@kirrosh/zond 0.22.0 → 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +811 -0
- package/README.md +59 -6
- package/package.json +9 -7
- package/src/CLAUDE.md +112 -0
- package/src/cli/argv.ts +122 -0
- package/src/cli/commands/add-api.ts +146 -0
- package/src/cli/commands/api/annotate/idempotency.ts +59 -0
- package/src/cli/commands/api/annotate/index.ts +880 -0
- package/src/cli/commands/api/annotate/lifecycle.ts +74 -0
- package/src/cli/commands/api/annotate/overlay.ts +206 -0
- package/src/cli/commands/api/annotate/pagination.ts +64 -0
- package/src/cli/commands/api/annotate/prompts.ts +220 -0
- package/src/cli/commands/api/annotate/readback.ts +58 -0
- package/src/cli/commands/api/annotate/resources.ts +91 -0
- package/src/cli/commands/api/annotate/seed-bodies.ts +61 -0
- package/src/cli/commands/audit.ts +786 -0
- package/src/cli/commands/catalog.ts +35 -0
- package/src/cli/commands/check.ts +361 -0
- package/src/cli/commands/checks.ts +1072 -0
- package/src/cli/commands/ci-init.ts +43 -0
- package/src/cli/commands/clean.ts +212 -0
- package/src/cli/commands/cleanup.ts +236 -0
- package/src/cli/commands/completions.ts +16 -0
- package/src/cli/commands/coverage.ts +823 -132
- package/src/cli/commands/db.ts +486 -12
- package/src/cli/commands/describe.ts +37 -2
- package/src/cli/commands/discover.ts +1356 -0
- package/src/cli/commands/doctor.ts +661 -0
- package/src/cli/commands/fixtures.ts +402 -0
- package/src/cli/commands/generate.ts +438 -47
- package/src/cli/commands/init/bootstrap.ts +34 -2
- package/src/cli/commands/{init.ts → init/index.ts} +99 -5
- package/src/cli/commands/init/skills.ts +99 -3
- package/src/cli/commands/init/templates/agents.md +77 -64
- package/src/cli/commands/init/templates/skills/warm-up-target.md +122 -0
- package/src/cli/commands/init/templates/skills/zond-checks.md +621 -0
- package/src/cli/commands/init/templates/skills/zond-seed.md +114 -0
- package/src/cli/commands/init/templates/skills/zond-triage.md +272 -0
- package/src/cli/commands/init/templates/skills/zond.md +802 -125
- package/src/cli/commands/init/templates/zond-config.yml +8 -9
- package/src/cli/commands/prepare-fixtures.ts +97 -0
- package/src/cli/commands/probe/_seed-bodies.ts +52 -0
- package/src/cli/commands/probe/mass-assignment.ts +594 -0
- package/src/cli/commands/probe/security.ts +537 -0
- package/src/cli/commands/probe/static.ts +255 -0
- package/src/cli/commands/probe/webhooks.ts +163 -0
- package/src/cli/commands/probe.ts +535 -0
- package/src/cli/commands/reference.ts +87 -0
- package/src/cli/commands/refresh-api.ts +227 -0
- package/src/cli/commands/remove-api.ts +150 -0
- package/src/cli/commands/report-bundle.ts +310 -0
- package/src/cli/commands/report.ts +241 -0
- package/src/cli/commands/request.ts +495 -4
- package/src/cli/commands/run.ts +870 -53
- package/src/cli/commands/schema-from-runs.ts +128 -0
- package/src/cli/commands/secrets.ts +133 -0
- package/src/cli/commands/session.ts +244 -0
- package/src/cli/commands/use.ts +18 -1
- package/src/cli/index.ts +20 -3
- package/src/cli/json-envelope.ts +92 -3
- package/src/cli/json-schemas.ts +314 -0
- package/src/cli/output.ts +17 -1
- package/src/cli/program.ts +199 -635
- package/src/cli/resolve.ts +105 -0
- package/src/cli/safe-live.ts +24 -0
- package/src/cli/status-filter.ts +114 -0
- package/src/cli/util/api-context.ts +85 -0
- package/src/cli/version.ts +5 -0
- package/src/core/audit/persist.ts +183 -0
- package/src/core/checks/budget.ts +59 -0
- package/src/core/checks/checks/_crud-helpers.ts +133 -0
- package/src/core/checks/checks/_negative_mutator.ts +133 -0
- package/src/core/checks/checks/_readback-helpers.ts +133 -0
- package/src/core/checks/checks/content_type_conformance.ts +39 -0
- package/src/core/checks/checks/cross_call_references.ts +147 -0
- package/src/core/checks/checks/cursor_boundary_fuzzing.ts +219 -0
- package/src/core/checks/checks/ensure_resource_availability.ts +62 -0
- package/src/core/checks/checks/idempotency_replay.ts +242 -0
- package/src/core/checks/checks/ignored_auth.ts +254 -0
- package/src/core/checks/checks/index.ts +68 -0
- package/src/core/checks/checks/lifecycle_transitions.ts +416 -0
- package/src/core/checks/checks/missing_required_header.ts +40 -0
- package/src/core/checks/checks/negative_data_rejection.ts +148 -0
- package/src/core/checks/checks/not_a_server_error.ts +35 -0
- package/src/core/checks/checks/open_cors_on_sensitive.ts +160 -0
- package/src/core/checks/checks/pagination_invariants.ts +419 -0
- package/src/core/checks/checks/positive_data_acceptance.ts +33 -0
- package/src/core/checks/checks/rate_limit_headers_absent.ts +77 -0
- package/src/core/checks/checks/response_headers_conformance.ts +74 -0
- package/src/core/checks/checks/response_schema_conformance.ts +30 -0
- package/src/core/checks/checks/status_code_conformance.ts +132 -0
- package/src/core/checks/checks/unsupported_method.ts +63 -0
- package/src/core/checks/checks/use_after_free.ts +78 -0
- package/src/core/checks/index.ts +30 -0
- package/src/core/checks/mode.ts +82 -0
- package/src/core/checks/recommended-action.ts +68 -0
- package/src/core/checks/registry.ts +78 -0
- package/src/core/checks/runner.ts +1461 -0
- package/src/core/checks/sarif.ts +230 -0
- package/src/core/checks/spec-findings.ts +308 -0
- package/src/core/checks/stateful.ts +121 -0
- package/src/core/checks/types.ts +305 -0
- package/src/core/checks/zond-extensions.ts +73 -0
- package/src/core/classifier/recommended-action.ts +251 -0
- package/src/core/context/current.ts +22 -6
- package/src/core/context/session.ts +78 -0
- package/src/core/coverage/loader.ts +216 -0
