kitos/Autonomous-Bug-Explorer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fase(5): findings module complete
Some checks failed
ABE Exploratory Testing / explore (push) Has been cancelled
Details

Browse Source
This commit is contained in:
debian
2026-03-05 04:06:45 -05:00
parent 96bf6e5097
commit d62bd615bf
55 changed files with 2424 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/db/migrations/002_findings_table.ts Normal file
View File

@@ -0,0 +1,28 @@
import { Kysely } from 'kysely';
// eslint-disable-next-line @typescript-eslint/no-explicit-any
export async function up(db: Kysely<any>): Promise<void> {
await db.schema.createTable('findings')
.ifNotExists()
.addColumn('id', 'text', col => col.primaryKey())
.addColumn('session_id', 'text', col => col.notNull().references('sessions.id'))
.addColumn('type', 'text', col => col.notNull())
.addColumn('severity', 'text', col => col.notNull())
.addColumn('description', 'text', col => col.notNull())
.addColumn('status', 'text', col => col.notNull().defaultTo('open'))
.addColumn('action_trace_json', 'text', col => col.notNull())
.addColumn('evidence_json', 'text', col => col.notNull())
.addColumn('screenshot_path', 'text')
.addColumn('dom_snapshot_path', 'text')
.addColumn('browser', 'text')
.addColumn('browser_version', 'text')
.addColumn('ai_enrichment_json', 'text')
.addColumn('created_at', 'integer', col => col.notNull())
.addColumn('resolved_at', 'integer')
.execute();
}
// eslint-disable-next-line @typescript-eslint/no-explicit-any
export async function down(db: Kysely<any>): Promise<void> {
await db.schema.dropTable('findings').ifExists().execute();
}

66
src/modules/findings/application/commands/CreateFindingCommand.ts Normal file
View File

@@ -0,0 +1,66 @@
import { UseCase } from '../../../../shared/application/UseCase';
import { EventBus } from '../../../../shared/application/EventBus';
import { Result, Ok, Err } from '../../../../shared/domain/Result';
import { Finding } from '../../domain/entities/Finding';
import { Severity } from '../../domain/value-objects/Severity';
import { FindingType } from '../../domain/value-objects/FindingType';
import { Evidence } from '../../domain/value-objects/Evidence';
import { IFindingRepository } from '../../domain/ports/IFindingRepository';
import { IAnomaly } from '../../../../core/interfaces';
interface CreateFindingRequest {
anomaly: IAnomaly;
sessionId: string;
}
interface CreateFindingResponse {
findingId: string;
}
export class CreateFindingCommand implements UseCase<CreateFindingRequest, CreateFindingResponse, string> {
constructor(
private readonly repository: IFindingRepository,
private readonly eventBus: EventBus
) {}
async execute(request: CreateFindingRequest): Promise<Result<CreateFindingResponse, string>> {
let severity: Severity;
let type: FindingType;
try {
severity = Severity.fromString(request.anomaly.severity);
type = FindingType.fromString(request.anomaly.type);
} catch (e) {
return Err(e instanceof Error ? e.message : String(e));
}
const evidence = Evidence.create({
screenshotPath: request.anomaly.evidence.screenshotPath,
domSnapshotPath: request.anomaly.evidence.domSnapshotPath,
httpLog: request.anomaly.evidence.httpLog,
rawErrors: request.anomaly.evidence.rawErrors,
});
const finding = Finding.create({
sessionId: request.sessionId,
severity,
type,
description: request.anomaly.description,
evidence,
actionTrace: request.anomaly.actionTrace,
browser: request.anomaly.browser,
browserVersion: request.anomaly.browserVersion,
aiEnrichment: request.anomaly.aiEnrichment,
});
await this.repository.save(finding);
const events = finding.domainEvents;
for (const event of events) {
await this.eventBus.publish(event);
}
finding.clearEvents();
return Ok({ findingId: finding.id.toString() });
}
}

46
src/modules/findings/application/commands/EnrichFindingCommand.ts Normal file
View File

@@ -0,0 +1,46 @@
import { UseCase } from '../../../../shared/application/UseCase';
import { EventBus } from '../../../../shared/application/EventBus';
import { Result, Ok, Err } from '../../../../shared/domain/Result';
import { IFindingRepository } from '../../domain/ports/IFindingRepository';
import { IAIEnricher } from '../../domain/ports/IAIEnricher';
interface EnrichFindingRequest {
findingId: string;
}
interface EnrichFindingResponse {
findingId: string;
}
export class EnrichFindingCommand implements UseCase<EnrichFindingRequest, EnrichFindingResponse, string> {
constructor(
private readonly repository: IFindingRepository,
private readonly enricher: IAIEnricher,
private readonly eventBus: EventBus
) {}
async execute(request: EnrichFindingRequest): Promise<Result<EnrichFindingResponse, string>> {
const finding = await this.repository.findById(request.findingId);
if (!finding) {
return Err(`Finding not found: ${request.findingId}`);
}
let enrichment;
try {
enrichment = await this.enricher.enrich(finding);
} catch (e) {
return Err(`Enrichment failed: ${e instanceof Error ? e.message : String(e)}`);
}
finding.enrich(enrichment);
await this.repository.update(finding);
const events = finding.domainEvents;
for (const event of events) {
await this.eventBus.publish(event);
}
finding.clearEvents();
return Ok({ findingId: finding.id.toString() });
}
}

