@skyramp/mcp 0.0.64-rc.9 → 0.0.65

package/build/prompts/test-recommendation/test-recommendation-prompt.js

@@ -1,25 +1,20 @@
 import * as crypto from "crypto";
 import { WorkspaceAuthType } from "../../utils/workspaceAuth.js";
 import { buildToolWorkflows, buildTestPatternGuidelines, buildTestQualityCriteria, buildTestExamples, buildGenerationRules, getAuthSnippets, MAX_TESTS_TO_GENERATE, MAX_RECOMMENDATIONS, MAX_CRITICAL_TESTS, } from "./recommendationSections.js";
+import { CATEGORY_PRIORITY, TEST_CATEGORIES } from "../../types/TestRecommendation.js";
 function formatTestLocations(locs) {
     const entries = Object.entries(locs || {});
     if (entries.length === 0)
         return "";
-    return "\n**Existing test files (do NOT duplicate these):**\n" +
+    return "\n**Existing test files — cross-check these before creating new files:**\n" +
+        "  If a GENERATE item's resource path matches a path listed here, UPDATE that file instead of creating a new one.\n" +
         entries.map(([type, files]) => "  - [" + type + "] " + files).join("\n");
 }
-const CATEGORY_PRIORITY = {
-    new_endpoint: "CRITICAL", // diff-direct scenarios always fill GENERATE slots first
-    security_boundary: "HIGH",
-    business_rule: "HIGH",
-    data_integrity: "HIGH",
-    breaking_change: "HIGH",
-    auth: "HIGH",
-    workflow: "MEDIUM",
-    "error-handling": "MEDIUM",
-    "data-validation": "MEDIUM",
-    crud: "LOW",
-};
+// ── Priority-tier ordering (replaces numeric CATEGORY_WEIGHTS) ──
+// Categories map to HIGH / MEDIUM / LOW tiers.
+// Within a tier, novelty (new > modified > existing) breaks ties,
+// then cross-resource, step count, and finally the deterministic SHA-256 seed.
+// CATEGORY_PRIORITY and PriorityTier imported from ../../types/TestRecommendation.js
 const PRIORITY_ORDER = { CRITICAL: 4, HIGH: 3, MEDIUM: 2, LOW: 1 };
 const NOVELTY_ORDER = { new: 3, modified: 2, existing: 1 };
 function classifyNovelty(scenario, diffContext) {
@@ -43,10 +38,35 @@ function computeTiebreakerSeed(endpoints, diffFiles) {
     const canonical = [...endpoints].sort().join("|") + "::" + [...diffFiles].sort().join("|");
     return crypto.createHash("sha256").update(canonical).digest("hex").slice(0, 8);
 }
+// ── Helpers ──
+const SKIP_SEGMENTS_SET = new Set(["api", "v1", "v2", "v3", "public"]);
+function extractResourceFromPath(path) {
+    const segments = path.split("/").filter(Boolean);
+    const nonParam = segments.filter(s => !s.startsWith("{") && !SKIP_SEGMENTS_SET.has(s));
+    return nonParam[nonParam.length - 1] || "unknown";
+}
+function scenarioCoverageKey(scenario) {
+    const testType = scenario.testType ?? (scenario.steps.length === 1 ? "contract" : "integration");
+    const mutatingSteps = scenario.steps.filter(st => ["POST", "PUT", "PATCH", "DELETE"].includes(st.method));
+    // Use the last mutating step — earlier steps are typically prerequisite setup
+    // (e.g. POST /products before PATCH /orders), while the final mutation is the
+    // primary action under test.
+    const primaryStep = mutatingSteps[mutatingSteps.length - 1] ?? scenario.steps[scenario.steps.length - 1];
+    const resource = extractResourceFromPath(primaryStep?.path ?? "");
+    return `${resource}::${testType}`;
+}
 // ── Execution Plan (replaces pre-ranked + scenarios + heuristic sections) ──
 function buildExecutionPlan(scored, maxGen, topN, baseUrl, authHeaderValue, authSchemeSnippet, authTypeValue, seed, endpointCount, isUIOnlyPR, hasFrontendChanges = false, hasTraces = false) {
-    const generateItems = scored.slice(0, Math.min(maxGen, scored.length));
-    const additionalItems = scored.slice(maxGen, topN);
+    // For mixed PRs (frontend + backend), reserve the last GENERATE slot for a UI test
+    // so the agent has explicit room to record a browser trace and generate it.
+    const reserveUIGenSlot = hasFrontendChanges && !isUIOnlyPR && maxGen > 1;
+    const backendGenCount = reserveUIGenSlot ? maxGen - 1 : maxGen;
+    const backendBudget = reserveUIGenSlot ? Math.max(topN - 1, 0) : topN;
+    const generateItems = scored.slice(0, Math.min(backendGenCount, scored.length));
+    const rawAdditionalItems = scored.slice(backendGenCount, backendBudget);
+    // Filter additional items whose primary resource + test type already appear in GENERATE
+    const generatedCoverage = new Set(generateItems.map(item => scenarioCoverageKey(item.scenario)));
+    const additionalItems = rawAdditionalItems.filter(item => !generatedCoverage.has(scenarioCoverageKey(item.scenario)));
     const authRef = authHeaderValue
         ? `, authHeader: "${authHeaderValue}"${authSchemeSnippet}`
         : `, authHeader: <check OpenAPI securitySchemes or auth middleware; "" if confirmed unauthenticated>`;