- package/src/core/coverage/reasons.ts +300 -0
- package/src/core/diagnostics/db-analysis.ts +293 -59
- package/src/core/diagnostics/failure-class.ts +140 -0
- package/src/core/diagnostics/failure-hints.ts +88 -89
- package/src/core/diagnostics/spec-pointer.ts +99 -0
- package/src/core/diagnostics/suggested-fixes.ts +155 -0
- package/src/core/exporter/case-study/index.ts +270 -0
- package/src/core/exporter/curl.ts +40 -0
- package/src/core/exporter/exporter.ts +48 -0
- package/src/core/exporter/html-report/escape.ts +24 -0
- package/src/core/exporter/html-report/index.ts +479 -0
- package/src/core/exporter/html-report/script.ts +100 -0
- package/src/core/exporter/html-report/styles.ts +408 -0
- package/src/core/generator/chunker.ts +38 -19
- package/src/core/generator/coverage-phase.ts +0 -0
- package/src/core/generator/data-factory.ts +586 -22
- package/src/core/generator/describe.ts +1 -1
- package/src/core/generator/fixtures-builder.ts +332 -0
- package/src/core/generator/index.ts +5 -5
- package/src/core/generator/openapi-reader.ts +135 -7
- package/src/core/generator/path-param-disambig.ts +140 -0
- package/src/core/generator/resources-builder.ts +898 -0
- package/src/core/generator/schema-utils.ts +33 -3
- package/src/core/generator/serializer.ts +103 -13
- package/src/core/generator/suite-generator.ts +583 -122
- package/src/core/generator/types.ts +14 -0
- package/src/core/identity/identity-file.ts +0 -0
- package/src/core/lint/affects.ts +28 -0
- package/src/core/lint/config.ts +96 -0
- package/src/core/lint/format.ts +42 -0
- package/src/core/lint/index.ts +94 -0
- package/src/core/lint/reporter.ts +128 -0
- package/src/core/lint/rules/consistency.ts +158 -0
- package/src/core/lint/rules/heuristics.ts +97 -0
- package/src/core/lint/rules/strictness.ts +109 -0
- package/src/core/lint/types.ts +96 -0
- package/src/core/lint/walker.ts +248 -0
- package/src/core/meta/meta-store.ts +6 -73
- package/src/core/output/README.md +73 -0
- package/src/core/output/index.ts +13 -0
- package/src/core/output/run.ts +91 -0
- package/src/core/output/types.ts +122 -0
- package/src/core/parser/dynamic-values.ts +160 -0
- package/src/core/parser/env-interpolation.ts +104 -0
- package/src/core/parser/filter.ts +57 -0
- package/src/core/parser/schema.ts +129 -4
- package/src/core/parser/types.ts +19 -1
- package/src/core/parser/variables.ts +0 -0
- package/src/core/parser/yaml-parser.ts +58 -12
- package/src/core/probe/bootstrap.ts +34 -0
- package/src/core/probe/dry-run-envelope.ts +61 -0
- package/src/core/probe/mass-assignment/classify.ts +175 -0
- package/src/core/probe/mass-assignment/cleanup.ts +52 -0
- package/src/core/probe/mass-assignment/digest.ts +114 -0
- package/src/core/probe/mass-assignment/orchestrator.ts +459 -0
- package/src/core/probe/mass-assignment/regression.ts +141 -0
- package/src/core/probe/mass-assignment/suspects.ts +92 -0
- package/src/core/probe/mass-assignment/types.ts +135 -0
- package/src/core/probe/mass-assignment-probe-class.ts +198 -0
- package/src/core/probe/mass-assignment-probe.ts +27 -0
- package/src/core/probe/mass-assignment-template.ts +240 -0
- package/src/core/probe/method-probe.ts +43 -76
- package/src/core/probe/method-shared.ts +69 -0
- package/src/core/probe/negative-probe.ts +183 -149
- package/src/core/probe/orphan-tracker.ts +188 -0
- package/src/core/probe/path-discovery.ts +439 -0
- package/src/core/probe/probe-harness.ts +119 -0
- package/src/core/probe/registry.ts +89 -0
- package/src/core/probe/runner.ts +136 -0
- package/src/core/probe/security/baseline.ts +174 -0
- package/src/core/probe/security/classify.ts +341 -0
- package/src/core/probe/security/cleanup.ts +125 -0
- package/src/core/probe/security/detectors.ts +71 -0
- package/src/core/probe/security/digest.ts +104 -0
- package/src/core/probe/security/orchestrator.ts +398 -0
- package/src/core/probe/security/regression.ts +103 -0
- package/src/core/probe/security/types.ts +151 -0
- package/src/core/probe/security-probe-class.ts +207 -0
- package/src/core/probe/security-probe.ts +32 -0
- package/src/core/probe/shared.ts +531 -0
- package/src/core/probe/static-probe-class.ts +125 -0
- package/src/core/probe/types.ts +165 -0
- package/src/core/probe/verdict-aggregator.ts +33 -0
- package/src/core/probe/webhooks-probe.ts +282 -0
- package/src/core/reporter/console.ts +41 -2
- package/src/core/reporter/index.ts +2 -3
- package/src/core/reporter/json.ts +11 -1
- package/src/core/reporter/junit.ts +27 -12
- package/src/core/reporter/ndjson.ts +37 -0
- package/src/core/reporter/types.ts +3 -0
- package/src/core/runner/assertions.ts +59 -2
- package/src/core/runner/async-pool.ts +108 -0
- package/src/core/runner/auth-path.ts +8 -0
- package/src/core/runner/ci-context.ts +72 -0
- package/src/core/runner/executor.ts +265 -36
- package/src/core/runner/form-encode.ts +41 -0
- package/src/core/runner/http-client.ts +112 -2
- package/src/core/runner/learn-drift.ts +293 -0
- package/src/core/runner/preflight-vars.ts +153 -0
- package/src/core/runner/progress-tracker.ts +73 -0
- package/src/core/runner/rate-limiter.ts +87 -33
- package/src/core/runner/run-kind.ts +45 -0
- package/src/core/runner/schema-validator.ts +308 -0
- package/src/core/runner/send-request.ts +158 -20
- package/src/core/runner/types.ts +44 -0
- package/src/core/secrets/registry.ts +164 -0
- package/src/core/secrets/secrets-file.ts +115 -0
- package/src/core/selectors/operation-filter.ts +144 -0
- package/src/core/setup-api.ts +457 -20
- package/src/core/severity/category.ts +94 -0
- package/src/core/severity/index.ts +58 -0
- package/src/core/spec/infer-schema.ts +102 -0
