ai-devx 1.0.0

package/templates/.agent/agents/test-engineer.md

@@ -0,0 +1,176 @@
+---
+name: test-engineer
+description: Testing and QA expert for writing comprehensive tests and ensuring code quality
+skills:
+  - testing-patterns
+  - webapp-testing
+  - tdd-workflow
+  - e2e-testing
+mode: thorough
+expertise:
+  - Unit Testing
+  - Integration Testing
+  - E2E Testing
+  - Test-Driven Development
+  - Test Automation
+  - Code Coverage
+  - Mocking & Stubbing
+---
+
+# Test Engineer Agent
+
+## Role
+You are a testing expert responsible for ensuring code quality through comprehensive testing strategies and automated test suites.
+
+## Testing Pyramid
+
+```
+    /\
+   /  \  E2E Tests (Few)
+  /____\
+ /      \ Integration Tests (Some)
+/________\
+Unit Tests (Many)
+```
+
+### Unit Tests (70%)
+- Test individual functions/components
+- Fast execution (< 100ms)
+- No external dependencies (mocked)
+- High code coverage target (80%+)
+
+### Integration Tests (20%)
+- Test component interactions
+- Test API endpoints
+- Database interactions
+- External service integrations
+
+### E2E Tests (10%)
+- Test complete user flows
+- Browser automation
+- Critical paths only
+- Slow but comprehensive
+
+## Testing Frameworks
+
+### JavaScript/TypeScript
+- **Jest**: Unit and integration tests
+- **Vitest**: Fast unit tests (Vite projects)
+- **Playwright**: E2E testing
+- **Cypress**: Alternative E2E
+- **Testing Library**: Component testing
+
+### Python
+- **pytest**: All test levels
+- **unittest**: Built-in option
+
+### Go
+- Built-in testing package
+- Testify for assertions
+
+## Test Structure
+
+### AAA Pattern
+```typescript
+// Arrange - Setup
+const user = { name: 'John', age: 30 };
+
+// Act - Execute
+const result = calculateAgeGroup(user);
+
+// Assert - Verify
+expect(result).toBe('adult');
+```
+
+### Naming Conventions
+```typescript
+// File: ComponentName.test.tsx
+describe('ComponentName', () => {
+  describe('when user is logged in', () => {
+    it('should display user name', () => {
+      // test
+    });
+    
+    it('should show logout button', () => {
+      // test
+    });
+  });
+});
+```
+
+## Best Practices
+
+### Test Independence
+- Each test should be isolated
+- Clean up after tests
+- Don't share state between tests
+- Use `beforeEach` for setup
+
+### Assertions
+- One assertion per test (ideally)
+- Use descriptive messages
+- Test behavior, not implementation
+- Test edge cases
+
+### Mocking
+```typescript
+// Mock external dependencies
+jest.mock('./api', () => ({
+  fetchUser: jest.fn()
+}));
+
+// Mock implementation
+(fetchUser as jest.Mock).mockResolvedValue({ id: 1, name: 'John' });
+```
+
+### Code Coverage
+```json
+{
+  "coverageThreshold": {
+    "global": {
+      "branches": 80,
+      "functions": 80,
+      "lines": 80,
+      "statements": 80
+    }
+  }
+}
+```
+
+## E2E Testing Best Practices
+
+### Critical Paths
+- User registration/login
+- Core business flows
+- Payment processing
+- Data persistence
+
+### Page Object Model
+```typescript
+class LoginPage {
+  async login(email: string, password: string) {
+    await this.page.fill('[name="email"]', email);
+    await this.page.fill('[name="password"]', password);
+    await this.page.click('button[type="submit"]');
+  }
+}
+```
+
+## TDD Workflow
+
+1. **Red**: Write failing test
+2. **Green**: Write minimal code to pass
+3. **Refactor**: Improve code quality
+
+## Response Format
+
+When assisting with testing:
+
+1. **Identify testing needs** based on context
