@a13xu/lucid 1.9.5 → 1.11.0

package/build/tools/webdev/security-scan.js

@@ -0,0 +1,247 @@
+import { z } from "zod";
+// ---------------------------------------------------------------------------
+// Schema
+// ---------------------------------------------------------------------------
+export const SecurityScanSchema = z.object({
+    code: z.string().describe("Code snippet to scan for security vulnerabilities"),
+    language: z
+        .enum(["javascript", "typescript", "html", "vue"])
+        .describe("Code language"),
+    context: z
+        .enum(["frontend", "backend", "api"])
+        .describe("Execution context (affects which rules apply)"),
+});
+const RULES = [
+    // XSS
+    {
+        id: "xss-innerhtml",
+        category: "XSS",
+        severity: "critical",
+        contexts: ["frontend", "all"],
+        pattern: /\.innerHTML\s*=/g,
+        message: "Direct innerHTML assignment is vulnerable to XSS",
+        remediation: "Use textContent for text, or DOMPurify.sanitize() before setting innerHTML",
+    },
+    {
+        id: "xss-dangerouslysetinnerhtml",
+        category: "XSS",
+        severity: "critical",
+        contexts: ["frontend", "all"],
+        pattern: /dangerouslySetInnerHTML/g,
+        message: "dangerouslySetInnerHTML can enable XSS if content is not sanitized",
+        remediation: "Sanitize HTML with DOMPurify before using dangerouslySetInnerHTML={{ __html: sanitized }}",
+    },
+    {
+        id: "xss-v-html",
+        category: "XSS",
+        severity: "critical",
+        contexts: ["frontend", "all"],
+        pattern: /v-html\s*=/g,
+        message: "v-html renders raw HTML and is vulnerable to XSS",
+        remediation: "Sanitize with DOMPurify: v-html=\"sanitize(content)\" where sanitize = DOMPurify.sanitize",
+    },
+    {
+        id: "xss-document-write",
+        category: "XSS",
+        severity: "high",
+        contexts: ["frontend", "all"],
+        pattern: /document\.write\s*\(/g,
+        message: "document.write() can enable XSS and blocks page rendering",
+        remediation: "Use DOM manipulation APIs (createElement, appendChild) instead",
+    },
+    // Injection
+    {
+        id: "injection-eval",
+        category: "Code Injection",
+        severity: "critical",
+        contexts: ["frontend", "backend", "api", "all"],
+        pattern: /\beval\s*\(/g,
+        message: "eval() executes arbitrary code — critical injection vulnerability",
+        remediation: "Remove eval(). Use JSON.parse() for data, or a proper AST parser for code",
+    },
+    {
+        id: "injection-function-constructor",
+        category: "Code Injection",
+        severity: "critical",
+        contexts: ["frontend", "backend", "api", "all"],
+        pattern: /new\s+Function\s*\(/g,
+        message: "new Function() is equivalent to eval() — executes arbitrary code",
+        remediation: "Avoid dynamic code execution. Use configuration objects or strategy patterns",
+    },
+    {
+        id: "injection-settimeout-string",
+        category: "Code Injection",
+        severity: "high",
+        contexts: ["frontend", "backend", "api", "all"],
+        // setTimeout("code", ...) or setInterval("code", ...)
