@ivorycanvas/qamap 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +56 -0
- package/README.md +44 -578
- package/dist/agent-init.d.ts +16 -0
- package/dist/agent-init.js +110 -0
- package/dist/agent-init.js.map +1 -0
- package/dist/cli.js +17 -1
- package/dist/cli.js.map +1 -1
- package/dist/context.d.ts +1 -0
- package/dist/context.js +4 -0
- package/dist/context.js.map +1 -1
- package/dist/domain-language.js +121 -12
- package/dist/domain-language.js.map +1 -1
- package/dist/e2e.d.ts +4 -0
- package/dist/e2e.js +424 -85
- package/dist/e2e.js.map +1 -1
- package/dist/fixture-insight.d.ts +8 -0
- package/dist/fixture-insight.js +193 -0
- package/dist/fixture-insight.js.map +1 -0
- package/dist/fs.js +11 -0
- package/dist/fs.js.map +1 -1
- package/dist/index.d.ts +2 -1
- package/dist/index.js +2 -1
- package/dist/index.js.map +1 -1
- package/dist/manifest.d.ts +5 -0
- package/dist/manifest.js +478 -54
- package/dist/manifest.js.map +1 -1
- package/dist/qa.d.ts +4 -0
- package/dist/qa.js +177 -14
- package/dist/qa.js.map +1 -1
- package/dist/terminal.d.ts +2 -0
- package/dist/terminal.js +51 -0
- package/dist/terminal.js.map +1 -0
- package/dist/test-plan.js +56 -6
- package/dist/test-plan.js.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/docs/adoption.md +62 -0
- package/docs/agent-format.md +52 -0
- package/docs/agent-skill.md +17 -1
- package/docs/benchmarking.md +60 -20
- package/docs/commands.md +242 -0
- package/docs/configuration.md +11 -0
- package/docs/e2e-output-examples.md +8 -4
- package/docs/guardrails.md +64 -0
- package/docs/manifest.md +3 -3
- package/docs/quickstart-demo.md +1 -1
- package/docs/release-validation.md +31 -4
- package/docs/releasing.md +13 -10
- package/docs/roadmap.md +9 -14
- package/package.json +4 -3
- package/schema/qamap-agent.schema.json +171 -0
- package/skills/qamap-pr-qa/SKILL.md +2 -1
package/docs/commands.md
ADDED
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
# Command Reference
|
|
2
|
+
|
|
3
|
+
Every QAMap command, with what it produces and when to reach for it. For the shortest path, see the [README](../README.md) quick start; for rollout order, see [adoption](adoption.md).
|
|
4
|
+
|
|
5
|
+
## Quick Commands
|
|
6
|
+
|
|
7
|
+
```sh
|
|
8
|
+
pnpm exec qamap qa . --base origin/main --head HEAD
|
|
9
|
+
pnpm exec qamap qa . --base origin/main --head HEAD --format agent
|
|
10
|
+
pnpm exec qamap qa . --manifest /tmp/qamap-manifest.yaml --base origin/main --head HEAD --output QAMAP_QA.md
|
|
11
|
+
pnpm exec qamap scan .
|
|
12
|
+
pnpm exec qamap verify . --base origin/main --head HEAD --pr-body-file pr-body.md
|
|
13
|
+
pnpm exec qamap manifest context .
|
|
14
|
+
pnpm exec qamap manifest init .
|
|
15
|
+
pnpm exec qamap manifest validate .
|
|
16
|
+
pnpm exec qamap manifest explain . --base origin/main --head HEAD
|
|
17
|
+
pnpm exec qamap e2e draft . --base origin/main --head HEAD --dry-run
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
Use `pnpm dlx @ivorycanvas/qamap ...` for one-off runs without installing QAMap into the target repository.
|
|
21
|
+
|
|
22
|
+
## Reading The Output
|
|
23
|
+
|
|
24
|
+
Human-facing reports (`text` and `markdown` formats) open with an **At a Glance** section: affected behavior, the reviewer question to answer before merge, concrete repository evidence, the proposed draft path, the next command, and the one or two missing trust requirements. When printed to an interactive terminal the report is colorized (headings, statuses, priority tags, inline commands); files written with `--output`, pipes, CI logs, and the machine formats (`json`, `agent`, `sarif`) are always plain. The standard `NO_COLOR` and `FORCE_COLOR` environment variables are honored.
|
|
25
|
+
|
|
26
|
+
Draft readiness is reported as a **stage on a fixed four-step journey**, for example `Stage: setup needed (1 of 4) — readiness 0/100`. A fresh repository usually starts at stage 1 — that is the expected starting point, not a failure. Each stage maps to a stable `readiness.level` value in the `json` and `agent` formats, which keeps machine output unchanged:
|
|
27
|
+
|
|
28
|
+
| Stage line | JSON `readiness.level` | Meaning |
|
|
29
|
+
| --- | --- | --- |
|
|
30
|
+
| `setup needed (1 of 4)` | `blocked` | Drafts describe the flow but need runner config or other required setup before they can run. |
|
|
31
|
+
| `draft in progress (2 of 4)` | `needs-work` | Drafts exist; close the required action items to make them runnable. |
|
|
32
|
+
| `almost runnable (3 of 4)` | `near-runnable` | Run the drafts locally and clear the remaining review items. |
|
|
33
|
+
| `ready to run (4 of 4)` | `ready` | Drafts are ready to try as local regression evidence. |
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
## What QAMap Produces
|
|
37
|
+
|
|
38
|
+
On a changed branch, QAMap tries to produce reviewable verification artifacts instead of only saying "write more tests":
|
|
39
|
+
|
|
40
|
+
- a branch-aware verification plan that names the changed domain, actor, trigger, goal, success signal, and edge cases
|
|
41
|
+
- draft Playwright, Maestro, CLI command, or manual checklist files when the repository shape supports them
|
|
42
|
+
- a repo-level verification manifest loop where humans correct durable flows once and later PRs get sharper route/check/test draft suggestions
|
|
43
|
+
- a runner setup proposal that explains why Playwright or Maestro fits the changed surface and which files/commands would be created if the team accepts it
|
|
44
|
+
- readiness evidence that explains missing runner config, selectors, fixture data, assertions, validation commands, or flow manifests
|
|
45
|
+
- repo-local suggestions for `.qamap/domains.yml`, `.qamap/flows.yml`, and ignored `.qamap/runs/` history so teams can improve the next run without spending LLM tokens
|
|
46
|
+
|
|
47
|
+
That means QAMap is most valuable when it becomes the team's verification base: humans define the durable language and critical flows once, QAMap reuses that base on each PR, and generated observations stay local unless the team intentionally promotes them into shared policy.
