popeye-cli 1.8.0 → 1.9.1

package/tests/workflow/audit-mode.test.ts

@@ -0,0 +1,114 @@
+/**
+ * Tests for the audit mode orchestrator.
+ *
+ * These tests mock the AI analyzer and state modules to validate
+ * the orchestration flow without requiring real AI calls.
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import type { AuditModeRunOptions } from '../../src/workflow/audit-mode.js';
+
+// Mock the external dependencies before importing the module under test
+vi.mock('../../src/state/index.js', () => ({
+  loadProject: vi.fn().mockResolvedValue({
+    id: 'test-id',
+    name: 'Test Project',
+    idea: 'A test project',
+    language: 'typescript',
+    openaiModel: 'gpt-4',
+    phase: 'complete',
+    status: 'complete',
+    specification: 'Build a todo app',
+    milestones: [],
+    currentMilestone: null,
+    currentTask: null,
+    consensusHistory: [],
+    createdAt: '2024-01-01T00:00:00Z',
+    updatedAt: '2024-01-01T00:00:00Z',
+  }),
+  updateState: vi.fn().mockResolvedValue({}),
+  addMilestones: vi.fn().mockResolvedValue({}),
+}));
+
+vi.mock('../../src/adapters/claude.js', () => ({
+  executePrompt: vi.fn().mockResolvedValue({
+    success: true,
+    response: '```json\n[]\n```',
+    toolCalls: [],
+  }),
+}));
+
+// Import after mocks are set up
+const { runAuditMode } = await import('../../src/workflow/audit-mode.js');
+const { loadProject, updateState } = await import('../../src/state/index.js');
+
+beforeEach(() => {
+  vi.clearAllMocks();
+});
+
+function makeOptions(overrides: Partial<AuditModeRunOptions> = {}): AuditModeRunOptions {
+  return {
+    projectDir: '/tmp/fake-project',
+    depth: 2,
+    runTests: false,
+    strict: false,
+    format: 'json',
+    autoRecover: false,
+    target: 'all',
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// runAuditMode
+// ---------------------------------------------------------------------------
+
+describe('runAuditMode', () => {
+  it('should return error result when project cannot be loaded', async () => {
+    vi.mocked(loadProject).mockRejectedValueOnce(new Error('Project not found'));
+
+    const result = await runAuditMode(makeOptions());
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Project not found');
+  });
+
+  it('should call progress callbacks through stages', async () => {
+    const messages: Array<{ stage: string; msg: string }> = [];
+    const result = await runAuditMode(
+      makeOptions({
+        onProgress: (stage, msg) => messages.push({ stage, msg }),
+      })
+    );
+
+    // Should have stage-1, stage-2, and stage-3 messages
+    expect(messages.some((m) => m.stage === 'stage-1')).toBe(true);
+    expect(messages.some((m) => m.stage === 'stage-2')).toBe(true);
+    expect(messages.some((m) => m.stage === 'stage-3')).toBe(true);
+  });
+
+  it('should update state with audit report path', async () => {
+    await runAuditMode(makeOptions({ format: 'json' }));
+    expect(updateState).toHaveBeenCalledWith(
+      '/tmp/fake-project',
+      expect.objectContaining({
+        auditRunId: expect.any(String),
+        auditLastRunAt: expect.any(String),
+      })
+    );
+  });
+
+  it('should not generate recovery when no trigger conditions met', async () => {
+    const result = await runAuditMode(makeOptions());
+    // With empty findings from mock, no recovery should be triggered
+    expect(result.recovery).toBeUndefined();
+  });
+
+  it('should have a valid audit report structure', async () => {
+    const result = await runAuditMode(makeOptions());
+    expect(result.success).toBe(true);
+    expect(result.audit).toBeDefined();
+    expect(result.audit.projectName).toBe('Test Project');
+    expect(result.audit.auditRunId).toBeTruthy();
+    expect(result.summary).toBeDefined();
+    expect(result.summary.projectName).toBe('Test Project');
+  });
+});

package/tests/workflow/audit-recovery.test.ts

@@ -0,0 +1,237 @@
+/**
+ * Tests for the audit recovery module.
+ */
+import { describe, it, expect } from 'vitest';
+import {
+  shouldTriggerRecovery,
+  generateRecoveryPlan,
+  recoveryToMilestones,
+} from '../../src/workflow/audit-recovery.js';
+import type { ProjectAuditReport, AuditFinding, SearchMetadata, AuditCategory } from '../../src/types/audit.js';
+
+/**
+ * Minimal audit report for testing.
