@ivorycanvas/qamap 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (98) hide show
  1. package/CHANGELOG.md +93 -0
  2. package/LICENSE +21 -0
  3. package/README.md +636 -0
  4. package/dist/cli.d.ts +2 -0
  5. package/dist/cli.js +879 -0
  6. package/dist/cli.js.map +1 -0
  7. package/dist/config.d.ts +5 -0
  8. package/dist/config.js +114 -0
  9. package/dist/config.js.map +1 -0
  10. package/dist/context.d.ts +1 -0
  11. package/dist/context.js +126 -0
  12. package/dist/context.js.map +1 -0
  13. package/dist/doctor.d.ts +32 -0
  14. package/dist/doctor.js +200 -0
  15. package/dist/doctor.js.map +1 -0
  16. package/dist/domain-language.d.ts +25 -0
  17. package/dist/domain-language.js +655 -0
  18. package/dist/domain-language.js.map +1 -0
  19. package/dist/domains.d.ts +33 -0
  20. package/dist/domains.js +258 -0
  21. package/dist/domains.js.map +1 -0
  22. package/dist/e2e.d.ts +326 -0
  23. package/dist/e2e.js +6869 -0
  24. package/dist/e2e.js.map +1 -0
  25. package/dist/eval.d.ts +40 -0
  26. package/dist/eval.js +374 -0
  27. package/dist/eval.js.map +1 -0
  28. package/dist/flows.d.ts +32 -0
  29. package/dist/flows.js +246 -0
  30. package/dist/flows.js.map +1 -0
  31. package/dist/fs.d.ts +7 -0
  32. package/dist/fs.js +132 -0
  33. package/dist/fs.js.map +1 -0
  34. package/dist/github.d.ts +34 -0
  35. package/dist/github.js +183 -0
  36. package/dist/github.js.map +1 -0
  37. package/dist/history.d.ts +173 -0
  38. package/dist/history.js +247 -0
  39. package/dist/history.js.map +1 -0
  40. package/dist/index.d.ts +35 -0
  41. package/dist/index.js +20 -0
  42. package/dist/index.js.map +1 -0
  43. package/dist/manifest-suggestions.d.ts +67 -0
  44. package/dist/manifest-suggestions.js +673 -0
  45. package/dist/manifest-suggestions.js.map +1 -0
  46. package/dist/manifest.d.ts +212 -0
  47. package/dist/manifest.js +1607 -0
  48. package/dist/manifest.js.map +1 -0
  49. package/dist/qa.d.ts +53 -0
  50. package/dist/qa.js +361 -0
  51. package/dist/qa.js.map +1 -0
  52. package/dist/report.d.ts +5 -0
  53. package/dist/report.js +164 -0
  54. package/dist/report.js.map +1 -0
  55. package/dist/review.d.ts +31 -0
  56. package/dist/review.js +383 -0
  57. package/dist/review.js.map +1 -0
  58. package/dist/scanner.d.ts +3 -0
  59. package/dist/scanner.js +797 -0
  60. package/dist/scanner.js.map +1 -0
  61. package/dist/severity.d.ts +3 -0
  62. package/dist/severity.js +9 -0
  63. package/dist/severity.js.map +1 -0
  64. package/dist/test-evidence.d.ts +39 -0
  65. package/dist/test-evidence.js +303 -0
  66. package/dist/test-evidence.js.map +1 -0
  67. package/dist/test-plan.d.ts +35 -0
  68. package/dist/test-plan.js +573 -0
  69. package/dist/test-plan.js.map +1 -0
  70. package/dist/types.d.ts +60 -0
  71. package/dist/types.js +2 -0
  72. package/dist/types.js.map +1 -0
  73. package/dist/verify.d.ts +27 -0
  74. package/dist/verify.js +244 -0
  75. package/dist/verify.js.map +1 -0
  76. package/dist/version.d.ts +2 -0
  77. package/dist/version.js +3 -0
  78. package/dist/version.js.map +1 -0
  79. package/docs/adoption.md +166 -0
  80. package/docs/agent-skill.md +94 -0
  81. package/docs/api-contracts.md +30 -0
  82. package/docs/assets/qamap-30s-demo.gif +0 -0
  83. package/docs/configuration.md +277 -0
  84. package/docs/e2e-output-examples.md +464 -0
  85. package/docs/ecosystem.md +41 -0
  86. package/docs/eval.md +52 -0
  87. package/docs/github-action.md +89 -0
  88. package/docs/manifest.md +350 -0
  89. package/docs/quickstart-demo.md +268 -0
  90. package/docs/release-validation.md +247 -0
  91. package/docs/releasing.md +112 -0
  92. package/docs/roadmap.md +67 -0
  93. package/docs/rules.md +28 -0
  94. package/docs/verify.md +44 -0
  95. package/package.json +80 -0
  96. package/schema/qamap-manifest.schema.json +323 -0
  97. package/schema/qamap.schema.json +58 -0
  98. package/skills/qamap-pr-qa/SKILL.md +81 -0
@@ -0,0 +1,277 @@
1
+ # QAMap Configuration
2
+
3
+ QAMap reads `qamap.config.json` or `.qamap.json` from the scanned repository root.
