codecruise 0.1.0

package/config/skills/testing/SKILL.md

@@ -0,0 +1,398 @@
+---
+name: testing
+description: TDD workflow, unit, integration, and E2E testing
+version: 1.0.0
+triggers:
+  - test
+  - TDD
+  - vitest
+  - jest
+  - playwright
+  - spec
+  - mock
+---
+
+# Testing Skill
+
+TDD workflow and comprehensive testing patterns.
+
+## Quick Reference
+
+### TDD Workflow
+
+| ID | Rule | Priority |
+|----|------|----------|
+| tdd-1 | Write failing test BEFORE implementation | CRITICAL |
+| tdd-2 | Write minimal code to pass the test | CRITICAL |
+| tdd-3 | Refactor only after tests pass | CRITICAL |
+| tdd-4 | One logical assertion per test | HIGH |
+| tdd-5 | Test behavior, not implementation | HIGH |
+| tdd-6 | Name tests as behavior descriptions | HIGH |
+| tdd-7 | Use Arrange-Act-Assert pattern | HIGH |
+| tdd-8 | Keep tests deterministic (no randomness) | CRITICAL |
+
+### Unit Testing
+
+| ID | Rule | Priority |
+|----|------|----------|
+| unit-1 | Test pure functions first | HIGH |
+| unit-2 | Mock external dependencies | HIGH |
+| unit-3 | Use test.each for parameterized tests | MEDIUM |
+| unit-4 | Test edge cases explicitly | HIGH |
+| unit-5 | Test error conditions | HIGH |
+| unit-6 | Keep tests under 20 lines | MEDIUM |
+| unit-7 | No logic in tests (no if/loops) | HIGH |
+
+### Component Testing
+
+| ID | Rule | Priority |
+|----|------|----------|
+| comp-1 | Query by role, label, or text | CRITICAL |
+| comp-2 | Use userEvent, not fireEvent | HIGH |
+| comp-3 | Test user interactions, not state | HIGH |
+| comp-4 | Test accessibility (roles, labels) | HIGH |
+| comp-5 | Test loading and error states | HIGH |
+| comp-6 | Avoid snapshot tests | MEDIUM |
+| comp-7 | Use findBy for async content | HIGH |
+
+### E2E Testing
+
+| ID | Rule | Priority |
+|----|------|----------|
+| e2e-1 | Test critical user journeys | HIGH |
+| e2e-2 | Use Page Object Model | HIGH |
+| e2e-3 | Keep E2E tests minimal and focused | HIGH |
+| e2e-4 | Run E2E in CI with retries | MEDIUM |
+| e2e-5 | Use stable selectors (data-testid) | MEDIUM |
+
+---
+
+## TDD Cycle
+
+### tdd-1, tdd-2, tdd-3: RED → GREEN → REFACTOR
+
+```typescript
+// 1. RED: Write failing test
+describe('formatCurrency', () => {
+  it('should format positive numbers with $ symbol', () => {
+    expect(formatCurrency(1234.56)).toBe('$1,234.56');
+  });
+});
+
+// Run test → FAILS (function doesn't exist)
+
+// 2. GREEN: Minimal implementation
+function formatCurrency(amount: number): string {
+  return `$${amount.toLocaleString('en-US', {
+    minimumFractionDigits: 2
+  })}`;
+}
+
+// Run test → PASSES
+
+// 3. REFACTOR: Clean up (tests still pass)
+const formatter = new Intl.NumberFormat('en-US', {
+  style: 'currency',
+  currency: 'USD',
+});
+
+function formatCurrency(amount: number): string {
+  return formatter.format(amount);
+}
+
+// Run test → STILL PASSES
+```
+
+### tdd-7: Arrange-Act-Assert
+
+```typescript
+it('should create user with hashed password', async () => {
+  // Arrange
+  const input = { email: 'test@example.com', password: 'secret123' };
+
+  // Act
+  const user = await createUser(input);
+
+  // Assert
+  expect(user.email).toBe('test@example.com');
+  expect(user.password).not.toBe('secret123');
+  expect(user.password).toHaveLength(60); // bcrypt hash
+});
+```
+
+---
+
+## Unit Testing
+
+### unit-3: Parameterized Tests
+
+```typescript
+describe('validateEmail', () => {
+  it.each([
+    ['user@example.com', true],
+    ['user+tag@example.com', true],
+    ['invalid', false],
+    ['@example.com', false],
+    ['user@', false],
+  ])('validateEmail(%s) should return %s', (email, expected) => {
+    expect(validateEmail(email)).toBe(expected);
+  });
+});
+```
+
+### Mocking
+
+```typescript
+// Mock module
+vi.mock('@/lib/database', () => ({
+  db: {
+    user: {
+      findUnique: vi.fn(),
+      create: vi.fn(),
+    },
+  },
+}));
+
+import { db } from '@/lib/database';