+ */
+function makeReport(overrides: Partial<ProjectAuditReport> = {}): ProjectAuditReport {
+  return {
+    projectName: 'Test',
+    language: 'typescript',
+    auditedAt: '2024-01-01T00:00:00Z',
+    auditRunId: 'run-test',
+    summary: {
+      projectName: 'Test',
+      language: 'typescript',
+      totalSourceFiles: 10,
+      totalTestFiles: 3,
+      totalLinesOfCode: 500,
+      totalLinesOfTests: 100,
+      componentCount: 1,
+      detectedComposition: ['frontend'],
+      entryPointCount: 1,
+      routeCount: 1,
+      dependencyCount: 5,
+      hasDocker: false,
+      hasEnvExample: true,
+      hasCiConfig: false,
+    },
+    findings: [],
+    overallScore: 90,
+    categoryScores: {} as Record<AuditCategory, number>,
+    criticalCount: 0,
+    majorCount: 0,
+    minorCount: 0,
+    infoCount: 0,
+    passedChecks: [],
+    searchMetadata: {
+      serenaUsed: false,
+      serenaRetries: 0,
+      serenaErrors: [],
+      fallbackUsed: false,
+      fallbackTool: '',
+      searchQueries: [],
+    },
+    recommendation: 'pass',
+    ...overrides,
+  };
+}
+
+function makeFinding(overrides: Partial<AuditFinding> = {}): AuditFinding {
+  return {
+    id: 'AUD-001',
+    category: 'test-coverage',
+    severity: 'major',
+    title: 'Low test coverage',
+    description: 'Coverage is below threshold.',
+    evidence: [{ file: 'src/auth/login.ts', description: 'No tests' }],
+    recommendation: 'Add tests for auth module.',
+    autoFixable: false,
+    ...overrides,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// shouldTriggerRecovery
+// ---------------------------------------------------------------------------
+
+describe('shouldTriggerRecovery', () => {
+  it('should trigger when critical findings exist', () => {
+    const report = makeReport({ criticalCount: 1, overallScore: 80 });
+    expect(shouldTriggerRecovery(report, false)).toBe(true);
+  });
+
+  it('should trigger in strict mode when major findings exist', () => {
+    const report = makeReport({ majorCount: 1, criticalCount: 0, overallScore: 85 });
+    expect(shouldTriggerRecovery(report, true)).toBe(true);
+  });
+
+  it('should NOT trigger in non-strict mode for major-only findings with high score', () => {
+    const report = makeReport({ majorCount: 1, criticalCount: 0, overallScore: 85 });
+    expect(shouldTriggerRecovery(report, false)).toBe(false);
+  });
+
+  it('should trigger when score is low and actionable findings exist', () => {
+    const findings = [makeFinding({ autoFixable: true })];
+    const report = makeReport({ overallScore: 60, findings, criticalCount: 0, majorCount: 0 });
+    expect(shouldTriggerRecovery(report, false)).toBe(true);
+  });
+
+  it('should trigger when score is low and category is actionable', () => {
+    const findings = [makeFinding({ category: 'integration-wiring', autoFixable: false })];
+    const report = makeReport({ overallScore: 60, findings, criticalCount: 0, majorCount: 0 });
+    expect(shouldTriggerRecovery(report, false)).toBe(true);
+  });
+
+  it('should NOT trigger for info-only findings', () => {
+    const findings = [makeFinding({ severity: 'info', category: 'documentation' })];
+    const report = makeReport({ overallScore: 90, findings, infoCount: 1, criticalCount: 0, majorCount: 0 });
+    expect(shouldTriggerRecovery(report, false)).toBe(false);
+  });
+
+  it('should NOT trigger when everything passes', () => {
+    const report = makeReport({ overallScore: 95, criticalCount: 0, majorCount: 0 });
+    expect(shouldTriggerRecovery(report, false)).toBe(false);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// generateRecoveryPlan
+// ---------------------------------------------------------------------------
+
+describe('generateRecoveryPlan', () => {
+  it('should create separate milestone for critical findings', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'critical', title: 'XSS vulnerability' }),
+      makeFinding({ id: 'AUD-002', severity: 'major', title: 'Low coverage' }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1, majorCount: 1 });
