wize-dev-kit 0.4.1 → 0.6.0

package/src/tea-skills/wize-qa-generate-e2e-tests/workflow.md

@@ -0,0 +1,119 @@
+---
+code: wize-qa-generate-e2e-tests
+name: Generate E2E Tests
+owner: wize-agent-test-architect   # Hawkeye
+status: ready
+---
+
+# Generate E2E Tests
+
+**Goal.** Translate UX screens + PRD ACs into concrete E2E test cases. Hawkeye produces the cases (names, steps, selectors, expected outcome); the user (or Shuri) writes the actual test bodies in the chosen framework.
+
+Hawkeye drives. Mantis confirms UX fidelity. Shuri confirms selectors match the design system.
+
+## When to run
+
+- After `wize-ux-design` and `wize-create-prd` are validated.
+- Before a story enters `in-progress` if the ACs are E2E-heavy.
+- When the team adopts a new E2E framework and needs a baseline.
+
+## When NOT to run
+
+- Before UX design is ready (no screens = no cases).
+- For unit tests (covered by `wize-tea-design`).
+- For visual / a11y (separate audit, out of scope here).
+
+## Inputs
+
+- `.wize/planning/ux/ux-design/{screen}.md` — page specs.
+- `.wize/planning/prd.md` — ACs.
+- `.wize/solutioning/design-system/` — component + testid names.
+- The active profile (web-overlay → Playwright; app-overlay → Detox; core-only → propose and let user pick).
+
+## Output
+
+- `.wize/implementation/tea/e2e-cases/{screen}.md` — one file per screen with the test cases.
+
+## Steps
+
+### 1. Map (UX screen → ACs)
+
+For each screen, list the ACs that touch it. Cross-reference the PRD. If a screen has no ACs, flag it (gap).
+
+### 2. Cases (3-10 per screen)
+
+For each screen, generate 3-10 cases. For each case:
+- **Name:** verb-led, in 1 line.
+- **Pre-conditions:** setup (logged in, on screen X, etc.).
+- **Steps:** numbered, observable actions.
+- **Selectors:** `data-testid` values from the design system. If none exist, propose new ones.
+- **Expected outcome:** what the test asserts.
+- **Priority:** P0 (must pass before release) / P1 (should pass) / P2 (nice to have).
+
+### 3. Selectors
+
+Derive selectors from `design-system/` tokens + story notes. If a story has a `data-testid` map, prefer that. New selectors go into a "proposed testids" section; Mantis signs off in the next design-system sync.
+
+### 4. Triage
+
+Mark each case P0/P1/P2. P0 is the minimum viable E2E coverage. P1 expands happy paths. P2 covers edge cases.
+
+### 5. Hand off
+
+Notify the next workflow:
+- Shuri → implement the P0 cases first.
+- Mantis → sign off on the new testids.
+- The user → confirm the framework choice if it is ambiguous.
+
+## Output template
+
+```markdown
+---
+screen: sign-in
+generated: 2026-06-16
+linked_acs: [AC-01-1, AC-01-2]
+framework: playwright
+---
+
+# E2E cases — sign-in
+
+## Map
+- AC-01-1: user enters valid email + password
+- AC-01-2: user enters invalid email → error message
+
+## Cases
+
+### P0 — happy path
+- **Name:** Sign in with valid credentials
+- **Pre-conditions:** not signed in; on /signin
+- **Steps:** enter email; enter password; click "Sign in"
+- **Selectors:** data-testid="email-input", data-testid="password-input", data-testid="signin-cta"
+- **Expected outcome:** redirect to /dashboard; token in localStorage
+
+### P0 — invalid email
+- **Name:** Sign in with invalid email
+- **Pre-conditions:** not signed in; on /signin
+- **Steps:** enter "not-an-email"; enter password; click "Sign in"
+- **Selectors:** data-testid="email-input", data-testid="email-error"
+- **Expected outcome:** error text appears within 200ms; no redirect
+
+## Proposed testids
+- (none — using existing design system)
+
+## Triage summary
+- P0: 2
+- P1: 0
+- P2: 0
+```
+
+## Anti-patterns Hawkeye rejects
+
+- Generating 50 cases per screen. (Cap at 10; surface the rest as out-of-scope.)
+- Skipping the priority. (P0 is the contract; the rest is optional.)
+- Inventing selectors not present in the design system. (Propose them, but flag for Mantis.)
+- Auto-writing Playwright code. (Hawkeye proposes cases; the human writes the bodies.)
+- Skipping the screen-to-AC mapping. (Coverage gap = bug.)
+
+## Hand-off
+
+> "E2E cases generated for {N} screens. {N0} P0, {N1} P1, {N2} P2. Files at `.wize/implementation/tea/e2e-cases/`. Next: implement P0 (Shuri), sign off new testids (Mantis)."