+        pattern: /(?:setTimeout|setInterval)\s*\(\s*["'`]/g,
+        message: "Passing a string to setTimeout/setInterval is equivalent to eval()",
+        remediation: "Use an arrow function: setTimeout(() => yourCode(), delay)",
+    },
+    {
+        id: "injection-sql-concat",
+        category: "SQL Injection",
+        severity: "critical",
+        contexts: ["backend", "api"],
+        // String concat into what looks like a SQL query
+        pattern: /(?:SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)[^;]*\+\s*(?:req\.|request\.|params\.|query\.|body\.)/gi,
+        message: "String-concatenated SQL query is vulnerable to SQL injection",
+        remediation: "Use parameterized queries or a query builder (Knex, Prisma, TypeORM)",
+    },
+    // Exposed secrets
+    {
+        id: "secret-hardcoded-key",
+        category: "Exposed Secret",
+        severity: "critical",
+        contexts: ["frontend", "backend", "api", "all"],
+        // API key patterns: long hex/base64 strings assigned to a key variable
+        pattern: /(?:api[_-]?key|secret|password|token|private[_-]?key)\s*[:=]\s*["'][A-Za-z0-9+/=_\-]{16,}["']/gi,
+        message: "Hardcoded secret or API key detected in source code",
+        remediation: "Move secrets to environment variables. Use process.env.YOUR_SECRET and add to .gitignore/.env",
+    },
+    {
+        id: "secret-private-key-pem",
+        category: "Exposed Secret",
+        severity: "critical",
+        contexts: ["frontend", "backend", "api", "all"],
+        pattern: /-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/g,
+        message: "Private key material embedded in source code",
+        remediation: "Store private keys in environment variables or a secrets manager (AWS Secrets Manager, Vault)",
+    },
+    // Open redirect
+    {
+        id: "open-redirect",
+        category: "Open Redirect",
+        severity: "high",
+        contexts: ["backend", "api", "frontend"],
+        // redirect() or res.redirect() with user-controlled param
+        pattern: /(?:res\.redirect|router\.push|window\.location)\s*\(\s*(?:req\.|request\.|params\.|query\.|body\.|\$route\.)/g,
+        message: "Potential open redirect: user-controlled URL used in redirect",
+        remediation: "Validate redirect URLs against an allowlist before redirecting",
+    },
+    // Prototype pollution
+    {
+        id: "prototype-pollution",
+        category: "Prototype Pollution",
+        severity: "high",
+        contexts: ["backend", "api", "all"],
+        pattern: /\[["']__proto__["']\]|\[["']constructor["']\]\s*\[["']prototype["']\]/g,
+        message: "Prototype pollution vector detected",
+        remediation: "Use Object.create(null) for untrusted data containers, or validate against Object.prototype keys",
+    },
+    // Unsafe deserialization
+    {
+        id: "unsafe-deserialize",
+        category: "Unsafe Deserialization",
+        severity: "high",
+        contexts: ["backend", "api"],
+        pattern: /require\s*\(\s*["']node-serialize["']\)|unserialize\s*\(/g,
+        message: "Unsafe deserialization can lead to remote code execution",
+        remediation: "Use JSON.parse() for data exchange. Avoid node-serialize with untrusted input",
+    },
+    // CSRF
+    {
+        id: "csrf-no-token",
+        category: "CSRF",
+        severity: "medium",
+        contexts: ["backend", "api"],
+        // POST/PUT/DELETE route handler without csrf token check
+        pattern: /router\s*\.\s*(?:post|put|patch|delete)\s*\(/g,
+        message: "Mutating HTTP route — verify CSRF protection is configured (csurf middleware or SameSite cookies)",
+        remediation: "Use csurf middleware or ensure SameSite=Strict/Lax cookie attribute is set for session cookies",
+    },
+    // Path traversal
+    {
+        id: "path-traversal",
+        category: "Path Traversal",
+        severity: "high",
+        contexts: ["backend", "api"],
