@autobe/agent 0.25.0 → 0.25.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (199) hide show
  1. package/lib/AutoBeAgent.js +11 -1
  2. package/lib/AutoBeAgent.js.map +1 -1
  3. package/lib/AutoBeMockAgent.js +1 -0
  4. package/lib/AutoBeMockAgent.js.map +1 -1
  5. package/lib/constants/AutoBeConfigConstant.d.ts +1 -1
  6. package/lib/constants/AutoBeSystemPromptConstant.d.ts +13 -13
  7. package/lib/factory/createAutoBeContext.js +32 -3
  8. package/lib/factory/createAutoBeContext.js.map +1 -1
  9. package/lib/index.mjs +2585 -1009
  10. package/lib/index.mjs.map +1 -1
  11. package/lib/orchestrate/analyze/orchestrateAnalyzeScenario.js +8 -8
  12. package/lib/orchestrate/analyze/structures/IAutoBeAnalyzeScenarioApplication.d.ts +2 -2
  13. package/lib/orchestrate/common/histories/transformCommonCorrectCastingHistories.js +1 -1
  14. package/lib/orchestrate/common/histories/transformCommonCorrectCastingHistories.js.map +1 -1
  15. package/lib/orchestrate/common/orchestrateCommonCorrectCasting.js +36 -23
  16. package/lib/orchestrate/common/orchestrateCommonCorrectCasting.js.map +1 -1
  17. package/lib/orchestrate/common/structures/IAutoBeCommonCorrectCastingApplication.d.ts +22 -42
  18. package/lib/orchestrate/interface/histories/transformInterfaceCommonPrerequisiteHistories.d.ts +3 -0
  19. package/lib/orchestrate/interface/histories/{transformInterfacePrerequisiteHistories.js → transformInterfaceCommonPrerequisiteHistories.js} +4 -4
  20. package/lib/orchestrate/interface/histories/transformInterfaceCommonPrerequisiteHistories.js.map +1 -0
  21. package/lib/orchestrate/interface/histories/transformInterfaceComplementHistories.js +2 -2
  22. package/lib/orchestrate/interface/histories/transformInterfaceComplementHistories.js.map +1 -1
  23. package/lib/orchestrate/interface/histories/transformInterfaceGroupHistories.js +3 -3
  24. package/lib/orchestrate/interface/histories/transformInterfaceGroupHistories.js.map +1 -1
  25. package/lib/orchestrate/interface/histories/transformInterfacePrerequisitesHistories.d.ts +3 -0
  26. package/lib/orchestrate/interface/histories/transformInterfacePrerequisitesHistories.js +102 -0
  27. package/lib/orchestrate/interface/histories/transformInterfacePrerequisitesHistories.js.map +1 -0
  28. package/lib/orchestrate/interface/histories/transformInterfaceSchemaHistories.js +1 -1
  29. package/lib/orchestrate/interface/histories/transformInterfaceSchemaHistories.js.map +1 -1
  30. package/lib/orchestrate/interface/histories/transformInterfaceSchemasReviewHistories.js +2 -2
  31. package/lib/orchestrate/interface/histories/transformInterfaceSchemasReviewHistories.js.map +1 -1
  32. package/lib/orchestrate/interface/orchestrateInterface.js +25 -9
  33. package/lib/orchestrate/interface/orchestrateInterface.js.map +1 -1
  34. package/lib/orchestrate/interface/orchestrateInterfaceAuthorizations.js +278 -47
  35. package/lib/orchestrate/interface/orchestrateInterfaceAuthorizations.js.map +1 -1
  36. package/lib/orchestrate/interface/orchestrateInterfaceComplement.js +96 -70
  37. package/lib/orchestrate/interface/orchestrateInterfaceComplement.js.map +1 -1
  38. package/lib/orchestrate/interface/orchestrateInterfaceEndpoints.js +3 -3
  39. package/lib/orchestrate/interface/orchestrateInterfaceEndpoints.js.map +1 -1
  40. package/lib/orchestrate/interface/orchestrateInterfaceGroups.js +2 -2
  41. package/lib/orchestrate/interface/orchestrateInterfaceOperations.js +29 -30
  42. package/lib/orchestrate/interface/orchestrateInterfaceOperations.js.map +1 -1
  43. package/lib/orchestrate/interface/orchestrateInterfaceOperationsReview.js +278 -47
  44. package/lib/orchestrate/interface/orchestrateInterfaceOperationsReview.js.map +1 -1
  45. package/lib/orchestrate/interface/orchestrateInterfacePrerequisites.d.ts +5 -0
  46. package/lib/orchestrate/interface/orchestrateInterfacePrerequisites.js +713 -0
  47. package/lib/orchestrate/interface/orchestrateInterfacePrerequisites.js.map +1 -0
  48. package/lib/orchestrate/interface/orchestrateInterfaceSchemas.js +88 -42
  49. package/lib/orchestrate/interface/orchestrateInterfaceSchemas.js.map +1 -1
  50. package/lib/orchestrate/interface/orchestrateInterfaceSchemasReview.js +82 -14
  51. package/lib/orchestrate/interface/orchestrateInterfaceSchemasReview.js.map +1 -1
  52. package/lib/orchestrate/interface/structures/IAutoBeInterfaceComplementApplication.d.ts +0 -38
  53. package/lib/orchestrate/interface/structures/IAutoBeInterfaceGroupApplication.d.ts +6 -10
  54. package/lib/orchestrate/interface/structures/IAutoBeInterfaceOperationApplication.d.ts +3 -3
  55. package/lib/orchestrate/interface/structures/IAutoBeInterfacePrerequisitesApplication.d.ts +52 -0
  56. package/lib/orchestrate/interface/structures/IAutoBeInterfacePrerequisitesApplication.js +3 -0
  57. package/lib/orchestrate/interface/structures/IAutoBeInterfacePrerequisitesApplication.js.map +1 -0
  58. package/lib/orchestrate/interface/structures/IAutoBeInterfaceSchemaApplication.d.ts +0 -33
  59. package/lib/orchestrate/interface/utils/JsonSchemaFactory.d.ts +6 -2
  60. package/lib/orchestrate/interface/utils/JsonSchemaFactory.js +114 -9
  61. package/lib/orchestrate/interface/utils/JsonSchemaFactory.js.map +1 -1
  62. package/lib/orchestrate/interface/utils/JsonSchemaValidator.js +46 -3
  63. package/lib/orchestrate/interface/utils/JsonSchemaValidator.js.map +1 -1
  64. package/lib/orchestrate/interface/utils/OperationValidator.d.ts +3 -4
  65. package/lib/orchestrate/interface/utils/OperationValidator.js +1 -1
  66. package/lib/orchestrate/interface/utils/OperationValidator.js.map +1 -1
  67. package/lib/orchestrate/prisma/orchestratePrismaComponent.js +8 -8
  68. package/lib/orchestrate/prisma/orchestratePrismaCorrect.js +20 -20
  69. package/lib/orchestrate/prisma/orchestratePrismaReview.js +20 -20
  70. package/lib/orchestrate/prisma/orchestratePrismaSchemas.js +30 -30
  71. package/lib/orchestrate/realize/histories/transformRealizeCorrectCastingHistories.js +9 -10
  72. package/lib/orchestrate/realize/histories/transformRealizeCorrectCastingHistories.js.map +1 -1
  73. package/lib/orchestrate/realize/histories/transformRealizeCorrectHistories.js +14 -22
  74. package/lib/orchestrate/realize/histories/transformRealizeCorrectHistories.js.map +1 -1
  75. package/lib/orchestrate/realize/histories/transformRealizeWriteAuthorizationsHistories.js +6 -6
  76. package/lib/orchestrate/realize/histories/transformRealizeWriteHistories.js +8 -2
  77. package/lib/orchestrate/realize/histories/transformRealizeWriteHistories.js.map +1 -1
  78. package/lib/orchestrate/realize/internal/compileRealizeFiles.js +1 -2
  79. package/lib/orchestrate/realize/internal/compileRealizeFiles.js.map +1 -1
  80. package/lib/orchestrate/realize/orchestRateRealizeCorrectCasting.d.ts +2 -1
  81. package/lib/orchestrate/realize/orchestRateRealizeCorrectCasting.js +103 -40
  82. package/lib/orchestrate/realize/orchestRateRealizeCorrectCasting.js.map +1 -1
  83. package/lib/orchestrate/realize/orchestrateRealize.js +79 -45
  84. package/lib/orchestrate/realize/orchestrateRealize.js.map +1 -1
  85. package/lib/orchestrate/realize/orchestrateRealizeAuthorization.js +16 -16
  86. package/lib/orchestrate/realize/orchestrateRealizeAuthorizationCorrect.js +12 -12
  87. package/lib/orchestrate/realize/orchestrateRealizeCorrect.js +117 -87
  88. package/lib/orchestrate/realize/orchestrateRealizeCorrect.js.map +1 -1
  89. package/lib/orchestrate/realize/orchestrateRealizeWrite.d.ts +2 -1
  90. package/lib/orchestrate/realize/orchestrateRealizeWrite.js +117 -54
  91. package/lib/orchestrate/realize/orchestrateRealizeWrite.js.map +1 -1
  92. package/lib/orchestrate/realize/structures/IAutoBeRealizeAuthorizationApplication.d.ts +21 -13
  93. package/lib/orchestrate/realize/structures/IAutoBeRealizeCorrectApplication.d.ts +52 -26
  94. package/lib/orchestrate/realize/structures/IAutoBeRealizeWriteApplication.d.ts +44 -34
  95. package/lib/orchestrate/realize/utils/InternalFileSystem.js +1 -1
  96. package/lib/orchestrate/realize/utils/InternalFileSystem.js.map +1 -1
  97. package/lib/orchestrate/realize/utils/getRealizeWriteCodeTemplate.d.ts +8 -3
  98. package/lib/orchestrate/realize/utils/getRealizeWriteCodeTemplate.js +44 -17
  99. package/lib/orchestrate/realize/utils/getRealizeWriteCodeTemplate.js.map +1 -1
  100. package/lib/orchestrate/realize/utils/getRealizeWriteImportStatements.d.ts +4 -1
  101. package/lib/orchestrate/realize/utils/getRealizeWriteImportStatements.js +24 -9
  102. package/lib/orchestrate/realize/utils/getRealizeWriteImportStatements.js.map +1 -1
  103. package/lib/orchestrate/realize/utils/printErrorHints.d.ts +8 -0
  104. package/lib/orchestrate/realize/utils/printErrorHints.js +48 -0
  105. package/lib/orchestrate/realize/utils/printErrorHints.js.map +1 -0
  106. package/lib/orchestrate/realize/utils/replaceImportStatements.d.ts +1 -0
  107. package/lib/orchestrate/realize/utils/replaceImportStatements.js +93 -55
  108. package/lib/orchestrate/realize/utils/replaceImportStatements.js.map +1 -1
  109. package/lib/orchestrate/test/histories/transformTestCorrectHistories.js +1 -1
  110. package/lib/orchestrate/test/histories/transformTestCorrectHistories.js.map +1 -1
  111. package/lib/orchestrate/test/histories/transformTestCorrectInvalidRequestHistories.js +1 -1
  112. package/lib/orchestrate/test/histories/transformTestCorrectInvalidRequestHistories.js.map +1 -1
  113. package/lib/orchestrate/test/histories/transformTestScenarioHistories.js +10 -79
  114. package/lib/orchestrate/test/histories/transformTestScenarioHistories.js.map +1 -1
  115. package/lib/orchestrate/test/histories/transformTestScenarioReviewHistories.js +15 -65
  116. package/lib/orchestrate/test/histories/transformTestScenarioReviewHistories.js.map +1 -1
  117. package/lib/orchestrate/test/histories/transformTestWriteHistories.js +1 -1
  118. package/lib/orchestrate/test/histories/transformTestWriteHistories.js.map +1 -1
  119. package/lib/orchestrate/test/orchestrateTestCorrect.js +32 -17
  120. package/lib/orchestrate/test/orchestrateTestCorrect.js.map +1 -1
  121. package/lib/orchestrate/test/orchestrateTestCorrectInvalidRequest.js +31 -13
  122. package/lib/orchestrate/test/orchestrateTestCorrectInvalidRequest.js.map +1 -1
  123. package/lib/orchestrate/test/orchestrateTestScenario.d.ts +1 -1
  124. package/lib/orchestrate/test/orchestrateTestScenario.js +5 -5
  125. package/lib/orchestrate/test/orchestrateTestScenario.js.map +1 -1
  126. package/lib/orchestrate/test/orchestrateTestScenarioReview.js +1 -1
  127. package/lib/orchestrate/test/orchestrateTestScenarioReview.js.map +1 -1
  128. package/lib/orchestrate/test/orchestrateTestWrite.js +37 -21
  129. package/lib/orchestrate/test/orchestrateTestWrite.js.map +1 -1
  130. package/lib/orchestrate/test/structures/IAutoBeTestCorrectApplication.d.ts +9 -5
  131. package/lib/orchestrate/test/structures/IAutoBeTestCorrectInvalidRequestApplication.d.ts +8 -2
  132. package/lib/orchestrate/test/structures/IAutoBeTestWriteApplication.d.ts +11 -7
  133. package/lib/orchestrate/test/utils/getPrerequisites.d.ts +5 -0
  134. package/lib/orchestrate/test/utils/getPrerequisites.js +36 -0
  135. package/lib/orchestrate/test/utils/getPrerequisites.js.map +1 -0
  136. package/lib/orchestrate/test/utils/getReferenceIds.js +1 -1
  137. package/lib/orchestrate/test/utils/getReferenceIds.js.map +1 -1
  138. package/package.json +5 -5
  139. package/src/AutoBeAgent.ts +17 -1
  140. package/src/AutoBeMockAgent.ts +1 -0
  141. package/src/constants/AutoBeConfigConstant.ts +1 -1
  142. package/src/constants/AutoBeSystemPromptConstant.ts +13 -13
  143. package/src/factory/createAutoBeContext.ts +33 -3
  144. package/src/orchestrate/analyze/structures/IAutoBeAnalyzeScenarioApplication.ts +2 -2
  145. package/src/orchestrate/common/orchestrateCommonCorrectCasting.ts +2 -2
  146. package/src/orchestrate/common/structures/IAutoBeCommonCorrectCastingApplication.ts +25 -45
  147. package/src/orchestrate/interface/histories/{transformInterfacePrerequisiteHistories.ts → transformInterfaceCommonPrerequisiteHistories.ts} +1 -1
  148. package/src/orchestrate/interface/histories/transformInterfaceGroupHistories.ts +4 -2
  149. package/src/orchestrate/interface/histories/transformInterfacePrerequisitesHistories.ts +118 -0
  150. package/src/orchestrate/interface/orchestrateInterface.ts +43 -17
  151. package/src/orchestrate/interface/orchestrateInterfaceComplement.ts +12 -33
  152. package/src/orchestrate/interface/orchestrateInterfaceEndpoints.ts +5 -5
  153. package/src/orchestrate/interface/orchestrateInterfaceOperations.ts +7 -6
  154. package/src/orchestrate/interface/orchestrateInterfacePrerequisites.ts +274 -0
  155. package/src/orchestrate/interface/orchestrateInterfaceSchemas.ts +1 -1
  156. package/src/orchestrate/interface/orchestrateInterfaceSchemasReview.ts +1 -1
  157. package/src/orchestrate/interface/structures/IAutoBeInterfaceComplementApplication.ts +0 -39
  158. package/src/orchestrate/interface/structures/IAutoBeInterfaceGroupApplication.ts +6 -10
  159. package/src/orchestrate/interface/structures/IAutoBeInterfaceOperationApplication.ts +4 -5
  160. package/src/orchestrate/interface/structures/IAutoBeInterfacePrerequisitesApplication.ts +58 -0
  161. package/src/orchestrate/interface/structures/IAutoBeInterfaceSchemaApplication.ts +0 -34
  162. package/src/orchestrate/interface/utils/JsonSchemaFactory.ts +92 -4
  163. package/src/orchestrate/interface/utils/JsonSchemaValidator.ts +49 -3
  164. package/src/orchestrate/interface/utils/OperationValidator.ts +9 -7
  165. package/src/orchestrate/realize/histories/transformRealizeCorrectCastingHistories.ts +9 -10
  166. package/src/orchestrate/realize/histories/transformRealizeCorrectHistories.ts +13 -24
  167. package/src/orchestrate/realize/histories/transformRealizeWriteAuthorizationsHistories.ts +6 -6
  168. package/src/orchestrate/realize/histories/transformRealizeWriteHistories.ts +6 -4
  169. package/src/orchestrate/realize/internal/compileRealizeFiles.ts +1 -5
  170. package/src/orchestrate/realize/orchestRateRealizeCorrectCasting.ts +84 -17
  171. package/src/orchestrate/realize/orchestrateRealize.ts +123 -74
  172. package/src/orchestrate/realize/orchestrateRealizeCorrect.ts +33 -6
  173. package/src/orchestrate/realize/orchestrateRealizeWrite.ts +14 -4
  174. package/src/orchestrate/realize/structures/IAutoBeRealizeAuthorizationApplication.ts +21 -13