50
src/modules/findings/application/commands/ResolveFindingCommand.ts Normal file
View File

@@ -0,0 +1,50 @@
import { UseCase } from '../../../../shared/application/UseCase';
import { EventBus } from '../../../../shared/application/EventBus';
import { Result, Ok, Err } from '../../../../shared/domain/Result';
import { IFindingRepository } from '../../domain/ports/IFindingRepository';
interface ResolveFindingRequest {
findingId: string;
action: 'resolve' | 'close' | 'investigate';
}
interface ResolveFindingResponse {
findingId: string;
status: string;
}
export class ResolveFindingCommand implements UseCase<ResolveFindingRequest, ResolveFindingResponse, string> {
constructor(
private readonly repository: IFindingRepository,
private readonly eventBus: EventBus
) {}
async execute(request: ResolveFindingRequest): Promise<Result<ResolveFindingResponse, string>> {
const finding = await this.repository.findById(request.findingId);
if (!finding) {
return Err(`Finding not found: ${request.findingId}`);
}
switch (request.action) {
case 'resolve':
finding.resolve();
break;
case 'close':
finding.close();
break;
case 'investigate':
finding.investigate();
break;
}
await this.repository.update(finding);
const events = finding.domainEvents;
for (const event of events) {
await this.eventBus.publish(event);
}
finding.clearEvents();
return Ok({ findingId: finding.id.toString(), status: finding.status.value });
}
}

22
src/modules/findings/application/event-handlers/OnAnomalyDetected.ts Normal file
View File

@@ -0,0 +1,22 @@
import { EventHandler } from '../../../../shared/application/EventHandler';
import { DomainEvent } from '../../../../shared/domain/DomainEvent';
import { CreateFindingCommand } from '../commands/CreateFindingCommand';
import { IAnomaly } from '../../../../core/interfaces';
/**
* Listens for anomaly_detected events from crawling module
* and creates a Finding in the findings module.
*/
export class OnAnomalyDetected implements EventHandler {
constructor(private readonly createFinding: CreateFindingCommand) {}
async handle(event: DomainEvent): Promise<void> {
const payload = event.payload as { anomaly: IAnomaly; sessionId: string };
if (!payload.anomaly || !payload.sessionId) return;
await this.createFinding.execute({
anomaly: payload.anomaly,
sessionId: payload.sessionId,
});
}
}

29
src/modules/findings/application/queries/FindingStatsQuery.ts Normal file
View File

@@ -0,0 +1,29 @@
import { UseCase } from '../../../../shared/application/UseCase';
import { Result, Ok } from '../../../../shared/domain/Result';
import { IFindingRepository } from '../../domain/ports/IFindingRepository';
interface FindingStatsRequest {
sessionId?: string;
}
interface FindingStatsResponse {
total: number;
bySeverity: Record<string, number>;
openCount: number;
resolvedCount: number;
}
export class FindingStatsQuery implements UseCase<FindingStatsRequest, FindingStatsResponse, string> {
constructor(private readonly repository: IFindingRepository) {}
async execute(request: FindingStatsRequest): Promise<Result<FindingStatsResponse, string>> {
const [total, bySeverity, openCount, resolvedCount] = await Promise.all([
this.repository.count(request.sessionId ? { sessionId: request.sessionId } : undefined),
this.repository.countBySeverity(),
this.repository.count({ status: 'open', sessionId: request.sessionId }),
this.repository.count({ status: 'resolved', sessionId: request.sessionId }),
]);
return Ok({ total, bySeverity, openCount, resolvedCount });
}
}

20
src/modules/findings/application/queries/GetFindingQuery.ts Normal file
View File

@@ -0,0 +1,20 @@
import { UseCase } from '../../../../shared/application/UseCase';
import { Result, Ok, Err } from '../../../../shared/domain/Result';
import { IFindingRepository } from '../../domain/ports/IFindingRepository';
import { Finding } from '../../domain/entities/Finding';
interface GetFindingRequest {
findingId: string;
}
export class GetFindingQuery implements UseCase<GetFindingRequest, Finding, string> {
constructor(private readonly repository: IFindingRepository) {}
async execute(request: GetFindingRequest): Promise<Result<Finding, string>> {
const finding = await this.repository.findById(request.findingId);
if (!finding) {
return Err(`Finding not found: ${request.findingId}`);
}
return Ok(finding);
}
}

36
src/modules/findings/application/queries/ListFindingsQuery.ts Normal file
View File