- package/src/core/spec/layers.ts +154 -0
- package/src/core/spec/merge-specs.ts +156 -0
- package/src/core/spec/schema-from-runs.ts +117 -0
- package/src/core/spec/schema-overlay.ts +130 -0
- package/src/core/util/ajv.ts +13 -0
- package/src/core/util/format-eta.ts +21 -0
- package/src/core/util/headers.ts +9 -0
- package/src/core/util/url.ts +24 -0
- package/src/core/utils.ts +5 -1
- package/src/core/workspace/config.ts +129 -0
- package/src/core/workspace/fixture-gap-report.ts +84 -0
- package/src/core/workspace/fixture-gaps.ts +71 -0
- package/src/core/workspace/manifest.ts +283 -0
- package/src/core/workspace/output-rotation.ts +62 -0
- package/src/core/workspace/root.ts +13 -11
- package/src/core/workspace/triage-path.ts +87 -0
- package/src/db/lint-runs.ts +47 -0
- package/src/db/migrate.ts +128 -0
- package/src/db/migrations/0001_run_kind.sql +25 -0
- package/src/db/migrations/0002_run_kind_request.sql +59 -0
- package/src/db/migrations/sql.d.ts +4 -0
- package/src/db/queries/collections.ts +133 -0
- package/src/db/queries/coverage.ts +9 -0
- package/src/db/queries/dashboard.ts +59 -0
- package/src/db/queries/results.ts +216 -0
- package/src/db/queries/runs.ts +289 -0
- package/src/db/queries/sessions.ts +42 -0
- package/src/db/queries/settings.ts +28 -0
- package/src/db/queries/types.ts +172 -0
- package/src/db/queries.ts +75 -802
- package/src/db/schema.ts +178 -50
- package/src/cli/commands/export.ts +0 -144
- package/src/cli/commands/guide.ts +0 -127
- package/src/cli/commands/init/templates/skills/scenarios.md +0 -97
- package/src/cli/commands/probe-methods.ts +0 -108
- package/src/cli/commands/probe-validation.ts +0 -124
- package/src/cli/commands/serve.ts +0 -114
- package/src/cli/commands/sync.ts +0 -268
- package/src/cli/commands/update.ts +0 -189
- package/src/cli/commands/validate.ts +0 -34
- package/src/core/diagnostics/render-md.ts +0 -112
- package/src/core/exporter/postman.ts +0 -963
- package/src/core/generator/guide-builder.ts +0 -253
- package/src/core/meta/types.ts +0 -19
- package/src/core/parser/index.ts +0 -21
- package/src/core/runner/execute-run.ts +0 -132
- package/src/core/runner/index.ts +0 -12
- package/src/core/sync/spec-differ.ts +0 -38
- package/src/web/data/collection-state.ts +0 -362
- package/src/web/routes/api.ts +0 -314
- package/src/web/routes/dashboard.ts +0 -350
- package/src/web/routes/runs.ts +0 -64
- package/src/web/schemas.ts +0 -121
- package/src/web/server.ts +0 -134
- package/src/web/static/htmx.min.cjs +0 -1
- package/src/web/static/style.css +0 -1148
- package/src/web/views/endpoints-tab.ts +0 -174
- package/src/web/views/explorer-tab.ts +0 -402
- package/src/web/views/health-strip.ts +0 -92
- package/src/web/views/layout.ts +0 -48
- package/src/web/views/results.ts +0 -210
- package/src/web/views/runs-tab.ts +0 -126
- package/src/web/views/suites-tab.ts +0 -181
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
4
|
-
import {
|
|
1
|
+
import { existsSync, readdirSync } from "node:fs";
|
|
2
|
+
import { setupApi, type SetupApiResult } from "../../../core/setup-api.ts";
|
|
3
|
+
import { printError, printSuccess } from "../../output.ts";
|
|
4
|
+
import { jsonOk, jsonError, printJson } from "../../json-envelope.ts";
|
|
5
|
+
import { bootstrapWorkspace, type BootstrapResult } from "./bootstrap.ts";
|
|
5
6
|
|
|
6
7
|
export interface InitOptions {
|
|
7
8
|
// register-an-API options (existing)
|
|
@@ -21,6 +22,8 @@ export interface InitOptions {
|
|
|
21
22
|
noAgents?: boolean;
|
|
22
23
|
/** Skip writing Claude Code skills under .claude/skills/. */
|
|
23
24
|
noSkills?: boolean;
|
|
25
|
+
/** Remove legacy skill dirs (zond-base, zond-scenarios, …) — by default a warning is printed. */
|
|
26
|
+
pruneStaleSkills?: boolean;
|
|
24
27
|
/** Override cwd for bootstrap (used by tests; CLI always uses process.cwd()). */
|
|
25
28
|
cwd?: string;
|
|
26
29
|
/** Override $HOME for MCP install (used by tests). */
|
|
@@ -55,7 +58,13 @@ export async function initCommand(options: InitOptions): Promise<number> {
|
|
|
55
58
|
return 0;
|
|
56
59
|
}
|
|
57
60
|
|
|
58
|
-
const bootstrap = bootstrapWorkspace({
|
|
61
|
+
const bootstrap = bootstrapWorkspace({
|
|
62
|
+
writeAgents,
|
|
63
|
+
writeSkills,
|
|
64
|
+
pruneStaleSkills: options.pruneStaleSkills,
|
|
65
|
+
cwd: options.cwd,
|
|
66
|
+
home: options.home,
|
|
67
|
+
});
|
|
59
68
|
let register: SetupApiResult | null = null;
|
|
60
69
|
|
|
61
70
|
if (mode === "bootstrap+register") {
|
|
@@ -72,6 +81,8 @@ export async function initCommand(options: InitOptions): Promise<number> {
|
|
|
72
81
|
agentsPath: bootstrap.agents?.path ?? null,
|
|
73
82
|
agentsAction: bootstrap.agents?.action ?? null,
|
|
74
83
|
skills: bootstrap.skills.map((s) => ({ name: s.name, path: s.path, action: s.action })),
|
|
84
|
+
staleSkills: bootstrap.staleSkills.map((s) => ({ name: s.name, path: s.path })),
|
|
85
|
+
prunedSkills: bootstrap.prunedSkills.map((s) => ({ name: s.name, path: s.path })),
|
|
75
86
|
};
|
|
76
87
|
if (register) {
|
|
77
88
|
data.collectionId = register.collectionId;
|
|
@@ -134,6 +145,9 @@ function printBootstrapResult(b: BootstrapResult, writeAgents: boolean): void {
|
|
|
134
145
|
for (const s of b.skills) {
|
|
135
146
|
lines.push(` ${verb(s.action)} .claude/skills/${s.name}/SKILL.md`);
|
|
136
147
|
}
|
|
148
|
+
for (const s of b.prunedSkills) {
|
|
149
|
+
lines.push(` Removed .claude/skills/${s.name}/ (stale)`);
|
|
150
|
+
}
|
|
137
151
|
for (const w of b.warnings) {
|
|
138
152
|
process.stderr.write(`Warning: ${w}\n`);
|
|
139
153
|
}
|
|
@@ -143,8 +157,88 @@ function printBootstrapResult(b: BootstrapResult, writeAgents: boolean): void {