+2. **Choose appropriate framework**
+3. **Write tests following AAA pattern**
+4. **Suggest test coverage improvements**
+5. **Recommend testing strategies**
+6. **Help with mocking/stubbing**
+
+Always announce: `🤖 Applying @test-engineer...`

package/templates/.agent/scripts/checklist.js

@@ -0,0 +1,260 @@
+#!/usr/bin/env node
+
+/**
+ * AI-DEVX Quick Check Script
+ * Performs fast validation checks on the codebase
+ * Usage: node .agent/scripts/checklist.js [path]
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+
+const CHECKS = {
+  security: {
+    name: 'Security Scan',
+    run: checkSecurity
+  },
+  lint: {
+    name: 'Code Quality (Lint)',
+    run: checkLint
+  },
+  types: {
+    name: 'Type Checking',
+    run: checkTypes
+  },
+  tests: {
+    name: 'Test Suite',
+    run: checkTests
+  },
+  format: {
+    name: 'Format Check',
+    run: checkFormat
+  }
+};
+
+const GREEN = '\x1b[32m✓\x1b[0m';
+const RED = '\x1b[31m✗\x1b[0m';
+const YELLOW = '\x1b[33m⚠\x1b[0m';
+
+function log(message) {
+  console.log(message);
+}
+
+// Security Checks
+function checkSecurity(projectPath) {
+  const issues = [];
+  
+  // Check for common secrets patterns
+  const secretPatterns = [
+    /['"]?(password|passwd|pwd)['"]?\s*[:=]\s*['"][^'"]+['"]/i,
+    /['"]?(api[_-]?key|apikey)['"]?\s*[:=]\s*['"][a-zA-Z0-9]{16,}['"]/i,
+    /['"]?(secret|token)['"]?\s*[:=]\s*['"][a-zA-Z0-9]{16,}['"]/i,
+    /['"]?aws[_-]?(access[_-]?key|secret)['"]?
+?\s*[:=]\s*['"][A-Za-z0-9/+=]{20,}['"]/i
+  ];
+  
+  const files = getAllFiles(projectPath, ['.js', '.ts', '.jsx', '.tsx', '.json', '.env']);
+  
+  for (const file of files) {
+    if (file.includes('node_modules') || file.includes('.git')) continue;
+    
+    try {
+      const content = fs.readFileSync(file, 'utf-8');
+      for (const pattern of secretPatterns) {
+        if (pattern.test(content) && !content.includes('process.env')) {
+          issues.push(`Potential secret in ${path.relative(projectPath, file)}`);
+          break;
+        }
+      }
+    } catch (e) {
+      // Skip unreadable files
+    }
+  }
+  
+  return {
+    ok: issues.length === 0,
+    message: issues.length === 0 ? 'No secrets detected' : `${issues.length} potential secrets found`,
+    details: issues.slice(0, 5)
+  };
+}
+
+// Lint Check
+function checkLint(projectPath) {
+  try {
+    // Check if eslint config exists
+    const hasEslint = [
+      '.eslintrc.js',
+      '.eslintrc.json',
+      '.eslintrc',
+      'eslint.config.js'
+    ].some(f => fs.existsSync(path.join(projectPath, f)));
+    
+    if (!hasEslint) {
+      return { ok: true, message: 'No ESLint config found (skipped)' };
+    }
+    
+    try {
+      execSync('npx eslint . --max-warnings=0', {
+        cwd: projectPath,
+        stdio: 'pipe'
+      });
+      return { ok: true, message: 'ESLint passed' };
+    } catch (e) {
+      return { ok: false, message: 'ESLint found issues' };
+    }
+  } catch (e) {
+    return { ok: true, message: 'ESLint not available' };
+  }
+}
+
+// Type Check
+function checkTypes(projectPath) {
+  try {
+    const hasTsconfig = fs.existsSync(path.join(projectPath, 'tsconfig.json'));
+    if (!hasTsconfig) {
+      return { ok: true, message: 'No TypeScript config (skipped)' };
+    }
+    
+    try {
+      execSync('npx tsc --noEmit', {
+        cwd: projectPath,
+        stdio: 'pipe'
+      });
+      return { ok: true, message: 'TypeScript check passed' };
+    } catch (e) {
+      return { ok: false, message: 'TypeScript errors found' };
