claude-code-pilot 2.0.0 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/install.js +267 -250
- package/manifest.json +5 -18
- package/package.json +5 -7
- package/src/agents/build-error-resolver.md +114 -0
- package/src/agents/ccp-advisor-researcher.md +104 -0
- package/src/agents/ccp-assumptions-analyzer.md +105 -0
- package/{gsd/agents/gsd-codebase-mapper.md → src/agents/ccp-codebase-mapper.md} +7 -7
- package/{gsd/agents/gsd-debugger.md → src/agents/ccp-debugger.md} +125 -8
- package/{gsd/agents/gsd-executor.md → src/agents/ccp-executor.md} +31 -20
- package/{gsd/agents/gsd-integration-checker.md → src/agents/ccp-integration-checker.md} +2 -2
- package/{gsd/agents/gsd-nyquist-auditor.md → src/agents/ccp-nyquist-auditor.md} +3 -3
- package/{gsd/agents/gsd-phase-researcher.md → src/agents/ccp-phase-researcher.md} +127 -13
- package/{gsd/agents/gsd-plan-checker.md → src/agents/ccp-plan-checker.md} +57 -21
- package/{gsd/agents/gsd-planner.md → src/agents/ccp-planner.md} +61 -23
- package/{gsd/agents/gsd-project-researcher.md → src/agents/ccp-project-researcher.md} +33 -6
- package/{gsd/agents/gsd-research-synthesizer.md → src/agents/ccp-research-synthesizer.md} +11 -11
- package/{gsd/agents/gsd-roadmapper.md → src/agents/ccp-roadmapper.md} +39 -10
- package/src/agents/ccp-ui-auditor.md +439 -0
- package/src/agents/ccp-ui-checker.md +300 -0
- package/src/agents/ccp-ui-researcher.md +357 -0
- package/{gsd/agents/gsd-verifier.md → src/agents/ccp-verifier.md} +81 -15
- package/src/agents/cpp-build-resolver.md +90 -0
- package/src/agents/cpp-reviewer.md +72 -0
- package/src/agents/database-reviewer.md +91 -0
- package/src/agents/docs-lookup.md +68 -0
- package/src/agents/flutter-reviewer.md +243 -0
- package/src/agents/go-build-resolver.md +94 -0
- package/src/agents/go-reviewer.md +76 -0
- package/src/agents/java-build-resolver.md +153 -0
- package/src/agents/java-reviewer.md +92 -0
- package/src/agents/kotlin-build-resolver.md +118 -0
- package/src/agents/kotlin-reviewer.md +159 -0
- package/src/agents/planner.md +212 -0
- package/src/agents/python-reviewer.md +98 -0
- package/src/agents/pytorch-build-resolver.md +120 -0
- package/src/agents/refactor-cleaner.md +85 -0
- package/src/agents/rust-build-resolver.md +148 -0
- package/src/agents/rust-reviewer.md +94 -0
- package/src/agents/typescript-reviewer.md +112 -0
- package/src/available-rules/README.md +80 -0
- package/src/available-rules/cpp/coding-style.md +44 -0
- package/src/available-rules/cpp/hooks.md +39 -0
- package/src/available-rules/cpp/patterns.md +51 -0
- package/src/available-rules/cpp/security.md +51 -0
- package/src/available-rules/cpp/testing.md +44 -0
- package/src/available-rules/csharp/coding-style.md +72 -0
- package/src/available-rules/csharp/hooks.md +25 -0
- package/src/available-rules/csharp/patterns.md +50 -0
- package/src/available-rules/csharp/security.md +58 -0
- package/src/available-rules/csharp/testing.md +46 -0
- package/src/available-rules/java/coding-style.md +114 -0
- package/src/available-rules/java/hooks.md +18 -0
- package/src/available-rules/java/patterns.md +146 -0
- package/src/available-rules/java/security.md +100 -0
- package/src/available-rules/java/testing.md +131 -0
- package/src/available-rules/kotlin/hooks.md +17 -0
- package/src/available-rules/rust/coding-style.md +151 -0
- package/src/available-rules/rust/hooks.md +16 -0
- package/src/available-rules/rust/patterns.md +168 -0
- package/src/available-rules/rust/security.md +141 -0
- package/src/available-rules/rust/testing.md +154 -0
- package/src/commands/aside.md +164 -0
- package/src/commands/build-fix.md +62 -0
- package/src/commands/ccp/add-backlog.md +76 -0
- package/{gsd/commands-gsd → src/commands/ccp}/add-phase.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/add-tests.md +5 -5
- package/{gsd/commands-gsd → src/commands/ccp}/add-todo.md +4 -4
- package/{gsd/commands-gsd → src/commands/ccp}/audit-milestone.md +3 -3
- package/src/commands/ccp/audit-uat.md +24 -0
- package/src/commands/ccp/autonomous.md +41 -0
- package/{gsd/commands-gsd → src/commands/ccp}/check-todos.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/cleanup.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/complete-milestone.md +9 -9
- package/{gsd/commands-gsd → src/commands/ccp}/debug.md +14 -9
- package/src/commands/ccp/discuss-phase.md +64 -0
- package/src/commands/ccp/do.md +30 -0
- package/src/commands/ccp/execute-phase.md +59 -0
- package/src/commands/ccp/fast.md +30 -0
- package/src/commands/ccp/forensics.md +56 -0
- package/{gsd/commands-gsd → src/commands/ccp}/health.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/help.md +5 -5
- package/{gsd/commands-gsd → src/commands/ccp}/insert-phase.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/list-phase-assumptions.md +2 -2
- package/src/commands/ccp/manager.md +39 -0
- package/{gsd/commands-gsd → src/commands/ccp}/map-codebase.md +7 -7
- package/src/commands/ccp/milestone-summary.md +51 -0
- package/{gsd/commands-gsd → src/commands/ccp}/new-milestone.md +8 -8
- package/{gsd/commands-gsd → src/commands/ccp}/new-project.md +8 -8
- package/src/commands/ccp/next.md +24 -0
- package/src/commands/ccp/note.md +34 -0
- package/{gsd/commands-gsd → src/commands/ccp}/pause-work.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/plan-milestone-gaps.md +5 -5
- package/{gsd/commands-gsd → src/commands/ccp}/plan-phase.md +9 -7
- package/src/commands/ccp/plant-seed.md +28 -0
- package/src/commands/ccp/pr-branch.md +25 -0
