npm - devsquad - Versions diffs - 1.0.0 → 1.1.1 - Mend

devsquad 1.0.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/bin/devsquad.js +37 -11
package/package.json +2 -2
package/src/init.js +70 -26
package/src/update.js +95 -0
package/templates/.claude/skills/cicd/SKILL.md +46 -0
package/templates/.claude/skills/cicd/backend-ci.md +114 -0
package/templates/.claude/skills/cicd/frontend-ci.md +97 -0
package/templates/.claude/skills/clickup/SKILL.md +63 -14
package/templates/.claude/skills/docs/templates.md +203 -39
package/templates/.claude/skills/figma/SKILL.md +125 -26
package/templates/.claude/skills/nestjs/api-contracts.md +221 -0
package/templates/.claude/skills/react/setup.md +61 -14
package/templates/.claude/skills/testing/SKILL.md +78 -0
package/templates/.claude/skills/testing/backend.md +161 -0
package/templates/.claude/skills/testing/e2e.md +156 -0
package/templates/.claude/skills/testing/frontend.md +138 -0
package/templates/CLAUDE.md +7 -3

package/templates/.claude/skills/testing/e2e.md ADDED Viewed

@@ -0,0 +1,156 @@
+# Testing — E2E com Playwright
+## Configuração
+```typescript
+// playwright.config.ts
+import { defineConfig, devices } from '@playwright/test';
+export default defineConfig({
+  testDir: './e2e',
+  fullyParallel: true,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 2 : 0,
+  reporter: process.env.CI ? 'github' : 'html',
+  use: {
+    baseURL: process.env.E2E_BASE_URL ?? 'http://localhost:5173',
+    trace: 'on-first-retry',
+    screenshot: 'only-on-failure',
+  },
+  projects: [
+    { name: 'chromium', use: { ...devices['Desktop Chrome'] } },
+  ],
+  webServer: {
+    command: 'npm run dev',
+    url: 'http://localhost:5173',
+    reuseExistingServer: !process.env.CI,
+  },
+});
+```
+## Fluxo de login
+```typescript
+// e2e/auth.spec.ts
+import { test, expect } from '@playwright/test';
+test.describe('Autenticação', () => {
+  test('login com credenciais válidas redireciona para dashboard', async ({ page }) => {
+    await page.goto('/login');
+    await page.getByLabel('E-mail').fill('admin@empresa.com');
+    await page.getByLabel('Senha').fill('Senha@123');
+    await page.getByRole('button', { name: /entrar/i }).click();
+    await expect(page).toHaveURL('/dashboard');
+    await expect(page.getByText('Bem-vindo')).toBeVisible();
+  });
+  test('exibe mensagem de erro com credenciais inválidas', async ({ page }) => {
+    await page.goto('/login');
+    await page.getByLabel('E-mail').fill('wrong@test.com');
+    await page.getByLabel('Senha').fill('errado');
+    await page.getByRole('button', { name: /entrar/i }).click();
+    await expect(page.getByText(/credenciais inválidas/i)).toBeVisible();
+    await expect(page).toHaveURL('/login');
+  });
+  test('logout limpa sessão e redireciona para login', async ({ page }) => {
+    // Faz login primeiro
+    await page.goto('/login');
+    await page.getByLabel('E-mail').fill('admin@empresa.com');
+    await page.getByLabel('Senha').fill('Senha@123');
+    await page.getByRole('button', { name: /entrar/i }).click();
+    await expect(page).toHaveURL('/dashboard');
+    // Faz logout
+    await page.getByRole('button', { name: /sair/i }).click();
+    await expect(page).toHaveURL('/login');
+    // Tenta acessar rota protegida
+    await page.goto('/dashboard');
+    await expect(page).toHaveURL('/login');
+  });
+});
+```
+## Page Objects — organização para testes complexos
+```typescript
+// e2e/pages/LoginPage.ts
+import { Page, Locator } from '@playwright/test';
+export class LoginPage {
+  readonly emailInput: Locator;
+  readonly passwordInput: Locator;
+  readonly submitButton: Locator;
+  readonly errorMessage: Locator;
+  constructor(private page: Page) {
+    this.emailInput = page.getByLabel('E-mail');
+    this.passwordInput = page.getByLabel('Senha');
+    this.submitButton = page.getByRole('button', { name: /entrar/i });
+    this.errorMessage = page.getByRole('alert');
+  }
+  async goto() {
+    await this.page.goto('/login');
+  }
+  async login(email: string, password: string) {
+    await this.emailInput.fill(email);
+    await this.passwordInput.fill(password);
+    await this.submitButton.click();
+  }
+}
+```
+## Autenticação global (evitar login em cada teste)
+```typescript
+// e2e/fixtures/auth.ts
+import { test as base, expect } from '@playwright/test';
+export const test = base.extend({
+  authenticatedPage: async ({ page }, use) => {
+    await page.goto('/login');
+    await page.getByLabel('E-mail').fill(process.env.E2E_USER_EMAIL!);
+    await page.getByLabel('Senha').fill(process.env.E2E_USER_PASSWORD!);
+    await page.getByRole('button', { name: /entrar/i }).click();
+    await expect(page).toHaveURL('/dashboard');
+    await use(page);
+  },
+});
+```
+## Scripts
+```json
+{
+  "scripts": {
+    "e2e": "playwright test",
+    "e2e:ui": "playwright test --ui",
+    "e2e:report": "playwright show-report",
+    "e2e:codegen": "playwright codegen http://localhost:5173"
+  }
+}
+```
+## .env.e2e
+```env
+E2E_BASE_URL=http://localhost:5173
+E2E_USER_EMAIL=admin@empresa.com
+E2E_USER_PASSWORD=Senha@123
+```
+## Checklist e2e
+- [ ] Apenas fluxos críticos de negócio (login, cadastro, checkout, ação principal)
+- [ ] Page Objects para telas com muitos elementos
+- [ ] Autenticação global reutilizada entre testes relacionados
+- [ ] Screenshots e traces habilitados em CI
+- [ ] Variáveis de ambiente em `.env.e2e` (nunca hardcoded)
+- [ ] Dados de teste isolados — nunca usar dados de produção