+    }
+  } catch (e) {
+    return { ok: true, message: 'TypeScript not available' };
+  }
+}
+
+// Test Check
+function checkTests(projectPath) {
+  try {
+    const hasTests = [
+      'jest.config.js',
+      'jest.config.ts',
+      'vitest.config.js',
+      'vitest.config.ts'
+    ].some(f => fs.existsSync(path.join(projectPath, f)));
+    
+    if (!hasTests) {
+      return { ok: true, message: 'No test config found (skipped)' };
+    }
+    
+    try {
+      execSync('npm test -- --passWithNoTests', {
+        cwd: projectPath,
+        stdio: 'pipe'
+      });
+      return { ok: true, message: 'Tests passing' };
+    } catch (e) {
+      return { ok: false, message: 'Tests failing' };
+    }
+  } catch (e) {
+    return { ok: true, message: 'Tests not available' };
+  }
+}
+
+// Format Check
+function checkFormat(projectPath) {
+  try {
+    const hasPrettier = fs.existsSync(path.join(projectPath, '.prettierrc')) ||
+                       fs.existsSync(path.join(projectPath, '.prettierrc.json')) ||
+                       fs.existsSync(path.join(projectPath, 'prettier.config.js'));
+    
+    if (!hasPrettier) {
+      return { ok: true, message: 'No Prettier config (skipped)' };
+    }
+    
+    try {
+      execSync('npx prettier --check .', {
+        cwd: projectPath,
+        stdio: 'pipe'
+      });
+      return { ok: true, message: 'Code formatted correctly' };
+    } catch (e) {
+      return { ok: false, message: 'Code formatting issues' };
+    }
+  } catch (e) {
+    return { ok: true, message: 'Prettier not available' };
+  }
+}
+
+// Utility: Get all files recursively
+function getAllFiles(dir, extensions) {
+  const files = [];
+  
+  function traverse(currentDir) {
+    try {
+      const items = fs.readdirSync(currentDir);
+      for (const item of items) {
+        const fullPath = path.join(currentDir, item);
+        const stat = fs.statSync(fullPath);
+        
+        if (stat.isDirectory()) {
+          if (!['node_modules', '.git', 'dist', 'build'].includes(item)) {
+            traverse(fullPath);
+          }
+        } else if (extensions.some(ext => item.endsWith(ext))) {
+          files.push(fullPath);
+        }
+      }
+    } catch (e) {
+      // Skip inaccessible directories
+    }
+  }
+  
+  traverse(dir);
+  return files;
+}
+
+// Main execution
+async function main() {
+  const projectPath = process.argv[2] || process.cwd();
+  
+  log('\n🔍 AI-DEVX Quick Check\n');
+  log('=' .repeat(50));
+  
+  let passed = 0;
+  let failed = 0;
+  
+  for (const [key, check] of Object.entries(CHECKS)) {
+    process.stdout.write(`${check.name}... `);
+    
+    try {
+      const result = check.run(projectPath);
+      
+      if (result.ok) {
+        log(`${GREEN} ${result.message}`);
+        passed++;
+      } else {
+        log(`${RED} ${result.message}`);
+        failed++;
+        if (result.details) {
+          result.details.forEach(d => log(`    ${YELLOW} ${d}`));
+        }
+      }
+    } catch (e) {
+      log(`${YELLOW} Check failed to run`);
+    }
+  }
+  
+  log('=' .repeat(50));
+  
+  if (failed === 0) {
+    log(`\n${GREEN} All checks passed!`);
+  } else {
+    log(`\n${GREEN} ${passed} passed, ${RED} ${failed} failed`);
+    process.exit(1);
+  }
+  
+  log('\n⏱️  Quick check complete (~30 seconds)\n');
+}
+
+main().catch(e => {
+  console.error('Error running checks:', e.message);
+  process.exit(1);
+});

package/templates/.agent/scripts/security_scan.js

@@ -0,0 +1,251 @@
+#!/usr/bin/env node
+
+/**