- package/{gsd/commands-gsd → src/commands/ccp}/progress.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/quick.md +10 -8
- package/{gsd/commands-gsd → src/commands/ccp}/remove-phase.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/research-phase.md +17 -12
- package/{gsd/commands-gsd → src/commands/ccp}/resume-work.md +3 -3
- package/src/commands/ccp/review-backlog.md +61 -0
- package/src/commands/ccp/session-report.md +19 -0
- package/src/commands/ccp/set-profile.md +12 -0
- package/{gsd/commands-gsd → src/commands/ccp}/settings.md +5 -5
- package/src/commands/ccp/ship.md +23 -0
- package/src/commands/ccp/stats.md +18 -0
- package/src/commands/ccp/thread.md +127 -0
- package/src/commands/ccp/ui-phase.md +34 -0
- package/src/commands/ccp/ui-review.md +32 -0
- package/{gsd/commands-gsd → src/commands/ccp}/update.md +5 -5
- package/{gsd/commands-gsd → src/commands/ccp}/validate-phase.md +3 -3
- package/{gsd/commands-gsd → src/commands/ccp}/verify-work.md +5 -5
- package/src/commands/code-review.md +40 -0
- package/src/commands/context-budget.md +29 -0
- package/src/commands/cpp-build.md +173 -0
- package/src/commands/cpp-review.md +132 -0
- package/src/commands/cpp-test.md +251 -0
- package/src/commands/docs.md +31 -0
- package/src/commands/e2e.md +364 -0
- package/src/commands/eval.md +120 -0
- package/{ecc → src}/commands/evolve.md +2 -2
- package/src/commands/go-build.md +183 -0
- package/src/commands/go-review.md +148 -0
- package/src/commands/go-test.md +268 -0
- package/src/commands/gradle-build.md +70 -0
- package/src/commands/harness-audit.md +71 -0
- package/src/commands/kotlin-build.md +174 -0
- package/src/commands/kotlin-review.md +140 -0
- package/src/commands/kotlin-test.md +312 -0
- package/src/commands/orchestrate.md +231 -0
- package/src/commands/plan.md +114 -0
- package/src/commands/prompt-optimize.md +38 -0
- package/src/commands/prune.md +25 -0
- package/src/commands/python-review.md +297 -0
- package/{ecc → src}/commands/quality-gate.md +1 -1
- package/src/commands/refactor-clean.md +80 -0
- package/src/commands/rules-distill.md +11 -0
- package/src/commands/rust-build.md +187 -0
- package/src/commands/rust-review.md +142 -0
- package/src/commands/rust-test.md +308 -0
- package/{ecc → src}/commands/sessions.md +10 -10
- package/src/commands/setup-pm.md +80 -0
- package/{kit → src}/commands/setup.md +45 -19
- package/src/commands/skill-create.md +172 -0
- package/src/commands/skill-health.md +51 -0
- package/src/commands/tdd.md +328 -0
- package/src/commands/test-coverage.md +69 -0
- package/src/commands/update-codemaps.md +72 -0
- package/src/commands/update-docs.md +84 -0
- package/{gsd/hooks/gsd-context-monitor.js → src/hooks/ccp-context-monitor.js} +3 -3
- package/src/hooks/ccp-prompt-guard.js +96 -0
- package/{gsd/hooks/gsd-statusline.js → src/hooks/ccp-statusline.js} +7 -7
- package/src/hooks/ccp-workflow-guard.js +94 -0
- package/src/hooks/config-protection.js +141 -0
- package/{kit → src}/hooks/kit-check-update.js +7 -4
- package/src/hooks/mcp-health-check.js +620 -0
- package/{ecc/scripts → src}/hooks/run-with-flags-shell.sh +1 -1
- package/{ecc/scripts → src}/hooks/run-with-flags.js +74 -13
- package/src/hooks/session-end-marker.js +29 -0
- package/{ecc/scripts → src}/hooks/session-end.js +83 -40
- package/{ecc/scripts → src}/hooks/session-start.js +75 -9
- package/{ecc/scripts → src}/lib/hook-flags.js +8 -4
- package/{ecc/scripts → src}/lib/project-detect.js +2 -1
- package/{ecc/scripts → src}/lib/session-manager.d.ts +5 -1
- package/{ecc/scripts → src}/lib/session-manager.js +202 -92
- package/{ecc/scripts → src}/lib/utils.d.ts +23 -1
- package/{ecc/scripts → src}/lib/utils.js +91 -3
- package/{gsd/get-shit-done/bin/gsd-tools.cjs → src/pilot/bin/ccp-tools.cjs} +257 -86
- package/{gsd/get-shit-done → src/pilot}/bin/lib/commands.cjs +1 -1
- package/src/pilot/bin/lib/config.cjs +444 -0
- package/src/pilot/bin/lib/core.cjs +1190 -0
- package/src/pilot/bin/lib/init.cjs +1281 -0
- package/src/pilot/bin/lib/model-profiles.cjs +67 -0
- package/{gsd/get-shit-done → src/pilot}/bin/lib/phase.cjs +2 -2
- package/src/pilot/bin/lib/security.cjs +382 -0
- package/{gsd/get-shit-done → src/pilot}/bin/lib/state.cjs +1 -1
- package/src/pilot/bin/lib/uat.cjs +282 -0
- package/{gsd/get-shit-done → src/pilot}/bin/lib/verify.cjs +10 -10
- package/{gsd/get-shit-done → src/pilot}/references/continuation-format.md +16 -16
- package/{gsd/get-shit-done → src/pilot}/references/decimal-phase-calculation.md +5 -5
- package/{gsd/get-shit-done → src/pilot}/references/git-integration.md +5 -5
- package/{gsd/get-shit-done → src/pilot}/references/git-planning-commit.md +4 -4
- package/src/pilot/references/mcp-servers.json +153 -0
- package/{gsd/get-shit-done → src/pilot}/references/model-profile-resolution.md +2 -2
- package/{gsd/get-shit-done → src/pilot}/references/model-profiles.md +20 -20
- package/{gsd/get-shit-done → src/pilot}/references/phase-argument-parsing.md +4 -4
- package/{gsd/get-shit-done → src/pilot}/references/planning-config.md +15 -15
- package/{gsd/get-shit-done → src/pilot}/references/ui-brand.md +5 -5
- package/{gsd/get-shit-done → src/pilot}/references/verification-patterns.md +1 -1
- package/{gsd/get-shit-done → src/pilot}/templates/DEBUG.md +1 -1
- package/{gsd/get-shit-done → src/pilot}/templates/UAT.md +3 -3
- package/src/pilot/templates/UI-SPEC.md +100 -0
- package/{gsd/get-shit-done → src/pilot}/templates/VALIDATION.md +1 -1
- package/src/pilot/templates/claude-md.md +122 -0
