omgkit 2.22.7 → 2.22.9

package/lib/cli.js

@@ -396,7 +396,8 @@ export function initProject(options = {}) {
     { src: 'devlogs/README.md', dest: '.omgkit/devlogs/README.md' },
     { src: 'stdrules/README.md', dest: '.omgkit/stdrules/README.md' },
     { src: 'stdrules/SKILL_STANDARDS.md', dest: '.omgkit/stdrules/SKILL_STANDARDS.md' },
-    { src: 'stdrules/BEFORE_COMMIT.md', dest: '.omgkit/stdrules/BEFORE_COMMIT.md' }
+    { src: 'stdrules/BEFORE_COMMIT.md', dest: '.omgkit/stdrules/BEFORE_COMMIT.md' },
+    { src: 'stdrules/TESTING_STANDARDS.md', dest: '.omgkit/stdrules/TESTING_STANDARDS.md' }
   ];
 
   templates.forEach(({ src, dest }) => {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "omgkit",
-  "version": "2.22.7",
-  "description": "Omega-Level Development Kit - AI Team System for Claude Code. 41 agents, 150 commands, 151 skills, 67 workflows.",
+  "version": "2.22.9",
+  "description": "Omega-Level Development Kit - AI Team System for Claude Code. 41 agents, 151 commands, 151 skills, 67 workflows.",
   "keywords": [
     "claude-code",
     "ai",