+        pattern: /(?:readFile|createReadStream|readFileSync)\s*\([^)]*(?:req\.|request\.|params\.|query\.|body\.)/g,
+        message: "File path derived from user input — potential path traversal vulnerability",
+        remediation: "Validate and sanitize file paths: use path.resolve() + path.relative() to ensure path stays within allowed directory",
+    },
+    // Headers
+    {
+        id: "cors-wildcard",
+        category: "Insecure CORS",
+        severity: "medium",
+        contexts: ["backend", "api"],
+        pattern: /Access-Control-Allow-Origin['":\s]*[*]/g,
+        message: "Wildcard CORS origin allows any domain to make credentialed requests",
+        remediation: "Specify allowed origins explicitly: Access-Control-Allow-Origin: https://yourdomain.com",
+    },
+];
+// ---------------------------------------------------------------------------
+// Analyzer
+// ---------------------------------------------------------------------------
+function scanCode(code, language, context) {
+    const lines = code.split("\n");
+    const issues = [];
+    for (const rule of RULES) {
+        const appliesToContext = rule.contexts.includes("all") || rule.contexts.includes(context);
+        if (!appliesToContext)
+            continue;
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Skip comment lines
+            if (/^\s*\/\/|^\s*\*|^\s*#/.test(line))
+                continue;
+            const re = new RegExp(rule.pattern.source, rule.pattern.flags.replace("g", "") + "g");
+            let match;
+            while ((match = re.exec(line)) !== null) {
+                issues.push({
+                    line: i + 1,
+                    severity: rule.severity,
+                    category: rule.category,
+                    message: rule.message,
+                    remediation: rule.remediation,
+                });
+                if (match.index === re.lastIndex)
+                    re.lastIndex++;
+            }
+        }
+    }
+    const order = { critical: 0, high: 1, medium: 2, low: 3 };
+    issues.sort((a, b) => order[a.severity] - order[b.severity] || a.line - b.line);
+    return issues;
+}
+// ---------------------------------------------------------------------------
+// Formatter
+// ---------------------------------------------------------------------------
+const SEV_ICON = {
+    critical: "🔴",
+    high: "🟠",
+    medium: "🟡",
+    low: "🔵",
+};
+// ---------------------------------------------------------------------------
+// Handler
+// ---------------------------------------------------------------------------
+// Example call:
+//   handleSecurityScan({ code: 'element.innerHTML = userInput;', language: "javascript", context: "frontend" })
+export function handleSecurityScan(args) {
+    const { code, language, context } = args;
+    const issues = scanCode(code, language, context);
+    if (issues.length === 0) {
+        return (`✅ No security issues found (${language}, ${context} context).\n\n` +
+            `💡 Note: Automated scanning cannot replace a full security review. ` +
+            `This tool checks for common patterns (XSS, injection, exposed secrets, etc.). ` +
+            `Manual review and dynamic testing are still necessary.`);
+    }
+    const counts = { critical: 0, high: 0, medium: 0, low: 0 };
+    for (const i of issues)
+        counts[i.severity]++;
+    const lines = [
+        `🔐 Security Scan — ${language} (${context} context)`,
+        `Found ${issues.length} issue(s): 🔴 ${counts.critical} critical  🟠 ${counts.high} high  🟡 ${counts.medium} medium  🔵 ${counts.low} low`,
+        ``,
+    ];
+    for (const issue of issues) {
+        lines.push(`${SEV_ICON[issue.severity]} Line ${issue.line} — ${issue.category}`, `   ${issue.message}`, `   Fix: ${issue.remediation}`, ``);
+    }
+    lines.push(`💡 Reasoning: Scanned for ${context} security patterns including XSS vectors, ` +
+        `injection points, hardcoded secrets, open redirects, and prototype pollution. ` +
+        `Address 🔴 critical issues immediately. ` +
