popeye-cli 1.7.0 → 1.9.0

package/tests/workflow/audit-analyzer.test.ts

@@ -0,0 +1,281 @@
+/**
+ * Tests for the audit analyzer module.
+ */
+import { describe, it, expect } from 'vitest';
+import {
+  buildAnalysisPrompt,
+  parseAuditFindings,
+  calculateAuditScores,
+} from '../../src/workflow/audit-analyzer.js';
+import type { ProjectScanResult } from '../../src/types/audit.js';
+import type { ProjectState } from '../../src/types/workflow.js';
+
+/**
+ * Minimal scan result for testing prompts.
+ */
+function makeScan(overrides: Partial<ProjectScanResult> = {}): ProjectScanResult {
+  return {
+    tree: 'src/\n  main.ts',
+    components: [],
+    detectedComposition: ['frontend'],
+    stateLanguage: 'typescript',
+    compositionMismatch: false,
+    sourceFiles: [],
+    testFiles: [],
+    configFiles: [],
+    entryPoints: [],
+    routeFiles: [],
+    dependencies: [],
+    totalSourceFiles: 10,
+    totalTestFiles: 3,
+    totalLinesOfCode: 500,
+    totalLinesOfTests: 100,
+    language: 'typescript',
+    docsIndex: [],
+    keyFileSnippets: [],
+    ...overrides,
+  };
+}
+
+/**
+ * Minimal project state for testing.
+ */
+function makeState(overrides: Partial<ProjectState> = {}): ProjectState {
+  return {
+    id: 'test-id',
+    name: 'Test Project',
+    idea: 'A test project',
+    language: 'typescript',
+    openaiModel: 'gpt-4',
+    phase: 'complete',
+    status: 'complete',
+    milestones: [],
+    currentMilestone: null,
+    currentTask: null,
+    consensusHistory: [],
+    createdAt: '2024-01-01T00:00:00Z',
+    updatedAt: '2024-01-01T00:00:00Z',
+    ...overrides,
+  } as ProjectState;
+}
+
+// ---------------------------------------------------------------------------
+// buildAnalysisPrompt
+// ---------------------------------------------------------------------------
+
+describe('buildAnalysisPrompt', () => {
+  it('should include project name and language', () => {
+    const prompt = buildAnalysisPrompt(makeScan(), makeState(), 2, false);
+    expect(prompt).toContain('Test Project');
+    expect(prompt).toContain('typescript');
+  });
+
+  it('should include component structure section', () => {
+    const scan = makeScan({
+      components: [
+        {
+          kind: 'frontend',
+          rootDir: 'apps/frontend',
+          language: 'typescript',
+          framework: 'react',
+          entryPoints: ['src/main.tsx'],
+          routeFiles: [],
+          testFiles: [],
+          sourceFiles: [],
+          dependencyManifests: [],
+        },
+      ],
+    });
+    const prompt = buildAnalysisPrompt(scan, makeState(), 2, false);
+    expect(prompt).toContain('frontend');
+    expect(prompt).toContain('react');
+    expect(prompt).toContain('apps/frontend');
+  });
+
+  it('should include wiring matrix when present', () => {
+    const scan = makeScan({
+      wiring: {
+        frontendApiBaseEnvKeys: ['VITE_API_URL'],
+        frontendApiBaseResolved: 'http://localhost:3000',
+        backendCorsOrigins: ['http://localhost:5173'],
+        backendApiPrefix: '/api',
+        potentialMismatches: [],
+      },
+    });
+    const prompt = buildAnalysisPrompt(scan, makeState(), 2, false);
+    expect(prompt).toContain('VITE_API_URL');
+    expect(prompt).toContain('Wiring Matrix');
+  });
+
+  it('should include CLAUDE.md content when present', () => {
+    const scan = makeScan({ claudeMdContent: '# Project Rules\nFollow PEP8.' });
+    const prompt = buildAnalysisPrompt(scan, makeState(), 2, false);
+    expect(prompt).toContain('Project Rules');
+  });
+
+  it('should include depth-2 checks', () => {
+    const prompt = buildAnalysisPrompt(makeScan(), makeState(), 2, false);
+    expect(prompt).toContain('Depth-2 Checks');
+  });
+
+  it('should include depth-3 checks at depth 3', () => {
+    const prompt = buildAnalysisPrompt(makeScan(), makeState(), 3, false);
+    expect(prompt).toContain('Depth-3 Checks');
+    expect(prompt).toContain('OWASP');
+  });
+
+  it('should indicate strict mode when enabled', () => {
+    const prompt = buildAnalysisPrompt(makeScan(), makeState(), 2, true);
+    expect(prompt).toContain('STRICT MODE');
+  });
+
+  it('should include milestone status', () => {
+    const state = makeState({
+      milestones: [
+        {
+          id: 'm1',
+          name: 'Setup',
+          description: 'Initial setup',
+          status: 'complete',
+          tasks: [
+            { id: 't1', name: 'Init', description: 'Init project', status: 'complete' },
+          ],
+        },
+      ],
+    });
+    const prompt = buildAnalysisPrompt(makeScan(), state, 2, false);
+    expect(prompt).toContain('Setup: complete');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// parseAuditFindings