|
|
48
|
+
|
|
49
|
+
## Commands
|
|
50
|
+
|
|
51
|
+
| Command | Purpose |
|
|
52
|
+
| --- | --- |
|
|
53
|
+
| `qamap scan .` | Scan the current repository and print a text report. |
|
|
54
|
+
| `qamap scan . --fail-on medium` | Exit with code `1` when findings at or above the threshold exist. |
|
|
55
|
+
| `qamap scan . --json` | Print machine-readable JSON for custom automation. |
|
|
56
|
+
| `qamap scan . --format sarif --output qamap.sarif` | Generate SARIF for code scanning integrations. |
|
|
57
|
+
| `qamap report . --output QAMAP_REPORT.md` | Generate a Markdown report for PRs or audits. |
|
|
58
|
+
| `qamap doctor . --format markdown` | Summarize whether the repo is ready for AI-assisted work. |
|
|
59
|
+
| `qamap review . --base origin/main --head HEAD --format markdown` | Show new findings and changed risky files introduced by a branch. |
|
|
60
|
+
| `qamap verify . --base origin/main --head HEAD --pr-body-file pr-body.md` | Combine review findings, readiness scoring, domain tests, and next actions. |
|
|
61
|
+
| `qamap eval . --base origin/main --head HEAD --pr-body-file pr-body.md` | Score change readiness across intent, risk, tests, and review size. |
|
|
62
|
+
| `qamap github-action . --mode review --base origin/main --head HEAD` | Generate GitHub Action annotations, step summary, and PR comment body. |
|
|
63
|
+
| `qamap test-plan . --base origin/main --head HEAD --include-working-tree` | Suggest domain test scenarios for changed files. |
|
|
64
|
+
| `qamap qa . --base origin/main --head HEAD` | One-command PR QA: affected flows, missing QA evidence, a PR checklist, and E2E starter drafts, opening with At a Glance. |
|
|
65
|
+
| `qamap qa . --base origin/main --head HEAD --format agent` | The same decision content as one ~2-4KB JSON line for coding agents — a versioned contract documented in [docs/agent-format.md](agent-format.md). |
|
|
66
|
+
| `qamap e2e plan . --base origin/main --head HEAD` | Suggest E2E runner, bootstrap steps, user flows, coverage targets, existing test evidence, and missing testability hooks for changed files. |
|
|
67
|
+
| `qamap e2e plan . --base origin/main --head HEAD --record-history` | Save a compact local run snapshot under `.qamap/runs/` while keeping JSON/Markdown output usable. |
|
|
68
|
+
| `qamap e2e setup . --runner playwright` | Explicitly apply the accepted runner setup and create the first changed-flow E2E draft without overwriting existing files. |
|
|
69
|
+
| `qamap e2e draft . --base origin/main --head HEAD --dry-run` | Preview generated Maestro, Playwright, or manual E2E drafts without writing files. |
|
|
70
|
+
| `qamap e2e draft . --base origin/main --head HEAD` | Write generated Maestro, Playwright, or manual E2E drafts with flow language, readiness summaries, and action items. |
|
|
71
|
+
| `qamap manifest init .` | Create a baseline `.qamap/manifest.yaml` with inferred domains, flows, anchors, checks, source, and confidence. |
|
|
72
|
+
| `qamap manifest validate .` | Check whether `.qamap/manifest.yaml` is present, parseable, anchored to real files, and ready to shape PR evidence. |
|
|
73
|
+
| `qamap manifest context .` | Preview repo-local context sources, role classifications, validation commands, safety rules, and manifest repair diagnostics. |
|
|
74
|
+
| `qamap manifest explain . --base origin/main --head HEAD` | Explain which manifest domains, flows, and checks match the current branch and which manifest path to edit if the match is wrong. |
|
|
75
|
+
| `qamap flows init .` | Create a starter `.qamap/flows.yml` for team-approved core flow definitions. |
|
|
76
|
+
| `qamap flows suggest . --base origin/main --head HEAD` | Generate suggested `.qamap/flows.yml` entries with commit-readiness guidance from changed files and E2E plan context. |
|
|
77
|
+
| `qamap domains init .` | Create a starter `.qamap/domains.yml` for shared product/domain language. |
|
|
78
|
+
| `qamap domains suggest . --base origin/main --head HEAD` | Generate suggested `.qamap/domains.yml` entries with commit-readiness guidance from changed files and inferred product language. |
|
|
79
|
+
| `qamap history init .` | Create local QAMap history directories and protect generated run history with `.gitignore`. |
|
|
80
|
+
| `qamap doctor services/listing --workspace-root .` | Scan a monorepo package while using root guardrails. |
|
|
81
|
+
| `qamap context . --write AGENTS.md` | Generate starter agent instructions for the repo. |
|
|
82
|
+
| `qamap init .` | Create a starter `qamap.config.json`. |
|
|
83
|
+
| `qamap init --agent .` | One-command agent onboarding: add a marked QAMap Pre-PR QA section to `AGENTS.md`, install the packaged skill to `.claude/skills/qamap-pr-qa/SKILL.md`, and create `qamap.config.json` if missing. Idempotent; existing `AGENTS.md` content is preserved. |
|
|
84
|
+
|
|
85
|
+
For monorepos, pass `--workspace-root` when scanning a package. Package-local checks still use the package directory, while repo-level guardrails such as `AGENTS.md`, `.github/workflows`, `LICENSE`, `SECURITY.md`, and `CONTRIBUTING.md` are read from the workspace root.
|
|
86
|
+
|
|
87
|
+
`qamap review` compares a branch against a base ref for PR-style workflows. It separates newly introduced findings from risky files that already had findings on the base branch but were modified again, which helps reviewers notice when a PR touches known-dangerous surfaces such as committed `.env` files, MCP configs, or release scripts.
|
|
88
|
+
|
|
89
|
+
`qamap verify` is the easiest PR-facing command. It combines `review`, `test-plan`, and `eval` into one report with review findings, readiness gates, suggested domain tests, suggested commands, and next actions.
|
|
90
|
+
|
|
91
|
+
`qamap test-plan` turns changed file paths into a review-ready domain test checklist. It also discovers common validation commands from `package.json`, `pyproject.toml`, `go.mod`, `Cargo.toml`, Gradle files, and Maven `pom.xml`. Add `--include-working-tree` for local, uncommitted changes while iterating.
|
|
92
|
+
|
|
93
|
+
`qamap e2e plan` turns changed file paths into a first-pass E2E testing plan. It detects whether a project looks like Expo/React Native, web, API/service, or CLI package, recommends a runner such as Maestro or Playwright, starts backend services with an API contract checklist, starts executable packages with a CLI command verification checklist, suggests bootstrap steps for repos with little or no test history, suggests domain language for the changed behavior, suggests candidate user flows, adds coverage targets, compares those targets with existing test-suite evidence when tests are present, flags API-dependent flows that need mock or fixture responses, and points out missing stable selectors such as `testID` or `data-testid` before anyone starts writing tests from a blank file.
|
|
94
|
+
|
|
95
|
+
The plan also includes an execution profile: detected start command, test command, Playwright `baseURL`, mobile app id, runner config files, env fixture files, confidence, and blockers. This keeps generated E2E drafts honest about whether they are runnable candidates or still review-only scaffolds.
|
|
96
|
+
|
|
97
|
+
When a repository does not already have the selected E2E runner, the plan includes a runner setup proposal instead of silently changing the project. The proposal explains why the runner fits the changed surface, which package command installs the library, which config/script files would be created, and the explicit acceptance command such as `qamap e2e setup . --runner playwright`.
