@hone-ai/cli 1.4.0

package/lib/platform-detect.js

@@ -0,0 +1,86 @@
+'use strict';
+/**
+ * platform-detect.js — Fingerprint-based platform detection (H-028d).
+ *
+ * Pure helper with injected I/O (same shape as cli/lib/compliance-check.js
+ * and cli/lib/auto-detect.js). The caller passes a `fileExists` callback;
+ * helper returns the array of detected platforms based on root-level
+ * fingerprint files.
+ *
+ * Generalizes H-028c's hardcoded SF/NS CONFIG support: any platform with
+ * a recognizable root-level fingerprint can be detected and used to
+ * activate per-platform CONFIG patterns.
+ *
+ * The fingerprint table is intentionally NOT exhaustive — it covers the
+ * 4 platforms with the cleanest fingerprint signal:
+ *   - Salesforce (sfdx-project.json)
+ *   - NetSuite (suitecloud.config.js / project.json)
+ *   - dbt (dbt_project.yml)
+ *   - Terraform (main.tf / versions.tf / terraform.tfstate)
+ * Adding more platforms is purely additive — append to PLATFORM_FINGERPRINTS.
+ *
+ * Issue: https://github.com/subbareddyvani/hone-server/issues/51 (follow-up to H-028c).
+ */
+
+const PLATFORM_FINGERPRINTS = Object.freeze({
+  salesforce: {
+    files: ['sfdx-project.json'],
+    description: 'Salesforce SFDX project',
+  },
+  netsuite: {
+    // SDF projects use suitecloud.config.js; SuiteApp packages use project.json.
+    // Either signals a NetSuite project.
+    files: ['suitecloud.config.js', 'project.json'],
+    description: 'NetSuite SDF / SuiteApp project',
+  },
+  dbt: {
+    files: ['dbt_project.yml'],
+    description: 'dbt analytics-engineering project',
+  },
+  terraform: {
+    // Terraform has no single canonical root file. main.tf is the most
+    // common convention; versions.tf appears in projects pinning provider
+    // versions; terraform.tfstate is the post-apply state file.
+    files: ['main.tf', 'versions.tf', 'terraform.tfstate'],
+    description: 'Terraform infrastructure-as-code project',
+  },
+});
+
+/**
+ * Detect installed platforms by checking fingerprint files at repoRoot.
+ *
+ * Each PLATFORM_FINGERPRINTS entry uses any-of semantics: if ANY of its
+ * fingerprint files exists at the repo root, the platform is detected.
+ * Multiple platforms can be detected simultaneously (e.g., a repo with
+ * BOTH `sfdx-project.json` AND `dbt_project.yml`).
+ *
+ * @param {object} [opts]
+ * @param {string} [opts.repoRoot] - absolute path to repo root.
+ *   Currently unused by the helper itself (the `fileExists` callback
+ *   carries the path context), but reserved for future enhancements
+ *   like depth-limited file walks.
+ * @param {(relativePath: string) => boolean} [opts.fileExists] -
+ *   injected filesystem check. Caller wraps `fs.existsSync` or a test
+ *   stub. Receives a path RELATIVE to repoRoot.
+ * @returns {string[]} - platform keys from PLATFORM_FINGERPRINTS in
+ *   table iteration order (deterministic for tests).
+ */
+function detectPlatforms(opts = {}) {
+  const { repoRoot, fileExists } = opts;
+  if (!repoRoot || typeof fileExists !== 'function') return [];
+
+  const out = [];
+  for (const [platform, { files }] of Object.entries(PLATFORM_FINGERPRINTS)) {
+    if (files.some((f) => {
+      try { return fileExists(f) === true; } catch { return false; }
+    })) {
+      out.push(platform);
+    }
+  }
+  return out;
+}
+
+module.exports = {
+  PLATFORM_FINGERPRINTS,
+  detectPlatforms,
+};

package/lib/platform-discover.js

@@ -0,0 +1,334 @@
+'use strict';
+/**
+ * platform-discover.js — Filesystem-based metadata type discovery (HC-010).
+ *
+ * Pure helper with injected I/O (same pattern as platform-detect.js).
+ * Scans repo filesystem to discover which platform metadata types
+ * actually exist, with file counts. Skips empty directories.
+ *
+ * Reads the platform's project descriptor (sfdx-project.json for
+ * Salesforce, suitecloud.config.js for NetSuite) to find source roots
+ * instead of hardcoding paths.
