diff --git a/.claude/skills/qa-agent/SKILL.md b/.claude/skills/qa-agent/SKILL.md new file mode 100644 index 000000000..ebdd8b4e4 --- /dev/null +++ b/.claude/skills/qa-agent/SKILL.md @@ -0,0 +1,200 @@ +--- +name: qa-agent +description: "Run a full QA review of this codebase. Traces cross-file impact, checks framework best practices, security, performance, and accessibility. Use /qa-agent for full review, /qa-agent [filepath] for targeted review, /qa-agent --diff for changed files only, /qa-agent --hotspots for most-changed files only." +allowed-tools: Read, Grep, Glob, Bash +memory: project +--- + +# QA Agent + +Use this skill to run a production QA review for the Keploy docs repository. This is a Docusaurus 3 documentation site with heavy SEO customization, versioned docs, custom theme overrides, autogenerated sidebar behavior for current docs, and versioned sidebar JSON for archived docs. + +## Required Startup Reads + +Before reviewing anything, always read these files first: + +1. `context/codebase-map.md` +2. `context/hotspots.md` +3. `context/known-suppressions.md` +4. `context/ignore.md` + +Then load the rules that apply to the current target: + +1. `rules/framework.md` +2. `rules/security.md` +3. `rules/performance.md` +4. `rules/content.md` +5. `rules/seo.md` +6. `checklists/pr-review.md` +7. `checklists/accessibility.md` +8. `checklists/seo.md` + +Load `rules/typescript.md` when reviewing: + +1. any `.ts` or `.tsx` file +2. any PR that introduces TypeScript +3. any docs page whose primary risk is a fenced TypeScript example + +## Argument Parsing + +Parse `$ARGUMENTS` exactly once before doing any review work. + +### No arguments + +Review `git diff HEAD --name-only`. + +If that returns no files, fall back to the 10 most recently changed tracked files: + +```bash +git log --name-only --format="" -n 20 | awk 'NF' | awk '!seen[$0]++' | head -10 +``` + +### Single file path + +If `$ARGUMENTS` is a path like `src/theme/DocItem/index.js` or `versioned_docs/version-4.0.0/running-keploy/public-api.md`, review that file and every file impacted by it. + +### `--diff` + +Review only files from: + +```bash +git diff HEAD --name-only +``` + +### `--full` + +Review the entire codebase, but prioritize in this order: + +1. `context/hotspots.md` +2. changed custom theme files under `src/theme/` +3. shared components under `src/components/` +4. configuration files such as `docusaurus.config.js`, `sidebars.js`, `netlify.toml`, `vercel.json` +5. versioned docs under `versioned_docs/` + +### `--hotspots` + +Review only the files listed in `context/hotspots.md`, top to bottom. + +## File Selection Rules + +Always remove ignored paths and generated artifacts listed in `context/ignore.md`. + +When the target is a docs file, also review: + +1. its sidebar configuration path +2. nearby shared MDX components under `docs/components/` +3. any linked images or static assets it introduces +4. any matching versioned sidebar JSON file when the doc is versioned + +When the target is a theme or config file, also review: + +1. direct dependents +2. pages that rely on it +3. content that is affected by its rendering behavior + +## Parallel Subagents + +Spawn these three subagents in parallel with the Task tool after resolving the initial file list. + +### Subagent A + +Agent file: `agents/codebase-explorer.md` +Subagent type: `Explore` + +Prompt: + +```text +Read the file(s) being reviewed. Identify all import/export relationships. Which other files import from these files? Which files do these files import from? Return a structured dependency map. +``` + +### Subagent B + +Agent file: `agents/impact-tracer.md` +Subagent type: `general-purpose` + +Prompt: + +```text +Given the files being reviewed: [list]. Use Grep and Glob to find every file in the project that imports from or references these files. Also check for dynamic imports, re-exports, and barrel files (index.ts/index.tsx/index.js). Return a list of impacted files with their relationship type. +``` + +### Subagent C + +Agent file: `agents/qa-reviewer.md` +Subagent type: `general-purpose` +Memory: `project` + +Prompt: + +```text +Load rules from rules/ relevant to this project. Load relevant checklists. Review the target files + any impacted files identified by Subagent B. Apply all rules. Return structured findings. +``` + +## Review Procedure + +1. Resolve the target file list from `$ARGUMENTS`. +2. Remove ignored and generated files. +3. Launch the three subagents in parallel. +4. Wait for all three results. +5. Merge Subagent A dependency data with Subagent B impact data. +6. Ask Subagent C findings to respect `context/known-suppressions.md`. +7. Apply higher scrutiny to changed files and hotspot files. +8. Apply lower scrutiny to impacted dependents: + check for breakage, broken imports, sidebar drift, broken internal links, metadata regressions, and rendering regressions, but do not spend time on style-only issues there. +9. Assemble the final report with `templates/report.md`. +10. Write the report to `qa-reports/YYYY-MM-DD-HH-MM.md`. +11. Print a terminal summary with total findings by severity. + +Use this report path pattern: + +```bash +mkdir -p qa-reports +REPORT_PATH="qa-reports/$(date '+%Y-%m-%d-%H-%M').md" +``` + +## Severity Model + +Use these severities only: + +1. `blocking` +2. `warning` +3. `suggestion` +4. `nitpick` + +Treat these as blocking in this repository: + +1. broken internal docs links +2. orphaned docs that will not appear in