package/tools/installer/onboarding.js

@@ -26,6 +26,7 @@ function compose(detection, profiles) {
   lines.push('  → /wize-quick-dev              (Shuri, for small fixes)');
   if (profiles.find(p => p.code === 'web-overlay')) lines.push('  → /wize-web-scaffold           (overlay)');
   if (profiles.find(p => p.code === 'app-overlay')) lines.push('  → /wize-app-scaffold           (overlay)');
+  if (profiles.find(p => p.code === 'security-overlay')) lines.push('  → /wize-sec-pentest         (overlay)');
   return lines.join('\n');
 }
 

package/tools/installer/render-shared.js

@@ -53,6 +53,42 @@ function ensureDir(dir) {
   fs.mkdirSync(dir, { recursive: true });
 }
 
+// Companion files (steps/, templates/, data/, *.csv, *-template.md,
+// customize.toml, research.template.md, etc.) that micro-file workflows
+// reference from their body. We must copy these alongside the SKILL.md so
+// the IDE can resolve paths like "./steps/step-01-init.md" at runtime.
+const SKIP_NAMES = new Set(['.DS_Store', 'Thumbs.db', 'node_modules', '.git']);
+const SKIP_FILES = new Set([
+  'skill.md', 'workflow.md', 'agent.yaml', 'persona.md',
+  'package.json', 'package-lock.json'
+]);
+
+function isCompanion(entry) {
+  if (entry.name.startsWith('.')) return false;
+  if (SKIP_NAMES.has(entry.name)) return false;
+  if (SKIP_FILES.has(entry.name)) return false;
+  if (entry.name.endsWith('.test.js')) return false;
+  return true;
+}
+
+function copyCompanionFiles(srcDir, destDir, written, relPrefix = '') {
+  if (!srcDir || !fs.existsSync(srcDir)) return;
+  for (const entry of fs.readdirSync(srcDir, { withFileTypes: true })) {
+    if (!isCompanion(entry)) continue;
+    const s = path.join(srcDir, entry.name);
+    const d = path.join(destDir, entry.name);
+    const rel = relPrefix ? `${relPrefix}/${entry.name}` : entry.name;
+    if (entry.isDirectory()) {
+      ensureDir(d);
+      copyCompanionFiles(s, d, written, rel);
+    } else if (entry.isFile()) {
+      ensureDir(path.dirname(d));
+      fs.copyFileSync(s, d);
+      written.push(rel);
+    }
+  }
+}
+
 // Walks the kit and returns a flat array of "assets" the adapters can render.
 // Each asset has: { kind: 'agent'|'workflow'|'skill', code, name, title, description, body, overlay }
 function collectAssets(kitRoot, { profiles = ['core'] } = {}) {
@@ -69,7 +105,7 @@ function collectAssets(kitRoot, { profiles = ['core'] } = {}) {
     if (!code || !name) continue;
     const personaPath = path.join(dir, 'persona.md');
     const persona = fs.existsSync(personaPath) ? fs.readFileSync(personaPath, 'utf-8') : '';
-    out.push({ kind: 'agent', code, name, title, description, body: persona || description, overlay: null });
+    out.push({ kind: 'agent', code, name, title, description, body: persona || description, overlay: null, srcDir: dir });
   }
 
