ai-testing-swarm 0.1.12__tar.gz → 0.1.14__tar.gz

{ai_testing_swarm-0.1.12/src/ai_testing_swarm.egg-info → ai_testing_swarm-0.1.14}/PKG-INFO

@@ -1,17 +1,19 @@
 Metadata-Version: 2.4
 Name: ai-testing-swarm
-Version: 0.1.12
+Version: 0.1.14
 Summary: AI-powered testing swarm
 Author-email: Arif Shah <ashah7775@gmail.com>
 License: MIT
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
+Provides-Extra: openapi
+Requires-Dist: jsonschema>=4.0; extra == "openapi"
 
 # AI Testing Swarm
 
 AI Testing Swarm is a **super-advanced, mutation-driven API testing framework** (with optional OpenAPI + OpenAI augmentation) built on top of **pytest**.
 
-It generates a large set of deterministic negative/edge/security test cases for an API request, executes them (optionally in parallel, with retries/throttling), and produces a JSON report with summaries.
+It generates a large set of deterministic negative/edge/security test cases for an API request, executes them (optionally in parallel, with retries/throttling), and produces a report (JSON/Markdown/HTML) with summaries.
 
 > Notes:
 > - UI testing is not the focus of the current releases.
@@ -25,6 +27,12 @@ It generates a large set of deterministic negative/edge/security test cases for
 pip install ai-testing-swarm
 ```
 
+Optional (OpenAPI JSON schema validation for responses):
+
+```bash
+pip install "ai-testing-swarm[openapi]"
+```
+
 CLI entrypoint:
 
 ```bash
@@ -49,9 +57,15 @@ Run:
 ai-test --input request.json
 ```
 
-A JSON report is written under:
+Choose a report format:
+
+```bash
+ai-test --input request.json --report-format html
+```
+
+A report is written under:
 
-- `./ai_swarm_reports/<METHOD>_<endpoint>/<METHOD>_<endpoint>_<timestamp>.json`
+- `./ai_swarm_reports/<METHOD>_<endpoint>/<METHOD>_<endpoint>_<timestamp>.<json|md|html>`
 
 Reports include:
 - per-test results
@@ -97,6 +111,8 @@ Reports include:
 - OpenAPI **JSON** works by default.
 - OpenAPI **YAML** requires `PyYAML` installed.
 - Base URL is read from `spec.servers[0].url`.
+- When using OpenAPI input, the swarm will also *optionally* validate response status codes against `operation.responses`.
+- If `jsonschema` is installed (via `ai-testing-swarm[openapi]`) and the response is JSON, response bodies are validated against the OpenAPI `application/json` schema.
   - Override with `AI_SWARM_OPENAPI_BASE_URL` if your spec doesn’t include servers.
 
 ---

ai_testing_swarm-0.1.12/PKG-INFO → ai_testing_swarm-0.1.14/README.md

@@ -1,17 +1,8 @@
-Metadata-Version: 2.4
-Name: ai-testing-swarm
-Version: 0.1.12
-Summary: AI-powered testing swarm
-Author-email: Arif Shah <ashah7775@gmail.com>
-License: MIT
-Requires-Python: >=3.9
-Description-Content-Type: text/markdown
-
 # AI Testing Swarm
 
 AI Testing Swarm is a **super-advanced, mutation-driven API testing framework** (with optional OpenAPI + OpenAI augmentation) built on top of **pytest**.
 
-It generates a large set of deterministic negative/edge/security test cases for an API request, executes them (optionally in parallel, with retries/throttling), and produces a JSON report with summaries.
+It generates a large set of deterministic negative/edge/security test cases for an API request, executes them (optionally in parallel, with retries/throttling), and produces a report (JSON/Markdown/HTML) with summaries.
 
 > Notes:
 > - UI testing is not the focus of the current releases.
@@ -25,6 +16,12 @@ It generates a large set of deterministic negative/edge/security test cases for
 pip install ai-testing-swarm
 ```
 
+Optional (OpenAPI JSON schema validation for responses):
+
+```bash
+pip install "ai-testing-swarm[openapi]"
+```
+
 CLI entrypoint:
 
 ```bash
@@ -49,9 +46,15 @@ Run:
 ai-test --input request.json
 ```
 
-A JSON report is written under:
+Choose a report format:
+
+```bash
+ai-test --input request.json --report-format html
+```
+
+A report is written under:
 
-- `./ai_swarm_reports/<METHOD>_<endpoint>/<METHOD>_<endpoint>_<timestamp>.json`
+- `./ai_swarm_reports/<METHOD>_<endpoint>/<METHOD>_<endpoint>_<timestamp>.<json|md|html>`
 
 Reports include:
 - per-test results
@@ -97,6 +100,8 @@ Reports include:
 - OpenAPI **JSON** works by default.
 - OpenAPI **YAML** requires `PyYAML` installed.
 - Base URL is read from `spec.servers[0].url`.
+- When using OpenAPI input, the swarm will also *optionally* validate response status codes against `operation.responses`.
+- If `jsonschema` is installed (via `ai-testing-swarm[openapi]`) and the response is JSON, response bodies are validated against the OpenAPI `application/json` schema.
   - Override with `AI_SWARM_OPENAPI_BASE_URL` if your spec doesn’t include servers.
 
