docs: enterprise refactor plan with ralph specs

dist/plugins/fuzzers/strategies/BoundaryValueStrategy.js

@@ -0,0 +1,26 @@
+"use strict";
+/**
+ * BoundaryValueStrategy — tests values at the edges of expected ranges.
+ * Applies to: number, date.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BoundaryValueStrategy = void 0;
+class BoundaryValueStrategy {
+    constructor() {
+        this.name = 'BoundaryValueStrategy';
+    }
+    appliesTo(type) {
+        return type === 'number' || type === 'date';
+    }
+    values(type) {
+        switch (type) {
+            case 'number':
+                return ['0', '-1', '2147483647', '2147483648', '-2147483648'];
+            case 'date':
+                return ['1900-01-01', '2099-12-31', '1970-01-01'];
+            default:
+                return [];
+        }
+    }
+}
+exports.BoundaryValueStrategy = BoundaryValueStrategy;

dist/plugins/fuzzers/strategies/EmptyValueStrategy.js

@@ -0,0 +1,19 @@
+"use strict";
+/**
+ * EmptyValueStrategy — submits empty/whitespace values to catch missing server-side validation.
+ * Applies to: all input types.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EmptyValueStrategy = void 0;
+class EmptyValueStrategy {
+    constructor() {
+        this.name = 'EmptyValueStrategy';
+    }
+    appliesTo(_type) {
+        return true;
+    }
+    values() {
+        return ['', ' ', '\t'];
+    }
+}
+exports.EmptyValueStrategy = EmptyValueStrategy;

dist/plugins/fuzzers/strategies/OversizedStringStrategy.js

@@ -0,0 +1,28 @@
+"use strict";
+/**
+ * OversizedStringStrategy — submits strings far beyond expected length.
+ * Applies to: text, email, password, textarea.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OversizedStringStrategy = void 0;
+const APPLICABLE_TYPES = ['text', 'email', 'password', 'textarea'];
+class OversizedStringStrategy {
+    constructor(intensity) {
+        this.intensity = intensity;
+        this.name = 'OversizedStringStrategy';
+    }
+    appliesTo(type) {
+        return APPLICABLE_TYPES.includes(type);
+    }
+    values() {
+        switch (this.intensity) {
+            case 'low':
+                return ['A'.repeat(256)];
+            case 'medium':
+                return ['A'.repeat(1024)];
+            case 'high':
+                return ['A'.repeat(10000) + '日本語テスト𠮷野家'];
+        }
+    }
+}
+exports.OversizedStringStrategy = OversizedStringStrategy;

dist/plugins/fuzzers/strategies/SpecialCharsStrategy.js

@@ -0,0 +1,26 @@
+"use strict";
+/**
+ * SpecialCharsStrategy — injects characters that break SQL, HTML, and shell contexts.
+ * Applies to: text, email, search, textarea.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SpecialCharsStrategy = void 0;
+const APPLICABLE_TYPES = ['text', 'email', 'search', 'textarea'];
+class SpecialCharsStrategy {
+    constructor() {
+        this.name = 'SpecialCharsStrategy';
+    }
+    appliesTo(type) {
+        return APPLICABLE_TYPES.includes(type);
+    }
+    values() {
+        return [
+            "' OR 1=1 --",
+            '<script>alert(1)</script>',
+            '../../etc/passwd',
+            '${7*7}',
+            '\x00\x01\x02',
+        ];
+    }
+}
+exports.SpecialCharsStrategy = SpecialCharsStrategy;

dist/plugins/fuzzers/strategies/TypeMismatchStrategy.js

@@ -0,0 +1,31 @@
+"use strict";
+/**
+ * TypeMismatchStrategy — submits wrong data types for the detected field type.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TypeMismatchStrategy = void 0;
+class TypeMismatchStrategy {
+    constructor() {
+        this.name = 'TypeMismatchStrategy';
+    }
+    appliesTo(type) {
+        return ['email', 'number', 'date', 'url', 'phone'].includes(type);
+    }
+    values(type) {
+        switch (type) {
+            case 'email':
+                return ['not-an-email', '12345', '@@@'];
+            case 'number':
+                return ['abc', '-999999', '9.9.9', 'NaN'];
+            case 'date':
+                return ['yesterday', '32/13/2025', '0000-00-00'];
+            case 'url':
+                return ['javascript:alert(1)', 'not a url'];
+            case 'phone':
+                return ['000', '++++', 'abcdefghij'];
+            default:
+                return [];
+        }
+    }
+}
+exports.TypeMismatchStrategy = TypeMismatchStrategy;