@sun-asterisk/sungen 2.7.0-beta.1 → 3.0.0-beta.71

package/src/harness/manifest.ts

@@ -0,0 +1,173 @@
+/**
+ * Manifest + spec-fingerprint — make testcases reflect the SOFTWARE, not chase it.
+ *
+ * Records, per scenario, which spec section it was derived from + a hash of that
+ * section. On re-run, diff current spec hashes vs the manifest to classify each
+ * scenario: keep / regenerate / retire — so the orchestrator regenerates only the
+ * parts whose spec changed (stable + cheap), and never silently drifts.
+ *
+ * Deterministic. Manifest lives at .sungen/manifest/<screen>.json.
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import { createHash } from 'crypto';
+
+export interface SpecSection { name: string; hash: string }
+export interface ManifestEntry { scenario: string; vpCode?: string; section: string; specHash: string }
+export interface Manifest {
+  screen: string;
+  builtAt: string;
+  specSections: Record<string, string>;   // section name → hash (snapshot at build time)
+  entries: ManifestEntry[];                // scenario ↔ section ↔ hash
+}
+
+export type ChangeKind = 'keep' | 'regenerate' | 'retire';
+export interface ChangePlan {
+  screen: string;
+  scenarios: { scenario: string; section: string; change: ChangeKind; reason: string }[];
+  newSections: string[];     // spec sections with no scenario yet → generate
+  removedSections: string[]; // sections in manifest no longer in spec
+  summary: { keep: number; regenerate: number; retire: number; newSections: number };
+}
+
+function norm(s: string): string {
+  return s.replace(/\(Tier[^)]*\)/i, '').replace(/[#*-]/g, '').trim().toLowerCase().replace(/\s+/g, ' ');
+}
+function shortHash(s: string): string {
+  return createHash('sha1').update(s).digest('hex').slice(0, 12);
+}
+
+const NO_SPEC = '(no-spec-link)';
+
+/**
+ * Match a feature section name to a spec section name. Feature comments often
+ * combine spec sections (e.g. "features items / product cards" → spec "features
+ * items"), so fall back to longest substring match in either direction.
+ */
+function matchSection(featureSection: string, specNames: string[]): string | null {
+  if (specNames.includes(featureSection)) return featureSection;
+  let best: string | null = null;
+  for (const s of specNames) {
+    if (featureSection.includes(s) || s.includes(featureSection)) {
+      if (!best || s.length > best.length) best = s;
+    }
+  }
+  return best;
+}
+
+/** Parse spec.md into hashable sections (## and ### headings; "Section:" prefix stripped). */
+export function parseSpecSections(specPath: string): SpecSection[] {
+  if (!fs.existsSync(specPath)) return [];
+  const lines = fs.readFileSync(specPath, 'utf-8').split('\n');
+  const sections: { name: string; body: string[] }[] = [];
+  let cur: { name: string; body: string[] } | null = null;
+  for (const line of lines) {
+    const h = line.match(/^#{2,3}\s+(.*)$/);
+    if (h) {
+      if (cur) sections.push(cur);
+      const name = h[1].replace(/^Section:\s*/i, '').trim();
+      cur = { name, body: [] };
+    } else if (cur) {
+      cur.body.push(line);
+    }
+  }
+  if (cur) sections.push(cur);
+  return sections.map((s) => ({ name: norm(s.name), hash: shortHash(s.body.join('\n').trim()) }));
+}
+
+/** Parse feature into scenario → section mapping using `# --- Section: X ---` comments. */
+function parseFeatureSections(featurePath: string): { scenario: string; vpCode?: string; section: string }[] {
+  if (!fs.existsSync(featurePath)) return [];
+  const lines = fs.readFileSync(featurePath, 'utf-8').split('\n');
+  const out: { scenario: string; vpCode?: string; section: string }[] = [];
+  let section = '(unsectioned)';
+  for (const raw of lines) {
+    const line = raw.trim();
+    const sc = line.match(/^#\s*-{2,}\s*Section:\s*(.*?)\s*-{2,}\s*$/i);
+    if (sc) { section = norm(sc[1]); continue; }