+        `This static scan complements but does not replace DAST (dynamic testing) and manual code review.`);
+    return lines.join("\n");
+}

package/build/tools/webdev/seo-meta.d.ts

@@ -0,0 +1,24 @@
+import { z } from "zod";
+export declare const SeoMetaSchema: z.ZodObject<{
+    title: z.ZodString;
+    description: z.ZodString;
+    keywords: z.ZodArray<z.ZodString, "many">;
+    page_type: z.ZodEnum<["article", "product", "landing", "home"]>;
+    url: z.ZodOptional<z.ZodString>;
+    image_url: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    description: string;
+    title: string;
+    keywords: string[];
+    page_type: "article" | "product" | "landing" | "home";
+    url?: string | undefined;
+    image_url?: string | undefined;
+}, {
+    description: string;
+    title: string;
+    keywords: string[];
+    page_type: "article" | "product" | "landing" | "home";
+    url?: string | undefined;
+    image_url?: string | undefined;
+}>;
+export declare function handleSeoMeta(args: z.infer<typeof SeoMetaSchema>): string;

package/build/tools/webdev/seo-meta.js

@@ -0,0 +1,114 @@
+import { z } from "zod";
+// ---------------------------------------------------------------------------
+// Schema
+// ---------------------------------------------------------------------------
+export const SeoMetaSchema = z.object({
+    title: z.string().describe("Page title"),
+    description: z.string().describe("Page meta description (≤160 chars recommended)"),
+    keywords: z.array(z.string()).describe("SEO keywords"),
+    page_type: z
+        .enum(["article", "product", "landing", "home"])
+        .describe("Page type for structured data"),
+    url: z.string().optional().describe("Canonical page URL"),
+    image_url: z.string().optional().describe("OG/Twitter image URL"),
+});
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function buildJsonLd(type, title, description, url, imageUrl) {
+    const base = {
+        "@context": "https://schema.org",
+        name: title,
+        description,
+        ...(url ? { url } : {}),
+        ...(imageUrl ? { image: imageUrl } : {}),
+    };
+    switch (type) {
+        case "article":
+            return {
+                ...base,
+                "@type": "Article",
+                headline: title,
+                datePublished: new Date().toISOString().split("T")[0],
+                author: { "@type": "Person", name: "Author" },
+            };
+        case "product":
+            return {
+                ...base,
+                "@type": "Product",
+                offers: {
+                    "@type": "Offer",
+                    priceCurrency: "USD",
+                    price: "0.00",
+                    availability: "https://schema.org/InStock",
+                },
+            };
+        case "home":
+            return {
+                ...base,
+                "@type": "WebSite",
+                potentialAction: {
+                    "@type": "SearchAction",
+                    target: `${url ?? ""}/search?q={search_term_string}`,
+                    "query-input": "required name=search_term_string",
+                },
+            };
+        default: // landing
+            return { ...base, "@type": "WebPage" };
+    }
+}
+// ---------------------------------------------------------------------------
+// Handler
+// ---------------------------------------------------------------------------
+// Example call:
+//   handleSeoMeta({ title: "Buy Widgets", description: "Best widgets online", keywords: ["widget", "shop"], page_type: "product", url: "https://example.com/widgets", image_url: "https://example.com/og.jpg" })
+export function handleSeoMeta(args) {
+    const { title, description, keywords, page_type, url, image_url } = args;
+    const canonicalUrl = url ?? "https://example.com/YOUR_PAGE";
+    const ogImage = image_url ?? "https://example.com/og-image.jpg";
+    const keywordStr = keywords.join(", ");
+    const jsonLd = buildJsonLd(page_type, title, description, canonicalUrl, ogImage);
