@skyramp/mcp 0.0.64-rc.8 → 0.0.64

package/build/services/TestGenerationService.test.js

@@ -139,9 +139,9 @@ describe("TestGenerationService — extractAuthFromTrace", () => {
         fs.writeFileSync(filePath, JSON.stringify(requests), "utf8");
         return filePath;
     }
-    function extract(filePath) {
+    function extract(filePath, include, exclude) {
         const svc = new StubService();
-        return svc.extractAuthFromTrace(filePath);
+        return svc.extractAuthFromTrace(filePath, include, exclude);
     }
     it("extracts Authorization + Bearer scheme from trace", () => {
         const fp = writeTrace([
@@ -203,6 +203,115 @@ describe("TestGenerationService — extractAuthFromTrace", () => {
     it("returns null for non-existent file", () => {
         expect(extract("/tmp/does-not-exist-xyz.json")).toBeNull();
     });
+    it("skips Pragma header (standard HTTP/1.0 caching header, not auth)", () => {
+        const fp = writeTrace([
+            {
+                RequestHeaders: {
+                    "Cache-Control": ["no-cache"],
+                    Pragma: ["no-cache"],
+                    "User-Agent": ["Mozilla/5.0"],
+                },
+            },
+        ]);
+        expect(extract(fp)).toBeNull();
+    });
+    it("skips Pragma and finds real auth header behind it", () => {
+        const fp = writeTrace([
+            {
+                RequestHeaders: {
+                    "Cache-Control": ["no-cache"],
+                    Pragma: ["no-cache"],
+                    "User-Agent": ["Mozilla/5.0"],
+                    Authorization: [`Bearer ${AUTH_PLACEHOLDER_TOKEN}`],
+                },
+            },
+        ]);
+        expect(extract(fp)).toEqual({
+            authHeader: "Authorization",
+            authScheme: "Bearer",
+        });
+    });
+    it("uses include filter to skip noise and find auth on matching requests", () => {
+        const fp = writeTrace([
+            {
+                // requests[0]: unrelated traffic (e.g. Google time sync) with no auth
+                Destination: "clients2.google.com",
+                Path: "/time/1/current",
+                RequestHeaders: {
+                    "Cache-Control": ["no-cache"],
+                    "User-Agent": ["Mozilla/5.0"],
+                },
+            },
+            {
+                // requests[1]: actual API request matching include filter
+                Destination: "demoshop.skyramp.dev",
+                Path: "/api/v1/products",
+                RequestHeaders: {
+                    "Content-Type": ["application/json"],
+                    Authorization: [`Bearer ${AUTH_PLACEHOLDER_TOKEN}`],
+                },
+            },
+        ]);
+        expect(extract(fp, ["demoshop.skyramp.dev/api/*"])).toEqual({
+            authHeader: "Authorization",
+            authScheme: "Bearer",
+        });
+    });
+    it("uses exclude filter to skip noise and find auth on remaining requests", () => {
+        const fp = writeTrace([
+            {
+                Destination: "clients2.google.com",
+                Path: "/time/1/current",
+                RequestHeaders: {
+                    "Cache-Control": ["no-cache"],
+                    "User-Agent": ["Mozilla/5.0"],
+                },
+            },
+            {
+                Destination: "demoshop.skyramp.dev",
+                Path: "/api/v1/products",
+                RequestHeaders: {
+                    "Content-Type": ["application/json"],
+                    Authorization: [`Bearer ${AUTH_PLACEHOLDER_TOKEN}`],
+                },
+            },
+        ]);
+        expect(extract(fp, undefined, ["clients2.google.com/*"])).toEqual({
+            authHeader: "Authorization",
+            authScheme: "Bearer",
+        });
+    });
+    it("prefers Authorization over Cookie even when Cookie appears first", () => {
+        const fp = writeTrace([
+            {
+                RequestHeaders: {
+                    "Content-Type": ["application/json"],
+                    Cookie: ["cf_clearance=abc123; _dd_s=xyz"],
+                    Authorization: [`Bearer ${AUTH_PLACEHOLDER_TOKEN}`],
+                },
+            },
+        ]);
+        expect(extract(fp)).toEqual({
+            authHeader: "Authorization",
+            authScheme: "Bearer",
+        });
+    });
+    it("falls back to known auth header (X-Api-Key) when no Authorization present", () => {
+        const fp = writeTrace([
+            {
+                RequestHeaders: {
+                    "Content-Type": ["application/json"],
+                    "Sec-Fetch-Mode": ["cors"],
+                    "X-Api-Key": ["my-secret-key"],
+                    Traceparent: ["00-abc-def-01"],
+                },
+            },
+        ]);
+        expect(extract(fp)).toEqual({
+            authHeader: "X-Api-Key",
+            authScheme: "",
+        });
+    });
     it("skips standard headers like Accept", () => {
         const fp = writeTrace([
             {