+    const s = line.match(/^Scenario:\s*(.*)$/);
+    if (s) {
+      const name = s[1].trim();
+      const code = name.match(/\bVP-[A-Z]+-\d+/i)?.[0];
+      out.push({ scenario: name, vpCode: code, section });
+    }
+  }
+  return out;
+}
+
+export function buildManifest(screenDir: string, screenName: string): Manifest {
+  const specPath = path.join(screenDir, 'requirements', 'spec.md');
+  const featurePath = path.join(screenDir, 'features', `${screenName}.feature`);
+  const specSections = parseSpecSections(specPath);
+  const specMap: Record<string, string> = {};
+  for (const s of specSections) specMap[s.name] = s.hash;
+
+  const specNames = Object.keys(specMap);
+  const featScenarios = parseFeatureSections(featurePath);
+  const entries: ManifestEntry[] = featScenarios.map((f) => {
+    const matched = matchSection(f.section, specNames);
+    return {
+      scenario: f.scenario,
+      vpCode: f.vpCode,
+      section: matched ?? f.section,         // canonical spec section when matched
+      specHash: matched ? specMap[matched] : NO_SPEC,
+    };
+  });
+
+  return {
+    screen: screenName,
+    builtAt: new Date().toISOString(),
+    specSections: specMap,
+    entries,
+  };
+}
+
+export function diffManifest(screenDir: string, screenName: string, manifest: Manifest): ChangePlan {
+  const specPath = path.join(screenDir, 'requirements', 'spec.md');
+  const current = parseSpecSections(specPath);
+  const currentMap: Record<string, string> = {};
+  for (const s of current) currentMap[s.name] = s.hash;
+
+  const scenarios = manifest.entries.map((e) => {
+    let change: ChangeKind; let reason: string;
+    if (e.specHash === NO_SPEC) { change = 'keep'; reason = 'not linked to a spec section (manual/cross-cutting)'; }
+    else {
+      const now = currentMap[e.section];
+      if (now === undefined) { change = 'retire'; reason = `spec section "${e.section}" no longer exists`; }
+      else if (now !== e.specHash) { change = 'regenerate'; reason = `spec section "${e.section}" changed (${e.specHash} → ${now})`; }
+      else { change = 'keep'; reason = 'spec section unchanged'; }
+    }
+    return { scenario: e.scenario, section: e.section, change, reason };
+  });
+
+  const manifestSections = new Set(manifest.entries.map((e) => e.section));
+  const newSections = Object.keys(currentMap).filter((s) => !manifestSections.has(s) && !manifest.specSections[s]);
+  const removedSections = Object.keys(manifest.specSections).filter((s) => currentMap[s] === undefined);
+
+  return {
+    screen: screenName,
+    scenarios,
+    newSections,
+    removedSections,
+    summary: {
+      keep: scenarios.filter((s) => s.change === 'keep').length,
+      regenerate: scenarios.filter((s) => s.change === 'regenerate').length,
+      retire: scenarios.filter((s) => s.change === 'retire').length,
+      newSections: newSections.length,
+    },
+  };
+}
+
+export function manifestPath(screenName: string): string {
+  return path.join(process.cwd(), '.sungen', 'manifest', `${screenName}.json`);
+}
+export function loadManifest(screenName: string): Manifest | null {
+  const p = manifestPath(screenName);
+  return fs.existsSync(p) ? JSON.parse(fs.readFileSync(p, 'utf-8')) : null;
+}
+export function saveManifest(m: Manifest): string {
+  const p = manifestPath(m.screen);
+  fs.mkdirSync(path.dirname(p), { recursive: true });
+  fs.writeFileSync(p, JSON.stringify(m, null, 2), 'utf-8');
+  return p;
+}

package/src/harness/parse.ts

@@ -0,0 +1,145 @@
+/**
+ * Harness parsers — load the two test-design artifacts the sensors operate on:
+ *   1. requirements/test-viewpoint.md  → viewpoint-overview (id, priority, group)
+ *   2. features/<screen>.feature        → scenarios (vp code, priority, Then-shape)
+ *
+ * Reuses the existing GherkinParser (framework-agnostic) for the .feature file.