   for (const wfPath of walkWorkflows(kitRoot)) {
@@ -78,6 +114,7 @@ function collectAssets(kitRoot, { profiles = ['core'] } = {}) {
     if (!fm.code) continue;
     if (fm.overlay === 'web' && !profSet.has('web-overlay')) continue;
     if (fm.overlay === 'app' && !profSet.has('app-overlay')) continue;
+    if (fm.overlay === 'security' && !profSet.has('security-overlay')) continue;
     out.push({
       kind: 'workflow',
       code: fm.code,
@@ -85,7 +122,8 @@ function collectAssets(kitRoot, { profiles = ['core'] } = {}) {
       title: fm.phase || fm.gate || '',
       description: `${fm.phase || fm.gate || 'workflow'}: ${fm.name || fm.code}`,
       body: bodyAfterFrontmatter(content),
-      overlay: fm.overlay || null
+      overlay: fm.overlay || null,
+      srcDir: path.dirname(wfPath)
     });
   }
 
@@ -93,6 +131,9 @@ function collectAssets(kitRoot, { profiles = ['core'] } = {}) {
     const content = fs.readFileSync(skPath, 'utf-8');
     const fm = readFrontmatter(content);
     if (!fm.code) continue;
+    if (fm.overlay === 'web' && !profSet.has('web-overlay')) continue;
+    if (fm.overlay === 'app' && !profSet.has('app-overlay')) continue;
+    if (fm.overlay === 'security' && !profSet.has('security-overlay')) continue;
     out.push({
       kind: 'skill',
       code: fm.code,
@@ -100,7 +141,8 @@ function collectAssets(kitRoot, { profiles = ['core'] } = {}) {
       title: fm.module || '',
       description: fm.module ? `${fm.module} skill: ${fm.name || fm.code}` : (fm.name || fm.code),
       body: bodyAfterFrontmatter(content),
-      overlay: null
+      overlay: fm.overlay || null,
+      srcDir: path.dirname(skPath)
     });
   }
 
@@ -140,6 +182,10 @@ function renderAnthropicSkills(kitRoot, targetDir, opts = {}) {
       ensureDir(skillDir);
       fs.writeFileSync(path.join(skillDir, 'SKILL.md'), content, 'utf-8');
       written.push(`${a.code}/SKILL.md`);
+      // Copy companion files (steps/, templates/, data/, *.csv, customize.toml,
+      // *-template.md, research.template.md, etc.) so micro-file workflows can
+      // resolve relative paths from inside the SKILL body.
+      copyCompanionFiles(a.srcDir, skillDir, written, a.code);
     }
   }
   return { written, skipped: [] };
@@ -178,6 +224,7 @@ module.exports = {
   collectAssets,
   renderAnthropicSkills,
   renderAgentsMd,
+  copyCompanionFiles,
   // Re-exports for adapter authors who need to roll their own format:
   readFrontmatter,
   bodyAfterFrontmatter,

package/tools/installer/wize-cli.js

@@ -43,7 +43,8 @@ const TARGETS = [
 const PROFILES = [
   { code: 'core', label: 'Wize Dev Core', required: true },
   { code: 'web-overlay', label: 'Wize Web Dev (overlay)', required: false },
-  { code: 'app-overlay', label: 'Wize App Development (overlay)', required: false }
+  { code: 'app-overlay', label: 'Wize App Development (overlay)', required: false },
+  { code: 'security-overlay', label: 'Wize Security (AI Pentester overlay)', required: false }
 ];
 