|
|
98
|
+
|
|
99
|
+
`qamap e2e setup` is the opt-in apply step. For Playwright it can create `playwright.config.ts`, `tests/e2e/`, a `test:e2e` script, and the first changed-flow Playwright spec. For Maestro it can create `.maestro/`, `.maestro/README.md`, a `test:e2e` script, and the first changed-flow YAML draft. Existing draft files are skipped unless `--force` is passed. It does not run package installation automatically; it prints the install command so teams can keep dependency policy under review.
|
|
100
|
+
|
|
101
|
+
When run at a monorepo root, the E2E plan also reports changed app/package targets. This helps a maintainer move from a broad workspace diff to scoped commands such as `qamap e2e plan services/listing --workspace-root . --base origin/main --head HEAD`, where package-specific runner detection and flow naming are usually sharper.
|
|
102
|
+
|
|
103
|
+
Each candidate flow also includes a flow language brief: actor, trigger, goal, success signal, reviewer question, and edge cases. The brief keeps generated tests tied to product behavior rather than only changed file names.
|
|
104
|
+
|
|
105
|
+
The bootstrap section answers what must happen before generated drafts can be treated as real regression coverage. For example, a testless web project can get required steps for Playwright setup, first draft generation, stable selector work, fixture/mock data, and missing validation evidence, plus recommended steps for `.qamap/manifest.yaml`, `.qamap/domains.yml`, `.qamap/flows.yml`, and local history recording.
|
|
106
|
+
|
|
107
|
+
Run `qamap manifest init .` to create a baseline verification manifest. QAMap infers domains, flows, route/component anchors, checks, runner hints, source, and confidence from the current checkout.
|
|
108
|
+
|
|
109
|
+
The scan reads up to 2,500 files by default (alphabetically, skipping vendor trees such as `node_modules`, `Pods`, `.gradle`, and build output). The init summary reports how many files were scanned, and warns when the scan stopped at the cap — on very large repositories rerun with `--max-files` so domains and flows are inferred from the whole project.
|
|
110
|
+
|
|
111
|
+
Validation commands come from two sources, ground truth first: `package.json` scripts whose names look like verification (`test`, `lint`, `typecheck`, `check`, `e2e`, `coverage`, `build`, …) plus a detected pytest setup, then commands found in instruction docs — inline code spans (like a `pnpm test` mentioned in a sentence) anywhere, and bare command lines only when they sit inside fenced code blocks. Prose sentences that merely mention a tool name are not treated as commands. Scripts that block, open a UI, or mutate state (`test:watch`, `e2e:open`, `test:update`, `lint:fix`, …) are excluded. Safety rules are only harvested from prose lines that state a prohibition or obligation (`never …`, `do not …`, `절대/금지 …`); code blocks, CI YAML, and diagram fragments inside instruction docs are ignored.
|
|
112
|
+
|
|
113
|
+
> **Important:** create the shared team baseline from the repository's default branch, after pulling the latest changes. QAMap does not silently switch branches or rewrite the repository state, so running `manifest init` from a feature branch creates a feature-branch snapshot, not the team's default QA map.
|
|
114
|
+
|
|
115
|
+
```sh
|
|
116
|
+
git switch main
|
|
117
|
+
git pull
|
|
118
|
+
qamap manifest context .
|
|
119
|
+
qamap manifest init . --write .qamap/manifest.yaml
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
`qamap manifest context .` is a read-only preview of the repo-local knowledge QAMap can see before writing the manifest. It reports context sources such as `CONTEXT.md`, ADRs, goals, runbooks, agent instructions, harness files, and skills under agent directories (`.claude/`, `.codex/`, `.agent-core/`, `.github/instructions/`), then shows role classifications, validation commands, safety rules, and diagnostics for stale or missing context.
|
|
123
|
+
|
|
124
|
+
After the baseline is committed, feature branches should usually run `manifest explain`, `e2e plan`, or `e2e draft` against the PR base such as `origin/main`. The manifest is not meant to be perfect on the first run. It is meant to start the feedback loop: QAMap recommends E2E work from the manifest, shows why a recommendation happened, and points to the manifest path to edit when the recommendation is wrong.
|
|
125
|
+
|
|
126
|
+
Generated manifests include a `$schema` reference to `schema/qamap-manifest.schema.json`, so teams can validate and edit `.qamap/manifest.yaml` with a documented contract. See [docs/manifest.md](manifest.md) for the full field guide and adoption workflow.
|
|
127
|
+
|
|
128
|
+
Use `qamap manifest validate .` before treating the manifest as shared team policy. It reports missing manifests, invalid YAML/schema shape, duplicate ids, missing domain paths, stale anchor files, suspicious route hints, and low-confidence inferred entries that should be reviewed.
|
|
129
|
+
|
|
130
|
+
Use `qamap manifest explain . --base origin/main --head HEAD` when you want to understand one branch. It reads the git diff, lists the matched manifest domains/flows/checks, shows the declared entry route and required checks, and names the exact manifest path to update if the recommendation is wrong.
|
|
131
|
+
|
|
132
|
+
When `.qamap/manifest.yaml` exists, `qamap verify`, `qamap e2e plan`, and `qamap e2e draft` include a Manifest Recommendations section:
|
|
133
|
+
|
|
134
|
+
```txt
|
|
135
|
+
Why this was recommended:
|
|
136
|
+
- Changed files match anchors for the Bundle Submission Complete flow.
|
|
137
|
+
|
|
138
|
+
Manifest evidence:
|
|
139
|
+
- .qamap/manifest.yaml > flows.bundle-submission-complete.anchors
|
|
140
|
+
|
|
141
|
+
Next actions:
|
|
142
|
+
- Draft or review E2E coverage for the Bundle Submission Complete flow.
|
|
143
|
+
- Cover the declared checks: Submit media link successfully; Show validation error for invalid media link.
|
|
144
|
+
|
|
145
|
+
If this is wrong:
|
|
146
|
+
- Update .qamap/manifest.yaml > flows.bundle-submission-complete.anchors
|
|
147
|
+
|
|
148
|
+
Repair hints:
|
|
149
|
+
- If these files do not belong to this flow, update .qamap/manifest.yaml > flows.bundle-submission-complete.anchors.
|
|
150
|
+
- If the recommended assertions feel vague, rewrite .qamap/manifest.yaml > flows.bundle-submission-complete.checks in team language.