+ */
+import * as fs from 'fs';
+import { GherkinParser, ParsedScenario, ParsedStep } from '../generators/gherkin-parser';
+
+export type Priority = 'high' | 'normal' | 'low' | 'unknown';
+
+export interface ViewpointEntry {
+  id: string;            // e.g. VP-DATA-CONSISTENCY
+  priority: 'High' | 'Medium' | 'Low' | 'Unknown';
+  reason: string;
+  group?: 'Required' | 'Recommended' | 'Optional';
+}
+
+export interface ScenarioInfo {
+  name: string;
+  vpCode?: string;       // VP-CART-001 style code in the scenario title
+  category?: string;     // CART, LIST, VAL, ... (from the code)
+  priority: Priority;
+  manual: boolean;
+  thenCount: number;
+  hasDataAssertion: boolean;  // a Then asserts {{data}} / contains / match data
+  shallow: boolean;           // asserts only visibility/navigation (no data)
+  stepSkeleton: string;       // normalized steps for duplicate clustering
+  haystack: string;           // lowercase name + steps text (for keyword coverage)
+}
+
+// ---------- test-viewpoint.md ----------
+
+export function parseViewpointOverview(filePath: string): ViewpointEntry[] {
+  if (!fs.existsSync(filePath)) return [];
+  const text = fs.readFileSync(filePath, 'utf-8');
+  const lines = text.split('\n');
+
+  const entries = new Map<string, ViewpointEntry>();
+
+  // 1) Priority Viewpoints table: | VP | Priority | Reason |
+  let inPriorityTable = false;
+  for (const raw of lines) {
+    const line = raw.trim();
+    if (/^##\s+Priority Viewpoints/i.test(line)) { inPriorityTable = true; continue; }
+    if (inPriorityTable && /^##\s/.test(line)) { inPriorityTable = false; }
+    if (inPriorityTable && line.startsWith('|')) {
+      const cells = line.split('|').map((c) => c.trim()).filter((_, i, a) => i > 0 && i < a.length - 1);
+      if (cells.length >= 3) {
+        const id = cells[0];
+        if (/^VP[-A-Z0-9]/i.test(id) && !/^vp$/i.test(id) && !/^-+$/.test(cells[1])) {
+          const pr = /high/i.test(cells[1]) ? 'High' : /medium/i.test(cells[1]) ? 'Medium' : /low/i.test(cells[1]) ? 'Low' : 'Unknown';
+          entries.set(id.toUpperCase(), { id: id.toUpperCase(), priority: pr as any, reason: cells[2] });
+        }
+      }
+    }
+  }
+
+  // 2) Viewpoint Grouping: ### Required / ### Recommended / ### Optional → bullet list
+  let group: ViewpointEntry['group'] | undefined;
+  for (const raw of lines) {
+    const line = raw.trim();
+    const g = line.match(/^###\s+(Required|Recommended|Optional)/i);
+    if (g) { group = (g[1][0].toUpperCase() + g[1].slice(1).toLowerCase()) as any; continue; }
+    if (/^##\s/.test(line)) { group = undefined; }
+    if (group) {
+      const m = line.match(/^-\s+(VP[-A-Z0-9]+)/i);
+      if (m) {
+        const id = m[1].toUpperCase();
+        const existing = entries.get(id);
+        if (existing) existing.group = group;
+        else entries.set(id, { id, priority: 'Unknown', reason: '', group });
+      }
+    }
+  }
+
+  return [...entries.values()];
+}
+
+// ---------- .feature ----------
+
+const PRIORITY_TAGS: Record<string, Priority> = { '@high': 'high', '@normal': 'normal', '@low': 'low' };
+
+function classifyScenario(sc: ParsedScenario): ScenarioInfo {
+  const tags = sc.tags || [];
+  const manual = tags.includes('@manual');
+  let priority: Priority = 'unknown';
+  for (const t of tags) if (PRIORITY_TAGS[t]) priority = PRIORITY_TAGS[t];
+
+  const codeMatch = sc.name.match(/\bVP-([A-Z]+)-\d+/i);
+  const vpCode = codeMatch ? codeMatch[0].toUpperCase() : undefined;
+  const category = codeMatch ? codeMatch[1].toUpperCase() : undefined;
+
+  // Then-phase detection (And/But inherit previous primary keyword)
+  let last = 'Given';
+  let thenCount = 0;
+  let hasData = false;
+  const skeletonParts: string[] = [];
+  const textParts: string[] = [sc.name];
+
+  for (const step of sc.steps as ParsedStep[]) {
+    const kw = step.keyword.trim();
+    if (kw === 'Given' || kw === 'When' || kw === 'Then') last = kw;
+    textParts.push(step.text);
+    // normalized skeleton: keep [refs] (distinct targets = distinct tests),
+    // but neutralize {{vars}} and quoted values so EP/data families collapse.