|
|
|
143
157
|
} else {
|
|
144
158
|
printSuccess("Workspace ready. See AGENTS.md for the CLI workflow.");
|
|
145
159
|
}
|
|
160
|
+
const apiNames = listExistingApis(b.cwd);
|
|
161
|
+
if (apiNames.length === 0) {
|
|
162
|
+
process.stderr.write(
|
|
163
|
+
`\nNext steps:\n` +
|
|
164
|
+
` 1. zond add api <name> --spec <path|url> # register API → builds .api-fixtures.yaml (manifest)\n` +
|
|
165
|
+
` 2. zond doctor --api <name> # gap report: which vars are UNSET in .env.yaml\n` +
|
|
166
|
+
` 3. zond prepare-fixtures --api <name> --apply # fill .env.yaml values (single-pass); fill any gaps by hand\n` +
|
|
167
|
+
`\nNote: zond init only refreshes workspace files (skills, AGENTS.md, zond.config.yml).\n` +
|
|
168
|
+
` It does NOT touch fixtures or .env.yaml — that's the doctor/prepare-fixtures loop above.\n`
|
|
169
|
+
);
|
|
170
|
+
} else {
|
|
171
|
+
const sample = apiNames[0]!;
|
|
172
|
+
process.stderr.write(
|
|
173
|
+
`\nFixtures untouched. zond init only refreshes skills/AGENTS.md/zond.config.yml.\n` +
|
|
174
|
+
`Verify env state with:\n` +
|
|
175
|
+
` zond doctor --api ${sample} --missing-only # show UNSET vars + blocked endpoints\n` +
|
|
176
|
+
` zond prepare-fixtures --api ${sample} --apply # discover values (single-pass); fill any gaps by hand\n`
|
|
177
|
+
);
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
function listExistingApis(cwd: string): string[] {
|
|
182
|
+
try {
|
|
183
|
+
const apisDir = `${cwd}/apis`;
|
|
184
|
+
if (!existsSync(apisDir)) return [];
|
|
185
|
+
return readdirSync(apisDir, { withFileTypes: true })
|
|
186
|
+
.filter((d) => d.isDirectory() && existsSync(`${apisDir}/${d.name}/spec.json`))
|
|
187
|
+
.map((d) => d.name)
|
|
188
|
+
.sort();
|
|
189
|
+
} catch {
|
|
190
|
+
return [];
|
|
191
|
+
}
|
|
146
192
|
}
|
|
147
193
|
|
|
148
194
|
function verb(action: "created" | "updated" | "noop"): string {
|
|
149
195
|
return action === "created" ? "Created" : action === "updated" ? "Updated" : "Up-to-date:";
|
|
150
196
|
}
|
|
197
|
+
|
|
198
|
+
import type { Command } from "commander";
|
|
199
|
+
import { globalJson } from "../../resolve.ts";
|
|
200
|
+
|
|
201
|
+
export function registerInit(program: Command): void {
|
|
202
|
+
program
|
|
203
|
+
.command("init [spec]")
|
|
204
|
+
.description("Bootstrap a workspace, or register an API when --spec is given")
|
|
205
|
+
.option("--name <name>", "API name (auto-detected from spec title if omitted)")
|
|
206
|
+
.option("--spec <path>", "Path to OpenAPI spec file (registers a single API)")
|
|
207
|
+
.option("--base-url <url>", "Override base URL")
|
|
208
|
+
.option("--dir <path>", "Target directory")
|
|
209
|
+
.option("--force", "Overwrite existing API collection")
|
|
210
|
+
.option("--insecure", "Skip TLS verification when fetching the spec")
|
|
211
|
+
.option("--db <path>", "Path to SQLite database file")
|
|
212
|
+
.option("--workspace", "Bootstrap a zond workspace (zond.config.yml, apis/, AGENTS.md)")
|
|
213
|
+
.option("--with-spec <path>", "Bootstrap workspace AND register first API from spec")
|
|
214
|
+
.option("--no-agents-md", "Skip writing AGENTS.md when bootstrapping")
|
|
215
|
+
.option("--no-skills", "Skip writing Claude Code skills under .claude/skills/")
|
|
216
|
+
.option(
|
|
217
|
+
"--prune-stale-skills",
|
|
218
|
+
"Remove .claude/skills/ dirs for retired template names (zond-base, zond-scenarios)",
|
|
219
|
+
)
|
|
220
|
+
.action(async (specPos: string | undefined, opts, cmd: Command) => {
|
|
221
|
+
const spec = opts.spec ?? specPos;
|
|
222
|
+
const json = globalJson(cmd);
|
|
223
|
+
if ((spec || opts.withSpec) && !json) {
|
|
224
|
+
process.stderr.write(
|
|
225
|
+
`Warning: 'zond init --spec' / '--with-spec' is deprecated. Use \`zond add api <name> --spec <path>\` (run \`zond init\` separately to bootstrap the workspace).\n`,
|
|
226
|
+
);
|
|
227
|
+
}
|
|
228
|
+
process.exitCode = await initCommand({
|
|
229
|
+
name: opts.name,
|
|
230
|
+
spec,
|
|
231
|
+
baseUrl: opts.baseUrl,
|
|
232
|
+
dir: opts.dir,
|
|
233
|
+
force: opts.force === true,
|
|
234
|
+
insecure: opts.insecure === true,
|
|
235
|
+
dbPath: opts.db,
|
|
236
|
+
workspace: opts.workspace === true,
|
|
237
|
+
withSpec: opts.withSpec,
|
|
238
|
+
noAgents: opts.agentsMd === false,
|
|
239
|
+
noSkills: opts.skills === false,
|
|
240
|
+
pruneStaleSkills: opts.pruneStaleSkills === true,
|
|
241
|
+
json,
|
|
242
|
+
});
|
|
243
|
+
});
|
|
244
|
+
}
|
|
@@ -1,8 +1,11 @@
|
|
|
1
|
-
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
|
|
1
|
+
import { existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
|
|
2
2
|
import { dirname, join } from "node:path";
|
|
3
3
|
|
|
4
4
|
import zondSkill from "./templates/skills/zond.md" with { type: "text" };
|
|
5
|
-
import
|
|
5
|
+
import checksSkill from "./templates/skills/zond-checks.md" with { type: "text" };
|
|
6
|
+
import triageSkill from "./templates/skills/zond-triage.md" with { type: "text" };
|
|
7
|
+
import seedSkill from "./templates/skills/zond-seed.md" with { type: "text" };
|
|
8
|
+
import warmUpSkill from "./templates/skills/warm-up-target.md" with { type: "text" };
|
|
6
9
|
|
|
7
10
|
export interface SkillResult {
|
|
8
11
|
name: string;
|
|
@@ -16,10 +19,103 @@ interface SkillTemplate {
|
|
|
16
19
|
}
|
|
17
20
|
|
|
18
21
|
const SKILLS: SkillTemplate[] = [
|
|
22
|
+
// Primary skill: artifact model + iron rules + full workflow
|
|
23
|
+
// (init → fixtures → annotate → generate → run → stateful checks →
|
|
24
|
+
// probes → coverage → share) + single-flow scenario authoring.