@@ -87,32 +107,56 @@ function buildExecutionPlan(scored, maxGen, topN, baseUrl, authHeaderValue, auth
                         ? st.chainsFrom.map(c => `${c.sourceField} from step ${c.sourceStep}`).join(", ")
                         : `${st.chainsFrom.sourceField} from step ${st.chainsFrom.sourceStep}`})`
                     : "";
-                return `  ${st.order}. ${st.method} ${st.path} → ${st.expectedStatusCode}: ${st.description}${chains}`;
-            }).join("\n");
-            const toolCalls = s.steps.map((st) => {
-                const isBodyMethod = ["POST", "PUT", "PATCH"].includes(st.method);
-                const dataParam = isBodyMethod
-                    ? `, requestBody: <${st.method} ${st.path} body from source code schemas>`
+                const bodyHint = st.bodyMustInclude?.length
+                    ? ` [body MUST include: ${st.bodyMustInclude.join(", ")}]`
+                    : "";
+                const responseHint = st.expectedResponseFields?.length
+                    ? ` [assert response fields: ${st.expectedResponseFields.join(", ")}]`
                     : "";
-                return `  skyramp_scenario_test_generation({ scenarioName: "${s.scenarioName}", destination: "${s.scenarioName}", baseURL: "${baseUrl}", method: "${st.method}", path: "${st.path}", statusCode: ${st.expectedStatusCode}${scenarioAuthRef}${dataParam} })`;
+                return `  ${st.order}. ${st.method} ${st.path} → ${st.expectedStatusCode}: ${st.description}${chains}${bodyHint}${responseHint}`;
             }).join("\n");
+            const batchSteps = s.steps.map((st) => {
+                const isBodyMethod = ["POST", "PUT", "PATCH"].includes(st.method);
+                let dataParam = "";
+                if (isBodyMethod) {
+                    if (st.bodyMustInclude && st.bodyMustInclude.length > 0) {
+                        const fields = st.bodyMustInclude.join(", ");
+                        dataParam = `, requestBody: <${st.method} ${st.path} body from source code — MUST include child collection fields: [${fields}]. Chain FK fields (e.g. product_id) from prior POST response IDs. Do NOT omit the collection array or send only metadata/discount fields.>`;
+                    }
+                    else {
+                        dataParam = `, requestBody: <${st.method} ${st.path} body from source code schemas>`;
+                    }
+                }
+                return `    { method: "${st.method}", path: "${st.path}", statusCode: ${st.expectedStatusCode}${dataParam} }`;
+            }).join(",\n");
+            let destinationHost = s.scenarioName;
+            try {
+                const parsed = new URL(baseUrl);
+                destinationHost = parsed.hostname;
+            }
+            catch { /* use scenarioName as fallback */ }
+            const toolCalls = `  skyramp_batch_scenario_test_generation({ scenarioName: "${s.scenarioName}", destination: "${destinationHost}", baseURL: "${baseUrl}"${scenarioAuthRef}, steps: [\n${batchSteps}\n  ] })`;
             const prereqNote = s.category === "new_endpoint"
-                ? `\nPrerequisite discovery (MANDATORY for new_endpoint): Before executing these tool calls, read the source code for the new endpoint's request body. Look for FK fields (e.g. \`product_id\`, \`user_id\`, \`order_id\`). For each FK field found, prepend one \`skyramp_scenario_test_generation\` call to create that prerequisite resource first, then chain its \`id\` into the dependent step. If no FK fields exist, proceed with the steps above as-is.`
+                ? `\nPrerequisite discovery (MANDATORY for new_endpoint): Before executing these tool calls, read the source code for the new endpoint's request body. Look for FK fields (e.g. \`product_id\`, \`user_id\`, \`order_id\`). For each FK field found, prepend a step to the \`steps\` array in \`skyramp_batch_scenario_test_generation\` to create that prerequisite resource first, then chain its \`id\` into the dependent step. If no FK fields exist, proceed with the steps above as-is.`
                 : "";
             return (`**#${rank} — GENERATE** | ${testType} | ${s.category} | priority=${item.priority} | ${item.novelty}\n` +
                 `Scenario: ${s.scenarioName} (${s.steps.length} steps)\n` +
                 `${stepLines}\n` +
                 `Tool calls:\n` +
                 `${toolCalls}\n` +
-                `  skyramp_integration_test_generation({ scenarioFile: "scenario_${s.scenarioName}.json"${authHeaderOnlyRef} })\n` +
+                `  skyramp_integration_test_generation({ scenarioFile: <use the filePath returned by skyramp_batch_scenario_test_generation above>${authHeaderOnlyRef} })\n` +
