ai-testing-swarm 0.1.16__tar.gz → 0.1.17__tar.gz

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ai-testing-swarm
-Version: 0.1.16
+Version: 0.1.17
 Summary: AI-powered testing swarm
 Author-email: Arif Shah <ashah7775@gmail.com>
 License: MIT
@@ -119,6 +119,10 @@ Reports include:
 - Base URL is read from `spec.servers[0].url`.
 - When using OpenAPI input, the swarm will also *optionally* validate response status codes against `operation.responses`.
 - If `jsonschema` is installed (via `ai-testing-swarm[openapi]`) and the response is JSON, response bodies are validated against the OpenAPI `application/json` schema.
+- If an OpenAPI requestBody schema exists for the operation, the planner can also generate **schema-based request-body fuzz cases**:
+  - schema-valid edge cases (boundary values that should still validate)
+  - schema-invalid variants (missing required fields, wrong types, out-of-range, etc.)
+  - Controlled via CLI flags like `--no-openapi-fuzz` / `--openapi-fuzz-max-*`.
   - Override with `AI_SWARM_OPENAPI_BASE_URL` if your spec doesn’t include servers.
 
 ---
@@ -223,6 +227,16 @@ Reports include:
 A static dashboard index is generated at:
 - `./ai_swarm_reports/index.html` (latest JSON report per endpoint, sorted by regressions/risk)
 
+### Regression gate (CI)
+
+To fail CI when the run regresses vs the previous JSON report for the same endpoint:
+
+```bash
+ai-test --input request.json --fail-on-regression
+```
+
+This checks `report.trend.regression_count` and exits with a non-zero code if regressions are detected.
+
 SLA threshold:
 - `AI_SWARM_SLA_MS` (default: `2000`)
 

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/README.md

@@ -104,6 +104,10 @@ Reports include:
 - Base URL is read from `spec.servers[0].url`.
 - When using OpenAPI input, the swarm will also *optionally* validate response status codes against `operation.responses`.
 - If `jsonschema` is installed (via `ai-testing-swarm[openapi]`) and the response is JSON, response bodies are validated against the OpenAPI `application/json` schema.
+- If an OpenAPI requestBody schema exists for the operation, the planner can also generate **schema-based request-body fuzz cases**:
+  - schema-valid edge cases (boundary values that should still validate)
+  - schema-invalid variants (missing required fields, wrong types, out-of-range, etc.)
+  - Controlled via CLI flags like `--no-openapi-fuzz` / `--openapi-fuzz-max-*`.
   - Override with `AI_SWARM_OPENAPI_BASE_URL` if your spec doesn’t include servers.
 
 ---
@@ -208,6 +212,16 @@ Reports include:
 A static dashboard index is generated at:
 - `./ai_swarm_reports/index.html` (latest JSON report per endpoint, sorted by regressions/risk)
 
+### Regression gate (CI)
+
+To fail CI when the run regresses vs the previous JSON report for the same endpoint:
+
+```bash
+ai-test --input request.json --fail-on-regression
+```
+
+This checks `report.trend.regression_count` and exits with a non-zero code if regressions are detected.
+
 SLA threshold:
 - `AI_SWARM_SLA_MS` (default: `2000`)
 

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ai-testing-swarm"
-version = "0.1.16"
+version = "0.1.17"
 description = "AI-powered testing swarm"
 readme = "README.md"
 requires-python = ">=3.9"

ai_testing_swarm-0.1.17/src/ai_testing_swarm/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.17"

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/src/ai_testing_swarm/agents/test_planner_agent.py

@@ -363,7 +363,58 @@ class TestPlannerAgent:
             for key, value in body.items():
                 add_field_mutations("body", key, value)
 