package/plugin/commands/dev/test-write.md

@@ -0,0 +1,216 @@
+---
+description: Write comprehensive tests following OMGKIT Omega Testing methodology
+allowed-tools: Task, Read, Write, Bash, Glob
+argument-hint: <function-or-file>
+---
+
+# Write Omega-Level Tests
+
+You are writing tests for the specified function, component, or file using the OMGKIT Omega Testing methodology.
+
+## MANDATORY: Read First
+Before writing any test, read `.omgkit/stdrules/TESTING_STANDARDS.md` for full methodology.
+
+## Execution Steps
+
+### Step 1: Analyze Target
+1. Read the target function/component code
+2. Identify input types and expected outputs
+3. List all code paths (if/else, try/catch, loops)
+4. Identify user input points (security-relevant)
+
+### Step 2: Apply 4D Testing
+
+**Dimension 1: Accuracy**
+- Unit tests for each function
+- Integration tests for component interaction
+- E2E tests for critical flows
+
+**Dimension 2: Performance** (if critical path)
+```javascript
+it('should complete within SLA', async () => {
+  const start = performance.now();
+  await operation();
+  expect(performance.now() - start).toBeLessThan(100);
+});
+```
+
+**Dimension 3: Security** (if user input)
+```javascript
+const MALICIOUS = [
+  "'; DROP TABLE users; --",
+  "<script>alert('xss')</script>",
+  "../../../etc/passwd"
+];
+MALICIOUS.forEach(input => {
+  it(`should sanitize: ${input.slice(0, 20)}...`, () => {
+    expect(() => processInput(input)).not.toThrow();
+  });
+});
+```
+
+**Dimension 4: Accessibility** (if UI)
+- Keyboard navigation
+- ARIA labels
+- Screen reader compatibility
+
+### Step 3: Boundary Value Testing (NEVER SKIP)
+
+```javascript
+// Numbers
+[0, -0, 1, -1, Number.MAX_SAFE_INTEGER, NaN, Infinity]
+
+// Strings
+['', ' ', 'a'.repeat(10000), '\n\t\r', '🔮', '\x00']
+
+// Arrays
+[[], [null], [undefined], Array(10000).fill(0)]
+
+// Objects
+[{}, null, undefined, {nested: {deep: {}}}]
+```
+
+### Step 4: Test Structure
+
+```javascript
+describe('FunctionName', () => {
+  // Setup
+  beforeEach(() => {});
+
+  // 1. Happy path
+  describe('when given valid input', () => {
+    it('should return expected output', () => {});
+  });
+
+  // 2. Edge cases
+  describe('edge cases', () => {
+    it('should handle empty input', () => {});
+    it('should handle null/undefined', () => {});
+    it('should handle boundary values', () => {});
+  });
+
+  // 3. Error handling
+  describe('error handling', () => {
+    it('should throw on invalid input', () => {});
+    it('should return error for edge cases', () => {});
+  });
+
+  // 4. Security (if applicable)
+  describe('security', () => {
+    it('should sanitize malicious input', () => {});
+    it('should prevent injection attacks', () => {});
+  });
+
+  // 5. Performance (if critical)
+  describe('performance', () => {
+    it('should complete within SLA', () => {});
+  });
+});
+```
+
+### Step 5: Run and Verify
+
+```bash
+# Run tests
+npm test
+
+# Check coverage
+npm run test:coverage
+
+# Run mutation testing (if available)
+npx stryker run
+```
+
+## Output Checklist
+
+Before completing, verify:
+- [ ] Happy path tested
+- [ ] All edge cases covered (empty, null, undefined, boundaries)
+- [ ] Error handling tested
+- [ ] Security inputs tested (if user-facing)
+- [ ] Coverage > 80%
+- [ ] Tests are Fast, Independent, Repeatable
+
+## Example Output
+
+For a function `calculateDiscount(price, percentage)`:
+
+```javascript
+import { describe, it, expect } from 'vitest';
+import { calculateDiscount } from './pricing';
+
+describe('calculateDiscount', () => {
+  // Happy path
+  it('should calculate 10% discount correctly', () => {
+    expect(calculateDiscount(100, 10)).toBe(90);
+  });
+
+  it('should calculate 50% discount correctly', () => {
+    expect(calculateDiscount(200, 50)).toBe(100);
+  });
+
+  // Edge cases - boundaries
+  describe('boundary values', () => {
+    it('should handle 0% discount', () => {
+      expect(calculateDiscount(100, 0)).toBe(100);
+    });
+
+    it('should handle 100% discount', () => {
+      expect(calculateDiscount(100, 100)).toBe(0);
+    });
+
+    it('should handle price of 0', () => {
+      expect(calculateDiscount(0, 50)).toBe(0);
+    });
+
+    it('should handle very large prices', () => {
+      expect(calculateDiscount(Number.MAX_SAFE_INTEGER, 10))
+        .toBeLessThan(Number.MAX_SAFE_INTEGER);
+    });
+  });
+
+  // Edge cases - null/undefined
+  describe('null and undefined handling', () => {
+    it('should throw on null price', () => {
+      expect(() => calculateDiscount(null, 10)).toThrow();
+    });
+
+    it('should throw on undefined percentage', () => {
+      expect(() => calculateDiscount(100, undefined)).toThrow();
+    });
+  });
+
+  // Error handling
+  describe('invalid input', () => {
+    it('should throw on negative price', () => {
+      expect(() => calculateDiscount(-100, 10)).toThrow('Price must be positive');
+    });
+
+    it('should throw on percentage > 100', () => {
+      expect(() => calculateDiscount(100, 150)).toThrow('Invalid percentage');
+    });
+
+    it('should throw on negative percentage', () => {
+      expect(() => calculateDiscount(100, -10)).toThrow('Invalid percentage');
+    });
+  });
+
+  // Security (if applicable)
+  describe('security', () => {
+    it('should reject string injection in price', () => {
+      expect(() => calculateDiscount("100; DROP TABLE", 10)).toThrow();
+    });
+  });
+
+  // Performance
+  describe('performance', () => {
+    it('should calculate 1000 discounts under 10ms', () => {
+      const start = performance.now();
+      for (let i = 0; i < 1000; i++) {
+        calculateDiscount(100, 10);
+      }
+      expect(performance.now() - start).toBeLessThan(10);
+    });
+  });
+});
+```

package/plugin/registry.yaml

@@ -1,9 +1,9 @@
 # OMGKIT Component Registry
 # Single Source of Truth for Agents, Skills, Commands, Workflows, and MCPs
-# Version: 2.22.7
+# Version: 2.22.9
 # Updated: 2026-01-03
 