                 `From source: requestBody shapes for POST/PUT/PATCH steps; responseBody shapes; authScheme` +
                 prereqNote);
         }
     }).join("\n\n");
-    // For mixed PRs, always reserve slots for UI and E2E recommendations regardless of whether
-    // traces already exist — the user can record them later or the bot can record during the run.
-    const needsE2ESlot = hasFrontendChanges && !isUIOnlyPR;
-    const needsUISlot = hasFrontendChanges && !isUIOnlyPR;
+    // For mixed PRs, reserve slots for UI/E2E additional recommendations — but skip
+    // if the GENERATE list already includes a UI/E2E test for the changed frontend flows.
+    const hasGeneratedFrontendTest = generateItems.some(item => {
+        const tt = item.scenario.testType ?? (item.scenario.steps.length === 1 ? "contract" : "integration");
+        return tt === "ui" || tt === "e2e";
+    }) || reserveUIGenSlot;
+    const needsE2ESlot = hasFrontendChanges && !isUIOnlyPR && !hasGeneratedFrontendTest;
+    const needsUISlot = hasFrontendChanges && !isUIOnlyPR && !reserveUIGenSlot && !hasGeneratedFrontendTest;
     const frontendSlots = (needsE2ESlot ? 1 : 0) + (needsUISlot ? 1 : 0);
     const backendAdditionalItems = frontendSlots > 0
         ? additionalItems.slice(0, Math.max(additionalItems.length - frontendSlots, 0))
@@ -141,12 +185,19 @@ function buildExecutionPlan(scored, maxGen, topN, baseUrl, authHeaderValue, auth
             : "No traces exist yet — record a backend trace via `skyramp_start_trace_collection` + `skyramp_stop_trace_collection` and a UI trace via Playwright browser tools, then call `skyramp_e2e_test_generation`.";
         return `\n\n#${rank} [ADDITIONAL] | E2E | workflow | priority=HIGH | new\n  Scenario: e2e-flow-for-changed-feature (frontend + backend files changed in this diff)\n  Validates: Full browser-level flow for the changed UI components end-to-end — derive the scenario name and steps from the actual changed frontend files. ${traceNote}`;
     })() : "";
-    const supplementCount = topN - generateItems.length - backendAdditionalItems.length - frontendSlots;
+    const reservedUIGenCount = reserveUIGenSlot ? 1 : 0;
+    const supplementCount = topN - generateItems.length - reservedUIGenCount - backendAdditionalItems.length - frontendSlots;
     const supplementNote = supplementCount > 0
-        ? `\n**REQUIRED — You MUST add ${supplementCount} more to reach the total of ${topN}.** Draft them from endpoint interactions and source code patterns not yet covered. Use the same 5-dimension rubric and quality gate to assign priority (HIGH/MEDIUM/LOW), testType, and category.${hasFrontendChanges && !isUIOnlyPR ? " Since this PR has frontend changes, at least 1 of these should be a UI or E2E test targeting the changed components." : ""} Do NOT produce fewer than ${topN} total.`
+        ? `\n**REQUIRED — You MUST add ${supplementCount} more to reach the total of ${topN}.** Draft them from endpoint interactions and source code patterns not yet covered. Use the same 6-dimension rubric and quality gate to assign priority (HIGH/MEDIUM/LOW), testType, and category.${hasFrontendChanges && !isUIOnlyPR ? " Since this PR has frontend changes, at least 1 of these should be a UI or E2E test targeting the changed components." : ""} Do NOT produce fewer than ${topN} total. Do NOT supplement with tests whose primary endpoint and test type match a GENERATE item — those flows are already covered.`
         : "";
     return `## Execution Plan
-Seed: ${seed} | Endpoints: ${endpointCount} | Budget: ${generateItems.length} generate + ${Math.max(topN - generateItems.length, 0)} additional = ${topN} total
+Seed: ${seed} | Endpoints: ${endpointCount} | Budget: ${generateItems.length + (reserveUIGenSlot ? 1 : 0)} generate + ${Math.max(topN - generateItems.length - (reserveUIGenSlot ? 1 : 0), 0)} additional = ${topN} total
+
+**Step 0 — Existing-test cross-check (MANDATORY before executing anything)**
+For every GENERATE item below, check its endpoint path and test type against the Existing Tests list (further down in the prompt).
+- **Contract tests**: If an existing contract test already covers that resource path → UPDATE the existing file instead of creating a new one. This does NOT count toward \`newTestsCreated\` — backfill from ADDITIONAL candidates to fill the open ADD slot.
+- **Integration/scenario tests**: Always generate as a new file via the scenario pipeline, even if an existing integration test covers the same resource. A new multi-step scenario is a distinct test. Count it toward \`newTestsCreated\`.
+- **UI tests**: Always generate as a new file. Count toward \`newTestsCreated\`.
 