-        # 6) Optional OpenAI augmentation (best-effort)
+        # 6) Optional OpenAPI schema-based request-body fuzzing (best-effort)
+        try:
+            from ai_testing_swarm.core.config import (
+                AI_SWARM_OPENAPI_FUZZ,
+                AI_SWARM_OPENAPI_FUZZ_MAX_DEPTH,
+                AI_SWARM_OPENAPI_FUZZ_MAX_INVALID,
+                AI_SWARM_OPENAPI_FUZZ_MAX_VALID,
+            )
+
+            if AI_SWARM_OPENAPI_FUZZ and isinstance(request.get("_openapi"), dict):
+                ctx = request.get("_openapi") or {}
+                spec = ctx.get("spec")
+                path0 = ctx.get("path")
+                method0 = ctx.get("method")
+
+                if isinstance(spec, dict) and isinstance(path0, str) and isinstance(method0, str):
+                    from ai_testing_swarm.core.openapi_fuzzer import generate_request_body_fuzz_cases
+
+                    fuzz_cases = generate_request_body_fuzz_cases(
+                        spec=spec,
+                        path=path0,
+                        method=method0,
+                        max_valid=AI_SWARM_OPENAPI_FUZZ_MAX_VALID,
+                        max_invalid=AI_SWARM_OPENAPI_FUZZ_MAX_INVALID,
+                        max_depth=AI_SWARM_OPENAPI_FUZZ_MAX_DEPTH,
+                    )
+
+                    existing = {t["name"] for t in tests}
+                    for fc in fuzz_cases:
+                        name = fc.name
+                        if name in existing:
+                            continue
+                        tests.append(
+                            {
+                                "name": name,
+                                "mutation": {
+                                    "target": "body_whole",
+                                    "path": [],
+                                    "operation": "REPLACE",
+                                    "original_value": body,
+                                    "new_value": fc.body,
+                                    "strategy": "openapi_fuzz_valid" if fc.is_valid else "openapi_fuzz_invalid",
+                                    "openapi": {"is_valid": fc.is_valid, "details": fc.details},
+                                },
+                            }
+                        )
+                        existing.add(name)
+        except Exception:
+            # Never fail planning due to fuzzing issues
+            pass
+
+        # 7) Optional OpenAI augmentation (best-effort)
         try:
             from ai_testing_swarm.core.config import (
                 AI_SWARM_MAX_AI_TESTS,

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/src/ai_testing_swarm/cli.py

@@ -107,6 +107,45 @@ def main():
         help="Report format to write (default: json)",
     )
 
+    # OpenAPI schema-based request-body fuzzing
+    parser.add_argument(
+        "--openapi-fuzz",
+        dest="openapi_fuzz",
+        action="store_true",
+        default=True,
+        help="Enable OpenAPI schema-based request-body fuzzing when OpenAPI context is present (default: on)",
+    )
+    parser.add_argument(
+        "--no-openapi-fuzz",
+        dest="openapi_fuzz",
+        action="store_false",
+        help="Disable OpenAPI schema-based request-body fuzzing",
+    )
+    parser.add_argument(
+        "--openapi-fuzz-max-valid",
+        type=int,
+        default=8,
+        help="Max schema-valid OpenAPI fuzz cases to add (default: 8)",
+    )
+    parser.add_argument(
+        "--openapi-fuzz-max-invalid",
+        type=int,
+        default=8,
+        help="Max schema-invalid OpenAPI fuzz cases to add (default: 8)",
+    )
+    parser.add_argument(
+        "--openapi-fuzz-max-depth",
+        type=int,
+        default=6,
+        help="Max recursion depth for OpenAPI schema instance generation (default: 6)",
+    )
+
+    parser.add_argument(
+        "--fail-on-regression",
+        action="store_true",
+        help="Exit non-zero if the run regresses vs the previous JSON report for this endpoint",
+    )
+
     parser.add_argument(
         "--auth-matrix",
         default="",
@@ -146,10 +185,17 @@ def main():
     # ------------------------------------------------------------
     # Run swarm
     # ------------------------------------------------------------
+    import os
+
     if args.public_only:
-        import os
         os.environ["AI_SWARM_PUBLIC_ONLY"] = "1"
 
+    # CLI flags -> env toggles used by core.config
+    os.environ["AI_SWARM_OPENAPI_FUZZ"] = "1" if args.openapi_fuzz else "0"
+    os.environ["AI_SWARM_OPENAPI_FUZZ_MAX_VALID"] = str(int(args.openapi_fuzz_max_valid))
+    os.environ["AI_SWARM_OPENAPI_FUZZ_MAX_INVALID"] = str(int(args.openapi_fuzz_max_invalid))
+    os.environ["AI_SWARM_OPENAPI_FUZZ_MAX_DEPTH"] = str(int(args.openapi_fuzz_max_depth))
+
     orch = SwarmOrchestrator()
 
     def _print_console(decision, results, *, label: str = ""):
@@ -163,29 +209,66 @@ def main():
             status_code = response.get("status_code")
             print(f"{r.get('name'):25} {str(status_code):5} {r.get('reason')}")
 