+// ---------------------------------------------------------------------------
+
+describe('parseAuditFindings', () => {
+  it('should parse valid JSON findings from code fences', () => {
+    const raw = '```json\n[\n  {\n    "id": "AUD-001",\n    "category": "test-coverage",\n    "severity": "major",\n    "title": "No tests",\n    "description": "Missing tests.",\n    "evidence": [],\n    "recommendation": "Add tests.",\n    "autoFixable": false\n  }\n]\n```';
+    const findings = parseAuditFindings(raw);
+    expect(findings).toHaveLength(1);
+    expect(findings[0].id).toBe('AUD-001');
+  });
+
+  it('should parse JSON without code fences', () => {
+    const raw = '[{"id":"AUD-001","category":"security","severity":"critical","title":"SQL Injection","description":"Raw SQL used.","evidence":[],"recommendation":"Use ORM.","autoFixable":false}]';
+    const findings = parseAuditFindings(raw);
+    expect(findings).toHaveLength(1);
+    expect(findings[0].category).toBe('security');
+  });
+
+  it('should handle malformed JSON gracefully', () => {
+    const findings = parseAuditFindings('This is not JSON at all.');
+    expect(findings).toEqual([]);
+  });
+
+  it('should skip individual malformed findings', () => {
+    const raw = JSON.stringify([
+      {
+        id: 'AUD-001',
+        category: 'test-coverage',
+        severity: 'major',
+        title: 'Valid',
+        description: 'Valid finding.',
+        evidence: [],
+        recommendation: 'Fix it.',
+        autoFixable: false,
+      },
+      {
+        id: 'AUD-002',
+        // Missing required fields
+        title: 'Invalid',
+      },
+    ]);
+    const findings = parseAuditFindings(raw);
+    expect(findings).toHaveLength(1);
+    expect(findings[0].id).toBe('AUD-001');
+  });
+
+  it('should handle non-array JSON', () => {
+    const findings = parseAuditFindings('{"not": "an array"}');
+    expect(findings).toEqual([]);
+  });
+
+  it('should extract JSON array embedded in surrounding text', () => {
+    const raw = 'Here are the findings:\n[{"id":"AUD-001","category":"documentation","severity":"info","title":"Missing changelog","description":"No CHANGELOG.md","evidence":[],"recommendation":"Add one.","autoFixable":true}]\nEnd of findings.';
+    const findings = parseAuditFindings(raw);
+    expect(findings).toHaveLength(1);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// calculateAuditScores
+// ---------------------------------------------------------------------------
+
+describe('calculateAuditScores', () => {
+  it('should return 100 when no findings', () => {
+    const { overallScore, categoryScores } = calculateAuditScores([], makeScan());
+    expect(overallScore).toBe(100);
+    expect(categoryScores['test-coverage']).toBe(100);
+  });
+
+  it('should deduct for critical findings', () => {
+    const findings = [
+      {
+        id: 'AUD-001',
+        category: 'security' as const,
+        severity: 'critical' as const,
+        title: 'SQL Injection',
+        description: 'Found raw SQL.',
+        evidence: [],
+        recommendation: 'Use ORM.',
+        autoFixable: false,
+      },
+    ];
+    const { overallScore, categoryScores } = calculateAuditScores(findings, makeScan());
+    expect(categoryScores['security']).toBe(80); // 100 - 20
+    expect(overallScore).toBeLessThan(100);
+  });
+
+  it('should not go below 0', () => {
+    const findings = Array.from({ length: 10 }, (_, i) => ({
+      id: `AUD-${i}`,
+      category: 'security' as const,
+      severity: 'critical' as const,
+      title: `Finding ${i}`,
+      description: 'Critical issue.',
+      evidence: [],
+      recommendation: 'Fix it.',
+      autoFixable: false,
+    }));
+    const { categoryScores } = calculateAuditScores(findings, makeScan());
+    expect(categoryScores['security']).toBe(0);
+  });
+
+  it('should handle mixed severity findings', () => {
+    const findings = [
+      {
+        id: 'AUD-001',
+        category: 'test-coverage' as const,
+        severity: 'major' as const,
+        title: 'Low coverage',
+        description: 'Only 20% covered.',
+        evidence: [],
+        recommendation: 'Add tests.',
+        autoFixable: false,
+      },
+      {
+        id: 'AUD-002',
+        category: 'test-coverage' as const,
+        severity: 'info' as const,
+        title: 'Snapshot tests used',
+        description: 'Consider replacing with assertions.',
+        evidence: [],
+        recommendation: 'Optional.',
+        autoFixable: false,
+      },
+    ];
+    const { categoryScores } = calculateAuditScores(findings, makeScan());
+    // major = -10, info = 0
+    expect(categoryScores['test-coverage']).toBe(90);
+  });
+});

package/tests/workflow/audit-mode.test.ts

@@ -0,0 +1,114 @@
+/**
+ * Tests for the audit mode orchestrator.
