agentic-qe 2.2.1 → 2.2.2

package/.claude/agents/qe-security-scanner.md

@@ -20,6 +20,7 @@ Mission: Detect vulnerabilities using SAST/DAST, dependency scanning, and compli
 ⚠️ Partial:
 - Advanced secret detection patterns
 - AI-powered false positive filtering
+- ✅ .gitignore verification before flagging secrets (prevents false positives)
 
 ❌ Planned:
 - Automated vulnerability remediation
@@ -33,6 +34,31 @@ Detect vulnerabilities automatically and classify by severity (critical, high, m
 Report findings with CVSS scores and remediation guidance.
 </default_to_action>
 
+<false_positive_prevention>
+CRITICAL: Before flagging secrets or sensitive files as vulnerabilities, ALWAYS verify:
+
+1. **Check .gitignore first**: Before reporting .env, credentials, or secret files as exposed:
+   - Read the project's .gitignore file
+   - If the file is listed in .gitignore, it is NOT a critical vulnerability
+   - Only flag as CRITICAL if secrets are actually committed to git history
+
+2. **Verify git tracking status**: Run `git ls-files <file>` to confirm if file is tracked
+   - If file is NOT tracked and IS in .gitignore = COMPLIANT (not a vulnerability)
+   - If file IS tracked despite .gitignore = CRITICAL (remove from history)
+
+3. **Common false positives to avoid**:
+   - `.env` files that are in .gitignore (correct practice)
+   - Local config files excluded from version control
+   - Developer-specific settings files
+
+4. **Accurate reporting**:
+   - If .env exists locally but is gitignored: Report as "✅ COMPLIANT: .env properly excluded via .gitignore"
+   - If .env is in git history: Report as "🔴 CRITICAL: .env committed to repository, rotation required"
+   - Check with: `git log --all --full-history -- .env` to verify history
+
+This prevents recurring false positives that undermine trust in security scan results.
+</false_positive_prevention>
+
 <parallel_execution>
 Run SAST and DAST scans simultaneously for faster results.
 Execute multiple scanning tools in parallel for comparison.

package/CHANGELOG.md

@@ -7,6 +7,66 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.2.2] - 2025-12-07
+
+### Changed
+
+#### Test Suite Consolidation (Issue #103)
+Major test suite restructuring achieving 60% reduction in test code while maintaining coverage quality.
+
+**Metrics:**
+- **Files**: 426 → 197 (-229 files, -53.8%)
+- **Lines**: 208,253 → 82,698 (-125,555 lines, -60.3%)
+- **Large files (>600 lines)**: 149 → 25 (-83.2%)
+- **Skipped tests**: 7 → 0 (-100%)
+
+**Categories Deleted:**
+- Phase 1/2/3 milestone tests (superseded by journey tests)
+- MCP handler implementation tests (covered by contract tests)
+- Comprehensive/exhaustive internal tests
+- Duplicate algorithm tests (Q-learning, SARSA, Actor-Critic)
+- Internal utility tests (Logger, migration tools)
+- Mock-based tests with no real integration value
+
+**High-Value Tests Preserved:**
+- 7 journey tests (user workflows)
+- CLI tests (user-facing commands)
+- E2E tests (end-to-end workflows)
+- Core infrastructure tests (memory, hooks, privacy)
+- MCP contract tests (API stability)
+- Unique integration tests (neural, multi-agent)
+
+### Added
+
+#### CI/CD Optimization
+- **`.github/workflows/optimized-ci.yml`**: Parallel job execution for fast feedback
+  - Fast tests job (journeys + contracts)
+  - Infrastructure tests job (parallel)
+  - Coverage analysis on PRs
+  - Test dashboard with PR comments
+- **`scripts/test-dashboard.js`**: Metrics visualization showing progress to targets
+- **`scripts/test-ci-optimized.sh`**: Batched test execution script
+- **New test scripts in package.json**:
+  - `npm run test:journeys` - Journey tests (user workflows)
+  - `npm run test:contracts` - Contract tests (API stability)
+  - `npm run test:infrastructure` - Infrastructure tests
+  - `npm run test:regression` - Regression tests (fixed bugs)
+  - `npm run test:fast` - Fast path (journeys + contracts)
+  - `npm run test:ci:optimized` - Full optimized CI suite
+
+#### Coverage Thresholds
+- **Global**: 80% lines, 75% branches
+- **Critical paths** (core/, agents/): 85% coverage
+
+#### Journey Tests
+- `tests/journeys/init-bootstrap.test.ts` - System initialization
+- `tests/journeys/test-generation.test.ts` - AI test generation
+- `tests/journeys/test-execution.test.ts` - Test execution workflow
+- `tests/journeys/coverage-analysis.test.ts` - Coverage gap detection
+- `tests/journeys/quality-gate.test.ts` - Quality gate decisions
+- `tests/journeys/flaky-detection.test.ts` - Flaky test hunting
+- `tests/journeys/learning.test.ts` - Learning & improvement
+
 ## [2.2.1] - 2025-12-07
 