@@ -0,0 +1,36 @@
import { UseCase } from '../../../../shared/application/UseCase';
import { Result, Ok } from '../../../../shared/domain/Result';
import { IFindingRepository, FindingFilters } from '../../domain/ports/IFindingRepository';
import { Finding } from '../../domain/entities/Finding';
interface ListFindingsRequest {
sessionId?: string;
severity?: string;
type?: string;
status?: string;
search?: string;
}
interface ListFindingsResponse {
findings: Finding[];
total: number;
}
export class ListFindingsQuery implements UseCase<ListFindingsRequest, ListFindingsResponse, string> {
constructor(private readonly repository: IFindingRepository) {}
async execute(request: ListFindingsRequest): Promise<Result<ListFindingsResponse, string>> {
const filters: FindingFilters = {
sessionId: request.sessionId,
severity: request.severity,
type: request.type,
status: request.status,
search: request.search,
};
const findings = await this.repository.findAll(filters);
const total = await this.repository.count(filters);
return Ok({ findings, total });
}
}

96
src/modules/findings/domain/entities/Finding.ts Normal file
View File

@@ -0,0 +1,96 @@
import { AggregateRoot } from '../../../../shared/domain/AggregateRoot';
import { UniqueId } from '../../../../shared/domain/UniqueId';
import { Severity } from '../value-objects/Severity';
import { FindingType } from '../value-objects/FindingType';
import { FindingStatus } from '../value-objects/FindingStatus';
import { Evidence } from '../value-objects/Evidence';
import { FindingCreated } from '../events/FindingCreated';
import { FindingResolved } from '../events/FindingResolved';
import { FindingEnriched } from '../events/FindingEnriched';
import { IAction } from '../../../../core/interfaces';
import { IAIEnrichment } from '../../../../core/interfaces';
export interface FindingProps {
sessionId: string;
severity: Severity;
type: FindingType;
description: string;
evidence: Evidence;
status: FindingStatus;
actionTrace: IAction[];
browser?: 'chromium' | 'firefox' | 'webkit';
browserVersion?: string;
aiEnrichment?: IAIEnrichment;
createdAt: Date;
resolvedAt?: Date;
}
export class Finding extends AggregateRoot<FindingProps> {
static create(props: Omit<FindingProps, 'status' | 'createdAt'>, id?: UniqueId): Finding {
const findingId = id ?? UniqueId.create();
const finding = new Finding(
{
...props,
status: FindingStatus.open(),
createdAt: new Date(),
},
findingId
);
finding.addDomainEvent(
new FindingCreated(findingId.toString(), {
sessionId: props.sessionId,
severity: props.severity.value,
type: props.type.value,
description: props.description,
})
);
return finding;
}
static reconstitute(props: FindingProps, id: UniqueId): Finding {
return new Finding(props, id);
}
get sessionId(): string { return this.props.sessionId; }
get severity(): Severity { return this.props.severity; }
get type(): FindingType { return this.props.type; }
get description(): string { return this.props.description; }
get evidence(): Evidence { return this.props.evidence; }
get status(): FindingStatus { return this.props.status; }
get actionTrace(): IAction[] { return this.props.actionTrace; }
get browser(): string | undefined { return this.props.browser; }
get browserVersion(): string | undefined { return this.props.browserVersion; }
get aiEnrichment(): IAIEnrichment | undefined { return this.props.aiEnrichment; }
get createdAt(): Date { return this.props.createdAt; }
get resolvedAt(): Date | undefined { return this.props.resolvedAt; }
resolve(): void {
this.props.status = FindingStatus.resolved();
this.props.resolvedAt = new Date();
this.addDomainEvent(
new FindingResolved(this.id.toString(), {
sessionId: this.props.sessionId,
resolvedAt: this.props.resolvedAt.toISOString(),
})
);
}
close(): void {
this.props.status = FindingStatus.closed();
}
investigate(): void {
this.props.status = FindingStatus.investigating();
}
enrich(enrichment: IAIEnrichment): void {
this.props.aiEnrichment = enrichment;
this.addDomainEvent(
new FindingEnriched(this.id.toString(), {
provider: enrichment.provider,
model: enrichment.model,
confidence: enrichment.confidence,
})
);
}
}

13
src/modules/findings/domain/events/FindingCreated.ts Normal file
View File

@@ -0,0 +1,13 @@
import { randomUUID } from 'crypto';
import { DomainEvent } from '../../../../shared/domain/DomainEvent';
export class FindingCreated implements DomainEvent {
readonly eventId = randomUUID();
readonly eventName = 'finding.created';
readonly occurredOn = new Date();
constructor(
readonly aggregateId: string,
readonly payload: Record<string, unknown>
) {}
}

13
src/modules/findings/domain/events/FindingEnriched.ts Normal file
View File

@@ -0,0 +1,13 @@
import { randomUUID } from 'crypto';
import { DomainEvent } from '../../../../shared/domain/DomainEvent';
export class FindingEnriched implements DomainEvent {
readonly eventId = randomUUID();
readonly eventName = 'finding.enriched';
readonly occurredOn = new Date();
constructor(
readonly aggregateId: string,
readonly payload: Record<string, unknown>
) {}
}

13
src/modules/findings/domain/events/FindingResolved.ts Normal file
View File

@@ -0,0 +1,13 @@
import { randomUUID } from 'crypto';
import { DomainEvent } from '../../../../shared/domain/DomainEvent';
export class FindingResolved implements DomainEvent {
readonly eventId = randomUUID();
readonly eventName = 'finding.resolved';
readonly occurredOn = new Date();
constructor(
readonly aggregateId: string,
readonly payload: Record<string, unknown>
) {}
}

