create-qa-architect 5.0.0 → 5.0.6

package/scripts/smart-test-strategy.sh

@@ -0,0 +1,98 @@
+#!/bin/bash
+# Smart Test Strategy - QA Architect
+set -e
+
+echo "🧠 Analyzing changes for optimal test strategy..."
+
+# =============================================================================
+# SECURITY: Always run npm audit for critical vulnerabilities (fast, ~2 seconds)
+# =============================================================================
+echo ""
+echo "🔒 Running security audit (critical vulnerabilities only)..."
+if npm audit --audit-level=critical --omit=dev 2>/dev/null; then
+  echo "✅ No critical vulnerabilities found"
+else
+  echo "❌ CRITICAL vulnerabilities detected! Fix before pushing."
+  echo "   Run: npm audit fix"
+  exit 1
+fi
+echo ""
+
+# Collect metrics
+CHANGED_FILES=$(git diff --name-only HEAD~1..HEAD 2>/dev/null | wc -l | tr -d ' ')
+CHANGED_LINES=$(git diff --stat HEAD~1..HEAD 2>/dev/null | tail -1 | grep -o '[0-9]* insertions' | grep -o '[0-9]*' || echo "0")
+CURRENT_BRANCH=$(git branch --show-current)
+HOUR=$(date +%H)
+DAY_OF_WEEK=$(date +%u)
+
+# Project-specific high-risk patterns
+HIGH_RISK_FILES=$(git diff --name-only HEAD~1..HEAD 2>/dev/null | grep -E "(setup\.js|lib/.*|templates/.*|config/.*)" || true)
+API_FILES=$(git diff --name-only HEAD~1..HEAD 2>/dev/null | grep -E "api/" || true)
+CONFIG_FILES=$(git diff --name-only HEAD~1..HEAD 2>/dev/null | grep -E "(package\.json|\.env|config)" || true)
+TEST_FILES=$(git diff --name-only HEAD~1..HEAD 2>/dev/null | grep -E "test|spec" || true)
+
+# Calculate risk score (0-10)
+RISK_SCORE=0
+
+# File-based risk
+[[ -n "$HIGH_RISK_FILES" ]] && RISK_SCORE=$((RISK_SCORE + 4))
+[[ -n "$API_FILES" ]] && RISK_SCORE=$((RISK_SCORE + 2))
+[[ -n "$CONFIG_FILES" ]] && RISK_SCORE=$((RISK_SCORE + 2))
+
+# Size-based risk
+[[ $CHANGED_FILES -gt 10 ]] && RISK_SCORE=$((RISK_SCORE + 2))
+[[ $CHANGED_FILES -gt 20 ]] && RISK_SCORE=$((RISK_SCORE + 3))
+[[ $CHANGED_LINES -gt 200 ]] && RISK_SCORE=$((RISK_SCORE + 2))
+
+# Branch-based risk
+case $CURRENT_BRANCH in
+  main|master|production) RISK_SCORE=$((RISK_SCORE + 3)) ;;
+  hotfix/*) RISK_SCORE=$((RISK_SCORE + 4)) ;;
+  release/*) RISK_SCORE=$((RISK_SCORE + 2)) ;;
+  develop) RISK_SCORE=$((RISK_SCORE + 1)) ;;
+esac
+
+# Time pressure adjustment (strip leading zeros)
+HOUR_NUM=$((10#$HOUR))
+if [[ $HOUR_NUM -ge 9 && $HOUR_NUM -le 17 && $DAY_OF_WEEK -le 5 ]]; then
+  SPEED_BONUS=true
+else
+  SPEED_BONUS=false
+fi
+
+# Display analysis
+echo "📊 Analysis Results:"
+echo "   📁 Files: $CHANGED_FILES"
+echo "   📏 Lines: $CHANGED_LINES"
+echo "   🌿 Branch: $CURRENT_BRANCH"
+echo "   🎯 Risk Score: $RISK_SCORE/10"
+echo "   ⚡ Speed Bonus: $SPEED_BONUS"
+echo ""
+
+# Decision logic
+# NOTE: test:commands and test:e2e are ALWAYS excluded from pre-push (run in CI only)
+# - test:commands: Takes 60+ seconds, verifies npm scripts work in isolated env
+# - test:e2e: Requires browser/package build, CI has better infrastructure
+# These run in GitHub Actions on every PR and push to main
+
+if [[ $RISK_SCORE -ge 7 ]]; then
+  echo "🔴 HIGH RISK - Comprehensive validation (pre-push)"
+  echo "   • Patterns + unit tests + security audit"
+  echo "   • (command + e2e tests run in CI only)"