+
+describe('getUser', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('should return user from database', async () => {
+    const mockUser = { id: '1', name: 'John' };
+    vi.mocked(db.user.findUnique).mockResolvedValue(mockUser);
+
+    const user = await getUser('1');
+
+    expect(user).toEqual(mockUser);
+    expect(db.user.findUnique).toHaveBeenCalledWith({
+      where: { id: '1' },
+    });
+  });
+});
+```
+
+### Async Testing
+
+```typescript
+it('should throw on invalid id', async () => {
+  await expect(fetchUser('invalid')).rejects.toThrow('User not found');
+});
+
+it('should resolve with user data', async () => {
+  const user = await fetchUser('123');
+  expect(user).toMatchObject({
+    id: '123',
+    name: expect.any(String),
+  });
+});
+```
+
+---
+
+## Component Testing
+
+### comp-1: Query by Role/Label
+
+```typescript
+// GOOD: Accessible queries
+screen.getByRole('button', { name: /submit/i });
+screen.getByLabelText(/email/i);
+screen.getByText(/welcome/i);
+
+// BAD: Implementation details
+screen.getByTestId('submit-btn'); // Only as last resort
+screen.getByClassName('btn-primary'); // Never
+```
+
+### comp-2: userEvent Over fireEvent
+
+```typescript
+import userEvent from '@testing-library/user-event';
+
+it('should submit form on enter', async () => {
+  const user = userEvent.setup();
+  const onSubmit = vi.fn();
+
+  render(<SearchForm onSubmit={onSubmit} />);
+
+  await user.type(screen.getByRole('textbox'), 'search query');
+  await user.keyboard('{Enter}');
+
+  expect(onSubmit).toHaveBeenCalledWith('search query');
+});
+```
+
+### comp-5: Loading and Error States
+
+```typescript
+it('should show loading state', () => {
+  render(<UserProfile isLoading />);
+
+  expect(screen.getByRole('progressbar')).toBeInTheDocument();
+  expect(screen.queryByText(/john/i)).not.toBeInTheDocument();
+});
+
+it('should show error state', () => {
+  render(<UserProfile error="Failed to load" />);
+
+  expect(screen.getByRole('alert')).toHaveTextContent('Failed to load');
+});
+```
+
+### comp-7: Async Content
+
+```typescript
+it('should load and display user', async () => {
+  render(<UserProfile userId="123" />);
+
+  // findBy waits for element
+  const name = await screen.findByText(/john doe/i);
+  expect(name).toBeInTheDocument();
+
+  // Loading should be gone
+  expect(screen.queryByRole('progressbar')).not.toBeInTheDocument();
+});
+```
+
+### Testing Hooks
+
+```typescript
+import { renderHook, act } from '@testing-library/react';
+
+describe('useCounter', () => {
+  it('should increment count', () => {
+    const { result } = renderHook(() => useCounter());
+
+    act(() => {
+      result.current.increment();
+    });
+
+    expect(result.current.count).toBe(1);
+  });
+});
+```
+
+---
+
+## E2E Testing (Playwright)
+
+### e2e-2: Page Object Model
+
+```typescript
+// e2e/pages/login.page.ts
+export class LoginPage {
+  constructor(private page: Page) {}
+
+  readonly emailInput = () => this.page.getByLabel('Email');
+  readonly passwordInput = () => this.page.getByLabel('Password');
+  readonly submitButton = () => this.page.getByRole('button', { name: 'Sign in' });
+  readonly errorMessage = () => this.page.getByRole('alert');
+
+  async goto() {
+    await this.page.goto('/login');
+  }
+
+  async login(email: string, password: string) {
+    await this.emailInput().fill(email);
+    await this.passwordInput().fill(password);
+    await this.submitButton().click();
+  }
+}
+```
+
+### E2E Test
+
+```typescript
+import { test, expect } from '@playwright/test';
+import { LoginPage } from './pages/login.page';
+
+test('should login successfully', async ({ page }) => {
+  const loginPage = new LoginPage(page);
+
+  await loginPage.goto();
+  await loginPage.login('user@example.com', 'password123');
+
+  await expect(page).toHaveURL('/dashboard');
+  await expect(page.getByText('Welcome back')).toBeVisible();
+});
+