+    def _maybe_fail_on_regression(report_path: str):
+        try:
+            with open(report_path, "r", encoding="utf-8") as f:
+                report = json.load(f)
+        except Exception:
+            return
+
+        trend = report.get("trend") or {}
+        regression_count = trend.get("regression_count")
+        try:
+            reg_i = int(regression_count or 0)
+        except Exception:
+            reg_i = 0
+
+        if reg_i > 0:
+            print(f"\n❌ Regression gate failed: regressions={reg_i} (see trend in report)")
+            raise SystemExit(2)
+
     if args.auth_matrix:
         from ai_testing_swarm.core.auth_matrix import load_auth_matrix, merge_auth_headers
 
         cases = load_auth_matrix(args.auth_matrix)
         for c in cases:
             req2 = merge_auth_headers(request, c)
-            decision, results = orch.run(
+            report_format = args.report_format
+            if args.fail_on_regression and report_format != "json":
+                # regression gate needs a machine-readable report
+                report_format = "json"
+
+            decision, results, report_path = orch.run(
                 req2,
-                report_format=args.report_format,
+                report_format=report_format,
                 gate_warn=args.gate_warn,
                 gate_block=args.gate_block,
                 run_label=f"auth-{c.name}",
+                fail_on_regression=args.fail_on_regression,
+                return_report_path=True,
             )
             _print_console(decision, results, label=c.name)
+
+            if args.fail_on_regression:
+                _maybe_fail_on_regression(report_path)
     else:
-        decision, results = orch.run(
+        report_format = args.report_format
+        if args.fail_on_regression and report_format != "json":
+            report_format = "json"
+
+        decision, results, report_path = orch.run(
             request,
-            report_format=args.report_format,
+            report_format=report_format,
             gate_warn=args.gate_warn,
             gate_block=args.gate_block,
+            fail_on_regression=args.fail_on_regression,
+            return_report_path=True,
         )
         _print_console(decision, results)
 
+        if args.fail_on_regression:
+            _maybe_fail_on_regression(report_path)
+
 
 if __name__ == "__main__":
     main()

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/src/ai_testing_swarm/core/config.py

@@ -20,3 +20,9 @@ AI_SWARM_USE_OPENAI = os.getenv("AI_SWARM_USE_OPENAI", "0").lower() in {"1", "tr
 AI_SWARM_OPENAI_MODEL = os.getenv("AI_SWARM_OPENAI_MODEL", "gpt-4.1-mini")
 AI_SWARM_MAX_AI_TESTS = env_int("AI_SWARM_MAX_AI_TESTS", 20)
 AI_SWARM_AI_SUMMARY = os.getenv("AI_SWARM_AI_SUMMARY", "0").lower() in {"1", "true", "yes"}
+
+# OpenAPI schema-based request-body fuzzing (on by default when OpenAPI context exists)
+AI_SWARM_OPENAPI_FUZZ = os.getenv("AI_SWARM_OPENAPI_FUZZ", "1").lower() in {"1", "true", "yes"}
+AI_SWARM_OPENAPI_FUZZ_MAX_VALID = env_int("AI_SWARM_OPENAPI_FUZZ_MAX_VALID", 8)
+AI_SWARM_OPENAPI_FUZZ_MAX_INVALID = env_int("AI_SWARM_OPENAPI_FUZZ_MAX_INVALID", 8)
+AI_SWARM_OPENAPI_FUZZ_MAX_DEPTH = env_int("AI_SWARM_OPENAPI_FUZZ_MAX_DEPTH", 6)