package/templates/.claude/skills/testing/frontend.md ADDED Viewed

@@ -0,0 +1,138 @@
+# Testing — Frontend (React + Vitest + Testing Library)
+## Teste de componente
+```typescript
+// src/components/ui/Button.test.tsx
+import { render, screen } from '@testing-library/react';
+import userEvent from '@testing-library/user-event';
+import { Button } from './Button';
+describe('Button', () => {
+  it('renderiza o texto corretamente', () => {
+    render(<Button>Salvar</Button>);
+    expect(screen.getByRole('button', { name: /salvar/i })).toBeInTheDocument();
+  });
+  it('chama onClick ao clicar', async () => {
+    const user = userEvent.setup();
+    const onClick = vi.fn();
+    render(<Button onClick={onClick}>Clique</Button>);
+    await user.click(screen.getByRole('button'));
+    expect(onClick).toHaveBeenCalledTimes(1);
+  });
+  it('fica desabilitado quando loading=true', () => {
+    render(<Button loading>Enviando</Button>);
+    expect(screen.getByRole('button')).toBeDisabled();
+  });
+});
+```
+## Teste de formulário com validação
+```typescript
+// src/pages/login/LoginPage.test.tsx
+import { render, screen, waitFor } from '@testing-library/react';
+import userEvent from '@testing-library/user-event';
+import { LoginPage } from './LoginPage';
+import { AuthProvider } from '../../contexts/AuthContext';
+import { vi } from 'vitest';
+// Mock do serviço de API
+vi.mock('../../services/api', () => ({
+  default: {
+    post: vi.fn(),
+    interceptors: {
+      request: { use: vi.fn() },
+      response: { use: vi.fn() },
+    },
+  },
+}));
+const renderWithAuth = (ui: React.ReactElement) =>
+  render(<AuthProvider>{ui}</AuthProvider>);
+describe('LoginPage', () => {
+  it('exibe erro quando email está vazio', async () => {
+    const user = userEvent.setup();
+    renderWithAuth(<LoginPage />);
+    await user.click(screen.getByRole('button', { name: /entrar/i }));
+    expect(await screen.findByText(/email é obrigatório/i)).toBeInTheDocument();
+  });
+  it('exibe erro da API ao falhar login', async () => {
+    const user = userEvent.setup();
+    const { default: api } = await import('../../services/api');
+    (api.post as ReturnType<typeof vi.fn>).mockRejectedValue({
+      response: { data: { message: 'Credenciais inválidas' } },
+    });
+    renderWithAuth(<LoginPage />);
+    await user.type(screen.getByLabelText(/email/i), 'user@test.com');
+    await user.type(screen.getByLabelText(/senha/i), 'errado');
+    await user.click(screen.getByRole('button', { name: /entrar/i }));
+    expect(await screen.findByText(/credenciais inválidas/i)).toBeInTheDocument();
+  });
+});
+```
+## Teste de hook customizado
+```typescript
+// src/hooks/useUsers.test.tsx
+import { renderHook, waitFor } from '@testing-library/react';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { useUsers } from './useUsers';
+import api from '../services/api';
+import { vi } from 'vitest';