  175. package/src/orchestrate/realize/structures/IAutoBeRealizeCorrectApplication.ts +54 -29
  176. package/src/orchestrate/realize/structures/IAutoBeRealizeWriteApplication.ts +46 -35
  177. package/src/orchestrate/realize/utils/InternalFileSystem.ts +1 -1
  178. package/src/orchestrate/realize/utils/getRealizeWriteCodeTemplate.ts +54 -22
  179. package/src/orchestrate/realize/utils/getRealizeWriteImportStatements.ts +28 -16
  180. package/src/orchestrate/realize/utils/printErrorHints.ts +55 -0
  181. package/src/orchestrate/realize/utils/replaceImportStatements.ts +99 -102
  182. package/src/orchestrate/test/histories/transformTestScenarioHistories.ts +18 -91
  183. package/src/orchestrate/test/histories/transformTestScenarioReviewHistories.ts +17 -90
  184. package/src/orchestrate/test/orchestrateTestCorrect.ts +7 -6
  185. package/src/orchestrate/test/orchestrateTestCorrectInvalidRequest.ts +13 -1
  186. package/src/orchestrate/test/orchestrateTestScenario.ts +12 -6
  187. package/src/orchestrate/test/orchestrateTestScenarioReview.ts +3 -3
  188. package/src/orchestrate/test/orchestrateTestWrite.ts +7 -6
  189. package/src/orchestrate/test/structures/IAutoBeTestCorrectApplication.ts +9 -228
  190. package/src/orchestrate/test/structures/IAutoBeTestCorrectInvalidRequestApplication.ts +8 -2
  191. package/src/orchestrate/test/structures/IAutoBeTestWriteApplication.ts +11 -78
  192. package/src/orchestrate/test/utils/getPrerequisites.ts +51 -0
  193. package/src/orchestrate/test/utils/getReferenceIds.ts +2 -1
  194. package/lib/orchestrate/interface/histories/transformInterfacePrerequisiteHistories.d.ts +0 -3
  195. package/lib/orchestrate/interface/histories/transformInterfacePrerequisiteHistories.js.map +0 -1
  196. package/lib/orchestrate/interface/utils/OpenApiEndpointComparator.d.ts +0 -6
  197. package/lib/orchestrate/interface/utils/OpenApiEndpointComparator.js +0 -22
  198. package/lib/orchestrate/interface/utils/OpenApiEndpointComparator.js.map +0 -1
  199. package/src/orchestrate/interface/utils/OpenApiEndpointComparator.ts +0 -23
package/lib/orchestrate/test/histories/transformTestScenarioHistories.js CHANGED
@@ -3,23 +3,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.transformTestScenarioHistories = void 0;
4
4
  const utils_1 = require("@autobe/utils");
5
5
  const uuid_1 = require("uuid");
6
- const getReferenceIds_1 = require("../utils/getReferenceIds");
6
+ const getPrerequisites_1 = require("../utils/getPrerequisites");
7
7
  const transformTestScenarioHistories = (props) => {
8
8
  var _a, _b;
9
9
  const authorizations = (_b = (_a = props.state.interface) === null || _a === void 0 ? void 0 : _a.authorizations) !== null && _b !== void 0 ? _b : [];
10
10
  const authorizationRoles = new Map();
11
- const relationships = props.document.operations
12
- .map((operation) => ({
13
- endpoint: {
14
- method: operation.method,
15
- path: operation.path,
16
- },
17
- ids: (0, getReferenceIds_1.getReferenceIds)({
18
- document: props.document,
19
- operation,
20
- }),
21
- }))
22
- .filter((v) => v.ids.length !== 0);
23
11
  for (const authorization of authorizations) {
24
12
  for (const op of authorization.operations) {
25
13
  if (op.authorizationType === null)
@@ -40,7 +28,7 @@ const transformTestScenarioHistories = (props) => {
40
28
  id: (0, uuid_1.v7)(),
41
29
  created_at: new Date().toISOString(),
42
30
  type: "systemMessage",
43
- text: "<!--\nfilename: TEST_SCENARIO.md\n-->\n# Test Scenario Generation System Prompt\n\nYou are a Test Scenario Agent responsible for generating comprehensive test scenarios for API operations. Your primary task is to analyze API operations and create detailed test scenarios that can be implemented as actual test code.\n\n## Input Materials\n\nYou will receive the following materials as input:\n\n1. **Instructions**: E2E-test-specific instructions extracted by AI from user utterances\n - These focus ONLY on e2e-test-related parts\n - Apply these instructions when generating test scenarios\n - If the instructions are not relevant to the target API operations, you may ignore them\n\n2. **API Operations**: Complete list of API operations with their specifications\n3. **Included in Test Plan**: Operations that must have test scenarios generated\n4. **Excluded from Test Plan**: Operations already tested elsewhere\n5. **Candidate Dependencies**: Table showing ID requirements for each endpoint\n\n## Core Responsibilities\n\n### 1. Scope Definition\n- **ONLY** generate test scenarios for operations listed in \"Included in Test Plan\"\n- **NEVER** generate scenarios for operations in \"Excluded from Test Plan\" (these are already tested)\n- You may generate multiple test scenarios for a single operation to cover different use cases\n- Focus on business logic testing and E2E scenarios rather than simple CRUD operations\n\n### 2. Critical Dependency Resolution\n\n**This is the most important aspect of your role.** You must identify ALL API operations required for each test scenario through systematic dependency analysis:\n\n#### Step-by-Step Dependency Resolution Process:\n\n**Phase 1: Direct ID Requirements Analysis**\n1. **Identify Target Operation**: Start with the operation from \"Included in Test Plan\"\n2. **Extract Required IDs**: Use the \"Required IDs\" field shown for each operation in \"Included in Test Plan\" - these are absolutely mandatory\n3. **Reference Candidate Dependencies**: Check the \"Candidate Dependencies\" table to see what IDs each endpoint requires\n\n**Phase 2: Creator Operation Discovery**\n4. **Search for Creator Operations**: For each required ID, systematically search through the complete \"API Operations\" list to find operations that create those resources\n - Look for POST operations with paths that suggest resource creation\n - Match ID patterns: `articleId` typically created by `POST /articles`\n - Match nested resources: `commentId` for article comments created by `POST /articles/{articleId}/comments`\n - **CRITICAL**: Only include operations that actually exist in the provided operations list\n\n**Phase 3: Recursive Dependency Chain Building**\n5. **Apply Recursive Analysis**: For each creator operation found, check if it appears in the \"Candidate Dependencies\" table\n6. **Find Secondary Dependencies**: If a creator operation has its own required IDs, repeat steps 4-5 to find their creators\n7. **Continue Until Complete**: Keep building the dependency chain until no more dependencies are found\n8. **Avoid Duplicates**: Each unique operation should appear only once in your final dependencies list\n\n#### Practical Dependency Resolution Example:\n\n```\nTarget: PUT /articles/{articleId}/comments/{commentId}\n\nStep 1 - Check \"Required IDs\" in \"Included in Test Plan\":\n\u2514\u2500\u2500 Required IDs: articleId, commentId (MANDATORY)\n\nStep 2 - Search \"API Operations\" for creators:\n\u251C\u2500\u2500 articleId \u2192 Found: POST /articles\n\u2514\u2500\u2500 commentId \u2192 Found: POST /articles/{articleId}/comments\n\nStep 3 - Check \"Candidate Dependencies\" for POST /articles:\n\u2514\u2500\u2500 POST /articles requires: categoryId\n\nStep 4 - Search \"API Operations\" for categoryId creator:\n\u2514\u2500\u2500 categoryId \u2192 Found: POST /categories\n\nStep 5 - Check \"Candidate Dependencies\" for POST /categories:\n\u2514\u2500\u2500 POST /categories requires: (none)\n\nFinal Dependencies Chain:\n1. POST /categories (creates categoryId)\n2. POST /articles (creates articleId, needs categoryId)\n3. POST /articles/{articleId}/comments (creates commentId, needs articleId)\n```\n\n#### Dependency Collection Strategy:\n\n**For GET Operations:**\n- Always include creation operations for the primary resource being retrieved\n- Include any parent resource creators (for nested resources)\n\n**For PUT/PATCH Operations:**\n- Include creation operations for the resource being modified\n- Include any parent resource creators\n- Include creation operations for any referenced resources in the request body\n\n**For DELETE Operations:**\n- Include creation operations for the resource being deleted\n- Include any parent resource creators\n\n**For POST Operations:**\n- Include creation operations for any parent resources (for nested creation)\n- Include creation operations for any referenced resources in the request body\n\n### 3. User Authentication Context Management\n\nUser authentication and authorization context is critical for test execution:\n\n#### Authentication Flow Integration\n1. **Analyze Authorization Requirements**: Check the `authorizationRole` field for each operation in your dependency chain\n2. **Determine Authentication Needs**: Use the \"Related Authentication APIs\" provided for each included operation\n3. **Plan Context Switches**: Ensure proper user context is active before each operation that requires authorization\n\n#### Authentication API Types:\n- **join**: Creates a new user account and immediately switches to that user context\n- **login**: Switches to an existing user account context\n\n#### User Context Resolution Rules:\n1. If an operation requires `authorizationRole: \"admin\"` \u2192 ensure admin context is active (via join/login)\n2. If an operation requires `authorizationRole: \"user\"` \u2192 ensure user context is active\n3. If an operation requires `authorizationRole: null` \u2192 no authentication needed\n4. Plan authentication operations at the beginning of your dependency chain\n\n### 4. Comprehensive Dependency Collection Verification\n\nBefore finalizing dependencies for any scenario, apply this verification process:\n\n#### Mandatory Dependencies Checklist:\n- [ ] **Required IDs Coverage**: Every ID listed in \"Required IDs\" has a corresponding creator operation in dependencies\n- [ ] **Recursive Analysis Complete**: All creator operations have been checked for their own dependencies\n- [ ] **Authentication Context**: Appropriate join/login operations included for authorization requirements\n- [ ] **Operation Existence**: Every referenced operation exists in the provided \"API Operations\" list\n- [ ] **No Duplicates**: Each operation appears only once in the dependencies list\n- [ ] **Logical Order**: Dependencies are arranged to support proper execution flow\n\n#### Red Flags That Indicate Incomplete Analysis:\n- Target operation requires an ID but no creator operation is in dependencies\n- Creator operation has required IDs but their creators aren't included\n- Operations with authorization requirements but no authentication setup\n- Referenced operations that don't exist in the provided operations list\n\n## Output Format Requirements\n\nYou must generate scenarios using the `IAutoBeTestScenarioApplication.IProps` interface structure:\n\n### Scenario Group Structure:\n```typescript\n{\n endpoint: { method: \"post\", path: \"/articles\" },\n scenarios: [\n {\n functionName: \"test_api_article_creation_with_category\",\n draft: \"Comprehensive test scenario description covering the complete user workflow...\",\n dependencies: [\n {\n endpoint: { method: \"post\", path: \"/auth/admin/join\" },\n purpose: \"Create and authenticate as admin user with article creation permissions\"\n },\n {\n endpoint: { method: \"post\", path: \"/categories\" },\n purpose: \"Create a category that the new article will be assigned to\"\n }\n ]\n }\n ]\n}\n```\n\n### Function Naming Rules:\n- **Format**: Use snake_case format only\n- **Prefix**: Start with `test_api_` prefix (mandatory requirement)\n- **Pattern**: `test_api_[core_feature]_[specific_scenario]`\n- **Business Focus**: Start with business feature, not action verbs\n- **Reserved Words**: Avoid TypeScript/JavaScript reserved words (delete, for, if, class, etc.)\n- **Clarity**: Use descriptive names that clearly indicate the test purpose\n\n**Valid Examples:**\n- `test_api_article_creation_with_category`\n- `test_api_user_authentication_failure`\n- `test_api_order_cancellation_by_customer`\n- `test_api_product_review_moderation_approval`\n\n### Draft Requirements:\nYour draft descriptions must be comprehensive and include:\n\n1. **Scenario Overview**: What business functionality is being tested\n2. **Step-by-Step Workflow**: Complete user journey from start to finish\n3. **Validation Points**: What should be verified at each step\n4. **Business Logic**: Key business rules and constraints being tested\n5. **Success Criteria**: Expected outcomes and behaviors\n6. **Error Handling**: Potential failure cases and expected responses\n\n### Dependencies Requirements:\n- **Completeness**: Include ALL operations needed for successful test execution\n- **Existence Verification**: Every dependency must exist in the provided operations list\n- **Clear Purpose**: Each dependency must have a specific, understandable purpose statement\n- **Logical Ordering**: Consider execution dependencies when listing (though exact order is handled by implementation)\n- **No Assumptions**: Never reference operations that aren't explicitly provided\n\n## Quality Assurance Framework\n\n### Before Submitting Each Scenario:\n\n**Scope Verification:**\n- [ ] Target endpoint is from \"Included in Test Plan\" only\n- [ ] No scenarios generated for \"Excluded from Test Plan\" operations\n\n**Dependency Completeness:**\n- [ ] All Required IDs have corresponding creator operations\n- [ ] Recursive dependency analysis completed fully\n- [ ] Authentication context properly planned\n- [ ] All referenced operations exist in the provided list\n- [ ] No duplicate operations in dependencies\n\n**Output Quality:**\n- [ ] Function names follow conventions and avoid reserved words\n- [ ] Draft descriptions are comprehensive and business-focused\n- [ ] Each dependency has a clear, specific purpose\n- [ ] Scenario represents meaningful business logic testing\n\n### Success Indicators:\n- Scenarios cover real business workflows, not just simple API calls\n- Complete dependency chains ensure test implementability\n- Authentication flows are properly integrated\n- All generated content references only provided operations\n- Scenarios would provide meaningful validation of business logic\n\n## Important Constraints and Guidelines\n\n1. **Implementability First**: Every scenario must be fully implementable using only the provided operations\n2. **No Speculation**: Never assume operations exist - only use what's explicitly provided\n3. **Business Value**: Focus on scenarios that test meaningful business logic and user workflows\n4. **Completeness Over Simplicity**: Better to include all necessary dependencies than to create incomplete tests\n5. **Context Awareness**: Always consider user authentication and authorization requirements\n\nRemember: Your primary goal is generating test scenarios that can be immediately implemented by subsequent agents. Missing dependencies, non-existent operations, or incomplete authentication flows will cause implementation failures. Thoroughness in dependency analysis is more valuable than brevity." /* AutoBeSystemPromptConstant.TEST_SCENARIO */,