+    const skel = step.text
+      .replace(/\{\{[^}]*\}\}/g, '{}')
+      .replace(/"[^"]*"/g, '""')
+      .replace(/\s+/g, ' ')
+      .trim()
+      .toLowerCase();
+    skeletonParts.push(`${kw === 'And' || kw === 'But' ? last : kw}:${skel}`);
+
+    if (last === 'Then') {
+      thenCount++;
+      if (/\{\{|contains|match data|toHaveText/i.test(step.text)) hasData = true;
+    }
+  }
+
+  const shallow = thenCount > 0 && !hasData;
+
+  return {
+    name: sc.name,
+    vpCode,
+    category,
+    priority,
+    manual,
+    thenCount,
+    hasDataAssertion: hasData,
+    shallow,
+    stepSkeleton: skeletonParts.join(' | '),
+    haystack: textParts.join(' ').toLowerCase(),
+  };
+}
+
+export function loadScenarios(featurePath: string): ScenarioInfo[] {
+  if (!fs.existsSync(featurePath)) return [];
+  const parser = new GherkinParser();
+  const feature = parser.parseFeatureFile(featurePath);
+  return (feature.scenarios || [])
+    .filter((s) => !s.stepsName && !s.hookType) // skip @steps/@hook blocks
+    .map(classifyScenario);
+}

package/src/harness/script-check.ts

@@ -0,0 +1,149 @@
+/**
+ * Script-check — verify the generated Playwright spec is a faithful 1:1 of the
+ * Gherkin feature, i.e. "the testcase and the test code are not two different things".
+ *
+ * Two deterministic checks:
+ *   A. Structural 1:1 — every non-@manual / non-@steps scenario has exactly one
+ *      matching `test('<title>')` block in the committed spec (and no extras).
+ *   B. Drift — regenerate the spec from the SAME .feature + selectors + test-data
+ *      into a temp dir and diff against the committed spec. Any difference means
+ *      the committed spec was hand-edited or is stale (feature changed without a
+ *      regenerate) → the script no longer reflects the testcase.
+ *
+ * Pure-deterministic (reuses the compiler). No AI.
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { loadScenarios } from './parse';
+
+export interface ScriptCheckResult {
+  screen: string;
+  specPath: string | null;
+  automatedScenarios: number;   // non-manual, non-steps
+  manualScenarios: number;
+  specTestBlocks: number;
+  countMatch: boolean;
+  missingInSpec: string[];      // scenario titles with no test() block
+  extraInSpec: string[];        // test() titles with no scenario
+  drift: 'in-sync' | 'drift' | 'no-spec';
+  driftHunks: string[];         // sample differing lines (committed vs regenerated)
+  status: 'OK' | 'FAIL';
+  findings: string[];
+}
+
+function extractTestTitles(specSrc: string): string[] {
+  // Count real test cases only: test(...), test.only/.skip/.fixme(...).
+  // Exclude test.describe / test.beforeAll / hooks (not test cases).