+test('should show error with invalid credentials', async ({ page }) => {
+  const loginPage = new LoginPage(page);
+
+  await loginPage.goto();
+  await loginPage.login('user@example.com', 'wrong');
+
+  await expect(loginPage.errorMessage()).toContainText('Invalid credentials');
+});
+```
+
+---
+
+## Test Data Factories
+
+```typescript
+import { faker } from '@faker-js/faker';
+
+export function createUser(overrides: Partial<User> = {}): User {
+  return {
+    id: faker.string.uuid(),
+    email: faker.internet.email(),
+    name: faker.person.fullName(),
+    role: 'user',
+    createdAt: faker.date.past(),
+    ...overrides,
+  };
+}
+
+// Usage
+const users = Array.from({ length: 5 }, () => createUser());
+const admin = createUser({ role: 'admin' });
+```
+
+---
+
+## Configuration
+
+### Vitest
+
+```typescript
+// vitest.config.ts
+export default defineConfig({
+  test: {
+    environment: 'jsdom',
+    globals: true,
+    setupFiles: ['./tests/setup.ts'],
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'html'],
+      exclude: ['node_modules/', '**/*.d.ts'],
+    },
+  },
+});
+```
+
+### Test Setup
+
+```typescript
+// tests/setup.ts
+import '@testing-library/jest-dom/vitest';
+import { cleanup } from '@testing-library/react';
+import { afterEach } from 'vitest';
+
+afterEach(() => {
+  cleanup();
+});
+```
+
+---
+
+## Coverage Goals
+
+| Type | Target | Focus |
+|------|--------|-------|
+| Unit | 80%+ | Utils, hooks, pure functions |
+| Integration | 70%+ | Components, API routes |
+| E2E | Critical paths | Auth, checkout, core flows |

package/config/skills/testing-patterns/SKILL.md

@@ -0,0 +1,276 @@
+---
+name: testing-patterns
+description: Testing pyramid, mocking, coverage, TDD, integration tests, E2E
+keywords: [testing, vitest, playwright, mock, coverage, tdd, integration, e2e, test pyramid]
+---
+
+# Testing Standards
+
+Testing patterns and requirements for production-grade software.
+
+## Test Pyramid
+
+```
+        ╱╲         E2E (5%) - Critical flows only
+       ╱──╲        Contract (10%) - API schemas
+      ╱────╲       Integration (25%) - Real services
+     ╱──────╲      Unit (60%) - Business logic
+```
+
+- Never skip unit tests for integration
+- E2E for critical money/auth flows only
+- Integration tests catch real DB/cache bugs
+
+## Coverage Requirements
+
+| Layer | Minimum | Target |
+|-------|---------|--------|
+| Infrastructure packages | 85% | 95% |
+| Business logic packages | 70% | 85% |
+| Applications (unit) | 60% | 80% |
+
+Block merge on coverage drop >2%.
+
+## When to Write Tests
+
+### TDD (Test First)
+- Business logic services
+- Data transformations
+- Validation rules
+- Error handling
+
+### Test After
+- UI components
+- Styling changes
+- Configuration
+
+### Always Test
+- Happy path
+- 2+ error cases per function
+- Edge cases (null, empty, max, boundary)
+- Security-sensitive code (auth, payments)
+
+## Mock Strategy
+
+| Test Type | Database | Redis | External APIs |
+|-----------|----------|-------|---------------|
+| Unit | Mock | Mock | Mock |
+| Integration | Real (Testcontainers) | Real | Mock |
+| E2E | Real (staging) | Real | Real or sandbox |
+
+### Mock Utilities
+
+```typescript
+// Database mocking (@figu/db pattern)
+import { createMockRawDrizzleDb, mockSelectChain } from '@figu/db/test-utils';
+
+const { mockDb, mockQuery } = createMockRawDrizzleDb();
+mockSelectChain(mockQuery, [{ id: 'user_123' }]);
+```
+
+### Real Services (Testcontainers)
+
+```typescript
+// Integration tests with real PostgreSQL
+import { PostgreSqlContainer } from '@testcontainers/postgresql';
+
+let container: StartedPostgreSqlContainer;
+
+beforeAll(async () => {
+  container = await new PostgreSqlContainer().start();
+  process.env.DATABASE_URL = container.getConnectionUri();
+});
+
+afterAll(async () => {
+  await container.stop();
+});
+```
+
+## Test Structure
+
+### File Organization
+
+```
+src/
+├── service.ts
