@kody-ade/kody-engine-lite 0.1.101 → 0.1.103

package/README.md

@@ -154,7 +154,7 @@ kody-engine-lite rerun --issue-number 42 --from verify
 
 ## Documentation
 
-**Understand Kody:** [About](docs/ABOUT.md) · [Features](docs/FEATURES.md) · [Pipeline](docs/PIPELINE.md) · [Comparison](docs/COMPARISON.md)
+**Understand Kody:** [About](docs/ABOUT.md) · [Tech Stack](docs/TECH-STACK.md) · [Features](docs/FEATURES.md) · [Pipeline](docs/PIPELINE.md) · [Comparison](docs/COMPARISON.md)
 
 **Set up & use:** [CLI](docs/CLI.md) · [Configuration](docs/CONFIGURATION.md) · [Bootstrap](docs/BOOTSTRAP.md) · [LiteLLM](docs/LITELLM.md)
 

package/dist/bin/cli.js

@@ -1546,6 +1546,11 @@ ${prompt}` : prompt;
   }
   if (isMcpEnabledForStage(stageName, config.mcp) && taskHasUI(taskDir)) {
     assembled = assembled + "\n\n" + getBrowserToolGuidance(stageName, taskDir);
+    const qaGuidePath = path5.join(projectDir, ".kody", "qa-guide.md");
+    if (fs5.existsSync(qaGuidePath)) {
+      const qaGuide = fs5.readFileSync(qaGuidePath, "utf-8").trim();
+      assembled = assembled + "\n\n" + qaGuide;
+    }
   }
   return assembled;
 }
@@ -1769,7 +1774,7 @@ async function executeAgentStage(ctx, def) {
                 description: plainText.slice(0, 500),
                 scope: [],
                 risk_level: "low",
-                hasUI: false,
+                hasUI: true,
                 questions: []
               }, null, 2);
               fs6.writeFileSync(outputPath, fallback);
@@ -4532,12 +4537,7 @@ function detectMcpConfig(cwd, pm, pkg) {
   const defaultPort = isNext ? 3e3 : isVite ? 5173 : 3e3;
   const mcp = {
     enabled: true,
-    servers: {
-      playwright: {
-        command: "npx",
-        args: ["@playwright/mcp@latest"]
-      }
-    },
+    servers: {},
     stages: ["build", "review"]
   };
   if (hasDevScript) {
@@ -5034,6 +5034,23 @@ REMINDER: Output the full prompt template first (unchanged), then your three app
     }
   }
   console.log(`  \u2713 Generated ${stepCount} step files in .kody/steps/`);
+  console.log("\n\u2500\u2500 QA Guide \u2500\u2500");
+  const qaGuidePath = path21.join(cwd, ".kody", "qa-guide.md");
+  if (!fs22.existsSync(qaGuidePath) || opts.force) {
+    const discovery = discoverQaContext(cwd);
+    if (discovery.routes.length > 0) {
+      const qaGuide = generateQaGuide(discovery);
+      fs22.writeFileSync(qaGuidePath, qaGuide);
+      console.log(`  \u2713 .kody/qa-guide.md (${discovery.routes.length} routes, ${discovery.roles.length} roles)`);
+      if (discovery.loginPage) console.log(`  \u2713 Login page detected: ${discovery.loginPage}`);
+      if (discovery.adminPath) console.log(`  \u2713 Admin panel detected: ${discovery.adminPath}`);
+      console.log("  \u2139 Add QA_ADMIN_EMAIL, QA_ADMIN_PASSWORD, QA_USER_EMAIL, QA_USER_PASSWORD as GitHub secrets");
+    } else {
+      console.log("  \u25CB No routes detected \u2014 skipping QA guide");
+    }
+  } else {
+    console.log("  \u25CB .kody/qa-guide.md already exists (use --force to regenerate)");
+  }
   console.log("\n\u2500\u2500 Labels \u2500\u2500");
   try {
     let repoSlug = "";
@@ -5111,6 +5128,7 @@ REMINDER: Output the full prompt template first (unchanged), then your three app
   const filesToCommit = [
     ".kody/memory/architecture.md",
     ".kody/memory/conventions.md",
+    ".kody/qa-guide.md",