+ *
+ * These tests mock the AI analyzer and state modules to validate
+ * the orchestration flow without requiring real AI calls.
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import type { AuditModeRunOptions } from '../../src/workflow/audit-mode.js';
+
+// Mock the external dependencies before importing the module under test
+vi.mock('../../src/state/index.js', () => ({
+  loadProject: vi.fn().mockResolvedValue({
+    id: 'test-id',
+    name: 'Test Project',
+    idea: 'A test project',
+    language: 'typescript',
+    openaiModel: 'gpt-4',
+    phase: 'complete',
+    status: 'complete',
+    specification: 'Build a todo app',
+    milestones: [],
+    currentMilestone: null,
+    currentTask: null,
+    consensusHistory: [],
+    createdAt: '2024-01-01T00:00:00Z',
+    updatedAt: '2024-01-01T00:00:00Z',
+  }),
+  updateState: vi.fn().mockResolvedValue({}),
+  addMilestones: vi.fn().mockResolvedValue({}),
+}));
+
+vi.mock('../../src/adapters/claude.js', () => ({
+  executePrompt: vi.fn().mockResolvedValue({
+    success: true,
+    response: '```json\n[]\n```',
+    toolCalls: [],
+  }),
+}));
+
+// Import after mocks are set up
+const { runAuditMode } = await import('../../src/workflow/audit-mode.js');
+const { loadProject, updateState } = await import('../../src/state/index.js');
+
+beforeEach(() => {
+  vi.clearAllMocks();
+});
+
+function makeOptions(overrides: Partial<AuditModeRunOptions> = {}): AuditModeRunOptions {
+  return {
+    projectDir: '/tmp/fake-project',
+    depth: 2,
+    runTests: false,
+    strict: false,
+    format: 'json',
+    autoRecover: false,
+    target: 'all',
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// runAuditMode
+// ---------------------------------------------------------------------------
+
+describe('runAuditMode', () => {
+  it('should return error result when project cannot be loaded', async () => {
+    vi.mocked(loadProject).mockRejectedValueOnce(new Error('Project not found'));
+
+    const result = await runAuditMode(makeOptions());
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Project not found');
+  });
+
+  it('should call progress callbacks through stages', async () => {
+    const messages: Array<{ stage: string; msg: string }> = [];
+    const result = await runAuditMode(
+      makeOptions({
+        onProgress: (stage, msg) => messages.push({ stage, msg }),
+      })
+    );
+
+    // Should have stage-1, stage-2, and stage-3 messages
+    expect(messages.some((m) => m.stage === 'stage-1')).toBe(true);
+    expect(messages.some((m) => m.stage === 'stage-2')).toBe(true);
+    expect(messages.some((m) => m.stage === 'stage-3')).toBe(true);
+  });
+
+  it('should update state with audit report path', async () => {
+    await runAuditMode(makeOptions({ format: 'json' }));
+    expect(updateState).toHaveBeenCalledWith(
+      '/tmp/fake-project',
+      expect.objectContaining({
+        auditRunId: expect.any(String),
+        auditLastRunAt: expect.any(String),
+      })
+    );
+  });
+
+  it('should not generate recovery when no trigger conditions met', async () => {
+    const result = await runAuditMode(makeOptions());
+    // With empty findings from mock, no recovery should be triggered
+    expect(result.recovery).toBeUndefined();
+  });
+
+  it('should have a valid audit report structure', async () => {
+    const result = await runAuditMode(makeOptions());
+    expect(result.success).toBe(true);
+    expect(result.audit).toBeDefined();
+    expect(result.audit.projectName).toBe('Test Project');
+    expect(result.audit.auditRunId).toBeTruthy();
+    expect(result.summary).toBeDefined();
+    expect(result.summary.projectName).toBe('Test Project');
+  });
+});

package/tests/workflow/audit-recovery.test.ts

@@ -0,0 +1,237 @@
+/**
+ * Tests for the audit recovery module.