4
+
5
+ Create a starter config:
6
+
7
+ ```sh
8
+ qamap init .
9
+ ```
10
+
11
+ Use an explicit config path:
12
+
13
+ ```sh
14
+ qamap scan . --config ./qamap.config.json
15
+ ```
16
+
17
+ ## Example
18
+
19
+ ```json
20
+ {
21
+ "$schema": "https://raw.githubusercontent.com/IvoryCanvas/qamap/main/schema/qamap.schema.json",
22
+ "failOn": "high",
23
+ "ignoreRules": ["QM011"],
24
+ "maxFiles": 2000,
25
+ "validationCommands": ["make test", "make lint"],
26
+ "severity": {
27
+ "QM007": "info"
28
+ }
29
+ }
30
+ ```
31
+
32
+ ## Fields
33
+
34
+ | Field | Type | Description |
35
+ | --- | --- | --- |
36
+ | `failOn` | `info` `low` `medium` `high` | Exits with code `1` when findings at this severity or higher are present. CLI `--fail-on` takes precedence. |
37
+ | `ignoreRules` | `string[]` | Suppresses rule ids for this repository. |
38
+ | `maxFiles` | `number` | Maximum number of files QAMap inspects. CLI `--max-files` takes precedence. |
39
+ | `severity` | `Record<string, Severity>` | Overrides severity for specific rule ids. |
40
+ | `validationCommands` | `string[]` | Adds project-specific validation commands to `test-plan`, `eval`, `verify`, and GitHub Action reports. |
41
+
42
+ ## Notes
43
+
44
+ - Prefer severity overrides over ignores when a finding is still useful but too noisy for CI.
45
+ - Keep ignores small and documented in pull requests.
46
+ - Use `validationCommands` for custom stacks, Makefile-based projects, or monorepos where the right validation command is not discoverable from standard project files.
47
+ - QAMap does not execute scanned project code while reading config.
48
+
49
+ ## Local History
50
+
51
+ QAMap separates shared project policy from generated local history.
52
+
53
+ Commit-friendly files:
54
+
55
+ - `qamap.config.json`
56
+ - `.qamap/manifest.yaml` when a project wants one repo-level verification baseline
57
+ - `.qamap/flows.yml` when a project chooses to define durable core flows
58
+ - `.qamap/domains.yml` when a project chooses to define durable domain mappings
59
+
60
+ Ignored local artifacts:
61
+
62
+ - `.qamap/runs/`
63
+ - `.qamap/cache/`
64
+ - `.qamap/tmp/`
65
+ - `.qamap/*.local.json`
66
+
67
+ Run this once to create the local directories and add those ignore patterns idempotently:
68
+
69
+ ```sh
70
+ qamap history init .
71
+ ```
72
+
73
+ Use `--record-history` when an analysis should leave a compact local snapshot for comparison or debugging:
74
+
75
+ ```sh
76
+ qamap e2e plan . --base origin/main --head HEAD --record-history
77
+ ```
78
+
79
+ ## Verification Manifest
80
+
81
+ Create a baseline repo-level verification manifest from the checkout you want to treat as the shared team baseline. For most projects, that means the latest default branch:
82
+
83
+ > **Important:** run the first shared `manifest init` from the default branch. QAMap reads the current checkout and does not silently switch branches, so a feature-branch run creates a feature-branch snapshot rather than the team's default QA map.
84
+
85
+ ```sh
86
+ git switch main
87
+ git pull
88
+ qamap manifest context .
89
+ qamap manifest init .
90
+ qamap manifest init services/offer --workspace-root .
91
+ qamap manifest validate .
92
+ qamap manifest explain . --base origin/main --head HEAD
93
+ ```
94
+
95
+ `.qamap/manifest.yaml` is meant to start the feedback loop. QAMap infers a baseline from routes, pages, components, API calls, package signals, and testable UI surfaces in the current checkout. It does not automatically switch to the default branch. A maintainer can then correct the manifest when recommendations are wrong, and future `verify`, `e2e plan`, and `e2e draft` output will use the corrected context. See [Verification Manifest](manifest.md) for the full schema, field guide, and adoption workflow.