- package/{gsd/get-shit-done → src/pilot}/templates/codebase/architecture.md +2 -2
- package/{gsd/get-shit-done → src/pilot}/templates/codebase/structure.md +13 -13
- package/{gsd/get-shit-done → src/pilot}/templates/context.md +4 -4
- package/src/pilot/templates/copilot-instructions.md +7 -0
- package/{gsd/get-shit-done → src/pilot}/templates/debug-subagent-prompt.md +4 -4
- package/src/pilot/templates/dev-preferences.md +21 -0
- package/{gsd/get-shit-done → src/pilot}/templates/discovery.md +2 -2
- package/src/pilot/templates/discussion-log.md +63 -0
- package/{gsd/get-shit-done → src/pilot}/templates/phase-prompt.md +12 -12
- package/{gsd/get-shit-done → src/pilot}/templates/planner-subagent-prompt.md +7 -7
- package/{gsd/get-shit-done → src/pilot}/templates/project.md +1 -1
- package/{gsd/get-shit-done → src/pilot}/templates/research.md +2 -2
- package/{gsd/get-shit-done → src/pilot}/templates/state.md +2 -2
- package/{gsd/get-shit-done → src/pilot}/templates/summary-complex.md +1 -1
- package/{gsd/get-shit-done → src/pilot}/workflows/add-phase.md +11 -11
- package/{gsd/get-shit-done → src/pilot}/workflows/add-tests.md +15 -15
- package/{gsd/get-shit-done → src/pilot}/workflows/add-todo.md +7 -7
- package/{gsd/get-shit-done → src/pilot}/workflows/audit-milestone.md +24 -16
- package/src/pilot/workflows/audit-uat.md +109 -0
- package/src/pilot/workflows/autonomous.md +891 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/check-todos.md +10 -10
- package/{gsd/get-shit-done → src/pilot}/workflows/cleanup.md +3 -3
- package/{gsd/get-shit-done → src/pilot}/workflows/complete-milestone.md +19 -16
- package/{gsd/get-shit-done → src/pilot}/workflows/diagnose-issues.md +9 -4
- package/{gsd/get-shit-done → src/pilot}/workflows/discovery-phase.md +8 -8
- package/src/pilot/workflows/discuss-phase-assumptions.md +653 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/discuss-phase.md +407 -49
- package/src/pilot/workflows/do.md +104 -0
- package/src/pilot/workflows/execute-phase.md +821 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/execute-plan.md +79 -28
- package/src/pilot/workflows/fast.md +105 -0
- package/src/pilot/workflows/forensics.md +265 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/health.md +34 -11
- package/src/pilot/workflows/help.md +775 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/insert-phase.md +10 -10
- package/{gsd/get-shit-done → src/pilot}/workflows/list-phase-assumptions.md +4 -4
- package/src/pilot/workflows/manager.md +362 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/map-codebase.md +27 -17
- package/src/pilot/workflows/milestone-summary.md +223 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/new-milestone.md +135 -33
- package/{gsd/get-shit-done → src/pilot}/workflows/new-project.md +152 -79
- package/src/pilot/workflows/next.md +97 -0
- package/src/pilot/workflows/node-repair.md +92 -0
- package/src/pilot/workflows/note.md +156 -0
- package/src/pilot/workflows/pause-work.md +177 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/plan-milestone-gaps.md +10 -11
- package/src/pilot/workflows/plan-phase.md +859 -0
- package/src/pilot/workflows/plant-seed.md +169 -0
- package/src/pilot/workflows/pr-branch.md +129 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/progress.md +95 -34
- package/{gsd/get-shit-done → src/pilot}/workflows/quick.md +33 -21
- package/{gsd/get-shit-done → src/pilot}/workflows/remove-phase.md +14 -14
- package/{gsd/get-shit-done → src/pilot}/workflows/research-phase.md +18 -10
- package/{gsd/get-shit-done → src/pilot}/workflows/resume-project.md +37 -18
- package/src/pilot/workflows/session-report.md +146 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/set-profile.md +7 -7
- package/{gsd/get-shit-done → src/pilot}/workflows/settings.md +75 -22
- package/src/pilot/workflows/ship.md +228 -0
- package/src/pilot/workflows/stats.md +60 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/transition.md +57 -17
- package/src/pilot/workflows/ui-phase.md +302 -0
- package/src/pilot/workflows/ui-review.md +165 -0
- package/{gsd/get-shit-done → src/pilot}/workflows/update.md +88 -58
- package/{gsd/get-shit-done → src/pilot}/workflows/validate-phase.md +24 -17
- package/{gsd/get-shit-done → src/pilot}/workflows/verify-phase.md +26 -15
- package/{gsd/get-shit-done → src/pilot}/workflows/verify-work.md +89 -37
- package/{ecc → src}/rules/common/agents.md +1 -0
- package/{ecc → src}/rules/common/coding-style.md +21 -0
- package/src/skills/agentic-engineering/SKILL.md +63 -0
- package/src/skills/ai-first-engineering/SKILL.md +51 -0
- package/src/skills/ai-regression-testing/SKILL.md +385 -0
- package/src/skills/api-design/SKILL.md +523 -0
- package/src/skills/architecture-decision-records/SKILL.md +179 -0
- package/src/skills/backend-patterns/SKILL.md +598 -0
- package/src/skills/benchmark/SKILL.md +87 -0
- package/src/skills/blueprint/SKILL.md +90 -0
- package/src/skills/browser-qa/SKILL.md +81 -0
- package/src/skills/claude-api/SKILL.md +337 -0
- package/src/skills/codebase-onboarding/SKILL.md +233 -0
- package/src/skills/coding-standards/SKILL.md +530 -0
- package/src/skills/context-budget/SKILL.md +135 -0
- package/{ecc → src}/skills/continuous-learning-v2/SKILL.md +2 -2
- package/{ecc → src}/skills/continuous-learning-v2/agents/observer-loop.sh +1 -1
- package/src/skills/cpp-coding-standards/SKILL.md +723 -0
- package/src/skills/cpp-testing/SKILL.md +324 -0
- package/src/skills/database-migrations/SKILL.md +429 -0