 // Common BCP-47 short codes. Users can type any other value freely.
@@ -140,12 +141,69 @@ function prompt(question) {
 }
 
 async function confirm(question, defaultYes = true) {
+  if (INTERACTIVE) {
+    const { value } = await prompts({
+      type: 'confirm',
+      name: 'value',
+      message: question,
+      initial: defaultYes
+    });
+    if (value === undefined) process.exit(130);
+    return value;
+  }
   const hint = defaultYes ? '[Y/n]' : '[y/N]';
   const ans = (await prompt(`${question} ${hint} `)).toLowerCase();
   if (!ans) return defaultYes;
   return ans.startsWith('y');
 }
 
+async function promptText(question, defaultValue = '') {
+  if (INTERACTIVE) {
+    const { value } = await prompts({
+      type: 'text',
+      name: 'value',
+      message: question,
+      initial: defaultValue
+    });
+    if (value === undefined) process.exit(130);
+    return value.trim();
+  }
+  const ans = (await prompt(`${question} [${defaultValue}]: `)).trim();
+  return ans || defaultValue;
+}
+
+async function promptTextMandatory(question, defaultValue = '') {
+  if (INTERACTIVE) {
+    if (defaultValue) {
+      const { keep } = await prompts({
+        type: 'confirm',
+        name: 'keep',
+        message: `${question} (use "${defaultValue}"?)`,
+        initial: true
+      });
+      if (keep === undefined) process.exit(130);
+      if (keep) return defaultValue;
+    }
+    const { value } = await prompts({
+      type: 'text',
+      name: 'value',
+      message: question
+    });
+    if (value === undefined) process.exit(130);
+    const trimmed = value.trim();
+    if (trimmed) return trimmed;
+    if (defaultValue) return defaultValue;
+    return promptTextMandatory(question, defaultValue);
+  }
+  // Non-TTY: keep asking until non-empty.
+  for (;;) {
+    const ans = (await prompt(`${question}: `)).trim();
+    if (ans) return ans;
+    if (defaultValue) return defaultValue;
+    console.log('Please provide a value.');
+  }
+}
+
 async function select(label, choices, defaultValue) {
   if (INTERACTIVE) {
     const initial = choices.findIndex(c => c.value === defaultValue);
@@ -384,7 +442,7 @@ async function cmdInstall(args) {
     console.log('\nGreenfield repo detected.');
   }
 
-  const project_name = (await prompt(`Project name [${path.basename(cwd)}]: `)) || path.basename(cwd);
+  const project_name = (await promptText(`Project name`, path.basename(cwd))) || path.basename(cwd);
   const profiles = await multiSelect('Select profile(s) to install', PROFILES);
   const targets = await multiSelect('Select IDE target(s)', TARGETS);
 
@@ -398,10 +456,13 @@ async function cmdInstall(args) {
   );
 
   // Personal touch — the user_name lands in .wize/config/user.toml (per-developer).
+  // Always ask; do not silently accept the OS username, because the install must
+  // feel personal and avoid misnaming the user in agent conversations.
   const defaultName = (os.userInfo().username || '').trim();
-  const user_name = (await prompt(
-    `How should the agents call you? [${defaultName || 'leave blank'}]: `
-  )).trim() || defaultName;
+  const user_name = await promptTextMandatory(
+    'How should the agents call you?',
+    defaultName
+  );
 
   // Gitignore — opt-in, idempotent.
   const wantsGitignore = await confirm(
@@ -423,6 +484,12 @@ async function cmdInstall(args) {
   console.log(`✓ ide targets: ${targets.map(t => t.code).join(', ')}`);
   if (user_name) console.log(`✓ user.toml: agents will call you "${user_name}"`);
 
+  if (profiles.some(p => p.code === 'security-overlay')) {
+    console.log('\n⚠  security-overlay selected — authorized use only.');
+    console.log('   Uso autorizado. Você é responsável por obter permissão antes de testar alvos que não são seus.');
+    console.log('   O kit detecta alvos fora do scope.md e recusa automaticamente; ainda assim, use com responsabilidade.');
+  }
+
   if (wantsGitignore) {
     const r = applyGitignore(cwd);
     if (r.changed) console.log(`✓ .gitignore ${r.mode} with the wize-dev-kit block`);