+  npm run test:patterns && npm test && npm run security:audit
+elif [[ $RISK_SCORE -ge 4 ]]; then
+  echo "🟡 MEDIUM RISK - Standard validation"
+  echo "   • Fast tests + patterns"
+  npm run test:patterns && npm run test:fast
+elif [[ $RISK_SCORE -ge 2 || "$SPEED_BONUS" == "false" ]]; then
+  echo "🟢 LOW RISK - Fast validation"
+  echo "   • Unit tests only"
+  npm run test:fast
+else
+  echo "⚪ MINIMAL RISK - Quality checks only"
+  echo "   • Lint + format check"
+  npm run lint && npm run format:check
+fi
+
+echo ""
+echo "💡 Tip: Run 'npm run test:comprehensive' locally for full validation"

package/scripts/test-e2e-package.sh

@@ -0,0 +1,283 @@
+#!/bin/bash
+# E2E Package Test - Validates the package works for consumers
+# Catches issues like Codex findings before release
+
+set -e
+
+# Use isolated npm cache to avoid permission issues on shared caches
+export npm_config_cache="${npm_config_cache:-$(mktemp -d)}"
+export NPM_CONFIG_CACHE="$npm_config_cache"
+# Disable husky during packaging so pack works in CI/sandboxed environments
+export HUSKY=0
+
+echo "🧪 E2E Package Validation Test"
+echo "================================"
+echo ""
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Track failures
+FAILURES=0
+
+fail() {
+  echo -e "${RED}❌ $1${NC}"
+  FAILURES=$((FAILURES + 1))
+}
+
+pass() {
+  echo -e "${GREEN}✅ $1${NC}"
+}
+
+warn() {
+  echo -e "${YELLOW}⚠️  $1${NC}"
+}
+
+# 1. Package Contents Validation
+echo "📦 Step 1: Validating package contents..."
+echo "Running: npm pack (scripts disabled)"
+TARBALL=$(npm pack --ignore-scripts 2>&1 | tail -1)
+
+if [ ! -f "$TARBALL" ]; then
+  fail "npm pack failed to create tarball"
+  exit 1
+fi
+
+pass "Created tarball: $TARBALL"
+
+# Extract tarball and check files
+EXTRACT_DIR=$(mktemp -d)
+tar -xzf "$TARBALL" -C "$EXTRACT_DIR"
+PKG_DIR="$EXTRACT_DIR/package"
+
+echo "  Checking required files in package..."
+REQUIRED_FILES=(
+  "setup.js"
+  ".prettierrc"
+  ".prettierignore"
+  "eslint.config.cjs"
+  "eslint.config.ts.cjs"
+  ".stylelintrc.json"
+  ".editorconfig"
+  ".nvmrc"
+  "config/defaults.js"
+  "lib/validation/index.js"
+  ".github/workflows/quality.yml"
+)
+# Note: .npmrc is intentionally excluded - npm won't package it anyway (local config only)
+
+for file in "${REQUIRED_FILES[@]}"; do
+  if [ -f "$PKG_DIR/$file" ] || [ -d "$PKG_DIR/$file" ]; then
+    pass "  $file"
+  else
+    fail "  Missing required file: $file"
+  fi
+done
+
+# 2. Consumer Installation Simulation
+echo ""
+echo "🏗️  Step 2: Simulating consumer installation..."
+TEST_DIR=$(mktemp -d)
+cd "$TEST_DIR"
+
+echo "  Creating test project..."
+git init -q
+git config user.email "test@example.com"
+git config user.name "Test User"
+
+cat > package.json <<'EOF'
+{
+  "name": "e2e-test-consumer",
+  "version": "1.0.0",
+  "description": "E2E test consumer",
+  "keywords": ["test"],
+  "license": "MIT"
+}
+EOF
+
+pass "Test project created"
+
+echo "  Installing from tarball..."
+npm install "$OLDPWD/$TARBALL" --silent 2>&1 > /dev/null || {
+  fail "npm install from tarball failed"
+  cd "$OLDPWD"
+  rm -rf "$TEST_DIR" "$EXTRACT_DIR"
+  rm -f "$TARBALL"
+  exit 1
+}
+
+pass "Package installed"
+
+# 3. Run setup
+echo ""
+echo "🚀 Step 3: Running setup..."