navigation +3. missing required frontmatter on new docs +4. unsafe secret exposure in config, scripts, or docs examples +5. SEO regressions on strategic docs pages that remove canonical URL, description, or social image coverage already supported by the theme + +## Repository-Specific Review Focus + +This repository is not a generic React app. Bias review time toward: + +1. Docusaurus config correctness in `docusaurus.config.js` +2. theme overrides under `src/theme/` +3. shared component barrel usage in `src/components/index.js` +4. versioned docs integrity in `versioned_docs/` +5. sidebar discoverability through autogenerated current sidebars and `versioned_sidebars/*.json` +6. SEO metadata rendered by `src/theme/DocItem/index.js` +7. external scripts and browser globals under `static/js/` and `static/scripts/` + +## Output Requirements + +The final output must: + +1. use the structure from `templates/report.md` +2. include changed files and cross-file impact +3. call out ignored files +4. summarize severity counts +5. clearly distinguish direct findings from inferred impact + +If no findings exist, still produce a report with: + +1. severity counts set to zero +2. reviewed files listed +3. impacted files listed +4. skipped files listed +5. a `Passed gate checklist` section referencing `checklists/pr-review.md` diff --git a/.claude/skills/qa-agent/agents/codebase-explorer.md b/.claude/skills/qa-agent/agents/codebase-explorer.md new file mode 100644 index 000000000..f7f036a1b --- /dev/null +++ b/.claude/skills/qa-agent/agents/codebase-explorer.md @@ -0,0 +1,53 @@ +# Codebase Explorer + +Type: `Explore` +Mode: read-only + +## Purpose + +Map the repo shape around the target files without dumping raw file contents. This agent exists to answer dependency and structure questions fast. + +## What To Inspect + +1. The target file list. +2. Parent directories of those files. +3. `context/codebase-map.md` for global repo structure. +4. `src/components/index.js` and any nearby `index.js` barrel files. +5. `src/theme/` overrides when the target affects rendering. +6. `docusaurus.config.js`, `sidebars.js`, and `versioned_sidebars/*.json` when the target is docs or config. + +## Required Tasks + +1. Map the local directory structure around the target files. +2. Identify the router/content system in use: + this repo is Docusaurus, so confirm whether the target participates in docs routing, static pages, theme overrides, or static assets. +3. Find barrel files: + `index.ts`, `index.tsx`, `index.js`, `index.jsx`. +4. Identify shared component and utility patterns. +5. Identify whether the target participates in: + docs rendering, navbar/footer config, sidebar generation, SEO metadata, or static client scripts. + +## Output Format + +Return a compact JSON-like summary with these keys: + +```text +{ + repoType: "", + targetFiles: [], + localDirectories: [], + routerPattern: "", + barrelFiles: [], + importsFromTarget: [], + importsUsedByTarget: [], + sharedPatterns: [], + notes: [] +} +``` + +## Constraints + +1. Do not return raw file dumps. +2. Keep entries compact and path-focused. +3. Prefer exact paths over prose. +4. If a relationship is inferred rather than directly observed, label it as inferred. diff --git a/.claude/skills/qa-agent/agents/impact-tracer.md b/.claude/skills/qa-agent/agents/impact-tracer.md new file mode 100644 index 000000000..3b43cd1d6 --- /dev/null +++ b/.claude/skills/qa-agent/agents/impact-tracer.md @@ -0,0 +1,69 @@ +# Impact Tracer + +Type: `general-purpose` + +## Purpose + +Given changed files, trace every place in the repository that could break because of them. + +## Inputs + +You will receive a list of changed or target files. + +## Search Procedure + +1. For each target file, search for: + ES module imports, CommonJS `require`, MDX imports, and dynamic imports. +2. Search for re-exports through barrel files: + `index.ts`, `index.tsx`, `index.js`, `index.jsx`. +3. Search for indirect references: + exported identifiers, component names, utility names, frontmatter IDs, doc IDs, and slugs. +4. Search config and navigation references: + `docusaurus.config.js`, `sidebars.js`, `versioned_sidebars/*.json`, `static/_redirects`, `netlify.toml`, `vercel.json`, GitHub workflows. +5. When a docs page changes, also check: + related images in `static/`, linked docs, and adjacent versioned docs with the same topic. + +## Special Handling For This Repo + +1. `src/components/index.js` is a barrel file and must be checked for re-export impact. +2. `src/theme/DocItem/index.js` changes can affect all docs pages. +3. `docusaurus.config.js` changes can affect navbar, footer, SEO metadata, versioning, sitemap behavior, and broken-link enforcement globally. +4. Current docs rely on autogenerated sidebar behavior from `sidebars.js`; versioned docs also rely on `versioned_sidebars/*.json`. + +## Output Format + +Return exactly this structure: + +```text +{ + changedFiles: [], + directDependents: [ + { file: "", relationship: "" } + ], + indirectDependents: [ + { file: "", relationship: "" } + ], + configReferences: [ + { file: "", relationship: "" } + ] +} +``` + +## Relationship Labels + +Use labels such as: + +1. `imports` +2. `re-exported-through` +3. `dynamic-import` +4. `referenced-by-config` +5. `linked-from-doc` +6. `shares-asset` +7. `same-topic-versioned-doc` +8. `rendered-by-theme-override` + +## Constraints + +1. Do not include ignored/generated files from `context/ignore.md`. +2. Prefer