package/build/tool-phase-coverage.test.js

@@ -34,8 +34,14 @@ describe("tool-phase-coverage", () => {
     });
     it("TOOL_PHASE_MAP contains only valid phases", () => {
         const validPhases = new Set(["analyzing", "generating", "executing", "maintaining", "reporting"]);
-        for (const [tool, phase] of Object.entries(TOOL_PHASE_MAP)) {
-            expect(validPhases.has(phase)).toBe(true);
+        for (const [tool, mapping] of Object.entries(TOOL_PHASE_MAP)) {
+            if (typeof mapping === "string") {
+                expect(validPhases.has(mapping)).toBe(true);
+            }
+            else {
+                expect(validPhases.has(mapping.before)).toBe(true);
+                expect(validPhases.has(mapping.after)).toBe(true);
+            }
         }
     });
 });

package/build/tool-phases.js

@@ -1,14 +1,3 @@
-/**
- * Canonical mapping of Skyramp MCP tool names to testbot progress phases.
- *
- * The testbot progress UI reads this map at runtime to know which tool calls
- * correspond to which progress steps. When adding or renaming tools, update
- * this map so the progress UI stays accurate.
- *
- * Tools not in this map must be listed in TOOLS_WITHOUT_PHASE.
- *
- * Phases: analyzing, generating, executing, maintaining, reporting
- */
 export const TOOL_PHASE_MAP = {
     skyramp_recommend_tests: "analyzing",
     skyramp_analyze_changes: "analyzing",
@@ -20,12 +9,21 @@ export const TOOL_PHASE_MAP = {
     skyramp_e2e_test_generation: "generating",
     skyramp_ui_test_generation: "generating",
     skyramp_scenario_test_generation: "generating",
+    skyramp_batch_scenario_test_generation: "generating",
     skyramp_mock_generation: "generating",
-    skyramp_execute_test: "executing",
-    skyramp_execute_tests: "executing",
+    skyramp_execute_test: { before: "maintaining", after: "executing" },
+    skyramp_execute_tests: { before: "maintaining", after: "executing" },
     skyramp_analyze_test_health: "maintaining",
     skyramp_submit_report: "reporting",
 };
+/** Tools whose phase depends on context — listed here for consumer discovery. */
+export const CONTEXT_DEPENDENT_TOOLS = new Set(Object.entries(TOOL_PHASE_MAP)
+    .filter((entry) => typeof entry[1] === "object")
+    .map((entry) => entry[0]));
+/** All tools that belong to the "generating" phase — used as the boundary. */
+export const GENERATING_TOOLS = new Set(Object.entries(TOOL_PHASE_MAP)
+    .filter((entry) => typeof entry[1] === "string" && entry[1] === "generating")
+    .map((entry) => entry[0]));
 /** Tools that intentionally have no progress phase (infrastructure/utility). */
 export const TOOLS_WITHOUT_PHASE = new Set([
     "skyramp_login",