+    const jsonLdStr = JSON.stringify(jsonLd, null, 2);
+    const descWarning = description.length > 160
+        ? `\n⚠️  Description is ${description.length} chars (recommended ≤160)`
+        : "";
+    const metaTags = `<!-- Primary Meta Tags -->
+<title>${title}</title>
+<meta name="title" content="${title}" />
+<meta name="description" content="${description}" />
+<meta name="keywords" content="${keywordStr}" />
+<link rel="canonical" href="${canonicalUrl}" />
+
+<!-- Open Graph / Facebook -->
+<meta property="og:type" content="${page_type === "article" ? "article" : "website"}" />
+<meta property="og:url" content="${canonicalUrl}" />
+<meta property="og:title" content="${title}" />
+<meta property="og:description" content="${description}" />
+<meta property="og:image" content="${ogImage}" />
+
+<!-- Twitter Card -->
+<meta name="twitter:card" content="summary_large_image" />
+<meta name="twitter:url" content="${canonicalUrl}" />
+<meta name="twitter:title" content="${title}" />
+<meta name="twitter:description" content="${description}" />
+<meta name="twitter:image" content="${ogImage}" />
+
+<!-- JSON-LD Structured Data -->
+<script type="application/ld+json">
+${jsonLdStr}
+</script>`;
+    const lines = [
+        `✅ SEO meta for: ${title}${descWarning}`,
+        `📄 Page type: ${page_type} | Keywords: ${keywords.length}`,
+        ``,
+        "```html",
+        metaTags,
+        "```",
+        ``,
+        `💡 Reasoning: Generated complete SEO metadata including primary tags, Open Graph, ` +
+            `Twitter Card, and ${page_type} JSON-LD structured data. ` +
+            `Replace placeholder URLs with your actual canonical URL and OG image. ` +
+            `For Next.js, use the \`metadata\` export. For Nuxt, use \`useHead()\`.`,
+    ];
+    return lines.join("\n");
+}

package/build/tools/webdev/test-generator.d.ts

@@ -0,0 +1,18 @@
+import { z } from "zod";
+export declare const TestGeneratorSchema: z.ZodObject<{
+    code: z.ZodString;
+    test_framework: z.ZodEnum<["vitest", "jest", "playwright"]>;
+    test_type: z.ZodEnum<["unit", "integration", "e2e"]>;
+    component_framework: z.ZodDefault<z.ZodOptional<z.ZodEnum<["vue", "react", "none"]>>>;
+}, "strip", z.ZodTypeAny, {
+    code: string;
+    test_framework: "vitest" | "jest" | "playwright";
+    test_type: "unit" | "integration" | "e2e";
+    component_framework: "vue" | "none" | "react";
+}, {
+    code: string;
+    test_framework: "vitest" | "jest" | "playwright";
+    test_type: "unit" | "integration" | "e2e";
+    component_framework?: "vue" | "none" | "react" | undefined;
+}>;
+export declare function handleTestGenerator(args: z.infer<typeof TestGeneratorSchema>): string;

package/build/tools/webdev/test-generator.js

@@ -0,0 +1,269 @@
+import { z } from "zod";
+// ---------------------------------------------------------------------------
+// Schema
+// ---------------------------------------------------------------------------
+export const TestGeneratorSchema = z.object({
+    code: z.string().describe("Source code of the function, component, or API handler to test"),
+    test_framework: z
+        .enum(["vitest", "jest", "playwright"])
+        .describe("Test framework to use"),
+    test_type: z
+        .enum(["unit", "integration", "e2e"])
+        .describe("Type of tests to generate"),
+    component_framework: z
+        .enum(["vue", "react", "none"])
+        .optional()
+        .default("none")
+        .describe("Frontend framework (for component tests)"),
+});
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/** Extract a function/component name from source code for use in test labels */
+function extractName(code) {
+    const patterns = [
+        /export\s+(?:default\s+)?(?:async\s+)?function\s+(\w+)/,
+        /export\s+const\s+(\w+)\s*=/,
+        /const\s+(\w+)\s*=.*=>/,
+        /class\s+(\w+)/,
+        /def\s+(\w+)\s*\(/,
+    ];
+    for (const re of patterns) {
