-
-
Notifications
You must be signed in to change notification settings - Fork 6
Quality_Assurance
Rafal Lagowski edited this page Sep 14, 2025
·
1 revision
ClaudeAutoPM enforces strict quality standards through automated checks, pre-commit hooks, and comprehensive validation processes. This page outlines the quality assurance framework and best practices.
"Quality is not an afterthought - it's built into every step of the development process."
- Prevention over Detection: Catch issues before they reach production
- Automation First: Automate quality checks wherever possible
- Fast Feedback: Provide immediate feedback to developers
- Comprehensive Coverage: Test at multiple levels
- Continuous Improvement: Learn from issues and improve processes
Before any code is considered complete, it must meet all criteria:
- Code follows established patterns and conventions
- No linting errors or warnings
- TypeScript strict mode compliance (if applicable)
- No security vulnerabilities detected
- Performance impact assessed
- Unit tests written and passing (80% coverage minimum)
- Integration tests cover main flows
- E2E tests for critical paths
- Security tests pass
- Performance tests meet benchmarks
- Code is self-documenting with clear names
- Complex logic has inline comments
- API changes documented
- README updated if needed
- Changelog updated for user-facing changes
- Code review completed by team member
- All feedback addressed
- Security review if touching sensitive areas
- Performance review for critical paths
- All CI/CD checks pass
- Docker builds successfully
- Kubernetes deployment tested (if applicable)
- Rollback plan documented
- Monitoring alerts configured
ClaudeAutoPM installs comprehensive git hooks to enforce quality:
#!/bin/bash
# .git/hooks/pre-commit
echo "🔒 Running pre-commit validation..."
# Critical files check
echo "📁 Checking critical files..."
required_files=(
".claude/strategies/ACTIVE_STRATEGY.md"
".claude/base.md"
"package.json"
)
for file in "${required_files[@]}"; do
if [[ -f "$file" ]]; then
echo " ✓ Found: $file"
else
echo " ❌ Missing required file: $file"
exit 1
fi
done
# Run tests
echo "🧪 Running regression tests..."
npm run test:regression
if [[ $? -ne 0 ]]; then
echo "❌ Regression tests failed"
exit 1
fi
# Check for test modifications
echo "🔍 Checking for test modifications..."
if git diff --cached --name-only | grep -q "test/"; then
echo " ⚠️ Test files modified - running full test suite"
npm test
if [[ $? -ne 0 ]]; then
echo "❌ Tests failed"
exit 1
fi
fi
# JavaScript syntax check
echo "🔧 Checking JavaScript syntax..."
for file in $(git diff --cached --name-only | grep -E '\.(js|ts)$'); do
if [[ -f "$file" ]]; then
node -c "$file"
if [[ $? -ne 0 ]]; then
echo "❌ Syntax error in $file"
exit 1
fi
fi
done
# JSON validation
echo "📋 Checking JSON files..."
for file in $(git diff --cached --name-only | grep -E '\.json$'); do
if [[ -f "$file" ]]; then
jq empty "$file" 2>/dev/null
if [[ $? -ne 0 ]]; then
echo "❌ Invalid JSON in $file"
exit 1
fi
fi
done
echo "✅ All checks passed! Proceeding with commit."The safe-commit.sh script provides additional validation:
#!/bin/bash
# scripts/safe-commit.sh
set -e
COMMIT_MSG="$1"
if [[ -z "$COMMIT_MSG" ]]; then
echo "Usage: ./scripts/safe-commit.sh 'commit message'"
exit 1
fi
echo "🔒 Running pre-commit validation..."
# Stage all changes
git add .
# Run pre-commit hooks
git commit -m "$COMMIT_MSG"
echo "✅ Commit successful with safety checks"JavaScript/TypeScript (ESLint):
{
"extends": [
"@typescript-eslint/recommended",
"prettier"
],
"rules": {
"@typescript-eslint/no-unused-vars": "error",
"@typescript-eslint/explicit-function-return-type": "warn",
"prefer-const": "error",
"no-var": "error"
}
}Markdown (markdownlint):
{
"default": true,
"MD013": false,
"MD033": {
"allowed_elements": ["details", "summary"]
}
}Prettier Configuration:
{
"semi": true,
"trailingComma": "es5",
"singleQuote": true,
"printWidth": 80,
"tabWidth": 2
}Security Scanning:
- npm audit for dependency vulnerabilities
- CodeQL for code analysis
- OWASP security checks
- Secret detection in commits
# Run security checks
npm audit --audit-level=moderate
npm run test:securityEvery push triggers comprehensive quality checks:
# Quality gate workflow
jobs:
quality-gate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Lint code
run: npm run lint
- name: Type check
run: npm run type-check
- name: Security scan
run: npm audit
- name: Unit tests
run: npm run test:unit
- name: Integration tests
run: npm run test:integration
- name: Build verification
run: npm run buildTest Coverage Requirements:
- Unit tests: 80% minimum
- Integration tests: 70% minimum
- E2E tests: 100% for critical paths
- Overall coverage: 85% minimum
Performance Benchmarks:
- Command execution: <500ms for simple operations
- API response time: <200ms for standard queries
- Memory usage: <100MB for typical operations
- Docker build time: <2 minutes
Functionality:
- Code works as intended
- Edge cases handled
- Error handling implemented
- Performance considerations addressed
Code Quality:
- Follows project conventions
- No code duplication
- Proper abstraction levels
- Clear variable/function names
Security:
- Input validation implemented
- No hardcoded secrets
- Proper authentication/authorization
- SQL injection prevention
Testing:
- Adequate test coverage
- Tests are meaningful
- Mock usage appropriate
- Test names are descriptive
For Reviewers:
- Be constructive: Suggest improvements, not just problems
- Consider context: Understand the broader goal
- Test locally: Pull and test complex changes
- Check documentation: Ensure docs are updated