package/build/tools/generate-tests/generateBatchScenarioRestTool.js

@@ -0,0 +1,203 @@
+import { z } from "zod";
+import path from "path";
+import { ScenarioGenerationService } from "../../services/ScenarioGenerationService.js";
+import fs from "fs";
+import { baseSchema, AUTH_PLACEHOLDER_TOKEN } from "../../types/TestTypes.js";
+import { AnalyticsService } from "../../services/AnalyticsService.js";
+import { getWorkspaceAuthConfig, WorkspaceAuthType } from "../../utils/workspaceAuth.js";
+import { logger } from "../../utils/logger.js";
+const stepSchema = z.object({
+    method: z
+        .string()
+        .describe("HTTP method (GET, POST, PUT, DELETE, PATCH) for this step"),
+    path: z
+        .string()
+        .describe("API path for this step. CRITICAL: For requests that reference an ID created by a prior step, use the ACTUAL ID value from the prior step's responseBody, NOT a template variable."),
+    requestBody: z
+        .string()
+        .optional()
+        .describe("JSON string of the request body for POST/PUT/PATCH requests"),
+    queryParams: z
+        .string()
+        .optional()
+        .describe("JSON string of URL query parameters for GET search/filter/list requests"),
+    responseBody: z
+        .string()
+        .optional()
+        .describe("JSON string of the expected response body"),
+    statusCode: z
+        .number()
+        .optional()
+        .describe("Expected HTTP status code. Defaults: POST→201, DELETE→204, GET/PUT/PATCH→200."),
+    responseHeaders: z
+        .record(z.array(z.string()))
+        .optional()
+        .describe("Response headers as a JSON object. Defaults to Content-Type: application/json."),
+});
+const batchScenarioSchema = {
+    scenarioName: z
+        .string()
+        .describe("Name of the test scenario. KEEP IT SHORT AND DESCRIPTIVE AS USED FOR FILE NAME."),
+    destination: z
+        .string()
+        .describe("Destination hostname or IP address (e.g., localhost). Do NOT include port numbers."),
+    baseURL: z
+        .string()
+        .optional()
+        .describe("Base URL for the API endpoints (e.g., http://localhost:8000/api/v1)."),
+    apiSchema: z
+        .string()
+        .optional()
+        .describe("Optional. Absolute path or URL to the OpenAPI/Swagger schema file."),
+    prompt: z
+        .string()
+        .optional()
+        .describe("Description of the overall multi-step scenario being tested"),
+    steps: z
+        .array(stepSchema)
+        .min(1)
+        .describe("Ordered array of API request steps. Each step is generated as a TraceRequest and appended to the scenario file."),
+    outputDir: baseSchema.shape.outputDir,
+    authHeader: z
+        .string()
+        .optional()
+        .describe("Which HTTP header carries the auth credential. Pass empty string or omit for unauthenticated endpoints."),
+    authScheme: z
+        .string()
+        .optional()
+        .describe("Only when authHeader is 'Authorization'. The prefix before the token (e.g., 'Bearer')."),
+    authToken: z
+        .string()
+        .optional()
+        .describe("Optional explicit auth token value. Leave empty — the service auto-generates "
+        + `${AUTH_PLACEHOLDER_TOKEN}. Only provide for custom formats (e.g., 'session=${AUTH_PLACEHOLDER_TOKEN}' for Cookie).`),
+};
+const TOOL_NAME = "skyramp_batch_scenario_test_generation";
+export function registerBatchScenarioTestTool(server) {
+    server.registerTool(TOOL_NAME, {
+        description: `Generate a complete multi-step scenario file in a single call.
+
+This tool generates ALL TraceRequest objects for a multi-step scenario at once, producing
+the complete scenario JSON file in one invocation. Use this instead of calling
+\`skyramp_scenario_test_generation\` multiple times for multi-step integration tests.
+
+**When to use:**
+- Multi-step integration test scenarios (e.g., create product → create order → update order → verify)
+- Any scenario requiring 2+ sequential API requests
+
+**What it does:**
+1. Accepts an ordered array of steps, each with method, path, requestBody, etc.
+2. Generates a TraceRequest for each step
+3. Writes the complete scenario JSON file with all steps
+
+**After this tool:** Call \`skyramp_integration_test_generation\` with the returned \`scenarioFile\` path.
+
+**CRITICAL:** Use CONCRETE ID values in paths (e.g., '/api/v1/products/70885'), not template variables.`,
+        inputSchema: batchScenarioSchema,
+    }, async (params) => {
+        if (params.authHeader === undefined) {
+            try {
+                const repoPath = params.outputDir || process.cwd();
+                const wsAuth = await getWorkspaceAuthConfig(repoPath);
+                if (wsAuth.authHeader && wsAuth.authType !== WorkspaceAuthType.None) {
