jsharness 1.0.0

package/.harness/gate/checks/static-compliance.js

@@ -0,0 +1,313 @@
+/**
+ * Gate Check Category A: 静态合规检查 (static-compliance)
+ * 
+ * 检查项：
+ * - ESLint 通过
+ * - Prettier 格式化一致
+ * - console.log / debugger 残留检测
+ * - 硬编码字符串检测
+ * - TODO/FIXME 残留检测
+ * - 命名规范检查
+ * - 文件长度限制检查
+ * - Secret 泄露检测
+ */
+
+const { execSync } = require('child_process');
+
+/**
+ * 执行 A 类静态合规检查
+ * @param {Object} options - Gate 入口传递的选项
+ * @returns {Object} 检查结果 { status, score, issues[] }
+ */
+async function run(options = {}) {
+  const issues = [];
+  let totalChecks = 0;
+  let passedChecks = 0;
+
+  // ----------------------------------------------------------
+  // A1: ESLint 检查
+  // ----------------------------------------------------------
+  totalChecks++;
+  try {
+    const eslintOutput = execSync('npx eslint . --ext .ts,.tsx,.js,.jsx --format json 2>/dev/null || echo "[]"', {
+      encoding: 'utf-8',
+      timeout: 60000,
+      cwd: process.cwd()
+    });
+    const eslintResults = JSON.parse(eslintOutput.replace(/\[|\]/g, m => m));
+    const errors = Array.isArray(eslintResults) 
+      ? eslintResults.flatMap(f => f.messages || []).filter(m => m.severity === 2)
+      : [];
+    
+    if (errors.length === 0) {
+      passedChecks++;
+    } else {
+      issues.push({
+        code: 'A1',
+        severity: 'error',
+        message: `ESLint 发现 ${errors.length} 个错误`,
+        details: errors.slice(0, 5).map(e => `${e.line}:${e.column} - ${e.message}`)
+      });
+    }
+  } catch (e) {
+    issues.push({ code: 'A1', severity: 'warning', message: `ESLint 执行异常: ${e.message.slice(0, 100)}` });
+  }
+
+  // ----------------------------------------------------------
+  // A2: Prettier 格式化检查
+  // ----------------------------------------------------------
+  totalChecks++;
+  try {
+    execSync('npx prettier --check "src/**/*.{ts,tsx,js,jsx,css,json,md}" 2>&1', {
+      encoding: 'utf-8',
+      timeout: 30000,
+      stdio: 'pipe'
+    });
+    passedChecks++;
+  } catch (e) {
+    const output = e.stdout?.toString() || e.stderr?.toString() || '';
+    const fileCount = (output.match(/[\w/.-]+\.\w+/g) || []).length;
+    issues.push({
+      code: 'A2',
+      severity: 'warning',
+      message: `${fileCount || '多个'} 文件格式不符合 Prettier 规范`,
+      suggestion: '运行 `npx prettier --write "src/**/*.{ts,tsx}"` 自动修复'
+    });
+  }
+
+  // ----------------------------------------------------------
+  // A3: console.log / debugger 残留检测
+  // ----------------------------------------------------------
+  totalChecks++;
+  try {
+    const consolePattern = /\bconsole\.(log|debug|info|warn)\(/g;
+    const debuggerPattern = /\bdebugger\b/g;
+    const files = findSourceFiles();
+    let violations = [];
+    
+    for (const file of files) {
+      const content = require('fs').readFileSync(file, 'utf-8');
+      let match;
+      while ((match = consolePattern.exec(content)) !== null) {
+        const lineNum = content.substring(0, match.index).split('\n').length;
+        violations.push(`${file}:${lineNum}: console.${match[1]}(...)`);
+      }
+      while ((match = debuggerPattern.exec(content)) !== null) {
+        const lineNum = content.substring(0, match.index).split('\n').length;
+        violations.push(`${file}:line ${lineNum}: debugger statement`);
+      }
+    }
+    
+    // 排除测试文件和 .harness 目录中的 console
+    violations = violations.filter(v => 