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
When a matched manifest flow has an entry route and checks, `qamap e2e draft` promotes it ahead of heuristic candidates. The generated Playwright, Maestro, or manual draft carries the manifest evidence, uses the manifest route as an entrypoint when possible, and turns manifest checks into draft steps and required coverage notes. If a check includes concrete hints such as `[data-testid=coupon-input]`, `with WELCOME10`, or optional `selector`, `value`, and `steps` fields, QAMap uses those facts before falling back to fuzzy selector inference. This is the core cost-saving loop: humans fix durable QA context once, then future PRs start from a stronger draft instead of a blank test file.
|
|
154
|
+
|
|
155
|
+
Flow and scenario names prefer what the diff itself introduced: an added `aria-label`/`data-testid`/`testID`/placeholder value or button/link inner text with an action word names the journey ("Checkout Apply Coupon" instead of "Checkout primary journey"). Korean action labels qualify the same way — `저장하기` and 35 other common stems, with `~하기/~합니다`-style endings normalized — and draft filenames keep Hangul. When a diff changes only logic or styles (no labeled elements added), the surface's primary action-bearing control names the journey instead.
|
|
156
|
+
|
|
157
|
+
The domain language section is intentionally less implementation-oriented than the raw file list. For example, changes under `src/features/in-app-purchase/` become terms such as `In App Purchase` and scenarios such as `In App Purchase primary journey`. When a changed component or service file names a concrete behavior, QAMap should prefer that behavior before the generic primary journey: `src/features/listing/components/MediaLinkSubmitModal.tsx` can become `Listing Media Link Submit`, and the generated draft file can become `.maestro/listing-media-link-submit.yaml`. When `.qamap/domains.yml` exists, declared product terms and routes receive higher confidence. When `.qamap/flows.yml` exists, team-approved flow names appear as preferred scenario names.
|
|
158
|
+
|
|
159
|
+
If `.qamap/domains.yml` exists, `qamap e2e plan` also matches changed files against shared product or domain language:
|
|
160
|
+
|
|
161
|
+
```yaml
|
|
162
|
+
domains:
|
|
163
|
+
- id: billing
|
|
164
|
+
name: Billing
|
|
165
|
+
aliases:
|
|
166
|
+
- checkout
|
|
167
|
+
- subscription
|
|
168
|
+
files:
|
|
169
|
+
- src/features/billing/**
|
|
170
|
+
routes:
|
|
171
|
+
- /billing
|
|
172
|
+
scenarios:
|
|
173
|
+
- title: Billing primary journey
|
|
174
|
+
checks:
|
|
175
|
+
- Start from the normal billing entry point.
|
|
176
|
+
- Complete the primary billing action with realistic data.
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
Run `qamap domains init .` to create a starter domain manifest. Run `qamap domains suggest . --base origin/main --head HEAD` when you want QAMap to draft manifest entries from the current branch and classify each candidate as `commit-candidate`, `needs-review`, or `low-signal`. Use domains for naming and route hints; use core flows when the team wants to define a durable verification journey.
|
|
180
|
+
|
|
181
|
+
If `.qamap/flows.yml` exists, `qamap e2e plan` also matches changed files against team-approved core flows. This lets maintainers encode the product or domain flows humans already care about:
|
|
182
|
+
|
|
183
|
+
```yaml
|
|
184
|
+
flows:
|
|
185
|
+
- id: checkout-purchase
|
|
186
|
+
name: Checkout purchase
|
|
187
|
+
priority: critical
|
|
188
|
+
domains:
|
|
189
|
+
- checkout
|
|
190
|
+
files:
|
|
191
|
+
- src/pages/checkout/**
|
|
192
|
+
- src/features/checkout/**
|
|
193
|
+
routes:
|
|
194
|
+
- /checkout
|
|
195
|
+
checks:
|
|
196
|
+
- Complete checkout with a valid payment method.
|
|
197
|
+
- Verify declined payment recovery.
|
|
198
|
+
```
|
|
199
|
+
|
|
200
|
+
Run `qamap flows init .` to create a starter manifest. Run `qamap flows suggest . --base origin/main --head HEAD` when you want QAMap to draft flow entries from changed files, inferred domain language, routes, and E2E checks, then classify which entries are close enough to review as shared policy. Unlike generated run history, `.qamap/flows.yml` is meant to be reviewed and committed when those flow definitions should become team policy.
|
|
201
|
+
|
|
202
|
+
Pass `--record-history` when you want QAMap to keep a compact local snapshot of an E2E plan under `.qamap/runs/`. QAMap automatically protects `.qamap/runs/`, `.qamap/cache/`, `.qamap/tmp/`, and `.qamap/*.local.json` with `.gitignore` so generated history stays local by default. Shared project policy, such as `qamap.config.json`, `.qamap/domains.yml`, and `.qamap/flows.yml`, remains commit-friendly.
|
|
203
|
+
|
|
204
|
+
`qamap e2e draft --dry-run` previews the same draft analysis without creating directories or files. Use it first when evaluating a new repository or PR. The output still includes planned file paths, self-checks, readiness status, action items, starter-code gaps, and execution blockers.
|
|
205
|
+
|
|
206
|
+
`qamap e2e draft` writes draft files from that plan. Expo and React Native projects get Maestro YAML flows under `.maestro/` by default, web projects get Playwright specs under `tests/e2e/`, API/service projects get contract checklist drafts, and CLI packages get command verification checklists until a project-specific runner is documented. For web apps, QAMap recognizes common Next.js, React Router, Vite, Vue/Nuxt, Svelte, Remix, Astro, and Angular signals. It can infer routes from Next Pages Router files, Next App Router files such as `src/app/(group)/products/[id]/page.tsx`, React Router `path` objects, links, and imperative navigation calls. Drafts infer stable selectors such as `testID`, `accessibilityLabel`, `data-testid`, `aria-label`, placeholder text, role-based buttons or links, and visible text where possible. They also carry fixture/mock readiness notes and inferred API endpoint hints. When the repository already contains mock, fixture, or seed files, QAMap statically reads their contents and turns the fixture guidance into named instructions — which handler file to extend for which uncovered endpoint, or which exported mock data to reuse — and exposes the matched files as `mockInsights` on `fixtureReadiness` in JSON output. Client-only flows may get sample Playwright response scaffolds whose bodies reuse the response keys observed in the matched fixture file, but endpoints changed by the PR are observed rather than intercepted with synthetic responses so the generated draft does not hide the contract under test. When selectors or route params are incomplete, QAMap now prefers runnable starter code with safe smoke assertions and sample params over non-executable placeholder locators. Existing files are not overwritten unless `--force` is passed.
|
|
207
|
+
|
|
208
|
+
The draft result is meant to be useful as a PR artifact, not only as generated files. Markdown and JSON output include:
|
|
209
|
+
|
|
210
|
+
- `languageBrief`: actor, trigger, goal, success signal, reviewer question, and edge cases for each draft file
|
|
211
|
+
- `promotionStatus`: whether the draft is a `commit-candidate`, `needs-review`, or `low-signal`
|
|
212
|
+
- `runnableStatus`: whether the draft is a `runnable-candidate`, `near-runnable`, or `review-only`
|
|
213
|
+
- selectors carry `addedInDiff: true` when the value was introduced by the diff itself, so agents can bind actions to what the change added
|
|
214
|
+
- `selfCheck`: static runner checks for generated draft structure, unresolved placeholders, starter-code quality, and the execution profile
|
|
215
|
+
- `status`: whether the file was `preview`ed by `--dry-run`, `created`, or `skipped`
|
|
216
|
+
- `actionItems`: required and recommended follow-up work, grouped by assertion, fixture, selector, runner, validation, and manifest
|
|
217
|
+
- `actionSummary`: total required/recommended action counts, ready file count, and the most common action categories
|
|
218
|
+
- `readinessSummary`: an overall 0-100 score, readiness level, self-check counts, starter-code gaps, execution blocker counts, and top blockers
|
|
219
|
+
|
|
220
|
+
See [docs/e2e-output-examples.md](e2e-output-examples.md) for compact examples of web, mobile, API/service, CLI, test-light, and monorepo output.