-version: "2.22.7"
+version: "2.22.9"
 
 # =============================================================================
 # OPTIMIZED ALIGNMENT PRINCIPLE (OAP)

package/templates/CLAUDE.md

@@ -2,7 +2,7 @@
 
 ## OMGKIT-Powered Project
 
-This project uses **OMGKIT** - an AI Team System for Claude Code with 23 Agents, 58 Commands, 88 Skills, and 10 Modes.
+This project uses **OMGKIT** - an AI Team System for Claude Code with 41 Agents, 151 Commands, 151 Skills, and 10 Modes.
 
 ## Project Structure
 
@@ -12,10 +12,21 @@ This project uses **OMGKIT** - an AI Team System for Claude Code with 23 Agents,
 ├── sprints/          # Sprint management files
 │   ├── vision.yaml   # Product vision and goals
 │   └── backlog.yaml  # Product backlog items
+├── stdrules/         # Standards and rules (MUST READ)
+│   ├── TESTING_STANDARDS.md   # Testing methodology
+│   └── BEFORE_COMMIT.md       # Pre-commit checklist
 ├── devlogs/          # Development logs (git-ignored)
 └── settings.json     # Local settings
 ```
 
+## MANDATORY: Read Before Tasks
+
+| Task Type | Read First |
+|-----------|------------|
+| Writing Tests | `.omgkit/stdrules/TESTING_STANDARDS.md` |
+| Before Commit | `.omgkit/stdrules/BEFORE_COMMIT.md` |
+| New Feature | `.omgkit/config.yaml` for project settings |
+
 ## Development Workflow Rules
 
 ### `.omgkit/devlogs/` Folder
@@ -81,4 +92,67 @@ Before completing any task:
 
 ---
 
+## AUTOMATIC RULES: Testing (Always Apply)
+
+When writing ANY test, Claude MUST automatically apply these rules:
+
+### 1. Minimum Test Coverage (MANDATORY)
+Every function/component MUST have tests for:
+- ✅ Happy path (normal input)
+- ✅ Empty/null/undefined inputs
+- ✅ Boundary values (0, -1, MAX_INT, empty string, etc.)
+- ✅ Error cases (invalid input → throw/return error)
+- ✅ Security inputs (if user-facing): `"'; DROP TABLE; --"`, `"<script>alert('xss')</script>"`
+
+### 2. Test Template (ALWAYS USE)
+```javascript
+describe('functionName', () => {
+  // 1. Happy path
+  it('should handle normal input', () => {});
+
+  // 2. Edge cases (NEVER SKIP)
+  it('should handle empty input', () => {});
+  it('should handle null/undefined', () => {});
+  it('should handle boundary values', () => {});
+
+  // 3. Error handling
+  it('should throw/return error for invalid input', () => {});
+
+  // 4. Security (if user input)
+  it('should sanitize malicious input', () => {});
+});
+```
+
+### 3. Boundary Values Reference
+```javascript
+// Always test these values
+const BOUNDARIES = {
+  numbers: [0, -0, 1, -1, Number.MAX_SAFE_INTEGER, Number.MIN_SAFE_INTEGER, NaN, Infinity],
+  strings: ['', ' ', 'a'.repeat(10000), '\n\t\r', '🔮💀', '\x00'],
+  arrays: [[], [null], [undefined], new Array(10000).fill(0)]
+};
+```
+
+### 4. Security Test Inputs
+```javascript
+// ALWAYS test with these if function handles user input
+const MALICIOUS = [
+  "'; DROP TABLE users; --",
+  "<script>alert('xss')</script>",
+  "../../../etc/passwd",
+  "{{constructor.constructor('return this')()}}"
+];
+```
+
+### 5. F.I.R.S.T Principles
+- **Fast**: Unit < 1ms, Integration < 100ms
+- **Independent**: No shared state between tests
+- **Repeatable**: No random, no time-dependent
+- **Self-Validating**: Explicit assertions
+- **Timely**: Write with code
+
+> **Full documentation**: `.omgkit/stdrules/TESTING_STANDARDS.md`
+
+---
+