6
src/modules/findings/domain/ports/IAIEnricher.ts Normal file
View File

@@ -0,0 +1,6 @@
import { Finding } from '../entities/Finding';
import { IAIEnrichment } from '../../../../core/interfaces';
export interface IAIEnricher {
enrich(finding: Finding): Promise<IAIEnrichment>;
}

18
src/modules/findings/domain/ports/IFindingRepository.ts Normal file
View File

@@ -0,0 +1,18 @@
import { Finding } from '../entities/Finding';
export interface FindingFilters {
sessionId?: string;
severity?: string;
type?: string;
status?: string;
search?: string;
}
export interface IFindingRepository {
save(finding: Finding): Promise<void>;
findById(id: string): Promise<Finding | undefined>;
findAll(filters?: FindingFilters): Promise<Finding[]>;
update(finding: Finding): Promise<void>;
count(filters?: FindingFilters): Promise<number>;
countBySeverity(): Promise<Record<string, number>>;
}

33
src/modules/findings/domain/value-objects/Evidence.ts Normal file
View File

@@ -0,0 +1,33 @@
import { ValueObject } from '../../../../shared/domain/ValueObject';
import { IHttpResponse } from '../../../../core/interfaces';
interface EvidenceProps {
screenshotPath?: string;
domSnapshotPath?: string;
httpLog?: IHttpResponse[];
rawErrors?: string[];
}
export class Evidence extends ValueObject<EvidenceProps> {
static create(props: EvidenceProps): Evidence {
return new Evidence(props);
}
static empty(): Evidence {
return new Evidence({});
}
get screenshotPath(): string | undefined { return this.props.screenshotPath; }
get domSnapshotPath(): string | undefined { return this.props.domSnapshotPath; }
get httpLog(): IHttpResponse[] { return this.props.httpLog ?? []; }
get rawErrors(): string[] { return this.props.rawErrors ?? []; }
toJSON(): EvidenceProps {
return {
screenshotPath: this.props.screenshotPath,
domSnapshotPath: this.props.domSnapshotPath,
httpLog: this.props.httpLog,
rawErrors: this.props.rawErrors,
};
}
}

28
src/modules/findings/domain/value-objects/FindingStatus.ts Normal file
View File

@@ -0,0 +1,28 @@
import { ValueObject } from '../../../../shared/domain/ValueObject';
type StatusValue = 'open' | 'investigating' | 'resolved' | 'closed';
interface FindingStatusProps {
value: StatusValue;
}
export class FindingStatus extends ValueObject<FindingStatusProps> {
static readonly VALUES: StatusValue[] = ['open', 'investigating', 'resolved', 'closed'];
static open(): FindingStatus { return new FindingStatus({ value: 'open' }); }
static investigating(): FindingStatus { return new FindingStatus({ value: 'investigating' }); }
static resolved(): FindingStatus { return new FindingStatus({ value: 'resolved' }); }
static closed(): FindingStatus { return new FindingStatus({ value: 'closed' }); }
static fromString(s: string): FindingStatus {
if (!FindingStatus.VALUES.includes(s as StatusValue)) {
throw new Error(`Invalid finding status: ${s}`);
}
return new FindingStatus({ value: s as StatusValue });
}
get value(): StatusValue { return this.props.value; }
isOpen(): boolean { return this.props.value === 'open'; }
isResolved(): boolean { return this.props.value === 'resolved'; }
}

36
src/modules/findings/domain/value-objects/FindingType.ts Normal file
View File

@@ -0,0 +1,36 @@
import { ValueObject } from '../../../../shared/domain/ValueObject';
import { AnomalyType } from '../../../../core/interfaces';
interface FindingTypeProps {
value: AnomalyType;
}
export class FindingType extends ValueObject<FindingTypeProps> {
static readonly TYPES: AnomalyType[] = [
'http_error',
'js_exception',
'console_error',
'navigation_fail',
'element_missing',
'timeout',
'validation_bypass',
'server_error_on_fuzz',
'xss_reflection',
'visual_regression',
'accessibility_violation',
'mobile_layout_issue',
'performance_degradation',
'offline_handling_missing',
'slow_network_no_feedback',
'external_service_crash',
];
static fromString(s: string): FindingType {
if (!FindingType.TYPES.includes(s as AnomalyType)) {
throw new Error(`Invalid finding type: ${s}`);
}
return new FindingType({ value: s as AnomalyType });
}
get value(): AnomalyType { return this.props.value; }
}

25
src/modules/findings/domain/value-objects/Severity.ts Normal file
View File

@@ -0,0 +1,25 @@
import { ValueObject } from '../../../../shared/domain/ValueObject';
type SeverityLevel = 'low' | 'medium' | 'high' | 'critical';
interface SeverityProps {
value: SeverityLevel;
}
export class Severity extends ValueObject<SeverityProps> {
static readonly LEVELS: SeverityLevel[] = ['low', 'medium', 'high', 'critical'];
static low(): Severity { return new Severity({ value: 'low' }); }
static medium(): Severity { return new Severity({ value: 'medium' }); }
static high(): Severity { return new Severity({ value: 'high' }); }
static critical(): Severity { return new Severity({ value: 'critical' }); }
static fromString(s: string): Severity {
if (!Severity.LEVELS.includes(s as SeverityLevel)) {
throw new Error(`Invalid severity: ${s}`);
}
return new Severity({ value: s as SeverityLevel });
}
get value(): SeverityLevel { return this.props.value; }
}