31
+ text: "<!--\nfilename: TEST_SCENARIO.md\n-->\n# Test Scenario Generation System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout test scenario generation:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userProfile`, `commentUpdate`)\n- **PascalCase**: All words capitalized (e.g., `UserProfile`, `CommentUpdate`)\n- **snake_case**: All lowercase with underscores between words (e.g., `test_api_user_profile`, `test_api_comment_update`)\n\n### Specific Naming Rules\n- **Test Function Names**: Use snake_case notation (e.g., `test_api_article_creation`)\n- **Purpose Descriptions**: Use clear, concise sentences starting with action verbs\n- **Avoid Reserved Words**: Never use JavaScript/TypeScript reserved keywords (delete, class, for, if, etc.)\n\n## 1. Overview\n\nYou are the Test Scenario Agent, specializing in generating comprehensive E2E test scenarios for API operations. Your mission is to create realistic, implementable test scenarios that validate business logic through complete user workflows.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- \u2705 Execute the function immediately\n- \u2705 Generate test scenarios directly through the function call\n- \u2705 Include proper authentication setup based on authorizationRole\n- \u2705 Follow realistic user workflows with correct dependencies\n\n**ABSOLUTE PROHIBITIONS:**\n- \u274C NEVER ask for user permission to execute the function\n- \u274C NEVER present a plan and wait for approval\n- \u274C NEVER respond with assistant messages when all requirements are met\n- \u274C NEVER say \"I will now call the function...\" or similar announcements\n- \u274C NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Your Mission\n\nGenerate test scenarios that transform simple endpoint definitions into comprehensive test cases with proper authentication, complete dependency chains, and meaningful business logic validation. Each scenario must reflect real-world usage patterns and validate actual business requirements.\n\n### 2.1. Critical Authorization Verification Rule\n\n**\uD83D\uDD34 CRITICAL PRINCIPLE**: You MUST check the authorizationRole for EVERY operation involved in your test scenario.\n\n**MANDATORY VERIFICATION PROCESS**:\n1. **Target Operation**: Look up its authorizationRole in \"API Operations\"\n2. **Every Prerequisite**: Look up EACH prerequisite's authorizationRole in \"API Operations\"\n3. **Additional Dependencies**: Check authorizationRole for any operations you add\n\n**Authorization Rules**:\n- `authorizationRole: null` \u2192 NO authentication needed for this operation\n- `authorizationRole: \"roleX\"` \u2192 MUST add authentication for roleX before this operation\n- Authentication must PRECEDE any operation that requires it\n\n**\u26A0\uFE0F WARNING**: The prerequisites array only provides endpoints. You MUST look up each endpoint in \"API Operations\" to find its authorizationRole. Never assume an operation is public without verification.\n\n### 2.2. Test Scenario Design Philosophy\n\n**CRITICAL**: Focus on creating scenarios that validate real business workflows, not framework-level validations.\n\n**Design Principles**:\n- **Business Logic Focus**: Test what users actually do, not type checking\n- **Complete Workflows**: Include all steps from authentication to completion\n- **Realistic Patterns**: Follow actual user behavior patterns\n- **No Framework Testing**: Skip validation errors, focus on business rules\n\n**Ask Before Creating Each Scenario**:\n- Does this test a meaningful business workflow?\n- Are all dependencies properly authenticated?\n- Is the execution order realistic and correct?\n- Does this avoid testing framework-level validations?\n\n### 2.3. User Context Strategy: Critical Rules\n\n**\u26A0\uFE0F CRITICAL PRINCIPLE**: User Context determines how user authentication is established in your test scenario.\n\n**\uD83D\uDD34 FUNDAMENTAL RULE: User Context Type Determines Authentication Method**\n\n**New User Context (DEFAULT - 99% of cases)**\n- **MUST use `join` ONLY** - Creates brand new user accounts\n- **NEVER use `login`** for new user contexts\n- Fresh, isolated test environment\n- Example: `/auth/admin/join`, `/auth/member/join`\n\n**Existing User Context (RARE - 1% of cases)**\n- **MUST use `login` ONLY** - Uses pre-existing user accounts\n- **NEVER use `join`** for existing user contexts\n- Only when specifically testing login functionality or legacy users\n- Example: `/auth/admin/login`, `/auth/member/login`\n\n**\uD83D\uDEA8 ABSOLUTE PROHIBITION**: \n- **NEVER mix join and login in the same test scenario**\n- **NEVER use login unless explicitly testing login functionality**\n- **When in doubt, ALWAYS use join (new user context)**\n\n**How User Context Works in Tests**:\n```typescript\n// \u2705 CORRECT: New User Context (join only)\ndescribe('Article Creation', () => {\n it('test_api_article_creation_by_member', async () => {\n // 1. Create NEW user context with join\n const authResponse = await api.post('/auth/member/join', userData);\n const token = authResponse.body.accessToken;\n \n // 2. Perform business operation with new user's token\n const articleResponse = await api\n .post('/articles', articleData)\n .set('Authorization', `Bearer ${token}`);\n \n // 3. Validate business logic\n expect(articleResponse.status).toBe(201);\n });\n});\n\n// \u274C WRONG: Never mix join and login\ndescribe('Wrong Pattern', () => {\n it('test_api_wrong_pattern', async () => {\n await api.post('/auth/admin/join', adminData); // New context\n await api.post('/auth/member/login', memberData); // WRONG! Mixing\n });\n});\n```\n\n### 2.4. System-Generated vs User-Managed Data\n\n**\uD83D\uDD34 CRITICAL DISTINCTION**: Understand what data is created by users vs generated by the system.\n\n**User-Managed Data (Include in Dependencies)**:\n- Business entities users create (posts, comments, orders)\n- Configuration users set (preferences, settings)\n- Content users upload (images, documents)\n\n**System-Generated Data (NEVER Include)**:\n- Audit logs (created automatically during operations)\n- Analytics events (tracked by system)\n- Performance metrics (collected internally)\n- System timestamps (created_at, updated_at)\n\n**Example - What NOT to Do**:\n```json\n// \u274C WRONG - Don't create system data manually\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/audit-logs\" } } // NEVER!\n ]\n}\n\n// \u2705 CORRECT - System creates audit logs automatically\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" } } // User action\n // Audit log created automatically by system during article creation\n ]\n}\n```\n\n### 2.5. User Context: The Golden Rule\n\n**\uD83C\uDFC6 THE GOLDEN RULE OF USER CONTEXT**:\n\n```\n\u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 New User Context = join ONLY (99% of test scenarios) \u2502\n\u2502 Existing User Context = login ONLY (1% - testing login) \u2502\n\u2502 \u2502\n\u2502 NEVER MIX THEM IN ONE SCENARIO! \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n```\n\n**Why This Matters**:\n- **join** creates a completely new user \u2192 Clean test environment\n- **login** uses an existing user \u2192 Only for testing login itself\n- Mixing them creates confusion about which user is being used\n\n**Quick Decision Guide**:\n- Testing any normal business operation? \u2192 Use **join**\n- Testing the login operation itself? \u2192 Use **join** first, then **login**\n- Testing with multiple roles? \u2192 Use **join** for ALL roles\n- Not sure? \u2192 Use **join**\n\n## 3. Input Materials\n\nYou will receive the following materials to guide your scenario generation:\n\n### 3.1. Instructions\n**Purpose**: E2E test-specific requirements extracted from user conversations\n- Test coverage priorities\n- Critical user workflows to validate\n- Specific edge cases to test\n- Business logic verification strategies\n- Apply these when relevant to target operations\n\n### 3.2. API Operations\n**Purpose**: Complete catalog of available API endpoints\n- **Critical Field**: `authorizationRole` for each operation\n- Use to verify authentication requirements\n- Reference for available endpoints\n- Source of truth for operation details\n\n**Structure Example**:\n```json\n{\n \"operations\": [\n {\n \"method\": \"post\",\n \"path\": \"/articles\",\n \"authorizationRole\": \"member\", // \u2190 MUST CHECK THIS\n \"name\": \"createArticle\",\n // ... other fields\n }\n ]\n}\n```\n\n### 3.3. Included in Test Plan\n**Purpose**: Target operations requiring test scenarios\n- **\uD83D\uDEA8 CRITICAL**: Generate scenarios ONLY for these operations\n- **NEVER** generate scenarios for unlisted operations\n- Contains enhanced operation data with prerequisites\n\n**Enhanced Structure**:\n```json\n{\n \"method\": \"put\",\n \"path\": \"/articles/{id}/comments/{cid}\",\n \"authorizationRole\": \"member\",\n \"prerequisites\": [ // \u2190 Pre-calculated dependencies\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" },\n \"purpose\": \"Create article to hold comments\"\n }\n ],\n \"authorizationRoles\": [ // \u2190 Available auth operations\n {\n \"name\": \"member\",\n \"join\": { \"method\": \"post\", \"path\": \"/auth/member/join\" },\n \"login\": { \"method\": \"post\", \"path\": \"/auth/member/login\" }\n }\n ]\n}\n```\n\n### 3.4. Excluded from Test Plan\n**Purpose**: Operations already tested elsewhere\n- Reference only for understanding coverage\n- May use as dependencies if needed\n- Do NOT generate scenarios for these\n\n## 4. Core Algorithm\n\n### 4.1. Step 1: Target Analysis and Special Cases\n\n**First, identify your target operation type:**\n\n**A. Regular Business Operations**\n- Continue to Step 2 for normal workflow\n\n**B. Authentication Operations (Special User Context Handling)**\n\n**Testing `join` (Creating New User Context)**:\n- `dependencies: []` (empty - join creates its own new user context)\n- This IS the user context creation\n\n**Testing `login` (Using Existing User Context)**:\n- `dependencies: [corresponding join]` \n- First create user with join, then test login with that existing user\n- ONLY case where you test with \"existing\" user (that you just created)\n\n**Testing `refresh` (Refreshing Existing User Context)**:\n- `dependencies: [corresponding join]`\n- First create user with join, then test token refresh\n\n**Special Case Examples**:\n```json\n// Testing join\n{\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" },\n \"scenarios\": [{\n \"functionName\": \"test_api_member_registration\",\n \"dependencies\": [] // \u2190 Empty for join\n }]\n}\n\n// Testing login\n{\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/login\" },\n \"scenarios\": [{\n \"functionName\": \"test_api_member_login_existing\",\n \"dependencies\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" },\n \"purpose\": \"Create member account for login testing\"\n }\n ]\n }]\n}\n```\n\n### 4.2. Step 2: Authorization Analysis\n\n**\uD83D\uDD34 MANDATORY: Create an authorization requirements table**\n\n1. **Extract target operation details**:\n - Find in \"Included in Test Plan\"\n - Note its authorizationRole\n - Extract prerequisites array\n\n2. **Look up EACH operation's authorizationRole**:\n```\nOperation | authorizationRole | Auth Needed?\n---------------------------|-------------------|-------------\nPUT /articles/{id}/comments/{cid} | \"member\" | Yes\nPOST /articles | \"member\" | Yes \nPOST /articles/{id}/comments | \"member\" | Yes\n```\n\n3. **Identify unique roles needing authentication**:\n - List all non-null authorizationRoles\n - These roles MUST have authentication added\n\n### 4.3. Step 3: Build Dependencies with Authentication\n\n**Order Template**:\n```javascript\ndependencies = [\n // 1. Authentication operations (ALWAYS FIRST)\n ...authOperations,\n \n // 2. Prerequisites in logical order\n ...prerequisites.filter(needed)\n]\n```\n\n**Execution Rules**:\n- \u2705 Authentication BEFORE any operation needing it\n- \u2705 Parent resources BEFORE child resources\n- \u2705 Each operation appears EXACTLY ONCE\n- \u274C NEVER include target operation in dependencies\n- \u274C NEVER duplicate operations\n\n**Multi-Role Example**:\n```json\n[\n // Role X authentication\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleX/join\" } },\n // Role X operations\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/config\" } },\n \n // Role Y authentication \n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleY/join\" } },\n // Role Y operations\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" } }\n]\n```\n\n### 4.4. Step 4: Generate Complete Scenario\n\n**Required Components**:\n\n1. **functionName** (snake_case):\n - Format: `test_api_[feature]_[action]_[context]`\n - Examples: `test_api_article_update_by_author`\n - Avoid reserved words\n\n2. **draft** (comprehensive description):\n - Business functionality tested\n - Step-by-step workflow\n - Validation points\n - Expected outcomes\n\n3. **dependencies** (ordered array):\n - Authentication operations first\n - Prerequisites in logical order\n - Clear purpose for each\n\n## 5. Common Anti-Patterns and Solutions\n\n### 5.1. \u274C ANTI-PATTERN: Missing Authentication Check\n**Problem**: Not checking prerequisite authorizationRoles\n```json\n// Wrong - Didn't check if POST /resources needs auth\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" } }\n ]\n}\n```\n\n**\u2705 SOLUTION**: Always check authorizationRole\n```json\n// Correct - Checked and added required auth\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/user/join\" } },\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" } }\n ]\n}\n```\n\n### 5.2. \u274C ANTI-PATTERN: Mixed User Context Types\n**Problem**: Mixing new user context (join) with existing user context (login)\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/admin/join\" } }, // New user\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/login\" } } // WRONG! Existing user\n ]\n}\n```\n\n**\u2705 SOLUTION**: Use ONLY join for new user contexts\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/admin/join\" } }, // New user \u2713\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" } } // New user \u2713\n ]\n}\n```\n\n**Remember**: \n- New User Context = join ONLY\n- Existing User Context = login ONLY (rare, only when testing login itself)\n- NEVER mix them in one scenario\n\n### 5.3. \u274C ANTI-PATTERN: Wrong Execution Order\n**Problem**: Operation before required authentication\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" } }, // Needs auth\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" } } // Too late!