npm - @torus-engineering/tas-kit - Versions diffs - 1.8.0 → 1.10.0 - Mend

@torus-engineering/tas-kit 1.8.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/.claude/commands/tas-apitest-plan.md +173 -0
package/.claude/commands/tas-apitest.md +143 -0
package/.claude/commands/tas-security.md +7 -1
package/.tas/README.md +334 -1588
package/.tas/hooks/README.md +138 -0
package/.tas/hooks/pre-commit +26 -0
package/.tas/hooks/security-scan.js +599 -0
package/.tas/tas-example.yaml +126 -109
package/.tas/templates/API-Test-Spec.md +400 -0
package/CLAUDE-Example.md +61 -58
package/README.md +334 -82
package/bin/cli.js +24 -7
package/lib/deleted-files.json +36 -33
package/lib/install.js +161 -47
package/package.json +1 -1
package/.claude/commands/tas-api-test.md +0 -95

package/lib/install.js CHANGED Viewed

@@ -31,16 +31,21 @@ async function removeDeletedFiles(target, deletedFiles) {
   return { removed, skipped };
 }
-async function confirm(question) {
+async function ask(question, defaultValue = '') {
   const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
   return new Promise((resolve) => {
-    rl.question(`${question} [y/N] `, (answer) => {
+    rl.question(question, (answer) => {
       rl.close();
-      resolve(answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes');
+      resolve((answer || '').trim() || defaultValue);
     });
   });
 }
+async function confirm(question) {
+  const answer = await ask(`${question} [y/N] `);
+  return answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes';
+}
 async function exists(p) {
   return fs.access(p).then(() => true).catch(() => false);
 }
@@ -49,10 +54,131 @@ async function copyDir(src, dest) {
   await fs.cp(src, dest, { recursive: true });
 }
-export async function update({ directory, yes }) {
+// ─── Security hook wiring ────────────────────────────────────────────────────
+async function chooseSecurityHookMode({ target, yes, forced }) {
+  if (forced) return forced;
+  if (yes) return 'native';
+  const hasPackageJson = await exists(path.join(target, 'package.json'));
+  const hint = hasPackageJson
+    ? '  Detected package.json — husky mode is available.'
+    : '  No package.json — husky mode will add one or fall back to native.';
+  console.log('\n  Pre-commit security hook wiring:');
+  console.log(hint);
+  console.log('    [1] husky     — shared via git, requires Node project');
+  console.log('    [2] native    — plain .git/hooks/pre-commit, any stack');
+  console.log('    [3] skip      — wire it later with "tas-kit install --security-hook=..."');
+  const answer = await ask('  Choose [1/2/3] (default: 2): ', '2');
+  if (answer === '1') return 'husky';
+  if (answer === '3') return 'none';
+  return 'native';
+}
+async function installSecurityHookNative({ target }) {
+  const gitDir = path.join(target, '.git');
+  if (!(await exists(gitDir))) {
+    console.warn('  [skip] Security hook (native): .git/ not found — run `git init` first, then re-run installer with --security-hook=native');
+    return false;
+  }
+  const hooksDir = path.join(gitDir, 'hooks');
+  await fs.mkdir(hooksDir, { recursive: true });
+  const src = path.join(PACKAGE_DIR, '.tas', 'hooks', 'pre-commit');
+  const dest = path.join(hooksDir, 'pre-commit');
+  if (await exists(dest)) {
+    const existing = await fs.readFile(dest, 'utf8').catch(() => '');
+    if (!existing.includes('TAS Kit')) {
+      const backup = dest + '.backup';
+      await fs.copyFile(dest, backup);
+      console.log('  [ok] .git/hooks/pre-commit.backup (preserved existing hook)');
+    }
+  }
+  await fs.copyFile(src, dest);
+  if (process.platform !== 'win32') {
+    await fs.chmod(dest, 0o755);
+  }
+  console.log('  [ok] .git/hooks/pre-commit (security scan wired — native)');
+  return true;
+}
+async function installSecurityHookHusky({ target }) {
+  const pkgPath = path.join(target, 'package.json');
+  const hasPackageJson = await exists(pkgPath);
+  if (!hasPackageJson) {
+    console.warn('  [warn] Security hook (husky): no package.json — falling back to native mode');