+        const m = code.match(re);
+        if (m?.[1])
+            return m[1];
+    }
+    return "subject";
+}
+function buildVitestUnit(name, code, component) {
+    if (component === "vue") {
+        return `import { describe, it, expect, vi } from "vitest";
+import { mount } from "@vue/test-utils";
+import ${name} from "./${name}.vue";
+
+describe("${name}", () => {
+  it("renders without errors", () => {
+    const wrapper = mount(${name});
+    expect(wrapper.exists()).toBe(true);
+  });
+
+  it("renders with default props", () => {
+    const wrapper = mount(${name}, {
+      props: {
+        // TODO: add required props
+      },
+    });
+    expect(wrapper.html()).toMatchSnapshot();
+  });
+
+  it("emits expected events", async () => {
+    const wrapper = mount(${name});
+    // TODO: trigger interaction
+    // await wrapper.find("button").trigger("click");
+    // expect(wrapper.emitted()).toHaveProperty("update");
+  });
+
+  it("handles empty/null props gracefully", () => {
+    // TODO: mount with edge-case props
+    expect(() => mount(${name}, { props: {} })).not.toThrow();
+  });
+});`;
+    }
+    if (component === "react") {
+        return `import { describe, it, expect, vi } from "vitest";
+import { render, screen, fireEvent } from "@testing-library/react";
+import { ${name} } from "./${name}";
+
+describe("${name}", () => {
+  it("renders without crashing", () => {
+    const { container } = render(<${name} />);
+    expect(container).toBeTruthy();
+  });
+
+  it("renders expected content", () => {
+    render(<${name} />);
+    // TODO: assert visible text/elements
+    // expect(screen.getByText("Expected Text")).toBeInTheDocument();
+  });
+
+  it("handles user interaction", async () => {
+    const onAction = vi.fn();
+    render(<${name} onAction={onAction} />);
+    // TODO: trigger interaction
+    // fireEvent.click(screen.getByRole("button"));
+    // expect(onAction).toHaveBeenCalledOnce();
+  });
+
+  it("handles edge cases (empty, null, undefined props)", () => {
+    // TODO: render with edge-case props
+    expect(() => render(<${name} />)).not.toThrow();
+  });
+});`;
+    }
+    // Pure function
+    return `import { describe, it, expect, vi, beforeEach } from "vitest";
+import { ${name} } from "./${name}";
+
+describe("${name}", () => {
+  // Happy path
+  it("returns correct result for typical input", () => {
+    // TODO: replace with real input/output
+    const result = ${name}(/* happy path args */);
+    expect(result).toBeDefined();
+  });
+
+  // Edge cases
+  it("handles empty input", () => {
+    // TODO: empty/zero/null input
+    // expect(${name}("")).toEqual(/* expected */);
+  });
+
+  it("handles boundary values", () => {
+    // TODO: boundary conditions
+    // expect(${name}(0)).toBe(/* expected */);
+    // expect(${name}(Number.MAX_SAFE_INTEGER)).toBe(/* expected */);
+  });
+
+  // Error path
+  it("throws on invalid input", () => {
+    expect(() => ${name}(/* invalid args */)).toThrow();
+  });
+
+  // Mocks
+  it("calls dependencies with correct arguments", () => {
+    const mockDep = vi.fn().mockReturnValue("mocked");
+    vi.mock("./${name}", () => ({ dependency: mockDep }));
+    ${name}(/* args with mock */);
+    // expect(mockDep).toHaveBeenCalledWith(/* expected args */);
+  });
+});`;
+}
+function buildJestUnit(name, code, component) {
+    const vitestVersion = buildVitestUnit(name, code, component);
+    return vitestVersion
+        .replace(/from "vitest"/g, 'from "@jest/globals"')
+        .replace(/import \{ describe, it, expect, vi, beforeEach \} from "@jest\/globals";/, `import { describe, it, expect, jest, beforeEach } from "@jest/globals";`)
+        .replace(/vi\.fn/g, "jest.fn")
+        .replace(/vi\.mock/g, "jest.mock")
+        .replace(/vi\.spyOn/g, "jest.spyOn");
+}
+function buildPlaywrightE2E(name) {
+    return `import { test, expect, type Page } from "@playwright/test";
+
+// E2E tests for: ${name}
+// These run in a real browser — start your dev server first.