+├── service.test.ts      # Unit tests (co-located)
+└── __tests__/
+    └── service.int.ts   # Integration tests (separate)
+```
+
+### Naming Convention
+
+```typescript
+// Pattern: should_expectedBehavior_when_condition
+it('should return user profile when authenticated', async () => {});
+it('should throw UnauthorizedError when token expired', async () => {});
+it('should reject when wallet limit exceeded', async () => {});
+```
+
+### AAA Pattern
+
+```typescript
+it('should calculate balance from transactions', async () => {
+  // Arrange
+  const wallet = createTestWallet({ id: 'wallet-1' });
+  const transactions = [
+    createTestTransaction({ amount: -100 }),
+    createTestTransaction({ amount: -50 }),
+  ];
+
+  // Act
+  const balance = calculateBalance(wallet, transactions);
+
+  // Assert
+  expect(balance).toBe(-150);
+});
+```
+
+## Test Data
+
+### Factories (Recommended)
+
+```typescript
+// packages/testing/src/factories/user.ts
+export function createTestUser(overrides: Partial<User> = {}): User {
+  return {
+    id: `user_${cuid()}`,
+    email: `test-${Date.now()}@example.com`,
+    firstName: 'Test',
+    lastName: 'User',
+    createdAt: new Date(),
+    ...overrides,
+  };
+}
+```
+
+### Rules
+- Never use production data
+- Generate unique IDs per test
+- Clean up in `afterEach`
+- Use realistic but fake data
+
+## Integration Tests
+
+### Skip When Services Unavailable
+
+```typescript
+describe.skipIf(!process.env.DATABASE_URL)('Database Integration', () => {
+  // Tests requiring real database
+});
+```
+
+### Clean Up Test Data
+
+```typescript
+afterEach(async () => {
+  await db.delete(users).where(like(users.email, 'test-%'));
+});
+```
+
+## E2E Tests
+
+### Critical Paths Only
+
+Test these flows E2E:
+- Authentication (login, logout, refresh)
+- Money movement (create transaction, transfer)
+- Data integrity (export, deletion)
+
+### Page Object Pattern
+
+```typescript
+// e2e/pages/login.page.ts
+export class LoginPage {
+  constructor(private page: Page) {}
+
+  async login(email: string, password: string) {
+    await this.page.fill('[data-testid="email"]', email);
+    await this.page.fill('[data-testid="password"]', password);
+    await this.page.click('[data-testid="submit"]');
+  }
+}
+```
+
+### Timeouts
+
+- Max 30s per test
+- Record video on failure
+- Screenshot on assertion failure
+
+## Security Testing
+
+### SAST (Every PR)
+- CodeQL for JavaScript/TypeScript
+- npm audit for dependencies
+- Block merge on critical findings
+
+### DAST (Weekly)
+- OWASP ZAP scan
+- API fuzzing
+- Authentication bypass checks
+
+## Performance Testing
+
+### Baselines
+
+| Metric | Target | Maximum |
+|--------|--------|---------|
+| API p95 latency | < 200ms | < 500ms |
+| API p99 latency | < 500ms | < 2s |
+| DB query p95 | < 50ms | < 200ms |
+
+### Regression Detection
+
+```bash
+# Compare current run to baseline
+k6 run --out json=results.json tests/load/api.js
+# Fail if p95 > baseline + 20%
+```
+
+## Flaky Tests
+
+### Prevention
+- Use `vi.useFakeTimers()` for time-dependent tests
+- Avoid `sleep()` - use `waitFor()` or polling
+- Isolate test state (no shared mutable state)
+
+### Handling
+- Max 3 retries in CI
+- Quarantine after 3 consecutive failures
+- Fix within 48 hours or delete
+- Track flaky test metrics
+
+## CI Integration
+
+### Quality Gate
+
+```bash
+pnpm quality  # typecheck → lint → test
+```
+
+Must pass before:
+- Merge to main
+- Release tags
+- Deployment
+
+### Coverage Gate
+
+```yaml
+# .github/workflows/ci.yml
+- name: Check coverage
+  run: |
+    pnpm test:coverage
+    # Fail if below threshold
+```
+
+## Checklist Before PR
+
+- [ ] Unit tests for new business logic
+- [ ] Error cases tested
+- [ ] Edge cases tested
+- [ ] Integration test if touching DB/Redis
+- [ ] E2E test if critical user flow
+- [ ] No `console.log` in test files
+- [ ] No `.only` or `.skip` committed
+- [ ] Coverage not decreased