ai_testing_swarm-0.1.17/src/ai_testing_swarm/core/openapi_fuzzer.py

@@ -0,0 +1,396 @@
+from __future__ import annotations
+
+"""OpenAPI request-body schema based fuzzing.
+
+This module is intentionally lightweight (no hypothesis/faker deps).
+It generates:
+  - schema-valid "edge" payloads (still validate)
+  - schema-invalid payloads (should violate validation)
+
+Used only when an OpenAPI spec is attached to the request.
+"""
+
+from dataclasses import dataclass
+from typing import Any
+
+
+@dataclass(frozen=True)
+class FuzzCase:
+    name: str
+    body: Any
+    is_valid: bool
+    details: dict | None = None
+
+
+def _get_operation(spec: dict, *, path: str, method: str) -> dict | None:
+    paths = spec.get("paths") or {}
+    op = (paths.get(path) or {}).get(str(method).lower())
+    return op if isinstance(op, dict) else None
+
+
+def get_request_body_schema(*, spec: dict, path: str, method: str) -> dict | None:
+    op = _get_operation(spec, path=path, method=method)
+    if not op:
+        return None
+
+    rb = op.get("requestBody")
+    if not isinstance(rb, dict):
+        return None
+
+    content = rb.get("content") or {}
+    if not isinstance(content, dict):
+        return None
+
+    # Prefer json
+    app_json = content.get("application/json") or content.get("application/*+json")
+    if not isinstance(app_json, dict):
+        return None
+
+    schema = app_json.get("schema")
+    if isinstance(schema, dict):
+        return schema
+    return None
+
+
+# ----------------------------
+# Minimal schema resolution
+# ----------------------------
+
+def _resolve_ref(schema: dict, *, resolver) -> dict:
+    if "$ref" not in schema:
+        return schema
+    ref = schema.get("$ref")
+    try:
+        # jsonschema.RefResolver API
+        with resolver.resolving(ref) as resolved:  # type: ignore[attr-defined]
+            if isinstance(resolved, dict):
+                return resolved
+    except Exception:
+        return schema
+    return schema
+
+
+def _choose_subschema(schema: dict) -> dict:
+    """Handle oneOf/anyOf/allOf in a deterministic best-effort manner."""
+    for key in ("oneOf", "anyOf"):
+        v = schema.get(key)
+        if isinstance(v, list) and v and isinstance(v[0], dict):
+            return v[0]
+    all_of = schema.get("allOf")
+    if isinstance(all_of, list) and all_of:
+        merged: dict = {}
+        for s in all_of:
+            if isinstance(s, dict):
+                # naive merge
+                merged.update({k: v for k, v in s.items() if k not in {"allOf"}})
+        return merged or schema
+    return schema
+
+
+def _schema_type(schema: dict) -> str | None:
+    t = schema.get("type")
+    if isinstance(t, str):
+        return t
+    if isinstance(t, list) and t:
+        # choose first
+        if isinstance(t[0], str):
+            return t[0]
+    # Infer common
+    if "properties" in schema:
+        return "object"
+    if "items" in schema:
+        return "array"
+    return None
+
+
+def _string_example(schema: dict) -> str:
+    if "enum" in schema and isinstance(schema.get("enum"), list) and schema["enum"]:
+        return str(schema["enum"][0])
+    if "default" in schema:
+        return str(schema["default"])
+    if "example" in schema:
+        return str(schema["example"])
+
+    min_len = schema.get("minLength")
+    try:
+        min_len_i = int(min_len) if min_len is not None else 1
+    except Exception:
+        min_len_i = 1
+
+    fmt = str(schema.get("format") or "")
+    if fmt == "date-time":
+        base = "2020-01-01T00:00:00Z"
+    elif fmt == "date":
+        base = "2020-01-01"
+    elif fmt == "uuid":
+        base = "00000000-0000-0000-0000-000000000000"
+    elif fmt == "email":
+        base = "a@example.com"
+    else:
+        base = "x"
+
+    if len(base) >= min_len_i:
+        return base
+    return base + ("x" * (min_len_i - len(base)))
+
+
+def _number_example(schema: dict, *, is_int: bool) -> int | float:
+    for k in ("default", "example"):
+        if k in schema:
+            v = schema.get(k)
+            if isinstance(v, (int, float)):
+                return int(v) if is_int else float(v)
+
+    minimum = schema.get("minimum")
+    exclusive_minimum = schema.get("exclusiveMinimum")
+
+    if isinstance(exclusive_minimum, (int, float)):
+        x = exclusive_minimum + 1
+        return int(x) if is_int else float(x)
+
+    if isinstance(minimum, (int, float)):
+        return int(minimum) if is_int else float(minimum)
+
+    return 0
+
+
+def build_minimal_valid_instance(schema: dict, *, resolver=None, max_depth: int = 6):
+    if max_depth <= 0:
+        return None
+