exact path matches and identifier matches over broad guesses. +3. Call out uncertainty when an indirect dependency is inferred. diff --git a/.claude/skills/qa-agent/agents/qa-reviewer.md b/.claude/skills/qa-agent/agents/qa-reviewer.md new file mode 100644 index 000000000..b03a95641 --- /dev/null +++ b/.claude/skills/qa-agent/agents/qa-reviewer.md @@ -0,0 +1,62 @@ +# QA Reviewer + +Type: `general-purpose` +Memory: `project` + +## Purpose + +Review target files and impacted files using the project rules, while avoiding false positives from known suppressions and ignored paths. + +## Required Reads + +Always read: + +1. `context/known-suppressions.md` +2. `context/ignore.md` +3. `rules/framework.md` +4. `rules/security.md` +5. `rules/performance.md` +6. `rules/content.md` +7. `rules/seo.md` +8. `checklists/pr-review.md` +9. `checklists/accessibility.md` +10. `checklists/seo.md` + +Conditionally read: + +1. `rules/typescript.md` for `.ts`, `.tsx`, or TypeScript-heavy code examples + +## Review Scope + +1. Apply full scrutiny to target files. +2. Apply lower scrutiny to impacted files from `impact-tracer`: + only look for breakage, import drift, navigation drift, metadata drift, content regressions, and unsafe patterns. +3. Skip any file or pattern listed in `context/ignore.md`. +4. Skip any already-known suppression listed in `context/known-suppressions.md` unless the suppression itself is the bug. + +## Output Schema + +For every finding, output exactly: + +```text +{ severity: "blocking|warning|suggestion|nitpick", file: "", line: "", rule: "", what: "", why: "", fix: "" } +``` + +## Review Priorities For This Repo + +1. Broken internal links are blocking. +2. Missing required docs frontmatter is blocking on new content. +3. Navigation orphaning is blocking. +4. SEO regressions in shared theme/config files are high severity. +5. Static browser scripts under `static/js/` and `static/scripts/` require security scrutiny because they execute on every page load. +6. Theme overrides under `src/theme/` require regression scrutiny because they affect site-wide rendering. + +## Memory Updates + +When you discover a repeatable project-specific pattern not already captured in the rules, update project memory with a compact note such as: + +1. file pattern +2. why it exists +3. what not to flag in future reviews + +Do not store one-off style preferences that are not consistently used. diff --git a/.claude/skills/qa-agent/checklists/accessibility.md b/.claude/skills/qa-agent/checklists/accessibility.md new file mode 100644 index 000000000..82014cc57 --- /dev/null +++ b/.claude/skills/qa-agent/checklists/accessibility.md @@ -0,0 +1,10 @@ +# Accessibility Checklist + +- [ ] Every new image has descriptive alt text or is explicitly decorative +- [ ] Headings follow a valid hierarchy +- [ ] Link text is meaningful out of context +- [ ] Interactive components remain keyboard reachable +- [ ] Buttons and icon-only controls have accessible names +- [ ] Color-only meaning is avoided in screenshots, callouts, and custom UI +- [ ] Embedded media has surrounding explanatory text +- [ ] Code blocks, tabs, and accordions remain usable with screen readers diff --git a/.claude/skills/qa-agent/checklists/pr-review.md b/.claude/skills/qa-agent/checklists/pr-review.md new file mode 100644 index 000000000..98a03ece2 --- /dev/null +++ b/.claude/skills/qa-agent/checklists/pr-review.md @@ -0,0 +1,11 @@ +# PR Review Gate + +- [ ] No blocking-severity findings +- [ ] All new files have appropriate TypeScript types when TypeScript is introduced +- [ ] No secrets introduced +- [ ] Tests exist for new utility functions when relevant; warn if missing, do not block +- [ ] No new `any` types in TypeScript additions +- [ ] No `console.log` left in production paths +- [ ] New docs pages include required frontmatter and remain discoverable in navigation +- [ ] New API or auth-related examples avoid insecure credential handling +- [ ] Impacted files have been checked and show no regressions diff --git a/.claude/skills/qa-agent/checklists/seo.md b/.claude/skills/qa-agent/checklists/seo.md new file mode 100644 index 000000000..a9c0f0b58 --- /dev/null +++ b/.claude/skills/qa-agent/checklists/seo.md @@ -0,0 +1,10 @@ +# SEO Checklist + +- [ ] No broken internal links or anchors +- [ ] Title and description are present and specific +- [ ] Canonical behavior remains correct after permalink or redirect changes +- [ ] Strategic pages have a stable social image when appropriate +- [ ] Structured data was preserved or intentionally updated +- [ ] Redirect changes do not create loops or unnecessary chains +- [ ] Sitemap, `llms.txt`, and `llms-full.txt` changes were reviewed when touched +- [ ] Navigation changes do not orphan current or versioned docs diff --git a/.claude/skills/qa-agent/context/codebase-map.md b/.claude/skills/qa-agent/context/codebase-map.md new file mode 100644 index 000000000..0526b4904 --- /dev/null +++ b/.claude/skills/qa-agent/context/codebase-map.md @@ -0,0 +1,92 @@ +# Codebase Map + +## Project Classification + +- Project type: versioned documentation website for Keploy +- Primary framework: Docusaurus `3.9.2` from `package.json` +- Runtime stack: React `18.2.0`, plain JavaScript source, Tailwind-enabled styling, MDX docs +- Router strategy: Docusaurus docs plugin mounted at `/` via `routeBasePath: "/"` in `docusaurus.config.js` +- Content volume: `566` Markdown or MDX files + +## Top-Level Structure + +- `docs/`: current