+    return await installSecurityHookNative({ target });
+  }
+  // Read + update package.json (add prepare script + husky devDep)
+  let pkg;
+  try {
+    pkg = JSON.parse(await fs.readFile(pkgPath, 'utf8'));
+  } catch (err) {
+    console.warn(`  [warn] Security hook (husky): package.json unreadable (${err.message}) — falling back to native`);
+    return await installSecurityHookNative({ target });
+  }
+  pkg.scripts = pkg.scripts || {};
+  if (!pkg.scripts.prepare) {
+    pkg.scripts.prepare = 'husky';
+  } else if (!/husky/.test(pkg.scripts.prepare)) {
+    pkg.scripts.prepare = `${pkg.scripts.prepare} && husky`;
+  }
+  pkg.devDependencies = pkg.devDependencies || {};
+  if (!pkg.devDependencies.husky) {
+    pkg.devDependencies.husky = '^9.1.0';
+  }
+  await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
+  console.log('  [ok] package.json (husky devDep + prepare script)');
+  // Write .husky/pre-commit
+  const huskyDir = path.join(target, '.husky');
+  await fs.mkdir(huskyDir, { recursive: true });
+  const huskyHook = path.join(huskyDir, 'pre-commit');
+  const content = [
+    '# TAS Kit — husky pre-commit (delegates to .tas/hooks/pre-commit)',
+    '. "$(dirname -- "$0")/../.tas/hooks/pre-commit"',
+    '',
+  ].join('\n');
+  await fs.writeFile(huskyHook, content);
+  if (process.platform !== 'win32') {
+    await fs.chmod(huskyHook, 0o755);
+  }
+  console.log('  [ok] .husky/pre-commit (delegates to .tas/hooks/pre-commit)');
+  console.log('  [--] Run `npm install` in the project to activate husky');
+  return true;
+}
+async function installSecurityHook({ target, mode }) {
+  if (mode === 'none' || !mode) {
+    console.log('  [skip] Security hook (you can enable later: tas-kit install --security-hook=native|husky)');
+    return;
+  }
+  if (mode === 'husky') {
+    await installSecurityHookHusky({ target });
+    return;
+  }
+  if (mode === 'native') {
+    await installSecurityHookNative({ target });
+    return;
+  }
+  console.warn(`  [warn] Unknown security hook mode: "${mode}" — skipping`);
+}
+// ─── Update ──────────────────────────────────────────────────────────────────
+export async function update({ directory, yes, securityHook }) {
   const target = path.resolve(directory);
-  // Must already have .claude/ or .tas/ — otherwise suggest install
   const claudeExists = await exists(path.join(target, '.claude'));
   const tasExists = await exists(path.join(target, '.tas'));
   if (!claudeExists && !tasExists) {
@@ -74,21 +200,12 @@ export async function update({ directory, yes }) {
     console.log();
   }
-  // Overwrite .claude/
-  await copyDir(
-    path.join(PACKAGE_DIR, '.claude'),
-    path.join(target, '.claude')
-  );
+  await copyDir(path.join(PACKAGE_DIR, '.claude'), path.join(target, '.claude'));
   console.log('  [ok] .claude/ (updated)');
-  // Overwrite .tas/
-  await copyDir(
-    path.join(PACKAGE_DIR, '.tas'),
-    path.join(target, '.tas')
-  );
+  await copyDir(path.join(PACKAGE_DIR, '.tas'), path.join(target, '.tas'));
   console.log('  [ok] .tas/ (updated)');
-  // Remove files deleted from the kit in previous versions
   const deletedFiles = await getDeletedFiles();
   if (deletedFiles.length > 0) {
     const { removed } = await removeDeletedFiles(target, deletedFiles);
@@ -99,12 +216,20 @@ export async function update({ directory, yes }) {
     }
   }
-  // Set executable bit on tas-ado.py (Unix/macOS)
   if (process.platform !== 'win32') {
     const adoPy = path.join(target, '.tas', 'tools', 'tas-ado.py');
     if (await exists(adoPy)) {
       await fs.chmod(adoPy, 0o755);
     }
+    const preCommit = path.join(target, '.tas', 'hooks', 'pre-commit');
+    if (await exists(preCommit)) {
+      await fs.chmod(preCommit, 0o755);
+    }
+  }
+  // Re-wire hook only if user explicitly asked via flag
+  if (securityHook) {
+    await installSecurityHook({ target, mode: securityHook });
   }
   console.log(`  [--] CLAUDE.md, tas.yaml, .env.example — not touched`);
@@ -117,15 +242,15 @@ and manually merge changes into your CLAUDE.md and tas.yaml if needed.