 ---

{ai_testing_swarm-0.1.12 → ai_testing_swarm-0.1.14}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ai-testing-swarm"
-version = "0.1.12"
+version = "0.1.14"
 description = "AI-powered testing swarm"
 readme = "README.md"
 requires-python = ">=3.9"
@@ -13,6 +13,11 @@ authors = [
 ]
 license = { text = "MIT" }
 
+[project.optional-dependencies]
+openapi = [
+  "jsonschema>=4.0",
+]
+
 [project.scripts]
 ai-test = "ai_testing_swarm.cli:main"
 

ai_testing_swarm-0.1.14/src/ai_testing_swarm/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.14"

{ai_testing_swarm-0.1.12 → ai_testing_swarm-0.1.14}/src/ai_testing_swarm/agents/execution_agent.py

@@ -137,6 +137,27 @@ class ExecutionAgent:
                 except Exception:
                     body_snippet = resp.text
 
+                openapi_validation = []
+                try:
+                    ctx = request.get("_openapi") or {}
+                    if isinstance(ctx, dict) and ctx.get("spec") and ctx.get("path") and ctx.get("method"):
+                        # If method was mutated to something else, we can't reliably map to an OpenAPI op.
+                        if str(ctx.get("method")).upper() == str(method).upper():
+                            from ai_testing_swarm.core.openapi_validator import validate_openapi_response
+
+                            issues = validate_openapi_response(
+                                spec=ctx["spec"],
+                                path=ctx["path"],
+                                method=ctx["method"],
+                                status_code=resp.status_code,
+                                response_headers=dict(resp.headers),
+                                response_json=body_snippet if isinstance(body_snippet, (dict, list)) else None,
+                            )
+                            openapi_validation = [i.__dict__ for i in issues]
+                except Exception:
+                    # Best-effort only; never fail execution on validator issues.
+                    openapi_validation = []
+
                 return {
                     "name": test["name"],
                     "mutation": mutation,
@@ -151,7 +172,9 @@ class ExecutionAgent:
                         "status_code": resp.status_code,
                         "elapsed_ms": elapsed_ms,
                         "attempt": attempt,
+                        "headers": dict(resp.headers),
                         "body_snippet": body_snippet,
+                        "openapi_validation": openapi_validation,
                     },
                 }
 

{ai_testing_swarm-0.1.12 → ai_testing_swarm-0.1.14}/src/ai_testing_swarm/agents/llm_reasoning_agent.py

@@ -120,7 +120,7 @@ class LLMReasoningAgent:
         if mutation:
             strategy = mutation.get("strategy")
 
-            # Content negotiation / Accept header negative tests
+            # Header tampering / content negotiation tests
             if status_code == 406 and strategy == "headers":
                 return {
                     "type": "content_negotiation",
@@ -128,6 +128,14 @@ class LLMReasoningAgent:
                     "explanation": "406 Not Acceptable after Accept/header mutation (expected)"
                 }
 
+            # Header tampering accepted (2xx) can be risky depending on the mutation
+            if 200 <= status_code < 300 and strategy == "headers":
+                return {
+                    "type": "headers_accepted",
+                    "confidence": 0.8,
+                    "explanation": "Header mutation still returned 2xx (review if expected)"
+                }
+
             # Wrong-method negative test accepted => risk
             if 200 <= status_code < 300 and strategy == "method_misuse":
                 return {
@@ -143,6 +151,14 @@ class LLMReasoningAgent:
                     "explanation": "400 response after required parameter removal"
                 }
 
+            # Missing param accepted (2xx) is often weak validation (risky)
+            if 200 <= status_code < 300 and strategy == "missing_param":
+                return {
+                    "type": "missing_param_accepted",
+                    "confidence": 1.0,
+                    "explanation": "Parameter removal still returned 2xx (potential missing validation)"
+                }
+
             if status_code == 400 and strategy == "null_param":
                 return {
                     "type": "missing_param",
@@ -150,6 +166,13 @@ class LLMReasoningAgent:
                     "explanation": "400 response after nullifying parameter"
                 }
 
+            if 200 <= status_code < 300 and strategy == "null_param":
+                return {
+                    "type": "null_param_accepted",
+                    "confidence": 1.0,
+                    "explanation": "Nullified parameter still returned 2xx (potential weak validation)"
+                }
+
             if status_code == 400 and strategy == "invalid_param":
                 return {
                     "type": "invalid_param",
@@ -157,6 +180,13 @@ class LLMReasoningAgent:
                     "explanation": "400 response after invalid parameter mutation"
                 }
 
+            if 200 <= status_code < 300 and strategy == "invalid_param":
+                return {
+                    "type": "invalid_param_accepted",
+                    "confidence": 1.0,
+                    "explanation": "Invalid parameter still returned 2xx (potential weak validation)"
+                }
+
             # ✅ FIX: security payload blocked → SAFE
             if status_code >= 400 and status_code < 500 and strategy == "security":
                 return {

{ai_testing_swarm-0.1.12 → ai_testing_swarm-0.1.14}/src/ai_testing_swarm/agents/release_gate_agent.py

@@ -96,6 +96,11 @@ class ReleaseGateAgent:
     # ⚠️ Ambiguous behavior (release with caution)
     RISKY_FAILURES = {
         "unknown",
+        "missing_param_accepted",
+        "null_param_accepted",
+        "invalid_param_accepted",
+        "headers_accepted",
+        "method_risk",
     }
 