+ *
+ * Output feeds:
+ *   - .pipeline-config.yml platform.metadata_types (for derive prompt)
+ *   - .pipeline-config.yml platform.config_paths (for stack-paths.js classifier)
+ *
+ * Architecture: docs/architecture/platform-auto-discovery-v1.md (Tier 1)
+ */
+
+// ── Salesforce Type Classification ─────────────────────────────
+// Maps directory names under <packageDir>/main/default/ to categories.
+// Source: Salesforce Metadata API + SFDX source format.
+const SALESFORCE_TYPE_MAP = Object.freeze({
+  // CODE — testable via Apex tests + Jest
+  classes:    'code',
+  triggers:   'code',
+  lwc:        'code',
+  aura:       'code',
+  pages:      'code',    // Visualforce pages
+  components: 'code',    // Visualforce components
+
+  // CONFIG — deployable via SFDX, testable via sandbox deploy
+  objects:              'config',
+  flows:                'config',
+  flowDefinitions:      'config',
+  profiles:             'config',
+  permissionsets:       'config',
+  permissionsetgroups:  'config',
+  layouts:              'config',
+  flexipages:           'config',
+  compactLayouts:       'config',
+  customMetadata:       'config',
+  customSettings:       'config',
+  globalValueSets:      'config',
+  standardValueSets:    'config',
+  applications:         'config',
+  tabs:                 'config',
+  workflows:            'config',
+  approvalProcesses:    'config',
+  sharingRules:         'config',
+  assignmentRules:      'config',
+  autoResponseRules:    'config',
+  escalationRules:      'config',
+  matchingRules:        'config',
+  duplicateRules:       'config',
+  labels:               'config',
+  translations:         'config',
+  objectTranslations:   'config',
+  connectedApps:        'config',
+  namedCredentials:     'config',
+  externalCredentials:  'config',
+  remoteSiteSettings:   'config',
+  cspTrustedSites:      'config',
+  corsWhitelistOrigins: 'config',
+  externalDataSources:  'config',
+  staticresources:      'config',
+  contentassets:        'config',
+  email:                'config',
+  reports:              'config',
+  reportTypes:          'config',
+  dashboards:           'config',
+  settings:             'config',
+  quickActions:         'config',
+  homePageComponents:   'config',
+  homePageLayouts:      'config',
+  pathAssistants:       'config',
+  roles:                'config',
+  groups:               'config',
+  queues:               'config',
+  customPermissions:    'config',
+  notificationTypes:    'config',
+  platformEventChannels:       'config',
+  platformEventChannelMembers: 'config',
+  messageChannels:      'config',
+  digitalExperiences:   'config',
+  experiences:          'config',
+  sites:                'config',
+  bots:                 'config',
+  certs:                'config',
+  territory2Models:     'config',
+  territory2Types:      'config',
+  territory2Rules:      'config',
+
+  // TEST
+  testSuites: 'test',
+});
+
+// ── NetSuite Type Classification ───────────────────────────────
+// Maps SuiteScript directory names + Object filename prefixes to categories.
+const NETSUITE_SCRIPT_TYPES = Object.freeze({
+  RESTlets:           'code',
+  Suitelets:          'code',
+  UserEventScripts:   'code',
+  'User Event Scripts': 'code',
+  MapReduce:          'code',
+  'Map Reduce':       'code',
+  ScheduledScripts:   'code',
+  'Scheduled Scripts': 'code',
+  WorkflowActions:    'code',
+  'Workflow Actions':  'code',
+  WorkflowActionScripts: 'code',
+  ClientScripts:      'code',
+  'Client Scripts':   'code',
+  MassUpdate:         'code',
+  'Mass Update':      'code',
+  BundleInstallation: 'code',
+});
+
+const NETSUITE_OBJECT_PREFIXES = Object.freeze({
+  customrecord:       'config',
+  customlist:         'config',
+  customsearch:       'config',
+  customworkflow:     'config',
+  customrole:         'config',
+  custentryform:      'config',
+  custtransactionform: 'config',
+  customsegment:      'config',
+  custcollection:     'config',
+});
+
+// ── Empty Result ───────────────────────────────────────────────
+function emptyResult() {
+  return {
+    metadata_types: { code: [], config: [], test: [] },
+    config_paths: [],
+    source_roots: [],
+    warnings: [],
+  };
+}
+
+// ── Salesforce Discovery ───────────────────────────────────────
+function discoverSalesforce(readFile, listDir) {
+  const result = emptyResult();
+
+  // 1. Read sfdx-project.json for packageDirectories
+  const raw = readFile('sfdx-project.json');
+  if (!raw) {
+    result.warnings.push('sfdx-project.json not found or unreadable');