+ */
+import { describe, it, expect } from 'vitest';
+import {
+  shouldTriggerRecovery,
+  generateRecoveryPlan,
+  recoveryToMilestones,
+} from '../../src/workflow/audit-recovery.js';
+import type { ProjectAuditReport, AuditFinding, SearchMetadata, AuditCategory } from '../../src/types/audit.js';
+
+/**
+ * Minimal audit report for testing.
+ */
+function makeReport(overrides: Partial<ProjectAuditReport> = {}): ProjectAuditReport {
+  return {
+    projectName: 'Test',
+    language: 'typescript',
+    auditedAt: '2024-01-01T00:00:00Z',
+    auditRunId: 'run-test',
+    summary: {
+      projectName: 'Test',
+      language: 'typescript',
+      totalSourceFiles: 10,
+      totalTestFiles: 3,
+      totalLinesOfCode: 500,
+      totalLinesOfTests: 100,
+      componentCount: 1,
+      detectedComposition: ['frontend'],
+      entryPointCount: 1,
+      routeCount: 1,
+      dependencyCount: 5,
+      hasDocker: false,
+      hasEnvExample: true,
+      hasCiConfig: false,
+    },
+    findings: [],
+    overallScore: 90,
+    categoryScores: {} as Record<AuditCategory, number>,
+    criticalCount: 0,
+    majorCount: 0,
+    minorCount: 0,
+    infoCount: 0,
+    passedChecks: [],
+    searchMetadata: {
+      serenaUsed: false,
+      serenaRetries: 0,
+      serenaErrors: [],
+      fallbackUsed: false,
+      fallbackTool: '',
+      searchQueries: [],
+    },
+    recommendation: 'pass',
+    ...overrides,
+  };
+}
+
+function makeFinding(overrides: Partial<AuditFinding> = {}): AuditFinding {
+  return {
+    id: 'AUD-001',
+    category: 'test-coverage',
+    severity: 'major',
+    title: 'Low test coverage',
+    description: 'Coverage is below threshold.',
+    evidence: [{ file: 'src/auth/login.ts', description: 'No tests' }],
+    recommendation: 'Add tests for auth module.',
+    autoFixable: false,
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// shouldTriggerRecovery
+// ---------------------------------------------------------------------------
+
+describe('shouldTriggerRecovery', () => {
+  it('should trigger when critical findings exist', () => {
+    const report = makeReport({ criticalCount: 1, overallScore: 80 });
+    expect(shouldTriggerRecovery(report, false)).toBe(true);
+  });
+
+  it('should trigger in strict mode when major findings exist', () => {
+    const report = makeReport({ majorCount: 1, criticalCount: 0, overallScore: 85 });
+    expect(shouldTriggerRecovery(report, true)).toBe(true);
+  });
+
+  it('should NOT trigger in non-strict mode for major-only findings with high score', () => {
+    const report = makeReport({ majorCount: 1, criticalCount: 0, overallScore: 85 });
+    expect(shouldTriggerRecovery(report, false)).toBe(false);
+  });
+
+  it('should trigger when score is low and actionable findings exist', () => {
+    const findings = [makeFinding({ autoFixable: true })];
+    const report = makeReport({ overallScore: 60, findings, criticalCount: 0, majorCount: 0 });
+    expect(shouldTriggerRecovery(report, false)).toBe(true);
+  });
+
+  it('should trigger when score is low and category is actionable', () => {
+    const findings = [makeFinding({ category: 'integration-wiring', autoFixable: false })];
+    const report = makeReport({ overallScore: 60, findings, criticalCount: 0, majorCount: 0 });
+    expect(shouldTriggerRecovery(report, false)).toBe(true);
+  });
+
+  it('should NOT trigger for info-only findings', () => {
+    const findings = [makeFinding({ severity: 'info', category: 'documentation' })];
+    const report = makeReport({ overallScore: 90, findings, infoCount: 1, criticalCount: 0, majorCount: 0 });
+    expect(shouldTriggerRecovery(report, false)).toBe(false);
+  });
+
+  it('should NOT trigger when everything passes', () => {
+    const report = makeReport({ overallScore: 95, criticalCount: 0, majorCount: 0 });
+    expect(shouldTriggerRecovery(report, false)).toBe(false);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// generateRecoveryPlan
+// ---------------------------------------------------------------------------
+
+describe('generateRecoveryPlan', () => {