 **Step 1 — Source-Code Enrichment (MANDATORY before executing anything)**
 Read the source code for ALL changed files. Look for:
@@ -156,19 +207,21 @@ Read the source code for ALL changed files. Look for:
 - Validation logic (field constraints, cross-field dependencies)
 - Security boundaries not covered by the structural candidates below
 
-For each one found, evaluate it against these 5 dimensions and assign priority:
+For each one found, evaluate it against these 6 dimensions and assign priority:
   | Dimension | What to assess |
   | Production Safety | Guards a critical boundary (auth, unique constraint, cascade delete, data integrity, breaking migration)? → HIGH |
   | Bug-Finding Potential | Targets a known failure mode (race condition, data consistency, state transition, cascade effect)? → HIGH |
+  | Mutation Side Effects | Does PUT/PATCH modify a collection of child items (line items, cart entries) and trigger recalculation (totals, counts, amounts)? → HIGH — this is the most common source of user-reported bugs |
   | User Journey Relevance | Reflects how real users interact (from traces, business flows, critical paths)? → HIGH or MEDIUM |
   | Coverage Gap | Addresses an area with zero existing test coverage? → bump up one tier |
   | Code Insight | Derived from actual implementation (spotted middleware pattern, N+1 risk, unique constraint)? → bump up one tier |
 
-Quality gate — ask both questions:
+Quality gate — ask all three questions:
   1. "Would this test prevent a production incident?" → YES = HIGH priority regardless of other dimensions
   2. "Does this test exercise a real workflow or catch a real bug?" → YES = at least MEDIUM
+  3. "Does this test cover a mutation that modifies child items and triggers total/amount recalculation?" → YES = HIGH priority, and prefer it for GENERATE over simple single-field update tests for the same endpoint
 
-Assign category: security_boundary | business_rule | data_integrity | breaking_change | auth | workflow | error-handling | data-validation | crud
+Assign category: ${TEST_CATEGORIES.join(" | ")}
 
 ${buildTestPatternGuidelines()}
 
@@ -180,8 +233,9 @@ INSERT a source-code-derived candidate into the ranked list **only if ALL three
 3. It is not already covered by a structural candidate in the list below
 
 If these conditions are not met, add it to ADDITIONAL only — do NOT displace a pre-ranked GENERATE item.
+**CRITICAL-tier items (category: new_endpoint) can NEVER be displaced** — they test the actual endpoints introduced in this PR and must always occupy GENERATE slots.
 
-When a qualifying candidate is inserted: place it HIGH before MEDIUM before LOW; within the same priority, source-code-derived candidates go BEFORE structural ones. Re-number ranks after insertion. The top ${generateItems.length} become GENERATE items.
+When a qualifying candidate is inserted: place it HIGH before MEDIUM before LOW; within the same priority, source-code-derived candidates go BEFORE structural ones. Re-number ranks after insertion. The top ${backendGenCount} become backend GENERATE items.${reserveUIGenSlot ? " The final GENERATE slot is reserved for a UI test and is not taken from this ranked list." : ""}
 
 **Cascade vs referential integrity:** If both a \`cascade-delete\` and a \`delete-blocked\` scenario appear for the same resource pair, keep only the one that matches the source code's FK delete policy (e.g. \`ON DELETE CASCADE\`, \`cascade=True\`, or \`onDelete: 'CASCADE'\` → keep cascade-delete; \`RESTRICT\`/\`PROTECT\`/no cascade → keep delete-blocked). Remove the inapplicable variant before executing.
 
@@ -206,23 +260,31 @@ ${buildGenerationRules(isUIOnlyPR)}
 
 **Critical-category minimum:** At least ${Math.min(MAX_CRITICAL_TESTS, maxGen)} of the ${maxGen} GENERATE items MUST be from HIGH-priority categories (security_boundary, business_rule, data_integrity, breaking_change). The pre-ranked plan below already prioritises this — only override if source-code enrichment reveals a higher-value candidate.
 