+SETUP_OUTPUT=$(QAA_DEVELOPER=true node ./node_modules/create-qa-architect/setup.js 2>&1)
+echo "$SETUP_OUTPUT" | grep -q "Setting up Quality Automation" && pass "Setup executed" || fail "Setup failed"
+echo "  Setup output:"
+echo "$SETUP_OUTPUT" | head -20
+
+# 4. Verify generated files
+echo ""
+echo "📋 Step 4: Verifying generated files..."
+EXPECTED_FILES=(
+  ".prettierrc"
+  ".prettierignore"
+  "eslint.config.cjs"
+  ".stylelintrc.json"
+  ".editorconfig"
+  ".nvmrc"
+  ".npmrc"
+  ".github/workflows/quality.yml"
+)
+
+for file in "${EXPECTED_FILES[@]}"; do
+  if [ -f "$file" ]; then
+    pass "  Generated: $file"
+  else
+    fail "  Missing generated file: $file"
+  fi
+done
+
+# 5. Validate package.json modifications
+echo ""
+echo "📝 Step 5: Validating package.json modifications..."
+
+if grep -q "\"format\":" package.json; then
+  pass "  npm scripts added"
+else
+  fail "  npm scripts not added"
+fi
+
+if grep -q "husky" package.json; then
+  pass "  devDependencies added"
+else
+  fail "  devDependencies not added"
+fi
+
+if grep -q "lint-staged" package.json; then
+  pass "  lint-staged config added"
+else
+  fail "  lint-staged config not added"
+fi
+
+# 6. Test npm scripts use npx (not node setup.js)
+echo ""
+echo "🔍 Step 6: Validating npm scripts use npx..."
+
+if grep -q "\"security:config.*npx create-qa-architect" package.json; then
+  pass "  security:config uses npx"
+else
+  fail "  security:config doesn't use npx (Codex finding regression!)"
+fi
+
+if grep -q "\"validate:docs.*npx create-qa-architect" package.json; then
+  pass "  validate:docs uses npx"
+else
+  fail "  validate:docs doesn't use npx (Codex finding regression!)"
+fi
+
+# 7. Validate workflow doesn't have UNCONDITIONAL setup.js references
+echo ""
+echo "🔧 Step 7: Validating generated workflow..."
+
+# The workflow can have conditional references like:
+#   if [ -f "setup.js" ]; then
+#     node setup.js --something
+#   fi
+# But should NOT have unconditional references like the old:
+#   node "$GITHUB_WORKSPACE/setup.js"
+#
+# Check for the specific bad pattern we fixed (Codex finding)
+if grep -q 'node "$GITHUB_WORKSPACE/setup.js"' .github/workflows/quality.yml; then
+  fail "  Workflow has unconditional GITHUB_WORKSPACE setup.js reference (Codex finding regression!)"
+else
+  pass "  Workflow doesn't have unconditional setup.js references"
+fi
+
+# Conditional references with guards are OK (will fallback in consumer repos)
+
+# 8. NEW: Actually run the generated commands (catches broken CLI flags!)
+echo ""
+echo "🚀 Step 8: Testing generated commands actually work..."
+echo "  This step would have caught the ESLint --ext bug!"
+
+# Install devDependencies first
+echo "  Installing devDependencies..."
+npm install --silent > /dev/null 2>&1 || {
+  fail "  npm install failed"
+}
+
+# Create test files for commands to process
+# Use valid code that won't trigger linting errors
+echo "module.exports = { name: 'test' };" > test.js
+echo "body { color: red; }" > test.css
+
+# Test format:check - should work (even if files need formatting)
+echo "  Testing: npm run format:check"
+# Format the files first so format:check passes
+npm run format >/dev/null 2>&1
+if npm run format:check 2>&1 >/dev/null; then
+  pass "  format:check works"
+else
+  fail "  format:check failed (check Prettier flags!)"
+fi
+
+# Test lint (CRITICAL: this would have caught --ext bug!)
+echo "  Testing: npm run lint"
+LINT_OUTPUT=$(npm run lint 2>&1)
+if echo "$LINT_OUTPUT" | grep -q "error"; then
+  fail "  lint failed (check for deprecated flags like --ext!)"
+  echo "  ESLint error output:"
+  echo "$LINT_OUTPUT" | grep -A 5 "error" | head -10
+else
+  pass "  lint works"
+fi
+
+# Test direct ESLint
+echo "  Testing: npx eslint test.js"
+if npx eslint test.js 2>&1 >/dev/null; then
+  pass "  Direct ESLint works"
+else
+  fail "  Direct ESLint failed"
+fi
+
+# Test stylelint
+echo "  Testing: npx stylelint test.css"
+if npx stylelint test.css 2>&1 >/dev/null; then
+  pass "  Stylelint works"
+else
+  fail "  Stylelint failed"
+fi
+
+# 9. Test --dry-run mode
+echo ""
+echo "🧪 Step 9: Testing --dry-run mode..."