+      !v.includes('.test.') && !v.includes('.spec.') && !v.includes('.harness')
+    );
+    
+    if (violations.length === 0) {
+      passedChecks++;
+    } else {
+      issues.push({
+        code: 'A3',
+        severity: violations.length <= 3 ? 'warning' : 'error',
+        message: `发现 ${violations.length} 处 console/debugger 残留`,
+        details: violations.slice(0, 5),
+        suggestion: '生产代码中不应包含 console.log 或 debugger'
+      });
+    }
+  } catch (e) {
+    issues.push({ code: 'A3', severity: 'warning', message: `扫描异常: ${e.message.slice(0, 100)}` });
+  }
+
+  // ----------------------------------------------------------
+  // A4: 硬编码中文字符串检测（前端代码）
+  // ----------------------------------------------------------
+  totalChecks++;
+  try {
+    const files = findSourceFiles(['.tsx', '.jsx']);
+    let hardCodedStrings = [];
+    const chinesePattern = /['"`]([\u4e00-\u9fa5]+[^'"`\]]{0,50})['"`]/g; // 中文引号字符串
+    
+    for (const file of files) {
+      if (file.includes('.test.') || file.includes('.spec.')) continue;
+      const content = require('fs').readFileSync(file, 'utf-8');
+      let match;
+      while ((match = chinesePattern.exec(content)) !== null) {
+        const lineNum = content.substring(0, match.index).split('\n').length;
+        hardCodedStrings.push(`${file}:${lineNum}: "${match[1]}"`);
+      }
+    }
+    
+    if (hardCodedStrings.length === 0) {
+      passedChecks++;
+    } else {
+      issues.push({
+        code: 'A4',
+        severity: 'warning',
+        message: `发现 ${hardCodedStrings.length} 处可能硬编码的中文字符串`,
+        details: hardCodedStrings.slice(0, 5),
+        suggestion: '使用 i18n t() 函数替代硬编码文本'
+      });
+    }
+  } catch (e) {
+    // 可选检查，跳过
+  }
+
+  // ----------------------------------------------------------
+  // A5: TODO/FIXME 残留检测
+  // ----------------------------------------------------------
+  totalChecks++;
+  try {
+    const todoPattern = /(TODO|FIXME|HACK|XXX)(?!\(#\d+\))/g; // 未关联 Issue 的 TODO
+    const files = findSourceFiles();
+    let todos = [];
+    
+    for (const file of files) {
+      const content = require('fs').readFileSync(file, 'utf-8');
+      let match;
+      while ((match = todoPattern.exec(content)) !== null) {
+        const lineNum = content.substring(0, match.index).split('\n').length;
+        todos.push(`${file}:${lineNum}: ${match[0]}`);
+      }
+    }
+    
+    if (todos.length === 0) {
+      passedChecks++;
+    } else {
+      issues.push({
+        code: 'A5',
+        severity: 'warning',
+        message: `发现 ${todos.length} 处未关联 Issue 的 TODO/FIXME`,
+        details: todos.slice(0, 5),
+        suggestion: '格式应为 `TODO(#123): 说明` 或在 PR 中说明处理计划'
+      });
+    }
+  } catch (e) {
+    issues.push({ code: 'A5', severity: 'warning', message: `TODO 扫描异常` });
+  }
+
+  // ----------------------------------------------------------
+  // A6: 文件长度限制检查
+  // ----------------------------------------------------------
+  totalChecks++;
+  try {
+    const files = findSourceFiles();
+    let oversizedFiles = [];
+    
+    for (const file of files) {
+      if (file.includes('.test.') || file.includes('.spec.')) continue;
+      const content = require('fs').readFileSync(file, 'utf-8');
+      const lineCount = content.split('\n').length;
+      const limit = file.endsWith('.css') || file.endsWith('.scss') ? 500 : 300;
+      
+      if (lineCount > limit) {