-### GENERATE (execute these in order after Step 1 insertion, one retry on failure then skip)
+### GENERATE (process these EXACTLY as listed, in order — do NOT reorder or replace any item with a different scenario; if Step 0 converts an item to UPDATE, backfill the ADD slot from ADDITIONAL)
+
+${generateBlocks || "  (no pre-ranked generate items — draft your own based on endpoint analysis)"}${reserveUIGenSlot ? `
+
+**#${generateItems.length + 1} — GENERATE** | UI | workflow | priority=HIGH | new
+Scenario: ui-interaction-for-changed-components (frontend files changed in this diff)
+Record a browser trace for the changed UI components, then generate a UI test.
+Steps: browser_navigate → browser_snapshot → interact with changed components → browser_assert → skyramp_export_zip → skyramp_ui_test_generation
+This slot is RESERVED — you MUST attempt a UI test here. Only skip if browser_navigate fails (app unreachable).` : ""}
 
-${generateBlocks || "  (no pre-ranked generate items — draft your own based on endpoint analysis)"}
+**COMPLIANCE CHECK**: Before proceeding, verify your generate list matches the items above. If you plan to generate a scenario with a DIFFERENT name than what is listed (e.g. you want to generate "order-update-discount-calculation" but the plan says "orders-patch-add-items-recalculate"), STOP — use the plan's scenario name and steps. Add your alternative to ADDITIONAL instead. One retry on failure then skip to next item.
 
 ### ADDITIONAL (list in additionalRecommendations in this order after Step 1 insertion)
 
 ${additionalLines || "  (none pre-ranked)"}${uiSlotLine}${e2eSlotLine}
 ${supplementNote}
 
-**You MUST produce EXACTLY ${topN} total recommendations: ${generateItems.length} to generate + ${Math.max(topN - generateItems.length, 0)} as additionalRecommendations. Do NOT produce fewer. Generate recommendations now.**
+**You MUST produce EXACTLY ${topN} total recommendations: ${generateItems.length + (reserveUIGenSlot ? 1 : 0)} to generate + ${Math.max(topN - generateItems.length - (reserveUIGenSlot ? 1 : 0), 0)} as additionalRecommendations. Do NOT produce fewer. Generate recommendations now.**
 
 ## Recommendation Stability
 - **Carry forward** previous additionalRecommendations that still apply — match by scenarioName (multi-step) or endpoint (single-endpoint). Re-derive category and priority from test content.
 - **Only drop** a previous recommendation if its target endpoint was removed, its business logic changed, or it is now covered by a generated test.
 - **Only add** new recommendations for code paths introduced since the last run.`;
 }
-export function buildRecommendationPrompt(analysis, analysisScope = "full_repo", topN = MAX_RECOMMENDATIONS, prContext, workspaceAuthHeader, workspaceAuthType) {
+export function buildRecommendationPrompt(analysis, analysisScope = "full_repo", topN = MAX_RECOMMENDATIONS, prContext, workspaceAuthHeader, workspaceAuthType, maxGenerateOverride) {
     const isDiffScope = analysisScope === "current_branch_diff";
     const diffContext = analysis.branchDiffContext;
     const openApiSpec = analysis.artifacts?.openApiSpecs?.[0];
@@ -342,7 +404,8 @@ ${detailBlocks}
     }
     // ── Scoring ──
     const endpointCount = allEndpoints.reduce((acc, ep) => acc + (ep.methods ?? []).length, 0);
-    const maxGen = isUIOnlyPR ? (hasTraces ? MAX_TESTS_TO_GENERATE : 0) : MAX_TESTS_TO_GENERATE;
+    const baseMaxGen = Math.min(Math.max(maxGenerateOverride ?? (isDiffScope ? MAX_TESTS_TO_GENERATE : topN), 0), topN);
+    const maxGen = isUIOnlyPR ? (hasTraces ? baseMaxGen : 0) : baseMaxGen;
     const scenarios = analysis.businessContext.draftedScenarios;
     let scored = [];
     let seed = "";