31
src/modules/findings/index.ts Normal file
View File

@@ -0,0 +1,31 @@
// Findings Module — Public API
// Domain
export { Finding } from './domain/entities/Finding';
export type { FindingProps } from './domain/entities/Finding';
export { Severity } from './domain/value-objects/Severity';
export { FindingType } from './domain/value-objects/FindingType';
export { FindingStatus } from './domain/value-objects/FindingStatus';
export { Evidence } from './domain/value-objects/Evidence';
export { FindingCreated } from './domain/events/FindingCreated';
export { FindingResolved } from './domain/events/FindingResolved';
export { FindingEnriched } from './domain/events/FindingEnriched';
export type { IFindingRepository, FindingFilters } from './domain/ports/IFindingRepository';
export type { IAIEnricher } from './domain/ports/IAIEnricher';
// Application
export { CreateFindingCommand } from './application/commands/CreateFindingCommand';
export { EnrichFindingCommand } from './application/commands/EnrichFindingCommand';
export { ResolveFindingCommand } from './application/commands/ResolveFindingCommand';
export { GetFindingQuery } from './application/queries/GetFindingQuery';
export { ListFindingsQuery } from './application/queries/ListFindingsQuery';
export { FindingStatsQuery } from './application/queries/FindingStatsQuery';
export { OnAnomalyDetected } from './application/event-handlers/OnAnomalyDetected';
// Infrastructure
export { KyselyFindingRepository } from './infrastructure/repositories/KyselyFindingRepository';
export { MarkdownExporter } from './infrastructure/exporters/MarkdownExporter';
export { JSONExporter } from './infrastructure/exporters/JSONExporter';
export { PlaywrightScriptExporter } from './infrastructure/exporters/PlaywrightScriptExporter';
export { createFindingsRouter } from './infrastructure/http/FindingsController';
export type { FindingsControllerDeps } from './infrastructure/http/FindingsController';

62
src/modules/findings/infrastructure/exporters/JSONExporter.ts Normal file
View File

@@ -0,0 +1,62 @@
import * as fs from 'fs';
import * as path from 'path';
import * as os from 'os';
import { Finding } from '../../domain/entities/Finding';
export class JSONExporter {
constructor(
private readonly targetUrl: string = '',
private readonly abeVersion: string = '0.1.0'
) {}
async export(finding: Finding, outputDir: string): Promise<string> {
fs.mkdirSync(outputDir, { recursive: true });
const report = {
version: '1.0',
generated_at: finding.createdAt.toISOString(),
environment: {
target_url: this.targetUrl,
abe_version: this.abeVersion,
os: os.platform(),
node_version: process.version,
},
finding: {
id: finding.id.toString(),
type: finding.type.value,
severity: finding.severity.value,
status: finding.status.value,
description: finding.description,
browser: finding.browser,
browser_version: finding.browserVersion,
},
reproduction: {
seed: finding.actionTrace[0]?.seed ?? null,
steps: finding.actionTrace.map((action, index) => ({
step: index + 1,
action_type: action.type,
selector: action.selector,
value: action.value,
url: action.url,
timestamp: action.timestamp,
})),
},
evidence: {
screenshot: finding.evidence.screenshotPath ?? null,
dom_snapshot: finding.evidence.domSnapshotPath ?? null,
http_log: finding.evidence.httpLog.map((r) => ({
url: r.url,
method: r.method,
status: r.status,
duration_ms: r.durationMs,
})),
raw_errors: finding.evidence.rawErrors,
},
ai_enrichment: finding.aiEnrichment ?? null,
};
const filePath = path.join(outputDir, 'report.json');
fs.writeFileSync(filePath, JSON.stringify(report, null, 2), 'utf8');
return filePath;
}
}

82
src/modules/findings/infrastructure/exporters/MarkdownExporter.ts Normal file
View File