     # ✅ EXPECTED & HEALTHY system behavior

{ai_testing_swarm-0.1.12 → ai_testing_swarm-0.1.14}/src/ai_testing_swarm/cli.py

@@ -31,7 +31,7 @@ def normalize_request(payload: dict) -> dict:
         from ai_testing_swarm.core.openapi_loader import load_openapi, build_request_from_openapi
 
         spec = load_openapi(payload["openapi"])
-        return build_request_from_openapi(
+        req = build_request_from_openapi(
             spec,
             path=payload["path"],
             method=payload["method"],
@@ -40,6 +40,14 @@ def normalize_request(payload: dict) -> dict:
             query_params=payload.get("query_params") or {},
             body=payload.get("body"),
         )
+        # Attach OpenAPI context for optional response validation/reporting.
+        req["_openapi"] = {
+            "source": payload["openapi"],
+            "path": payload["path"],
+            "method": str(payload["method"]).upper(),
+            "spec": spec,
+        }
+        return req
 
     # Case 2: already normalized
     required_keys = {"method", "url"}
@@ -92,6 +100,13 @@ def main():
         help="Safety: allow only public test hosts (httpbin/postman-echo/reqres) for this run",
     )
 
+    parser.add_argument(
+        "--report-format",
+        default="json",
+        choices=["json", "md", "html"],
+        help="Report format to write (default: json)",
+    )
+
     args = parser.parse_args()
 
     # ------------------------------------------------------------
@@ -112,7 +127,7 @@ def main():
         import os
         os.environ["AI_SWARM_PUBLIC_ONLY"] = "1"
 
-    decision, results = SwarmOrchestrator().run(request)
+    decision, results = SwarmOrchestrator().run(request, report_format=args.report_format)
 
     # ------------------------------------------------------------
     # Console output

ai_testing_swarm-0.1.14/src/ai_testing_swarm/core/openapi_validator.py

@@ -0,0 +1,157 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+
+
+@dataclass
+class OpenAPIValidationIssue:
+    type: str
+    message: str
+    details: dict | None = None
+
+
+def _matches_status_key(status_code: int, key: str) -> bool:
+    """OpenAPI response keys can be explicit ("200"), wildcard ("2XX"), or "default"."""
+    key = str(key).strip().upper()
+    if key == "DEFAULT":
+        return True
+    if len(key) == 3 and key.endswith("XX") and key[0].isdigit():
+        return int(key[0]) == int(status_code / 100)
+    return key == str(status_code)
+
+
+def _get_operation(spec: dict, *, path: str, method: str) -> dict | None:
+    paths = spec.get("paths") or {}
+    op = (paths.get(path) or {}).get(str(method).lower())
+    if isinstance(op, dict):
+        return op
+    return None
+
+
+def validate_openapi_response(
+    *,
+    spec: dict,
+    path: str,
+    method: str,
+    status_code: int | None,
+    response_headers: dict | None = None,
+    response_json=None,
+) -> list[OpenAPIValidationIssue]:
+    """Validate a response against an OpenAPI operation.
+
+    - Status code must be declared in operation.responses (supports 2XX and default)
+    - If response appears to be JSON and jsonschema is installed, validate body
+
+    Returns a list of issues (empty => OK or validation skipped).
+    """
+
+    issues: list[OpenAPIValidationIssue] = []
+
+    op = _get_operation(spec, path=path, method=method)
+    if not op:
+        return [
+            OpenAPIValidationIssue(
+                type="openapi_operation_missing",
+                message=f"Operation not found in spec: {str(method).upper()} {path}",
+            )
+        ]
+
+    responses = op.get("responses") or {}
+    if status_code is None:
+        # Network errors etc. Not an OpenAPI mismatch.
+        return issues
+
+    # --------------------
+    # Status validation
+    # --------------------
+    declared_keys = [str(k) for k in responses.keys()]
+    if declared_keys:
+        if not any(_matches_status_key(int(status_code), k) for k in declared_keys):
+            issues.append(
+                OpenAPIValidationIssue(
+                    type="openapi_status",
+                    message=f"Status {status_code} not declared in OpenAPI responses: {declared_keys}",
+                    details={"status_code": status_code, "declared": declared_keys},
+                )
+            )
+
+    # --------------------
+    # JSON schema validation (optional)
+    # --------------------
+    ct = ""
+    if response_headers and isinstance(response_headers, dict):
+        for k, v in response_headers.items():
+            if str(k).lower() == "content-type" and v:
+                ct = str(v).lower()
+                break
+
+    is_json = isinstance(response_json, (dict, list))
+    if not is_json:
+        # if body wasn't parsed as JSON, skip schema validation
+        return issues
+
+    if ct and "json" not in ct:
+        # Respect explicit non-JSON content-type
+        return issues
+
+    # Find best matching response schema: exact > 2XX > default
+    chosen_resp: dict | None = None
+    for k in (str(status_code), f"{int(status_code/100)}XX", "default"):
+        if k in responses:
+            chosen_resp = responses.get(k)
+            break
+
+    if not isinstance(chosen_resp, dict):
+        return issues
+
+    content = chosen_resp.get("content") or {}
+    schema = None
+    if isinstance(content, dict):
+        app_json = content.get("application/json") or content.get("application/*+json")
+        if isinstance(app_json, dict):
+            schema = app_json.get("schema")
+
+    if not schema:
+        return issues
+
+    try:
+        import jsonschema  # type: ignore
+
+        # Resolve in-document refs like #/components/schemas/X
+        resolver = jsonschema.RefResolver.from_schema(spec)  # type: ignore[attr-defined]
+        validator_cls = jsonschema.validators.validator_for(schema)  # type: ignore[attr-defined]
+        validator_cls.check_schema(schema)
+        validator = validator_cls(schema, resolver=resolver)
+        errors = sorted(validator.iter_errors(response_json), key=lambda e: list(e.path))
+        if errors:
+            # Keep just the first few errors for signal.
+            details = {
+                "error_count": len(errors),
+                "errors": [
+                    {
+                        "message": e.message,
+                        "path": list(e.path),
+                        "schema_path": list(e.schema_path),
+                    }
+                    for e in errors[:5]
+                ],
+            }
+            issues.append(
+                OpenAPIValidationIssue(
+                    type="openapi_schema",
+                    message="Response JSON does not match OpenAPI schema",
+                    details=details,
+                )
+            )
+    except ImportError:
+        # Optional dependency not installed: status validation still works.
+        return issues
+    except Exception as e:
+        issues.append(
+            OpenAPIValidationIssue(
+                type="openapi_schema_error",
+                message=f"OpenAPI schema validation failed: {e}",
+            )
+        )
+
+    return issues