96
+
97
+ Use the manifest commands in this order when adopting a repository:
98
+
99
+ 1. `qamap manifest context .` previews repo-local docs, role classifications, validation commands, safety rules, and context diagnostics without writing files.
100
+ 2. `qamap manifest init .` creates a baseline that is useful but intentionally reviewable.
101
+ 3. `qamap manifest validate .` checks whether the baseline is parseable, anchored to real files, and specific enough to shape PR evidence.
102
+ 4. `qamap manifest explain . --base origin/main --head HEAD` shows which domains, flows, and checks match the current branch, plus the exact manifest path to edit when a recommendation is wrong.
103
+ 5. `qamap e2e draft . --base origin/main --head HEAD --dry-run` uses matched manifest flows as higher-confidence draft sources before falling back to domain-language or heuristic candidates.
104
+
105
+ ```yaml
106
+ $schema: https://raw.githubusercontent.com/IvoryCanvas/qamap/main/schema/qamap-manifest.schema.json
107
+ version: 1
108
+
109
+ domains:
110
+ - id: campaign
111
+ name: Campaign
112
+ paths:
113
+ - src/pages/campaign/**
114
+ criticality: medium
115
+ source:
116
+ kind: inferred
117
+ confidence: medium
118
+ from:
119
+ - pages
120
+
121
+ flows:
122
+ - id: campaign-application-complete
123
+ domain: campaign
124
+ name: Campaign Application Complete
125
+ entry:
126
+ route: /campaign/official/applicationComplete
127
+ source: inferred
128
+ runner: playwright
129
+ anchors:
130
+ - kind: route
131
+ path: src/pages/campaign/official/applicationComplete.tsx
132
+ route: /campaign/official/applicationComplete
133
+ source: inferred
134
+ confidence: high
135
+ checks:
136
+ - id: happy-path
137
+ title: Campaign Application Complete happy path works
138
+ type: success
139
+ - id: api-failure-fixture
140
+ title: Campaign Application Complete handles failed, empty, or unauthorized responses
141
+ type: failure
142
+ source:
143
+ kind: inferred
144
+ confidence: medium
145
+ from:
146
+ - route-file
147
+ ```
148
+
149
+ Supported manifest concepts:
150
+
151
+ | Field | Description |
152
+ | --- | --- |
153
+ | `domains[].paths` | Glob-like path patterns that map changed files to product areas. |
154
+ | `domains[].criticality` | `low`, `medium`, or `high` signal for reviewer attention. |
155
+ | `flows[].entry.route` | User-facing route used as an E2E entry hint. |
156
+ | `flows[].anchors` | Route, component, file, API, or test anchors that connect changed code to a flow. |
157
+ | `flows[].checks` | Success, failure, edge, contract, or visual checks that should shape generated E2E drafts. |
158
+ | `source.kind` | `inferred` for QAMap-generated baseline entries or `declared` after human review. |
159
+ | `source.confidence` | `low`, `medium`, or `high` confidence for how strongly QAMap should trust the entry. |
160
+
161
+ When a recommendation is wrong, update the manifest path printed by QAMap instead of trying to make static analysis perfect. That turns one bad suggestion into durable repo-local knowledge.
162
+
163
+ When a matched flow has `entry.route` and `checks`, generated E2E drafts will carry the manifest evidence, use the route as the entrypoint when the runner supports it, and turn checks into draft steps plus coverage notes. That lets client teams create useful UI or flow tests even before a backend is complete: the manifest can describe the route, required success/failure checks, and fixture/mock expectations, while the draft keeps TODOs only for the project-specific selector, data, or runner details.
164
+
165
+ ## Domain Manifest
166
+
167
+ Create a starter domain manifest:
168
+
169
+ ```sh
170
+ qamap domains init .
171
+ qamap domains suggest . --base origin/main --head HEAD
172
+ ```
173
+
174
+ `.qamap/domains.yml` is meant to be committed when the team wants QAMap to use shared product language during E2E planning.
175
+ The `suggest` command prints candidate YAML plus a promotion plan that separates `commit-candidate`, `needs-review`, and `low-signal` entries.