+ * AI-DEVX Security Scanner
+ * Scans codebase for security vulnerabilities
+ * Usage: node .agent/scripts/security_scan.js [path]
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const SEVERITY = {
+  CRITICAL: { label: '🔴 CRITICAL', score: 4 },
+  HIGH: { label: '🟠 HIGH', score: 3 },
+  MEDIUM: { label: '🟡 MEDIUM', score: 2 },
+  LOW: { label: '🟢 LOW', score: 1 },
+  INFO: { label: 'ℹ INFO', score: 0 }
+};
+
+const SECURITY_PATTERNS = [
+  {
+    name: 'Hardcoded Secret/Password',
+    pattern: /['"]?(password|passwd|pwd|secret)['"]?\s*[:=]\s*['"][^'"]{8,}['"]/i,
+    severity: 'CRITICAL',
+    check: (content) => !content.includes('process.env') && !content.includes('import.meta.env')
+  },
+  {
+    name: 'Hardcoded API Key',
+    pattern: /['"]?(api[_-]?key|apikey)['"]?\s*[:=]\s*['"][a-zA-Z0-9]{16,}['"]/i,
+    severity: 'CRITICAL',
+    check: (content) => !content.includes('process.env')
+  },
+  {
+    name: 'Hardcoded Token',
+    pattern: /['"]?(token|access[_-]?token|auth[_-]?token)['"]?\s*[:=]\s*['"][a-zA-Z0-9-_]{20,}['"]/i,
+    severity: 'CRITICAL',
+    check: (content) => !content.includes('process.env')
+  },
+  {
+    name: 'AWS Access Key ID',
+    pattern: /['"]?AKIA[0-9A-Z]{16}['"]?/,
+    severity: 'CRITICAL',
+    check: () => true
+  },
+  {
+    name: 'Private Key',
+    pattern: /-----BEGIN (RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----/,
+    severity: 'CRITICAL',
+    check: () => true
+  },
+  {
+    name: 'SQL Injection Risk',
+    pattern: /(SELECT|INSERT|UPDATE|DELETE|DROP).*\$\{/,
+    severity: 'HIGH',
+    check: () => true
+  },
+  {
+    name: 'eval() Usage',
+    pattern: /\beval\s*\(/,
+    severity: 'HIGH',
+    check: () => true
+  },
+  {
+    name: 'innerHTML Assignment',
+    pattern: /\.innerHTML\s*=/,
+    severity: 'MEDIUM',
+    check: (content, match) => !content.includes('DOMPurify') && !content.includes('sanitize')
+  },
+  {
+    name: 'Debug Mode Enabled',
+    pattern: /DEBUG\s*[:=]\s*true/i,
+    severity: 'MEDIUM',
+    check: (content) => content.includes('.env') || content.includes('production')
+  },
+  {
+    name: 'Insecure HTTP',
+    pattern: /http:\/\/(?!localhost|127\.0\.0\.1)/,
+    severity: 'MEDIUM',
+    check: () => true
+  }
+];
+
+const VULNERABLE_DEPENDENCIES = [
+  { name: 'lodash', vulnerable: '<4.17.21', severity: 'HIGH' },
+  { name: 'express', vulnerable: '<4.18.2', severity: 'MEDIUM' },
+  { name: 'axios', vulnerable: '<0.28.0', severity: 'MEDIUM' },
+  { name: 'minimist', vulnerable: '<1.2.6', severity: 'HIGH' }
+];
+
+function log(message) {
+  console.log(message);
+}
+
+function getAllFiles(dir, extensions) {
+  const files = [];
+  
+  function traverse(currentDir) {
+    try {
+      const items = fs.readdirSync(currentDir);
+      for (const item of items) {
+        const fullPath = path.join(currentDir, item);
+        const stat = fs.statSync(fullPath);
+        
+        if (stat.isDirectory()) {
+          if (!['node_modules', '.git', 'dist', 'build', '.agent'].includes(item)) {
+            traverse(fullPath);
+          }
+        } else {
+          files.push(fullPath);
+        }
+      }
+    } catch (e) {
+      // Skip inaccessible directories
+    }
+  }
+  
+  traverse(dir);
+  return files;
+}
+
+function scanFile(filePath, content) {
+  const issues = [];
+  
+  for (const pattern of SECURITY_PATTERNS) {
+    const matches = content.match(pattern.pattern);
+    if (matches && pattern.check(content, matches)) {
+      issues.push({
+        file: filePath,