package/build/prompts/test-recommendation/test-recommendation-prompt.test.js

@@ -2,7 +2,7 @@ jest.mock("@skyramp/skyramp", () => ({
     WorkspaceConfigManager: { create: jest.fn() },
 }));
 import { buildRecommendationPrompt } from "./test-recommendation-prompt.js";
-import { PATH_PARAM_UUID_GUIDANCE, MAX_TESTS_TO_GENERATE } from "./recommendationSections.js";
+import { PATH_PARAM_UUID_GUIDANCE, MAX_TESTS_TO_GENERATE, buildTestQualityCriteria } from "./recommendationSections.js";
 // ---------------------------------------------------------------------------
 // Minimal fixtures
 // ---------------------------------------------------------------------------
@@ -315,7 +315,7 @@ describe("buildRecommendationPrompt — Stability and supplement section", () =>
         });
         const prompt = buildRecommendationPrompt(analysis, "full_repo", 10);
         expect(prompt).toContain("REQUIRED — You MUST add");
-        expect(prompt).toContain("5-dimension rubric");
+        expect(prompt).toContain("6-dimension rubric");
     });
     // Verify MAX_TESTS_TO_GENERATE is still exported and equals 3
     it("MAX_TESTS_TO_GENERATE is 3", () => {
@@ -369,3 +369,240 @@ describe("PATH_PARAM_UUID_GUIDANCE — no hardcoded UUID anchor", () => {
         expect(prompt).not.toMatch(UUID_V4_REGEX);
     });
 });
+// ---------------------------------------------------------------------------
+// Tests — maxGenerateOverride parameter in buildRecommendationPrompt
+// ---------------------------------------------------------------------------
+describe("buildRecommendationPrompt — maxGenerateOverride", () => {
+    const scenariosForOverride = Array.from({ length: 6 }, (_, i) => minimalScenario({
+        scenarioName: `scenario-${i}`,
+        description: `Test scenario ${i}`,
+        category: i < 2 ? "security_boundary" : "crud",
+        priority: i < 2 ? "high" : "low",
+    }));
+    const analysisWithScenarios = minimalAnalysis({
+        businessContext: {
+            mainPurpose: "Test API",
+            userFlows: [],
+            dataFlows: [],
+            integrationPatterns: [],
+            draftedScenarios: scenariosForOverride,
+        },
+    });
+    it("uses MAX_TESTS_TO_GENERATE as default when maxGenerateOverride is undefined", () => {
+        const prompt = buildRecommendationPrompt(analysisWithScenarios, "current_branch_diff", 10);
+        expect(prompt).toContain(`Budget: ${MAX_TESTS_TO_GENERATE} generate`);
+    });
+    it("respects maxGenerateOverride when provided", () => {
+        const prompt = buildRecommendationPrompt(analysisWithScenarios, "current_branch_diff", 10, undefined, undefined, undefined, 5);
+        expect(prompt).toContain("Budget: 5 generate");
+        expect(prompt).toContain("additional = 10 total");
+    });
+    it("clamps maxGenerateOverride to topN when override exceeds topN", () => {
+        const prompt = buildRecommendationPrompt(analysisWithScenarios, "current_branch_diff", 4, undefined, undefined, undefined, 10);
+        expect(prompt).toContain("Budget: 4 generate");
+    });
+    it("clamps maxGenerateOverride to 0 when negative", () => {
+        const prompt = buildRecommendationPrompt(analysisWithScenarios, "current_branch_diff", 10, undefined, undefined, undefined, -5);
+        expect(prompt).toContain("Budget: 0 generate");
+    });
+    it("allows maxGenerateOverride of 0 to produce no generate items", () => {
+        const prompt = buildRecommendationPrompt(analysisWithScenarios, "current_branch_diff", 10, undefined, undefined, undefined, 0);
+        expect(prompt).toContain("Budget: 0 generate");
+        expect(prompt).not.toContain("#1 — GENERATE");
+    });
+    it("uses topN as default maxGen in full_repo scope when maxGenerateOverride is undefined", () => {
+        const prompt = buildRecommendationPrompt(analysisWithScenarios, "full_repo", 6);
+        expect(prompt).toContain("Budget: 6 generate");
+    });
+    it("overrides full_repo default when maxGenerateOverride is provided", () => {
+        const prompt = buildRecommendationPrompt(analysisWithScenarios, "full_repo", 6, undefined, undefined, undefined, 2);
+        expect(prompt).toContain("Budget: 2 generate");
+        expect(prompt).toContain("additional = 6 total");
+    });
+});
+// ---------------------------------------------------------------------------
+// Tests — Additional recommendation dedup (Fix 1) and E2E slot guard (Fix 2)
+// ---------------------------------------------------------------------------
+describe("buildRecommendationPrompt — additional recommendation dedup", () => {
+    function patchOrdersScenario(name, overrides = {}) {
+        return {
+            scenarioName: name,
+            description: `Test ${name}`,
+            category: "new_endpoint",
+            priority: "high",
+            steps: [
+                { order: 1, method: "POST", path: "/api/v1/products", description: "Create product", interactionType: "success", expectedStatusCode: 201 },