{ai_testing_swarm-0.1.12 → ai_testing_swarm-0.1.14}/src/ai_testing_swarm/orchestrator.py

@@ -19,6 +19,15 @@ EXPECTED_FAILURES = {
     "content_negotiation",
 }
 
+RISKY_FAILURES = {
+    "unknown",
+    "missing_param_accepted",
+    "null_param_accepted",
+    "invalid_param_accepted",
+    "headers_accepted",
+    "method_risk",
+}
+
 class SwarmOrchestrator:
     """
     Central brain of the AI Testing Swarm.
@@ -31,7 +40,7 @@ class SwarmOrchestrator:
         self.learner = LearningAgent()
         self.release_gate = ReleaseGateAgent()
 
-    def run(self, request: dict):
+    def run(self, request: dict, *, report_format: str = "json"):
         """Runs the full AI testing swarm and returns (decision, results)."""
 
         # Safety hook (currently no-op; kept for backward compatibility)
@@ -64,7 +73,9 @@ class SwarmOrchestrator:
                 "confidence": classification.get("confidence", 1.0),
                 "failure_type": classification.get("type"),
                 "status": (
-                    "PASSED" if classification.get("type") in EXPECTED_FAILURES else "FAILED"
+                    "PASSED" if classification.get("type") in EXPECTED_FAILURES
+                    else "RISK" if classification.get("type") in RISKY_FAILURES
+                    else "FAILED"
                 ),
             })
             # Optional learning step
@@ -111,8 +122,8 @@ class SwarmOrchestrator:
         except Exception as e:
             meta["ai_summary_error"] = str(e)
 
-        report_path = write_report(request, results, meta=meta)
-        logger.info("📄 Swarm JSON report written to: %s", report_path)
-        print(f"📄 Swarm JSON report written to: {report_path}")
+        report_path = write_report(request, results, meta=meta, report_format=report_format)
+        logger.info("📄 Swarm report written to: %s", report_path)
+        print(f"📄 Swarm report written to: {report_path}")
 