- package/src/skills/deep-research/SKILL.md +155 -0
- package/src/skills/deployment-patterns/SKILL.md +427 -0
- package/src/skills/django-patterns/SKILL.md +734 -0
- package/src/skills/django-security/SKILL.md +593 -0
- package/src/skills/django-tdd/SKILL.md +729 -0
- package/src/skills/django-verification/SKILL.md +469 -0
- package/src/skills/docker-patterns/SKILL.md +364 -0
- package/src/skills/documentation-lookup/SKILL.md +90 -0
- package/src/skills/e2e-testing/SKILL.md +326 -0
- package/src/skills/exa-search/SKILL.md +103 -0
- package/src/skills/frontend-patterns/SKILL.md +642 -0
- package/src/skills/golang-patterns/SKILL.md +674 -0
- package/src/skills/golang-testing/SKILL.md +720 -0
- package/src/skills/java-coding-standards/SKILL.md +147 -0
- package/src/skills/jpa-patterns/SKILL.md +151 -0
- package/src/skills/kotlin-coroutines-flows/SKILL.md +284 -0
- package/src/skills/kotlin-exposed-patterns/SKILL.md +719 -0
- package/src/skills/kotlin-ktor-patterns/SKILL.md +689 -0
- package/src/skills/kotlin-patterns/SKILL.md +711 -0
- package/src/skills/kotlin-testing/SKILL.md +824 -0
- package/src/skills/laravel-patterns/SKILL.md +415 -0
- package/src/skills/laravel-security/SKILL.md +285 -0
- package/src/skills/laravel-tdd/SKILL.md +283 -0
- package/src/skills/laravel-verification/SKILL.md +179 -0
- package/src/skills/mcp-server-patterns/SKILL.md +67 -0
- package/src/skills/perl-patterns/SKILL.md +504 -0
- package/src/skills/perl-testing/SKILL.md +475 -0
- package/src/skills/postgres-patterns/SKILL.md +147 -0
- package/src/skills/prompt-optimizer/SKILL.md +397 -0
- package/src/skills/python-patterns/SKILL.md +750 -0
- package/src/skills/python-testing/SKILL.md +816 -0
- package/src/skills/rust-patterns/SKILL.md +499 -0
- package/src/skills/rust-testing/SKILL.md +500 -0
- package/src/skills/safety-guard/SKILL.md +69 -0
- package/src/skills/search-first/SKILL.md +161 -0
- package/src/skills/security-review/SKILL.md +495 -0
- package/src/skills/security-review/cloud-infrastructure-security.md +361 -0
- package/src/skills/security-scan/SKILL.md +165 -0
- package/src/skills/springboot-patterns/SKILL.md +314 -0
- package/src/skills/springboot-security/SKILL.md +272 -0
- package/src/skills/springboot-tdd/SKILL.md +158 -0
- package/src/skills/springboot-verification/SKILL.md +231 -0
- package/src/skills/tdd-workflow/SKILL.md +410 -0
- package/ecc/scripts/hooks/session-end-marker.js +0 -15
- package/gsd/LICENSE +0 -21
- package/gsd/commands-gsd/discuss-phase.md +0 -90
- package/gsd/commands-gsd/execute-phase.md +0 -41
- package/gsd/commands-gsd/join-discord.md +0 -18
- package/gsd/commands-gsd/reapply-patches.md +0 -123
- package/gsd/commands-gsd/set-profile.md +0 -34
- package/gsd/get-shit-done/bin/lib/config.cjs +0 -169
- package/gsd/get-shit-done/bin/lib/core.cjs +0 -492
- package/gsd/get-shit-done/bin/lib/init.cjs +0 -710
- package/gsd/get-shit-done/workflows/execute-phase.md +0 -459
- package/gsd/get-shit-done/workflows/help.md +0 -489
- package/gsd/get-shit-done/workflows/pause-work.md +0 -122
- package/gsd/get-shit-done/workflows/plan-phase.md +0 -560
- package/gsd/hooks/gsd-check-update.js +0 -81
- package/kit/CLAUDE.md +0 -43
- package/kit/commands/kit/update.md +0 -46
- package/kit/mcp.json +0 -10
- package/kit/rules/code-style.md +0 -24
- /package/{ecc → src}/agents/architect.md +0 -0
- /package/{ecc → src}/agents/code-reviewer.md +0 -0
- /package/{ecc → src}/agents/doc-updater.md +0 -0
- /package/{ecc → src}/agents/e2e-runner.md +0 -0
- /package/{ecc → src}/agents/security-reviewer.md +0 -0
- /package/{ecc → src}/agents/tdd-guide.md +0 -0
- /package/{ecc/rules → src/available-rules}/golang/coding-style.md +0 -0
- /package/{ecc/rules → src/available-rules}/golang/hooks.md +0 -0
- /package/{ecc/rules → src/available-rules}/golang/patterns.md +0 -0
- /package/{ecc/rules → src/available-rules}/golang/security.md +0 -0
- /package/{ecc/rules → src/available-rules}/golang/testing.md +0 -0
- /package/{ecc/rules → src/available-rules}/kotlin/coding-style.md +0 -0
- /package/{ecc/rules → src/available-rules}/kotlin/patterns.md +0 -0
- /package/{ecc/rules → src/available-rules}/kotlin/security.md +0 -0
- /package/{ecc/rules → src/available-rules}/kotlin/testing.md +0 -0
- /package/{ecc/rules → src/available-rules}/perl/coding-style.md +0 -0
- /package/{ecc/rules → src/available-rules}/perl/hooks.md +0 -0
- /package/{ecc/rules → src/available-rules}/perl/patterns.md +0 -0
- /package/{ecc/rules → src/available-rules}/perl/security.md +0 -0
- /package/{ecc/rules → src/available-rules}/perl/testing.md +0 -0
- /package/{ecc/rules → src/available-rules}/php/coding-style.md +0 -0
- /package/{ecc/rules → src/available-rules}/php/hooks.md +0 -0
- /package/{ecc/rules → src/available-rules}/php/patterns.md +0 -0
- /package/{ecc/rules → src/available-rules}/php/security.md +0 -0
- /package/{ecc/rules → src/available-rules}/php/testing.md +0 -0
- /package/{ecc/rules → src/available-rules}/python/coding-style.md +0 -0
- /package/{ecc/rules → src/available-rules}/python/hooks.md +0 -0
- /package/{ecc/rules → src/available-rules}/python/patterns.md +0 -0
- /package/{ecc/rules → src/available-rules}/python/security.md +0 -0
- /package/{ecc/rules → src/available-rules}/python/testing.md +0 -0
- /package/{ecc/rules → src/available-rules}/swift/coding-style.md +0 -0
- /package/{ecc/rules → src/available-rules}/swift/hooks.md +0 -0
- /package/{ecc/rules → src/available-rules}/swift/patterns.md +0 -0
- /package/{ecc/rules → src/available-rules}/swift/security.md +0 -0