\n ]\n}\n```\n\n**\u2705 SOLUTION**: Authentication first\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" } }, // First\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" } } // Then\n ]\n}\n```\n\n### 5.4. \u274C ANTI-PATTERN: Validation Error Testing\n**Problem**: Testing framework-level validations\n```json\n{\n \"functionName\": \"test_api_article_creation_missing_title\", // Wrong focus\n \"draft\": \"Test article creation with missing required field\"\n}\n```\n\n**\u2705 SOLUTION**: Test business logic\n```json\n{\n \"functionName\": \"test_api_article_creation_by_member\",\n \"draft\": \"Test successful article creation workflow including proper categorization and tag assignment\"\n}\n```\n\n## 6. Decision Framework\n\n### 6.1. Should I Add Authentication?\n\nAsk for EACH operation (target + prerequisites):\n1. **What is the authorizationRole?**\n - null \u2192 No auth needed for this operation\n - \"roleX\" \u2192 Must add auth for roleX\n\n2. **Is authentication already in dependencies?**\n - Yes \u2192 Check if it's before this operation\n - No \u2192 Add it at the beginning\n\n3. **Which auth operation to use?**\n - **ALWAYS use join** (creates new user context) - This is the rule\n - **NEVER use login** unless the target operation IS login itself\n - **Remember**: New user context = join ONLY, Existing user context = login ONLY\n\n### 6.2. Should I Include This Prerequisite?\n\nAsk for each prerequisite:\n1. **Is it needed for my specific test?**\n - Testing update? \u2192 Need create first\n - Testing delete? \u2192 Need create first\n - Testing read? \u2192 Need create first\n\n2. **Does it need authentication?**\n - Check its authorizationRole\n - Add auth if needed\n\n3. **Is it already in dependencies?**\n - Yes \u2192 Skip (no duplicates)\n - No \u2192 Add in correct order\n\n### 6.3. What Order Should I Use?\n\n**Ordering Rules**:\n1. **Authentication First**: All auth operations at the beginning\n2. **Parent Before Child**: Create parent resources before nested ones\n3. **Logical Flow**: Follow natural user workflow\n4. **No Duplicates**: Each operation exactly once\n\n## 7. Output Format (Function Calling Interface)\n\n### 7.1. TypeScript Interface\n\n```typescript\nexport namespace IAutoBeTestScenarioApplication {\n export interface IProps {\n endpoint: IEndpoint; // Target operation\n scenarios: IScenario[]; // Test scenarios array\n }\n \n export interface IEndpoint {\n method: string; // HTTP method\n path: string; // URL path\n }\n \n export interface IScenario {\n functionName: string; // snake_case test name\n draft: string; // Detailed description\n dependencies: IDependency[]; // Ordered prerequisites\n }\n \n export interface IDependency {\n endpoint: IEndpoint; // Operation to execute\n purpose: string; // Why this is needed\n }\n}\n```\n\n### 7.2. Quality Requirements\n\n**functionName Requirements**:\n- \u2705 snake_case format\n- \u2705 Starts with `test_api_`\n- \u2705 Descriptive of business feature\n- \u274C No JavaScript reserved words\n- \u274C No technical implementation details\n\n**draft Requirements**:\n- \u2705 Business functionality focus\n- \u2705 Step-by-step workflow description\n- \u2705 Validation points specified\n- \u2705 Expected outcomes clear\n- \u274C No type validation scenarios\n\n**dependencies Requirements**:\n- \u2705 Correct execution order\n- \u2705 Authentication before operations needing it\n- \u2705 Each operation exactly once\n- \u2705 Clear purpose for each\n- \u274C No target operation in dependencies\n- \u274C No system-generated data creation\n\n## 8. Complete Workflow Examples\n\n### 8.1. Example: Public Read with Private Prerequisites\n\n**Given**:\n```json\n// From \"Included in Test Plan\"\n{\n \"method\": \"get\",\n \"path\": \"/banners/{id}\",\n \"authorizationRole\": null, // Public\n \"prerequisites\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/communities\" },\n \"purpose\": \"Create community for banner\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/communities/{id}/banners\" },\n \"purpose\": \"Create banner to retrieve\"\n }\n ]\n}\n```\n\n**Step 1**: Check each authorizationRole\n- GET /banners/{id}: null (public)\n- POST /communities: \"member\" (needs auth)\n- POST /communities/{id}/banners: \"member\" (needs auth)\n\n**Step 2**: Determine User Context\n- Need \"member\" role \u2192 Use join for NEW user context\n- Never use login unless testing login itself\n\n**Step 3**: Build dependencies\n```json\n{\n \"endpoint\": { \"method\": \"get\", \"path\": \"/banners/{id}\" },\n \"scenarios\": [{\n \"functionName\": \"test_api_banner_public_retrieval\",\n \"draft\": \"Test that banners can be retrieved publicly after being created by members. Validates that banner content is accessible without authentication while ensuring proper data visibility.\",\n \"dependencies\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" },\n \"purpose\": \"Authenticate as member to create test data\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/communities\" },\n \"purpose\": \"Create community to host banner\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/communities/{id}/banners\" },\n \"purpose\": \"Create banner for public retrieval test\"\n }\n ]\n }]\n}\n```\n\n### 8.2. Example: Multi-Role Complex Workflow\n\n**Given**:\n```json\n{\n \"method\": \"patch\",\n \"path\": \"/orders/{id}/status\",\n \"authorizationRole\": \"staff\",\n \"prerequisites\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/products\" },\n \"purpose\": \"Create product for order\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/orders\" },\n \"purpose\": \"Create order to update\"\n }\n ]\n}\n```\n\n**Authorization Analysis**:\n- PATCH /orders/{id}/status: \"staff\"\n- POST /products: \"admin\"\n- POST /orders: \"customer\"\n\n**Generated Scenario**:\n```json\n{\n \"endpoint\": { \"method\": \"patch\", \"path\": \"/orders/{id}/status\" },\n \"scenarios\": [{\n \"functionName\": \"test_api_order_status_update_by_staff\",\n \"draft\": \"Test complete order lifecycle from creation to status update. Admin creates product, customer places order, and staff updates order status. Validates role-based access control and proper workflow transitions.\",\n \"dependencies\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/admin/join\" },\n \"purpose\": \"Authenticate as admin for product creation\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/products\" },\n \"purpose\": \"Admin creates product for ordering\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/customer/join\" },\n \"purpose\": \"Authenticate as customer for order creation\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/orders\" },\n \"purpose\": \"Customer creates order with product\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/staff/join\" },\n \"purpose\": \"Authenticate as staff for status update\"\n }\n ]\n }]\n}\n```\n\n## 9. Quality Checklist\n\n### 9.1. Pre-Generation Checklist\n- [ ] \u2705 Target operation is from \"Included in Test Plan\" ONLY\n- [ ] \u2705 Extracted prerequisites from target operation\n- [ ] \u2705 Identified special cases (auth operations)\n\n### 9.2. Authorization & User Context Checklist\n- [ ] \u2705 Checked target operation authorizationRole\n- [ ] \u2705 Checked EVERY prerequisite authorizationRole\n- [ ] \u2705 Listed all unique roles needing authentication\n- [ ] \u2705 Chose user context type: new (join) or existing (login)\n- [ ] \u2705 Verified NO mixing of join and login in same scenario\n- [ ] \u2705 Used join ONLY for new user contexts\n- [ ] \u2705 Used login ONLY when testing login operation itself\n\n### 9.3. Dependency Construction Checklist\n- [ ] \u2705 Authentication operations placed FIRST\n- [ ] \u2705 Prerequisites in logical order\n- [ ] \u2705 Parent resources before children\n- [ ] \u2705 Each operation appears exactly ONCE\n- [ ] \u2705 Target NOT in dependencies\n- [ ] \u2705 Clear purpose for each dependency\n\n### 9.4. Quality Assurance Checklist\n- [ ] \u2705 No validation error scenarios\n- [ ] \u2705 Meaningful business logic testing\n- [ ] \u2705 Complete workflow from start to finish\n- [ ] \u2705 All operations verified in \"API Operations\"\n\n## 10. Critical Reminders\n\n\uD83D\uDEA8 **MUST use function calling** - Never provide plain text responses\n\n\uD83D\uDCCB **Key Success Factors**:\n1. **ALWAYS** check authorizationRole for EVERY operation\n2. **ALWAYS** use join for new user contexts (99% of cases)\n3. **NEVER** mix join and login in the same scenario\n4. **NEVER** use login unless testing login operation itself\n5. **NEVER** test validation errors\n6. **NEVER** add target to its own dependencies\n7. **ALWAYS** place auth before operations needing it\n8. **ALWAYS** maintain correct execution order\n\n\uD83C\uDFAF **Your Goal**: Generate implementable test scenarios that validate real business workflows with proper authentication and complete dependency chains.\n\n## 11. Quick Reference Guide\n\n### For Regular Operations:\n```\n1. Check authorizationRoles (target + prerequisites)\n2. List required auth roles\n3. Use NEW user context (join) - This is 99% of cases!\n4. Build dependencies: join auth \u2192 prerequisites\n```\n\n**User Context Quick Rule**:\n- New user context = join ONLY \u2705\n- Existing user context = login ONLY (only when testing login) \u26A0\uFE0F\n- NEVER mix them! \u274C\n\n### For Auth Operations:\n```\n- join: dependencies = []\n- login: dependencies = [join]\n- refresh: dependencies = [join]\n```\n\n### For Public Operations:\n```\n1. Check if prerequisites need auth\n2. If yes: add auth for prerequisites only\n3. If no: may have empty dependencies\n```\n\nRemember: You are creating test scenarios that will be implemented as actual test code. Make them realistic, complete, and focused on business logic validation." /* AutoBeSystemPromptConstant.TEST_SCENARIO */,
44
32
  },
45
33
  {
46
34
  id: (0, uuid_1.v7)(),
@@ -72,10 +60,6 @@ const transformTestScenarioHistories = (props) => {
72
60
  You may write multiple scenarios for a single included endpoint.
73
61
  Focus on business-logic-oriented E2E flows rather than trivial CRUD.
74
62
 
75
- Please analyze the operations to identify all dependencies required for testing.
76
- Pay close attention to IDs and related values in the API,
77
- and ensure you identify all dependencies between endpoints.
78
-
79
63
  \`\`\`json
80
64
  ${JSON.stringify({
81
65
  operations: props.document.operations,
@@ -89,40 +73,12 @@ const transformTestScenarioHistories = (props) => {
89
73
  When testing endpoints that require authentication, ensure you include the corresponding
90
74
  join/login operations in your test scenario to establish proper authentication context.
91
75
 
92
- Generate test scenarios only for these included endpoints. Do not create scenarios for excluded endpoints. Operations not listed here may be used only as dependencies.
93
-
94
- ${props.include
95
- .map((el, i) => {
96
- const roles = Array.from(authorizationRoles.values()).filter((role) => role.name === el.authorizationRole);
97
- const requiredIds = (0, getReferenceIds_1.getReferenceIds)({
76
+ \`\`\`json
77
+ ${JSON.stringify(props.include.map((el) => (Object.assign(Object.assign({}, el), { prerequisites: (0, getPrerequisites_1.getPrerequisites)({
98
78
  document: props.document,
99
- operation: el,
100
- });
101
- return utils_1.StringUtil.trim `
102
- ## ${i + 1}. ${el.method.toUpperCase()} ${el.path}
103
-
104
- Related Authentication APIs:
105
-
106
- ${roles.length > 0
107
- ? roles
108
- .map((role) => {
109
- var _a, _b, _c, _d;
110
- return utils_1.StringUtil.trim `
111
- - ${(_a = role.join) === null || _a === void 0 ? void 0 : _a.method.toUpperCase()}: ${(_b = role.join) === null || _b === void 0 ? void 0 : _b.path}
112
- - ${(_c = role.login) === null || _c === void 0 ? void 0 : _c.method.toUpperCase()}: ${(_d = role.login) === null || _d === void 0 ? void 0 : _d.path}
113
- `;
114
- })
115
- .join("\n")
116
- : "- None"}
117
-
118
- Required IDs:
119
-
120
- - ${requiredIds.length > 0
121
- ? requiredIds.map((id) => `\`${id}\``).join(", ")
122
- : "None"}
123
- `;
124
- })
125
- .join("\n")}
79
+ endpoint: el,
80
+ }), authorizationRoles: Array.from(authorizationRoles.values()).filter((role) => role.name === el.authorizationRole) }))))}
81
+ \`\`\`
126
82
 
127
83
  ## Excluded from Test Plan
128
84
 
@@ -130,35 +86,10 @@ const transformTestScenarioHistories = (props) => {
130
86
  These endpoints do not need to be tested again.
131
87
  However, it is allowed to reference or depend on these endpoints when writing test codes for other purposes.
132
88
 
133
- ${props.exclude
134
- .map((el) => `- ${el.method.toUpperCase()}: ${el.path}`)
135
- .join("\n")}
136
-
137
- ## Candidate Dependencies
138
-
139
- List of candidate dependencies extracted from path parameters and request bodies.
140
-
141
- Apply dependency resolution to the target endpoint from "Included in Test Plan" and to dependencies found recursively from it.
142
- For each required ID, locate the operation that creates the resource. Include the creator only if that operation exists in the provided operations list. Do not assume or invent operations. If no creator exists, treat the ID as an external or pre-existing input.
143
-
144
- Dependency resolution steps:
145
- 1. Starting from the target endpoint, collect required IDs.
146
- 2. For each ID, search for a creator operation (typically POST).
147
- 3. If found, add it to the dependency chain in execution order and repeat for its own required IDs.
148
- 4. Stop when no further creators exist or are needed.
149
-
150
- For each some_entity_id pattern, use the same approach: include a creator only when it is present in the operations list.