|
|
19
25
|
{ name: "zond", body: zondSkill },
|
|
20
|
-
|
|
26
|
+
// Depth-check reference: conformance + security + m-20 stateful
|
|
27
|
+
// (cross_call_references, idempotency_replay, pagination_invariants,
|
|
28
|
+
// lifecycle_transitions) with per-aspect annotate flow.
|
|
29
|
+
{ name: "zond-checks", body: checksSkill },
|
|
30
|
+
// Read-only triage of a finished run / probe artifact.
|
|
31
|
+
{ name: "zond-triage", body: triageSkill },
|
|
32
|
+
// ARV-355: agent-orchestrated auto-seed loop (read gaps → order by
|
|
33
|
+
// fkDependencies → author body → request POST --capture → fix 4xx + retry).
|
|
34
|
+
{ name: "zond-seed", body: seedSkill },
|
|
35
|
+
// ARV-366: warm up external-input fixtures (issue_id/file_id/integration_id)
|
|
36
|
+
// via the target's own SDK/CLI/replay — the honest-2xx ceiling zond-seed
|
|
37
|
+
// can't reach with a plain POST. Agent warms, zond stores + measures.
|
|
38
|
+
{ name: "warm-up-target", body: warmUpSkill },
|
|
21
39
|
];
|
|
22
40
|
|
|
41
|
+
/**
|
|
42
|
+
* Names previously emitted by `upsertSkills` but no longer in `SKILLS`.
|
|
43
|
+
* Detected as stale by `detectStaleSkills` and removed by
|
|
44
|
+
* `pruneStaleSkills` (only when the user opts in via `--prune-stale-skills`).
|
|
45
|
+
*
|
|
46
|
+
* Append a name here whenever a skill template is retired. User-authored
|
|
47
|
+
* skills (any name NOT in this list) are never touched.
|
|
48
|
+
*/
|
|
49
|
+
const LEGACY_SKILL_NAMES: readonly string[] = [
|
|
50
|
+
"zond-base", // retired by skills-consolidation refactor (folded into zond)
|
|
51
|
+
"zond-scenarios", // retired by skills-consolidation refactor (folded into zond)
|
|
52
|
+
] as const;
|
|
53
|
+
|
|
54
|
+
export interface StaleSkill {
|
|
55
|
+
name: string;
|
|
56
|
+
path: string;
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
/**
|
|
60
|
+
* Per-skill drift status vs the in-binary template. `missing` is
|
|
61
|
+
* non-actionable on its own (user may have intentionally passed
|
|
62
|
+
* `--no-skills`); `outdated` is the actionable one — workspace skill
|
|
63
|
+
* predates a binary upgrade and `zond init` will refresh it.
|
|
64
|
+
*/
|
|
65
|
+
export type SkillDriftStatus = "fresh" | "outdated" | "missing";
|
|
66
|
+
|
|
67
|
+
export interface SkillDrift {
|
|
68
|
+
name: string;
|
|
69
|
+
path: string;
|
|
70
|
+
status: SkillDriftStatus;
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
/**
|
|
74
|
+
* Compare each in-binary skill template against the workspace copy at
|
|
75
|
+
* `<cwd>/.claude/skills/<name>/SKILL.md`. Returns one entry per skill —
|
|
76
|
+
* callers filter by status (`outdated` → warn the user to re-run
|
|
77
|
+
* `zond init`).
|
|
78
|
+
*/
|
|
79
|
+
export function detectSkillDrift(cwd: string): SkillDrift[] {
|
|
80
|
+
return SKILLS.map(({ name, body }) => {
|
|
81
|
+
const path = join(cwd, ".claude", "skills", name, "SKILL.md");
|
|
82
|
+
const desired = body.endsWith("\n") ? body : body + "\n";
|
|
83
|
+
if (!existsSync(path)) return { name, path, status: "missing" as const };
|
|
84
|
+
const current = readFileSync(path, "utf-8");
|
|
85
|
+
return {
|
|
86
|
+
name,
|
|
87
|
+
path,
|
|
88
|
+
status: (current === desired ? "fresh" : "outdated") as SkillDriftStatus,
|
|
89
|
+
};
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
/**
|
|
94
|
+
* Returns directories under `<cwd>/.claude/skills/` whose name is in
|
|
95
|
+
* `LEGACY_SKILL_NAMES`. User-authored skill directories (any other
|
|
96
|
+
* name) are intentionally ignored.