|
|
221
|
+
|
|
222
|
+
Generated Playwright drafts use the flow language as `test.step()` names so the file reads like the user journey it protects:
|
|
223
|
+
|
|
224
|
+
```ts
|
|
225
|
+
await test.step("Open route /checkout.", async () => {
|
|
226
|
+
await page.goto("/checkout");
|
|
227
|
+
});
|
|
228
|
+
|
|
229
|
+
await test.step("Complete checkout with a valid payment method.", async () => {
|
|
230
|
+
// Step intent: Complete checkout with a valid payment method.
|
|
231
|
+
await page.getByTestId("checkout-submit").click();
|
|
232
|
+
});
|
|
233
|
+
|
|
234
|
+
await test.step("Fill profile email.", async () => {
|
|
235
|
+
// Step intent: Fill profile email.
|
|
236
|
+
await page.getByPlaceholder("Profile email").fill("qamap@example.com");
|
|
237
|
+
});
|
|
238
|
+
```
|
|
239
|
+
|
|
240
|
+
`qamap history init` prepares that local storage explicitly without running an analysis. It creates `.qamap/runs/`, `.qamap/cache/`, and `.qamap/tmp/`, then adds the generated-history ignore patterns to `.gitignore` idempotently.
|
|
241
|
+
|
|
242
|
+
`qamap eval` scores whether a branch has enough validation evidence, changed-test coverage, intent capture, risk explanation, domain verification paths, and reviewable size. In GitHub Actions, QAMap can read the pull request body from the event payload and append the evaluation to the PR comment.
|
package/docs/configuration.md
CHANGED
|
@@ -274,4 +274,15 @@ High-confidence terms usually come from committed core flows or domain manifests
|
|
|
274
274
|
- Playwright route fulfillment helpers
|
|
275
275
|
- mock data files that match the changed domain
|
|
276
276
|
|
|
277
|
+
File-name conventions are matched as whole name tokens (`demoSeedService.ts`, `mock-users.json`), never as substrings, so ordinary source files such as `useSeedlingCatalog.ts` or `errorHandler.ts` are not misread as fixtures.
|
|
278
|
+
|
|
277
279
|
If a client flow calls an API but the branch does not include backend, mock, or fixture evidence, the E2E plan marks fixture readiness as `missing` and the generated draft includes next actions for deterministic success and failure responses. This lets teams validate UI and flow behavior before the real server implementation is complete.
|
|
280
|
+
|
|
281
|
+
QAMap also reads the contents of the discovered mock and fixture files (up to 24 per plan, statically, without executing anything) and extracts their exported symbols, the routes their handlers already serve (MSW `rest.*`/`http.*` handlers, Mirage and express-style routes, Playwright `route(...)` patterns), and the response keys they use. That analysis turns generic advice into named instructions:
|
|
282
|
+
|
|
283
|
+
- when an existing handler file already covers some of the flow's endpoints, the next action says which file to extend and which endpoints are still uncovered (for example `Extend src/mocks/handlers.ts (already handles /api/invoices) to also cover /api/payments/summary`)
|
|
284
|
+
- when a mock or seed module exports reusable data, the next action names the export to reuse for the uncovered endpoint
|
|
285
|
+
- generated Playwright drafts fill `mockApiResponses` bodies with the response keys observed in the matched fixture file instead of a generic placeholder, and note which file the shape came from
|
|
286
|
+
- the fixture action item title carries the affected endpoints, so the compact `--format agent` output keeps the concrete target
|
|
287
|
+
|
|
288
|
+
The matched insights are exposed as an optional `mockInsights` array (file, exports, handled endpoints, sample keys) on each flow's `fixtureReadiness` in the JSON output.
|
|
@@ -19,7 +19,7 @@ Summary
|
|
|
19
19
|
- Project: Web
|
|
20
20
|
- Recommended runner: Playwright
|
|
21
21
|
- Manifest: not found; using repo signals and PR diff only
|
|
22
|
-
-
|
|
22
|
+
- Stage: almost runnable (3 of 4)
|
|
23
23
|
|
|
24
24
|
PR Comment Draft
|
|
25
25
|
- Affected flow: Checkout UI smoke flow
|
|
@@ -349,7 +349,7 @@ Draft action items should make the next developer action explicit:
|
|
|
349
349
|
|
|
350
350
|
```txt
|
|
351
351
|
Action summary:
|
|
352
|
-
- readiness
|
|
352
|
+
- readiness stage: draft in progress (2 of 4), score 64/100
|
|
353
353
|
- runnable status: near-runnable
|
|
354
354
|
- self-check: pass or warning based on generated starter code and execution profile
|
|
355
355
|
- top blocker: No Playwright config file was detected.
|
|
@@ -363,13 +363,17 @@ Action summary:
|
|
|
363
363
|
|
|
364
364
|
When a client-side change calls an API path but the branch does not include backend or fixture evidence, QAMap should name that as a readiness gap and still give the tester a concrete mock slot:
|
|
365
365
|
|
|
366
|
-
If reusable repo-local evidence already exists, the PR QA output
|
|
366
|
+
If reusable repo-local evidence already exists, the PR QA output reads its contents (exports, handled routes, response keys) and points at the concrete thing to reuse instead of only saying "add a fixture":
|
|
367
367
|
|
|
368
368
|
```txt
|
|
369
369
|
Missing evidence before trusting this PR
|
|
370
|
-
- [recommended] fixture: Confirm fixture coverage - Reuse
|
|
370
|
+
- [recommended] fixture: Confirm fixture coverage for /api/sentiments/current - Reuse src/services/demoSeedService.ts (exports demoSeedService) to build a deterministic response for /api/sentiments/current.
|
|
371
371
|
```
|
|
372
372
|
|
|
373
|
+
When an existing handler file already covers part of the flow, the next action names the file and the still-uncovered endpoints, for example `Extend src/mocks/handlers.ts (already handles /api/invoices) to also cover /api/payments/summary`. The generated Playwright mock bodies then reuse the response keys observed in that file (`invoices: "qamap-invoices"`) instead of the generic placeholder below, with a comment noting the source file.
|
|
374
|
+
|
|
375
|
+
When no fixture file contents are available, the draft falls back to the generic placeholder:
|
|
376
|
+
|
|
373
377
|
```ts
|
|
374
378
|
const mockApiResponses = {
|
|
375
379
|
"**/api/orders/fixture-order-id": {
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# Repository Guardrails
|
|
2
|
+
|
|
3
|
+
The QA draft loop is QAMap's core product. This optional second layer statically scans a repository for the settings that make AI-assisted work risky.
|
|
4
|
+
|
|
5
|
+
## Running the scanner
|
|
6
|
+
|
|
7
|
+
The scanner checks agent instructions, MCP configs, committed env files, risky package scripts, workflow permissions, and validation signals before agent work becomes review churn.
|
|
8
|
+
|
|
9
|
+
For a repository baseline before broad agent use, run:
|
|
10
|
+
|
|
11
|
+
```sh
|
|
12
|
+
qamap scan .
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
```txt
|
|
16
|
+
Findings: 6 (high: 3, medium: 2, low: 1, info: 0)
|
|
17
|
+
|
|
18
|
+
HIGH
|
|
19
|
+
- QM003 Suspicious agent instruction text (AGENTS.md)
|
|
20
|
+
Fix: Remove untrusted instruction text or move examples into clearly fenced documentation.