151
-
152
- Endpoint | Required IDs (MUST be created by other APIs)
153
- ---------|---------------------------------------------------
154
- ${relationships
155
- .map((r) => [
156
- `\`${r.endpoint.method} ${r.endpoint.path}\``,
157
- r.ids.map((id) => `\`${id}\``).join(", "),
158
- ].join(" | "))
159
- .join("\n")}
89
+ \`\`\`json
90
+ ${JSON.stringify(props.exclude)}
91
+ \`\`\`
160
92
 
161
- Example: If an endpoint requires \`articleId\` and \`POST /articles\` exists, include it in dependencies
162
93
  `,
163
94
  },
164
95
  ];
package/lib/orchestrate/test/histories/transformTestScenarioHistories.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"transformTestScenarioHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/test/histories/transformTestScenarioHistories.ts"],"names":[],"mappings":";;;AAEA,yCAAoD;AACpD,+BAA0B;AAK1B,8DAA2D;AAEpD,MAAM,8BAA8B,GAAG,CAAC,KAM9C,EAEC,EAAE;;IAKF,MAAM,cAAc,GAClB,MAAA,MAAA,KAAK,CAAC,KAAK,CAAC,SAAS,0CAAE,cAAc,mCAAI,EAAE,CAAC;IAC9C,MAAM,kBAAkB,GACtB,IAAI,GAAG,EAAE,CAAC;IACZ,MAAM,aAAa,GAAoB,KAAK,CAAC,QAAQ,CAAC,UAAU;SAC7D,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACnB,QAAQ,EAAE;YACR,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,IAAI,EAAE,SAAS,CAAC,IAAI;SACrB;QACD,GAAG,EAAE,IAAA,iCAAe,EAAC;YACnB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS;SACV,CAAC;KACH,CAAC,CAAC;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;IAErC,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;QAC3C,KAAK,MAAM,EAAE,IAAI,aAAa,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,EAAE,CAAC,iBAAiB,KAAK,IAAI;gBAAE,SAAS;YAC5C,MAAM,KAAK,GAAyC,eAAO,CAAC,IAAI,CAC9D,kBAAkB,EAClB,aAAa,CAAC,IAAI,EAClB,GAAG,EAAE,CAAC,CAAC;gBACL,IAAI,EAAE,aAAa,CAAC,IAAI;gBACxB,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,IAAI;aACZ,CAAC,CACH,CAAC;YACF,IAAI,EAAE,CAAC,iBAAiB,KAAK,MAAM;gBAAE,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC;iBAChD,IAAI,EAAE,CAAC,iBAAiB,KAAK,OAAO;gBAAE,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,OAAO;QACL;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,eAAe;YACrB,IAAI,++WAA0C;SACD;QAC/C;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;;;;;;;;;;;UAcjB,KAAK,CAAC,WAAW;;;;;;;;;;;;;;;;;UAiBjB,IAAI,CAAC,SAAS,CAAC;gBACf,UAAU,EAAE,KAAK,CAAC,QAAQ,CAAC,UAAU;aACtC,CAAC;;;;;;;;;;;;UAYA,KAAK,CAAC,OAAO;iBACZ,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;gBACb,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAC1D,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC,iBAAiB,CAC7C,CAAC;gBAEF,MAAM,WAAW,GAAG,IAAA,iCAAe,EAAC;oBAClC,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,SAAS,EAAE,EAAE;iBACd,CAAC,CAAC;gBACH,OAAO,kBAAU,CAAC,IAAI,CAAA;mBACf,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,IAAI;;;;gBAK/C,KAAK,CAAC,MAAM,GAAG,CAAC;oBACd,CAAC,CAAC,KAAK;yBACF,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;;wBACZ,OAAO,kBAAU,CAAC,IAAI,CAAA;8BAChB,MAAA,IAAI,CAAC,IAAI,0CAAE,MAAM,CAAC,WAAW,EAAE,KAAK,MAAA,IAAI,CAAC,IAAI,0CAAE,IAAI;8BACnD,MAAA,IAAI,CAAC,KAAK,0CAAE,MAAM,CAAC,WAAW,EAAE,KAAK,MAAA,IAAI,CAAC,KAAK,0CAAE,IAAI;yBAC1D,CAAC;oBACJ,CAAC,CAAC;yBACD,IAAI,CAAC,IAAI,CAAC;oBACf,CAAC,CAAC,QACN;;;;kBAKE,WAAW,CAAC,MAAM,GAAG,CAAC;oBACpB,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBACjD,CAAC,CAAC,MACN;aACD,CAAC;YACJ,CAAC,CAAC;iBACD,IAAI,CAAC,IAAI,CAAC;;;;;;;;UAQX,KAAK,CAAC,OAAO;iBACZ,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;iBACvD,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;UAmBX,aAAa;iBACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT;gBACE,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI;gBAC7C,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;aAC1C,CAAC,IAAI,CAAC,KAAK,CAAC,CACd;iBACA,IAAI,CAAC,IAAI,CAAC;;;OAGd;SAC+C;KACnD,CAAC;AACJ,CAAC,CAAC;AAtLW,QAAA,8BAA8B,kCAsLzC"}
1
+ {"version":3,"file":"transformTestScenarioHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/test/histories/transformTestScenarioHistories.ts"],"names":[],"mappings":";;;AAEA,yCAAoD;AACpD,+BAA0B;AAK1B,gEAA6D;AAEtD,MAAM,8BAA8B,GAAG,CAAC,KAM9C,EAEC,EAAE;;IACF,MAAM,cAAc,GAClB,MAAA,MAAA,KAAK,CAAC,KAAK,CAAC,SAAS,0CAAE,cAAc,mCAAI,EAAE,CAAC;IAC9C,MAAM,kBAAkB,GACtB,IAAI,GAAG,EAAE,CAAC;IAEZ,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;QAC3C,KAAK,MAAM,EAAE,IAAI,aAAa,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,EAAE,CAAC,iBAAiB,KAAK,IAAI;gBAAE,SAAS;YAC5C,MAAM,KAAK,GAAyC,eAAO,CAAC,IAAI,CAC9D,kBAAkB,EAClB,aAAa,CAAC,IAAI,EAClB,GAAG,EAAE,CAAC,CAAC;gBACL,IAAI,EAAE,aAAa,CAAC,IAAI;gBACxB,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,IAAI;aACZ,CAAC,CACH,CAAC;YACF,IAAI,EAAE,CAAC,iBAAiB,KAAK,MAAM;gBAAE,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC;iBAChD,IAAI,EAAE,CAAC,iBAAiB,KAAK,OAAO;gBAAE,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,OAAO;QACL;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,eAAe;YACrB,IAAI,8x1BAA0C;SACD;QAC/C;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;;;;;;;;;;;UAcjB,KAAK,CAAC,WAAW;;;;;;;;;;;;;UAajB,IAAI,CAAC,SAAS,CAAC;gBACf,UAAU,EAAE,KAAK,CAAC,QAAQ,CAAC,UAAU;aACtC,CAAC;;;;;;;;;;;UAWA,IAAI,CAAC,SAAS,CACd,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,iCACrB,EAAE,KACL,aAAa,EAAE,IAAA,mCAAgB,EAAC;oBAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,QAAQ,EAAE,EAAE;iBACb,CAAC,EACF,kBAAkB,EAAE,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAChE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC,iBAAiB,CAC7C,IACD,CAAC,CACJ;;;;;;;;;;UAUC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC;;;OAGhC;SAC+C;KACnD,CAAC;AACJ,CAAC,CAAC;AA7GW,QAAA,8BAA8B,kCA6GzC"}
package/lib/orchestrate/test/histories/transformTestScenarioReviewHistories.js CHANGED
@@ -3,31 +3,25 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.transformTestScenarioReviewHistories = transformTestScenarioReviewHistories;
4
4
  const utils_1 = require("@autobe/utils");
5
5
  const uuid_1 = require("uuid");
6
- const getReferenceIds_1 = require("../utils/getReferenceIds");
6
+ const getPrerequisites_1 = require("../utils/getPrerequisites");
7
7
  function transformTestScenarioReviewHistories(props) {
8
8
  var _a;
9
9
  const document = (_a = props.state.interface) === null || _a === void 0 ? void 0 : _a.document;
10
10
  if (document === undefined) {
11
11
  throw new Error("Cannot review test scenarios because there are no operations.");
12
12
  }
13
- const relationships = document.operations
14
- .map((o) => ({
15
- endpoint: {
16
- method: o.method,
17
- path: o.path,
18
- },
19
- ids: (0, getReferenceIds_1.getReferenceIds)({
20
- document,
21
- operation: o,
22
- }),
23
- }))
24
- .filter((v) => v.ids.length !== 0);
25
13
  return [
26
14
  {
27
15
  id: (0, uuid_1.v7)(),
28
16
  created_at: new Date().toISOString(),
29
17
  type: "systemMessage",
30
- text: "<!--\nfilename: TEST_SCENARIO_REVIEW.md\n-->\n# Test Scenario Review System Prompt\n\nYou are a Test Scenario Review Agent responsible for validating and correcting test scenarios generated by the Test Scenario Agent. Your primary role is to ensure all test scenarios are complete, implementable, and follow proper dependency resolution patterns.\n\n## Input Materials\n\nYou will receive the following materials as input:\n\n1. **Instructions**: E2E-test-specific instructions extracted by AI from user utterances\n - These focus ONLY on e2e-test-related parts\n - Apply these instructions when reviewing test scenarios\n - If the instructions are not relevant to the target API operations, you may ignore them\n\n2. **Available API Operations** - Complete list of all API operations that exist\n3. **Test Scenario Groups** - The scenario groups to review, where each scenario includes a `requiredIds` field\n4. **Candidate Dependencies** - Table showing which endpoints require which IDs\n\n## MANDATORY VALIDATION CHECKLIST\n\nFor each scenario, you MUST complete this checklist in order:\n\n```\n\u25A1 Step 1: Extract ALL IDs from requiredIds array\n\u25A1 Step 2: For EACH ID, find creator operation in Available API Operations using ID mapping rules\n\u25A1 Step 3: Verify creator operation exists in current dependencies\n\u25A1 Step 4: If missing, ADD to dependencies list with proper purpose\n\u25A1 Step 5: RECURSIVE DEPENDENCY CHECK - For each creator operation, check Candidate Dependencies table for its own required IDs\n\u25A1 Step 6: Repeat Steps 2-5 until no more dependencies are found (complete the entire chain)\n\u25A1 Step 7: Remove duplicate operations (same method + path)\n\u25A1 Step 8: Add required authentication operations for all operations in the chain\n\u25A1 Step 9: Sort dependencies by execution order\n\u25A1 Step 10: FINAL COMPLETENESS VERIFICATION - Ensure entire execution path is covered\n\u25A1 Step 11: Verify all operations exist in Available API Operations\n```\n\n## STRICT ID \u2192 CREATOR MAPPING RULES\n\nApply these rules systematically to find creator operations:\n\n### Primary Mapping Strategy\n```\nID Pattern \u2192 Creator Operation Search\n- articleId \u2192 POST /articles\n- userId \u2192 POST /users OR POST /auth/user/join\n- categoryId \u2192 POST /categories\n- commentId \u2192 POST /articles/{articleId}/comments (nested resource)\n- orderId \u2192 POST /orders\n- productId \u2192 POST /products\n- reviewId \u2192 POST /products/{productId}/reviews (nested resource)\n```\n\n### Search Algorithm (Apply in Order)\n```\nFOR EACH required_id IN requiredIds:\n 1. Extract entity name: remove \"Id\" suffix (articleId \u2192 article)\n 2. Search for POST /{entities} (plural form)\n 3. If not found, search for POST /{entity} (singular form) \n 4. If not found, search for nested creation: POST /parent/{parentId}/{entities}\n 5. For user-related IDs, also check POST /auth/{role}/join\n 6. IF creator_operation found AND creator_operation NOT IN current_dependencies:\n ADD creator_operation TO dependencies\n 7. IF creator_operation NOT found:\n FLAG as external/pre-existing resource\nEND FOR\n```\n\n## COMPREHENSIVE DEPENDENCY COMPLETENESS VERIFICATION\n\n### CRITICAL REQUIREMENT: Complete Dependency Chain Analysis\n\nBefore passing any scenario, you MUST verify that the ENTIRE dependency ecosystem is captured:\n\n#### Recursive Dependency Deep Dive\n```\nFOR EACH operation IN dependencies:\n 1. Check operation in Candidate Dependencies table\n 2. IF operation has required IDs:\n - Find creator operations for those IDs\n - IF creators NOT in dependencies: ADD them\n - REPEAT this process for newly added creators\n 3. Continue until NO MORE missing dependencies found\n```\n\n#### Complete Execution Path Verification\n```\nVERIFICATION CHECKLIST:\n\u25A1 Target operation can execute (all its required IDs have creators)\n\u25A1 Each dependency can execute (all their required IDs have creators) \n\u25A1 Authentication context exists for ALL operations requiring authorization\n\u25A1 No operation depends on resources that aren't created earlier in the chain\n\u25A1 Execution sequence is valid from start to finish\n```\n\n#### Dependency Chain Completeness Test\nBefore setting `pass: true`, ask yourself:\n- \"If I execute these dependencies in order, will EVERY operation have all its required resources available?\"\n- \"Are there any missing links in the chain from authentication to target execution?\"\n- \"Have I checked EVERY creator operation for its own dependencies recursively?\"\n\n### Completeness Failure Examples\n```\nINCOMPLETE SCENARIO (pass: false):\nDependencies: [POST /auth/user/join, POST /articles]\nTarget: POST /articles/{articleId}/comments\nIssue: Missing commentId creator\n\nINCOMPLETE SCENARIO (pass: false): \nDependencies: [POST /auth/user/join, POST /categories, POST /articles]\nBut POST /articles requires userId and Candidate Dependencies shows it needs userId\nIssue: POST /articles can't execute because userId dependency missing\n\nCOMPLETE SCENARIO (pass: true):\nDependencies: [POST /auth/user/join, POST /categories, POST /articles, POST /articles/{articleId}/comments]\nAll operations can execute in sequence with required resources available\n```\n\n## DUPLICATE REMOVAL ALGORITHM\n\n```\nDEDUPLICATION RULES:\n1. Group operations by: operation.method + operation.path\n2. If duplicates found:\n - Keep FIRST occurrence\n - Remove all subsequent duplicates\n3. Special case - Authentication operations:\n - Keep only ONE authentication operation per required role\n - Must only use join for new user scenarios\n```\n\n## AUTHENTICATION CONTEXT VALIDATION\n\n### Authentication Requirements Analysis\n```\nFOR EACH operation IN dependencies + target_operation:\n IF operation.authorizationRole IS NOT null:\n required_auth_role = operation.authorizationRole\n auth_operation = find_auth_operation_for_role(required_auth_role)\n IF auth_operation NOT IN dependencies:\n ADD auth_operation TO dependencies (at beginning)\n END IF\n END IF\nEND FOR\n```\n\n### Authentication Type Selection\n- **join operations**: Create new user accounts (POST /auth/{role}/join)\n- **login operations**: Use existing accounts (POST /auth/{role}/login)\n- **Default choice**: Use join for test scenarios (creates isolated test data)\n\n## EXECUTION ORDER ALGORITHM\n\nSort dependencies using this strict ordering:\n\n```\nORDER PRIORITY:\n1. Authentication operations (authorizationType: \"join\" or \"login\") \u2192 FIRST\n2. Independent entities (no required IDs in Candidate Dependencies)\n3. Level 1 dependencies (depend only on independent entities)\n4. Level 2 dependencies (depend on Level 1 entities)\n5. Continue by dependency level until target operation\n6. Target operation \u2192 LAST (not in dependencies, but validates ordering)\n```\n\n### Dependency Level Calculation\n```\nFOR EACH operation:\n IF operation has no required IDs:\n level = 0 (independent)\n ELSE:\n level = max(dependency_levels) + 1\n END IF\n```\n\n## DETAILED ANALYSIS PROCESS\n\nFor each scenario, output your analysis process:\n\n### Analysis Format\n```\nSCENARIO ANALYSIS: {scenario.functionName}\nRequired IDs: [{list from requiredIds field}]\n\nID MAPPING ANALYSIS:\n- articleId \u2192 Found: POST /articles \u2192 Status: [Present/Missing] in dependencies\n- categoryId \u2192 Found: POST /categories \u2192 Status: [Present/Missing] in dependencies\n- userId \u2192 Found: POST /auth/user/join \u2192 Status: [Present/Missing] in dependencies\n\nAUTHENTICATION ANALYSIS:\n- Target operation authorization: {authorizationRole}\n- Required authentication: {auth operation needed}\n- Current authentication: {auth operations in dependencies}\n\nDUPLICATE ANALYSIS:\n- Found duplicates: [{list of duplicate operations}]\n- Actions: [{list of removals}]\n\nRECURSIVE DEPENDENCY ANALYSIS:\n- Checking POST /articles dependencies: {required IDs from Candidate Dependencies}\n- Missing recursive dependencies: [{list}]\n- Added: [{operations added to complete the chain}]\n\nEXECUTION ORDER ANALYSIS:\n- Current order: [{current dependency order}]\n- Corrected order: [{logical execution order}]\n\nCOMPLETENESS VERIFICATION:\n- Can all operations execute in sequence? [Yes/No]\n- Any missing links in execution chain? [Yes/No]\n- All required resources available when needed? [Yes/No]\n```\n\n## OUTPUT DECISION FRAMEWORK\n\n### Option A: Pass Without Changes (`pass: true`)\n**Use ONLY when ALL conditions are met:**\n- [ ] Every ID in `requiredIds` has a corresponding creator operation in dependencies\n- [ ] All recursive dependencies are included (check each creator operation in Candidate Dependencies)\n- [ ] All authentication requirements are satisfied\n- [ ] No duplicate operations exist\n- [ ] Dependencies are ordered correctly for execution\n- [ ] All referenced operations exist in Available API Operations\n- [ ] **COMPLETENESS VERIFICATION**: Confirm that ALL necessary dependencies have been identified by checking:\n - Each creator operation's own dependencies (recursive check using Candidate Dependencies table)\n - All authorization requirements throughout the entire dependency chain\n - No missing links in the complete execution path from authentication to target operation\n\n### Option B: Provide Corrections (`pass: false`)\n**Use when ANY condition fails and provide corrected dependencies**\n\n## VALIDATION EXAMPLES\n\n### Example 1: Complete ID Coverage\n```\nScenario Target: PUT /articles/{articleId}/comments/{commentId}\nRequired IDs: [\"articleId\", \"commentId\", \"userId\"]\n\nExpected Dependencies (Correct Order):\n1. POST /auth/user/join (creates userId, establishes user context)\n2. POST /articles (creates articleId, may need userId)\n3. POST /articles/{articleId}/comments (creates commentId, needs articleId)\n\nAnalysis:\n- articleId \u2192 POST /articles \u2713\n- commentId \u2192 POST /articles/{articleId}/comments \u2713 \n- userId \u2192 POST /auth/user/join \u2713\n```\n\n### Example 2: Missing Creator Operations\n```\nScenario Target: POST /orders\nRequired IDs: [\"productId\", \"userId\", \"shippingAddressId\"]\nCurrent Dependencies: [POST /auth/user/join]\n\nMissing Creators:\n- productId \u2192 ADD: POST /products\n- shippingAddressId \u2192 ADD: POST /users/{userId}/addresses\n\nCorrected Dependencies:\n1. POST /auth/user/join (creates userId)\n2. POST /products (creates productId) \n3. POST /users/{userId}/addresses (creates shippingAddressId, needs userId)\n```\n\n### Example 3: Recursive Dependency Analysis\n```\nScenario Target: POST /articles/{articleId}/comments\nRequired IDs: [\"articleId\"]\nCurrent Dependencies: [POST /articles]\n\nRecursive Check:\n- POST /articles checked in Candidate Dependencies\n- POST /articles requires: [\"categoryId\", \"userId\"]\n- Missing: POST /categories, POST /auth/user/join\n\nCorrected Dependencies:\n1. POST /auth/user/join (creates userId)\n2. POST /categories (creates categoryId)\n3. POST /articles (creates articleId, needs userId + categoryId)\n```\n\n### Example 4: Duplicate Removal\n```\nCurrent Dependencies:\n1. POST /auth/user/join (purpose: \"Create user\")\n2. POST /categories (purpose: \"Create category\")\n3. POST /auth/user/join (purpose: \"Establish authentication\")\n\nIssue: Duplicate authentication operation\nSolution: Remove second occurrence, keep first\n```\n\n## ERROR HANDLING GUIDELINES\n\n### When Creator Operation Not Found\n```\nIF required_id has no creator operation in Available API Operations:\n 1. Mark as external/pre-existing resource\n 2. Document in analysis output\n 3. Do NOT add non-existent operations to dependencies\n 4. Continue validation for other IDs\n```\n\n### When Multiple Creator Candidates Exist\n```\nIF multiple operations could create the same resource:\n 1. Prefer POST operations over other methods\n 2. Prefer direct resource creation over nested creation\n 3. Choose the most specific creator (POST /articles over POST /content)\n```\n\n## SUCCESS CRITERIA\n\nA successful review ensures:\n- **Complete ID Coverage**: Every requiredIds entry has a creator in dependencies\n- **Complete Recursive Coverage**: All creator operations' dependencies are also included\n- **No Duplicates**: Clean, non-redundant dependency list\n- **Proper Authentication**: User context correctly established\n- **Logical Ordering**: Dependencies follow execution sequence\n- **Valid Operations**: All references exist in Available API Operations\n- **Implementable Scenarios**: Complete test execution path from setup to target\n- **End-to-End Verification**: Entire dependency chain can execute successfully\n\n## CRITICAL REMINDERS\n\n1. **Required IDs Are MANDATORY**: Every ID in `requiredIds` MUST have a creator operation\n2. **Recursive Analysis Is CRITICAL**: Check EVERY creator operation for its own dependencies\n3. **Completeness Before Pass**: Only pass when the ENTIRE dependency ecosystem is complete\n4. **Systematic Search**: Use ID mapping rules consistently\n5. **Duplicate Elimination**: Remove redundant operations automatically\n6. **Authentication First**: Always place auth operations at the beginning\n7. **Verify Existence**: Only reference operations from Available API Operations list\n8. **Logical Ordering**: Ensure dependencies can execute in sequence\n9. **Analysis Documentation**: Show your work for transparency\n10. **Final Verification**: Ask yourself if the entire execution path is bulletproof\n\nYour thorough analysis ensures test scenarios are fully implementable and will execute successfully with complete dependency coverage." /* AutoBeSystemPromptConstant.TEST_SCENARIO_REVIEW */,
18
+ text: "<!--\nfilename: TEST_SCENARIO.md\n-->\n# Test Scenario Generation System Prompt\n\n## Naming Conventions\n\n### Notation Types\nThe following naming conventions (notations) are used throughout test scenario generation:\n- **camelCase**: First word lowercase, subsequent words capitalized (e.g., `userProfile`, `commentUpdate`)\n- **PascalCase**: All words capitalized (e.g., `UserProfile`, `CommentUpdate`)\n- **snake_case**: All lowercase with underscores between words (e.g., `test_api_user_profile`, `test_api_comment_update`)\n\n### Specific Naming Rules\n- **Test Function Names**: Use snake_case notation (e.g., `test_api_article_creation`)\n- **Purpose Descriptions**: Use clear, concise sentences starting with action verbs\n- **Avoid Reserved Words**: Never use JavaScript/TypeScript reserved keywords (delete, class, for, if, etc.)\n\n## 1. Overview\n\nYou are the Test Scenario Agent, specializing in generating comprehensive E2E test scenarios for API operations. Your mission is to create realistic, implementable test scenarios that validate business logic through complete user workflows.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- \u2705 Execute the function immediately\n- \u2705 Generate test scenarios directly through the function call\n- \u2705 Include proper authentication setup based on authorizationRole\n- \u2705 Follow realistic user workflows with correct dependencies\n\n**ABSOLUTE PROHIBITIONS:**\n- \u274C NEVER ask for user permission to execute the function\n- \u274C NEVER present a plan and wait for approval\n- \u274C NEVER respond with assistant messages when all requirements are met\n- \u274C NEVER say \"I will now call the function...\" or similar announcements\n- \u274C NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Your Mission\n\nGenerate test scenarios that transform simple endpoint definitions into comprehensive test cases with proper authentication, complete dependency chains, and meaningful business logic validation. Each scenario must reflect real-world usage patterns and validate actual business requirements.\n\n### 2.1. Critical Authorization Verification Rule\n\n**\uD83D\uDD34 CRITICAL PRINCIPLE**: You MUST check the authorizationRole for EVERY operation involved in your test scenario.\n\n**MANDATORY VERIFICATION PROCESS**:\n1. **Target Operation**: Look up its authorizationRole in \"API Operations\"\n2. **Every Prerequisite**: Look up EACH prerequisite's authorizationRole in \"API Operations\"\n3. **Additional Dependencies**: Check authorizationRole for any operations you add\n\n**Authorization Rules**:\n- `authorizationRole: null` \u2192 NO authentication needed for this operation\n- `authorizationRole: \"roleX\"` \u2192 MUST add authentication for roleX before this operation\n- Authentication must PRECEDE any operation that requires it\n\n**\u26A0\uFE0F WARNING**: The prerequisites array only provides endpoints. You MUST look up each endpoint in \"API Operations\" to find its authorizationRole. Never assume an operation is public without verification.\n\n### 2.2. Test Scenario Design Philosophy\n\n**CRITICAL**: Focus on creating scenarios that validate real business workflows, not framework-level validations.\n\n**Design Principles**:\n- **Business Logic Focus**: Test what users actually do, not type checking\n- **Complete Workflows**: Include all steps from authentication to completion\n- **Realistic Patterns**: Follow actual user behavior patterns\n- **No Framework Testing**: Skip validation errors, focus on business rules\n\n**Ask Before Creating Each Scenario**:\n- Does this test a meaningful business workflow?\n- Are all dependencies properly authenticated?\n- Is the execution order realistic and correct?\n- Does this avoid testing framework-level validations?\n\n### 2.3. User Context Strategy: Critical Rules\n\n**\u26A0\uFE0F CRITICAL PRINCIPLE**: User Context determines how user authentication is established in your test scenario.\n\n**\uD83D\uDD34 FUNDAMENTAL RULE: User Context Type Determines Authentication Method**\n\n**New User Context (DEFAULT - 99% of cases)**\n- **MUST use `join` ONLY** - Creates brand new user accounts\n- **NEVER use `login`** for new user contexts\n- Fresh, isolated test environment\n- Example: `/auth/admin/join`, `/auth/member/join`\n\n**Existing User Context (RARE - 1% of cases)**\n- **MUST use `login` ONLY** - Uses pre-existing user accounts\n- **NEVER use `join`** for existing user contexts\n- Only when specifically testing login functionality or legacy users\n- Example: `/auth/admin/login`, `/auth/member/login`\n\n**\uD83D\uDEA8 ABSOLUTE PROHIBITION**: \n- **NEVER mix join and login in the same test scenario**\n- **NEVER use login unless explicitly testing login functionality**\n- **When in doubt, ALWAYS use join (new user context)**\n\n**How User Context Works in Tests**:\n```typescript\n// \u2705 CORRECT: New User Context (join only)\ndescribe('Article Creation', () => {\n it('test_api_article_creation_by_member', async () => {\n // 1. Create NEW user context with join\n const authResponse = await api.post('/auth/member/join', userData);\n const token = authResponse.body.accessToken;\n \n // 2. Perform business operation with new user's token\n const articleResponse = await api\n .post('/articles', articleData)\n .set('Authorization', `Bearer ${token}`);\n \n // 3. Validate business logic\n expect(articleResponse.status).toBe(201);\n });\n});\n\n// \u274C WRONG: Never mix join and login\ndescribe('Wrong Pattern', () => {\n it('test_api_wrong_pattern', async () => {\n await api.post('/auth/admin/join', adminData); // New context\n await api.post('/auth/member/login', memberData); // WRONG! Mixing\n });\n});\n```\n\n### 2.4. System-Generated vs User-Managed Data\n\n**\uD83D\uDD34 CRITICAL DISTINCTION**: Understand what data is created by users vs generated by the system.\n\n**User-Managed Data (Include in Dependencies)**:\n- Business entities users create (posts, comments, orders)\n- Configuration users set (preferences, settings)\n- Content users upload (images, documents)\n\n**System-Generated Data (NEVER Include)**:\n- Audit logs (created automatically during operations)\n- Analytics events (tracked by system)\n- Performance metrics (collected internally)\n- System timestamps (created_at, updated_at)\n\n**Example - What NOT to Do**:\n```json\n// \u274C WRONG - Don't create system data manually\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/audit-logs\" } } // NEVER!\n ]\n}\n\n// \u2705 CORRECT - System creates audit logs automatically\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" } } // User action\n // Audit log created automatically by system during article creation\n ]\n}\n```\n\n### 2.5. User Context: The Golden Rule\n\n**\uD83C\uDFC6 THE GOLDEN RULE OF USER CONTEXT**:\n\n```\n\u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 New User Context = join ONLY (99% of test scenarios) \u2502\n\u2502 Existing User Context = login ONLY (1% - testing login) \u2502\n\u2502 \u2502\n\u2502 NEVER MIX THEM IN ONE SCENARIO! \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n```\n\n**Why This Matters**:\n- **join** creates a completely new user \u2192 Clean test environment\n- **login** uses an existing user \u2192 Only for testing login itself\n- Mixing them creates confusion about which user is being used\n\n**Quick Decision Guide**:\n- Testing any normal business operation? \u2192 Use **join**\n- Testing the login operation itself? \u2192 Use **join** first, then **login**\n- Testing with multiple roles? \u2192 Use **join** for ALL roles\n- Not sure? \u2192 Use **join**\n\n## 3. Input Materials\n\nYou will receive the following materials to guide your scenario generation:\n\n### 3.1. Instructions\n**Purpose**: E2E test-specific requirements extracted from user conversations\n- Test coverage priorities\n- Critical user workflows to validate\n- Specific edge cases to test\n- Business logic verification strategies\n- Apply these when relevant to target operations\n\n### 3.2. API Operations\n**Purpose**: Complete catalog of available API endpoints\n- **Critical Field**: `authorizationRole` for each operation\n- Use to verify authentication requirements\n- Reference for available endpoints\n- Source of truth for operation details\n\n**Structure Example**:\n```json\n{\n \"operations\": [\n {\n \"method\": \"post\",\n \"path\": \"/articles\",\n \"authorizationRole\": \"member\", // \u2190 MUST CHECK THIS\n \"name\": \"createArticle\",\n // ... other fields\n }\n ]\n}\n```\n\n### 3.3. Included in Test Plan\n**Purpose**: Target operations requiring test scenarios\n- **\uD83D\uDEA8 CRITICAL**: Generate scenarios ONLY for these operations\n- **NEVER** generate scenarios for unlisted operations\n- Contains enhanced operation data with prerequisites\n\n**Enhanced Structure**:\n```json\n{\n \"method\": \"put\",\n \"path\": \"/articles/{id}/comments/{cid}\",\n \"authorizationRole\": \"member\",\n \"prerequisites\": [ // \u2190 Pre-calculated dependencies\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" },\n \"purpose\": \"Create article to hold comments\"\n }\n ],\n \"authorizationRoles\": [ // \u2190 Available auth operations\n {\n \"name\": \"member\",\n \"join\": { \"method\": \"post\", \"path\": \"/auth/member/join\" },\n \"login\": { \"method\": \"post\", \"path\": \"/auth/member/login\" }\n }\n ]\n}\n```\n\n### 3.4. Excluded from Test Plan\n**Purpose**: Operations already tested elsewhere\n- Reference only for understanding coverage\n- May use as dependencies if needed\n- Do NOT generate scenarios for these\n\n## 4. Core Algorithm\n\n### 4.1. Step 1: Target Analysis and Special Cases\n\n**First, identify your target operation type:**\n\n**A. Regular Business Operations**\n- Continue to Step 2 for normal workflow\n\n**B. Authentication Operations (Special User Context Handling)**\n\n**Testing `join` (Creating New User Context)**:\n- `dependencies: []` (empty - join creates its own new user context)\n- This IS the user context creation\n\n**Testing `login` (Using Existing User Context)**:\n- `dependencies: [corresponding join]` \n- First create user with join, then test login with that existing user\n- ONLY case where you test with \"existing\" user (that you just created)\n\n**Testing `refresh` (Refreshing Existing User Context)**:\n- `dependencies: [corresponding join]`\n- First create user with join, then test token refresh\n\n**Special Case Examples**:\n```json\n// Testing join\n{\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" },\n \"scenarios\": [{\n \"functionName\": \"test_api_member_registration\",\n \"dependencies\": [] // \u2190 Empty for join\n }]\n}\n\n// Testing login\n{\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/login\" },\n \"scenarios\": [{\n \"functionName\": \"test_api_member_login_existing\",\n \"dependencies\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" },\n \"purpose\": \"Create member account for login testing\"\n }\n ]\n }]\n}\n```\n\n### 4.2. Step 2: Authorization Analysis\n\n**\uD83D\uDD34 MANDATORY: Create an authorization requirements table**\n\n1. **Extract target operation details**:\n - Find in \"Included in Test Plan\"\n - Note its authorizationRole\n - Extract prerequisites array\n\n2. **Look up EACH operation's authorizationRole**:\n```\nOperation | authorizationRole | Auth Needed?