+  it('should create separate milestone for critical findings', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'critical', title: 'XSS vulnerability' }),
+      makeFinding({ id: 'AUD-002', severity: 'major', title: 'Low coverage' }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1, majorCount: 1 });
+    const plan = generateRecoveryPlan(report);
+
+    expect(plan.milestones.length).toBeGreaterThanOrEqual(2);
+    expect(plan.milestones[0].name).toContain('[RECOVERY] Critical Fixes');
+    expect(plan.milestones[0].tasks).toHaveLength(1);
+    expect(plan.milestones[1].name).toContain('[RECOVERY] Major Improvements');
+  });
+
+  it('should include polish milestone for auto-fixable minor findings', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'minor', autoFixable: true, title: 'Missing README' }),
+    ];
+    const report = makeReport({ findings, minorCount: 1 });
+    const plan = generateRecoveryPlan(report);
+
+    const polishMs = plan.milestones.find((m) => m.name.includes('Polish'));
+    expect(polishMs).toBeDefined();
+    expect(polishMs?.tasks).toHaveLength(1);
+  });
+
+  it('should NOT include non-autoFixable minor findings in polish', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'minor', autoFixable: false }),
+    ];
+    const report = makeReport({ findings, minorCount: 1 });
+    const plan = generateRecoveryPlan(report);
+
+    expect(plan.milestones).toHaveLength(0);
+  });
+
+  it('should set appTarget on every recovery task', () => {
+    const findings = [
+      makeFinding({
+        id: 'AUD-001',
+        severity: 'critical',
+        evidence: [{ file: 'apps/backend/main.py', description: 'Issue here' }],
+      }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1 });
+    const plan = generateRecoveryPlan(report);
+
+    for (const ms of plan.milestones) {
+      for (const task of ms.tasks) {
+        expect(task.appTarget).toBeTruthy();
+      }
+    }
+    expect(plan.milestones[0].tasks[0].appTarget).toBe('backend');
+  });
+
+  it('should provide estimated effort', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'critical' }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1 });
+    const plan = generateRecoveryPlan(report);
+    expect(plan.estimatedEffort).toBeTruthy();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// recoveryToMilestones
+// ---------------------------------------------------------------------------
+
+describe('recoveryToMilestones', () => {
+  it('should convert recovery milestones to the correct shape', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'critical', title: 'Fix auth' }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1 });
+    const plan = generateRecoveryPlan(report);
+    const milestones = recoveryToMilestones(plan, 'typescript');
+
+    expect(milestones).toHaveLength(1);
+    expect(milestones[0].name).toContain('[RECOVERY]');
+    expect(milestones[0].status).toBe('pending');
+    expect(milestones[0].tasks.length).toBeGreaterThan(0);
+
+    for (const task of milestones[0].tasks) {
+      expect(task.status).toBe('pending');
+      expect(task.name).toBeTruthy();
+      expect(task.description).toBeTruthy();
+    }
+  });
+
+  it('should preserve [RECOVERY] prefix on milestone names', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'major' }),
+      makeFinding({ id: 'AUD-002', severity: 'minor', autoFixable: true }),
+    ];
+    const report = makeReport({ findings, majorCount: 1, minorCount: 1 });
+    const plan = generateRecoveryPlan(report);
+    const milestones = recoveryToMilestones(plan, 'python');
+
+    for (const ms of milestones) {
+      expect(ms.name.startsWith('[RECOVERY]')).toBe(true);
+    }
+  });
+
+  it('should include acceptance criteria in task description', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'critical', recommendation: 'Use parameterized queries' }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1 });
+    const plan = generateRecoveryPlan(report);
+    const milestones = recoveryToMilestones(plan, 'typescript');
+
+    const taskDesc = milestones[0].tasks[0].description;
+    expect(taskDesc).toContain('Acceptance criteria');
+    expect(taskDesc).toContain('parameterized queries');
+  });
+});