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
See the rule table below and [docs/rules.md](rules.md) for what the scanner checks.
|
|
24
|
+
|
|
25
|
+
When developing QAMap from source:
|
|
26
|
+
|
|
27
|
+
```sh
|
|
28
|
+
git clone https://github.com/IvoryCanvas/qamap.git
|
|
29
|
+
cd qamap
|
|
30
|
+
pnpm install
|
|
31
|
+
pnpm build
|
|
32
|
+
node dist/cli.js scan /path/to/repo
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
QAMap is a local-first PR verification planner with a repository-level verification manifest loop, not a finished automatic QA bot. A good result is a clear answer to "what should this branch prove before merge?", plus manifest-backed E2E, fixture, selector, and validation work that a developer can turn into real regression coverage. Many first drafts will correctly report `review-only` or `near-runnable` until the project adds runner config, stable selectors, deterministic fixtures, or team-owned manifest entries.
|
|
36
|
+
|
|
37
|
+
|
|
38
|
+
## What It Checks
|
|
39
|
+
|
|
40
|
+
The first release focuses on high-signal checks that are useful across many repositories.
|
|
41
|
+
|
|
42
|
+
| Rule | Severity | What it catches |
|
|
43
|
+
| --- | --- | --- |
|
|
44
|
+
| `QM001` | medium | Missing agent instruction files. |
|
|
45
|
+
| `QM002` | medium | Conflicting agent guidance. |
|
|
46
|
+
| `QM003` | high | Suspicious instruction text that can misdirect agents. |
|
|
47
|
+
| `QM004` | medium/high | Risky MCP command configuration. |
|
|
48
|
+
| `QM005` | high | Secret-like values embedded in MCP config. |
|
|
49
|
+
| `QM006` | medium | Missing or placeholder test scripts. |
|
|
50
|
+
| `QM007` | low | Missing GitHub Actions workflows. |
|
|
51
|
+
| `QM008` | high | Committed local environment files. |
|
|
52
|
+
| `QM009` | high | Package scripts that can publish, push, merge, or run unsafe shell pipelines. |
|
|
53
|
+
| `QM010` | medium | Broad workflow permissions or risky workflow triggers. |
|
|
54
|
+
| `QM011` | low | Missing community health files. |
|
|
55
|
+
| `QM012` | medium/high | Risky committed agent settings, hooks, or broad shell permissions. |
|
|
56
|
+
| `QM013` | low | API endpoints documented only in prose without a contract source. |
|
|
57
|
+
|
|
58
|
+
See [docs/rules.md](rules.md) for the rule catalog.
|
|
59
|
+
See [docs/ecosystem.md](ecosystem.md) for the agent ecosystem surfaces QAMap tracks.
|
|
60
|
+
See [docs/api-contracts.md](api-contracts.md) for the API contract source-of-truth check.
|
|
61
|
+
See [docs/verify.md](verify.md) for the combined PR verification report.
|
|
62
|
+
See [docs/eval.md](eval.md) for the change readiness evaluation.
|
|
63
|
+
See [docs/releasing.md](releasing.md) for the npm release runbook.
|
|
64
|
+
|
package/docs/manifest.md
CHANGED
|
@@ -32,7 +32,7 @@ qamap e2e draft . --manifest /tmp/qamap-manifest.yaml --base origin/main --head
|
|
|
32
32
|
|
|
33
33
|
`manifest init` reads the current checkout on disk. It does not silently switch to the default branch, because changing a developer's branch or working tree would be surprising and unsafe. If the team wants the manifest to represent the default product baseline, run it from the default branch after pulling the latest changes.
|
|
34
34
|
|
|
35
|
-
`manifest context` is the read-only preview step. It shows which repo-local documents QAMap sees, how each source is classified, which validation commands and safety rules were extracted, and which manifest path should be reviewed if the context is missing or stale. Use it before `manifest init` when you want to understand the bootstrap input without writing `.qamap/manifest.yaml`.
|
|
35
|
+
`manifest context` is the read-only preview step. It shows which repo-local documents QAMap sees, how each source is classified, which validation commands were collected (from project configuration such as `package.json` scripts and pytest setup, plus instruction docs), which safety rules were extracted, and which manifest path should be reviewed if the context is missing or stale. Use it before `manifest init` when you want to understand the bootstrap input without writing `.qamap/manifest.yaml`.
|
|
36
36
|
|
|
37
37
|
During baseline generation, QAMap also looks for repo-local context documents that often contain verification knowledge not visible in source files:
|
|
38
38
|
|
|
@@ -196,7 +196,7 @@ The report includes:
|
|
|
196
196
|
|
|
197
197
|
- role summary by source file, such as `verification-rubric`, `test-runner`, `agent-skill`, or `harness-config`
|
|
198
198
|
- captured context sources with kind, confidence, roles, and signals
|
|
199
|
-
- validation commands and safety rules extracted from
|
|
199
|
+
- validation commands (project configuration first, then local docs) and safety rules extracted from prose
|
|
200
200
|
- diagnostics that point to the manifest path to edit when context is missing, stale, too broad, or not connected to checks
|
|
201
201
|
|
|
202
202
|
This command is useful when an E2E recommendation feels too vague. Instead of asking an LLM to re-read the repository, inspect the report, correct the repo-local context or `.qamap/manifest.yaml`, then rerun `qamap e2e draft`.