|
|
97
|
+
*/
|
|
98
|
+
export function detectStaleSkills(cwd: string): StaleSkill[] {
|
|
99
|
+
const out: StaleSkill[] = [];
|
|
100
|
+
for (const name of LEGACY_SKILL_NAMES) {
|
|
101
|
+
const path = join(cwd, ".claude", "skills", name);
|
|
102
|
+
if (existsSync(path)) out.push({ name, path });
|
|
103
|
+
}
|
|
104
|
+
return out;
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
/**
|
|
108
|
+
* Recursively removes the directories returned by `detectStaleSkills`.
|
|
109
|
+
* Returns the list of names that were actually removed.
|
|
110
|
+
*/
|
|
111
|
+
export function pruneStaleSkills(cwd: string, opts: { dryRun?: boolean } = {}): StaleSkill[] {
|
|
112
|
+
const stale = detectStaleSkills(cwd);
|
|
113
|
+
if (!opts.dryRun) {
|
|
114
|
+
for (const { path } of stale) rmSync(path, { recursive: true, force: true });
|
|
115
|
+
}
|
|
116
|
+
return stale;
|
|
117
|
+
}
|
|
118
|
+
|
|
23
119
|
/**
|
|
24
120
|
* Idempotently writes Claude Code skills into `<cwd>/.claude/skills/<name>/SKILL.md`.
|
|
25
121
|
* Body is identical to the in-binary template — overwrites on drift, noop on match.
|
|
@@ -1,73 +1,86 @@
|
|
|
1
1
|
## API testing with zond
|
|
2
2
|
|
|
3
|
-
This workspace uses [zond](https://github.com/kirrosh/zond) for API testing
|
|
4
|
-
|
|
3
|
+
This workspace uses [zond](https://github.com/kirrosh/zond) for API testing — CLI
|
|
4
|
+
only, no MCP server in this workspace.
|
|
5
|
+
|
|
6
|
+
### Skills
|
|
7
|
+
|
|
8
|
+
- **`.claude/skills/zond/SKILL.md` (primary)** — artifact model + iron
|
|
9
|
+
rules + full workflow: fixtures → annotate → generate → smoke → CRUD
|
|
10
|
+
→ stateful checks → probes → coverage → report, plus single-flow
|
|
11
|
+
scenario authoring. Loads on workspace touch and on intent ("audit
|
|
12
|
+
this API", "find bugs", "write a test for X flow").
|
|
13
|
+
- **`.claude/skills/zond-checks/SKILL.md`** — depth-check reference:
|
|
14
|
+
conformance + security + m-20 stateful invariants
|
|
15
|
+
(cross_call_references, idempotency_replay, pagination_invariants,
|
|
16
|
+
lifecycle_transitions) and the `zond api annotate dump+apply` flow.
|
|
17
|
+
- **`.claude/skills/zond-triage/SKILL.md`** — read-only triage of a
|
|
18
|
+
finished run / probe artifact. Routes by `recommended_action` enum.
|
|
19
|
+
- **`.claude/skills/zond-seed/SKILL.md`** — agent-orchestrated seed loop:
|
|
20
|
+
read fixture gaps → order by FK deps → author body → `request POST
|
|
21
|
+
--capture` → fix 4xx + retry. Fills what `prepare-fixtures` reports missing.
|
|
22
|
+
- **`.claude/skills/warm-up-target/SKILL.md`** — warm external-input
|
|
23
|
+
fixtures (issue_id/file_id/integration_id) via the target's own
|
|
24
|
+
SDK/CLI/replay — the honest-2xx ceiling a plain POST can't reach.
|
|
25
|
+
|
|
26
|
+
These skills work off the per-API artifacts written by `zond add api`:
|
|
5
27
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
and fixture creation via the API (hand-written YAML with captures,
|
|
16
|
-
`setup: true`, `always: true`). NOT for spec coverage or bug hunting.
|
|
17
|
-
|
|
18
|
-
### Mandatory rules (always-on)
|
|
28
|
+
```
|
|
29
|
+
apis/<name>/
|
|
30
|
+
spec.json # dereferenced OpenAPI (machine source — only generators read it)
|
|
31
|
+
.api-catalog.yaml # endpoint index (cheap to read, agent-friendly)
|
|
32
|
+
.api-resources.yaml # CRUD chains, FK deps, ETag/soft-delete flags
|
|
33
|
+
.api-fixtures.yaml # MANIFEST: required {{vars}} (read-only, auto-generated)
|
|
34
|
+
.env.yaml # VALUES: variable values (user-edited; auto-gitignored)
|
|
35
|
+
tests/ scenarios/ probes/
|
|
36
|
+
```
|
|
19
37
|
|
|
20
|
-
- **
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
- **NEVER** hardcode tokens — put them in `apis/<name>/.env.yaml` (already gitignored)
|
|
26
|
-
and reference as `{{auth_token}}` in test YAML.
|
|
27
|
-
- `--safe` enforces GET-only; never run CRUD tests against production without explicit
|
|
28
|
-
user confirmation and a staging environment.
|
|
29
|
-
- When `zond db diagnose` reports `recommended_action: report_backend_bug` — STOP, do
|
|
30
|
-
not change the test to make it pass.
|
|
38
|
+
`.api-fixtures.yaml` is the **manifest** (single source of truth for the
|
|
39
|
+
list of vars an API needs) and `.env.yaml` holds their **values**. Don't
|
|
40
|
+
add a key to `.env.yaml` that's not in the manifest — it'll be warned and
|
|
41
|
+
ignored. A missing entry in the manifest is a generator/manifest bug, not
|
|
42
|
+
an env fix.
