Skip to content

Testing and Quality

emrecanozturk edited this page Jul 16, 2026 · 1 revision

Testing and Quality

IntentFlow is useful only if behavior becomes easier to verify.

Local Checks

Run the fast checks:

./gradlew test
./gradlew :intentflow-generator:run --args="validate .intentflow/login.intentflow.yaml"

Run the full release-facing check:

./scripts/check.sh

What The Full Check Covers

  • Kotlin package build
  • Kotlin tests
  • generator smoke tests
  • AI manifest validation
  • demo app build
  • Dokka build

CI

GitHub Actions currently includes:

  • CI: package tests, generator smoke, manifest validation, demo app build
  • Documentation: Dokka build
  • CodeQL: Kotlin code scanning
  • Release Check: release readiness workflow
  • Dependabot: Kotlin and GitHub Actions dependency checks

Reducer Tests

Reducer tests should read like acceptance traces:

idle + submit -> validating + validate effect
validating + credentialsValid -> requestingToken + requestToken effect
requestingToken + tokenReceived -> authenticated + completed output

Store Tests

Store tests should cover:

  • effect handlers feeding events back into the store
  • observation snapshots
  • route emission
  • output emission
  • cancellation behavior

Manifest Tests

AI-mode features should validate:

  • required fields exist
  • invariants are present
  • acceptance traces are present
  • mode-specific files are generated

Code Review Checklist

Before merging:

  • reducers are pure
  • effects are typed
  • long-running effects have cancellation IDs
  • UI remains an adapter
  • routes and outputs are explicit
  • tests cover new workflow branches
  • manifests and docs are updated when contracts change

Security And Quality

The public repository is configured with:

  • security policy
  • private vulnerability reporting
  • Dependabot alerts and security updates
  • secret scanning and push protection
  • CodeQL code scanning across all Kotlin files built by the package, tests, demo app, examples, migration samples, and Dokka tutorial sample

Do not publish fake security advisories. Advisories should exist only for real vulnerabilities.

Clone this wiki locally