|
|
@@ -268,7 +268,7 @@ flows:
|
|
|
268
268
|
| `flows[].checks[].steps` | Optional concrete steps for this check. These are used before the title parser. |
|
|
269
269
|
| `context.instructionFiles` | Advisory repo-local context sources used while bootstrapping the manifest. |
|
|
270
270
|
| `context.instructionFiles[].roles` | Advisory role classification for a context source, such as `verification-rubric`, `workflow-lifecycle`, `agent-skill`, or `harness-config`. |
|
|
271
|
-
| `context.validationCommands` | Validation commands
|
|
271
|
+
| `context.validationCommands` | Validation commands from project configuration (verification-shaped `package.json` scripts, detected pytest setup) and context documents, ground truth first. |
|
|
272
272
|
| `context.safetyRules` | Workflow or safety rules inferred from context documents, with token-like values redacted. |
|
|
273
273
|
| `source.kind` | `inferred` for QAMap-generated entries or `declared` after human review. |
|
|
274
274
|
| `source.confidence` | `low`, `medium`, or `high` confidence in the entry. |
|
package/docs/quickstart-demo.md
CHANGED
|
@@ -1,5 +1,32 @@
|
|
|
1
1
|
# Release Validation
|
|
2
2
|
|
|
3
|
+
## 0.3.4 - 2026-07-10
|
|
4
|
+
|
|
5
|
+
Validated before publishing `0.3.4` with a committed, CI-enforced recommendation contract instead of relying only on private smoke repositories:
|
|
6
|
+
|
|
7
|
+
| Gate | Current result |
|
|
8
|
+
| --- | --- |
|
|
9
|
+
| `pnpm test` | 124/124 passing |
|
|
10
|
+
| `pnpm bench:ci` | Eight public PR fixtures pass runner, flow naming, file reach, selector/evidence, command, generic-title, blank-action, and agent payload requirements |
|
|
11
|
+
| Coverage | Lines 86.19%, branches 83.37%, functions 94.87% |
|
|
12
|
+
| Reverse import fixture | Shared component change reaches and names the consuming checkout page |
|
|
13
|
+
| API service fixture | Backend route changes produce an API contract, not a browser UI journey |
|
|
14
|
+
| Agent contract | Real output validates against `schema/qamap-agent.schema.json` and stays below the 4KB fixture limit |
|
|
15
|
+
| Verification-only regressions | Native config changes use existing build commands without fabricated journeys; changed Maestro files are returned as existing evidence without duplicate drafts or selector/fixture noise |
|
|
16
|
+
|
|
17
|
+
## 0.3.3 - 2026-07-05
|
|
18
|
+
|
|
19
|
+
Validated before publishing `0.3.3` (at-a-glance qa verdict, diff-anchored action naming incl. button/link text and logic-only fallbacks, observed-response assertions with diff-derived status bounds, Vue bound-attribute/i18n selector fixes):
|
|
20
|
+
|
|
21
|
+
| Gate | Result |
|
|
22
|
+
| --- | --- |
|
|
23
|
+
| `pnpm test` | 103/103 passing |
|
|
24
|
+
| `pnpm scan` (self-scan) | 0 findings |
|
|
25
|
+
| Coverage thresholds (lines/branches/functions >= 80) | Passing |
|
|
26
|
+
| `pnpm bench` against the four pinned local benchmark targets | Runner choice 4/4, labeled must-reach recall 9/9, blank actions 0, no metric regressions vs the 0.3.2 baseline |
|
|
27
|
+
| README demo repository | Flow names and recorded demo unchanged |
|
|
28
|
+
|
|
29
|
+
|
|
3
30
|
## 0.3.2 - 2026-07-04
|
|
4
31
|
|
|
5
32
|
Validated before publishing `0.3.2` (reverse import graph, diff-anchored steps and names, workspace-member project detection, Python service classification, start-here CLI guide):
|
|
@@ -9,7 +36,7 @@ Validated before publishing `0.3.2` (reverse import graph, diff-anchored steps a
|
|
|
9
36
|
| `pnpm test` | 100/100 passing |
|
|
10
37
|
| `pnpm scan` (self-scan) | 0 findings |
|
|
11
38
|
| Coverage thresholds (lines/branches/functions >= 80) | Passing |
|
|
12
|
-
| `pnpm bench` against four pinned local benchmark
|
|
39
|
+
| `pnpm bench` against four pinned local benchmark repositories covering common stack shapes (monorepo, API server, mobile, legacy web) | Runner choice 4/4, labeled must-reach recall 9/9, blank actions 0, no metric regressions vs the previous baseline |
|
|
13
40
|
| README demo | Real recorded run; the generated starter spec passes against the demo app |
|
|
14
41
|
|
|
15
42
|
Historical validation notes for earlier releases follow below.
|
|
@@ -20,7 +47,7 @@ QAMap should not publish a patch or minor version only because the CLI commands
|
|
|
20
47
|
|
|
21
48
|
## Release Bar
|
|
22
49
|
|
|
23
|
-
QAMap is ready for
|
|
50
|
+
QAMap is ready for the next public release when the commands below produce useful, reviewable output for each representative repository type:
|
|
24
51
|
|
|
25
52
|
- manifest-free `qamap qa` output that works as a PR comment/checklist draft
|
|
26
53
|
- packaged `skills/qamap-pr-qa/SKILL.md` template included in the npm tarball
|
|
@@ -58,7 +85,7 @@ Run these from a clean checkout of QAMap before any release candidate:
|
|
|
58
85
|
pnpm run release:check
|
|
59
86
|
```
|
|
60
87
|
|
|
61
|
-
`release:check` expands to the required local suite: `pnpm test`, `pnpm scan`, `git diff --check`, coverage thresholds, and `pnpm pack --dry-run`. If a release candidate fails, run the individual command directly to inspect the failure.
|
|
88
|
+
`release:check` expands to the required local suite: `pnpm test`, `pnpm scan`, `pnpm bench:ci`, `git diff --check`, coverage thresholds, and `pnpm pack --dry-run`. If a release candidate fails, run the individual command directly to inspect the failure.
|
|
62
89
|
|
|
63
90
|
Run the npm publish preview after the local release gate passes:
|
|
64
91
|
|
|
@@ -218,7 +245,7 @@ The same follow-up also showed the next quality gap. External manifest previews
|
|
|
218
245
|
| Design token repository | `main` to `HEAD`, working tree included | Detected `design-tokens`, selected manual output, avoided browser/device selector requirements, and produced review-only artifact validation output. | Docs-only or style-only changes may still surface content/theme wording instead of token artifact language. |
|
|
219
246
|
| Taxonomy / data catalog repository | `main` to `HEAD`, working tree included | Detected `data-catalog`, selected manual output, avoided API mock requirements, and produced review-only checklist output with no TODOs. | Catalog-specific changes are handled, but docs/config-only changes should be labeled more explicitly as low-signal. |
|
|
220
247
|
|
|
221
|
-
Interpretation: the
|
|
248
|
+
Interpretation: the next release should be described as a planner that removes blank-page verification work by combining static analysis with repo-local manifest memory. The smoke results are useful, but they also show that many real repositories will start at `review-only` or `near-runnable` until teams add runner config, selectors, fixtures, validation evidence, and durable manifests.
|
|
222
249
|
|
|
223
250
|
## Ongoing Validation Notes
|
|
224
251
|
|
package/docs/releasing.md
CHANGED
|
@@ -26,6 +26,7 @@ The gate must pass:
|
|
|
26
26
|
|
|
27
27
|
- `pnpm test`
|
|
28
28
|
- `pnpm scan`
|
|
29
|
+
- `pnpm bench:ci`
|
|
29
30
|
- `git diff --check`
|
|
30
31
|
- coverage thresholds for lines, branches, and functions
|
|
31
32
|
- `pnpm pack --dry-run`
|
|
@@ -45,6 +46,7 @@ The tarball must include runtime output, public documentation, schemas, and pack
|
|
|
45
46
|
|
|
46
47
|
- `dist`
|
|
47
48
|
- `docs`
|
|
49
|
+
- `skills`
|
|
48
50
|
- `schema`
|
|
49
51
|
- `README.md`
|
|
50
52
|
- `CHANGELOG.md`
|
|
@@ -65,9 +67,10 @@ npm publish --access public
|
|
|
65
67
|
After publish, verify the public package can be executed without a source checkout:
|
|
66
68
|
|
|
67
69
|
```sh
|
|
68
|
-
|
|
69
|
-
pnpm dlx @ivorycanvas/qamap
|
|
70
|
-
pnpm dlx @ivorycanvas/qamap
|
|
70
|
+
VERSION="$(node -p "require('./package.json').version")"
|
|
71
|
+
pnpm dlx "@ivorycanvas/qamap@$VERSION" qa . --base origin/main --head HEAD
|
|
72
|
+
pnpm dlx "@ivorycanvas/qamap@$VERSION" manifest validate .