 *Think Omega. Build Omega. Be Omega.*

package/templates/stdrules/TESTING_STANDARDS.md

@@ -0,0 +1,271 @@
+# OMGKIT Testing Standards
+
+This document defines the testing philosophy and standards for this project. Claude Code MUST follow these guidelines when writing tests.
+
+---
+
+## Core Philosophy
+
+### F.I.R.S.T. Principles (MANDATORY)
+
+| Principle | Requirement | Example |
+|-----------|-------------|---------|
+| **Fast** | Unit tests < 1ms, Integration < 100ms | Use mocks for slow dependencies |
+| **Independent** | Tests don't share state | Fresh setup for each test |
+| **Repeatable** | Same result every run | No random data, no time-dependent logic |
+| **Self-Validating** | Clear pass/fail | Explicit assertions, no manual inspection |
+| **Timely** | Write with code (TDD preferred) | Test before or during implementation |
+
+---
+
+## 4D Testing Methodology
+
+Every feature MUST be tested across 4 dimensions:
+
+### 1. Accuracy Testing
+```javascript
+// REQUIRED: Unit tests for all functions
+describe('functionName', () => {
+  // Happy path
+  it('should handle normal input correctly', () => {});
+
+  // Edge cases (MANDATORY)
+  it('should handle empty input', () => {});
+  it('should handle null/undefined', () => {});
+  it('should handle boundary values', () => {});
+
+  // Error cases
+  it('should throw on invalid input', () => {});
+});
+```
+
+### 2. Performance Testing
+```javascript
+// REQUIRED for critical paths
+it('should complete within SLA', async () => {
+  const start = performance.now();
+  await operation();
+  expect(performance.now() - start).toBeLessThan(100); // 100ms max
+});
+```
+
+### 3. Security Testing
+```javascript
+// REQUIRED for user input handling
+const MALICIOUS_INPUTS = [
+  "'; DROP TABLE users; --",  // SQL injection
+  "<script>alert('xss')</script>",  // XSS
+  "../../../etc/passwd",  // Path traversal
+  "{{constructor.constructor('return this')()}}",  // Prototype pollution
+];
+
+MALICIOUS_INPUTS.forEach(input => {
+  it(`should sanitize: ${input.slice(0, 20)}...`, () => {
+    expect(() => processInput(input)).not.toThrow();
+    expect(processInput(input)).not.toContain(input);
+  });
+});
+```
+
+### 4. Accessibility Testing (for UI)
+```javascript
+// REQUIRED for all UI components
+it('should be keyboard accessible', () => {});
+it('should have proper ARIA labels', () => {});
+it('should meet WCAG AA contrast', () => {});
+```
+
+---
+
+## Boundary Value Testing (MANDATORY)
+
+Always test these boundaries:
+
+```javascript
+// Numbers
+const BOUNDARY_NUMBERS = [
+  0, -0, 1, -1,
+  Number.MAX_SAFE_INTEGER, Number.MIN_SAFE_INTEGER,
+  Number.MAX_VALUE, Number.MIN_VALUE,
+  Infinity, -Infinity, NaN
+];
+
+// Strings
+const BOUNDARY_STRINGS = [
+  '', ' ', '   ',
+  'a'.repeat(10000),  // Very long
+  '\n\t\r',  // Whitespace
+  '🔮💀',  // Unicode/emoji
+  '\x00\x01',  // Control chars
+];
+
+// Arrays
+const BOUNDARY_ARRAYS = [
+  [], [null], [undefined],
+  new Array(10000).fill(0),  // Large array
+  [1, [2, [3]]],  // Nested
+];
+```
+
+---
+
+## "Naughty" Data Patterns
+
+When testing user input, ALWAYS include:
+
+```javascript
+const NAUGHTY_STRINGS = [
+  // Injection attacks
+  "'; DROP TABLE users; --",
+  "1; UPDATE users SET role='admin'",
+
+  // XSS attacks
+  "<script>alert('xss')</script>",