- /package/{ecc/rules → src/available-rules}/swift/testing.md +0 -0
- /package/{ecc/rules → src/available-rules}/typescript/coding-style.md +0 -0
- /package/{ecc/rules → src/available-rules}/typescript/hooks.md +0 -0
- /package/{ecc/rules → src/available-rules}/typescript/patterns.md +0 -0
- /package/{ecc/rules → src/available-rules}/typescript/security.md +0 -0
- /package/{ecc/rules → src/available-rules}/typescript/testing.md +0 -0
- /package/{ecc → src}/commands/checkpoint.md +0 -0
- /package/{ecc → src}/commands/learn.md +0 -0
- /package/{ecc → src}/commands/model-route.md +0 -0
- /package/{ecc → src}/commands/resume-session.md +0 -0
- /package/{ecc → src}/commands/save-session.md +0 -0
- /package/{kit → src}/commands/setup-refresh.md +0 -0
- /package/{kit → src}/commands/tool-guide.md +0 -0
- /package/{ecc → src}/commands/verify.md +0 -0
- /package/{ecc → src}/contexts/dev.md +0 -0
- /package/{ecc → src}/contexts/research.md +0 -0
- /package/{ecc → src}/contexts/review.md +0 -0
- /package/{ecc → src}/examples/CLAUDE.md +0 -0
- /package/{ecc → src}/examples/django-api-CLAUDE.md +0 -0
- /package/{ecc → src}/examples/go-microservice-CLAUDE.md +0 -0
- /package/{ecc → src}/examples/rust-api-CLAUDE.md +0 -0
- /package/{ecc → src}/examples/saas-nextjs-CLAUDE.md +0 -0
- /package/{ecc → src}/examples/user-CLAUDE.md +0 -0
- /package/{ecc/scripts → src}/hooks/check-hook-enabled.js +0 -0
- /package/{ecc/scripts → src}/hooks/evaluate-session.js +0 -0
- /package/{ecc/scripts → src}/hooks/pre-compact.js +0 -0
- /package/{ecc/scripts → src}/hooks/suggest-compact.js +0 -0
- /package/{ecc/scripts → src}/lib/package-manager.d.ts +0 -0
- /package/{ecc/scripts → src}/lib/package-manager.js +0 -0
- /package/{ecc/scripts → src}/lib/resolve-formatter.js +0 -0
- /package/{ecc/scripts → src}/lib/session-aliases.d.ts +0 -0
- /package/{ecc/scripts → src}/lib/session-aliases.js +0 -0
- /package/{ecc/scripts → src}/lib/shell-split.js +0 -0
- /package/{gsd/get-shit-done → src/pilot}/bin/lib/frontmatter.cjs +0 -0
- /package/{gsd/get-shit-done → src/pilot}/bin/lib/milestone.cjs +0 -0
- /package/{gsd/get-shit-done → src/pilot}/bin/lib/roadmap.cjs +0 -0
- /package/{gsd/get-shit-done → src/pilot}/bin/lib/template.cjs +0 -0
- /package/{gsd/get-shit-done → src/pilot}/references/checkpoints.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/references/questioning.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/references/tdd.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/codebase/concerns.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/codebase/conventions.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/codebase/integrations.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/codebase/stack.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/codebase/testing.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/config.json +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/continue-here.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/milestone-archive.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/milestone.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/requirements.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/research-project/ARCHITECTURE.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/research-project/FEATURES.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/research-project/PITFALLS.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/research-project/STACK.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/research-project/SUMMARY.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/retrospective.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/roadmap.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/summary-minimal.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/summary-standard.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/summary.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/user-setup.md +0 -0
- /package/{gsd/get-shit-done → src/pilot}/templates/verification-report.md +0 -0
- /package/{ecc → src}/rules/common/development-workflow.md +0 -0
- /package/{ecc → src}/rules/common/git-workflow.md +0 -0
- /package/{ecc → src}/rules/common/hooks.md +0 -0
- /package/{ecc → src}/rules/common/patterns.md +0 -0
- /package/{ecc → src}/rules/common/performance.md +0 -0
- /package/{ecc → src}/rules/common/security.md +0 -0
- /package/{ecc → src}/rules/common/testing.md +0 -0
- /package/{ecc → src}/skills/continuous-learning-v2/agents/observer.md +0 -0
- /package/{ecc → src}/skills/continuous-learning-v2/agents/start-observer.sh +0 -0
- /package/{ecc → src}/skills/continuous-learning-v2/config.json +0 -0
- /package/{ecc → src}/skills/continuous-learning-v2/hooks/observe.sh +0 -0
- /package/{ecc → src}/skills/continuous-learning-v2/scripts/detect-project.sh +0 -0
- /package/{ecc → src}/skills/continuous-learning-v2/scripts/instinct-cli.py +0 -0
- /package/{ecc → src}/skills/continuous-learning-v2/scripts/test_parse_instinct.py +0 -0
- /package/{ecc → src}/skills/strategic-compact/SKILL.md +0 -0
- /package/{ecc → src}/skills/strategic-compact/suggest-compact.sh +0 -0
- /package/{ecc/skills/verification-loop-SKILL.md → src/skills/verification-loop/SKILL.md} +0 -0
|
@@ -0,0 +1,158 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: springboot-tdd
|
|
3
|
+
description: Test-driven development for Spring Boot using JUnit 5, Mockito, MockMvc, Testcontainers, and JaCoCo. Use when adding features, fixing bugs, or refactoring.