+  const titles: string[] = [];
+  const re = /\btest(?:\.(?:only|skip|fixme))?\(\s*(['"`])([^'"`]+)\1/g;
+  let m: RegExpExecArray | null;
+  while ((m = re.exec(specSrc))) titles.push(m[2].trim());
+  return titles;
+}
+
+function normalize(src: string): string {
+  return src
+    .split('\n')
+    .map((l) => l.replace(/\s+$/, ''))
+    .join('\n')
+    .replace(/\n{3,}/g, '\n\n')
+    .trim();
+}
+
+function findSpec(dir: string, screen: string): string | null {
+  // generated spec: <dir>/<screen>/<feature>.spec.ts  (or nested)
+  const hits: string[] = [];
+  const walk = (d: string) => {
+    if (!fs.existsSync(d)) return;
+    for (const e of fs.readdirSync(d, { withFileTypes: true })) {
+      const p = path.join(d, e.name);
+      if (e.isDirectory()) walk(p);
+      else if (e.name.endsWith('.spec.ts')) hits.push(p);
+    }
+  };
+  walk(dir);
+  return hits[0] ?? null;
+}
+
+export async function runScriptCheck(screenDir: string, screenName: string, flowMode: boolean): Promise<ScriptCheckResult> {
+  const featurePath = path.join(screenDir, 'features', `${screenName}.feature`);
+  const scenarios = loadScenarios(featurePath);
+  const automated = scenarios.filter((s) => !s.manual);
+  const manual = scenarios.filter((s) => s.manual);
+
+  const committedSpec = findSpec(path.join(process.cwd(), 'specs', 'generated'), screenName);
+
+  const findings: string[] = [];
+  let specTitles: string[] = [];
+  let specSrc = '';
+  if (committedSpec) {
+    specSrc = fs.readFileSync(committedSpec, 'utf-8');
+    specTitles = extractTestTitles(specSrc);
+  } else {
+    findings.push('No generated spec found under specs/generated/ — run `sungen generate` / `/sungen:run-test` first.');
+  }
+
+  // A. Structural 1:1
+  const specTitleSet = new Set(specTitles);
+  const scenTitleSet = new Set(automated.map((s) => s.name));
+  const missingInSpec = automated.filter((s) => !specTitleSet.has(s.name)).map((s) => s.name);
+  const extraInSpec = specTitles.filter((t) => !scenTitleSet.has(t));
+  const countMatch = committedSpec ? automated.length === specTitles.length : false;
+  if (committedSpec && !countMatch) {
+    findings.push(`Count mismatch: ${automated.length} automated scenarios vs ${specTitles.length} test() blocks.`);
+  }
+  for (const t of missingInSpec) findings.push(`MISSING in spec: scenario "${t}" has no test() block (stale spec — regenerate).`);
+  for (const t of extraInSpec) findings.push(`EXTRA in spec: test "${t}" has no matching scenario (hand-edited spec).`);
+
+  // B. Drift — regenerate to temp and diff
+  let drift: ScriptCheckResult['drift'] = committedSpec ? 'in-sync' : 'no-spec';
+  const driftHunks: string[] = [];
+  if (committedSpec) {
+    try {
+      const { CodeGenerator } = require('../generators/test-generator/code-generator');
+      const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'sungen-scriptcheck-'));
+      const qaSourceDir = path.join(process.cwd(), 'qa', flowMode ? 'flows' : 'screens');
+      const gen = new CodeGenerator({ framework: 'playwright', screenName, runtimeData: true, flowMode });
+      await gen.generateAllTests(qaSourceDir, tmp, [featurePath]);
+      const fresh = findSpec(tmp, screenName);
+      if (fresh) {
+        const a = normalize(specSrc);
+        const b = normalize(fs.readFileSync(fresh, 'utf-8'));
+        if (a !== b) {
+          drift = 'drift';
+          // collect a few differing lines
+          const al = a.split('\n'), bl = b.split('\n');
+          const max = Math.max(al.length, bl.length);
