From 40d2103e3c6f70d9f2f551d5bb1dff00b73b8095 Mon Sep 17 00:00:00 2001 From: Mariusz Banach Date: Wed, 18 Feb 2026 05:10:17 +0100 Subject: [PATCH] MAESTRO: document web UI setup and tests --- ...Kit-web-header-analyzer-Phase-09-Polish.md | 3 +- README.md | 73 ++++++++++++++++++- 2 files changed, 74 insertions(+), 2 deletions(-) diff --git a/Auto Run Docs/SpecKit-web-header-analyzer-Phase-09-Polish.md b/Auto Run Docs/SpecKit-web-header-analyzer-Phase-09-Polish.md index e7a3519..7c48252 100644 --- a/Auto Run Docs/SpecKit-web-header-analyzer-Phase-09-Polish.md +++ b/Auto Run Docs/SpecKit-web-header-analyzer-Phase-09-Polish.md @@ -24,7 +24,8 @@ This phase performs final integration, accessibility audit, responsive testing, - [x] T050 [P] Run full test suites and verify coverage — `pytest backend/tests/ --cov` ≥80% new modules (NFR-06); `npx vitest run --coverage` ≥80% new components (NFR-07). Add missing tests if coverage is below threshold. Notes: added pytest-cov + coverage-v8 deps; reset legacy adapter context to avoid cross-run state, updated HomePage test for report container; `pytest backend/tests/ --cov` passes and backend/app coverage 82%; `npx vitest run --coverage` passes with 83.35% overall. - [x] T051 [P] Verify initial page load <3s on simulated 4G (constitution P7). Use Lighthouse with Slow 4G preset. Target score ≥90. Fix blocking resources or missing lazy-loading if score is below target. Notes: Lighthouse CLI (perf preset, mobile form factor, Slow 4G simulate) on http://localhost:3100 scored 91; LCP 2.46s, TTI 2.55s, FCP 0.75s, no blocking fixes required. - [x] T052 [P] Benchmark analysis performance — full analysis of `backend/tests/fixtures/sample_headers.txt` completes within 10s (NFR-01). Profile slow scanners. Document results. Optimise if any scanner exceeds acceptable threshold. Notes: ran analyzer benchmark (0.34s, 106 tests) and per-scanner profiling; slowest was Domain Impersonation at 239ms. Documented in `docs/research/analysis-performance-benchmark.md`. -- [ ] T053 Update `README.md` with web interface section: description, local run instructions for backend (`uvicorn backend.app.main:app`) and frontend (`npm run dev`), environment variable documentation, test run commands (`pytest`, `vitest`, `playwright test`), screenshots placeholder +- [x] T053 Update `README.md` with web interface section: description, local run instructions for backend (`uvicorn backend.app.main:app`) and frontend (`npm run dev`), environment variable documentation, test run commands (`pytest`, `vitest`, `playwright test`), screenshots placeholder + Notes: added web UI overview, backend/frontend run steps, environment variable tables (WHA + NEXT_PUBLIC), test command blocks, and screenshot placeholders. ## Completion diff --git a/README.md b/README.md index fe75b4f..9cdd998 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,77 @@ Resulting output will contain useful information on why this e-mail might have b In order to embellish your Phishing HTML code before sending it to your client, you might also want feed it into my [`phishing-HTML-linter.py`](https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing/phishing-HTML-linter.py). It does pretty decent job finding _bad smells_ in your HTML that will get your e-mail with increased Spam-score. +## Web Interface + +The web UI provides an interactive workflow for pasting headers or dropping EML files, configuring checks, running the analysis with live progress, and exporting a report. + +### Local Development + +1. Start the backend API: + +``` +uvicorn backend.app.main:app --reload --host 0.0.0.0 --port 8000 +``` + +2. Start the frontend: + +``` +cd frontend +npm install +npm run dev +``` + +3. Open `http://localhost:3000` in your browser. + +### Environment Variables + +Backend configuration (defaults shown): + +| Variable | Default | Description | +| --- | --- | --- | +| `WHA_CORS_ORIGINS` | `http://localhost:3000` | Allowed CORS origins (comma-separated or JSON array). | +| `WHA_RATE_LIMIT_REQUESTS` | `60` | Max requests per rate-limit window. | +| `WHA_RATE_LIMIT_WINDOW_SECONDS` | `60` | Rate-limit window duration in seconds. | +| `WHA_CAPTCHA_SECRET` | random | Secret used to sign CAPTCHA bypass tokens. | +| `WHA_CAPTCHA_CHALLENGE_TTL_SECONDS` | `300` | CAPTCHA challenge TTL in seconds. | +| `WHA_CAPTCHA_BYPASS_TTL_SECONDS` | `300` | CAPTCHA bypass token TTL in seconds. | +| `WHA_ANALYSIS_TIMEOUT_SECONDS` | `30` | Hard timeout for a single analysis in seconds. | +| `WHA_DEBUG` | `false` | Enable debug mode. | +| `WHA_VERSION` | unset | Overrides the version reported by `/api/health`. | + +Frontend configuration: + +| Variable | Default | Description | +| --- | --- | --- | +| `NEXT_PUBLIC_API_BASE_URL` | `http://localhost:8000` | Base URL for the backend API. | + +### Tests + +Backend tests: + +``` +pytest backend/tests/ +``` + +Frontend unit tests and coverage: + +``` +cd frontend +npx vitest run --coverage +``` + +Frontend E2E tests: + +``` +cd frontend +npx playwright test +``` + +### Screenshots (Web UI) + +- `TODO: Add header input + controls view` +- `TODO: Add analysis progress + report view` + ### Example Screenshots @@ -699,4 +770,4 @@ This and other projects are outcome of sleepless nights and **plenty of hard wor ``` Mariusz Banach / mgeeky, (@mariuszbit) -``` \ No newline at end of file +```