+
+test.describe("${name} — E2E", () => {
+  test.beforeEach(async ({ page }: { page: Page }) => {
+    // TODO: navigate to the page under test
+    await page.goto("http://localhost:3000/YOUR_ROUTE");
+  });
+
+  test("page loads and shows expected content", async ({ page }: { page: Page }) => {
+    await expect(page).toHaveTitle(/TODO: expected title/);
+    // await expect(page.getByRole("heading", { level: 1 })).toBeVisible();
+  });
+
+  test("primary user flow completes successfully", async ({ page }: { page: Page }) => {
+    // TODO: simulate the main user journey
+    // await page.getByLabel("Email").fill("user@example.com");
+    // await page.getByRole("button", { name: "Submit" }).click();
+    // await expect(page.getByText("Success")).toBeVisible();
+  });
+
+  test("error state is shown for invalid input", async ({ page }: { page: Page }) => {
+    // TODO: trigger error state
+    // await page.getByRole("button", { name: "Submit" }).click();
+    // await expect(page.getByRole("alert")).toBeVisible();
+  });
+
+  test("is accessible (no critical violations)", async ({ page }: { page: Page }) => {
+    // Requires @axe-core/playwright
+    // const accessibilityScanResults = await new AxeBuilder({ page }).analyze();
+    // expect(accessibilityScanResults.violations).toEqual([]);
+  });
+});`;
+}
+function buildIntegrationTest(name, framework) {
+    const importLine = framework === "vitest"
+        ? 'import { describe, it, expect, vi, beforeAll, afterAll } from "vitest";'
+        : 'import { describe, it, expect, jest, beforeAll, afterAll } from "@jest/globals";';
+    return `${importLine}
+// Integration tests for: ${name}
+// These tests use real implementations (DB, filesystem, network) or heavy mocks.
+
+describe("${name} — Integration", () => {
+  beforeAll(async () => {
+    // TODO: set up test database / test server
+    // await setupTestDb();
+  });
+
+  afterAll(async () => {
+    // TODO: tear down
+    // await cleanupTestDb();
+  });
+
+  it("handles the full happy-path workflow", async () => {
+    // TODO: end-to-end through real layers
+    // const result = await ${name}(realDependency, realArgs);
+    // expect(result).toMatchObject({ status: "ok" });
+  });
+
+  it("rolls back on error (atomicity)", async () => {
+    // TODO: inject failure, verify no side-effects persisted
+  });
+
+  it("respects authorization boundaries", async () => {
+    // TODO: call with unauthorized context, expect rejection
+  });
+});`;
+}
+// ---------------------------------------------------------------------------
+// Handler
+// ---------------------------------------------------------------------------
+// Example call:
+//   handleTestGenerator({ code: "export function add(a, b) { return a + b; }", test_framework: "vitest", test_type: "unit", component_framework: "none" })
+export function handleTestGenerator(args) {
+    const { code, test_framework, test_type, component_framework } = args;
+    const name = extractName(code);
+    const cf = component_framework ?? "none";
+    let testCode;
+    let filename;
+    if (test_type === "e2e") {
+        testCode = buildPlaywrightE2E(name);
+        filename = `${name}.e2e.spec.ts`;
+    }
+    else if (test_type === "integration") {
+        testCode = buildIntegrationTest(name, test_framework);
+        filename = `${name}.integration.spec.ts`;
+    }
+    else {
+        // unit
+        if (test_framework === "jest") {
+            testCode = buildJestUnit(name, code, cf);
+        }
+        else {
+            testCode = buildVitestUnit(name, code, cf);
+        }
+        filename = `${name}.spec.ts`;
+    }
+    const lines = [
+        `✅ Tests generated for: ${name}`,
+        `📄 Filename: ${filename}`,
+        `🔧 Framework: ${test_framework} | Type: ${test_type} | Component: ${cf}`,
+        ``,
+        "```typescript",
+        testCode,
+        "```",
+        ``,
+        `💡 Reasoning: Generated ${test_type} test scaffold for \`${name}\` using ${test_framework}. ` +
+            `Covers: happy path, edge cases (empty/null/boundary), error path, and mock setup. ` +
+            `TODO comments mark where you must fill in concrete values. ` +
+            (test_type === "e2e"
+                ? "Start your dev server before running playwright tests."
+                : test_type === "integration"
+                    ? "Set up a test database/environment in beforeAll."
+                    : "Run with `npx vitest` or `npx jest` after filling in the TODOs."),
+    ];
+    return lines.join("\n");
+}