   `);
 }
-export async function install({ directory, yes }) {
+// ─── Install ─────────────────────────────────────────────────────────────────
+export async function install({ directory, yes, securityHook }) {
   const target = path.resolve(directory);
-  // Ensure target directory exists
   await fs.mkdir(target, { recursive: true });
   console.log(`\nInstalling TAS Kit into: ${target}\n`);
-  // Warn if .claude/ or .tas/ already exist
   const claudeExists = await exists(path.join(target, '.claude'));
   const tasExists = await exists(path.join(target, '.tas'));
@@ -141,64 +266,51 @@ export async function install({ directory, yes }) {
     console.log();
   }
-  // Copy .claude/
-  await copyDir(
-    path.join(PACKAGE_DIR, '.claude'),
-    path.join(target, '.claude')
-  );
+  await copyDir(path.join(PACKAGE_DIR, '.claude'), path.join(target, '.claude'));
   console.log('  [ok] .claude/');
-  // Copy .tas/
-  await copyDir(
-    path.join(PACKAGE_DIR, '.tas'),
-    path.join(target, '.tas')
-  );
+  await copyDir(path.join(PACKAGE_DIR, '.tas'), path.join(target, '.tas'));
   console.log('  [ok] .tas/');
-  // Copy CLAUDE-Example.md as CLAUDE.md (only if absent)
   const claudeMdTarget = path.join(target, 'CLAUDE.md');
   if (!(await exists(claudeMdTarget))) {
-    await fs.copyFile(
-      path.join(PACKAGE_DIR, 'CLAUDE-Example.md'),
-      claudeMdTarget
-    );
+    await fs.copyFile(path.join(PACKAGE_DIR, 'CLAUDE-Example.md'), claudeMdTarget);
     console.log('  [ok] CLAUDE.md (from CLAUDE-Example.md)');
   } else {
     console.log('  [--] CLAUDE.md already exists, skipped');
   }
-  // Copy .env.example (only if absent)
   const envExampleTarget = path.join(target, '.env.example');
   if (!(await exists(envExampleTarget))) {
-    await fs.copyFile(
-      path.join(PACKAGE_DIR, '.env.example'),
-      envExampleTarget
-    );
+    await fs.copyFile(path.join(PACKAGE_DIR, '.env.example'), envExampleTarget);
     console.log('  [ok] .env.example');
   } else {
     console.log('  [--] .env.example already exists, skipped');
   }
-  // Copy tas-example.yaml as tas.yaml (only if absent)
   const tasYamlTarget = path.join(target, 'tas.yaml');
   if (!(await exists(tasYamlTarget))) {
-    await fs.copyFile(
-      path.join(PACKAGE_DIR, '.tas', 'tas-example.yaml'),
-      tasYamlTarget
-    );
+    await fs.copyFile(path.join(PACKAGE_DIR, '.tas', 'tas-example.yaml'), tasYamlTarget);
     console.log('  [ok] tas.yaml (from .tas/tas-example.yaml)');
   } else {
     console.log('  [--] tas.yaml already exists, skipped');
   }
-  // Set executable bit on tas-ado.py (Unix/macOS)
   if (process.platform !== 'win32') {
     const adoPy = path.join(target, '.tas', 'tools', 'tas-ado.py');
     if (await exists(adoPy)) {
       await fs.chmod(adoPy, 0o755);
     }
+    const preCommit = path.join(target, '.tas', 'hooks', 'pre-commit');
+    if (await exists(preCommit)) {
+      await fs.chmod(preCommit, 0o755);
+    }
   }
+  // ─── Wire security pre-commit hook ─────────────────────────────────────────
+  const mode = await chooseSecurityHookMode({ target, yes, forced: securityHook });
+  await installSecurityHook({ target, mode });
   console.log(`
 TAS Kit installed successfully!
@@ -208,6 +320,8 @@ Next steps:
   3. Create .env        — add AZURE_DEVOPS_PAT (see .env.example)
   4. Open Claude Code   — run /tas-init to initialize your project
-Docs: .tas/README.md
+Docs:
+  .tas/README.md           — kit overview
+  .tas/hooks/README.md     — pre-commit security hook details
   `);
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@torus-engineering/tas-kit",
-  "version": "1.8.0",
+  "version": "1.10.0",
   "description": "Torus Agentic SDLC Kit — Collection of commands, skills, rules, hooks, agents and workflows for modern AI-First SDLC",
   "type": "module",
   "bin": {

package/.claude/commands/tas-api-test.md DELETED Viewed

@@ -1,95 +0,0 @@
-# /tas-api-test $ARGUMENTS
-Vai trò: SE - Software Engineer
-Generate .NET xUnit automation test project cho REST API từ spec (OpenAPI 3.0, Markdown, YAML).