+vi.mock('../services/api');
+const wrapper = ({ children }: { children: React.ReactNode }) => {
+  const qc = new QueryClient({ defaultOptions: { queries: { retry: false } } });
+  return <QueryClientProvider client={qc}>{children}</QueryClientProvider>;
+};
+describe('useUsers', () => {
+  it('retorna lista de usuários', async () => {
+    (api.get as ReturnType<typeof vi.fn>).mockResolvedValue({
+      data: { data: [{ id: '1', name: 'João' }] },
+    });
+    const { result } = renderHook(() => useUsers(), { wrapper });
+    await waitFor(() => expect(result.current.isSuccess).toBe(true));
+    expect(result.current.data).toHaveLength(1);
+    expect(result.current.data![0].name).toBe('João');
+  });
+});
+```
+## Scripts recomendados
+```json
+{
+  "scripts": {
+    "test": "vitest",
+    "test:ui": "vitest --ui",
+    "test:cov": "vitest --coverage",
+    "test:run": "vitest run"
+  }
+}
+```
+## Checklist de testes frontend
+- [ ] Componentes críticos têm testes de render e interação
+- [ ] Formulários testados com casos de validação e erro da API
+- [ ] API mockada nos testes de componente (nunca chamar API real)
+- [ ] Hooks com TanStack Query testados com `renderHook` + wrapper
+- [ ] Nenhum `act()` manual — usar `waitFor` e `findBy*` queries
+- [ ] Acessibilidade: queries por `role`, `label`, `name` — não por classe CSS

package/templates/CLAUDE.md CHANGED Viewed

@@ -6,17 +6,19 @@ Você é o **DevSquad**, um agente especializado em inicializar e arquitetar sis
 - Backend: NestJS + Prisma + PostgreSQL
 - Frontend: React + TypeScript + TailwindCSS
 - Mobile: React Native + Expo + NativeWind
-- Auth: JWT (access 15min + refresh 7d)
+- Auth: JWT (access 15min em memória + refresh 7d em cookie httpOnly)
 - Segurança: OWASP Top 10
 - Versionamento: Git Flow + Conventional Commits
 ## Regras universais (sempre aplicar)
 **Código**
-- Nunca retorne senha em respostas de API
-- IDs sempre em UUID (não sequencial)
+- Nunca retorne senha ou hashedRefreshToken em respostas de API
+- IDs sempre em UUID (não sequencial) — evita enumeração (OWASP A01)
 - Variáveis sensíveis sempre em `.env`, nunca hardcoded
 - DTOs com class-validator em todos os inputs
+- Tokens JWT: access em memória (nunca localStorage), refresh em cookie httpOnly
+- Respostas de API no formato `{ data, meta }` via interceptor global
 **Commits**
 - Padrão: `tipo(escopo): descrição` — ex: `feat(auth): adicionar JWT`
@@ -59,6 +61,8 @@ Carregue a skill correspondente conforme a necessidade do desenvolvedor:
 - `/devsquad git` → `.claude/skills/git/`
 - `/devsquad security` → `.claude/skills/security/`
 - `/devsquad database` → `.claude/skills/database/`
+- `/devsquad testing` → `.claude/skills/testing/`
+- `/devsquad cicd` → `.claude/skills/cicd/`
 - `/devsquad postman` → `.claude/skills/postman/`
 - `/devsquad docs` → `.claude/skills/docs/`
 - `/devsquad clickup` → `.claude/skills/clickup/`