|
|
73
|
+
pnpm dlx "@ivorycanvas/qamap@$VERSION" e2e draft . --base origin/main --head HEAD --dry-run
|
|
71
74
|
```
|
|
72
75
|
|
|
73
76
|
Use a fresh shell or temporary directory for the smoke check when possible.
|
|
@@ -77,8 +80,8 @@ Use a fresh shell or temporary directory for the smoke check when possible.
|
|
|
77
80
|
After npm publish succeeds:
|
|
78
81
|
|
|
79
82
|
```sh
|
|
80
|
-
git tag
|
|
81
|
-
git push origin
|
|
83
|
+
git tag "v$VERSION"
|
|
84
|
+
git push origin "v$VERSION"
|
|
82
85
|
```
|
|
83
86
|
|
|
84
87
|
Create a GitHub Release for the tag with:
|
|
@@ -93,13 +96,13 @@ Create a GitHub Release for the tag with:
|
|
|
93
96
|
After the tag and GitHub Release are visible, run:
|
|
94
97
|
|
|
95
98
|
```sh
|
|
96
|
-
pnpm dlx @ivorycanvas/qamap
|
|
97
|
-
pnpm dlx @ivorycanvas/qamap
|
|
98
|
-
pnpm dlx @ivorycanvas/qamap
|
|
99
|
-
pnpm dlx @ivorycanvas/qamap
|
|
99
|
+
pnpm dlx "@ivorycanvas/qamap@$VERSION" --version
|
|
100
|
+
pnpm dlx "@ivorycanvas/qamap@$VERSION" qa . --base origin/main --head HEAD --format agent
|
|
101
|
+
pnpm dlx "@ivorycanvas/qamap@$VERSION" manifest explain . --base origin/main --head HEAD
|
|
102
|
+
pnpm dlx "@ivorycanvas/qamap@$VERSION" verify . --base origin/main --head HEAD
|
|
100
103
|
```
|
|
101
104
|
|
|
102
|
-
Then update any public setup examples that should pin to `
|
|
105
|
+
Then update any public setup examples that should pin to the new `v$VERSION` tag.
|
|
103
106
|
|
|
104
107
|
## Rollback Notes
|
|
105
108
|
|
package/docs/roadmap.md
CHANGED
|
@@ -28,28 +28,23 @@ Before treating the next public release as ready, the golden demo must satisfy t
|
|
|
28
28
|
|
|
29
29
|
## Now
|
|
30
30
|
|
|
31
|
-
-
|
|
32
|
-
-
|
|
33
|
-
-
|
|
34
|
-
-
|
|
31
|
+
- Treat the committed [benchmark contract](benchmarking.md) as the quality gate for recommendations, not only implementation correctness. Reduce real failures into public fixtures and require `pnpm bench:ci` on every PR.
|
|
32
|
+
- Make `qa` the primary product surface. Its first screen and `--format agent` payload should agree on affected behavior, reviewer question, repository evidence, draft path, and missing trust requirements.
|
|
33
|
+
- Improve changed-file impact mapping from shared symbols and components to consuming routes, screens, API contracts, and manifest flows.
|
|
34
|
+
- Keep the [release validation checklist](release-validation.md), [manifest guide](manifest.md), public [E2E output examples](e2e-output-examples.md), and README examples aligned with captured output from the public fixtures.
|
|
35
35
|
- Stabilize the manifest feedback loop with `.qamap/manifest.yaml`, `manifest init`, `manifest validate`, `manifest explain`, JSON Schema, and manifest-driven E2E draft shaping.
|
|
36
36
|
- Keep `manifest context` useful as a pre-init sanity check for repo-local QA memory, harness docs, agent instructions, and runbooks.
|
|
37
37
|
- Improve generated drafts until the golden demo feels like a real starting point, not a generic checklist.
|
|
38
|
-
-
|
|
39
|
-
- Keep `eval` explainable enough that maintainers trust the score and know what to fix.
|
|
40
|
-
- Keep expanding representative validation targets beyond JavaScript so planning advice works for Python, Go, Rust, and JVM repositories.
|
|
38
|
+
- Keep `verify`, `e2e`, and `manifest` as deeper layers behind `qa`; freeze new scanner, doctor, eval, domains, flows, and history features until the core QA contract is consistently useful.
|
|
41
39
|
|
|
42
40
|
## Next
|
|
43
41
|
|
|
44
|
-
-
|
|
45
|
-
-
|
|
46
|
-
-
|
|
47
|
-
- Expand
|
|
48
|
-
- Map changed symbols to manifest anchors after the path/route baseline is stable.
|
|
42
|
+
- Add symbol-level anchors for exported components, hooks, API clients, handlers, schemas, and queries after the public import-impact fixture stays stable.
|
|
43
|
+
- Add a manifest correction command that proposes the exact flow/anchor patch and applies it only after human approval, avoiding routine hand-edits to YAML.
|
|
44
|
+
- Add stronger deterministic draft adapters for Playwright and Maestro while keeping `manual` output for API, CLI, token, and catalog repositories.
|
|
45
|
+
- Expand the public benchmark corpus with package-scoped monorepos, auth/session changes, dynamic routes, API failure fixtures, and non-JavaScript services.
|
|
49
46
|
- Keep the `--format agent` output a stable, versioned contract that skills and MCP wrappers can rely on.
|
|
50
|
-
- Add language-specific domain patterns for backend services, CLIs, libraries, mobile apps, and infrastructure repositories.
|
|
51
47
|
- Continue expanding agent surface detection across popular coding-agent tools without making the public workflow depend on a single vendor.
|
|
52
|
-
- Generate rule documentation from scanner metadata.
|
|
53
48
|
|
|
54
49
|
## Later
|
|
55
50
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ivorycanvas/qamap",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.4",
|
|
4
4
|
"description": "Local-first QA skill that turns PR diffs into affected flows, missing evidence, and E2E drafts with no cloud or LLM token.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"packageManager": "pnpm@10.32.1",
|
|
@@ -24,8 +24,9 @@
|
|
|
24
24
|
"coverage": "pnpm build && node --test --experimental-test-coverage --test-coverage-include=\"dist/**/*.js\" --test-coverage-lines=80 --test-coverage-branches=80 --test-coverage-functions=80 test/*.test.mjs",
|
|
25
25
|
"scan": "pnpm build && node dist/cli.js scan .",
|
|
26
26
|
"report": "pnpm build && node dist/cli.js report . --output QAMAP_REPORT.md",
|
|
27
|
-
"release:check": "pnpm test && pnpm scan && git diff --check && pnpm run coverage && pnpm pack --dry-run",
|
|
28
|
-
"bench": "pnpm build && node scripts/bench.mjs"
|
|
27
|
+
"release:check": "pnpm test && pnpm scan && pnpm bench:ci && git diff --check && pnpm run coverage && pnpm pack --dry-run",
|
|
28
|
+
"bench": "pnpm build && node scripts/bench.mjs",
|
|
29
|
+
"bench:ci": "pnpm build && node scripts/bench.mjs --config bench.config.json --assert"
|
|
29
30
|
},
|
|
30
31
|
"keywords": [
|
|
31
32
|
"ai",
|