+    return result;
+  }
+
+  let config;
+  try { config = JSON.parse(raw); }
+  catch (e) {
+    result.warnings.push(`sfdx-project.json parse error: ${e.message}`);
+    return result;
+  }
+
+  const packageDirs = (config.packageDirectories || [])
+    .map(d => typeof d === 'string' ? d : d.path)
+    .filter(Boolean);
+
+  if (packageDirs.length === 0) {
+    result.warnings.push('sfdx-project.json has no packageDirectories');
+    return result;
+  }
+
+  result.source_roots = [...packageDirs];
+
+  // 2. Scan each packageDir/main/default/ for metadata type dirs
+  const typeCounts = {}; // { type: { category, paths: Set, count } }
+
+  for (const pkgDir of packageDirs) {
+    const defaultDir = `${pkgDir}/main/default`;
+    const entries = listDir(defaultDir);
+
+    for (const entry of entries) {
+      const category = SALESFORCE_TYPE_MAP[entry];
+      if (!category) continue; // unknown dir, skip
+
+      const entryPath = `${defaultDir}/${entry}`;
+      const files = listDir(entryPath);
+      const fileCount = files.length;
+
+      if (fileCount === 0) {
+        result.warnings.push(`${entryPath}/ empty — skipped (false signal)`);
+        continue;
+      }
+
+      if (!typeCounts[entry]) {
+        typeCounts[entry] = { category, paths: new Set(), count: 0 };
+      }
+      typeCounts[entry].paths.add(entryPath);
+      typeCounts[entry].count += fileCount;
+    }
+  }
+
+  // 3. Build metadata_types and config_paths
+  for (const [type, data] of Object.entries(typeCounts)) {
+    const entry = {
+      type,
+      path: [...data.paths].join(', '),
+      count: data.count,
+    };
+
+    result.metadata_types[data.category].push(entry);
+
+    if (data.category === 'config') {
+      for (const p of data.paths) {
+        result.config_paths.push(`^${p}/`);
+      }
+    }
+  }
+
+  // Sort each category by count descending (most files first)
+  for (const cat of ['code', 'config', 'test']) {
+    result.metadata_types[cat].sort((a, b) => b.count - a.count);
+  }
+
+  return result;
+}
+
+// ── NetSuite Discovery ─────────────────────────────────────────
+function discoverNetSuite(readFile, listDir) {
+  const result = emptyResult();
+
+  // 1. Read suitecloud.config.js for defaultProjectFolder
+  let projectFolder = 'src'; // default
+  const configRaw = readFile('suitecloud.config.js');
+  if (configRaw) {
+    const match = configRaw.match(/defaultProjectFolder\s*:\s*['"]([^'"]+)['"]/);
+    if (match) projectFolder = match[1];
+  }
+
+  result.source_roots = [projectFolder];
+
+  // 2. Scan Objects/ for custom object XML files
+  const objectsDir = `${projectFolder}/Objects`;
+  const objectFiles = listDir(objectsDir);
+
+  if (objectFiles.length > 0) {
+    // Group by prefix
+    const prefixCounts = {};
+    for (const file of objectFiles) {
+      const prefix = Object.keys(NETSUITE_OBJECT_PREFIXES).find(p => file.startsWith(p));
+      if (prefix) {
+        prefixCounts[prefix] = (prefixCounts[prefix] || 0) + 1;
+      }
+    }
+
+    for (const [prefix, count] of Object.entries(prefixCounts)) {
+      result.metadata_types.config.push({
+        type: prefix,
+        path: `${objectsDir}/`,
+        count,
+      });
+    }
+
+    // config_paths for Objects/
+    result.config_paths.push(`^${objectsDir}/`);
+  }
+
+  // 3. Scan FileCabinet/SuiteScripts/ for script type dirs
+  const scriptsDir = `${projectFolder}/FileCabinet/SuiteScripts`;
+  const scriptDirs = listDir(scriptsDir);
+
+  for (const dir of scriptDirs) {
+    const category = NETSUITE_SCRIPT_TYPES[dir];
+    if (!category) continue;
+
+    const dirPath = `${scriptsDir}/${dir}`;
+    const files = listDir(dirPath);
+    if (files.length === 0) {
+      result.warnings.push(`${dirPath}/ empty — skipped`);
+      continue;
+    }
+
+    result.metadata_types.code.push({
+      type: dir.replace(/\s+/g, ''),  // normalize "User Event Scripts" → "UserEventScripts"
+      path: dirPath,
+      count: files.length,
+    });
+  }
+
+  // 4. Scan Templates/
+  const templatesDir = `${projectFolder}/Templates`;
+  const templateFiles = listDir(templatesDir);
+  if (templateFiles.length > 0) {
+    result.metadata_types.config.push({
+      type: 'Templates',
+      path: templatesDir,
+      count: templateFiles.length,
+    });
+  }
+
+  // Sort
+  for (const cat of ['code', 'config', 'test']) {
+    result.metadata_types[cat].sort((a, b) => b.count - a.count);
+  }
+
+  return result;
+}
+
+// ── Main Entry Point ───────────────────────────────────────────
+/**
+ * Discover platform metadata types by scanning the filesystem.