+          for (let i = 0, shown = 0; i < max && shown < 6; i++) {
+            if (al[i] !== bl[i]) {
+              driftHunks.push(`  L${i + 1}\n    committed: ${(al[i] ?? '∅').trim().slice(0, 100)}\n    expected : ${(bl[i] ?? '∅').trim().slice(0, 100)}`);
+              shown++;
+            }
+          }
+          findings.push('DRIFT: committed spec differs from a fresh regenerate → spec was hand-edited or the .feature changed without `sungen generate`. The test code no longer reflects the Gherkin.');
+        }
+      }
+      fs.rmSync(tmp, { recursive: true, force: true });
+    } catch (e) {
+      findings.push(`Drift check skipped (regenerate failed): ${e instanceof Error ? e.message : e}`);
+    }
+  }
+
+  const ok = !!committedSpec && countMatch && missingInSpec.length === 0 && extraInSpec.length === 0 && drift === 'in-sync';
+
+  return {
+    screen: screenName,
+    specPath: committedSpec,
+    automatedScenarios: automated.length,
+    manualScenarios: manual.length,
+    specTestBlocks: specTitles.length,
+    countMatch,
+    missingInSpec,
+    extraInSpec,
+    drift,
+    driftHunks,
+    status: ok ? 'OK' : 'FAIL',
+    findings,
+  };
+}

package/src/harness/secret-scan.ts

@@ -0,0 +1,51 @@
+/**
+ * Secret scanner (security S0) — warn (never block) when test-data appears to
+ * contain a REAL secret rather than a safe placeholder/test value.
+ *
+ * test-data/*.yaml is committed by design, so a real API key / prod token there is
+ * a leak waiting to happen. We flag high-confidence signals only, to avoid nagging
+ * about ordinary test passwords ("Test@123") or `{{vars}}`.
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+
+export interface SecretHit { file: string; line: number; reason: string }
+
+// High-confidence vendor token prefixes (very low false-positive rate).
+const VENDOR_PREFIXES = /\b(figd_[A-Za-z0-9_-]{12,}|ghp_[A-Za-z0-9]{20,}|gho_[A-Za-z0-9]{20,}|glpat-[A-Za-z0-9_-]{16,}|sk-[A-Za-z0-9]{16,}|AKIA[0-9A-Z]{12,}|xox[baprs]-[A-Za-z0-9-]{10,}|AIza[0-9A-Za-z_-]{30,})/;
+// A secret-named key assigned a long, non-placeholder value.
+const SECRET_KEY = /\b(password|passwd|secret|token|api[_-]?key|access[_-]?key|private[_-]?key|client[_-]?secret)\b\s*:\s*(.+)$/i;
+const PLACEHOLDERish = /\{\{|<.*>|changeme|example|dummy|test\b|placeholder|xxxx|\*\*\*/i;
+
+function scanText(text: string, file: string): SecretHit[] {
+  const hits: SecretHit[] = [];
+  text.split('\n').forEach((raw, i) => {
+    const line = i + 1;
+    if (VENDOR_PREFIXES.test(raw)) {
+      hits.push({ file, line, reason: 'looks like a real vendor API token/key' });
+      return;
+    }
+    const m = raw.match(SECRET_KEY);
+    if (m) {
+      const val = m[2].trim().replace(/^["']|["']$/g, '');
+      // Long, high-entropy-ish, not an obvious placeholder/test value.
+      if (val.length >= 20 && !PLACEHOLDERish.test(raw) && /[A-Za-z]/.test(val) && /[0-9]/.test(val)) {
+        hits.push({ file, line, reason: `secret-named key "${m[1]}" with a long literal value` });
+      }
+    }
+  });
+  return hits;
+}
+
+/** Scan a screen/flow dir's test-data/*.yaml for likely real secrets. */
+export function scanTestDataSecrets(baseDir: string): SecretHit[] {
+  const tdDir = path.join(baseDir, 'test-data');
+  if (!fs.existsSync(tdDir)) return [];
+  const hits: SecretHit[] = [];
+  for (const f of fs.readdirSync(tdDir)) {
+    if (!/\.ya?ml$/i.test(f)) continue;
+    const p = path.join(tdDir, f);
+    try { hits.push(...scanText(fs.readFileSync(p, 'utf-8'), path.join('test-data', f))); } catch { /* ignore */ }
+  }
+  return hits;
+}