+                    logger.info("Auth header was empty — resolved from workspace config", {
+                        authHeader: wsAuth.authHeader,
+                        authType: wsAuth.authType,
+                    });
+                    params.authHeader = wsAuth.authHeader;
+                    if (/^authorization$/i.test(wsAuth.authHeader) && wsAuth.authType) {
+                        params.authScheme = params.authScheme || wsAuth.authType;
+                    }
+                }
+            }
+            catch {
+                logger.warning("Could not resolve auth from workspace config");
+            }
+        }
+        const service = new ScenarioGenerationService();
+        const steps = params.steps;
+        const scenarioSlug = params.scenarioName.toLowerCase().replace(/[^a-z0-9_-]+/g, "-").replace(/^-+|-+$/g, "") || "scenario";
+        const fileName = `scenario_${scenarioSlug}.json`;
+        const filePath = path.join(params.outputDir, fileName);
+        const resolvedOut = path.resolve(params.outputDir);
+        if (!path.resolve(filePath).startsWith(resolvedOut + path.sep) && path.resolve(filePath) !== resolvedOut) {
+            return {
+                content: [{ type: "text", text: `Error: scenarioName produced a path outside outputDir.` }],
+                isError: true,
+            };
+        }
+        const traceRequests = [];
+        for (let i = 0; i < steps.length; i++) {
+            const step = steps[i];
+            const stepParams = {
+                scenarioName: params.scenarioName,
+                destination: params.destination,
+                baseURL: params.baseURL,
+                apiSchema: params.apiSchema,
+                method: step.method,
+                path: step.path,
+                requestBody: step.requestBody,
+                queryParams: step.queryParams,
+                responseBody: step.responseBody,
+                statusCode: step.statusCode,
+                responseHeaders: step.responseHeaders,
+                outputDir: params.outputDir,
+                authHeader: params.authHeader ?? "",
+                authScheme: params.authScheme ?? "",
+                authToken: params.authToken,
+            };
+            const traceRequest = service.generateTraceRequestFromInput(stepParams);
+            if (!traceRequest) {
+                const failResult = {
+                    content: [
+                        {
+                            type: "text",
+                            text: `**Batch Scenario Generation Failed at Step ${i + 1}/${steps.length}**\n\n`
+                                + `${i}/${steps.length} steps succeeded before failure.\n\n`
+                                + `**Failed step:** ${step.method} ${step.path}\n`
+                                + `**Error:** Could not generate a trace request from the provided parameters.\n\n`
+                                + `Fix the failing step and retry with the full batch.`,
+                        },
+                    ],
+                    isError: true,
+                };
+                AnalyticsService.pushMCPToolEvent(TOOL_NAME, failResult, {
+                    scenarioName: params.scenarioName,
+                    stepCount: String(i),
+                    failedStep: String(i + 1),
+                }).catch(() => { });
+                return failResult;
+            }
+            traceRequests.push(traceRequest);
+        }
+        try {
+            fs.writeFileSync(filePath, JSON.stringify(traceRequests, null, 2), "utf8");
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            return {
+                content: [{ type: "text", text: `Error writing scenario file: ${errorMessage}` }],
+                isError: true,
+            };
+        }
+        const stepCount = traceRequests.length;
+        const result = {
+            content: [
+                {
+                    type: "text",
+                    text: `**Batch Scenario Generated — ${stepCount} steps**\n\n`
+                        + `**Scenario:** ${params.scenarioName}\n`
+                        + `**Steps:**\n${steps.map((s, i) => `  ${i + 1}. ${s.method} ${s.path} → ${s.statusCode ?? "default"}`).join("\n")}\n\n`
+                        + `**File:** ${filePath}\n\n`
+                        + `**Next:** Call \`skyramp_integration_test_generation\` with \`scenarioFile: "${filePath}"\``,
+                },
+            ],
+            isError: false,
+        };
+        AnalyticsService.pushMCPToolEvent(TOOL_NAME, result, {
+            scenarioName: params.scenarioName,
+            stepCount: String(stepCount),
+        }).catch(() => { });
+        return result;
+    });
+}