+ *
+ * @param {object} opts
+ * @param {string} opts.platform - 'salesforce' | 'netsuite'
+ * @param {string} opts.repoRoot - absolute path (reserved for future use)
+ * @param {(relativePath: string) => string|null} opts.readFile - read file content
+ * @param {(relativePath: string) => string[]} opts.listDir - list directory entries
+ * @returns {{ metadata_types, config_paths, source_roots, warnings }}
+ */
+function discoverPlatformMetadata(opts = {}) {
+  const { platform, readFile, listDir } = opts;
+
+  if (typeof readFile !== 'function' || typeof listDir !== 'function') {
+    return emptyResult();
+  }
+
+  switch (platform) {
+    case 'salesforce': return discoverSalesforce(readFile, listDir);
+    case 'netsuite':   return discoverNetSuite(readFile, listDir);
+    default:           return emptyResult();
+  }
+}
+
+module.exports = {
+  discoverPlatformMetadata,
+  SALESFORCE_TYPE_MAP,
+  NETSUITE_SCRIPT_TYPES,
+  NETSUITE_OBJECT_PREFIXES,
+};

package/lib/publish-learning.js

@@ -0,0 +1,160 @@
+'use strict';
+/**
+ * publish-learning.js — SC-005 (Phase 5 of SC family).
+ *
+ * Pure helper that publishes a framework-canonical learning from
+ * `.github/learnings/<ID>.yml` to `server/seeds/learnings/<ID>.yml`,
+ * then flips the source's status from `pending` → `promoted` and
+ * stamps a `promoted_at` ISO timestamp.
+ *
+ * Eligibility:
+ *   - source must have `share_enterprise: true`
+ *   - source must have `enterprise_candidate: true`
+ *   - source must NOT already be `status: promoted` unless `force: true`
+ *
+ * Failure modes (all return structured result; never throw):
+ *   - source file missing            → { status: 'not-found' }
+ *   - malformed YAML                 → { status: 'error', error }
+ *   - missing required fields        → { status: 'not-eligible', error }
+ *   - share_enterprise / candidate not true → { status: 'not-eligible', error }
+ *   - already promoted, no --force   → { status: 'already-promoted' }
+ *
+ * Pure-helper-with-injected-IO style (Category B per cli/lib/README.md):
+ *   - All filesystem and clock reads via Node's fs + new Date() — defaults
+ *     are real I/O, but injected callbacks would be possible (kept simple
+ *     here since the helper is small and tests use tmpdirs).
+ *
+ * Issue: SC-005 — first publish path for framework learnings to reach
+ * adopter installs. Captured during SC-004 wrap-up audit.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+const crypto = require('node:crypto');
+
+/**
+ * Publish a framework-canonical learning to the seeds path.