|
|
4
|
+
origin: ECC
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Spring Boot TDD Workflow
|
|
8
|
+
|
|
9
|
+
TDD guidance for Spring Boot services with 80%+ coverage (unit + integration).
|
|
10
|
+
|
|
11
|
+
## When to Use
|
|
12
|
+
|
|
13
|
+
- New features or endpoints
|
|
14
|
+
- Bug fixes or refactors
|
|
15
|
+
- Adding data access logic or security rules
|
|
16
|
+
|
|
17
|
+
## Workflow
|
|
18
|
+
|
|
19
|
+
1) Write tests first (they should fail)
|
|
20
|
+
2) Implement minimal code to pass
|
|
21
|
+
3) Refactor with tests green
|
|
22
|
+
4) Enforce coverage (JaCoCo)
|
|
23
|
+
|
|
24
|
+
## Unit Tests (JUnit 5 + Mockito)
|
|
25
|
+
|
|
26
|
+
```java
|
|
27
|
+
@ExtendWith(MockitoExtension.class)
|
|
28
|
+
class MarketServiceTest {
|
|
29
|
+
@Mock MarketRepository repo;
|
|
30
|
+
@InjectMocks MarketService service;
|
|
31
|
+
|
|
32
|
+
@Test
|
|
33
|
+
void createsMarket() {
|
|
34
|
+
CreateMarketRequest req = new CreateMarketRequest("name", "desc", Instant.now(), List.of("cat"));
|
|
35
|
+
when(repo.save(any())).thenAnswer(inv -> inv.getArgument(0));
|
|
36
|
+
|
|
37
|
+
Market result = service.create(req);
|
|
38
|
+
|
|
39
|
+
assertThat(result.name()).isEqualTo("name");
|
|
40
|
+
verify(repo).save(any());
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Patterns:
|
|
46
|
+
- Arrange-Act-Assert
|
|
47
|
+
- Avoid partial mocks; prefer explicit stubbing
|
|
48
|
+
- Use `@ParameterizedTest` for variants
|
|
49
|
+
|
|
50
|
+
## Web Layer Tests (MockMvc)
|
|
51
|
+
|
|
52
|
+
```java
|
|
53
|
+
@WebMvcTest(MarketController.class)
|
|
54
|
+
class MarketControllerTest {
|
|
55
|
+
@Autowired MockMvc mockMvc;
|
|
56
|
+
@MockBean MarketService marketService;
|
|
57
|
+
|
|
58
|
+
@Test
|
|
59
|
+
void returnsMarkets() throws Exception {
|
|
60
|
+
when(marketService.list(any())).thenReturn(Page.empty());
|
|
61
|
+
|
|
62
|
+
mockMvc.perform(get("/api/markets"))
|
|
63
|
+
.andExpect(status().isOk())
|
|
64
|
+
.andExpect(jsonPath("$.content").isArray());
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
## Integration Tests (SpringBootTest)
|
|
70
|
+
|
|
71
|
+
```java
|
|
72
|
+
@SpringBootTest
|
|
73
|
+
@AutoConfigureMockMvc
|
|
74
|
+
@ActiveProfiles("test")
|
|
75
|
+
class MarketIntegrationTest {
|
|
76
|
+
@Autowired MockMvc mockMvc;
|
|
77
|
+
|
|
78
|
+
@Test
|
|
79
|
+
void createsMarket() throws Exception {
|
|
80
|
+
mockMvc.perform(post("/api/markets")
|
|
81
|
+
.contentType(MediaType.APPLICATION_JSON)
|
|
82
|
+
.content("""
|
|
83
|
+
{"name":"Test","description":"Desc","endDate":"2030-01-01T00:00:00Z","categories":["general"]}
|
|
84
|
+
"""))
|
|
85
|
+
.andExpect(status().isCreated());
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
## Persistence Tests (DataJpaTest)
|
|
91
|
+
|
|
92
|
+
```java
|
|
93
|
+
@DataJpaTest
|
|
94
|
+
@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.NONE)
|
|
95
|
+
@Import(TestContainersConfig.class)
|
|
96
|
+
class MarketRepositoryTest {
|
|
97
|
+
@Autowired MarketRepository repo;
|
|
98
|
+
|
|
99
|
+
@Test
|
|
100
|
+
void savesAndFinds() {
|
|
101
|
+
MarketEntity entity = new MarketEntity();
|
|
102
|
+
entity.setName("Test");
|
|
103
|
+
repo.save(entity);
|
|
104
|
+
|
|
105
|
+
Optional<MarketEntity> found = repo.findByName("Test");
|
|
106
|
+
assertThat(found).isPresent();
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
## Testcontainers
|
|
112
|
+
|
|
113
|
+
- Use reusable containers for Postgres/Redis to mirror production
|
|
114
|
+
- Wire via `@DynamicPropertySource` to inject JDBC URLs into Spring context
|
|
115
|
+
|
|
116
|
+
## Coverage (JaCoCo)
|
|
117
|
+
|
|
118
|
+
Maven snippet:
|
|
119
|
+
```xml
|
|
120
|
+
<plugin>
|
|
121
|
+
<groupId>org.jacoco</groupId>
|
|
122
|
+
<artifactId>jacoco-maven-plugin</artifactId>
|
|
123
|
+
<version>0.8.14</version>
|
|
124
|
+
<executions>
|
|
125
|
+
<execution>
|
|
126
|
+
<goals><goal>prepare-agent</goal></goals>
|
|
127
|
+
</execution>
|
|
128
|
+
<execution>
|
|
129
|
+
<id>report</id>
|
|
130
|
+
<phase>verify</phase>
|
|
131
|
+
<goals><goal>report</goal></goals>
|
|
132
|
+
</execution>
|
|
133
|
+
</executions>
|
|
134
|
+
</plugin>
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
## Assertions
|
|
138
|
+
|
|
139
|
+
- Prefer AssertJ (`assertThat`) for readability
|
|
140
|
+
- For JSON responses, use `jsonPath`
|
|
141
|
+
- For exceptions: `assertThatThrownBy(...)`
|