+                { order: 2, method: "POST", path: "/api/v1/orders", description: "Create order", interactionType: "success", expectedStatusCode: 201 },
+                { order: 3, method: "PATCH", path: "/api/v1/orders/{order_id}", description: "Patch order", interactionType: "success", expectedStatusCode: 200 },
+            ],
+            chainingKeys: ["id"],
+            requiresAuth: false,
+            estimatedComplexity: "complex",
+            testType: "integration",
+            ...overrides,
+        };
+    }
+    function analysisWithPatchScenarios(scenarios) {
+        return minimalAnalysis({
+            businessContext: {
+                mainPurpose: "Order API",
+                userFlows: [],
+                dataFlows: [],
+                integrationPatterns: [],
+                draftedScenarios: scenarios,
+            },
+            branchDiffContext: {
+                baseBranch: "main",
+                currentBranch: "feature/patch-orders",
+                changedFiles: ["backend/src/api/orders.py", "src/frontend/components/OrderDetail.tsx"],
+                newEndpoints: [{ path: "/api/v1/orders/{order_id}", methods: [{ method: "PATCH", sourceFile: "routes.py", interactionCount: 0 }] }],
+                modifiedEndpoints: [],
+                affectedServices: [],
+            },
+            apiEndpoints: {
+                totalCount: 3,
+                baseUrl: "http://localhost:8000",
+                endpoints: [
+                    { path: "/api/v1/products", resourceGroup: "products", pathParams: [], methods: [{ method: "POST", description: "Create product", queryParams: [], authRequired: false, sourceFile: "routes.py", interactions: [] }] },
+                    { path: "/api/v1/orders", resourceGroup: "orders", pathParams: [], methods: [{ method: "POST", description: "Create order", queryParams: [], authRequired: false, sourceFile: "routes.py", interactions: [] }] },
+                    { path: "/api/v1/orders/{order_id}", resourceGroup: "orders", pathParams: [{ name: "order_id", type: "string", required: true }], methods: [{ method: "PATCH", description: "Update order", queryParams: [], authRequired: false, sourceFile: "routes.py", interactions: [] }] },
+                ],
+            },
+        });
+    }
+    it("filters additional items that share resource and test type with GENERATE items", () => {
+        const scenarios = [
+            patchOrdersScenario("orders-patch-add-items-recalculate"),
+            patchOrdersScenario("orders-patch-new-endpoint-happy-path"),
+            patchOrdersScenario("orders-patch-items-cleanup-verification"),
+            patchOrdersScenario("orders-patch-discount-fixed"),
+            patchOrdersScenario("orders-patch-another-variant"),
+        ];
+        const analysis = analysisWithPatchScenarios(scenarios);
+        const prompt = buildRecommendationPrompt(analysis, "current_branch_diff", 10, undefined, undefined, undefined, 2);
+        // First 2 become GENERATE, the remaining share orders::integration → should be filtered
+        const additionalMatches = prompt.match(/#\d+ \[ADDITIONAL\]/g) || [];
+        const ordersPatchAdditional = (prompt.match(/\[ADDITIONAL\].*orders-patch/g) || []);
+        // Same-resource same-type scenarios should NOT appear in ADDITIONAL
+        expect(ordersPatchAdditional.length).toBe(0);
+    });
+    it("preserves additional items with different test type for same endpoint", () => {
+        const scenarios = [
+            patchOrdersScenario("orders-patch-add-items-recalculate"),
+            patchOrdersScenario("orders-patch-new-endpoint-happy-path"),
+            // Contract test for same endpoint — different test type, should survive dedup
+            {
+                ...patchOrdersScenario("orders-patch-contract"),
+                testType: "contract",
+                steps: [{ order: 1, method: "PATCH", path: "/api/v1/orders/{order_id}", description: "Contract test", interactionType: "success", expectedStatusCode: 200 }],
+            },
+        ];
+        const analysis = analysisWithPatchScenarios(scenarios);
+        const prompt = buildRecommendationPrompt(analysis, "current_branch_diff", 10, undefined, undefined, undefined, 2);
+        // Contract test targets orders but is a different type → should be in ADDITIONAL
+        expect(prompt).toContain("orders-patch-contract");
+    });
+    it("preserves additional items targeting a different resource", () => {
+        const scenarios = [
+            patchOrdersScenario("orders-patch-add-items-recalculate"),
+            patchOrdersScenario("orders-patch-new-endpoint-happy-path"),
+            // Different resource entirely
+            {
+                ...patchOrdersScenario("products-unique-constraint"),
+                steps: [
+                    { order: 1, method: "POST", path: "/api/v1/products", description: "Create product", interactionType: "success", expectedStatusCode: 201 },