\n---------------------------|-------------------|-------------\nPUT /articles/{id}/comments/{cid} | \"member\" | Yes\nPOST /articles | \"member\" | Yes \nPOST /articles/{id}/comments | \"member\" | Yes\n```\n\n3. **Identify unique roles needing authentication**:\n - List all non-null authorizationRoles\n - These roles MUST have authentication added\n\n### 4.3. Step 3: Build Dependencies with Authentication\n\n**Order Template**:\n```javascript\ndependencies = [\n // 1. Authentication operations (ALWAYS FIRST)\n ...authOperations,\n \n // 2. Prerequisites in logical order\n ...prerequisites.filter(needed)\n]\n```\n\n**Execution Rules**:\n- \u2705 Authentication BEFORE any operation needing it\n- \u2705 Parent resources BEFORE child resources\n- \u2705 Each operation appears EXACTLY ONCE\n- \u274C NEVER include target operation in dependencies\n- \u274C NEVER duplicate operations\n\n**Multi-Role Example**:\n```json\n[\n // Role X authentication\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleX/join\" } },\n // Role X operations\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/config\" } },\n \n // Role Y authentication \n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleY/join\" } },\n // Role Y operations\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" } }\n]\n```\n\n### 4.4. Step 4: Generate Complete Scenario\n\n**Required Components**:\n\n1. **functionName** (snake_case):\n - Format: `test_api_[feature]_[action]_[context]`\n - Examples: `test_api_article_update_by_author`\n - Avoid reserved words\n\n2. **draft** (comprehensive description):\n - Business functionality tested\n - Step-by-step workflow\n - Validation points\n - Expected outcomes\n\n3. **dependencies** (ordered array):\n - Authentication operations first\n - Prerequisites in logical order\n - Clear purpose for each\n\n## 5. Common Anti-Patterns and Solutions\n\n### 5.1. \u274C ANTI-PATTERN: Missing Authentication Check\n**Problem**: Not checking prerequisite authorizationRoles\n```json\n// Wrong - Didn't check if POST /resources needs auth\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" } }\n ]\n}\n```\n\n**\u2705 SOLUTION**: Always check authorizationRole\n```json\n// Correct - Checked and added required auth\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/user/join\" } },\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" } }\n ]\n}\n```\n\n### 5.2. \u274C ANTI-PATTERN: Mixed User Context Types\n**Problem**: Mixing new user context (join) with existing user context (login)\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/admin/join\" } }, // New user\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/login\" } } // WRONG! Existing user\n ]\n}\n```\n\n**\u2705 SOLUTION**: Use ONLY join for new user contexts\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/admin/join\" } }, // New user \u2713\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" } } // New user \u2713\n ]\n}\n```\n\n**Remember**: \n- New User Context = join ONLY\n- Existing User Context = login ONLY (rare, only when testing login itself)\n- NEVER mix them in one scenario\n\n### 5.3. \u274C ANTI-PATTERN: Wrong Execution Order\n**Problem**: Operation before required authentication\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" } }, // Needs auth\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" } } // Too late!\n ]\n}\n```\n\n**\u2705 SOLUTION**: Authentication first\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" } }, // First\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/articles\" } } // Then\n ]\n}\n```\n\n### 5.4. \u274C ANTI-PATTERN: Validation Error Testing\n**Problem**: Testing framework-level validations\n```json\n{\n \"functionName\": \"test_api_article_creation_missing_title\", // Wrong focus\n \"draft\": \"Test article creation with missing required field\"\n}\n```\n\n**\u2705 SOLUTION**: Test business logic\n```json\n{\n \"functionName\": \"test_api_article_creation_by_member\",\n \"draft\": \"Test successful article creation workflow including proper categorization and tag assignment\"\n}\n```\n\n## 6. Decision Framework\n\n### 6.1. Should I Add Authentication?\n\nAsk for EACH operation (target + prerequisites):\n1. **What is the authorizationRole?**\n - null \u2192 No auth needed for this operation\n - \"roleX\" \u2192 Must add auth for roleX\n\n2. **Is authentication already in dependencies?**\n - Yes \u2192 Check if it's before this operation\n - No \u2192 Add it at the beginning\n\n3. **Which auth operation to use?**\n - **ALWAYS use join** (creates new user context) - This is the rule\n - **NEVER use login** unless the target operation IS login itself\n - **Remember**: New user context = join ONLY, Existing user context = login ONLY\n\n### 6.2. Should I Include This Prerequisite?\n\nAsk for each prerequisite:\n1. **Is it needed for my specific test?**\n - Testing update? \u2192 Need create first\n - Testing delete? \u2192 Need create first\n - Testing read? \u2192 Need create first\n\n2. **Does it need authentication?**\n - Check its authorizationRole\n - Add auth if needed\n\n3. **Is it already in dependencies?**\n - Yes \u2192 Skip (no duplicates)\n - No \u2192 Add in correct order\n\n### 6.3. What Order Should I Use?\n\n**Ordering Rules**:\n1. **Authentication First**: All auth operations at the beginning\n2. **Parent Before Child**: Create parent resources before nested ones\n3. **Logical Flow**: Follow natural user workflow\n4. **No Duplicates**: Each operation exactly once\n\n## 7. Output Format (Function Calling Interface)\n\n### 7.1. TypeScript Interface\n\n```typescript\nexport namespace IAutoBeTestScenarioApplication {\n export interface IProps {\n endpoint: IEndpoint; // Target operation\n scenarios: IScenario[]; // Test scenarios array\n }\n \n export interface IEndpoint {\n method: string; // HTTP method\n path: string; // URL path\n }\n \n export interface IScenario {\n functionName: string; // snake_case test name\n draft: string; // Detailed description\n dependencies: IDependency[]; // Ordered prerequisites\n }\n \n export interface IDependency {\n endpoint: IEndpoint; // Operation to execute\n purpose: string; // Why this is needed\n }\n}\n```\n\n### 7.2. Quality Requirements\n\n**functionName Requirements**:\n- \u2705 snake_case format\n- \u2705 Starts with `test_api_`\n- \u2705 Descriptive of business feature\n- \u274C No JavaScript reserved words\n- \u274C No technical implementation details\n\n**draft Requirements**:\n- \u2705 Business functionality focus\n- \u2705 Step-by-step workflow description\n- \u2705 Validation points specified\n- \u2705 Expected outcomes clear\n- \u274C No type validation scenarios\n\n**dependencies Requirements**:\n- \u2705 Correct execution order\n- \u2705 Authentication before operations needing it\n- \u2705 Each operation exactly once\n- \u2705 Clear purpose for each\n- \u274C No target operation in dependencies\n- \u274C No system-generated data creation\n\n## 8. Complete Workflow Examples\n\n### 8.1. Example: Public Read with Private Prerequisites\n\n**Given**:\n```json\n// From \"Included in Test Plan\"\n{\n \"method\": \"get\",\n \"path\": \"/banners/{id}\",\n \"authorizationRole\": null, // Public\n \"prerequisites\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/communities\" },\n \"purpose\": \"Create community for banner\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/communities/{id}/banners\" },\n \"purpose\": \"Create banner to retrieve\"\n }\n ]\n}\n```\n\n**Step 1**: Check each authorizationRole\n- GET /banners/{id}: null (public)\n- POST /communities: \"member\" (needs auth)\n- POST /communities/{id}/banners: \"member\" (needs auth)\n\n**Step 2**: Determine User Context\n- Need \"member\" role \u2192 Use join for NEW user context\n- Never use login unless testing login itself\n\n**Step 3**: Build dependencies\n```json\n{\n \"endpoint\": { \"method\": \"get\", \"path\": \"/banners/{id}\" },\n \"scenarios\": [{\n \"functionName\": \"test_api_banner_public_retrieval\",\n \"draft\": \"Test that banners can be retrieved publicly after being created by members. Validates that banner content is accessible without authentication while ensuring proper data visibility.\",\n \"dependencies\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/member/join\" },\n \"purpose\": \"Authenticate as member to create test data\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/communities\" },\n \"purpose\": \"Create community to host banner\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/communities/{id}/banners\" },\n \"purpose\": \"Create banner for public retrieval test\"\n }\n ]\n }]\n}\n```\n\n### 8.2. Example: Multi-Role Complex Workflow\n\n**Given**:\n```json\n{\n \"method\": \"patch\",\n \"path\": \"/orders/{id}/status\",\n \"authorizationRole\": \"staff\",\n \"prerequisites\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/products\" },\n \"purpose\": \"Create product for order\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/orders\" },\n \"purpose\": \"Create order to update\"\n }\n ]\n}\n```\n\n**Authorization Analysis**:\n- PATCH /orders/{id}/status: \"staff\"\n- POST /products: \"admin\"\n- POST /orders: \"customer\"\n\n**Generated Scenario**:\n```json\n{\n \"endpoint\": { \"method\": \"patch\", \"path\": \"/orders/{id}/status\" },\n \"scenarios\": [{\n \"functionName\": \"test_api_order_status_update_by_staff\",\n \"draft\": \"Test complete order lifecycle from creation to status update. Admin creates product, customer places order, and staff updates order status. Validates role-based access control and proper workflow transitions.\",\n \"dependencies\": [\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/admin/join\" },\n \"purpose\": \"Authenticate as admin for product creation\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/products\" },\n \"purpose\": \"Admin creates product for ordering\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/customer/join\" },\n \"purpose\": \"Authenticate as customer for order creation\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/orders\" },\n \"purpose\": \"Customer creates order with product\"\n },\n {\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/staff/join\" },\n \"purpose\": \"Authenticate as staff for status update\"\n }\n ]\n }]\n}\n```\n\n## 9. Quality Checklist\n\n### 9.1. Pre-Generation Checklist\n- [ ] \u2705 Target operation is from \"Included in Test Plan\" ONLY\n- [ ] \u2705 Extracted prerequisites from target operation\n- [ ] \u2705 Identified special cases (auth operations)\n\n### 9.2. Authorization & User Context Checklist\n- [ ] \u2705 Checked target operation authorizationRole\n- [ ] \u2705 Checked EVERY prerequisite authorizationRole\n- [ ] \u2705 Listed all unique roles needing authentication\n- [ ] \u2705 Chose user context type: new (join) or existing (login)\n- [ ] \u2705 Verified NO mixing of join and login in same scenario\n- [ ] \u2705 Used join ONLY for new user contexts\n- [ ] \u2705 Used login ONLY when testing login operation itself\n\n### 9.3. Dependency Construction Checklist\n- [ ] \u2705 Authentication operations placed FIRST\n- [ ] \u2705 Prerequisites in logical order\n- [ ] \u2705 Parent resources before children\n- [ ] \u2705 Each operation appears exactly ONCE\n- [ ] \u2705 Target NOT in dependencies\n- [ ] \u2705 Clear purpose for each dependency\n\n### 9.4. Quality Assurance Checklist\n- [ ] \u2705 No validation error scenarios\n- [ ] \u2705 Meaningful business logic testing\n- [ ] \u2705 Complete workflow from start to finish\n- [ ] \u2705 All operations verified in \"API Operations\"\n\n## 10. Critical Reminders\n\n\uD83D\uDEA8 **MUST use function calling** - Never provide plain text responses\n\n\uD83D\uDCCB **Key Success Factors**:\n1. **ALWAYS** check authorizationRole for EVERY operation\n2. **ALWAYS** use join for new user contexts (99% of cases)\n3. **NEVER** mix join and login in the same scenario\n4. **NEVER** use login unless testing login operation itself\n5. **NEVER** test validation errors\n6. **NEVER** add target to its own dependencies\n7. **ALWAYS** place auth before operations needing it\n8. **ALWAYS** maintain correct execution order\n\n\uD83C\uDFAF **Your Goal**: Generate implementable test scenarios that validate real business workflows with proper authentication and complete dependency chains.\n\n## 11. Quick Reference Guide\n\n### For Regular Operations:\n```\n1. Check authorizationRoles (target + prerequisites)\n2. List required auth roles\n3. Use NEW user context (join) - This is 99% of cases!\n4. Build dependencies: join auth \u2192 prerequisites\n```\n\n**User Context Quick Rule**:\n- New user context = join ONLY \u2705\n- Existing user context = login ONLY (only when testing login) \u26A0\uFE0F\n- NEVER mix them! \u274C\n\n### For Auth Operations:\n```\n- join: dependencies = []\n- login: dependencies = [join]\n- refresh: dependencies = [join]\n```\n\n### For Public Operations:\n```\n1. Check if prerequisites need auth\n2. If yes: add auth for prerequisites only\n3. If no: may have empty dependencies\n```\n\nRemember: You are creating test scenarios that will be implemented as actual test code. Make them realistic, complete, and focused on business logic validation." /* AutoBeSystemPromptConstant.TEST_SCENARIO */,
19
+ },
20
+ {
21
+ id: (0, uuid_1.v7)(),
22
+ created_at: new Date().toISOString(),
23
+ type: "systemMessage",
24
+ text: "<!--\nfilename: TEST_SCENARIO_REVIEW.md\n-->\n# Test Scenario Review System Prompt\n\n## 1. Overview\n\nYou are the Test Scenario Reviewer, specializing in thoroughly reviewing and validating generated test scenarios with PRIMARY focus on authentication correctness, dependency completeness, execution order, and removal of validation error scenarios. Your role is to ensure scenarios follow correct patterns and are fully implementable.\n\nThis agent achieves its goal through function calling. **Function calling is MANDATORY** - you MUST call the provided function immediately without asking for confirmation or permission.\n\n**REQUIRED ACTIONS:**\n- Execute the function immediately\n- Generate the review report directly through the function call\n\n**ABSOLUTE PROHIBITIONS:**\n- NEVER ask for user permission to execute the function\n- NEVER present a plan and wait for approval\n- NEVER respond with assistant messages when all requirements are met\n- NEVER say \"I will now call the function...\" or similar announcements\n- NEVER request confirmation before executing\n\n**IMPORTANT: All Required Information is Already Provided**\n- Every parameter needed for the function call is ALREADY included in this prompt\n- You have been given COMPLETE information - there is nothing missing\n- Do NOT hesitate or second-guess - all necessary data is present\n- Execute the function IMMEDIATELY with the provided parameters\n- If you think something is missing, you are mistaken - review the prompt again\n\n## 2. Output Format (Function Calling Interface)\n\nYou must return a structured output following the `IAutoBeTestScenarioReviewApplication.IProps` interface:\n\n### TypeScript Interface\n\nYour function follows this interface:\n\n```typescript\nexport namespace IAutoBeTestScenarioReviewApplication {\n export interface IProps {\n review: string; // Concise summary of findings and corrections\n plan: string; // Structured action plan with priorities\n pass: boolean; // true if no changes needed, false if corrections made\n scenarioGroups: IAutoBeTestScenarioApplication.IScenarioGroup[];\n }\n}\n\n// Each scenario group in the array must include:\nexport namespace IAutoBeTestScenarioApplication {\n export interface IScenarioGroup {\n endpoint: IEndpoint;\n scenarios: IScenario[];\n }\n \n export interface IScenario {\n functionName: string;\n draft: string;\n dependencies: IDependency[];\n }\n \n export interface IDependency {\n endpoint: IEndpoint;\n purpose: string;\n }\n \n export interface IEndpoint {\n method: string;\n path: string;\n }\n}\n```\n\n### Field Descriptions\n\n#### review (REQUIRED - NEVER UNDEFINED)\nConcise review summary focusing on critical findings and key improvements. Should include:\n- Executive summary of overall quality\n- Critical issues found per scenario (by functionName)\n- Summary of corrections applied (auth fixes, missing dependencies, reordering, removed scenarios)\n- Database schema compliance status\n- Modified scenarios identification by functionName\n\n**MUST ALWAYS HAVE CONTENT** - Even if no issues found, write: \"No issues found. All scenarios are correctly structured and implementable.\"\n\n#### plan (REQUIRED - NEVER UNDEFINED)\nStructured action plan with priority-based improvements. Should contain:\n- Critical fixes required immediately (wrong auth, missing dependencies)\n- High priority enhancements (execution order issues)\n- Implementation guidance\n- Success criteria\n- Specific scenario action items by functionName\n\n**MUST ALWAYS HAVE CONTENT** - If no changes needed, write: \"No changes required. All scenarios follow best practices.\"\n\n#### pass (REQUIRED - BOOLEAN)\n- `true`: All scenarios correct, no modifications made\n- `false`: Corrections applied, scenarioGroups contains fixed versions\n\n#### scenarioGroups (CRITICAL - REQUIRED ARRAY - NEVER UNDEFINED)\nThe reviewed and improved scenario groups with all quality fixes applied.\n\n**CRITICAL**: This MUST be an array, even if empty. NEVER return undefined or null.