         return decision, results

ai_testing_swarm-0.1.14/src/ai_testing_swarm/reporting/report_writer.py

@@ -0,0 +1,327 @@
+import json
+import os
+import re
+from datetime import datetime
+from pathlib import Path
+from urllib.parse import urlparse
+
+
+# ============================================================
+# 🔍 FIND CALLER PROJECT ROOT (NOT PACKAGE ROOT)
+# ============================================================
+def find_execution_root() -> Path:
+    """
+    Resolve project root based on WHERE tests are executed from,
+    not where this package lives.
+    """
+    current = Path.cwd().resolve()
+
+    while current != current.parent:
+        if any(
+            (current / marker).exists()
+            for marker in (
+                "pyproject.toml",
+                "setup.py",
+                "requirements.txt",
+                ".git",
+            )
+        ):
+            return current
+        current = current.parent
+
+    # Fallback: use cwd directly
+    return Path.cwd().resolve()
+
+
+PROJECT_ROOT = find_execution_root()
+REPORTS_DIR = PROJECT_ROOT / "ai_swarm_reports"
+
+
+# ============================================================
+# 🧹 UTILS
+# ============================================================
+def extract_endpoint_name(method: str, url: str) -> str:
+    """
+    POST https://preprod-api.getepichome.in/api/validate-gst/
+    -> POST_validate-gst
+    """
+    parsed = urlparse(url)
+    parts = [p for p in parsed.path.split("/") if p]
+
+    endpoint = parts[-1] if parts else "root"
+    endpoint = re.sub(r"[^a-zA-Z0-9_-]", "-", endpoint)
+
+    return f"{method}_{endpoint}"
+
+
+# ============================================================
+# 📝 REPORT WRITER
+# ============================================================
+from ai_testing_swarm.core.config import AI_SWARM_SLA_MS
+
+SENSITIVE_HEADER_KEYS = {
+    "authorization",
+    "cookie",
+    "set-cookie",
+    "api-token",
+    "api-secret-key",
+    "x-api-key",
+}
+
+
+def _redact_headers(headers: dict) -> dict:
+    if not isinstance(headers, dict):
+        return headers
+    out = {}
+    for k, v in headers.items():
+        if str(k).lower() in SENSITIVE_HEADER_KEYS and v is not None:
+            out[k] = "***REDACTED***"
+        else:
+            out[k] = v
+    return out
+
+
+def _redact_results(results: list) -> list:
+    redacted = []
+    for r in results:
+        r = dict(r)
+        req = dict(r.get("request") or {})
+        req["headers"] = _redact_headers(req.get("headers") or {})
+        r["request"] = req
+        redacted.append(r)
+    return redacted
+
+
+def _markdown_escape(s: str) -> str:
+    return str(s).replace("`", "\\`")
+
+
+def _render_markdown(report: dict) -> str:
+    lines: list[str] = []
+    lines.append(f"# AI Testing Swarm Report")
+    lines.append("")
+    lines.append(f"**Endpoint:** `{_markdown_escape(report.get('endpoint'))}`  ")
+    lines.append(f"**Run time:** `{_markdown_escape(report.get('run_time'))}`  ")
+    lines.append(f"**Total tests:** `{report.get('total_tests')}`")
+    lines.append("")
+
+    summary = report.get("summary") or {}
+    counts_ft = summary.get("counts_by_failure_type") or {}
+    counts_sc = summary.get("counts_by_status_code") or {}
+
+    lines.append("## Summary")
+    lines.append("")
+    lines.append("### Counts by failure type")
+    for k, v in sorted(counts_ft.items(), key=lambda kv: (-kv[1], kv[0])):
+        lines.append(f"- **{_markdown_escape(k)}**: {v}")
+
+    lines.append("")
+    lines.append("### Counts by status code")
+    for k, v in sorted(counts_sc.items(), key=lambda kv: (-kv[1], kv[0])):
+        lines.append(f"- **{_markdown_escape(k)}**: {v}")
+
+    # Risky findings
+    results = report.get("results") or []
+    risky = [r for r in results if str(r.get("status")) == "RISK"]
+    failed = [r for r in results if str(r.get("status")) == "FAILED"]
+
+    lines.append("")
+    lines.append("## Top risky findings")
+    if not risky and not failed:
+        lines.append("- (none)")
+    else:
+        top = (risky + failed)[:10]
+        for r in top:
+            resp = r.get("response") or {}
+            sc = resp.get("status_code")
+            lines.append(
+                f"- **{_markdown_escape(r.get('status'))}** `{_markdown_escape(r.get('name'))}` "
+                f"(status={sc}, failure_type={_markdown_escape(r.get('failure_type'))})"
+            )
+
+    return "\n".join(lines) + "\n"
+
+
+def _html_escape(s: str) -> str:
+    return (
+        str(s)
+        .replace("&", "&")
+        .replace("<", "&lt;")
+        .replace(">", "&gt;")
+        .replace('"', "&quot;")
+        .replace("'", "&#39;")
+    )
+
+
+def _render_html(report: dict) -> str:
+    endpoint = _html_escape(report.get("endpoint"))
+    run_time = _html_escape(report.get("run_time"))
+    total_tests = report.get("total_tests")
+    summary = report.get("summary") or {}
+
+    results = report.get("results") or []
+    risky = [r for r in results if str(r.get("status")) == "RISK"]
+    failed = [r for r in results if str(r.get("status")) == "FAILED"]
+    top_risky = (risky + failed)[:10]
+
+    def _kv_list(d: dict) -> str:
+        items = sorted((d or {}).items(), key=lambda kv: (-kv[1], kv[0]))
+        return "".join(f"<li><b>{_html_escape(k)}</b>: {v}</li>" for k, v in items) or "<li>(none)</li>"
+
+    def _pre(obj) -> str:
+        try:
+            txt = json.dumps(obj, indent=2, ensure_ascii=False)
+        except Exception:
