression comparison");
+baselineCmd.command("save").description("Save the latest run as baseline").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    const outputDir = import_path15.default.resolve(config.output.dir);
+    const runs = import_fs19.default.readdirSync(outputDir).filter((d) => d.startsWith("run-")).sort().reverse();
+    if (runs.length === 0) {
+      log.error("No runs found. Run 'webguard run' first.");
+      process.exit(1);
+    }
+    const latestRun = import_path15.default.join(outputDir, runs[0]);
+    const jsonReport = import_path15.default.join(latestRun, "results.json");
+    if (!import_fs19.default.existsSync(jsonReport)) {
+      log.error("No results.json found in latest run.");
+      process.exit(1);
+    }
+    const result = JSON.parse(import_fs19.default.readFileSync(jsonReport, "utf-8"));
+    saveBaseline(result, outputDir);
+  } catch (err) {
+    log.error(err.message);
+    process.exit(1);
+  }
+});
+baselineCmd.command("show").description("Show current baseline summary").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    const outputDir = import_path15.default.resolve(config.output.dir);
+    const baseline = loadBaseline(outputDir);
+    if (!baseline) {
+      log.info("No baseline saved yet.");
+      return;
+    }
+    log.info(`Baseline from: ${baseline.timestamp}`);
+    log.info(`Pages: ${baseline.pages.length}`);
+    log.info(
+      `Results: ${baseline.summary.passed} passed, ${baseline.summary.failed} failed, ${baseline.summary.warnings} warnings`
+    );
+  } catch (err) {
+    log.error(err.message);
+    process.exit(1);
+  }
+});
+program.command("diff").description("Compare the latest run with the baseline").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    const outputDir = import_path15.default.resolve(config.output.dir);
+    const baseline = loadBaseline(outputDir);
+    if (!baseline) {
+      log.error("No baseline found. Run 'webguard baseline save' first.");
+      process.exit(1);
+    }
+    const runs = import_fs19.default.readdirSync(outputDir).filter((d) => d.startsWith("run-")).sort().reverse();
+    if (runs.length === 0) {
+      log.error("No runs found. Run 'webguard run' first.");
+      process.exit(1);
+    }
+    const latestRun = import_path15.default.join(outputDir, runs[0]);
+    const jsonReport = import_path15.default.join(latestRun, "results.json");
+    if (!import_fs19.default.existsSync(jsonReport)) {
+      log.error("No results.json found in latest run.");
+      process.exit(1);
+    }
+    const current = JSON.parse(import_fs19.default.readFileSync(jsonReport, "utf-8"));
+    const comparison = compareRuns(baseline, current);
+    console.log("");
+    console.log(import_chalk3.default.bold("  Baseline Comparison"));
+    console.log(import_chalk3.default.dim(`  ${comparison.baselineTimestamp} \u2192 ${comparison.currentTimestamp}`));
+    console.log("");
+    if (comparison.summary.regressions > 0) {
+      console.log(import_chalk3.default.red.bold(`  Regressions: ${comparison.summary.regressions}`));
+      for (const c of comparison.changes.filter((x) => x.type === "regression")) {
+        console.log(import_chalk3.default.red(`    \u2717 ${c.page} \u2192 ${c.audit}: ${c.baseline?.severity} \u2192 ${c.current?.severity}`));
+      }
+      console.log("");
+    }
+    if (comparison.summary.improvements > 0) {
+      console.log(import_chalk3.default.green.bold(`  Improvements: ${comparison.summary.improvements}`));
+      for (const c of comparison.changes.filter((x) => x.type === "improvement")) {
+        console.log(import_chalk3.default.green(`    \u2713 ${c.page} \u2192 ${c.audit}: ${c.baseline?.severity} \u2192 ${c.current?.severity}`));
+      }
+      console.log("");
+    }
+    console.log(import_chalk3.default.dim(`  Unchanged: ${comparison.summary.unchanged}`));
+    if (comparison.summary.newAudits > 0) {
+      console.log(import_chalk3.default.blue(`  New audits: ${comparison.summary.newAudits}`));
+    }
+    if (comparison.summary.removedAudits > 0) {
+      console.log(import_chalk3.default.yellow(`  Removed audits: ${comparison.summary.removedAudits}`));
+    }
+    console.log("");
+  } catch (err) {
+    log.error(err.message);
+    process.exit(1);
+  }
+});
+program.parse();
+//# sourceMappingURL=cli.cjs.map