unversioned docs content and shared MDX helper components under `docs/components/` +- `versioned_docs/`: archived versioned docs for `1.0.0`, `2.0.0`, `3.0.0`, and `4.0.0` +- `versioned_sidebars/`: version-specific sidebar JSON for archived docs +- `src/`: React pages, theme overrides, shared components, fonts, and global CSS +- `static/`: images, diagrams, gifs, client scripts, redirects, CNAME, and SEO artifacts such as `llms.txt` +- `plugins/`: local Docusaurus plugin package for Tailwind CSS loader +- `.github/workflows/`: CI, lint, formatting, Vale, CodeQL, CLA, and deploy workflows +- `build/`: generated production output, ignored for QA review +- `.docusaurus/`: generated Docusaurus metadata and routes, ignored for QA review + +## Key Shared Files + +- `docusaurus.config.js`: central site configuration, metadata, navbar, footer, docs plugin setup, versioning, sitemap, and head tags +- `sidebars.js`: intentionally empty, indicating current docs rely on autogenerated sidebar behavior +- `src/theme/DocItem/index.js`: custom doc renderer with page-level metadata and JSON-LD emission +- `src/pages/index.js`: custom docs landing page with schema injection +- `src/components/index.js`: barrel file for shared React components +- `src/css/custom.css`: site-wide visual overrides +- `netlify.toml`: link-check plugin and security headers +- `vercel.json`: header rules and noindex headers for legacy docs versions + +## Shared Component And Theme Patterns + +- Shared React components live under `src/components/` +- Shared exports are consolidated through `src/components/index.js` +- Docusaurus theme components are swizzled under `src/theme/` +- Docs pages can import MDX helpers from `docs/components/` or app components through `@site/src/components/...` + +## State Management + +- No dedicated client state library detected +- No Redux, Zustand, MobX, or React Query config detected +- Components appear mostly presentational and static + +## Data Fetching Pattern + +- Primary content is static Markdown/MDX compiled at build time +- No `getServerSideProps`, App Router, Pages Router, or Astro content collections detected +- Client scripts under `static/js/` and `static/scripts/` enhance the built HTML in the browser +- Search is powered through Algolia config in `docusaurus.config.js` + +## TypeScript Posture + +- No root `tsconfig.json` +- No first-class `.ts` or `.tsx` source files found in the repo scan +- TypeScript exists as a dependency and is handled in docs code-block transforms inside `docusaurus.config.js` + +## Project-Specific Conventions + +- `//@ts-check` is used at the top of `docusaurus.config.js` +- `docusaurus.config.js` mixes ESM-style imports with `module.exports` +- Current docs navigation is autogenerated, but versioned docs rely on tracked JSON sidebars in `versioned_sidebars/` +- The docs plugin excludes `**/shared/**` +- `src/theme/DocItem/index.js` injects per-page title, description, keywords, social image tags, and article schema +- Recent commit history is heavily SEO-focused: schema, sitemap, redirects, titles, breadcrumbs, keywords, and llms files +- `package.json` requires Node `>=18.0`, but `.nvmrc` pins `16`, so local/runtime expectations are not perfectly aligned + +## Deployment And Hosting + +- Primary deployment target: S3 + CloudFront from `.github/workflows/main.yml` +- Secondary platform configs present: `netlify.toml` and `vercel.json` +- Site URL: `https://keploy.io` +- Docs base URL: `/docs/` + +## CI/CD Pipeline + +- `.github/workflows/main.yml`: build with Yarn and deploy `build/` to S3, then submit sitemap URLs to IndexNow +- `.github/workflows/build_and_check.yml`: PR build validation with Node 20 and `npm run build` +- `.github/workflows/lint.yml`: commit message linting on push and PR +- `.github/workflows/prettify_code.yml`: Prettier check on changed `.js` and `.md` files +- `.github/workflows/vale-lint-action.yml`: Vale linting on changed lines in `versioned_docs` +- `.github/workflows/codeql.yml`: JavaScript CodeQL analysis + +## Risk Areas + +- `docusaurus.config.js` because it controls global routing, SEO, nav, and versioning +- `src/theme/DocItem/index.js` because it affects every docs page +- `src/css/custom.css` because styling regressions propagate site-wide +- `versioned_sidebars/*.json` because navigation regressions are easy to introduce +- `static/js/` and `static/scripts/` because they run in the browser on built pages diff --git a/.claude/skills/qa-agent/context/hotspots.md b/.claude/skills/qa-agent/context/hotspots.md new file mode 100644 index 000000000..4cfd2d1cf --- /dev/null +++ b/.claude/skills/qa-agent/context/hotspots.md @@ -0,0 +1,83 @@ +# Hotspots + +Top 20 most frequently changed files from `git log --format="" --name-only | sort | uniq -c | sort -rn | head -30`. + +1. `versioned_sidebars/version-2.0.0-sidebars.json` — 78 commits + Why high-churn: archived navigation file that absorbs frequent docs reshuffles and label changes. + Review priority: HIGH + +2. `docusaurus.config.js` — 78 commits + Why high-churn: central config for routing, SEO, versioning, navbar, footer, sitemap, and metadata. + Review priority: HIGH + +3. `src/css/custom.css` — 43 commits + Why high-churn: global styling override surface with site-wide visual regression risk. + Review priority: HIGH + +4. `README.md` — 33 commits + Why high-churn: contributor-facing project entry point updated with process and setup changes. + Review priority: MEDIUM + +5. `src/components/QuickStart.js` — 32 commits + Why high-churn: homepage quickstart surface likely updated alongside product positioning and onboarding UX. + Review priority: HIGH + +6. `sidebars.js` — 30 commits + Why high-churn: navigation control point, even though it is currently empty/autogenerated. + Review priority: HIGH + +7. `versioned_docs/version-2.0.0/quickstart/node-express-mongoose.md` — 29 commits + Why high-churn: popular quickstart page that likely receives ongoing example and workflow fixes. + Review priority: HIGH + +8. `src/components/Intro.js` — 29 commits + Why high-churn: landing-page messaging component tied to positioning and homepage revisions. + Review priority: MEDIUM + +9. `versioned_docs/version-2.0.0/quickstart/go-mux-sql.md` — 26 commits + Why high-churn: quickstart doc with runnable setup steps and integration details. + Review priority: HIGH + +10. `yarn.lock` — 25 commits + Why high-churn: dependency lockfile updated whenever build or package changes land. + Review priority: MEDIUM + +11. `versioned_docs/version-2.0.0/quickstart/python-flask-mongo.md` — 25 commits + Why high-churn: quickstart doc for a common stack, likely sensitive to example correctness. + Review priority: HIGH + +12. `src/pages/index.js` — 25 commits + Why high-churn: custom landing page affected by UX and SEO work. + Review priority: HIGH + +13. `versioned_docs/version-2.0.0/running-keploy/cli-commands.md` — 24 commits + Why high-churn: CLI reference doc that changes with product flags and command behavior. + Review priority: HIGH + +14. `versioned_docs/version-2.0.0/quickstart/samples-bunjs.md` — 24 commits + Why high-churn: stack-specific quickstart page with likely example drift risk. + Review priority: HIGH + +15. `versioned_docs/version-2.0.0/quickstart/samples-echo.md` — 23 commits + Why high-churn: another frequently maintained quickstart with setup-command sensitivity. + Review priority: HIGH + +16. `versioned_docs/version-2.0.0/server/windows/installation.md` — 22 commits + Why high-churn: OS-specific installation guidance that likely breaks when installer behavior changes. + Review priority: HIGH + +17. `versioned_docs/version-2.0.0/running-keploy/configuration-file.md` — 22 commits + Why high-churn: configuration reference page tied to evolving flags and schema. + Review priority: HIGH + +18. `versioned_sidebars/version-3.0.0-sidebars.json` — 20 commits + Why high-churn: versioned navigation file updated as archived docs structure moves. + Review priority: HIGH + +19. `versioned_docs/version-2.0.0/server/macos/installation.md` — 20 commits + Why high-churn: platform-specific installation doc with high risk of stale prerequisites. + Review priority: HIGH + +20. `versioned_docs/version-2.0.0/server/linux/installation.md` — 20 commits + Why high-churn: platform-specific installation doc with environment-sensitive setup steps. + Review priority: HIGH diff --git a/.claude/skills/qa-agent/context/ignore.md b/.claude/skills/qa-agent/context/ignore.md new file mode 100644 index 000000000..7afc0cd96 --- /dev/null +++ b/.claude/skills/qa-agent/context/ignore.md @@ -0,0 +1,36 @@ +# Ignore + +Skip these paths during QA unless the review is explicitly about generated output, build tooling, or ignore-policy changes. + +- `node_modules/` +- `.next/` +- `out/` +- `dist/` +- `build/` +- `.git/` +- `*.min.js` +- `*.generated.*` +- `__generated__/` +- `coverage/` +- `.cache/` +- `.docusaurus/` +- `.cache-loader/` +- `.netlify/` +- `.idea/` +- `.history/` +- `package-lock.json` + +Project-specific generated or machine-managed artifacts to skip by default: + +- `.docusaurus/DONT-EDIT-THIS-FOLDER` +- `build/assets/` +- `build/js/` +- `build/scripts/` +- `build/data/` + +Files to note but not review for content/security unless explicitly requested: + +- `.env.local` +- `.env.development.local` +- `.env.test.local` +- `.env.production.local` diff --git a/.claude/skills/qa-agent/context/known-suppressions.md b/.claude/skills/qa-agent/context/known-suppressions.md new file mode 100644 index 000000000..a3046c8e2 --- /dev/null +++ b/.claude/skills/qa-agent/context/known-suppressions.md @@ -0,0 +1,33 @@ +# Known Suppressions + +Do not flag these as violations unless the suppression itself is the problem. + +## Explicit Suppressions Found + +1. `static/js/code-block-buttons.js` + - Suppression: `/* eslint-disable */` + - Reason in file: `Turn off ESLint for this file because it's sent down to users as-is.` + - Review guidance: do not flag the file merely for disabling ESLint; review the actual browser-safety and security characteristics instead. + +## TypeScript Suppression Patterns + +1. No repo `.ts` or `.tsx` source files were found during reconnaissance. +2. No `@ts-ignore` or `@ts-expect-error` usage was found by the requested TypeScript-only grep. + +## Deliberate Pattern Deviations + +1. `docusaurus.config.js` + - The repo uses `//@ts-check`, ESM-style imports, and `module.exports` together. + - Treat this as an intentional Docusaurus config pattern unless a change makes the file invalid. + +2. `docusaurus.config.js` + - The docs remark pipeline temporarily prepends `// @ts-nocheck` to fenced TypeScript code blocks and strips it back out later. + - Do not report this as a source-code suppression; it is a build-time transform for examples. + +3. `sidebars.js` + - The file is intentionally empty in the current repo state. + - Do not flag emptiness by itself; only flag real navigation or discoverability