package/build/tools/generate-tests/generateContractRestTool.js

@@ -3,6 +3,7 @@ import { z } from "zod";
 import { baseTestSchema, TestType } from "../../types/TestTypes.js";
 import { TestGenerationService, } from "../../services/TestGenerationService.js";
 import { AnalyticsService } from "../../services/AnalyticsService.js";
+import { ENHANCE_ASSERTIONS_FOR_INTEGRATION_AND_CONTRACTPROVIDER } from "../../prompts/test-maintenance/enhanceAssertionSection.js";
 const contractTestSchema = {
     ...baseTestSchema,
     pathParams: z
@@ -170,78 +171,7 @@ ${sections.join("\n")}
         return `
 ⏭️ **CRITICAL STEP 2 OF 2 — Do this immediately along with test generation:**
 
-**Enhance response body assertions in test functions immediately.** Do NOT proceed to test execution until this step is complete.
-
-The generated contract test contains only basic assertions (status code, top-level schema checks). For each **test function** (NOT \`beforeAll\` or \`afterAll\`), inspect the response body assertions and add or strengthen them using the rules below.
-
----
-
-**IMPORTANT — How to access response body fields (use the SDK helpers, NOT dict/attribute access on the response variable):**
-
-- **Python**: \`skyramp.get_response_value(<response_var>, "<json_path>")\`
-  - e.g. \`skyramp.get_response_value(products_POST_response, "id")\`
-  - e.g. \`skyramp.get_response_value(orders_POST_response, "items.0.product_id")\`
-- **TypeScript (Playwright)**: \`getResponseValue(<response_var>, "<json_path>")\` (already imported from \`@skyramp/skyramp\`)
-  - e.g. \`getResponseValue(productsPostResponse, "id")\`
-- **JavaScript (Playwright)**: \`getResponseValue(<response_var>, "<json_path>")\` (already imported from \`@skyramp/skyramp\`)
-  - e.g. \`getResponseValue(productsPostResponse, "id")\`
-- **Java**: \`getValue(<response_var>, "<json_path>")\` (already imported)
-  - e.g. \`getValue(productsPostResponse, "id")\`
-
----
-
-**What to assert after each request:**
-
-1. **Non-null / non-empty fields** — After any POST or PUT that creates or updates a resource, assert that key identifying fields are present and non-empty:
-   - IDs, names, emails, and other primary fields must not be null/None/empty.
-   - Python: \`assert skyramp.get_response_value(products_POST_response, "id") is not None\`
-   - TypeScript: \`expect(getResponseValue(productsPostResponse, "id"), 'id').not.toBeNull();\`
-   - JavaScript: \`assert.notStrictEqual(getResponseValue(productsPostResponse, "id"), null, 'id should not be null');\`
-   - Java: \`assertNotNull(getValue(productsPostResponse, "id"));\`
-
-2. **Echo-back values** — When the request body sends a value the response is expected to return unchanged (name, email, status, price, etc.), assert the response value equals the sent value:
-   - Python: \`assert skyramp.get_response_value(products_POST_response, "name") == "Skyramp Tester"\`
-   - TypeScript: \`expect(getResponseValue(productsPostResponse, "name"), 'name').toBe("Skyramp Tester");\`
-   - JavaScript: \`assert.strictEqual(getResponseValue(productsPostResponse, "name"), "Skyramp Tester", 'name should match request');\`
-   - Java: \`assertEquals("Skyramp Tester", getValue(productsPostResponse, "name"));\`
-
-3. **Value ranges** — For numeric fields where a realistic range is inferable from the field name, schema constraints (minimum/maximum), or domain knowledge:
-   - Assert the value falls within the expected range.
-   - Python: \`assert skyramp.get_response_value(products_POST_response, "price") >= 0\`
-   - TypeScript: \`expect(getResponseValue(productsPostResponse, "price")).toBeGreaterThanOrEqual(0);\`
-   - JavaScript: \`assert.ok(getResponseValue(productsPostResponse, "price") >= 0, 'price should be non-negative');\`
-   - Include upper bounds when the OpenAPI schema defines them (e.g. \`maximum\`, \`minimum\`).
-
-4. **Format/type constraints** — For string fields with a known format, assert the format rather than just the type:
-   - **UUID**: assert the value matches the UUID pattern (\`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\`).
-   - **Date / date-time**: assert the value is a valid ISO 8601 date or datetime string.
-   - **IP address**: assert the value matches IPv4 or IPv6 format.
-   - **Email**: assert the value contains \`@\` and a domain.
-   - **URL / URI**: assert the value starts with \`http://\` or \`https://\`.
-   - Use format info from the OpenAPI schema (\`format: uuid\`, \`format: date-time\`, etc.) to identify these fields.
-
-5. **Specific known values** — For fields where the expected value can be determined from context:
-   - Check the OpenAPI schema for \`enum\`, \`const\`, or \`example\` values and assert accordingly.
-   - Python: \`assert skyramp.get_response_value(orders_POST_response, "status") == "pending"\`
-   - TypeScript: \`expect(getResponseValue(ordersPostResponse, "status"), 'status').toBe("pending");\`
-   - JavaScript: \`assert.strictEqual(getResponseValue(ordersPostResponse, "status"), "pending", 'status should be pending');\`
-   - Java: \`assertEquals("pending", getValue(ordersPostResponse, "status"));\`
-
----
-
-**Scope rules:**
-- Only modify test functions — do NOT touch \`beforeAll\`, \`afterAll\`, or any setup/teardown helper.
-- Only add assertions that are clearly supported by the schema, field name, request body, or observable codebase evidence. Do not invent constraints.
-- Add new assertions **immediately after** the existing status-code and schema assertions — do not restructure the test.
-
-**What NOT to do — any of these is a violation:**
-- Do NOT access response body fields via dict syntax (\`response["field"]\`) or attribute access (\`response.field\`) — always use the SDK helper (\`get_response_value\` / \`getResponseValue\` / \`getValue\`).
-- Do NOT modify \`beforeAll\` or \`afterAll\` functions.
-- Do NOT change existing assertions — only add new ones.
-- Do NOT add assertions for fields where no constraint is clearly inferable.
-- Do NOT restructure, reformat, or reorder any existing code.
-- Do NOT add comments or docstrings.
-- Do NOT change function signatures, imports, or variable names.
+${ENHANCE_ASSERTIONS_FOR_INTEGRATION_AND_CONTRACTPROVIDER}
 `;
     }
     buildConsumerStubReplacementInstructions() {
@@ -352,7 +282,7 @@ Contract tests ensure your API implementation matches its OpenAPI/Swagger specif
 **IMPORTANT: If the endpoint URL contains path parameter placeholders (e.g., \`/products/{product_id}/reviews\`), pass the URL exactly as provided — do NOT substitute values for the placeholders. Leave \`pathParams\` empty unless the user has explicitly provided specific values.**
 