- Approve confidently: Only approve if you'd deploy it
For Authors:
- Self-review first: Review your own code before submitting
- Write good descriptions: Explain what and why
- Respond promptly: Address feedback quickly
- Test thoroughly: Ensure all scenarios work
- Update documentation: Keep docs current
/\
/E2E\ <- Few, slow, high-value
/______\
/ \
/Integration\ <- More, medium speed
\_____________/
/ \
/ Unit \ <- Many, fast, focused
\______________/
test/
├── unit/ # Fast, isolated tests
│ ├── utils/
│ ├── components/
│ └── services/
├── integration/ # Component interaction tests
│ ├── api/
│ ├── database/
│ └── external-services/
├── e2e/ # Full workflow tests
│ ├── user-flows/
│ ├── critical-paths/
│ └── smoke-tests/
├── security/ # Security-focused tests
│ ├── authentication/
│ ├── authorization/
│ └── input-validation/
└── performance/ # Performance benchmarks
├── load-tests/
├── stress-tests/
└── benchmarks/
Good Test Characteristics:
- Fast: Unit tests run in milliseconds
- Independent: No dependencies between tests
- Repeatable: Same result every time
- Self-validating: Clear pass/fail
- Timely: Written close to production code
Test Naming Convention:
describe('UserService', () => {
describe('createUser', () => {
it('should create user with valid data', () => {
// Test implementation
});
it('should throw error when email already exists', () => {
// Test implementation
});
it('should sanitize input data', () => {
// Test implementation
});
});
});| Operation | Target | Maximum |
|---|---|---|
| Page load | <1s | <3s |
| API response | <200ms | <500ms |
| Database query | <50ms | <100ms |
| Test suite | <30s | <60s |
| Docker build | <2min | <5min |
// Performance test example
describe('Performance Tests', () => {
it('should handle 100 concurrent users', async () => {
const startTime = Date.now();
const requests = Array(100).fill().map(() =>
request(app).get('/api/users')
);
const responses = await Promise.all(requests);
const duration = Date.now() - startTime;
expect(duration).toBeLessThan(5000); // 5 seconds max
expect(responses.every(r => r.status === 200)).toBe(true);
});
});Authentication & Authorization:
- Proper authentication mechanisms
- Role-based access control
- Session management
- Token expiration
Input Validation:
- All inputs validated
- SQL injection prevention
- XSS protection
- CSRF protection
Data Protection:
- Sensitive data encrypted
- Secure data transmission
- Proper secret management
- Data retention policies
Infrastructure Security:
- Security headers configured
- HTTPS enforced
- Dependency scanning
- Container security
// Security test examples
describe('Security Tests', () => {
it('should prevent SQL injection', async () => {
const maliciousInput = "'; DROP TABLE users; --";
const response = await request(app)
.post('/api/search')
.send({ query: maliciousInput });
expect(response.status).toBe(400);
expect(response.body.error).toMatch(/invalid input/i);
});
it('should sanitize XSS attempts', async () => {
const xssPayload = '<script>alert("XSS")</script>';
const response = await request(app)
.post('/api/comments')
.send({ content: xssPayload });
expect(response.body.content).not.toContain('<script>');
});
});Code Quality Metrics:
- Test coverage percentage
- Code complexity scores
- Linting error count
- Security vulnerability count
- Documentation coverage
Process Metrics:
- Pull request review time
- Build success rate
- Deployment frequency
- Mean time to recovery
User Quality Metrics:
- Error rate in production
- Performance metrics
- User satisfaction scores
- Support ticket volume
# Generate quality report
npm run quality:report
# Output:
Quality Report - 2024-01-15
========================
✅ Test Coverage: 94.3%
✅ Security Scan: 0 vulnerabilities
✅ Performance: All benchmarks passed
⚠️ Linting: 3 warnings
❌ Documentation: 2 missing sectionsRegular quality retrospectives help improve processes:
Questions to Ask:
- What quality issues did we encounter?
- What worked well in our quality process?
- Where can we improve our standards?
- What tools or processes should we add?
- How can we prevent similar issues?
Team Quality Standards:
- Regular code review training
- Security awareness sessions
- Testing best practices workshops
- Tool training (linters, formatters, etc.)
- Quality culture discussions
Quality Process Improvements:
- Regular review of quality standards
- Tool evaluation for better automation
- Metric tracking to identify trends
- Team feedback on quality processes
- Industry best practices adoption
| Category | Tool | Purpose |
|---|---|---|
| Linting | ESLint, markdownlint | Code style and error detection |
| Formatting | Prettier | Consistent code formatting |
| Type Checking | TypeScript | Static type validation |
| Testing | Jest, Playwright | Automated testing |
| Security | npm audit, CodeQL | Security vulnerability detection |
| Performance | K6, Lighthouse | Performance monitoring |
| Documentation | JSDoc, Swagger | API documentation |
VS Code Extensions:
- ESLint for real-time linting
- Prettier for formatting
- GitLens for git integration
- Jest for test running
- Docker for container management
- Make quality everyone's responsibility
- Celebrate quality improvements
- Learn from quality issues
- Automate quality checks
- Measure and improve continuously
- Pair programming for complex features
- Code review for all changes
- Quality discussions in team meetings
- Shared ownership of code quality
- Continuous learning about quality practices
- Testing Strategies - Comprehensive testing approach
- GitHub Actions - Automated quality checks
- Troubleshooting - Quality issue resolution
- Custom Agents - Agent quality standards