regressions. + +4. `src/theme/DocItem/index.js` + - Breadcrumb-related rendering comments indicate an intentional SEO-driven customization. + - Review resulting behavior, not the existence of the customization comment. diff --git a/.claude/skills/qa-agent/rules/content.md b/.claude/skills/qa-agent/rules/content.md new file mode 100644 index 000000000..39f29f8e0 --- /dev/null +++ b/.claude/skills/qa-agent/rules/content.md @@ -0,0 +1,34 @@ +# Content Rules + +This is a documentation repository with 566 Markdown or MDX files across current and versioned docs. Content quality defects are product defects here. + +## Rules + +1. All images must have non-empty, descriptive alt text. + Decorative images should be explicitly treated as decorative rather than left ambiguous. + +2. Links must use meaningful text. + Avoid weak text such as `click here`, `read more`, or raw pasted URLs when a descriptive label is possible. + +3. Duplicate page titles across the site should be flagged when they create navigation or search ambiguity. + Cross-version duplicates are acceptable when they intentionally document the same topic in archived versions. + +4. Broken internal anchors are `blocking`. + A broken `#section` link in docs is a user-facing bug even if the page still builds. + +5. Frontmatter must include: + `title` required, `description` required, `tags` optional but encouraged. + In this repo, `id` is also expected for docs pages. + +6. Very short technical docs should be flagged as warnings when they are effectively stubs. + As a heuristic, pages under roughly 300 words should be checked for completeness unless they are intentionally concise reference entries. + +7. Code examples should be complete and runnable where feasible. + Truncated examples using `...` should be flagged when they remove the critical setup or make the example misleading. + +8. Future-dated content must include an explicit draft indicator before publication. + +9. Docs that introduce new UI terms, product names, or workflow labels should stay consistent with nearby docs and navigation labels. + +10. When a doc imports MDX components from `docs/components/` or `@site/src/components/...`, the prose still needs to stand on its own. + Do not hide essential instructions only inside visual chrome. diff --git a/.claude/skills/qa-agent/rules/framework.md b/.claude/skills/qa-agent/rules/framework.md new file mode 100644 index 000000000..2dce31117 --- /dev/null +++ b/.claude/skills/qa-agent/rules/framework.md @@ -0,0 +1,48 @@ +# Framework Rules + +Project classification: Docusaurus 3.9.2 docs site using `@docusaurus/preset-classic` in `docusaurus.config.js`, with docs mounted at the site root via `routeBasePath: "/"`. + +## Docusaurus Rules + +1. All docs must include frontmatter with `id`, `title`, and `description`. + Follow the pattern used in `versioned_docs/version-4.0.0/running-keploy/public-api.md`. + +2. New docs should include `sidebar_label` when the sidebar title needs to differ from the page title. + +3. No orphaned docs. + Current docs are routed through the docs plugin with an empty `sidebars.js`, which means autogenerated sidebar behavior is in play. + Versioned docs must also remain discoverable through the relevant file in `versioned_sidebars/`. + If a doc cannot be reached from generated navigation, versioned sidebars, or a deliberate landing page path, flag it. + +4. Broken internal links are `blocking`. + This repo sets `onBrokenLinks: "throw"` in `docusaurus.config.js` and also runs Netlify link checks in `netlify.toml`. + +5. All internal docs links should use repo-relative doc paths, existing slugs, or `@site` imports when referencing local assets or components. + Hardcoded absolute URLs to `https://keploy.io/docs/...` should be flagged when a relative doc link would avoid drift. + +6. Code blocks must declare a language whenever the language is known. + This matters because the site applies code transforms to `ts` and `js` blocks in `docusaurus.config.js`. + +7. Heading hierarchy must not skip levels. + A page should not jump from `#` to `###` without a `##` in between. + +8. Images used by docs content should live under `static/img/`, `static/gif/`, `static/diagrams/`, or another stable subdirectory under `static/`, and should be referenced using patterns Docusaurus can resolve. + +9. Shared MDX components imported into docs should come from stable locations such as `docs/components/` or `@site/src/components/...`, not ad hoc per-page duplicates. + +10. Theme overrides under `src/theme/` are site-wide. + Changes to `src/theme/DocItem/index.js`, `src/theme/Navbar/index.js`, `src/theme/Footer/index.js`, and related files must be reviewed as framework-level changes, not page-local edits. + +11. Metadata and structured data changes in `docusaurus.config.js`, `src/theme/DocItem/index.js`, or `src/pages/index.js` require QA review for regressions in canonical URL, descriptions, keywords, and social previews. + +12. Do not introduce new Google Fonts or third-party render-blocking assets casually. + This repo already injects DM Sans through `themeConfig.headTags` in `docusaurus.config.js`; additional head-level assets should be justified and performance-reviewed. + +13. Custom client scripts in `static/js/` and `static/scripts/` must remain browser-safe and progressively enhanced. + They should not assume a framework runtime beyond plain DOM APIs unless the page guarantees it. + +14. When adding or moving docs across