+ *
+ * @param {object}  args
+ * @param {string}  args.repoRoot      framework repo root (where .github/learnings lives)
+ * @param {string}  args.learningId    e.g. 'SC-001'
+ * @param {boolean} [args.force]       re-publish even if already promoted
+ * @param {Function}[args.now]         clock injection (returns Date); default: () => new Date()
+ * @returns {{ status: 'published' | 'already-promoted' | 'not-eligible' | 'not-found' | 'error',
+ *            copiedTo?: string, error?: string }}
+ */
+function publishLearning(args) {
+  const { repoRoot, learningId, force = false } = args || {};
+  const now = args && args.now ? args.now : () => new Date();
+
+  if (!repoRoot || typeof repoRoot !== 'string') {
+    return { status: 'error', error: 'repoRoot is required' };
+  }
+  if (!learningId || typeof learningId !== 'string') {
+    return { status: 'error', error: 'learningId is required' };
+  }
+
+  const sourcePath = path.join(repoRoot, '.github/learnings', `${learningId}.yml`);
+  const seedDir = path.join(repoRoot, 'server/seeds/learnings');
+  const seedPath = path.join(seedDir, `${learningId}.yml`);
+
+  if (!fs.existsSync(sourcePath)) {
+    return { status: 'not-found', error: `learning not found at ${sourcePath}` };
+  }
+
+  let raw;
+  try { raw = fs.readFileSync(sourcePath, 'utf8'); }
+  catch (e) { return { status: 'error', error: `cannot read source: ${e.message}` }; }
+
+  let parsed;
+  try {
+    const yaml = require('js-yaml');
+    parsed = yaml.load(raw);
+  } catch (e) {
+    return { status: 'error', error: `malformed YAML: ${e.message}` };
+  }
+
+  if (!parsed || typeof parsed !== 'object') {
+    return { status: 'error', error: 'YAML did not parse to an object' };
+  }
+
+  // Eligibility checks
+  if (parsed.share_enterprise !== true) {
+    return { status: 'not-eligible', error: 'share_enterprise must be true' };
+  }
+  // enterprise_candidate may be at top level OR in any learnings[] entry
+  // (real schema puts it per-learning; test fixtures use top-level for brevity)
+  const topLevelCandidate = parsed.enterprise_candidate === true;
+  const nestedCandidate = Array.isArray(parsed.learnings)
+    && parsed.learnings.some(l => l && l.enterprise_candidate === true);
+  if (!topLevelCandidate && !nestedCandidate) {
+    return { status: 'not-eligible', error: 'enterprise_candidate must be true (top-level or in any learnings[] entry)' };
+  }
+
+  if (parsed.status === 'promoted' && !force) {
+    return { status: 'already-promoted', copiedTo: seedPath };
+  }
+
+  // Update source: status + promoted_at
+  const stamp = now().toISOString();
+  let updated = raw;
+  if (/^status:\s*\S+/m.test(updated)) {
+    updated = updated.replace(/^status:\s*\S+/m, 'status: promoted');
+  } else {
+    // No status line; add at top after first non-comment line
+    updated = updated.replace(/^(story_id:[^\n]*\n)/, `$1status: promoted\n`);
+  }
+  // Quote the timestamp so YAML parsers don't auto-convert it to a Date.
+  // Other date-ish fields (captured_at) follow the same convention.
+  const quotedStamp = `"${stamp}"`;
+  if (/^promoted_at:\s*\S+/m.test(updated)) {
+    updated = updated.replace(/^promoted_at:\s*\S+.*$/m, `promoted_at: ${quotedStamp}`);
+  } else {
+    // Insert after status line
+    updated = updated.replace(/^(status:\s*promoted)$/m, `$1\npromoted_at: ${quotedStamp}`);
+  }
+
+  // HC-005-E: Reverse write order to fix partial-write hazard.
+  // Original ordering wrote source first, then seed — which left a
+  // promoted-source-without-seed inconsistent state when seed write failed.
+  // New ordering: seed first (atomic via tmp+rename); source last.
+  // If seed write fails: source untouched; adopter can re-run after fix.
+  // If source write fails after seed succeeds: rare; report `partial`.
+
+  // Ensure seed directory exists
+  if (!fs.existsSync(seedDir)) {
+    try { fs.mkdirSync(seedDir, { recursive: true }); }
+    catch (e) { return { status: 'error', error: `cannot create seed dir: ${e.message}` }; }
+  }
+
+  // Atomic seed write: tmp + rename (defense in depth against partial writes)
+  const tmpSuffix = crypto.randomBytes(2).toString('hex');
+  const tmpSeedPath = `${seedPath}.tmp.${tmpSuffix}`;
+  try {
+    fs.writeFileSync(tmpSeedPath, updated, 'utf8');
+    fs.renameSync(tmpSeedPath, seedPath);
+  } catch (e) {
+    // Clean up tmp file if it exists
+    try { if (fs.existsSync(tmpSeedPath)) fs.unlinkSync(tmpSeedPath); } catch {}
+    return { status: 'error', error: `cannot write seed: ${e.message}` };
+  }
+
+  // Source-write LAST. If this fails after seed-write succeeded, report
+  // partial state so adopter can investigate.