 **Modes:**
-- Default (no mode set): both \`providerMode\` and \`consumerMode\` default to false. Do NOT set either unless the user explicitly mentions "provider" or "consumer".
+- Default (no mode set): both \`providerMode\` and \`consumerMode\` default to false. This generates both provider and consumer contract tests — equivalent to setting both modes to true.
 - \`providerMode\`: set to true ONLY if the user explicitly requests a provider-side contract test. Optionally specify \`providerOutput\` for the output file path.
 - \`consumerMode\`: set to true ONLY if the user explicitly requests a consumer-side contract test. Optionally specify \`consumerOutput\` for the output file path.
 - Both \`providerMode\` and \`consumerMode\` can be enabled simultaneously to generate both sides.

package/build/tools/generate-tests/generateIntegrationRestTool.js

@@ -2,6 +2,7 @@ import { z } from "zod";
 import { baseTestSchema, baseTraceSchema, TestType, codeRefactoringSchema, } from "../../types/TestTypes.js";
 import { TestGenerationService, } from "../../services/TestGenerationService.js";
 import { AnalyticsService } from "../../services/AnalyticsService.js";
+import { ENHANCE_ASSERTIONS_FOR_INTEGRATION_AND_CONTRACTPROVIDER } from "../../prompts/test-maintenance/enhanceAssertionSection.js";
 const integrationTestSchema = z
     .object({
     ...baseTestSchema,
@@ -18,6 +19,15 @@ const integrationTestSchema = z
         .optional(),
     ...codeRefactoringSchema.shape,
     ...baseTestSchema,
+    output: baseTestSchema.output.describe("Name of the output test file. " +
+        "If the user does not specify a filename and a scenarioFile is provided, derive the output name from the scenario filename to avoid overwriting other tests. " +
+        "The backend default 'integration_test.py' is generic and will collide when multiple tests are generated. " +
+        "Derivation rule: take the scenario filename (no path, no extension), strip the leading 'scenario_' prefix, " +
+        "replace every hyphen and non-alphanumeric character with an underscore, then append '_integration_test' and the language extension. " +
+        "Examples: " +
+        "'scenario_orders-patch-add-items-recalculate.json' → 'orders_patch_add_items_recalculate_integration_test.py' (Python) or 'orders_patch_add_items_recalculate_integration_test.spec.ts' (Playwright). " +
+        "'scenario_products-crud.json' → 'products_crud_integration_test.py'. " +
+        "Extensions: '.py' for pytest, '.spec.ts'/'.spec.js' for Playwright, '.java' for JUnit."),
     endpointURL: baseTestSchema.endpointURL.default(""),
 })
     .omit({ method: true }).shape;
@@ -44,67 +54,7 @@ The generated integration test contains only basic status-code assertions after
 