+        pattern: pattern.name,
+        severity: pattern.severity,
+        line: content.substring(0, matches.index).split('\n').length
+      });
+    }
+  }
+  
+  return issues;
+}
+
+function checkDependencies(projectPath) {
+  const issues = [];
+  const packageJsonPath = path.join(projectPath, 'package.json');
+  
+  if (!fs.existsSync(packageJsonPath)) {
+    return issues;
+  }
+  
+  try {
+    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
+    const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
+    
+    for (const [dep, version] of Object.entries(deps)) {
+      const vulnerable = VULNERABLE_DEPENDENCIES.find(v => 
+        v.name === dep && version.match(/\d+\.\d+\.\d+/)?.[0] < v.vulnerable.replace('<', '')
+      );
+      
+      if (vulnerable) {
+        issues.push({
+          file: 'package.json',
+          pattern: `Vulnerable dependency: ${dep}@${version}`,
+          severity: vulnerable.severity,
+          line: 0
+        });
+      }
+    }
+  } catch (e) {
+    // Skip if package.json can't be parsed
+  }
+  
+  return issues;
+}
+
+function main() {
+  const projectPath = process.argv[2] || process.cwd();
+  
+  log('\n🔐 AI-DEVX Security Scanner\n');
+  log('=' .repeat(60));
+  
+  const allIssues = [];
+  
+  // Scan source files
+  log('\n📁 Scanning source files...\n');
+  const files = getAllFiles(projectPath, []);
+  
+  for (const file of files) {
+    if (file.includes('node_modules') || file.includes('.git')) continue;
+    
+    try {
+      const content = fs.readFileSync(file, 'utf-8');
+      const issues = scanFile(path.relative(projectPath, file), content);
+      allIssues.push(...issues);
+    } catch (e) {
+      // Skip unreadable files
+    }
+  }
+  
+  // Check dependencies
+  log('📦 Checking dependencies...\n');
+  const depIssues = checkDependencies(projectPath);
+  allIssues.push(...depIssues);
+  
+  // Sort by severity
+  const severityOrder = { CRITICAL: 4, HIGH: 3, MEDIUM: 2, LOW: 1, INFO: 0 };
+  allIssues.sort((a, b) => severityOrder[b.severity] - severityOrder[a.severity]);
+  
+  // Group by severity
+  const grouped = allIssues.reduce((acc, issue) => {
+    acc[issue.severity] = acc[issue.severity] || [];
+    acc[issue.severity].push(issue);
+    return acc;
+  }, {});
+  
+  // Display results
+  if (allIssues.length === 0) {
+    log('\n✅ No security issues found!\n');
+  } else {
+    log(`\n⚠️  Found ${allIssues.length} security issue(s):\n`);
+    
+    for (const severity of ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO']) {
+      const issues = grouped[severity];
+      if (issues) {
+        log(`\n${SEVERITY[severity].label} (${issues.length}):\n`);
+        issues.forEach(issue => {
+          log(`  📄 ${issue.file}:${issue.line}`);
+          log(`     ${issue.pattern}\n`);
+        });
+      }
+    }
+  }
+  
+  // Summary
+  log('=' .repeat(60));
+  const critical = grouped.CRITICAL?.length || 0;
+  const high = grouped.HIGH?.length || 0;
+  const medium = grouped.MEDIUM?.length || 0;
+  const low = grouped.LOW?.length || 0;
+  
+  log(`\nSummary: 🔴 ${critical} Critical | 🟠 ${high} High | 🟡 ${medium} Medium | 🟢 ${low} Low`);
+  
+  if (critical > 0 || high > 0) {
+    log('\n⚠️  Critical or High severity issues found! Fix immediately.');
+    process.exit(1);
+  } else if (medium > 0) {
+    log('\n⚠️  Medium severity issues found. Fix recommended.');
+    process.exit(0);
+  } else {
+    log('\n✅ Security scan complete.');
+    process.exit(0);
+  }
+}
+
+main();