+                    { order: 2, method: "POST", path: "/api/v1/products", description: "Create duplicate", interactionType: "error", expectedStatusCode: 409 },
+                ],
+            },
+        ];
+        const analysis = analysisWithPatchScenarios(scenarios);
+        const prompt = buildRecommendationPrompt(analysis, "current_branch_diff", 10, undefined, undefined, undefined, 2);
+        expect(prompt).toContain("products-unique-constraint");
+    });
+});
+describe("buildRecommendationPrompt — E2E slot guard (Fix 2)", () => {
+    function uiScenario() {
+        return {
+            scenarioName: "ui-edit-order-crash",
+            description: "UI test for edit order crash",
+            category: "new_endpoint",
+            priority: "high",
+            steps: [
+                { order: 1, method: "GET", path: "/orders/{order_id}", description: "Navigate to order detail", interactionType: "success", expectedStatusCode: 200 },
+            ],
+            chainingKeys: [],
+            requiresAuth: false,
+            estimatedComplexity: "simple",
+            testType: "ui",
+        };
+    }
+    it("suppresses E2E additional slot when UI test is in GENERATE list", () => {
+        const scenarios = [
+            minimalScenario({ scenarioName: "integration-test-1", category: "new_endpoint" }),
+            uiScenario(),
+        ];
+        const analysis = minimalAnalysis({
+            businessContext: { mainPurpose: "Test", userFlows: [], dataFlows: [], integrationPatterns: [], draftedScenarios: scenarios },
+            branchDiffContext: {
+                baseBranch: "main",
+                currentBranch: "feature/test",
+                changedFiles: ["backend/routes.py", "src/frontend/components/App.tsx"],
+                newEndpoints: [{ path: "/api/items/{id}", methods: [{ method: "PATCH", sourceFile: "routes.py", interactionCount: 0 }] }],
+                modifiedEndpoints: [],
+                affectedServices: [],
+            },
+        });
+        const prompt = buildRecommendationPrompt(analysis, "current_branch_diff", 10, undefined, undefined, undefined, 3);
+        expect(prompt).not.toContain("e2e-flow-for-changed-feature");
+    });
+    it("includes E2E additional slot when no UI test is generated and no UI slot reserved", () => {
+        const scenarios = [
+            minimalScenario({ scenarioName: "integration-test-1", category: "new_endpoint" }),
+            minimalScenario({ scenarioName: "integration-test-2", category: "new_endpoint" }),
+        ];
+        const analysis = minimalAnalysis({
+            businessContext: { mainPurpose: "Test", userFlows: [], dataFlows: [], integrationPatterns: [], draftedScenarios: scenarios },
+            branchDiffContext: {
+                baseBranch: "main",
+                currentBranch: "feature/test",
+                changedFiles: ["backend/routes.py", "src/frontend/components/App.tsx"],
+                newEndpoints: [{ path: "/api/items", methods: [{ method: "POST", sourceFile: "routes.py", interactionCount: 0 }] }],
+                modifiedEndpoints: [],
+                affectedServices: [],
+            },
+        });
+        // maxGen=1 so reserveUIGenSlot is false (requires maxGen > 1),
+        // and no UI scenario in GENERATE → E2E slot should appear
+        const prompt = buildRecommendationPrompt(analysis, "current_branch_diff", 10, undefined, undefined, undefined, 1);
+        expect(prompt).toContain("e2e-flow-for-changed-feature");
+    });
+});
+// ---------------------------------------------------------------------------
+// Tests — buildTestQualityCriteria contract-test guidance (regression guard)
+// ---------------------------------------------------------------------------
+describe("buildTestQualityCriteria — contract test guidance for error-handling", () => {
+    it("includes guidance to use contract tests for single-endpoint error-handling scenarios", () => {
+        const criteria = buildTestQualityCriteria();
+        expect(criteria).toContain("Contract tests");
+        expect(criteria).toContain("error-handling scenarios on a single");
+        expect(criteria).toContain("Do NOT add setup steps just to avoid hardcoding an ID");
+    });
+    it("instructs to use a hardcoded nonexistent ID to keep it a single-step test", () => {
+        const criteria = buildTestQualityCriteria();
+        expect(criteria).toContain("99999");
+        expect(criteria).toContain("single-step contract test");
+    });
+    it("is included in the recommendation prompt when scored scenarios exist", () => {
+        const analysis = minimalAnalysis({
+            businessContext: {
+                mainPurpose: "Test API",
+                userFlows: [],
+                dataFlows: [],
+                integrationPatterns: [],
+                draftedScenarios: [minimalScenario()],
+            },
+        });
+        const prompt = buildRecommendationPrompt(analysis, "full_repo", 10);
+        expect(prompt).toContain("Do NOT add setup steps just to avoid hardcoding an ID");
+    });
+});