versions, keep `versions.json`, `versioned_docs/`, and `versioned_sidebars/` consistent. + Missing cross-version alignment is a warning at minimum and blocking when it breaks navigation. + +15. Follow the component barrel pattern already used in `src/components/index.js`. + If a new shared component is meant to be reused from multiple pages or MDX files, export it there or explain why it should remain private. diff --git a/.claude/skills/qa-agent/rules/performance.md b/.claude/skills/qa-agent/rules/performance.md new file mode 100644 index 000000000..bbcd129eb --- /dev/null +++ b/.claude/skills/qa-agent/rules/performance.md @@ -0,0 +1,38 @@ +# Performance Rules + +This repository is a statically built Docusaurus site with client-side React components, theme overrides, and browser scripts. + +## Rules + +1. No synchronous file I/O in build hooks, plugins, or request-like handlers. + If new plugin code is added under `plugins/`, prefer async APIs. + +2. No `useEffect` that fetches data without cleanup or cancellation. + This applies to interactive components under `src/components/` and `src/theme/`. + +3. Recommend `React.memo` for components rendered repeatedly in lists when they receive complex object props and show measurable churn. + Do not add it blindly. + +4. No anonymous functions as default props or other patterns that create avoidable rerenders in hot list components. + +5. Dynamic import or code splitting is recommended for unusually heavy interactive components, media players, or third-party widgets. + `src/components/responsive-player/ResponsivePlayer.js` is the sort of component where weight matters. + +6. Do not import an entire utility library when a narrow import will do. + +7. Images used in prominent content should declare dimensions or use a rendering strategy that avoids layout shift. + This is blocking for above-the-fold hero content or shared page chrome. + +8. Avoid blocking external scripts in document head. + JSON-LD scripts are acceptable. + External analytics, chat, or widget scripts should be deferred or loaded through a controlled client hook. + +9. When multiple independent async tasks are introduced in plugin or build code, prefer `Promise.all()` over unnecessary sequential waits. + +10. Shared theme files such as `src/theme/DocItem/index.js` and `src/pages/index.js` are performance-sensitive because they affect many pages. + Avoid expensive per-render work that could be hoisted or simplified. + +11. Static browser scripts under `static/js/` should operate incrementally on the DOM and avoid full-document rescans where practical. + +12. Large numbers of new images, diagrams, or GIFs in `static/` should be reviewed for size and format choice. + Prefer SVG when vector art is sufficient; avoid oversized GIFs when MP4 or optimized alternatives would perform better. diff --git a/.claude/skills/qa-agent/rules/security.md b/.claude/skills/qa-agent/rules/security.md new file mode 100644 index 000000000..95aa25e2f --- /dev/null +++ b/.claude/skills/qa-agent/rules/security.md @@ -0,0 +1,38 @@ +# Security Rules + +This repo is mostly static, but it still ships client JavaScript, external integrations, analytics hooks, public API examples, and deployment config. Review those surfaces seriously. + +## Rules + +1. No hardcoded secrets, API keys, access tokens, passwords, or private endpoints in any file. + Public browser-safe keys must be intentionally public and documented as such. + Example: `themeConfig.algolia.apiKey` in `docusaurus.config.js` is a public search key; treat similar additions with scrutiny. + +2. Never place private credentials in Docusaurus config, frontmatter, static scripts, GitHub workflows, or docs examples that appear real. + Use obvious placeholders such as `kep_...` rather than production-looking values. + +3. `dangerouslySetInnerHTML` must be paired with trusted content or sanitization. + If user-controlled HTML is ever introduced, require DOMPurify or an equivalent sanitizer. + +4. No `eval()` or `new Function()` usage anywhere. + +5. External redirect targets must be allowlisted and not derived from unsanitized user input. + This matters in redirect configs like `static/_redirects` and any future runtime redirects. + +6. Cookies or local storage entries that hold auth tokens must be avoided in client-side scripts unless secure handling is explicit. + If auth is introduced, require `httpOnly` and `secure` cookies on the server side. + +7. No SQL or command string interpolation in any future server helper, script, or plugin. + Parameterize inputs. + +8. File uploads or downloadable assets added to docs workflows must validate content type and size server-side if any upload path is introduced. + +9. Do not log user data, secrets, or tokens to the browser console or CI logs. + +10. `fetch()` or XHR calls from client code must not expose server-only credentials. + Static scripts under `static/js/` and `static/scripts/` are public by definition. + +11. Third-party scripts, analytics snippets, or chat widgets added to `docusaurus.config.js`, `static/scripts/`, or page `` output require an explicit review of origin, privacy impact, and load strategy. + +12. Public API docs must not encourage insecure copy-paste examples. + Prefer scoped keys, short-lived tokens, and clear placeholder values, as seen in `versioned_docs/version-4.0.0/running-keploy/public-api.md`. diff --git a/.claude/skills/qa-agent/rules/seo.md b/.claude/skills/qa-agent/rules/seo.md