+    const plan = generateRecoveryPlan(report);
+
+    expect(plan.milestones.length).toBeGreaterThanOrEqual(2);
+    expect(plan.milestones[0].name).toContain('[RECOVERY] Critical Fixes');
+    expect(plan.milestones[0].tasks).toHaveLength(1);
+    expect(plan.milestones[1].name).toContain('[RECOVERY] Major Improvements');
+  });
+
+  it('should include polish milestone for auto-fixable minor findings', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'minor', autoFixable: true, title: 'Missing README' }),
+    ];
+    const report = makeReport({ findings, minorCount: 1 });
+    const plan = generateRecoveryPlan(report);
+
+    const polishMs = plan.milestones.find((m) => m.name.includes('Polish'));
+    expect(polishMs).toBeDefined();
+    expect(polishMs?.tasks).toHaveLength(1);
+  });
+
+  it('should NOT include non-autoFixable minor findings in polish', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'minor', autoFixable: false }),
+    ];
+    const report = makeReport({ findings, minorCount: 1 });
+    const plan = generateRecoveryPlan(report);
+
+    expect(plan.milestones).toHaveLength(0);
+  });
+
+  it('should set appTarget on every recovery task', () => {
+    const findings = [
+      makeFinding({
+        id: 'AUD-001',
+        severity: 'critical',
+        evidence: [{ file: 'apps/backend/main.py', description: 'Issue here' }],
+      }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1 });
+    const plan = generateRecoveryPlan(report);
+
+    for (const ms of plan.milestones) {
+      for (const task of ms.tasks) {
+        expect(task.appTarget).toBeTruthy();
+      }
+    }
+    expect(plan.milestones[0].tasks[0].appTarget).toBe('backend');
+  });
+
+  it('should provide estimated effort', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'critical' }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1 });
+    const plan = generateRecoveryPlan(report);
+    expect(plan.estimatedEffort).toBeTruthy();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// recoveryToMilestones
+// ---------------------------------------------------------------------------
+
+describe('recoveryToMilestones', () => {
+  it('should convert recovery milestones to the correct shape', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'critical', title: 'Fix auth' }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1 });
+    const plan = generateRecoveryPlan(report);
+    const milestones = recoveryToMilestones(plan, 'typescript');
+
+    expect(milestones).toHaveLength(1);
+    expect(milestones[0].name).toContain('[RECOVERY]');
+    expect(milestones[0].status).toBe('pending');
+    expect(milestones[0].tasks.length).toBeGreaterThan(0);
+
+    for (const task of milestones[0].tasks) {
+      expect(task.status).toBe('pending');
+      expect(task.name).toBeTruthy();
+      expect(task.description).toBeTruthy();
+    }
+  });
+
+  it('should preserve [RECOVERY] prefix on milestone names', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'major' }),
+      makeFinding({ id: 'AUD-002', severity: 'minor', autoFixable: true }),
+    ];
+    const report = makeReport({ findings, majorCount: 1, minorCount: 1 });
+    const plan = generateRecoveryPlan(report);
+    const milestones = recoveryToMilestones(plan, 'python');
+
+    for (const ms of milestones) {
+      expect(ms.name.startsWith('[RECOVERY]')).toBe(true);
+    }
+  });
+
+  it('should include acceptance criteria in task description', () => {
+    const findings = [
+      makeFinding({ id: 'AUD-001', severity: 'critical', recommendation: 'Use parameterized queries' }),
+    ];
+    const report = makeReport({ findings, criticalCount: 1 });
+    const plan = generateRecoveryPlan(report);
+    const milestones = recoveryToMilestones(plan, 'typescript');
+
+    const taskDesc = milestones[0].tasks[0].description;
+    expect(taskDesc).toContain('Acceptance criteria');
+    expect(taskDesc).toContain('parameterized queries');
+  });
+});

package/tests/workflow/audit-reporter.test.ts

@@ -0,0 +1,254 @@
+/**
+ * Tests for the audit reporter module.