+    if resolver and isinstance(schema, dict) and "$ref" in schema:
+        schema = _resolve_ref(schema, resolver=resolver)
+
+    if not isinstance(schema, dict):
+        return None
+
+    schema = _choose_subschema(schema)
+
+    if "const" in schema:
+        return schema["const"]
+
+    t = _schema_type(schema)
+
+    if t == "object":
+        props = schema.get("properties") or {}
+        req = schema.get("required") or []
+        out: dict[str, Any] = {}
+
+        if isinstance(req, list):
+            for k in req:
+                if k in props and isinstance(props.get(k), dict):
+                    out[str(k)] = build_minimal_valid_instance(props[k], resolver=resolver, max_depth=max_depth - 1)
+
+        # If nothing required, pick the first property to make something non-empty
+        if not out and isinstance(props, dict) and props:
+            first = next(iter(props.keys()))
+            if isinstance(props.get(first), dict):
+                out[str(first)] = build_minimal_valid_instance(props[first], resolver=resolver, max_depth=max_depth - 1)
+
+        return out
+
+    if t == "array":
+        items = schema.get("items")
+        if not isinstance(items, dict):
+            return []
+        min_items = schema.get("minItems")
+        try:
+            n = int(min_items) if min_items is not None else 1
+        except Exception:
+            n = 1
+        n = max(0, min(n, 3))
+        return [build_minimal_valid_instance(items, resolver=resolver, max_depth=max_depth - 1) for _ in range(n)]
+
+    if t == "string":
+        return _string_example(schema)
+
+    if t == "integer":
+        return int(_number_example(schema, is_int=True))
+
+    if t == "number":
+        return float(_number_example(schema, is_int=False))
+
+    if t == "boolean":
+        return True
+
+    if t == "null":
+        return None
+
+    # unknown schema, best effort
+    if "enum" in schema and isinstance(schema.get("enum"), list) and schema["enum"]:
+        return schema["enum"][0]
+
+    return None
+
+
+# ----------------------------
+# Case generation
+# ----------------------------
+
+def _validate(schema: dict, instance, *, spec: dict) -> bool:
+    try:
+        import jsonschema  # type: ignore
+
+        resolver = jsonschema.RefResolver.from_schema(spec)  # type: ignore[attr-defined]
+        cls = jsonschema.validators.validator_for(schema)  # type: ignore[attr-defined]
+        cls.check_schema(schema)
+        v = cls(schema, resolver=resolver)
+        v.validate(instance)
+        return True
+    except Exception:
+        return False
+
+
+def generate_request_body_fuzz_cases(
+    *,
+    spec: dict,
+    path: str,
+    method: str,
+    max_valid: int = 8,
+    max_invalid: int = 8,
+    max_depth: int = 6,
+) -> list[FuzzCase]:
+    """Generate fuzz cases for an operation requestBody schema.
+
+    Requires optional dependency `jsonschema` (installed via ai-testing-swarm[openapi]).
+    Returns [] if schema missing or jsonschema not available.
+    """
+
+    try:
+        import jsonschema  # type: ignore
+    except ImportError:
+        return []
+
+    schema = get_request_body_schema(spec=spec, path=path, method=method)
+    if not schema:
+        return []
+
+    resolver = jsonschema.RefResolver.from_schema(spec)  # type: ignore[attr-defined]
+
+    base = build_minimal_valid_instance(schema, resolver=resolver, max_depth=max_depth)
+    cases: list[FuzzCase] = []
+
+    # Always include a minimal valid payload
+    if _validate(schema, base, spec=spec):
+        cases.append(FuzzCase(name="openapi_valid_minimal", body=base, is_valid=True))
+
+    # Valid edge-ish variants
+    def add_valid(name: str, body, details: dict | None = None):
+        if len([c for c in cases if c.is_valid]) >= max_valid:
+            return
+        if _validate(schema, body, spec=spec):
+            cases.append(FuzzCase(name=name, body=body, is_valid=True, details=details))
+
+    def add_invalid(name: str, body, details: dict | None = None):
+        if len([c for c in cases if not c.is_valid]) >= max_invalid:
+            return
+        # Ensure invalid (best-effort)
+        if not _validate(schema, body, spec=spec):
+            cases.append(FuzzCase(name=name, body=body, is_valid=False, details=details))
+
+    # Only attempt structured mutations for object bodies
+    schema2 = _choose_subschema(_resolve_ref(schema, resolver=resolver) if isinstance(schema, dict) else {})
+    if _schema_type(schema2) == "object" and isinstance(base, dict):
+        props = schema2.get("properties") or {}
+        required = schema2.get("required") or []
+        additional = schema2.get("additionalProperties")
+