|
142
|
+
|
|
143
|
+
## Test Data Builders
|
|
144
|
+
|
|
145
|
+
```java
|
|
146
|
+
class MarketBuilder {
|
|
147
|
+
private String name = "Test";
|
|
148
|
+
MarketBuilder withName(String name) { this.name = name; return this; }
|
|
149
|
+
Market build() { return new Market(null, name, MarketStatus.ACTIVE); }
|
|
150
|
+
}
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
## CI Commands
|
|
154
|
+
|
|
155
|
+
- Maven: `mvn -T 4 test` or `mvn verify`
|
|
156
|
+
- Gradle: `./gradlew test jacocoTestReport`
|
|
157
|
+
|
|
158
|
+
**Remember**: Keep tests fast, isolated, and deterministic. Test behavior, not implementation details.
|
|
@@ -0,0 +1,231 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: springboot-verification
|
|
3
|
+
description: "Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR."
|
|
4
|
+
origin: ECC
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Spring Boot Verification Loop
|
|
8
|
+
|
|
9
|
+
Run before PRs, after major changes, and pre-deploy.
|
|
10
|
+
|
|
11
|
+
## When to Activate
|
|
12
|
+
|
|
13
|
+
- Before opening a pull request for a Spring Boot service
|
|
14
|
+
- After major refactoring or dependency upgrades
|
|
15
|
+
- Pre-deployment verification for staging or production
|
|
16
|
+
- Running full build → lint → test → security scan pipeline
|
|
17
|
+
- Validating test coverage meets thresholds
|
|
18
|
+
|
|
19
|
+
## Phase 1: Build
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
mvn -T 4 clean verify -DskipTests
|
|
23
|
+
# or
|
|
24
|
+
./gradlew clean assemble -x test
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
If build fails, stop and fix.
|
|
28
|
+
|
|
29
|
+
## Phase 2: Static Analysis
|
|
30
|
+
|
|
31
|
+
Maven (common plugins):
|
|
32
|
+
```bash
|
|
33
|
+
mvn -T 4 spotbugs:check pmd:check checkstyle:check
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
Gradle (if configured):
|
|
37
|
+
```bash
|
|
38
|
+
./gradlew checkstyleMain pmdMain spotbugsMain
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
## Phase 3: Tests + Coverage
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
mvn -T 4 test
|
|
45
|
+
mvn jacoco:report # verify 80%+ coverage
|
|
46
|
+
# or
|
|
47
|
+
./gradlew test jacocoTestReport
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
Report:
|
|
51
|
+
- Total tests, passed/failed
|
|
52
|
+
- Coverage % (lines/branches)
|
|
53
|
+
|
|
54
|
+
### Unit Tests
|
|
55
|
+
|
|
56
|
+
Test service logic in isolation with mocked dependencies:
|
|
57
|
+
|
|
58
|
+
```java
|
|
59
|
+
@ExtendWith(MockitoExtension.class)
|
|
60
|
+
class UserServiceTest {
|
|
61
|
+
|
|
62
|
+
@Mock private UserRepository userRepository;
|
|
63
|
+
@InjectMocks private UserService userService;
|
|
64
|
+
|
|
65
|
+
@Test
|
|
66
|
+
void createUser_validInput_returnsUser() {
|
|
67
|
+
var dto = new CreateUserDto("Alice", "alice@example.com");
|
|
68
|
+
var expected = new User(1L, "Alice", "alice@example.com");
|
|
69
|
+
when(userRepository.save(any(User.class))).thenReturn(expected);
|
|
70
|
+
|
|
71
|
+
var result = userService.create(dto);
|
|
72
|
+
|
|
73
|
+
assertThat(result.name()).isEqualTo("Alice");
|
|
74
|
+
verify(userRepository).save(any(User.class));
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
@Test
|
|
78
|
+
void createUser_duplicateEmail_throwsException() {
|
|
79
|
+
var dto = new CreateUserDto("Alice", "existing@example.com");
|
|
80
|
+
when(userRepository.existsByEmail(dto.email())).thenReturn(true);
|
|
81
|
+
|
|
82
|
+
assertThatThrownBy(() -> userService.create(dto))
|
|
83
|
+
.isInstanceOf(DuplicateEmailException.class);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
### Integration Tests with Testcontainers
|
|
89
|
+
|
|
90
|
+
Test against a real database instead of H2:
|
|
91
|
+
|
|
92
|
+
```java
|
|
93
|
+
@SpringBootTest
|
|
94
|
+
@Testcontainers
|
|
95
|
+
class UserRepositoryIntegrationTest {
|
|
96
|
+
|
|
97
|
+
@Container
|
|
98
|
+
static PostgreSQLContainer<?> postgres = new PostgreSQLContainer<>("postgres:16-alpine")
|
|
99
|
+
.withDatabaseName("testdb");
|
|
100
|
+
|
|
101
|
+
@DynamicPropertySource
|
|
102
|
+
static void configureProperties(DynamicPropertyRegistry registry) {
|
|
103
|
+
registry.add("spring.datasource.url", postgres::getJdbcUrl);
|
|
104
|
+
registry.add("spring.datasource.username", postgres::getUsername);
|
|
105
|
+
registry.add("spring.datasource.password", postgres::getPassword);