|
|
31
43
|
|
|
32
|
-
###
|
|
44
|
+
### Setup flow
|
|
33
45
|
|
|
34
46
|
```bash
|
|
35
|
-
#
|
|
36
|
-
zond
|
|
37
|
-
zond
|
|
38
|
-
|
|
39
|
-
#
|
|
40
|
-
zond
|
|
41
|
-
zond describe <spec> --compact
|
|
42
|
-
|
|
43
|
-
# 3. Generate test stubs and run smoke (GET-only)
|
|
44
|
-
zond generate <spec> --output apis/<name>/tests --tag smoke
|
|
45
|
-
zond run --safe --json
|
|
46
|
-
|
|
47
|
-
# 4. Diagnose failures
|
|
48
|
-
zond db runs --limit 5
|
|
49
|
-
zond db diagnose <run-id> --json
|
|
50
|
-
|
|
51
|
-
# 5. Coverage gate
|
|
52
|
-
zond coverage --fail-on-coverage 50
|
|
53
|
-
|
|
54
|
-
# 6. CRUD only with explicit user confirmation + staging env
|
|
55
|
-
zond run --tag crud --dry-run # show what would be sent
|
|
56
|
-
zond run --tag crud --env staging
|
|
47
|
+
zond init # bootstrap workspace (no fixture changes)
|
|
48
|
+
zond add api <name> --spec <path-or-url> # register API + emit manifest + seed empty .env.yaml
|
|
49
|
+
zond doctor --api <name> --missing-only # gap report: which vars are UNSET
|
|
50
|
+
zond prepare-fixtures --api <name> # gap report: verify + which FK vars need a value
|
|
51
|
+
# → fill each gap yourself: `zond fixtures add` / edit .env.yaml (you pick the value)
|
|
52
|
+
zond doctor --api <name> # re-check (exit 0 = ready)
|
|
57
53
|
```
|
|
58
54
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
55
|
+
What each step does to `.env.yaml`:
|
|
56
|
+
|
|
57
|
+
| Command | Touches `.env.yaml`? |
|
|
58
|
+
|---|---|
|
|
59
|
+
| `zond init` | no — only writes workspace/skills files |
|
|
60
|
+
| `zond add api` | seeds skeleton with empty placeholders for every required var |
|
|
61
|
+
| `zond doctor` | no — read-only diagnostic |
|
|
62
|
+
| `zond prepare-fixtures` | no — reports gaps only; **never harvests a value** (which record/field fills a slot is your call) |
|
|
63
|
+
| `zond prepare-fixtures --refresh` | unsets stale (404) ids so they resurface as gaps (`.bak` backup); does not re-resolve |
|
|
64
|
+
| `zond fixtures add` / `import` | writes the value you supply (`.bak` backup) |
|
|
65
|
+
| `zond refresh-api` | no — only re-snapshots `spec.json` and rebuilds the manifest |
|
|
66
|
+
|
|
67
|
+
`zond refresh-api <name> [--spec <new-source>]` re-snapshots when the upstream
|
|
68
|
+
spec changes.
|
|
69
|
+
|
|
70
|
+
**Re-running `zond init`** is safe and expected after a CLI upgrade: it
|
|
71
|
+
re-emits skills/AGENTS.md/zond.config.yml only. Fixtures stay exactly as
|
|
72
|
+
they were — never relies on init to fill `.env.yaml`.
|
|
73
|
+
|
|
74
|
+
### Mandatory rules (mirrored from the skills — non-negotiable)
|
|
75
|
+
|
|
76
|
+
- **NEVER read raw OpenAPI/Swagger** with Read/cat/grep — use the artifacts
|
|
77
|
+
in `apis/<name>/.api-*.yaml`. Drop into `spec.json` only when a probe
|
|
78
|
+
generator needs full schemas.
|
|
79
|
+
- **NEVER use curl/wget** — use `zond request <method> <url>` for ad-hoc HTTP.
|
|
80
|
+
- **NEVER write test YAML from scratch for autogen flows** — start with
|
|
81
|
+
`zond generate`, then edit failures. (Hand-written YAML is fine for
|
|
82
|
+
scenarios.)
|
|
83
|
+
- **NEVER hardcode tokens** — `apis/<name>/.env.yaml` (auto-gitignored),
|
|
84
|
+
reference as `{{auth_token}}`.
|
|
85
|
+
- **`recommended_action: report_backend_bug` (5xx) → STOP**, do not edit
|
|
86
|
+
assertions to make the test pass.
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: warm-up-target
|
|
3
|
+
description: |
|
|
4
|
+
Warm up the TARGET API's environment so honest-2xx coverage stops being
|
|
5
|
+
capped by empty state. Picks up where `zond-seed` stops: the fixtures the
|
|
6
|
+
API cannot self-create via a plain POST — a real error `issue_id` (needs an
|
|
7
|
+
actual event), a `file_id` (needs a sourcemap/artifact upload), an
|
|
8
|
+
`integration_id` (needs an OAuth/app install), a `webhook_event_id` (needs a
|
|
9
|
+
replay). YOU decide HOW to warm each one using the target's OWN tooling (its
|
|
10
|
+
SDK, CLI, dashboard, replay/trigger endpoints); then harvest the resulting
|
|
11
|
+
LIVE id into `.env.yaml`. Use when honest-2xx is stuck low (~30%), when
|
|
12
|
+
`zond-seed` / `prepare-fixtures` report roots as un-seedable / external-input,
|
|
13
|
+
or the user asks to "warm up the target", "raise honest-2xx", "seed via the
|
|
14
|
+
SDK", "generate real test data". zond only STORES the id and MEASURES the
|
|
15
|
+
lift — the warm-up judgment is yours. Hand back to `zond` once warm.
|
|
16
|
+
allowed-tools: [Read, Write, Edit, Bash]
|
|
17
|
+
---
|
|
18
|
+
|
|
19
|
+
# warm-up-target — get the API into a testable state
|
|
20
|
+
|
|
21
|
+
`prepare-fixtures` reports fixture gaps; `zond-seed` fills the ones the API
|
|
22
|
+
self-serves (plain `POST` + capture). Whatever is left — resources that exist
|
|
23
|
+
only after a **real-world event** — is the honest-2xx ceiling. This skill
|
|
24
|
+
breaks that ceiling by warming the target with **its own means**, then storing
|
|
25
|
+
the live ids zond will reuse.
|
|
26
|
+
|
|
27
|
+
This is **not** core zond and **not** a heuristic: zond never learns how to
|
|
28
|
+
warm an API (that judgment has an infinite tail — every provider is different).
|
|
29
|
+
YOU read the provider's docs/SDK and drive it; zond only records the id
|
|
30
|
+
(`fixtures add`) and measures the coverage delta (`coverage`). Keep it that way
|
|
31
|
+
— no warm-up logic goes into zond core (litmus test).
|
|
32
|
+
|
|
33
|
+
## Iron rules
|
|
34
|
+
|
|
35
|
+
- **You warm, zond stores + measures.** You run the SDK/CLI/dashboard action
|
|
36
|
+
that creates the real resource; you read the returned id; `zond fixtures add`
|
|
37
|
+
writes it. Never ask zond to "figure out" how to warm a resource.
|
|
38
|
+
- **Live + throwaway/sandbox + cleanup.** Warm-ups create real state (events,
|
|
39
|
+
files, installs). Confirm `base_url` is a sandbox/test account first. Track
|
|
40
|
+
what you create; tear it down after (or use a disposable org). If you can't
|
|
41
|
+
guarantee cleanup, ask before creating.