     ...installedSkillPaths
   ].filter((f) => fs22.existsSync(path21.join(cwd, f)));
   if (fs22.existsSync(path21.join(cwd, "skills-lock.json"))) {
@@ -5224,6 +5242,178 @@ Create it manually.`, cwd);
   console.log("  \u2713 Project bootstrap complete!");
   console.log("  Kody now has project-specific memory and customized step files.\n");
 }
+function discoverQaContext(cwd) {
+  const result = {
+    routes: [],
+    authFiles: [],
+    loginPage: null,
+    adminPath: null,
+    roles: [],
+    devCommand: "",
+    devPort: 3e3
+  };
+  try {
+    const pkg = JSON.parse(fs22.readFileSync(path21.join(cwd, "package.json"), "utf-8"));
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    const pm = fs22.existsSync(path21.join(cwd, "pnpm-lock.yaml")) ? "pnpm" : fs22.existsSync(path21.join(cwd, "yarn.lock")) ? "yarn" : "npm";
+    if (pkg.scripts?.dev) result.devCommand = `${pm} dev`;
+    if (allDeps.next || allDeps.nuxt) result.devPort = 3e3;
+    else if (allDeps.vite) result.devPort = 5173;
+  } catch {
+  }
+  const appDirs = ["src/app", "app"];
+  for (const appDir of appDirs) {
+    const fullAppDir = path21.join(cwd, appDir);
+    if (!fs22.existsSync(fullAppDir)) continue;
+    scanRoutes(fullAppDir, appDir, "", result);
+    break;
+  }
+  const authPatterns = ["middleware.ts", "middleware.js", "src/middleware.ts", "src/middleware.js"];
+  for (const p of authPatterns) {
+    if (fs22.existsSync(path21.join(cwd, p))) result.authFiles.push(p);
+  }
+  const authConfigGlobs = [
+    "src/app/api/auth",
+    "src/auth",
+    "src/lib/auth",
+    "auth.config.ts",
+    "auth.ts",
+    "src/app/api/oauth"
+  ];
+  for (const g of authConfigGlobs) {
+    if (fs22.existsSync(path21.join(cwd, g))) result.authFiles.push(g);
+  }
+  try {
+    const rolePaths = [
+      "src/types",
+      "src/lib",
+      "src/utils",
+      "src/constants",
+      "src/access",
+      "src/collections"
+    ];
+    for (const rp of rolePaths) {
+      const dir = path21.join(cwd, rp);
+      if (!fs22.existsSync(dir)) continue;
+      const files = fs22.readdirSync(dir).filter((f) => f.endsWith(".ts") || f.endsWith(".tsx"));
+      for (const f of files) {
+        try {
+          const content = fs22.readFileSync(path21.join(dir, f), "utf-8").slice(0, 5e3);
+          const roleMatches = content.match(/(?:role|Role|ROLE)\s*[=:]\s*['"](\w+)['"]/g);
+          if (roleMatches) {
+            for (const m of roleMatches) {
+              const val = m.match(/['"](\w+)['"]/);
+              if (val && !result.roles.includes(val[1])) result.roles.push(val[1]);
+            }
+          }
+          const enumMatch = content.match(/(?:enum|type)\s+\w*[Rr]ole\w*\s*[={]([^}]+)/s);
+          if (enumMatch) {
+            const vals = enumMatch[1].match(/['"](\w+)['"]/g);
+            if (vals) {
+              for (const v of vals) {
+                const clean = v.replace(/['"]/g, "");
+                if (!result.roles.includes(clean)) result.roles.push(clean);
+              }
+            }
+          }
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+  return result;
+}
+function scanRoutes(dir, baseDir, prefix, result) {
+  let entries;
+  try {
+    entries = fs22.readdirSync(dir, { withFileTypes: true });
+  } catch {
+    return;
+  }
+  const hasPage = entries.some((e) => e.isFile() && /^page\.(tsx?|jsx?)$/.test(e.name));