new file mode 100644 index 000000000..2ceb4132e --- /dev/null +++ b/.claude/skills/qa-agent/rules/seo.md @@ -0,0 +1,29 @@ +# SEO Rules + +SEO is a first-class concern in this repo. Recent commits heavily modify sitemap, schema, keywords, redirects, titles, breadcrumbs, and llms files. Treat regressions seriously. + +## Rules + +1. Broken internal links are `blocking`. + They harm users and search crawling, and this repo is configured to fail on broken links. + +2. Every new or materially updated docs page must have a unique `title` and a meaningful `description`. + +3. Strategic pages such as landing pages, installation guides, API docs, and glossary entries should provide social image coverage. + `src/theme/DocItem/index.js` already emits `og:image` and `twitter:image` when a page image is available. + +4. Canonical URL behavior must not regress. + Changes to `docusaurus.config.js`, `src/theme/DocItem/index.js`, redirects, or permalink/frontmatter logic that break canonical consistency are `blocking`. + +5. Do not remove or degrade structured data without a clear reason. + The repo currently emits JSON-LD from `docusaurus.config.js`, `src/theme/DocItem/index.js`, and `src/pages/index.js`. + +6. Page titles and descriptions should not be duplicated across unrelated current-version pages. + +7. Avoid hardcoded absolute docs URLs when a stable internal doc link would prevent redirect churn. + +8. New images intended for sharing should be crawlable, stable, and sized appropriately for previews. + +9. Updates to `static/llms.txt`, `static/llms-full.txt`, sitemap behavior, redirects, or breadcrumb logic need explicit QA because they affect discoverability beyond the rendered page. + +10. Redirect changes in `static/_redirects`, `vercel.json`, or future config must preserve the canonical destination and avoid chains where practical. diff --git a/.claude/skills/qa-agent/rules/typescript.md b/.claude/skills/qa-agent/rules/typescript.md new file mode 100644 index 000000000..3a9f3d39a --- /dev/null +++ b/.claude/skills/qa-agent/rules/typescript.md @@ -0,0 +1,32 @@ +# TypeScript Rules + +This repository has no first-class `.ts` or `.tsx` source files today and no root `tsconfig.json`, but it does ship TypeScript dependencies and transforms TypeScript code examples in `docusaurus.config.js`. Apply these rules only when reviewing: + +1. newly added `.ts` or `.tsx` files +2. plugin code that introduces TypeScript +3. fenced TypeScript examples in docs where correctness is part of the feature + +## Rules + +1. No `any` type. + Use `unknown` plus narrowing, or define the actual shape. + +2. No non-null assertions (`!`) without an inline comment explaining why the value is safe. + +3. No `@ts-ignore` without a clear reason. + Prefer `@ts-expect-error` with a comment when suppression is truly required. + +4. All exported functions must have explicit return types. + +5. Do not use `as Type` to coerce data from external sources such as API responses, `process.env`, or untyped JSON without validation. + +6. Prefer string literal unions over broad enums unless the enum is shared, stable, and justified. + +7. Do not leave implicit `any` from untyped third-party packages unresolved. + Add `@types/*`, a local declaration, or wrap the boundary safely. + +8. Generic parameter names must be descriptive when the type carries domain meaning. + `TValue` is acceptable when the generic has a specific role; bare `T` or `U` is only acceptable for very local conventional helpers. + +9. For docs examples, the code shown to readers must still be type-sound even though the site temporarily prepends `// @ts-nocheck` during remark processing. + That transform exists to keep docs builds flexible, not to excuse broken examples. diff --git a/.claude/skills/qa-agent/templates/report.md b/.claude/skills/qa-agent/templates/report.md new file mode 100644 index 000000000..cfe226e2c --- /dev/null +++ b/.claude/skills/qa-agent/templates/report.md @@ -0,0 +1,79 @@ +# QA Review — [filename or "Full Codebase"] — [date] + +## Summary + +| Severity | Count | +| --- | ---: | +| 🔴 Blocking | N | +| 🟡 Warning | N | +| 🔵 Suggestion | N | +| ⚪ Nitpick | N | + +Files reviewed: N +Files impacted (cross-file): N +Skipped (auto-generated/ignored): N + +## Gate Checklist + +- [ ] No blocking-severity findings +- [ ] Impacted files checked +- [ ] Navigation and internal links remain valid +- [ ] Required metadata/frontmatter preserved + +## 🔴 Blocking — Must fix before merge + +[File path] — Line [N] +Rule: [rule name from rules/*.md] +What: [one sentence] +Why: [one sentence on impact] +Fix: + +```text +[exact code fix or instructions] +``` + +## 🟡 Warnings — Should fix soon + +[File path] — Line [N] +Rule: [rule name from rules/*.md] +What: [one sentence] +Why: [one sentence on impact] +Fix: + +```text +[exact code fix or instructions] +``` + +## 🔵 Suggestions — Improve quality + +[File path] — Line [N] +Rule: [rule name from rules/*.md] +What: [one sentence] +Why: [one sentence on impact] +Fix: + +```text +[exact code fix or instructions] +``` + +## ⚪ Nitpicks — Optional + +[File path] — Line [N] +Rule: [rule name from rules/*.md] +What: [one sentence] +Why: [one sentence on impact] +Fix: + +```text +[exact code fix or instructions] +``` + +## Cross-file impact map + +Files changed: [list] +Impacted dependents: [list with relationship type] +Config files referencing changed files: [list] + +## What was NOT reviewed + +[list any skipped files and why]