kitos/Autonomous-Bug-Explorer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Autonomous-Bug-Explorer/README.md
debian c3911bafe8 fase(25): polish and quality improvements 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-08 06:15:16 -04:00

154 lines
4.6 KiB
Markdown
Raw Permalink Blame History

# ABE — Autonomous Bug Explorer
> "Playwright discovers what you test. ABE discovers what you miss."
[![Build](https://img.shields.io/github/actions/workflow/status/your-org/abe/ci.yml?branch=main)](https://github.com/your-org/abe/actions)
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
[![TypeScript](https://img.shields.io/badge/TypeScript-5.x-blue)](https://www.typescriptlang.org/)
[![Node.js](https://img.shields.io/badge/Node.js-20-green)](https://nodejs.org/)
ABE is an **enterprise self-hosted platform** for autonomous web application bug discovery. It explores apps like a real user, injects invalid inputs (fuzzing), detects anomalies, and generates reproducible bug reports.
---
## Features
- **Autonomous Exploration** — BFS-based state graph exploration with deterministic seeds
- **Smart Fuzzing** — 5 strategies: empty, oversized, special characters, type mismatch, boundary values
- **Visual Regression** — pixel-level screenshot comparison with Playwright + pixelmatch
- **Accessibility Auditing** — WCAG violations via axe-core
- **Reproducible Reports** — generates Playwright test scripts, Markdown, JSON, PDF reports
- **Real-time Dashboard** — live WebSocket feed with severity charts and KPI cards
- **Auth & RBAC** — multi-user, organizations, roles (owner/admin/member/viewer), API keys
- **Integrations** — Slack, GitHub Issues, Jira, custom webhooks
- **Scheduling** — cron-based automated explorations
- **CLI + CI/CD** — JUnit XML output, GitHub Actions integration
- **API Documentation** — OpenAPI 3.1 + Scalar UI at `/api-docs`
- **Licensing** — RSA-signed license keys with feature gating (Free/Pro/Enterprise)
---
## Quick Start
### Prerequisites
- Node.js 20+
- npm 10+
### Development
```bash
# Install dependencies
npm install
cd frontend && npm install && cd ..
# Start development servers
npm run dev # Backend on :3001
cd frontend && npm run dev # Frontend on :5173
# Database migrations
npm run db:migrate
# Run tests
npm run test
# Build
npm run build
cd frontend && npm run build
```
### Docker
```bash
# Start all services
docker compose up -d --build
# Production
docker compose -f docker-compose.prod.yml up -d --build
```
The app will be available at `http://localhost:5173`.
---
## CLI Usage
```bash
# Run an exploration
node dist/cli/abe.js explore --url https://example.com \
--output json \
--fail-on-severity high
# Generate a report
node dist/cli/abe.js report --session SESSION_ID
# Check server status
node dist/cli/abe.js status
```
### CI/CD Integration
```yaml
# .github/workflows/abe.yml
- uses: ./.github/actions/abe-explore
with:
url: https://staging.example.com
fail-on-severity: high
api-key: ${{ secrets.ABE_API_KEY }}
```
---
## Architecture
ABE uses a **modular monolith hexagonal architecture** with bounded contexts:
```
src/
├── shared/ → Domain building blocks (Entity, ValueObject, Result, EventBus)
├── modules/
│ ├── crawling/ → Session management + Playwright crawler
│ ├── fuzzing/ → Input fuzzing strategies
│ ├── findings/ → Bug report lifecycle
│ ├── auth/ → Users, organizations, RBAC
│ ├── reporting/ → PDF/HTML/JSON report generation
│ ├── integrations/→ Slack, GitHub, Jira, webhooks
│ ├── scheduling/ → Cron-based automation
│ ├── licensing/ → RSA license validation
│ └── visual-regression/ → Screenshot comparison
├── api/ → Express server + OpenAPI docs
├── realtime/ → Socket.io gateway
├── jobs/ → SQLite-backed job queue
└── cli/ → Commander CLI
```
**Architectural rules:**
1. Domain never imports infrastructure
2. Cross-module communication only via EventBus
3. Use cases return `Result<T, E>`, never throw
4. Controllers are thin — delegate to use cases
---
## API Documentation
Once running, visit `http://localhost:3001/api-docs` for the interactive Scalar API reference.
Endpoints:
- `POST /api/auth/register` — Register
- `POST /api/auth/login` — Login
- `GET /api/sessions` — List explorations
- `POST /api/sessions` — Start exploration
- `GET /api/findings` — List findings
- `POST /api/reports` — Generate report
- `GET /api/schedules` — List schedules
- `GET /api/visual/comparisons` — Visual regression review
---
## License
ABE core is open-source under the [MIT License](LICENSE).
Enterprise features (SSO, LDAP, advanced audit logs) require a commercial license. See [LICENSE-ENTERPRISE](LICENSE-ENTERPRISE).
Reference in New Issue View Git Blame Copy Permalink