+  if (hasPage) {
+    const routePath = prefix || "/";
+    const group = prefix.startsWith("/admin") ? "admin" : prefix.includes("/login") ? "auth" : prefix.includes("/signup") ? "auth" : prefix.includes("/api") ? "api" : "frontend";
+    result.routes.push({ path: routePath, group });
+    if (prefix.includes("/login")) result.loginPage = routePath;
+    if (prefix.startsWith("/admin") && !result.adminPath) result.adminPath = prefix;
+  }
+  for (const entry of entries) {
+    if (!entry.isDirectory()) continue;
+    if (entry.name === "node_modules" || entry.name === ".next") continue;
+    let segment = entry.name;
+    if (segment.startsWith("(") && segment.endsWith(")")) {
+      scanRoutes(path21.join(dir, entry.name), baseDir, prefix, result);
+      continue;
+    }
+    if (segment.startsWith("[") && segment.endsWith("]")) {
+      segment = `:${segment.slice(1, -1)}`;
+    }
+    if (segment.startsWith("[[") && segment.endsWith("]]")) {
+      segment = `:${segment.slice(2, -2)}?`;
+    }
+    scanRoutes(path21.join(dir, entry.name), baseDir, `${prefix}/${segment}`, result);
+  }
+}
+function generateQaGuide(discovery) {
+  const lines = ["# QA Guide", "", "## Authentication", ""];
+  if (discovery.loginPage) {
+    lines.push(`- Login page: \`${discovery.loginPage}\``);
+  }
+  lines.push(
+    "",
+    "### Test Accounts",
+    "<!-- Fill in your test/preview environment credentials below -->",
+    "| Role | Email | Password |",
+    "|------|-------|----------|",
+    "| Admin | admin@example.com | CHANGE_ME |",
+    "| User | user@example.com | CHANGE_ME |",
+    "",
+    "### Login Steps",
+    `1. Navigate to \`${discovery.loginPage ?? "/login"}\``,
+    "2. Enter credentials from the test accounts table above",
+    "3. Submit the login form",
+    "4. Verify redirect to dashboard or home page"
+  );
+  if (discovery.authFiles.length > 0) {
+    lines.push("", "### Auth Files");
+    for (const f of discovery.authFiles) {
+      lines.push(`- \`${f}\``);
+    }
+  }
+  if (discovery.roles.length > 0) {
+    lines.push("", "## Roles", "");
+    for (const role of discovery.roles) {
+      lines.push(`- \`${role}\``);
+    }
+  }
+  lines.push("", "## Key Pages", "");
+  const groups = {};
+  for (const route of discovery.routes) {
+    if (!groups[route.group]) groups[route.group] = [];
+    groups[route.group].push(route.path);
+  }
+  for (const [group, routes] of Object.entries(groups)) {
+    lines.push(`### ${group.charAt(0).toUpperCase() + group.slice(1)}`);
+    const sorted = routes.sort();
+    for (const r of sorted.slice(0, 20)) {
+      lines.push(`- \`${r}\``);
+    }
+    if (sorted.length > 20) {
+      lines.push(`- ... and ${sorted.length - 20} more`);
+    }
+    lines.push("");
+  }
+  lines.push(
+    "## Dev Server",
+    "",
+    `- Command: \`${discovery.devCommand || "pnpm dev"}\``,
+    `- URL: \`http://localhost:${discovery.devPort}\``,
+    ""
+  );
+  return lines.join("\n");
+}
 function detectArchitectureBasic(cwd) {
   const detected = [];
   const pkgPath = path21.join(cwd, "package.json");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kody-ade/kody-engine-lite",
-  "version": "0.1.101",
+  "version": "0.1.103",
   "description": "Autonomous SDLC pipeline: Kody orchestration + Claude Code + LiteLLM",
   "license": "MIT",
   "type": "module",