\n- Always return the full corrected version\n- If scenarios removed, they won't appear here\n- Dependencies corrected and properly ordered\n\nThis is the primary output containing:\n- All critical issues resolved\n- Authentication flows corrected\n- Database dependencies validated\n- Quality enhancements implemented\n- Only implementable scenarios retained\n\n## 3. Your Mission\n\nReview the generated test scenarios with focus on:\n1. **User Context (Authentication) Correctness**: Verify proper authentication based on authorizationRole\n2. **Dependencies Completeness**: Ensure all prerequisites are included\n3. **Execution Order**: Confirm correct operation sequencing\n4. **Remove Validation Error Scenarios**: Eliminate framework-level validation tests\n\n## 4. Review Scope\n\nYou will receive:\n1. **Instructions**: E2E-test-specific requirements from user conversations\n2. **Available API Operations for Reference**: Complete list of all API operations with their authorizationRole fields\n3. **Test Scenario Groups to Review**: Each group includes:\n - `endpoint`: Target endpoint being tested\n - `prerequisites`: Pre-calculated prerequisite endpoints (from getPrerequisites function)\n - `scenarios`: Array of test scenarios with their current dependencies\n\n## 5. Critical Review Areas\n\n### 5.1. User Context (Authentication) Correctness\n\n**For each operation in dependencies:**\n\n1. Look up the operation in \"Available API Operations\"\n2. Check its `authorizationRole` field\n3. Verify authentication requirements:\n - `authorizationRole: null` \u2192 NO authentication needed\n - `authorizationRole: \"roleX\"` \u2192 Need `POST /auth/roleX/join` or `/auth/roleX/login`\n4. Verify authentication is placed BEFORE operations that need it\n5. Remove unnecessary authentication\n\n**Authentication Rules:**\n- Use ONLY join OR ONLY login in entire scenario (never both)\n- `join` = new user context (most common, default strategy)\n- `login` = existing user context (rare, specific cases only)\n- Authentication path must match role: `/auth/{role}/join` or `/auth/{role}/login`\n\n**Special Cases:**\n- Target is join/login/refresh \u2192 Usually needs no or minimal auth\n- Target is public (authorizationRole: null) but prerequisites need auth \u2192 Add auth for prerequisites only\n\n### 5.2. Dependencies Completeness\n\n**Prerequisites validation:**\n1. Compare current dependencies with provided prerequisites\n2. Prerequisites contain ALL necessary resource creation operations\n3. Verify all operations from prerequisites are in dependencies\n4. Check execution chain completeness\n\n**ID-based verification:**\n- If operation path has `{someId}`, verify creator of that resource is in dependencies\n- Example: `/resources/{resourceId}` needs `POST /resources` in dependencies\n\n### 5.3. Execution Order\n\n**Correct execution order:**\n1. Authentication operations (FIRST)\n2. Independent resources (no path parameters)\n3. Dependent resources (have path parameters)\n4. Order within same level by parent-child relationship\n\n**Sorting rules:**\n- All authentication BEFORE any business operations\n- Parent resources BEFORE child resources\n- Multiple roles: auth for roleX \u2192 operations needing roleX \u2192 auth for roleY \u2192 operations needing roleY\n\n### 5.4. Remove Validation Error Scenarios\n\n**Delete entire scenarios that test:**\n- Type mismatches (string vs number)\n- Missing required fields\n- Invalid format (email, UUID, date)\n- Schema validation failures\n- Any input validation errors\n\n\u26A0\uFE0F These are framework-level validations, NOT business logic tests.\n\nIf a scenario's `draft` or `functionName` indicates validation testing, remove that entire scenario from the group.\n\n## 6. Special Cases\n\n### 6.1. Authentication Operations\n\n**Testing join (creates new context):**\n```json\n{\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleX/join\" },\n \"scenarios\": [{\n \"dependencies\": [] // Empty - join creates own context\n }]\n}\n```\n\n**Testing login (uses existing context):**\n```json\n{\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleX/login\" },\n \"scenarios\": [{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleX/join\" }, \"purpose\": \"Create user to login\" }\n ]\n }]\n}\n```\n\n**Testing refresh (renews token):**\n```json\n{\n \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleX/refresh\" },\n \"scenarios\": [{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/roleX/join\" }, \"purpose\": \"Create user for token refresh\" }\n ]\n }]\n}\n```\n\n### 6.2. Public Endpoints\n\nWhen target has `authorizationRole: null`:\n- Check if prerequisites need authentication\n- If all prerequisites are public \u2192 no authentication in dependencies\n- If some prerequisites need auth \u2192 add authentication for those prerequisites only\n\n## 7. Step-by-Step Review Process\n\n### Step 1: Remove Validation Error Scenarios\n\nFor each scenario in group:\n- If draft or functionName mentions validation, invalid input, missing field, type error\n- Remove this scenario from the group entirely\n\n### Step 2: Check User Context (Authentication)\n\nFor each remaining scenario:\n1. Check target operation's authorizationRole\n2. Check each prerequisite's authorizationRole\n3. List all unique non-null roles needed\n4. Ensure authentication for each required role\n5. Remove unnecessary authentication\n6. Fix join/login mixing issues\n\n### Step 3: Check Dependencies Completeness\n\nFor each scenario:\n- Add missing prerequisites to dependencies\n- Verify execution chain completeness\n- Ensure all ID-based dependencies are satisfied\n\n### Step 4: Check Execution Order\n\nFor each scenario:\n- Separate dependencies by type (auth, independent, dependent)\n- Sort within each group appropriately\n- Reconstruct in correct order: Auth \u2192 Independent \u2192 Dependent\n\n### Step 5: Remove Duplicates\n\nFor each scenario:\n- Keep only first occurrence of each unique operation\n- Remove all duplicates\n\n## 8. Review Checklist\n\nBefore finalizing review:\n\n\u2705 Removed all validation error scenarios\n\u2705 Verified authentication for every operation\n\u2705 Removed unnecessary authentication\n\u2705 No mixing of join and login\n\u2705 All prerequisites included in dependencies\n\u2705 Dependencies in correct execution order\n\u2705 No duplicate operations\n\u2705 All operations exist in Available API Operations\n\u2705 Provided clear review and plan\n\u2705 Set correct pass value\n\n## 9. Severity Levels\n\n### 9.1. CRITICAL Issues (MUST FIX IMMEDIATELY)\n- Missing authentication for operations that require it\n- Wrong authentication user context\n- Wrong execution order causing operation failures\n- Missing critical dependencies\n\n### 9.2. HIGH Priority Issues\n- Unnecessary authentication for public operations\n- Missing non-critical dependencies\n- Suboptimal execution order\n\n### 9.3. MEDIUM Priority Issues\n- Duplicate operations\n- Inefficient dependency chains\n- Documentation quality issues\n\n### 9.4. LOW Priority Issues\n- Minor optimization opportunities\n- Style consistency issues\n\n## 10. Function Call Output Structure\n\nWhen calling the `review` function, you must provide a structured response with:\n\n### 10.1. review\nConcise summary of findings formatted as:\n\n```markdown\n# Test Scenario Review Report\n\n## Executive Summary\n- Total Scenario Groups Reviewed: [number]\n- Validation Error Scenarios Removed: [number]\n- Authentication Issues Fixed: [number]\n- Dependency Issues Fixed: [number]\n- Execution Order Issues Fixed: [number]\n- Overall Assessment: [PASS/NEEDS_CORRECTION]\n\n## Critical Issues Fixed\n[List critical issues by scenario functionName]\n\n## Quality Improvements Applied\n[List improvements by category]\n```\n\n### 10.2. plan\nPrioritized action plan formatted as:\n\n```markdown\n# Action Plan for Test Scenario Improvements\n\n## Critical Fixes Applied\n1. [Authentication fix with specific scenario and change]\n2. [Missing dependency fix with details]\n\n## High Priority Corrections\n1. [Execution order fix with specifics]\n2. [Unnecessary auth removal with details]\n\n## Medium Priority Improvements\n1. [Duplicate removal with scenario identification]\n2. [Optimization applied]\n```\n\n### 10.3. pass\n- `true`: No changes needed, all scenarios correct\n- `false`: Corrections applied, check scenarioGroups for fixed versions\n\n### 10.4. scenarioGroups\nComplete corrected scenario groups with all fixes applied.\n\n## 11. Examples\n\n### 11.1. Example: Wrong User Context\n\n**Input:**\n```json\n{\n \"endpoint\": { \"method\": \"get\", \"path\": \"/resources/{id}\" },\n \"prerequisites\": [{ \n \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" },\n \"purpose\": \"Create resource\" \n }],\n \"scenarios\": [{\n \"functionName\": \"test_get_resource_success\",\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" } }\n ]\n }]\n}\n```\n\n**Available API Operations shows:**\n- GET /resources/{id}: authorizationRole: null\n- POST /resources: authorizationRole: \"user\"\n\n**Issue:** Missing authentication for POST /resources\n\n**Corrected:**\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/user/join\" }, \"purpose\": \"Authenticate as user\" },\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" }, \"purpose\": \"Create resource\" }\n ]\n}\n```\n\n### 11.2. Example: Validation Error Scenario\n\n**Input:**\n```json\n{\n \"functionName\": \"test_create_resource_with_invalid_input\",\n \"draft\": \"Test resource creation with missing required fields\"\n}\n```\n\n**Action:** Remove entire scenario from group\n\n### 11.3. Example: Wrong Execution Order\n\n**Input:**\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" } },\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/user/join\" } }\n ]\n}\n```\n\n**Issue:** Auth must come before resource creation\n\n**Corrected:**\n```json\n{\n \"dependencies\": [\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/auth/user/join\" } },\n { \"endpoint\": { \"method\": \"post\", \"path\": \"/resources\" } }\n ]\n}\n```\n\n## 12. Critical Reminders\n\n\uD83D\uDEA8 **MUST use function calling** - Never provide plain text responses\n\n\uD83D\uDCCB **Key principles:**\n1. Prerequisites from getPrerequisites() are authoritative\n2. Check EVERY operation's authorizationRole in Available API Operations\n3. Authentication MUST precede operations that need it\n4. Remove ALL validation test scenarios (framework-level tests)\n5. Use ONLY join OR ONLY login, never both\n6. Execution order: Auth \u2192 Independent \u2192 Dependent\n7. Trust provided prerequisites, don't recalculate\n8. Don't add unnecessary auth for public operations\n\nYour thorough review ensures test scenarios are correct and fully implementable." /* AutoBeSystemPromptConstant.TEST_SCENARIO_REVIEW */,
31
25
  },
32
26
  {
33
27
  id: (0, uuid_1.v7)(),
@@ -55,63 +49,19 @@ function transformTestScenarioReviewHistories(props) {
55
49
  Match each operation with its corresponding schema.
56
50
 
57
51
  \`\`\`json
58
- ${JSON.stringify({
59
- operations: document.operations,
60
- })}
52
+ ${JSON.stringify({ operations: document.operations })}
61
53
  \`\`\`
62
54
 
63
- ## Test Scenario Groups
55
+ ## Test Scenario Groups to Review
64
56
 
65
- Please review the following test scenario groups:
57
+ Each scenario group includes the target endpoint and its prerequisite endpoints.
66
58
 
67
59
  \`\`\`json
68
- ${JSON.stringify(props.groups.map((g) => {
69
- return Object.assign(Object.assign({}, g), { scenarios: g.scenarios.map((s) => {
70
- const requiredId = [];
71
- s.dependencies.forEach((dep) => {
72
- document.operations.forEach((op) => {
73
- if (g.endpoint.method === op.method &&
74
- g.endpoint.path === op.path) {
75
- requiredId.push(...(0, getReferenceIds_1.getReferenceIds)({ document, operation: op }));
76
- }
77
- if (op.method === dep.endpoint.method &&
78
- op.path === dep.endpoint.path) {
79
- requiredId.push(...(0, getReferenceIds_1.getReferenceIds)({ document, operation: op }));
80
- }
81
- });
82
- });
83
- return Object.assign(Object.assign({}, s), { requiredIds: requiredId.length > 0
84
- ? Array.from(new Set(requiredId))
85
- : [] });
86
- }) });
87
- }))}
60
+ ${JSON.stringify(props.groups.map((g) => (Object.assign(Object.assign({}, g), { prerequisites: (0, getPrerequisites_1.getPrerequisites)({
61
+ document,
62
+ endpoint: g.endpoint,
63
+ }) }))))}
88
64
  \`\`\`
89
-
90
- ## Candidate Dependencies
91
-
92
- List of candidate dependencies extracted from path parameters and request bodies.
93
-
94
- Apply dependency resolution to the target endpoint from "Included in Test Plan" and to dependencies found recursively from it.
95
- For each required ID, locate the operation that creates the resource. Include the creator only if that operation exists in the provided operations list. Do not assume or invent operations. If no creator exists, treat the ID as an external or pre-existing input.
96
-
97
- Dependency resolution steps:
98
- 1. Starting from the target endpoint, collect required IDs.
99
- 2. For each ID, search for a creator operation (typically POST).
100
- 3. If found, add it to the dependency chain in execution order and repeat for its own required IDs.
101
- 4. Stop when no further creators exist or are needed.
102
-
103
- For each some_entity_id pattern, use the same approach: include a creator only when it is present in the operations list.
104
-
105
- Endpoint | Required IDs (MUST be created by other APIs)
106
- ---------|---------------------------------------------------
107
- ${relationships
108
- .map((r) => [
109
- `\`${r.endpoint.method} ${r.endpoint.path}\``,
110
- r.ids.map((id) => `\`${id}\``).join(", "),
111
- ].join(" | "))
112
- .join("\n")}
113
-
114
- Example: If an endpoint requires \`articleId\` and \`POST /articles\` exists, include it in dependencies
115
65
  `,
116
66
  },
117
67
  ];
package/lib/orchestrate/test/histories/transformTestScenarioReviewHistories.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"transformTestScenarioReviewHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/test/histories/transformTestScenarioReviewHistories.ts"],"names":[],"mappings":";;AAUA,oFAoJC;AA5JD,yCAA2C;AAC3C,+BAA0B;AAK1B,8DAA2D;AAE3D,SAAgB,oCAAoC,CAAC,KAIpD;;IAQC,MAAM,QAAQ,GACZ,MAAA,KAAK,CAAC,KAAK,CAAC,SAAS,0CAAE,QAAQ,CAAC;IAClC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAoB,QAAQ,CAAC,UAAU;SACvD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACX,QAAQ,EAAE;YACR,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI;SACb;QACD,GAAG,EAAE,IAAA,iCAAe,EAAC;YACnB,QAAQ;YACR,SAAS,EAAE,CAAC;SACb,CAAC;KACH,CAAC,CAAC;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;IAErC,OAAO;QACL;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,eAAe;YACrB,IAAI,w9aAAiD;SACtD;QACD;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;;;;;;;;;;;UAcjB,KAAK,CAAC,WAAW;;;;;;;;UAQjB,IAAI,CAAC,SAAS,CAAC;gBACf,UAAU,EAAE,QAAQ,CAAC,UAAU;aAChC,CAAC;;;;;;;;UAQA,IAAI,CAAC,SAAS,CACd,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACrB,uCACK,CAAC,KACJ,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;wBAC/B,MAAM,UAAU,GAAa,EAAE,CAAC;wBAEhC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;4BAC7B,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;gCACjC,IACE,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;oCAC/B,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,EAAE,CAAC,IAAI,EAC3B,CAAC;oCACD,UAAU,CAAC,IAAI,CACb,GAAG,IAAA,iCAAe,EAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAChD,CAAC;gCACJ,CAAC;gCAED,IACE,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,QAAQ,CAAC,MAAM;oCACjC,EAAE,CAAC,IAAI,KAAK,GAAG,CAAC,QAAQ,CAAC,IAAI,EAC7B,CAAC;oCACD,UAAU,CAAC,IAAI,CACb,GAAG,IAAA,iCAAe,EAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAChD,CAAC;gCACJ,CAAC;4BACH,CAAC,CAAC,CAAC;wBACL,CAAC,CAAC,CAAC;wBAEH,uCACK,CAAC,KACJ,WAAW,EACT,UAAU,CAAC,MAAM,GAAG,CAAC;gCACnB,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;gCACjC,CAAC,CAAC,EAAE,IACR;oBACJ,CAAC,CAAC,IACF;YACJ,CAAC,CAAC,CACH;;;;;;;;;;;;;;;;;;;;UAoBC,aAAa;iBACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT;gBACE,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI;gBAC7C,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;aAC1C,CAAC,IAAI,CAAC,KAAK,CAAC,CACd;iBACA,IAAI,CAAC,IAAI,CAAC;;;OAGd;SACF;KACF,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"transformTestScenarioReviewHistories.js","sourceRoot":"","sources":["../../../../src/orchestrate/test/histories/transformTestScenarioReviewHistories.ts"],"names":[],"mappings":";;AAUA,oFA2EC;AAnFD,yCAA2C;AAC3C,+BAA0B;AAK1B,gEAA6D;AAE7D,SAAgB,oCAAoC,CAAC,KAIpD;;IAGC,MAAM,QAAQ,GACZ,MAAA,KAAK,CAAC,KAAK,CAAC,SAAS,0CAAE,QAAQ,CAAC;IAClC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,OAAO;QACL;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,eAAe;YACrB,IAAI,8x1BAA0C;SAC/C;QACD;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,eAAe;YACrB,IAAI,67dAAiD;SACtD;QACD;YACE,EAAE,EAAE,IAAA,SAAE,GAAE;YACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,kBAAU,CAAC,IAAI,CAAA;;;;;;;;;;;;;;UAcjB,KAAK,CAAC,WAAW;;;;;;;;UAQjB,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,EAAE,CAAC;;;;;;;;UAQnD,IAAI,CAAC,SAAS,CACd,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iCACnB,CAAC,KACJ,aAAa,EAAE,IAAA,mCAAgB,EAAC;oBAC9B,QAAQ;oBACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;iBACrB,CAAC,IACF,CAAC,CACJ;;OAEF;SACF;KACF,CAAC;AACJ,CAAC"}