+  try {
+    fs.writeFileSync(sourcePath, updated, 'utf8');
+  } catch (e) {
+    return {
+      status: 'partial',
+      copiedTo: seedPath,
+      sourcePath,
+      error: `PARTIAL — seed written to ${seedPath} BUT source at ${sourcePath} could not be updated: ${e.message}. ` +
+             `Recovery: fix source-file permissions, then re-run \`hone publish-learning --force ${learningId}\`. ` +
+             `The seed file is already correct and will be overwritten idempotently.`,
+    };
+  }
+
+  return { status: 'published', copiedTo: seedPath };
+}
+
+module.exports = { publishLearning };

package/lib/python-install.js

@@ -0,0 +1,84 @@
+'use strict';
+/**
+ * python-install.js — H-002b Python install path helpers.
+ *
+ * Pure helpers — no I/O. Caller (hone-cli.js installTestFramework
+ * dispatch) does the actual exec/write; we provide the policy
+ * (commands, detection, config block).
+ *
+ * Closes #54 deliverables 1+3 (the python config + detection +
+ * command + pyproject section). Deliverables 2 (installTestFramework
+ * branch) and 4 (CLAUDE.md substitution wiring) live in cli/hone-cli.js.
+ *
+ * 12th instance of pure-helpers + thin-CLI-shell pattern.
+ */
+
+const path = require('path');
+
+// ─────────────────────────────────────────────────────────────────────
+// PYTHON_INSTALL_CONFIG — getInstallPackages('python') returns this
+// ─────────────────────────────────────────────────────────────────────
+const PYTHON_INSTALL_CONFIG = {
+  unit: ['pytest', 'pytest-cov'],
+  e2e: ['pytest-playwright'],
+  testCmd: 'pytest',
+  testWatchCmd: 'pytest-watch',
+  e2eCmd: 'pytest tests/e2e',
+  configFile: 'pyproject.toml',
+  pkgManagerKind: 'python',  // signals installTestFramework to branch
+};
+
+// ─────────────────────────────────────────────────────────────────────
+// detectPythonPackageManager — pure detection from filesystem signals
+// ─────────────────────────────────────────────────────────────────────
+//   Priority order (per issue spec §E1 + §5 detection rules):
+//     1. Pipfile             → pipenv  (most specific)
+//     2. pyproject.toml + poetry.lock → poetry
+//     3. anything else       → pip     (default, includes requirements.txt)
+function detectPythonPackageManager(repoRoot, fileExists) {
+  if (typeof fileExists !== 'function') return 'pip';
+  if (fileExists(path.join(repoRoot, 'Pipfile'))) return 'pipenv';
+  if (fileExists(path.join(repoRoot, 'pyproject.toml'))
+      && fileExists(path.join(repoRoot, 'poetry.lock'))) {
+    return 'poetry';
+  }
+  return 'pip';
+}
+
+// ─────────────────────────────────────────────────────────────────────
+// getPythonInstallCommand — exact command string per pkg manager
+// ─────────────────────────────────────────────────────────────────────
+function getPythonInstallCommand(pkgMgr) {
+  switch (pkgMgr) {
+    case 'pipenv': return 'pipenv install --dev pytest pytest-cov';
+    case 'poetry': return 'poetry add --group dev pytest pytest-cov';
+    case 'pip':
+    default:       return 'pip install --user pytest pytest-cov';
+  }
+}
+
+// ─────────────────────────────────────────────────────────────────────
+// buildPyprojectTomlSection — TOML block for [tool.pytest.ini_options]
+// ─────────────────────────────────────────────────────────────────────
+//   Returns a string ready to append to pyproject.toml. Includes the
+//   minimal config that makes `pytest` discover tests under tests/
+//   without further configuration.
+function buildPyprojectTomlSection() {
+  return [
+    '[tool.pytest.ini_options]',
+    'minversion = "7.0"',
+    'testpaths = ["tests"]',
+    'python_files = ["test_*.py", "*_test.py"]',
+    'python_classes = ["Test*"]',
+    'python_functions = ["test_*"]',
+    'addopts = "--strict-markers"',
+    '',
+  ].join('\n');
+}
+
+module.exports = {
+  PYTHON_INSTALL_CONFIG,
+  detectPythonPackageManager,
+  getPythonInstallCommand,
+  buildPyprojectTomlSection,
+};