|
|
42
|
+
- **Hand off to `zond-seed` first.** Only warm what `zond-seed` marked
|
|
43
|
+
un-seedable. Don't reinvent plain-POST creation here — that's zond-seed's job.
|
|
44
|
+
- **Ask early, don't reverse-engineer.** Give yourself a hard budget of ~1-2
|
|
45
|
+
attempts to derive a create-recipe from the spec/API. If a blind create 4xx/5xx
|
|
46
|
+
(missing an integer id the API doesn't expose, an opaque body shape), STOP —
|
|
47
|
+
ask the user for an example request (a working `curl`/HAR/body from their UI).
|
|
48
|
+
Extract the ids from it deterministically and replay. Do NOT spelunk 10 endpoints
|
|
49
|
+
guessing how creation works — that's the slow path the user hates.
|
|
50
|
+
- **Delete only by self-captured id.** Tear-down must target the id YOUR create
|
|
51
|
+
returned, never a harvested read-fixture value. Deleting by `{{key}}` when that
|
|
52
|
+
key came from a live resource wipes pre-existing data (see ARV-368). Track
|
|
53
|
+
created ids explicitly; DELETE those and only those.
|
|
54
|
+
- **Report honestly what you can't warm.** Some fixtures need a human (a paid
|
|
55
|
+
plan, a KYC step, a physical device, a manual dashboard toggle). Surface those
|
|
56
|
+
as a short "needs you" list with the exact action — never fake a value (it
|
|
57
|
+
just 422s and lies about coverage).
|
|
58
|
+
- **Measure the lift.** Snapshot honest-2xx before and after so the warm-up's
|
|
59
|
+
value is visible (`zond coverage --api <name> --union session`).
|
|
60
|
+
|
|
61
|
+
## Inputs — what needs warming
|
|
62
|
+
|
|
63
|
+
| Signal | Command | What it tells you |
|
|
64
|
+
|---|---|---|
|
|
65
|
+
| Un-seedable roots | `zond-seed` handoff / `zond prepare-fixtures --api <name> --json` → `summary.fixtureGaps.unseededRoots[]` | fixtures no plain-POST can create |
|
|
66
|
+
| Empty-list gaps | `prepare-fixtures` items with `status: miss-empty` | resource exists in spec, zero records in the target |
|
|
67
|
+
| What each id is for | `apis/<name>/.api-resources.yaml` (the owning resource + its create/read endpoints) | which real-world action mints this id |
|
|
68
|
+
| Current honest-2xx | `zond coverage --api <name> --union session --json` | the ceiling you're trying to raise |
|
|
69
|
+
|
|
70
|
+
## Warm-up patterns (pick per resource)
|
|
71
|
+
|
|
72
|
+
The resource's *nature* tells you the warm-up path. Common families:
|
|
73
|
+
|
|
74
|
+
| Fixture shape | Warm-up path (via the target's own tooling) |
|
|
75
|
+
|---|---|
|
|
76
|
+
| Error / issue id (`issue_id`, `event_id`) | Trigger a real event: `sentry-cli send-event`, the app's error-report endpoint, or an SDK `captureException`. Poll the list endpoint until the id appears, capture it. |
|
|
77
|
+
| Uploaded-artifact id (`file_id`, `release`, `sourcemap`) | Upload via the provider CLI/SDK (`sentry-cli releases files upload`, a `POST .../files` multipart). Capture the returned id. |
|
|
78
|
+
| Integration / connection id (`integration_id`, `installation_id`) | Install the app/integration into a **sandbox** org (OAuth flow / provider dashboard "add to test workspace"). Capture the id from the callback or the list endpoint. |
|
|
79
|
+
| Delivered-webhook id (`delivery_id`, `webhook_event_id`) | Register a webhook, trigger the source event, replay/list deliveries, capture the id. |
|
|
80
|
+
| Provisioned-async id (needs a background job to finish) | Kick off the job, poll the status endpoint until ready, capture. |
|
|
81
|
+
|
|
82
|
+
These are *examples*, not a lookup table — read the actual provider's docs for
|
|
83
|
+
the target you're on.
|
|
84
|
+
|
|
85
|
+
## The loop
|
|
86
|
+
|
|
87
|
+
For each un-seedable root:
|
|
88
|
+
|
|
89
|
+
1. **Identify the warm-up path.** From `.api-resources.yaml` + the provider
|
|
90
|
+
docs, decide which real-world action mints this id. If it needs a human,
|
|
91
|
+
add it to the "needs you" list and move on.
|
|
92
|
+
|
|
93
|
+
2. **Warm it via the target's own tooling.** Run the SDK/CLI/curl that creates
|
|
94
|
+
the real resource in the sandbox. Read the id from the response (or poll the
|
|
95
|
+
list endpoint until it shows up — async resources aren't instant).
|
|
96
|
+
|
|
97
|
+
3. **Store the live id.**
|
|
98
|
+
```bash
|
|
99
|
+
zond fixtures add --api <name> issue_id=<real-id-you-got> --validate --apply
|
|
100
|
+
```
|
|
101
|
+
`--validate` GETs the read-by-id endpoint and confirms the id is `live`
|
|
102
|
+
before writing (so a warm-up that half-failed doesn't poison later runs).
|
|
103
|
+
|
|
104
|
+
4. **Verify the gap closed.** Re-run `zond prepare-fixtures --api <name> --json`
|
|
105
|
+
— the warmed root should drop out of `unseededRoots` / flip off `miss-empty`.
|
|
106
|
+
|
|
107
|
+
5. **Measure + hand back.** When the worklist is drained (or only "needs you"
|
|
108
|
+
items remain), snapshot honest-2xx again and report the delta, then hand
|
|
109
|
+
back to `zond` for the audit:
|
|
110
|
+
```bash
|
|
111
|
+
zond coverage --api <name> --union session # after — compare to the before snapshot
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
## Output to the user
|
|
115
|
+
|
|
116
|
+
- **Warmed:** table of `fixture → how it was warmed → live id captured`.
|
|
117
|
+
- **Needs you:** fixtures that require a human action, each with the exact step
|
|
118
|
+
(e.g. "enable the Slack integration in the sandbox workspace, then re-run").
|
|
119
|
+
- **Coverage:** honest-2xx before → after, so the lift is measurable.
|
|
120
|
+
|
|
121
|
+
Cleanup: DELETE the resources you created (or note they live in a disposable
|
|
122
|
+
sandbox). Never leave test events/files/installs on a shared account.
|