+        oversizedFiles.push(`${file}: ${lineCount} 行 (限制: ${limit})`);
+      }
+    }
+    
+    if (oversizedFiles.length === 0) {
+      passedChecks++;
+    } else {
+      issues.push({
+        code: 'A6',
+        severity: 'warning',
+        message: `${oversizedFiles.length} 个文件超过行数限制`,
+        details: oversizedFiles
+      });
+    }
+  } catch (e) {
+    issues.push({ code: 'A6', severity: 'warning', message: `文件长度检查异常` });
+  }
+
+  // ----------------------------------------------------------
+  // A7: Secret 泄露检测（基础版）
+  // ----------------------------------------------------------
+  totalChecks++;
+  try {
+    const secretPatterns = [
+      { pattern: /(?:api[_-]?key|apikey|secret[_-]?key)["'\s]*[:=]\s*["'][^"']{10,}/gi, name: 'API Key' },
+      { pattern: /password\s*[:=]\s*["'][^"']+/gi, name: 'Password' },
+      { pattern: /(?:aws_access_key_id|aws_secret_access_key)["'\s]*[:=]\s*["'][^"']/gi, name: 'AWS Credential' },
+      { pattern: /(?:private|rsa)[_-]?key\s*[:=]\s*["'].*BEGIN/gi, name: 'Private Key' },
+      { pattern: /token\s*[:=]\s*["'](?:ey|sk_|pk_)[^"']{20,}/gi, name: 'Token' }
+    ];
+    
+    const files = findSourceFiles();
+    let secretsFound = [];
+    
+    for (const { pattern, name } of secretPatterns) {
+      for (const file of files) {
+        const content = require('fs').readFileSync(file, 'utf-8');
+        let match;
+        while ((match = pattern.exec(content)) !== null) {
+          const lineNum = content.substring(0, match.index).split('\n').length;
+          secretsFound.push(`${file}:${lineNum}: 可能的 ${name} 泄露`);
+        }
+      }
+    }
+    
+    // 排除示例/测试文件和 .env.example
+    secretsFound = secretsFound.filter(s => 
+      !s.includes('.example') && !s.includes('.test.') && !s.includes('.spec.') &&
+      !s.includes('.harness')
+    );
+    
+    if (secretsFound.length === 0) {
+      passedChecks++;
+    } else {
+      issues.push({
+        code: 'A7',
+        severity: 'error', // 秘密泄露是严重问题
+        message: `🔴 发现 ${secretsFound.length} 处可能的凭证/密钥泄露！`,
+        details: secretsFound.slice(0, 5),
+        suggestion: '立即移除硬编码凭证，使用环境变量或密钥管理服务！这是安全红线。'
+      });
+    }
+  } catch (e) {
+    issues.push({ code: 'A7', severity: 'error', message: `Secret 扫描异常: ${e.message}` });
+  }
+
+  // ----------------------------------------------------------
+  // 计算得分和状态
+  // ----------------------------------------------------------
+  const score = Math.round((passedChecks / totalChecks) * 100);
+  const hasErrorIssues = issues.some(i => i.severity === 'error');
+  const status = hasErrorIssues ? 'fail' : (issues.length > 0 ? 'warning' : 'pass');
+
+  return {
+    status,
+    score: `${score}% (${passedChecks}/${totalChecks})`,
+    issues,
+    summary: { passed: passedChecks, total: totalChecks }
+  };
+}
+
+/**
+ * 辅助函数：查找源码文件
+ */
+function findSourceFiles(extensions = ['.ts', '.tsx', '.js', '.jsx']) {
+  const fs = require('fs');
+  const path = require('path');
+  const results = [];
+  const srcDir = path.join(process.cwd(), 'src');
+  
+  function walk(dir) {
+    if (!fs.existsSync(dir)) return;
+    const entries = fs.readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const full = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        // 排除 node_modules 等
+        if (!['node_modules', '.next', 'dist', 'coverage', '.git'].includes(entry.name)) {
+          walk(full);
+        }