@@ -0,0 +1,82 @@
import * as fs from 'fs';
import * as path from 'path';
import { Finding } from '../../domain/entities/Finding';
export class MarkdownExporter {
async export(finding: Finding, outputDir: string): Promise<string> {
fs.mkdirSync(outputDir, { recursive: true });
const date = finding.createdAt.toISOString().split('T')[0];
const seed = finding.actionTrace[0]?.seed ?? 'N/A';
const replayCmd = `npm run replay -- --report ${outputDir}/report.json`;
const steps = finding.actionTrace
.map((action, i) => {
switch (action.type) {
case 'navigate':
return `${i + 1}. Navigate to \`${action.url}\``;
case 'click':
return `${i + 1}. Click element \`${action.selector}\``;
case 'fill':
return `${i + 1}. Fill \`${action.selector}\` with \`${JSON.stringify(action.value ?? '')}\``;
case 'select':
return `${i + 1}. Select \`${action.value}\` in \`${action.selector}\``;
case 'submit':
return `${i + 1}. Submit form \`${action.selector}\``;
default:
return `${i + 1}. ${action.type}`;
}
})
.join('\n');
const httpTable = finding.evidence.httpLog.length > 0
? [
'| Method | URL | Status | Duration |',
'|--------|-----|--------|----------|',
...finding.evidence.httpLog.map(
(r) => `| ${r.method} | ${r.url} | ${r.status} | ${r.durationMs}ms |`
),
].join('\n')
: '_No HTTP log available._';
const rawErrors = finding.evidence.rawErrors.length > 0
? '```\n' + finding.evidence.rawErrors.join('\n') + '\n```'
: '_No raw errors recorded._';
const md = `# Bug Report — ${finding.type.value}${date}
## Summary
${finding.description}
## Severity
**${finding.severity.value}** — detected by ABE heuristic rule \`${finding.type.value}\`
## Status
**${finding.status.value}**
## Reproduction Steps
${steps.length > 0 ? steps : '_No steps recorded._'}
**Seed used**: \`${seed}\`
**Replay command**: \`${replayCmd}\`
## Observed Behavior
${finding.description}
## Evidence
- Screenshot: \`${finding.evidence.screenshotPath ?? 'N/A'}\`
- DOM Snapshot: \`${finding.evidence.domSnapshotPath ?? 'N/A'}\`
- HTTP Log:
${httpTable}
## Raw Errors
${rawErrors}
`;
const filePath = path.join(outputDir, 'report.md');
fs.writeFileSync(filePath, md, 'utf8');
return filePath;
}
}

54
src/modules/findings/infrastructure/exporters/PlaywrightScriptExporter.ts Normal file
View File

@@ -0,0 +1,54 @@
import { Finding } from '../../domain/entities/Finding';
export class PlaywrightScriptExporter {
generate(finding: Finding): string {
const trace = finding.actionTrace;
const lines: string[] = [
'// Auto-generated replay script by ABE (Autonomous Bug Explorer)',
`// Generated at: ${new Date().toISOString()}`,
`// Finding ID: ${finding.id.toString()}`,
`// Type: ${finding.type.value} | Severity: ${finding.severity.value}`,
`// Steps: ${trace.length}`,
'',
"const { chromium } = require('playwright');",
'',
'(async () => {',
' const browser = await chromium.launch({ headless: true });',
' const context = await browser.newContext();',
' const page = await context.newPage();',
'',
];
for (let i = 0; i < trace.length; i++) {
const action = trace[i];
lines.push(` // Step ${i + 1}: ${action.type} (seed=${action.seed})`);
switch (action.type) {
case 'navigate':
lines.push(` await page.goto(${JSON.stringify(action.url)});`);
break;
case 'click':
lines.push(` await page.locator(${JSON.stringify(action.selector)}).first().click();`);
break;
case 'fill':
lines.push(` await page.locator(${JSON.stringify(action.selector)}).first().fill(${JSON.stringify(action.value ?? '')});`);
break;
case 'select':
lines.push(` await page.locator(${JSON.stringify(action.selector)}).first().selectOption(${JSON.stringify(action.value ?? '')});`);
break;
case 'submit':
lines.push(` await page.locator(${JSON.stringify(action.selector)}).first().dispatchEvent('submit');`);
break;
}
lines.push('');
}
lines.push(
" console.log('Replay complete');",
' await browser.close();',
'})();'
);
return lines.join('\n');
}
}

152
src/modules/findings/infrastructure/http/FindingsController.ts Normal file
View File