-## Always / Ask / Never
-| | Hành động |
-|---|---|
-| **Always** | Đọc toàn bộ spec trước khi generate bất kỳ test nào |
-| **Always** | Tổ chức tests theo API version — mỗi version một folder riêng |
-| **Always** | Append-only: không sửa files trong version folder cũ đã tồn tại |
-| **Always** | URL và credentials ra `appsettings.json` — không hardcode trong code |
-| **Always** | XML doc comment trên mỗi test method |
-| **Ask** | Khi spec không rõ expected response schema |
-| **Never** | Sửa hoặc xóa test files của version cũ hơn |
-| **Never** | Hardcode base URL, API key, credentials trong test code |
-| **Never** | Bỏ qua error path — mỗi endpoint cần ≥1 happy path + ≥1 error path |
-## Hành động
-### Bước 1 — Locate Inputs
-`$ARGUMENTS` là path đến spec file hoặc Story ID. Nếu không có → hỏi user.
-Nếu là Story ID: glob tìm `docs/epics/**/Story-{ID}*.md`, đọc Story để tìm link spec trong `## Technical Plan` hoặc `## Acceptance Criteria`.
-### Bước 2 — Parse API Spec
-Đọc `.claude/rules/csharp/api-testing.md` để nắm convention trước khi generate.
-Từ spec, thu thập cho mỗi endpoint:
-- HTTP method + path, path/query params, request body schema
-- Response schemas theo từng status code
-- Auth requirement, description/summary
-Nếu có Story: đọc thêm `## Acceptance Criteria` để bổ sung business rule test cases.
-### Bước 3 — Detect Existing Test Project
-Glob tìm `**/ApiTests/*.csproj`, `**/Api.Tests/*.csproj`, `**/IntegrationTests/*.csproj`.
-- **Tìm thấy**: Đọc framework đang dùng (xUnit/NUnit/MSTest), glob `v*/` folders để biết versions đã có.
-- **Không tìm thấy**: Tạo mới tại `tests/ApiTests/` với xUnit + FluentAssertions (per `csharp/testing.md`).
-### Bước 4 — Detect API Version
-Ưu tiên theo thứ tự: `info.version` trong OpenAPI → prefix trong URL path → hỏi user.
-Version folder: lowercase, không có dot — `v1`, `v2` (không phải `v1.0`).
-### Bước 5 — Generate Infrastructure (chỉ khi tạo project mới)
-Đọc `.claude/rules/csharp/api-testing.md` section **Project Structure** và **Config Pattern** để generate:
-- `ApiTests.csproj` với packages chuẩn
-- `appsettings.json` (base) + `appsettings.Test.json` + `appsettings.Staging.json`
-- `Shared/TestBase.cs` — load config, HttpClient, helper methods
-- `Shared/ApiTestSettings.cs` — strongly typed settings
-- `.gitignore` cho `appsettings.*.local.json`
-### Bước 6 — Generate Test Classes
-Nhóm endpoints theo resource/tag. Mỗi nhóm → `tests/ApiTests/{version}/{Resource}ApiTests.cs`.
-Với mỗi endpoint, generate tối thiểu:
-1. Happy path (2xx)
-2. Unauthorized (401) — nếu endpoint yêu cầu auth
-3. Not found (404) — nếu có path param
-4. Validation error (400/422) — nếu có required fields
-Từ Story ACs: thêm test methods tương ứng, comment rõ `// AC: {AC text}`.
-Đầu mỗi file: block comment ghi `Spec`, `Generated date`, `Story ID`, và nhắc **APPEND-ONLY rule**.
-### Bước 7 — Append-Only Guard
-Trước khi ghi file: kiểm tra file đã tồn tại chưa.
-- File chưa có → tạo mới bình thường.
-- File đã tồn tại trong version folder → **DỪNG**, thông báo tên file cho user tự edit thủ công.
-### Bước 8 — Post-Generate Review
-Launch `csharp-reviewer` agent:
-> Review `tests/ApiTests/{version}/`. Đọc `.claude/rules/csharp/testing.md` + `.claude/rules/csharp/api-testing.md`.
-> Tập trung: async/await, HttpClient disposal, assertion completeness, XML doc coverage.
-> Format: Critical / High / Medium / Low với file:line.
-Gate: Critical/High → fix ngay. Medium/Low → list gợi ý.
-### Bước 9 — Summary
-Hiển thị bảng coverage (endpoint × test type: ✓/—) và next steps để chạy tests.
-## Bước cuối — Token Log
-Invoke skill `token-logger`: ghi AI Usage Log vào spec file hoặc Story đang làm việc.