+            txt = str(obj)
+        return f"<pre>{_html_escape(txt)}</pre>"
+
+    rows = []
+    for r in results:
+        resp = r.get("response") or {}
+        issues = resp.get("openapi_validation") or []
+        status = _html_escape(r.get("status"))
+        name = _html_escape(r.get("name"))
+        failure_type = _html_escape(r.get("failure_type"))
+        sc = _html_escape(resp.get("status_code"))
+        elapsed = _html_escape(resp.get("elapsed_ms"))
+        badge = {
+            "PASSED": "badge passed",
+            "FAILED": "badge failed",
+            "RISK": "badge risk",
+        }.get(r.get("status"), "badge")
+
+        rows.append(
+            "<details class='case'>"
+            f"<summary><span class='{badge}'>{status}</span> "
+            f"<b>{name}</b> — status={sc}, elapsed_ms={elapsed}, failure_type={failure_type}"
+            f"{(' — openapi_issues=' + str(len(issues))) if issues else ''}"
+            "</summary>"
+            "<div class='grid'>"
+            f"<div><h4>Request</h4>{_pre(r.get('request'))}</div>"
+            f"<div><h4>Response</h4>{_pre(resp)}</div>"
+            f"<div><h4>Reasoning</h4>{_pre({k: r.get(k) for k in ('reason','confidence','failure_type','status')})}</div>"
+            "</div>"
+            "</details>"
+        )
+
+    top_list = "".join(
+        f"<li><b>{_html_escape(r.get('status'))}</b> {_html_escape(r.get('name'))}"
+        f" (failure_type={_html_escape(r.get('failure_type'))})</li>"
+        for r in top_risky
+    ) or "<li>(none)</li>"
+
+    css = """
+    body{font-family:ui-sans-serif,system-ui,Segoe UI,Roboto,Arial; margin:20px;}
+    .meta{color:#444;margin-bottom:16px}
+    .grid{display:grid; grid-template-columns: 1fr 1fr 1fr; gap:12px; margin-top:10px}
+    pre{background:#0b1020;color:#e6e6e6;padding:10px;border-radius:8px;overflow:auto;max-height:360px}
+    details.case{border:1px solid #ddd; border-radius:10px; padding:10px; margin:10px 0}
+    summary{cursor:pointer}
+    .badge{display:inline-block; padding:2px 8px; border-radius:999px; font-size:12px; margin-right:8px; border:1px solid #aaa}
+    .badge.passed{background:#e6ffed;border-color:#36b37e}
+    .badge.failed{background:#ffebe6;border-color:#ff5630}
+    .badge.risk{background:#fff7e6;border-color:#ffab00}
+    """
+
+    return f"""<!doctype html>
+<html>
+<head>
+<meta charset='utf-8'/>
+<title>AI Testing Swarm Report</title>
+<style>{css}</style>
+</head>
+<body>
+<h1>AI Testing Swarm Report</h1>
+<div class='meta'>
+  <div><b>Endpoint:</b> <code>{endpoint}</code></div>
+  <div><b>Run time:</b> <code>{run_time}</code></div>
+  <div><b>Total tests:</b> <code>{total_tests}</code></div>
+</div>
+
+<h2>Summary</h2>
+<div class='grid'>
+  <div><h3>Counts by failure type</h3><ul>{_kv_list(summary.get('counts_by_failure_type') or {})}</ul></div>
+  <div><h3>Counts by status code</h3><ul>{_kv_list(summary.get('counts_by_status_code') or {})}</ul></div>
+  <div><h3>Top risky findings</h3><ul>{top_list}</ul></div>
+</div>
+
+<h2>Results</h2>
+{''.join(rows)}
+
+</body>
+</html>"""
+
+
+def write_report(
+    request: dict,
+    results: list,
+    *,
+    meta: dict | None = None,
+    report_format: str = "json",
+) -> str:
+    """Write a swarm report.
+
+    report_format:
+      - json (default): full machine-readable report
+      - md: human-readable markdown summary
+      - html: single-file HTML report with collapsible sections
+    """
+
+    REPORTS_DIR.mkdir(exist_ok=True)
+
+    method = request.get("method", "UNKNOWN")
+    url = request.get("url", "")
+
+    endpoint_name = extract_endpoint_name(method, url)
+    timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+
+    endpoint_dir = REPORTS_DIR / endpoint_name
+    endpoint_dir.mkdir(parents=True, exist_ok=True)
+
+    safe_results = _redact_results(results)
+
+    summary = {
+        "counts_by_failure_type": {},
+        "counts_by_status_code": {},
+        "slow_tests": [],
+    }
+
+    for r in safe_results:
+        ft = r.get("failure_type") or "unknown"
+        summary["counts_by_failure_type"][ft] = summary["counts_by_failure_type"].get(ft, 0) + 1
+
+        sc = (r.get("response") or {}).get("status_code")
+        sc_key = str(sc)
+        summary["counts_by_status_code"][sc_key] = summary["counts_by_status_code"].get(sc_key, 0) + 1
+
+        elapsed = (r.get("response") or {}).get("elapsed_ms")
+        if isinstance(elapsed, int) and elapsed > AI_SWARM_SLA_MS:
+            summary["slow_tests"].append({"name": r.get("name"), "elapsed_ms": elapsed})
+
+    report = {
+        "endpoint": f"{method} {url}",
+        "run_time": timestamp,
+        "total_tests": len(safe_results),
+        "summary": summary,
+        "meta": meta or {},
+        "results": safe_results,
+    }
+
+    report_format = (report_format or "json").lower().strip()
+    if report_format not in {"json", "md", "html"}:
+        report_format = "json"
+
+    ext = {"json": "json", "md": "md", "html": "html"}[report_format]
+    report_path = endpoint_dir / f"{endpoint_name}_{timestamp}.{ext}"
+
+    if report_format == "json":
+        with open(report_path, "w", encoding="utf-8") as f:
+            json.dump(report, f, indent=2)
+    elif report_format == "md":
+        with open(report_path, "w", encoding="utf-8") as f:
+            f.write(_render_markdown(report))
+    else:
+        with open(report_path, "w", encoding="utf-8") as f:
+            f.write(_render_html(report))
+
+    return str(report_path)