 ---
 
-**IMPORTANT — How to access response body fields (use the SDK helpers, NOT dict/attribute access on the response variable):**
-
-- **Python**: \`skyramp.get_response_value(<response_var>, "<json_path>")\`
-  - e.g. \`skyramp.get_response_value(products_POST_response, "id")\`
-  - e.g. \`skyramp.get_response_value(orders_POST_response, "items.0.product_id")\`
-- **TypeScript (Playwright)**: \`getResponseValue(<response_var>, "<json_path>")\` (already imported from \`@skyramp/skyramp\`)
-  - e.g. \`getResponseValue(productsPostResponse, "id")\`
-- **JavaScript (Playwright)**: \`getResponseValue(<response_var>, "<json_path>")\` (already imported from \`@skyramp/skyramp\`)
-  - e.g. \`getResponseValue(productsPostResponse, "id")\`
-- **Java**: \`getValue(<response_var>, "<json_path>")\` (already imported)
-  - e.g. \`getValue(productsPostResponse, "id")\`
-
----
-
-**What to assert after each request:**
-
-1. **Non-null / non-empty fields** — After any POST or PUT that creates or updates a resource, assert that key identifying fields are present and non-empty:
-   - IDs, names, emails, and other primary fields must not be null/None/empty.
-   - Python: \`assert skyramp.get_response_value(products_POST_response, "id") is not None\`
-   - TypeScript: \`expect(getResponseValue(productsPostResponse, "id"), 'id').not.toBeNull();\`
-   - JavaScript: \`assert.notStrictEqual(getResponseValue(productsPostResponse, "id"), null, 'id should not be null');\`
-   - Java: \`assertNotNull(getValue(productsPostResponse, "id"));\`
-
-2. **Echo-back values** — When the request body sends a value the response is expected to return unchanged (name, email, status, price, etc.), assert the response value equals the sent value:
-   - Python: \`assert skyramp.get_response_value(products_POST_response, "name") == "Skyramp Tester"\`
-   - TypeScript: \`expect(getResponseValue(productsPostResponse, "name"), 'name').toBe("Skyramp Tester");\`
-   - JavaScript: \`assert.strictEqual(getResponseValue(productsPostResponse, "name"), "Skyramp Tester", 'name should match request');\`
-   - Java: \`assertEquals("Skyramp Tester", getValue(productsPostResponse, "name"));\`
-
-3. **Chained values** — When a value extracted from a prior response (e.g., a POST-created ID) is already used in a subsequent request's \`path_params\` / \`data_override\`, also assert the later response echoes that value back where applicable:
-   - Python: \`assert skyramp.get_response_value(product_GET_response, "id") == skyramp.get_response_value(products_POST_response, "id")\`
-   - TypeScript: \`expect(getResponseValue(productGetResponse, "id"), 'id').toBe(getResponseValue(productsPostResponse, "id"));\`
-
-4. **Value ranges** — For numeric fields where a realistic range is inferable from the field name or domain:
-   - Python: \`assert skyramp.get_response_value(products_POST_response, "price") >= 0\`
-   - TypeScript: \`expect(getResponseValue(productsPostResponse, "price")).toBeGreaterThanOrEqual(0);\`
-   - JavaScript: \`assert.ok(getResponseValue(productsPostResponse, "price") >= 0, 'price should be non-negative');\`
-
-5. **Format/type constraints** — For string fields with a known format:
-   - **UUID**: assert the value matches \`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\` (use a regex check or string length check).
-   - **Date / date-time**: assert the value is a non-empty string parseable as an ISO 8601 date.
-   - **Email**: assert the value contains \`@\`.
-   - **URL**: assert the value starts with \`http://\` or \`https://\`.
-
-6. **Specific known values** — For enum/status fields where only one outcome is valid for this flow:
-   - Python: \`assert skyramp.get_response_value(orders_POST_response, "status") == "pending"\`
-
----
-
-**Scope rules:**
-- Apply to every \`send_request\` / \`sendRequest\` call — including GET and DELETE if they return a body.
-- Only add assertions that are clearly supported by the request body, prior response values, field names, or codebase evidence. Do not invent constraints.
-- Add new assertions **immediately after** the existing status-code assertion for each request — do not move or remove anything.
-
-**What NOT to do — any of these is a violation:**
-- Do NOT access response body fields via dict syntax (\`response["field"]\`) or attribute access (\`response.field\`) — always use the SDK helper (\`get_response_value\` / \`getResponseValue\` / \`getValue\`).
-- Do NOT remove or modify existing assertions.
-- Do NOT add assertions for fields where no constraint is clearly inferable.
-- Do NOT restructure, reformat, or reorder any existing code.
-- Do NOT add comments or docstrings.
-- Do NOT change function signatures, imports, or variable names.
+${ENHANCE_ASSERTIONS_FOR_INTEGRATION_AND_CONTRACTPROVIDER}
 `;
     }
     buildGenerationOptions(params) {