+        # Required field removal (invalid)
+        if isinstance(required, list) and required:
+            k = str(required[0])
+            if k in base:
+                b2 = dict(base)
+                b2.pop(k, None)
+                add_invalid("openapi_invalid_missing_required", b2, {"missing": k})
+
+        # Extra field when additionalProperties is false (invalid)
+        if additional is False:
+            b2 = dict(base)
+            b2["_unexpected"] = "x"
+            add_invalid("openapi_invalid_additional_property", b2)
+
+        # Per-property boundary tweaks
+        if isinstance(props, dict):
+            for pk, ps in list(props.items())[: max(1, (max_valid + max_invalid))]:
+                if not isinstance(ps, dict):
+                    continue
+                ps = _choose_subschema(_resolve_ref(ps, resolver=resolver))
+                t = _schema_type(ps)
+
+                if t == "string":
+                    min_len = ps.get("minLength")
+                    max_len = ps.get("maxLength")
+                    enum = ps.get("enum")
+
+                    if isinstance(enum, list) and enum:
+                        add_valid(f"openapi_valid_enum_{pk}", {**base, pk: enum[-1]})
+
+                    if isinstance(min_len, int) and min_len >= 0:
+                        add_valid(f"openapi_valid_minLength_{pk}", {**base, pk: "x" * min_len})
+                        if min_len > 0:
+                            add_invalid(f"openapi_invalid_below_minLength_{pk}", {**base, pk: ""})
+
+                    if isinstance(max_len, int) and max_len >= 0:
+                        add_valid(f"openapi_valid_maxLength_{pk}", {**base, pk: "x" * max_len})
+                        add_invalid(f"openapi_invalid_above_maxLength_{pk}", {**base, pk: "x" * (max_len + 1)})
+
+                    # wrong type
+                    add_invalid(f"openapi_invalid_type_{pk}", {**base, pk: 123})
+
+                elif t in {"integer", "number"}:
+                    minimum = ps.get("minimum")
+                    maximum = ps.get("maximum")
+                    if isinstance(minimum, (int, float)):
+                        add_valid(f"openapi_valid_min_{pk}", {**base, pk: minimum})
+                        add_invalid(f"openapi_invalid_below_min_{pk}", {**base, pk: minimum - 1})
+                    if isinstance(maximum, (int, float)):
+                        add_valid(f"openapi_valid_max_{pk}", {**base, pk: maximum})
+                        add_invalid(f"openapi_invalid_above_max_{pk}", {**base, pk: maximum + 1})
+                    add_invalid(f"openapi_invalid_type_{pk}", {**base, pk: "x"})
+
+                elif t == "boolean":
+                    add_invalid(f"openapi_invalid_type_{pk}", {**base, pk: "true"})
+
+                elif t == "array":
+                    items = ps.get("items") if isinstance(ps.get("items"), dict) else None
+                    min_items = ps.get("minItems")
+                    max_items = ps.get("maxItems")
+                    if items:
+                        item_ex = build_minimal_valid_instance(items, resolver=resolver, max_depth=max_depth - 1)
+                    else:
+                        item_ex = "x"
+
+                    if isinstance(min_items, int) and min_items > 0:
+                        add_valid(f"openapi_valid_minItems_{pk}", {**base, pk: [item_ex for _ in range(min_items)]})
+                        add_invalid(f"openapi_invalid_below_minItems_{pk}", {**base, pk: []})
+
+                    if isinstance(max_items, int) and max_items >= 0:
+                        add_valid(f"openapi_valid_maxItems_{pk}", {**base, pk: [item_ex for _ in range(max_items)]})
+                        add_invalid(
+                            f"openapi_invalid_above_maxItems_{pk}",
+                            {**base, pk: [item_ex for _ in range(max_items + 1)]},
+                        )
+
+                    add_invalid(f"openapi_invalid_type_{pk}", {**base, pk: "not-an-array"})
+
+        # Ensure we have at least one invalid case
+        add_invalid("openapi_invalid_body_null", None)
+
+    else:
+        # For non-object bodies, do a couple generic cases
+        add_invalid("openapi_invalid_body_null", None)
+        add_invalid("openapi_invalid_wrong_type", {"_": "x"} if not isinstance(base, dict) else "x")
+
+    # De-dupe by name
+    seen: set[str] = set()
+    out: list[FuzzCase] = []
+    for c in cases:
+        if c.name in seen:
+            continue
+        seen.add(c.name)
+        out.append(c)
+
+    # Cap total
+    valid = [c for c in out if c.is_valid][:max_valid]
+    invalid = [c for c in out if not c.is_valid][:max_invalid]
+    return valid + invalid