+      } else if (extensions.some(ext => entry.name.endsWith(ext))) {
+        results.push(full);
+      }
+    }
+  }
+  
+  walk(srcDir);
+  return results;
+}
+
+module.exports = run;

package/.harness/gate/checks/test-compliance.js

@@ -0,0 +1,114 @@
+/**
+ * Gate Check Category C: 测试合规 (test-compliance)
+ * 
+ * 检查项：
+ * - 单元测试执行与覆盖率收集
+ * - E2E 关键路径测试（可选）
+ * - API 集成测试（可选）
+ * - 测试数量对比（基线模式）
+ */
+
+const { execSync } = require('child_process');
+
+async function run(options = {}) {
+  const issues = [];
+  const testResults = {};
+
+  // C1: 单元测试
+  try {
+    const output = execSync('npm run test -- --coverage --json --verbose 2>&1 || echo "{}"', {
+      encoding: 'utf-8',
+      timeout: 180000,
+      cwd: process.cwd(),
+      env: { ...process.env, CI: 'true' }
+    });
+
+    // 解析 Jest/Vitest JSON 输出
+    let coverage = {};
+    let testStats = { total: 0, passed: 0, failed: 0 };
+
+    // 尝试从输出中提取覆盖率信息
+    const covMatch = output.matchAll(/"(\w+)"\s*:\s*{\s*"pct"\s*:\s*([\d.]+)/g);
+    for (const match of covMatch) {
+      coverage[match[1]] = parseFloat(match[2]);
+    }
+
+    // 提取测试统计
+    const testMatch = output.match(/Tests:\s*(\d+)\s+passed.*?(\d+)\s+failed/i);
+    if (testMatch) {
+      testStats.total = parseInt(testMatch[1]) + parseInt(testMatch[2]);
+      testStats.passed = parseInt(testMatch[1]);
+      testStats.failed = parseInt(testMatch[2]);
+    } else {
+      // 尝试其他格式
+      const altMatch = output.match(/(\d+) tests? .*? (\d+) passed/i);
+      if (altMatch) {
+        testStats.total = parseInt(altMatch[1]);
+        testStats.passed = parseInt(altMatch[2]);
+        testStats.failed = testStats.total - testStats.passed;
+      }
+    }
+
+    testResults.unit = {
+      ...testStats,
+      coverage,
+      raw_output: output.length > 2000 ? output.slice(0, 2000) + '...(truncated)' : output
+    };
+
+    if (testStats.failed > 0) {
+      issues.push({
+        code: 'C1',
+        severity: 'error',
+        message: `${testStats.failed} 个单元测试失败`,
+        suggestion: '查看测试输出定位失败的用例并修复'
+      });
+    }
+
+    // 覆盖率检查
+    const avgCoverage = Object.values(coverage).length > 0
+      ? Object.values(coverage).reduce((a, b) => a + b, 0) / Object.values(coverage).length
+      : 0;
+
+    if (avgCoverage > 0 && avgCoverage < 70) {
+      issues.push({
+        code: 'C1-cov',
+        severity: 'error',
+        message: `平均测试覆盖率过低: ${avgCoverage.toFixed(1)}% (要求 ≥ 70%)`,
+        details: coverage
+      });
+    } else if (avgCoverage > 0 && avgCoverage < 80) {
+      issues.push({
+        code: 'C1-cov',
+        severity: 'warning',
+        message: `测试覆盖率偏低: ${avgCoverage.toFixed(1)}% (建议 ≥ 80%)`,
+        details: coverage
+      });
+    }
+
+  } catch (e) {
+    issues.push({
+      code: 'C1',
+      severity: 'error',
+      message: `单元测试执行失败或超时`,
+      details: e.message.slice(0, 200)
+    });
+    testResults.unit = { error: e.message.slice(0, 200) };
+  }
+
+  // C2: 测试数量趋势（如果有基线）
+  if (testResults.unit?.total) {
+    testResults.test_count = testResults.unit.total;
+  }
+
+  // 计算状态
+  const hasError = issues.some(i => i.severity === 'error');
+  
+  return {
+    status: hasError ? 'fail' : (issues.length > 0 ? 'warning' : 'pass'),
+    score: testResults.unit?.total ? `${testResults.unit.passed}/${testResults.unit.total} 通过` : 'N/A',
+    issues,
+    details: testResults
+  };
+}
+
+module.exports = run;