package/build/tools/submitReportTool.js

@@ -17,14 +17,20 @@ const newTestSchema = z.object({
     category: z.enum(["security_boundary", "business_rule", "breaking_change", "data_integrity", "workflow"]).describe("Test category — critical categories (security_boundary, business_rule, data_integrity, breaking_change) get generation priority over workflow"),
     endpoint: z.string().describe("HTTP verb and path, e.g. 'GET /api/v1/products'"),
     fileName: z.string().describe("Name of the generated test file"),
-    description: z.string().optional().describe("What the test scenario covers, e.g. 'Creates a collection, adds a link, then verifies the link exists'"),
+    description: z.string().optional().describe("What the test does — the steps and assertions, not the bugs it finds. e.g. 'Creates a collection, adds a link, then verifies the link exists'. Do NOT describe expected failures or bugs here — those belong in issuesFound."),
     scenarioFile: z.string().optional().describe("Path to the scenario JSON file if one was generated (e.g. 'tests/scenario_collections-links.json')"),
     traceFile: z.string().optional().describe("Path to the backend trace file if used or created"),
     frontendTrace: z.string().optional().describe("Path to the Playwright/UI trace file if used or created"),
     reasoning: z.string().describe("Why this test was created: what production risk it mitigates, what code pattern it targets, or what coverage gap it fills"),
 });
 const descriptionSchema = z.object({
-    description: z.string().describe("One-line description"),
+    description: z.string().describe("One-line description. Do NOT prefix with the severity level — severity is a separate field."),
+    severity: z
+        .enum(["critical", "high", "medium", "low"])
+        .optional()
+        .describe("Issue severity. critical = feature broken/unusable (e.g. page doesn't load, data corruption). " +
+        "high = incorrect behavior (e.g. wrong calculation, stale data returned). " +
+        "medium = minor functional gap. low = cosmetic or informational."),
 });
 const scenarioStepSchema = z.object({
     method: z.string().optional().describe("HTTP method (e.g. 'POST', 'GET'). Required for API steps, omit for UI/E2E actions."),
@@ -41,13 +47,15 @@ const additionalRecommendationSchema = z.object({
     scenarioName: z.string().describe("Name of the scenario, e.g. 'products_orders_workflow'"),
     steps: z.array(scenarioStepSchema).describe("Ordered sequence of API/UI steps in this test scenario"),
     description: z.string().describe("Why this test is valuable and what it would cover"),
-    priority: z.string().describe("Priority level: high, medium, or low"),
+    priority: z.preprocess((val) => (typeof val === "string" ? val.toLowerCase() : val), z.enum(["high", "medium", "low"])).describe("Priority level: high, medium, or low. First check diff relevance — does the test target an endpoint changed in this PR? HIGH: diff-relevant security/auth/error tests, cross-resource isolation for diff endpoints, CRUD lifecycle for NEW endpoints in the diff. MEDIUM: diff-relevant business-rule happy paths, multi-resource workflows involving diff endpoints, security/error tests for NON-diff endpoints. LOW: tests targeting only unchanged endpoints, trivially discoverable happy paths duplicating generated tests."),
     openApiSpec: z.string().optional().describe("Path to OpenAPI/Swagger spec file if available, e.g. 'openapi.yaml'"),
     backendTrace: z.string().optional().describe("Path to backend trace file if available, e.g. 'tests/skyramp-traces.json'. Used by integration and E2E tests."),
     frontendTrace: z.string().optional().describe("Path to Playwright/UI trace file if available, e.g. 'tests/skyramp-playwright.zip'. UI tests need this; E2E tests need both frontend and backend traces."),
     reasoning: z.string().describe("Why this test is recommended: the specific production risk, business rule, or security boundary it would validate"),
 });
 const testMaintenanceSchema = z.object({
+    testType: z.string().describe("Type of test: Contract, Integration, UI, etc."),
+    endpoint: z.string().describe("HTTP verb and path, e.g. 'GET /api/v1/products'"),
     fileName: z.string().describe("Test file that was maintained, e.g. 'products_smoke_test.py'"),
     description: z.string().describe("What was changed and why"),
     beforeStatus: z.enum(["Pass", "Fail", "Error"]).describe("Test result BEFORE modification"),

package/build/tools/submitReportTool.test.js

@@ -26,7 +26,7 @@ function sampleReportParams(outputFile) {
         newTestsCreated: [
             { testId: "smoke-get-products-search", testType: "Smoke", category: "workflow", endpoint: "GET /api/v1/products/search", fileName: "search_smoke_test.py", reasoning: "Validates product search returns correct results for category filter" },
         ],
-        testMaintenance: [{ description: "Updated auth flow in existing tests" }],
+        testMaintenance: [{ action: "UPDATE", testType: "Contract", endpoint: "GET /api/v1/products", fileName: "products_contract_test.py", description: "Updated auth flow in existing tests", beforeStatus: "Fail", beforeDetails: "401 Unauthorized (1.5s)", afterStatus: "Pass", afterDetails: "All assertions passed (2.3s)" }],
         testResults: [
             { testType: "Smoke", endpoint: "GET /api/v1/products", status: "Pass", details: "2.1s, products_smoke_test.py" },
             { testType: "Smoke", endpoint: "GET /api/v1/products/search", status: "Fail", details: "3.4s, search_smoke_test.py" },