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import {
+  buildSummaryReport,
+  buildAuditReport,
+  writeAuditMarkdown,
+  writeAuditJson,
+  writeRecoveryMarkdown,
+  writeRecoveryJson,
+} from '../../src/workflow/audit-reporter.js';
+import type { ProjectScanResult, AuditFinding, SearchMetadata, RecoveryPlan } from '../../src/types/audit.js';
+import type { ProjectState } from '../../src/types/workflow.js';
+
+let tmpDir: string;
+
+beforeEach(async () => {
+  tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'audit-report-'));
+});
+
+afterEach(async () => {
+  await fs.rm(tmpDir, { recursive: true, force: true });
+});
+
+function makeScan(overrides: Partial<ProjectScanResult> = {}): ProjectScanResult {
+  return {
+    tree: 'src/',
+    components: [],
+    detectedComposition: ['frontend'],
+    stateLanguage: 'typescript',
+    compositionMismatch: false,
+    sourceFiles: [],
+    testFiles: [],
+    configFiles: ['package.json', 'docker-compose.yml'],
+    entryPoints: ['src/main.ts'],
+    routeFiles: ['src/routes.ts'],
+    dependencies: [
+      { file: 'package.json', type: 'package.json', dependencies: { react: '^18' }, devDependencies: { vitest: '^1' } },
+    ],
+    totalSourceFiles: 15,
+    totalTestFiles: 5,
+    totalLinesOfCode: 800,
+    totalLinesOfTests: 200,
+    language: 'typescript',
+    docsIndex: [],
+    keyFileSnippets: [],
+    ...overrides,
+  };
+}
+
+function makeState(): ProjectState {
+  return {
+    id: 'test-id',
+    name: 'Test Project',
+    idea: 'A test project',
+    language: 'typescript',
+    openaiModel: 'gpt-4',
+    phase: 'complete',
+    status: 'complete',
+    milestones: [],
+    currentMilestone: null,
+    currentTask: null,
+    consensusHistory: [],
+    createdAt: '2024-01-01T00:00:00Z',
+    updatedAt: '2024-01-01T00:00:00Z',
+  } as ProjectState;
+}
+
+function makeMeta(): SearchMetadata {
+  return {
+    serenaUsed: true,
+    serenaRetries: 0,
+    serenaErrors: [],
+    fallbackUsed: false,
+    fallbackTool: '',
+    searchQueries: ['audit-analysis'],
+  };
+}
+
+// ---------------------------------------------------------------------------
+// buildSummaryReport
+// ---------------------------------------------------------------------------
+
+describe('buildSummaryReport', () => {
+  it('should produce a correct summary', () => {
+    const summary = buildSummaryReport(makeScan(), makeState());
+    expect(summary.projectName).toBe('Test Project');
+    expect(summary.totalSourceFiles).toBe(15);
+    expect(summary.totalTestFiles).toBe(5);
+    expect(summary.dependencyCount).toBe(2); // react + vitest
+    expect(summary.hasDocker).toBe(true);
+    expect(summary.entryPointCount).toBe(1);
+    expect(summary.routeCount).toBe(1);
+  });
+
+  it('should include AI overview when provided', () => {
+    const summary = buildSummaryReport(makeScan(), makeState(), 'Looks good overall.');
+    expect(summary.aiOverview).toBe('Looks good overall.');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// buildAuditReport
+// ---------------------------------------------------------------------------
+
+describe('buildAuditReport', () => {
+  it('should produce a report with correct severity counts', () => {
+    const findings: AuditFinding[] = [
+      { id: 'AUD-001', category: 'security', severity: 'critical', title: 'XSS', description: 'Found XSS.', evidence: [], recommendation: 'Sanitize.', autoFixable: false },
+      { id: 'AUD-002', category: 'test-coverage', severity: 'major', title: 'Low coverage', description: 'Only 30%.', evidence: [], recommendation: 'Add tests.', autoFixable: false },
+      { id: 'AUD-003', category: 'documentation', severity: 'info', title: 'Missing comments', description: 'No JSDoc.', evidence: [], recommendation: 'Add JSDoc.', autoFixable: true },
+    ];
+    const scores = { overallScore: 72, categoryScores: {} as Record<string, number> };
+    const report = buildAuditReport(
+      buildSummaryReport(makeScan(), makeState()),
+      findings, scores as any, makeMeta(), { strict: false }, 'run-123'
+    );
+    expect(report.criticalCount).toBe(1);
+    expect(report.majorCount).toBe(1);
+    expect(report.infoCount).toBe(1);
+    expect(report.auditRunId).toBe('run-123');
+    expect(report.recommendation).toBe('fix-and-recheck');
+  });
+
+  it('should recommend pass when no critical and few major findings', () => {
+    const findings: AuditFinding[] = [