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/src/ai_testing_swarm/orchestrator.py

@@ -54,12 +54,18 @@ class SwarmOrchestrator:
         gate_warn: int = 30,
         gate_block: int = 80,
         run_label: str | None = None,
+        fail_on_regression: bool = False,
+        return_report_path: bool = False,
     ):
-        """Runs the full AI testing swarm and returns (decision, results).
+        """Runs the full AI testing swarm.
 
         gate_warn/gate_block:
           Thresholds for PASS/WARN/BLOCK gate based on endpoint risk.
           (Kept optional for backward compatibility.)
+
+        Returns:
+          - default: (decision, results)
+          - if return_report_path=True: (decision, results, report_path)
         """
 
         # Safety hook (currently no-op; kept for backward compatibility)
@@ -149,6 +155,9 @@ class SwarmOrchestrator:
         if run_label:
             meta["run_label"] = str(run_label)
 
+        if fail_on_regression:
+            meta["fail_on_regression"] = True
+
         # Optional AI summary for humans (best-effort)
         try:
             from ai_testing_swarm.core.config import AI_SWARM_AI_SUMMARY, AI_SWARM_OPENAI_MODEL, AI_SWARM_USE_OPENAI
@@ -169,4 +178,6 @@ class SwarmOrchestrator:
         logger.info("📄 Swarm report written to: %s", report_path)
         print(f"📄 Swarm report written to: {report_path}")
 
+        if return_report_path:
+            return decision, results, report_path
         return decision, results

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/src/ai_testing_swarm.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ai-testing-swarm
-Version: 0.1.16
+Version: 0.1.17
 Summary: AI-powered testing swarm
 Author-email: Arif Shah <ashah7775@gmail.com>
 License: MIT
@@ -119,6 +119,10 @@ Reports include:
 - Base URL is read from `spec.servers[0].url`.
 - When using OpenAPI input, the swarm will also *optionally* validate response status codes against `operation.responses`.
 - If `jsonschema` is installed (via `ai-testing-swarm[openapi]`) and the response is JSON, response bodies are validated against the OpenAPI `application/json` schema.
+- If an OpenAPI requestBody schema exists for the operation, the planner can also generate **schema-based request-body fuzz cases**:
+  - schema-valid edge cases (boundary values that should still validate)
+  - schema-invalid variants (missing required fields, wrong types, out-of-range, etc.)
+  - Controlled via CLI flags like `--no-openapi-fuzz` / `--openapi-fuzz-max-*`.
   - Override with `AI_SWARM_OPENAPI_BASE_URL` if your spec doesn’t include servers.
 
 ---
@@ -223,6 +227,16 @@ Reports include:
 A static dashboard index is generated at:
 - `./ai_swarm_reports/index.html` (latest JSON report per endpoint, sorted by regressions/risk)
 
+### Regression gate (CI)
+
+To fail CI when the run regresses vs the previous JSON report for the same endpoint:
+
+```bash
+ai-test --input request.json --fail-on-regression
+```
+
+This checks `report.trend.regression_count` and exits with a non-zero code if regressions are detected.
+
 SLA threshold:
 - `AI_SWARM_SLA_MS` (default: `2000`)
 

{ai_testing_swarm-0.1.16 → ai_testing_swarm-0.1.17}/src/ai_testing_swarm.egg-info/SOURCES.txt