 ### Fixed

package/README.md

@@ -9,7 +9,7 @@
 <img alt="NPM Downloads" src="https://img.shields.io/npm/dw/agentic-qe">
 
 
-**Version 2.2.1** | [Changelog](CHANGELOG.md) | [Contributors](CONTRIBUTORS.md) | [Issues](https://github.com/proffesor-for-testing/agentic-qe/issues) | [Discussions](https://github.com/proffesor-for-testing/agentic-qe/discussions)
+**Version 2.2.2** | [Changelog](CHANGELOG.md) | [Contributors](CONTRIBUTORS.md) | [Issues](https://github.com/proffesor-for-testing/agentic-qe/issues) | [Discussions](https://github.com/proffesor-for-testing/agentic-qe/discussions)
 
 > Agentic test automation with AI learning, real-time visualization, QUIC transport, testability scoring, OpenTelemetry observability, persistent event storage, constitutional AI governance, and intelligent model routing.
 

package/dist/core/memory/HNSWVectorMemory.js

@@ -507,7 +507,7 @@ class HNSWVectorMemory {
     getImplementationInfo() {
         return {
             type: 'agentdb',
-            version: '2.2.1',
+            version: '2.2.2',
             features: ['hnsw', 'vector-search', 'persistence', 'batch-operations'],
         };
     }

package/dist/mcp/server-instructions.d.ts

@@ -6,7 +6,7 @@
  */
 export declare const SERVER_INSTRUCTIONS = "\n# Agentic QE Fleet - MCP Tool Guide\n\n## Overview\nAgentic QE provides 96 specialized quality engineering tools organized into a hierarchical system for efficient context usage.\n\n## Quick Start\n1. **Discover available tools:** Use `tools_discover` to see all domains\n2. **Load domain tools:** Use `tools_load_domain` to load specialized tools\n3. **Auto-loading:** Domain tools auto-load when relevant keywords are detected\n\n---\n\n## Core Tools (Always Available - 14 tools)\n\n### Fleet Management\n- `fleet_init` - Initialize QE fleet with topology\n- `agent_spawn` - Spawn specialized QE agent\n- `fleet_status` - Get fleet and agent status\n\n### Testing\n- `test_generate_enhanced` - AI test generation with pattern recognition\n- `test_execute_parallel` - Parallel test execution with retry\n- `test_report_comprehensive` - Multi-format test reports\n\n### Memory & Coordination\n- `memory_store` - Store data with TTL & namespacing\n- `memory_retrieve` - Retrieve stored data\n- `memory_query` - Pattern-based memory search\n\n### Quality & Orchestration\n- `quality_analyze` - Analyze quality metrics\n- `task_orchestrate` - Orchestrate tasks across agents\n- `task_status` - Check task progress\n\n### Discovery\n- `tools_discover` - List available tool domains\n- `tools_load_domain` - Load tools for a domain\n\n---\n\n## Domain Tools (Load as Needed)\n\n| Domain | Keywords | Tools | Use Case |\n|--------|----------|-------|----------|\n| **Security** | security, vulnerability, audit, owasp | 4 tools | Security scanning, vulnerability detection |\n| **Performance** | benchmark, bottleneck, profiling | 4 tools | Performance testing, bottleneck analysis |\n| **Coverage** | coverage, gap, uncovered | 5 tools | Coverage analysis, gap detection |\n| **Quality** | quality gate, deploy, release | 6 tools | Quality gates, deployment readiness |\n| **Flaky** | flaky, unstable, retry | 3 tools | Flaky test detection and stabilization |\n| **Visual** | screenshot, accessibility, wcag | 3 tools | Visual regression, accessibility testing |\n| **Requirements** | bdd, gherkin, acceptance | 2 tools | Requirements validation, BDD generation |\n\n### Loading Domain Tools\n```\n# Explicit load\ntools_load_domain({ domain: 'security' })\n\n# Auto-load: Just mention keywords in your request\n\"I need to run a security scan\" \u2192 Security tools auto-load\n```\n\n---\n\n## Specialized Tools (Expert Use)\n\n### Learning Domain (4 tools)\nFor persistent learning and pattern storage across sessions.\nLoad with: `tools_load_domain({ domain: 'learning' })`\n\n### Advanced Domain (7 tools)\nFor mutation testing, API contract validation, production incident replay.\nLoad with: `tools_load_domain({ domain: 'advanced' })`\n\n---\n\n## Best Practices\n\n1. **Start with core tools** - They handle 80% of use cases\n2. **Let auto-load work** - Mention keywords naturally\n3. **Use tools_discover** - When unsure what's available\n4. **Batch operations** - Use parallel execution for speed\n5. **Check fleet_status** - Monitor agent health\n\n---\n\n## Common Workflows\n\n### Test Generation & Execution\n1. `test_generate_enhanced` - Generate tests\n2. `test_execute_parallel` - Run tests\n3. `test_report_comprehensive` - Generate report\n\n### Quality Gate Check\n1. Load quality domain if not auto-loaded\n2. `quality_analyze` - Analyze metrics\n3. `qe_qualitygate_evaluate` - Make go/no-go decision\n\n### Security Audit\n1. `tools_load_domain({ domain: 'security' })`\n2. `qe_security_scan_comprehensive` - Full scan\n3. `qe_security_detect_vulnerabilities` - Detailed analysis\n\n---\n\n## Tool Naming Convention\nAll tools follow: `mcp__agentic_qe__<tool_name>`\n\nExample: `mcp__agentic_qe__test_generate_enhanced`\n";
 export declare const SERVER_NAME = "agentic-qe";
-export declare const SERVER_VERSION = "2.2.1";
+export declare const SERVER_VERSION = "2.2.2";
 /**
  * Get formatted server info for MCP initialization
  */