+cd "$OLDPWD"
+if node ./setup.js --dry-run 2>&1 | grep -q "DRY RUN MODE"; then
+  pass "--dry-run mode works"
+else
+  fail "--dry-run mode doesn't work"
+fi
+
+# Cleanup
+cd "$OLDPWD"
+rm -rf "$TEST_DIR" "$EXTRACT_DIR"
+rm -f "$TARBALL"
+
+# Report
+echo ""
+echo "================================"
+if [ $FAILURES -eq 0 ]; then
+  echo -e "${GREEN}✅ All E2E tests passed!${NC}"
+  echo ""
+  echo "Package is ready for release."
+  exit 0
+else
+  echo -e "${RED}❌ $FAILURES test(s) failed${NC}"
+  echo ""
+  echo "Fix these issues before releasing."
+  exit 1
+fi

package/scripts/validate-command-patterns.js

@@ -0,0 +1,112 @@
+#!/usr/bin/env node
+'use strict'
+
+/**
+ * Validates that command patterns in config/defaults.js
+ * don't contain known deprecated patterns
+ *
+ * This prevents issues like the ESLint --ext bug from being committed
+ */
+
+const fs = require('fs')
+const path = require('path')
+
+const DEPRECATED_PATTERNS = [
+  {
+    pattern: /eslint.*--ext\s+\S+/,
+    message: 'ESLint --ext flag is deprecated in ESLint 9 flat config',
+    file: 'config/defaults.js',
+    suggestion: 'Use "eslint ." - file selection is in eslint.config.js',
+  },
+  {
+    pattern: /husky install/,
+    message: 'husky install is deprecated in Husky 9+',
+    file: 'config/defaults.js',
+    suggestion: 'Use just "husky" as the prepare script',
+  },
+  {
+    pattern: /prettier.*--no-semi/,
+    message: '--no-semi is deprecated in Prettier 3+',
+    file: 'config/defaults.js',
+    suggestion: 'Use .prettierrc configuration file',
+  },
+  {
+    pattern: /stylelint.*--config\s+\S+/,
+    message: 'Stylelint --config flag should use config file',
+    file: 'config/defaults.js',
+    suggestion: 'Use .stylelintrc.json instead',
+  },
+]
+
+const FILES_TO_CHECK = [
+  'config/defaults.js',
+  'setup.js',
+  'lib/package-utils.js',
+]
+
+function validateFile(filePath, patterns) {
+  const fullPath = path.join(__dirname, '..', filePath)
+
+  if (!fs.existsSync(fullPath)) {
+    console.warn(`⚠️  File not found: ${filePath} (skipping)`)
+    return []
+  }
+
+  const content = fs.readFileSync(fullPath, 'utf8')
+  const errors = []
+
+  patterns.forEach(({ pattern, message, file, suggestion }) => {
+    // Only check patterns for this file
+    if (file && file !== filePath) {
+      return
+    }
+
+    if (pattern.test(content)) {
+      errors.push({
+        file: filePath,
+        message,
+        suggestion,
+        pattern: pattern.toString(),
+      })
+    }
+  })
+
+  return errors
+}
+
+function main() {
+  console.log('🔍 Validating command patterns...\n')
+
+  let totalErrors = 0
+  const allErrors = []
+
+  FILES_TO_CHECK.forEach(filePath => {
+    const errors = validateFile(filePath, DEPRECATED_PATTERNS)
+    totalErrors += errors.length
+    allErrors.push(...errors)
+  })
+
+  if (totalErrors > 0) {
+    console.error(`❌ Found ${totalErrors} deprecated pattern(s):\n`)
+
+    allErrors.forEach(({ file, message, suggestion, pattern }) => {
+      console.error(`  ${file}:`)
+      console.error(`    ❌ ${message}`)
+      console.error(`    💡 ${suggestion}`)
+      console.error(`    🔎 Pattern: ${pattern}`)
+      console.error('')
+    })
+
+    console.error('Fix these before committing!\n')
+    process.exit(1)
+  }
+
+  console.log('✅ No deprecated command patterns found')
+  process.exit(0)
+}
+
+if (require.main === module) {
+  main()
+}
+
+module.exports = { validateFile, DEPRECATED_PATTERNS }