+  "<img src=x onerror=alert('xss')>",
+  "javascript:alert('xss')",
+
+  // Format strings
+  "%s%s%s%s%s",
+  "{0}{1}{2}",
+
+  // Unicode edge cases
+  "Ω≈ç√∫",
+  "田中さんにあげて下さい",
+  "表ポあA鳥唐",
+
+  // Null bytes
+  "test\x00hidden",
+
+  // Path traversal
+  "../../../etc/passwd",
+  "....//....//etc/passwd",
+];
+```
+
+---
+
+## Test Structure
+
+```
+tests/
+├── unit/                    # Fast, isolated tests
+│   ├── *.test.ts           # Co-located or separate
+├── integration/             # Component interaction
+│   ├── api.integration.ts
+│   ├── db.integration.ts
+├── e2e/                     # Full user flows
+│   ├── checkout.e2e.ts
+├── security/                # Security-specific
+│   ├── injection.test.ts
+│   ├── auth.test.ts
+└── performance/             # Performance benchmarks
+    ├── benchmarks.test.ts
+```
+
+---
+
+## Coverage Requirements
+
+| Type | Minimum | Target |
+|------|---------|--------|
+| Statements | 80% | 90% |
+| Branches | 75% | 85% |
+| Functions | 80% | 90% |
+| Lines | 80% | 90% |
+
+---
+
+## Property-Based Testing
+
+For complex logic, use property-based testing:
+
+```javascript
+import { fc } from 'fast-check';
+
+// Instead of specific examples, test properties
+test('sort is idempotent', () => {
+  fc.assert(
+    fc.property(fc.array(fc.integer()), (arr) => {
+      const sorted = sort(arr);
+      return JSON.stringify(sort(sorted)) === JSON.stringify(sorted);
+    })
+  );
+});
+
+test('reverse is its own inverse', () => {
+  fc.assert(
+    fc.property(fc.array(fc.anything()), (arr) => {
+      return JSON.stringify(reverse(reverse(arr))) === JSON.stringify(arr);
+    })
+  );
+});
+```
+
+---
+
+## Anti-Patterns (AVOID)
+
+1. **Testing Implementation** - Test behavior, not internal details
+2. **Flaky Tests** - No random, no timing-dependent
+3. **Over-Mocking** - Don't mock everything
+4. **Copy-Paste Tests** - Use `it.each()` or `describe.each()`
+5. **No Assertions** - Every test MUST assert
+6. **Ignoring Edge Cases** - Boundaries are where bugs hide
+7. **Massive Test Files** - Split by functionality
+
+---
+
+## Mutation Testing (Quality Check)
+
+Run mutation testing to verify test quality:
+
+```bash
+npx stryker run
+```
+
+Target: **Mutation score > 80%**
+
+If tests pass but mutations survive, tests are too weak.
+
+---
+
+## When Claude Code Writes Tests
+
+Claude Code MUST:
+
+1. **Read this file first** when asked to write tests
+2. **Apply 4D methodology** - not just happy path
+3. **Include boundary values** from this document
+4. **Test security** for any user input
+5. **Use property-based testing** for complex logic
+6. **Check coverage** after writing tests
+7. **Run mutation testing** if available
+
+---
+
+## Quick Reference
+
+```javascript
+// Minimum test template for any function
+describe('functionName', () => {
+  // 1. Happy path
+  it('should work with valid input', () => {});
+
+  // 2. Edge cases
+  it('should handle empty/null/undefined', () => {});
+  it('should handle boundary values', () => {});
+
+  // 3. Error handling
+  it('should throw/return error for invalid input', () => {});
+
+  // 4. Security (if user input)
+  it('should sanitize malicious input', () => {});
+
+  // 5. Performance (if critical path)
+  it('should complete within SLA', () => {});
+});
+```
+
+---
+
+*Think Omega. Test Omega. Be Omega.* 🔮