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
@Autowired private UserRepository userRepository;
|
|
109
|
+
|
|
110
|
+
@Test
|
|
111
|
+
void findByEmail_existingUser_returnsUser() {
|
|
112
|
+
userRepository.save(new User("Alice", "alice@example.com"));
|
|
113
|
+
|
|
114
|
+
var found = userRepository.findByEmail("alice@example.com");
|
|
115
|
+
|
|
116
|
+
assertThat(found).isPresent();
|
|
117
|
+
assertThat(found.get().getName()).isEqualTo("Alice");
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
### API Tests with MockMvc
|
|
123
|
+
|
|
124
|
+
Test controller layer with full Spring context:
|
|
125
|
+
|
|
126
|
+
```java
|
|
127
|
+
@WebMvcTest(UserController.class)
|
|
128
|
+
class UserControllerTest {
|
|
129
|
+
|
|
130
|
+
@Autowired private MockMvc mockMvc;
|
|
131
|
+
@MockBean private UserService userService;
|
|
132
|
+
|
|
133
|
+
@Test
|
|
134
|
+
void createUser_validInput_returns201() throws Exception {
|
|
135
|
+
var user = new UserDto(1L, "Alice", "alice@example.com");
|
|
136
|
+
when(userService.create(any())).thenReturn(user);
|
|
137
|
+
|
|
138
|
+
mockMvc.perform(post("/api/users")
|
|
139
|
+
.contentType(MediaType.APPLICATION_JSON)
|
|
140
|
+
.content("""
|
|
141
|
+
{"name": "Alice", "email": "alice@example.com"}
|
|
142
|
+
"""))
|
|
143
|
+
.andExpect(status().isCreated())
|
|
144
|
+
.andExpect(jsonPath("$.name").value("Alice"));
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
@Test
|
|
148
|
+
void createUser_invalidEmail_returns400() throws Exception {
|
|
149
|
+
mockMvc.perform(post("/api/users")
|
|
150
|
+
.contentType(MediaType.APPLICATION_JSON)
|
|
151
|
+
.content("""
|
|
152
|
+
{"name": "Alice", "email": "not-an-email"}
|
|
153
|
+
"""))
|
|
154
|
+
.andExpect(status().isBadRequest());
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
## Phase 4: Security Scan
|
|
160
|
+
|
|
161
|
+
```bash
|
|
162
|
+
# Dependency CVEs
|
|
163
|
+
mvn org.owasp:dependency-check-maven:check
|
|
164
|
+
# or
|
|
165
|
+
./gradlew dependencyCheckAnalyze
|
|
166
|
+
|
|
167
|
+
# Secrets in source
|
|
168
|
+
grep -rn "password\s*=\s*\"" src/ --include="*.java" --include="*.yml" --include="*.properties"
|
|
169
|
+
grep -rn "sk-\|api_key\|secret" src/ --include="*.java" --include="*.yml"
|
|
170
|
+
|
|
171
|
+
# Secrets (git history)
|
|
172
|
+
git secrets --scan # if configured
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
### Common Security Findings
|
|
176
|
+
|
|
177
|
+
```
|
|
178
|
+
# Check for System.out.println (use logger instead)
|
|
179
|
+
grep -rn "System\.out\.print" src/main/ --include="*.java"
|
|
180
|
+
|
|
181
|
+
# Check for raw exception messages in responses
|
|
182
|
+
grep -rn "e\.getMessage()" src/main/ --include="*.java"
|
|
183
|
+
|
|
184
|
+
# Check for wildcard CORS
|
|
185
|
+
grep -rn "allowedOrigins.*\*" src/main/ --include="*.java"
|
|
186
|
+
```
|
|
187
|
+
|
|
188
|
+
## Phase 5: Lint/Format (optional gate)
|
|
189
|
+
|
|
190
|
+
```bash
|
|
191
|
+
mvn spotless:apply # if using Spotless plugin
|
|
192
|
+
./gradlew spotlessApply
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
## Phase 6: Diff Review
|
|
196
|
+
|
|
197
|
+
```bash
|
|
198
|
+
git diff --stat
|
|
199
|
+
git diff
|
|
200
|
+
```
|
|
201
|
+
|
|
202
|
+
Checklist:
|
|
203
|
+
- No debugging logs left (`System.out`, `log.debug` without guards)
|
|
204
|
+
- Meaningful errors and HTTP statuses
|
|
205
|
+
- Transactions and validation present where needed
|
|
206
|
+
- Config changes documented
|
|
207
|
+
|
|
208
|
+
## Output Template
|
|
209
|
+
|
|
210
|
+
```
|
|
211
|
+
VERIFICATION REPORT
|
|
212
|
+
===================
|
|
213
|
+
Build: [PASS/FAIL]
|
|
214
|
+
Static: [PASS/FAIL] (spotbugs/pmd/checkstyle)
|
|
215
|
+
Tests: [PASS/FAIL] (X/Y passed, Z% coverage)
|
|
216
|
+
Security: [PASS/FAIL] (CVE findings: N)
|
|
217
|
+
Diff: [X files changed]
|
|
218
|
+
|
|
219
|
+
Overall: [READY / NOT READY]
|
|
220
|
+
|
|
221
|
+
Issues to Fix:
|
|
222
|
+
1. ...
|
|
223
|
+
2. ...
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
## Continuous Mode
|
|
227
|
+
|
|
228
|
+
- Re-run phases on significant changes or every 30–60 minutes in long sessions
|
|
229
|
+
- Keep a short loop: `mvn -T 4 test` + spotbugs for quick feedback
|
|
230
|
+
|
|
231
|
+
**Remember**: Fast feedback beats late surprises. Keep the gate strict—treat warnings as defects in production systems.
|