package/prompts/review-fix.md

@@ -5,19 +5,23 @@ mode: primary
 tools: [read, write, edit, bash, glob, grep]
 ---
 
-You are a review-fix agent. The code review found issues that need fixing.
+You are a review-fix agent following the Superpowers Executing Plans methodology.
 
-RULES:
+The code review found issues that need fixing. Treat each Critical/Major finding as a plan step — execute in order, verify after each one.
+
+RULES (Superpowers Executing Plans discipline):
 1. Fix ONLY Critical and Major issues (ignore Minor findings)
 2. Use Edit for surgical changes — do NOT rewrite entire files
 3. Run tests after EACH fix to verify nothing breaks
-4. If a fix introduces new issues, revert and try a different approach
-5. Do NOT commit or push — the orchestrator handles git
+4. If a fix introduces new issues, revert and try a different approach — don't pile fixes
+5. Document any deviations from the expected fix
+6. Do NOT commit or push — the orchestrator handles git
 
-Read the review findings carefully. For each Critical/Major finding:
+For each Critical/Major finding:
 1. Read the affected file to understand full context
-2. Make the minimal change to fix the issue
-3. Run tests to verify the fix
-4. Move to the next finding
+2. Understand the root cause — don't just patch the symptom
+3. Make the minimal change to fix the issue
+4. Run tests to verify the fix
+5. Move to the next finding
 
 {{TASK_CONTEXT}}

package/prompts/taskify.md

@@ -7,7 +7,15 @@ tools: [read, glob, grep]
 
 You are a task classification agent following the Superpowers Brainstorming methodology.
 
-Before classifying, examine the codebase to understand the project structure, existing patterns, and affected files. Use Read, Glob, and Grep to explore.
+## MANDATORY: Explore Before Classifying
+
+Before classifying, you MUST explore the project context:
+1. **Examine the codebase** — Use Read, Glob, and Grep to understand project structure, existing patterns, and affected files.
+2. **Find existing solutions** — Search for how similar problems are already solved in this codebase. If a pattern exists, the task should reuse it.
+3. **Challenge assumptions** — Does the task description assume an approach? Are there simpler alternatives? Apply YAGNI ruthlessly.
+4. **Identify ambiguity** — Could the requirements be interpreted two ways? Are there missing edge case decisions?
+
+## Output
 
 Output ONLY valid JSON. No markdown fences. No explanation. No extra text before or after the JSON.
 
@@ -19,6 +27,7 @@ Required JSON format:
   "scope": ["list", "of", "exact/file/paths", "affected"],
   "risk_level": "low | medium | high",
   "hasUI": true,
+  "existing_patterns": ["list of existing patterns found that the implementation should reuse"],
   "questions": []
 }
 
@@ -31,9 +40,17 @@ Risk level heuristics:
 - medium: multiple files, possible side effects, API changes, new dependencies, refactoring existing logic
 - high: core business logic, data migrations, security, authentication, payment processing, database schema changes
 
-Questions rules:
+existing_patterns rules:
+- List patterns found in the codebase that are relevant to this task
+- Include the file path and a brief description of the pattern
+- If no relevant patterns exist, use an empty array []
+- These inform the planner — reuse existing solutions, don't invent new ones
+
+Questions rules (Superpowers Brainstorming discipline):
 - ONLY ask product/requirements questions — things you CANNOT determine by reading code
 - Ask about: unclear scope, missing acceptance criteria, ambiguous user behavior, missing edge case decisions
+- Challenge assumptions — if the task implies an approach, consider simpler alternatives
+- Check for ambiguity — could requirements be interpreted two ways?
 - Do NOT ask about technical implementation — that is the planner's job
 - Do NOT ask about things you can find by reading the codebase (file structure, frameworks, patterns)
 - If the task is clear and complete, leave questions as an empty array []