@@ -0,0 +1,152 @@
import { Router, Request, Response } from 'express';
import { GetFindingQuery } from '../../application/queries/GetFindingQuery';
import { ListFindingsQuery } from '../../application/queries/ListFindingsQuery';
import { FindingStatsQuery } from '../../application/queries/FindingStatsQuery';
import { ResolveFindingCommand } from '../../application/commands/ResolveFindingCommand';
import { EnrichFindingCommand } from '../../application/commands/EnrichFindingCommand';
import { MarkdownExporter } from '../exporters/MarkdownExporter';
import { JSONExporter } from '../exporters/JSONExporter';
import { PlaywrightScriptExporter } from '../exporters/PlaywrightScriptExporter';
import { Finding } from '../../domain/entities/Finding';
import path from 'path';
export interface FindingsControllerDeps {
getFinding: GetFindingQuery;
listFindings: ListFindingsQuery;
findingStats: FindingStatsQuery;
resolveFinding: ResolveFindingCommand;
enrichFinding: EnrichFindingCommand;
}
export function createFindingsRouter(deps: FindingsControllerDeps): Router {
const router = Router();
const markdownExporter = new MarkdownExporter();
const jsonExporter = new JSONExporter();
const playwrightExporter = new PlaywrightScriptExporter();
// GET /api/findings — list findings with filters
router.get('/', async (req: Request, res: Response) => {
const { sessionId, severity, type, status, search } = req.query as Record<string, string | undefined>;
const result = await deps.listFindings.execute({ sessionId, severity, type, status, search });
if (!result.ok) {
res.status(500).json({ error: result.error });
return;
}
const { findings, total } = result.value;
res.json({
findings: findings.map(f => toDTO(f)),
total,
});
});
// GET /api/findings/stats — aggregate stats
router.get('/stats', async (req: Request, res: Response) => {
const { sessionId } = req.query as { sessionId?: string };
const result = await deps.findingStats.execute({ sessionId });
if (!result.ok) {
res.status(500).json({ error: result.error });
return;
}
res.json(result.value);
});
// GET /api/findings/:id — finding detail
router.get('/:id', async (req: Request, res: Response) => {
const findingId = req.params['id'] as string;
const result = await deps.getFinding.execute({ findingId });
if (!result.ok) {
res.status(404).json({ error: result.error });
return;
}
res.json(toDTO(result.value));
});
// PATCH /api/findings/:id/status — update status
router.patch('/:id/status', async (req: Request, res: Response) => {
const findingId = req.params['id'] as string;
const { action } = req.body as { action?: 'resolve' | 'close' | 'investigate' };
if (!action || !['resolve', 'close', 'investigate'].includes(action)) {
res.status(400).json({ error: 'action must be one of: resolve, close, investigate' });
return;
}
const result = await deps.resolveFinding.execute({ findingId, action });
if (!result.ok) {
res.status(404).json({ error: result.error });
return;
}
res.json(result.value);
});
// POST /api/findings/:id/enrich — trigger AI enrichment
router.post('/:id/enrich', async (req: Request, res: Response) => {
const findingId = req.params['id'] as string;
const result = await deps.enrichFinding.execute({ findingId });
if (!result.ok) {
res.status(422).json({ error: result.error });
return;
}
res.json(result.value);
});
// GET /api/findings/:id/export/markdown — download as Markdown
router.get('/:id/export/markdown', async (req: Request, res: Response) => {
const findingId = req.params['id'] as string;
const result = await deps.getFinding.execute({ findingId });
if (!result.ok) {
res.status(404).json({ error: result.error });
return;
}
const outputDir = path.join(process.cwd(), 'reports', findingId);
const filePath = await markdownExporter.export(result.value, outputDir);
res.download(filePath, `finding-${findingId}.md`);
});
// GET /api/findings/:id/export/json — download as JSON
router.get('/:id/export/json', async (req: Request, res: Response) => {
const findingId = req.params['id'] as string;
const result = await deps.getFinding.execute({ findingId });
if (!result.ok) {
res.status(404).json({ error: result.error });
return;
}
const outputDir = path.join(process.cwd(), 'reports', findingId);
const filePath = await jsonExporter.export(result.value, outputDir);
res.download(filePath, `finding-${findingId}.json`);
});
// GET /api/findings/:id/export/playwright — download Playwright script
router.get('/:id/export/playwright', async (req: Request, res: Response) => {
const findingId = req.params['id'] as string;
const result = await deps.getFinding.execute({ findingId });
if (!result.ok) {
res.status(404).json({ error: result.error });
return;
}
const script = playwrightExporter.generate(result.value);
res.setHeader('Content-Type', 'text/javascript');
res.setHeader('Content-Disposition', `attachment; filename="finding-${findingId}.spec.js"`);
res.send(script);
});
return router;
}
function toDTO(f: Finding) {
return {
id: f.id.toString(),
sessionId: f.sessionId,
type: f.type.value,
severity: f.severity.value,
description: f.description,
status: f.status.value,
browser: f.browser,
browserVersion: f.browserVersion,
actionTraceLength: f.actionTrace.length,
evidence: f.evidence.toJSON(),
aiEnrichment: f.aiEnrichment ?? null,
createdAt: f.createdAt.toISOString(),
resolvedAt: f.resolvedAt?.toISOString() ?? null,
};
}

153
src/modules/findings/infrastructure/repositories/KyselyFindingRepository.ts Normal file
View File