+      { id: 'AUD-001', category: 'documentation', severity: 'minor', title: 'Minor', description: 'Small.', evidence: [], recommendation: 'OK.', autoFixable: true },
+    ];
+    const scores = { overallScore: 95, categoryScores: {} as Record<string, number> };
+    const report = buildAuditReport(
+      buildSummaryReport(makeScan(), makeState()),
+      findings, scores as any, makeMeta(), { strict: false }, 'run-456'
+    );
+    expect(report.recommendation).toBe('pass');
+  });
+
+  it('should recommend major-rework for many critical findings', () => {
+    const findings = Array.from({ length: 4 }, (_, i) => ({
+      id: `AUD-${i}`,
+      category: 'security' as const,
+      severity: 'critical' as const,
+      title: `Critical ${i}`,
+      description: 'Bad.',
+      evidence: [],
+      recommendation: 'Fix.',
+      autoFixable: false,
+    }));
+    const scores = { overallScore: 30, categoryScores: {} as Record<string, number> };
+    const report = buildAuditReport(
+      buildSummaryReport(makeScan(), makeState()),
+      findings, scores as any, makeMeta(), { strict: false }, 'run-789'
+    );
+    expect(report.recommendation).toBe('major-rework');
+  });
+
+  it('should include search metadata in report', () => {
+    const meta = makeMeta();
+    meta.serenaUsed = true;
+    meta.serenaRetries = 1;
+    const report = buildAuditReport(
+      buildSummaryReport(makeScan(), makeState()),
+      [], { overallScore: 100, categoryScores: {} as any }, meta, { strict: false }, 'run-x'
+    );
+    expect(report.searchMetadata.serenaUsed).toBe(true);
+    expect(report.searchMetadata.serenaRetries).toBe(1);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// File writers
+// ---------------------------------------------------------------------------
+
+describe('writeAuditMarkdown', () => {
+  it('should write a valid markdown file', async () => {
+    const report = buildAuditReport(
+      buildSummaryReport(makeScan(), makeState()),
+      [], { overallScore: 100, categoryScores: {} as any }, makeMeta(), { strict: false }, 'run-1'
+    );
+    const filePath = await writeAuditMarkdown(tmpDir, report);
+    expect(filePath).toContain('popeye.audit.md');
+    const content = await fs.readFile(filePath, 'utf-8');
+    expect(content).toContain('# Audit Report');
+    expect(content).toContain('Test Project');
+  });
+});
+
+describe('writeAuditJson', () => {
+  it('should write valid JSON', async () => {
+    const report = buildAuditReport(
+      buildSummaryReport(makeScan(), makeState()),
+      [], { overallScore: 100, categoryScores: {} as any }, makeMeta(), { strict: false }, 'run-2'
+    );
+    const filePath = await writeAuditJson(tmpDir, report);
+    const content = await fs.readFile(filePath, 'utf-8');
+    const parsed = JSON.parse(content);
+    expect(parsed.projectName).toBe('Test Project');
+    expect(parsed.overallScore).toBe(100);
+  });
+});
+
+describe('writeRecoveryMarkdown', () => {
+  it('should write recovery plan markdown', async () => {
+    const recovery: RecoveryPlan = {
+      generatedAt: new Date().toISOString(),
+      auditScore: 60,
+      auditRunId: 'run-3',
+      totalFindings: 5,
+      criticalFindings: 1,
+      milestones: [
+        {
+          name: '[RECOVERY] Critical Fixes',
+          description: 'Fix critical issues.',
+          tasks: [
+            {
+              name: 'Fix SQL injection',
+              description: 'Sanitize inputs.',
+              findingIds: ['AUD-001'],
+              acceptanceCriteria: ['No raw SQL in handlers'],
+              appTarget: 'backend',
+            },
+          ],
+        },
+      ],
+      estimatedEffort: '2-4 hours',
+    };
+    const filePath = await writeRecoveryMarkdown(tmpDir, recovery);
+    const content = await fs.readFile(filePath, 'utf-8');
+    expect(content).toContain('# Recovery Plan');
+    expect(content).toContain('[RECOVERY] Critical Fixes');
+    expect(content).toContain('Fix SQL injection');
+  });
+});
+
+describe('writeRecoveryJson', () => {
+  it('should write valid recovery JSON', async () => {
+    const recovery: RecoveryPlan = {
+      generatedAt: new Date().toISOString(),
+      auditScore: 60,
+      auditRunId: 'run-4',
+      totalFindings: 2,
+      criticalFindings: 0,
+      milestones: [],
+      estimatedEffort: '1 hour',
+    };
+    const filePath = await writeRecoveryJson(tmpDir, recovery);
+    const content = await fs.readFile(filePath, 'utf-8');
+    const parsed = JSON.parse(content);
+    expect(parsed.auditRunId).toBe('run-4');
+  });
+});