ai_testing_swarm-0.1.12/README.md → ai_testing_swarm-0.1.14/src/ai_testing_swarm.egg-info/PKG-INFO

@@ -1,8 +1,19 @@
+Metadata-Version: 2.4
+Name: ai-testing-swarm
+Version: 0.1.14
+Summary: AI-powered testing swarm
+Author-email: Arif Shah <ashah7775@gmail.com>
+License: MIT
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Provides-Extra: openapi
+Requires-Dist: jsonschema>=4.0; extra == "openapi"
+
 # AI Testing Swarm
 
 AI Testing Swarm is a **super-advanced, mutation-driven API testing framework** (with optional OpenAPI + OpenAI augmentation) built on top of **pytest**.
 
-It generates a large set of deterministic negative/edge/security test cases for an API request, executes them (optionally in parallel, with retries/throttling), and produces a JSON report with summaries.
+It generates a large set of deterministic negative/edge/security test cases for an API request, executes them (optionally in parallel, with retries/throttling), and produces a report (JSON/Markdown/HTML) with summaries.
 
 > Notes:
 > - UI testing is not the focus of the current releases.
@@ -16,6 +27,12 @@ It generates a large set of deterministic negative/edge/security test cases for
 pip install ai-testing-swarm
 ```
 
+Optional (OpenAPI JSON schema validation for responses):
+
+```bash
+pip install "ai-testing-swarm[openapi]"
+```
+
 CLI entrypoint:
 