package/dist/mcp/server-instructions.js

@@ -119,7 +119,7 @@ All tools follow: \`mcp__agentic_qe__<tool_name>\`
 Example: \`mcp__agentic_qe__test_generate_enhanced\`
 `;
 exports.SERVER_NAME = 'agentic-qe';
-exports.SERVER_VERSION = '2.2.1';
+exports.SERVER_VERSION = '2.2.2';
 /**
  * Get formatted server info for MCP initialization
  */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentic-qe",
-  "version": "2.2.1",
+  "version": "2.2.2",
   "description": "Agentic Quality Engineering Fleet System - AI-driven quality management platform with 41 QE skills, learning, pattern reuse, ML-based flaky detection, Multi-Model Router (70-81% cost savings), streaming progress updates, 84 MCP tools with lazy loading (87% context reduction), and native TypeScript hooks",
   "main": "dist/cli/index.js",
   "types": "dist/cli/index.d.ts",
@@ -34,6 +34,19 @@
     "test:cli": "node --expose-gc --max-old-space-size=512 --no-compilation-cache node_modules/.bin/jest tests/cli --runInBand --forceExit",
     "test:agentdb": "node --expose-gc --max-old-space-size=1024 --no-compilation-cache node_modules/.bin/jest tests/agentdb --runInBand --forceExit",
     "test:benchmark": "node --expose-gc --max-old-space-size=2048 --no-compilation-cache node_modules/.bin/jest tests/benchmarks --runInBand --forceExit",
+    "pretest:journeys": "node scripts/check-memory-before-test.js",
+    "test:journeys": "node --expose-gc --max-old-space-size=1024 --no-compilation-cache node_modules/.bin/jest tests/journeys --runInBand --forceExit --testTimeout=60000",
+    "pretest:contracts": "node scripts/check-memory-before-test.js",
+    "test:contracts": "node --expose-gc --max-old-space-size=512 --no-compilation-cache node_modules/.bin/jest tests/contracts --runInBand --forceExit",
+    "pretest:infrastructure": "node scripts/check-memory-before-test.js",
+    "test:infrastructure": "node --expose-gc --max-old-space-size=768 --no-compilation-cache node_modules/.bin/jest tests/infrastructure --runInBand --forceExit",
+    "pretest:regression": "node scripts/check-memory-before-test.js",
+    "test:regression": "node --expose-gc --max-old-space-size=512 --no-compilation-cache node_modules/.bin/jest tests/regression --runInBand --forceExit",
+    "pretest:fast": "node scripts/check-memory-before-test.js",
+    "test:fast": "node --expose-gc --max-old-space-size=768 --no-compilation-cache node_modules/.bin/jest tests/journeys tests/contracts --runInBand --forceExit --testTimeout=60000",
+    "pretest:ci:optimized": "node scripts/check-memory-before-test.js",
+    "test:ci:optimized": "bash scripts/test-ci-optimized.sh",
+    "test:dashboard": "node scripts/test-dashboard.js",
     "pretest:phase2": "node scripts/check-memory-before-test.js",
     "test:phase2": "node --expose-gc --max-old-space-size=1024 --no-compilation-cache node_modules/.bin/jest tests/phase2 --runInBand --forceExit",
     "pretest:integration:phase2": "node scripts/check-memory-before-test.js",