@@ -23,6 +23,7 @@ src/ai_testing_swarm/core/auth_matrix.py
 src/ai_testing_swarm/core/config.py
 src/ai_testing_swarm/core/curl_parser.py
 src/ai_testing_swarm/core/openai_client.py
+src/ai_testing_swarm/core/openapi_fuzzer.py
 src/ai_testing_swarm/core/openapi_loader.py
 src/ai_testing_swarm/core/openapi_validator.py
 src/ai_testing_swarm/core/risk.py
@@ -32,6 +33,7 @@ src/ai_testing_swarm/reporting/dashboard.py
 src/ai_testing_swarm/reporting/report_writer.py
 src/ai_testing_swarm/reporting/trend.py
 tests/test_batch2_trend_and_auth.py
+tests/test_openapi_fuzzer.py
 tests/test_openapi_loader.py
 tests/test_openapi_validator.py
 tests/test_policy_expected_negatives.py

ai_testing_swarm-0.1.17/tests/test_openapi_fuzzer.py

@@ -0,0 +1,91 @@
+import pytest
+
+
+def _spec():
+    return {
+        "openapi": "3.0.0",
+        "servers": [{"url": "https://example.com"}],
+        "paths": {
+            "/pets": {
+                "post": {
+                    "requestBody": {
+                        "required": True,
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "type": "object",
+                                    "additionalProperties": False,
+                                    "required": ["name", "age", "tags"],
+                                    "properties": {
+                                        "name": {"type": "string", "minLength": 2, "maxLength": 5},
+                                        "age": {"type": "integer", "minimum": 0, "maximum": 120},
+                                        "tags": {
+                                            "type": "array",
+                                            "minItems": 1,
+                                            "maxItems": 2,
+                                            "items": {"type": "string", "minLength": 1},
+                                        },
+                                    },
+                                }
+                            }
+                        },
+                    },
+                    "responses": {"200": {"description": "ok"}},
+                }
+            }
+        },
+    }
+
+
+def test_openapi_fuzzer_generates_valid_and_invalid_cases():
+    jsonschema = pytest.importorskip("jsonschema")
+
+    from ai_testing_swarm.core.openapi_fuzzer import (
+        generate_request_body_fuzz_cases,
+        get_request_body_schema,
+    )
+
+    spec = _spec()
+    schema = get_request_body_schema(spec=spec, path="/pets", method="POST")
+    assert schema and schema.get("type") == "object"
+
+    cases = generate_request_body_fuzz_cases(spec=spec, path="/pets", method="POST", max_valid=10, max_invalid=10)
+    assert any(c.is_valid for c in cases)
+    assert any(not c.is_valid for c in cases)
+
+    resolver = jsonschema.RefResolver.from_schema(spec)  # type: ignore[attr-defined]
+    cls = jsonschema.validators.validator_for(schema)  # type: ignore[attr-defined]
+    v = cls(schema, resolver=resolver)
+
+    for c in cases:
+        if c.is_valid:
+            v.validate(c.body)
+        else:
+            with pytest.raises(Exception):
+                v.validate(c.body)
+
+
+def test_planner_includes_openapi_fuzz_cases(monkeypatch):
+    pytest.importorskip("jsonschema")
+
+    from ai_testing_swarm.agents.test_planner_agent import TestPlannerAgent
+    import ai_testing_swarm.core.config as config
+
+    # Ensure enabled in this test regardless of env at import time
+    monkeypatch.setattr(config, "AI_SWARM_OPENAPI_FUZZ", True)
+    monkeypatch.setattr(config, "AI_SWARM_OPENAPI_FUZZ_MAX_VALID", 3)
+    monkeypatch.setattr(config, "AI_SWARM_OPENAPI_FUZZ_MAX_INVALID", 3)
+    monkeypatch.setattr(config, "AI_SWARM_OPENAPI_FUZZ_MAX_DEPTH", 5)
+
+    request = {
+        "method": "POST",
+        "url": "https://example.com/pets",
+        "headers": {"content-type": "application/json"},
+        "params": {},
+        "body": {},
+        "_openapi": {"spec": _spec(), "path": "/pets", "method": "POST", "source": "inline"},
+    }
+
+    tests = TestPlannerAgent().plan(request)
+    names = {t.get("name") for t in tests}
+    assert any(str(n).startswith("openapi_") for n in names)

ai_testing_swarm-0.1.16/src/ai_testing_swarm/__init__.py

@@ -1 +0,0 @@
-__version__ = "0.1.16"