 ```bash
@@ -40,9 +57,15 @@ Run:
 ai-test --input request.json
 ```
 
-A JSON report is written under:
+Choose a report format:
+
+```bash
+ai-test --input request.json --report-format html
+```
+
+A report is written under:
 
-- `./ai_swarm_reports/<METHOD>_<endpoint>/<METHOD>_<endpoint>_<timestamp>.json`
+- `./ai_swarm_reports/<METHOD>_<endpoint>/<METHOD>_<endpoint>_<timestamp>.<json|md|html>`
 
 Reports include:
 - per-test results
@@ -88,6 +111,8 @@ Reports include:
 - OpenAPI **JSON** works by default.
 - OpenAPI **YAML** requires `PyYAML` installed.
 - Base URL is read from `spec.servers[0].url`.
+- When using OpenAPI input, the swarm will also *optionally* validate response status codes against `operation.responses`.
+- If `jsonschema` is installed (via `ai-testing-swarm[openapi]`) and the response is JSON, response bodies are validated against the OpenAPI `application/json` schema.
   - Override with `AI_SWARM_OPENAPI_BASE_URL` if your spec doesn’t include servers.
 
 ---

{ai_testing_swarm-0.1.12 → ai_testing_swarm-0.1.14}/src/ai_testing_swarm.egg-info/SOURCES.txt

@@ -7,6 +7,7 @@ src/ai_testing_swarm.egg-info/PKG-INFO
 src/ai_testing_swarm.egg-info/SOURCES.txt
 src/ai_testing_swarm.egg-info/dependency_links.txt
 src/ai_testing_swarm.egg-info/entry_points.txt
+src/ai_testing_swarm.egg-info/requires.txt
 src/ai_testing_swarm.egg-info/top_level.txt
 src/ai_testing_swarm/agents/__init__.py
 src/ai_testing_swarm/agents/execution_agent.py
@@ -22,9 +23,11 @@ src/ai_testing_swarm/core/config.py
 src/ai_testing_swarm/core/curl_parser.py
 src/ai_testing_swarm/core/openai_client.py
 src/ai_testing_swarm/core/openapi_loader.py
+src/ai_testing_swarm/core/openapi_validator.py
 src/ai_testing_swarm/core/safety.py
 src/ai_testing_swarm/reporting/__init__.py
 src/ai_testing_swarm/reporting/report_writer.py
 tests/test_openapi_loader.py
+tests/test_openapi_validator.py
 tests/test_policy_expected_negatives.py
 tests/test_swarm_api.py

ai_testing_swarm-0.1.14/src/ai_testing_swarm.egg-info/requires.txt

@@ -0,0 +1,3 @@
+
+[openapi]
+jsonschema>=4.0

{ai_testing_swarm-0.1.12 → ai_testing_swarm-0.1.14}/tests/test_openapi_loader.py

@@ -16,3 +16,4 @@ def test_openapi_normalize_builds_request():
     assert req["method"] == "POST"
     assert req["url"].startswith("https://postman-echo.com/post")
     assert req["body"]["hello"] == "world"
+    assert req.get("_openapi", {}).get("path") == "/post"

ai_testing_swarm-0.1.14/tests/test_openapi_validator.py

@@ -0,0 +1,77 @@
+import pytest
+
+from ai_testing_swarm.core.openapi_validator import validate_openapi_response
+
+
+def _spec_with_schema():
+    return {
+        "openapi": "3.0.0",
+        "info": {"title": "t", "version": "1"},
+        "paths": {
+            "/pets": {
+                "get": {
+                    "responses": {
+                        "200": {
+                            "description": "ok",
+                            "content": {
+                                "application/json": {
+                                    "schema": {
+                                        "type": "object",
+                                        "properties": {"id": {"type": "integer"}},
+                                        "required": ["id"],
+                                    }
+                                }
+                            },
+                        },
+                        "400": {"description": "bad"},
+                    }
+                }
+            }
+        },
+    }
+
+
+def test_openapi_status_validation_fails_on_undeclared_status():
+    spec = _spec_with_schema()
+    issues = validate_openapi_response(
+        spec=spec,
+        path="/pets",
+        method="GET",
+        status_code=418,
+        response_headers={"content-type": "application/json"},
+        response_json={"id": 1},
+    )
+    assert any(i.type == "openapi_status" for i in issues)
+
+
+def test_openapi_status_validation_supports_wildcard_2xx():
+    spec = {
+        "openapi": "3.0.0",
+        "info": {"title": "t", "version": "1"},
+        "paths": {"/x": {"get": {"responses": {"2XX": {"description": "ok"}}}}},
+    }
+    issues = validate_openapi_response(
+        spec=spec,
+        path="/x",
+        method="GET",
+        status_code=201,
+        response_headers={"content-type": "application/json"},
+        response_json={"ok": True},
+    )
+    assert not any(i.type == "openapi_status" for i in issues)
+
+
+def test_openapi_schema_validation_flags_mismatch_when_jsonschema_installed():
+    pytest.importorskip("jsonschema")
+    spec = _spec_with_schema()
+
+    issues = validate_openapi_response(
+        spec=spec,
+        path="/pets",
+        method="GET",
+        status_code=200,
+        response_headers={"content-type": "application/json"},
+        response_json={"id": "not-an-int"},
+    )
+
+    assert any(i.type == "openapi_schema" for i in issues)

ai_testing_swarm-0.1.12/src/ai_testing_swarm/__init__.py

@@ -1 +0,0 @@
-__version__ = "0.1.12"

ai_testing_swarm-0.1.12/src/ai_testing_swarm/reporting/report_writer.py

@@ -1,147 +0,0 @@
-import json
-import os
-import re
-from datetime import datetime
-from pathlib import Path
-from urllib.parse import urlparse
-
-
-# ============================================================
-# 🔍 FIND CALLER PROJECT ROOT (NOT PACKAGE ROOT)
-# ============================================================
-def find_execution_root() -> Path:
-    """
-    Resolve project root based on WHERE tests are executed from,
-    not where this package lives.
-    """
-    current = Path.cwd().resolve()
-
-    while current != current.parent:
-        if any(
-            (current / marker).exists()
-            for marker in (
-                "pyproject.toml",
-                "setup.py",
-                "requirements.txt",
-                ".git",
-            )
-        ):
-            return current
-        current = current.parent
-
-    # Fallback: use cwd directly
-    return Path.cwd().resolve()
-
-
-PROJECT_ROOT = find_execution_root()
-REPORTS_DIR = PROJECT_ROOT / "ai_swarm_reports"
-
-
-# ============================================================
-# 🧹 UTILS
-# ============================================================
-def extract_endpoint_name(method: str, url: str) -> str:
-    """
-    POST https://preprod-api.getepichome.in/api/validate-gst/
-    -> POST_validate-gst
-    """
-    parsed = urlparse(url)
-    parts = [p for p in parsed.path.split("/") if p]
-
-    endpoint = parts[-1] if parts else "root"
-    endpoint = re.sub(r"[^a-zA-Z0-9_-]", "-", endpoint)
-
-    return f"{method}_{endpoint}"
-
-
-# ============================================================
-# 📝 REPORT WRITER
-# ============================================================
-from ai_testing_swarm.core.config import AI_SWARM_SLA_MS
-
-SENSITIVE_HEADER_KEYS = {
-    "authorization",
-    "cookie",
-    "set-cookie",
-    "api-token",
-    "api-secret-key",
-    "x-api-key",
-}
-
-
-def _redact_headers(headers: dict) -> dict:
-    if not isinstance(headers, dict):
-        return headers
-    out = {}
-    for k, v in headers.items():
-        if str(k).lower() in SENSITIVE_HEADER_KEYS and v is not None:
-            out[k] = "***REDACTED***"
-        else:
-            out[k] = v
-    return out
-
-
-def _redact_results(results: list) -> list:
-    redacted = []
-    for r in results:
-        r = dict(r)
-        req = dict(r.get("request") or {})
-        req["headers"] = _redact_headers(req.get("headers") or {})
-        r["request"] = req
-        redacted.append(r)
-    return redacted
-
-
-def write_report(request: dict, results: list, *, meta: dict | None = None) -> str:
-    REPORTS_DIR.mkdir(exist_ok=True)
-
-    method = request.get("method", "UNKNOWN")
-    url = request.get("url", "")
-
-    endpoint_name = extract_endpoint_name(method, url)
-    timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
-
-    # report_path = REPORTS_DIR / f"{timestamp}_{endpoint_name}.json"
-    # 🔥 PER-ENDPOINT FOLDER
-    endpoint_dir = REPORTS_DIR / endpoint_name
-    endpoint_dir.mkdir(parents=True, exist_ok=True)
-
-    # 🔥 FILE NAME FORMAT
-    report_path = endpoint_dir / f"{endpoint_name}_{timestamp}.json"
-
-    safe_results = _redact_results(results)
-
-    # Summary (counts + performance)
-    summary = {
-        "counts_by_failure_type": {},
-        "counts_by_status_code": {},
-        "slow_tests": [],
-    }
-
-    for r in safe_results:
-        ft = r.get("failure_type") or "unknown"
-        summary["counts_by_failure_type"][ft] = summary["counts_by_failure_type"].get(ft, 0) + 1
-
-        sc = (r.get("response") or {}).get("status_code")
-        sc_key = str(sc)
-        summary["counts_by_status_code"][sc_key] = summary["counts_by_status_code"].get(sc_key, 0) + 1
-
-        elapsed = (r.get("response") or {}).get("elapsed_ms")
-        if isinstance(elapsed, int) and elapsed > AI_SWARM_SLA_MS:
-            summary["slow_tests"].append({"name": r.get("name"), "elapsed_ms": elapsed})
-
-    report = {
-        "endpoint": f"{method} {url}",
-        "run_time": timestamp,
-        "total_tests": len(safe_results),
-        "summary": summary,
-        "meta": meta or {},
-        "results": safe_results,
-    }
-
-    with open(report_path, "w") as f:
-        json.dump(report, f, indent=2)
-
-    print(f"📄 Swarm JSON report written to: {report_path}")
-
-    return str(report_path)