176
+
177
+ ```yaml
178
+ domains:
179
+ - id: billing
180
+ name: Billing
181
+ aliases:
182
+ - checkout
183
+ - subscription
184
+ files:
185
+ - src/features/billing/**
186
+ routes:
187
+ - /billing
188
+ tags:
189
+ - payment
190
+ scenarios:
191
+ - title: Billing primary journey
192
+ checks:
193
+ - Start from the normal billing entry point.
194
+ - Complete the primary billing action with realistic data.
195
+ - Confirm the visible result or saved state.
196
+ ```
197
+
198
+ Supported domain fields:
199
+
200
+ | Field | Description |
201
+ | --- | --- |
202
+ | `id` | Stable machine-readable id for the domain. |
203
+ | `name` | Human-facing product term used in E2E plan language. |
204
+ | `aliases` | Extra words that can match changed file path segments. |
205
+ | `files` | Glob-like path patterns relative to the repository or workspace root. |
206
+ | `routes` | Route hints used for matching and Playwright draft entrypoints. |
207
+ | `tags` | Additional tokens that can match file path segments. |
208
+ | `scenarios` | Optional suggested scenario names and checks for generated drafts. |
209
+
210
+ Use `.qamap/domains.yml` for naming and route hints. Use `.qamap/flows.yml` when the team wants to define a higher-confidence verification journey with priority and required checks.
211
+
212
+ ## Core Flows
213
+
214
+ Create a starter core flow manifest:
215
+
216
+ ```sh
217
+ qamap flows init .
218
+ qamap flows suggest . --base origin/main --head HEAD
219
+ ```
220
+
221
+ `.qamap/flows.yml` is meant to be committed when the team wants QAMap to understand project-specific flows during E2E planning.
222
+ The `suggest` command prints candidate YAML plus a promotion plan that helps teams decide which flows are durable enough to commit.
223
+
224
+ ```yaml
225
+ flows:
226
+ - id: checkout-purchase
227
+ name: Checkout purchase
228
+ priority: critical
229
+ domains:
230
+ - checkout
231
+ files:
232
+ - src/pages/checkout/**
233
+ - src/features/checkout/**
234
+ routes:
235
+ - /checkout
236
+ tags:
237
+ - payment
238
+ checks:
239
+ - Complete checkout with a valid payment method.
240
+ - Verify declined payment recovery.
241
+ ```
242
+
243
+ Supported match fields:
244
+
245
+ | Field | Description |
246
+ | --- | --- |
247
+ | `files` | Glob-like path patterns relative to the repository or workspace root. |
248
+ | `domains` | Domain tokens matched against changed file path segments. |
249
+ | `routes` | Route-like strings matched against changed file paths. |
250
+ | `tags` | Additional tokens that can match file path segments. |
251
+ | `checks` | Human-approved verification points shown in the E2E plan. |
252
+
253
+ `priority` can be `critical`, `recommended`, or `optional`.
254
+
255
+ ## Domain Language Suggestions
256
+
257
+ `qamap e2e plan` includes a bootstrap section and a domain language section before the lower-level E2E candidates. The bootstrap section separates required setup, recommended policy capture, and ready evidence, which is especially useful when a project has no existing tests yet. QAMap derives domain language suggestions from:
258
+
259
+ - team-approved `.qamap/flows.yml` names
260
+ - shared `.qamap/domains.yml` names, aliases, routes, and scenarios
261
+ - changed file path terms such as `features/in-app-purchase`
262
+ - selected UI copy such as accessibility labels, placeholders, and text labels
263
+
264
+ The goal is to help reviewers and test authors use the product words the team already understands. For example, a service or component path can become `In App Purchase primary journey` instead of a generic implementation phrase such as "API smoke flow".
265
+
266
+ High-confidence terms usually come from committed core flows or domain manifests. Medium-confidence terms usually come from changed paths. Low-confidence terms can come from UI copy and should be treated as naming hints, not final policy.
267
+
268
+ ## Fixture And Mock Readiness
269
+
270
+ `qamap e2e plan` checks whether a candidate flow appears to depend on API, network, payment, or external response data. When it does, QAMap looks for changed backend/API evidence and mock or fixture evidence such as:
271
+
272
+ - MSW or Mirage handlers
273
+ - `__mocks__`, `fixtures`, `factories`, `seeds`, or `test-data` directories
274
+ - Playwright route fulfillment helpers
275
+ - mock data files that match the changed domain
276
+
277
+ If a client flow calls an API but the branch does not include backend, mock, or fixture evidence, the E2E plan marks fixture readiness as `missing` and the generated draft includes next actions for deterministic success and failure responses. This lets teams validate UI and flow behavior before the real server implementation is complete.