@@ -0,0 +1,153 @@
import { Kysely } from 'kysely';
import { Database, FindingTable } from '../../../../shared/infrastructure/DatabaseConnection';
import { IFindingRepository, FindingFilters } from '../../domain/ports/IFindingRepository';
import { Finding, FindingProps } from '../../domain/entities/Finding';
import { UniqueId } from '../../../../shared/domain/UniqueId';
import { Severity } from '../../domain/value-objects/Severity';
import { FindingType } from '../../domain/value-objects/FindingType';
import { FindingStatus } from '../../domain/value-objects/FindingStatus';
import { Evidence } from '../../domain/value-objects/Evidence';
import { IAction, IAIEnrichment, IHttpResponse } from '../../../../core/interfaces';
export class KyselyFindingRepository implements IFindingRepository {
constructor(private readonly db: Kysely<Database>) {}
async save(finding: Finding): Promise<void> {
const row: FindingTable = {
id: finding.id.toString(),
session_id: finding.sessionId,
type: finding.type.value,
severity: finding.severity.value,
description: finding.description,
status: finding.status.value,
action_trace_json: JSON.stringify(finding.actionTrace),
evidence_json: JSON.stringify(finding.evidence.toJSON()),
screenshot_path: finding.evidence.screenshotPath ?? null,
dom_snapshot_path: finding.evidence.domSnapshotPath ?? null,
browser: finding.browser ?? null,
browser_version: finding.browserVersion ?? null,
ai_enrichment_json: finding.aiEnrichment ? JSON.stringify(finding.aiEnrichment) : null,
created_at: finding.createdAt.getTime(),
resolved_at: finding.resolvedAt ? finding.resolvedAt.getTime() : null,
};
await this.db.insertInto('findings').values(row).execute();
}
async findById(id: string): Promise<Finding | undefined> {
const row = await this.db
.selectFrom('findings')
.selectAll()
.where('id', '=', id)
.executeTakeFirst();
return row ? this.toDomain(row) : undefined;
}
async findAll(filters?: FindingFilters): Promise<Finding[]> {
let query = this.db.selectFrom('findings').selectAll();
if (filters?.sessionId) {
query = query.where('session_id', '=', filters.sessionId);
}
if (filters?.severity) {
query = query.where('severity', '=', filters.severity);
}
if (filters?.type) {
query = query.where('type', '=', filters.type);
}
if (filters?.status) {
query = query.where('status', '=', filters.status);
}
if (filters?.search) {
query = query.where('description', 'like', `%${filters.search}%`);
}
const rows = await query.orderBy('created_at', 'desc').execute();
return rows.map((row) => this.toDomain(row));
}
async update(finding: Finding): Promise<void> {
await this.db
.updateTable('findings')
.set({
status: finding.status.value,
ai_enrichment_json: finding.aiEnrichment ? JSON.stringify(finding.aiEnrichment) : null,
resolved_at: finding.resolvedAt ? finding.resolvedAt.getTime() : null,
})
.where('id', '=', finding.id.toString())
.execute();
}
async count(filters?: FindingFilters): Promise<number> {
let query = this.db.selectFrom('findings').select(eb => eb.fn.countAll<number>().as('cnt'));
if (filters?.sessionId) {
query = query.where('session_id', '=', filters.sessionId);
}
if (filters?.severity) {
query = query.where('severity', '=', filters.severity);
}
if (filters?.type) {
query = query.where('type', '=', filters.type);
}
if (filters?.status) {
query = query.where('status', '=', filters.status);
}
const result = await query.executeTakeFirst();
return Number(result?.cnt ?? 0);
}
async countBySeverity(): Promise<Record<string, number>> {
const rows = await this.db
.selectFrom('findings')
.select(['severity', eb => eb.fn.countAll<number>().as('cnt')])
.groupBy('severity')
.execute();
const result: Record<string, number> = {};
for (const row of rows) {
result[row.severity] = Number(row.cnt);
}
return result;
}
private toDomain(row: FindingTable): Finding {
const actionTrace = this.parseJson<IAction[]>(row.action_trace_json, []);
const evidenceData = this.parseJson<Record<string, unknown>>(row.evidence_json, {});
const aiEnrichment = row.ai_enrichment_json
? this.parseJson<IAIEnrichment>(row.ai_enrichment_json, undefined as unknown as IAIEnrichment)
: undefined;
const props: FindingProps = {
sessionId: row.session_id,
severity: Severity.fromString(row.severity),
type: FindingType.fromString(row.type),
description: row.description,
evidence: Evidence.create({
screenshotPath: row.screenshot_path ?? undefined,
domSnapshotPath: row.dom_snapshot_path ?? undefined,
httpLog: (evidenceData.httpLog as IHttpResponse[]) ?? [],
rawErrors: (evidenceData.rawErrors as string[]) ?? [],
}),
status: FindingStatus.fromString(row.status),
actionTrace,
browser: (row.browser as FindingProps['browser']) ?? undefined,
browserVersion: row.browser_version ?? undefined,
aiEnrichment,
createdAt: new Date(row.created_at),
resolvedAt: row.resolved_at ? new Date(row.resolved_at) : undefined,
};
return Finding.reconstitute(props, UniqueId.from(row.id));
}
private parseJson<T>(json: string, fallback: T): T {
try {
return JSON.parse(json) as T;
} catch {
return fallback;
}
}
}

19
src/shared/infrastructure/DatabaseConnection.ts
View File

@@ -119,6 +119,24 @@ export interface PerformanceMetricTable {
captured_at: number;
}
export interface FindingTable {
id: string;
session_id: string;
type: string;
severity: string;
description: string;
status: string;
action_trace_json: string;
evidence_json: string;
screenshot_path: string | null;
dom_snapshot_path: string | null;
browser: string | null;
browser_version: string | null;
ai_enrichment_json: string | null;
created_at: number;
resolved_at: number | null;
}
export interface Database {
sessions: SessionTable;
states: StateTable;
@@ -129,6 +147,7 @@ export interface Database {
visual_baselines: VisualBaselineTable;
visual_comparisons: VisualComparisonTable;
performance_metrics: PerformanceMetricTable;
findings: FindingTable;
}
export function createDatabase(config: { driver: string; path: string; url?: string }): Kysely<Database> {