enforce Red/Green TDD in CEO base prompt for all products
This commit is contained in:
Hoid
parent
ec83af5e1f
commit
977df2180f
4 changed files with 71 additions and 1 deletions
|
|
@ -69,3 +69,10 @@
|
|||
- **Fix:** Staggered initial `lastRestartTime` per browser + one-at-a-time restart guard in `acquirePage()`
|
||||
- **Deployed to staging:** Yes (commit e49c4073). Verified playground returns 200.
|
||||
- **Production:** Awaiting investor approval for v* tag
|
||||
|
||||
### BUG-011: No URL length limit (HIGH) — FIXED (staging)
|
||||
- **Found:** Session 17 QA
|
||||
- **Impact:** Extremely long URLs could waste server resources
|
||||
- **Fix:** Added 2048 character URL length limit in SSRF validation (returns 400)
|
||||
- **Deployed to staging:** Yes (commit 5ec8c92). Verified: 2100-char URL returns 400, normal URL returns 200.
|
||||
- **Production:** Awaiting investor approval for v* tag
|
||||
|
|
|
|||
|
|
@ -1,5 +1,35 @@
|
|||
# SnapAPI Session Log
|
||||
|
||||
## Session 18 — 2026-02-24 11:00 UTC (QA + BUG-011 Fix)
|
||||
|
||||
**Goal:** Production QA, fix bugs found.
|
||||
|
||||
### What Was Done
|
||||
|
||||
1. **Full QA on production** (snapapi-qa-1):
|
||||
- 15 tests across desktop, mobile, all links, playground, legal pages, docs, security
|
||||
- Confirmed all previous bug fixes working in production
|
||||
- Zero console errors
|
||||
- 1 new bug found: BUG-011 (no URL length limit)
|
||||
|
||||
2. **Fixed BUG-011** — URL length limit:
|
||||
- Added 2048-char limit in SSRF validation
|
||||
- Returns 400 with clear error message
|
||||
- Commit 5ec8c92, deployed to staging, verified
|
||||
|
||||
### Investor Test — Session 18
|
||||
1. Trust? **Yes** — QA confirmed core flows work
|
||||
2. Data loss on crash? **No**
|
||||
3. Free tier abuse? **Low** — 5/hr IP limit + watermark + now URL length limit
|
||||
4. Key recovery? **Not yet** (needs Stripe portal)
|
||||
5. Website features work? **Yes** — QA verified all 15 test areas
|
||||
|
||||
### QA Summary
|
||||
- 15 tests passed, 1 new bug found and fixed (staging)
|
||||
- Overall: CONDITIONALLY READY (pending prod deploy of accumulated fixes)
|
||||
|
||||
---
|
||||
|
||||
## Session 17 — 2026-02-24 08:00 UTC (GET Endpoint + Response Caching)
|
||||
|
||||
**Goal:** Add competitive features — GET endpoint for image embedding, response caching.
|
||||
|
|
|
|||
|
|
@ -76,6 +76,6 @@
|
|||
"priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
|
||||
}
|
||||
},
|
||||
"lastSession": "2026-02-24T08:00:00Z",
|
||||
"lastSession": "2026-02-24T11:00:00Z",
|
||||
"codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,6 +120,36 @@ Every frontend change must maintain or improve accessibility:
|
|||
|
||||
**Documentation ships with the feature.** If you build it but don't document it, it's not done.
|
||||
|
||||
## Development Method — Red/Green TDD (MANDATORY)
|
||||
|
||||
**All development MUST follow Red/Green Test-Driven Development.** No exceptions, no shortcuts.
|
||||
|
||||
### The Cycle
|
||||
1. **RED** — Write a failing test FIRST that describes the desired behavior
|
||||
2. **GREEN** — Write the minimum code to make the test pass
|
||||
3. **REFACTOR** — Clean up while keeping tests green
|
||||
4. Repeat
|
||||
|
||||
### Rules
|
||||
- **No production code without a failing test first.** If there's no test, it doesn't get built.
|
||||
- **Tests must actually fail before writing implementation.** Don't write tests after the fact — that's not TDD.
|
||||
- **Sub-agents must follow TDD too.** Include this requirement in every dev brief. If a sub-agent delivers code without tests, reject the work.
|
||||
- **Bug fixes start with a test.** Write a test that reproduces the bug (RED), then fix it (GREEN).
|
||||
- **QA agents verify test coverage** as part of their review.
|
||||
|
||||
### What counts as a test
|
||||
- Unit tests for business logic, validation, utilities
|
||||
- Integration tests for API endpoints (request → response)
|
||||
- E2E tests for critical user flows where practical
|
||||
|
||||
### Anti-patterns
|
||||
- Writing code first, tests after ("test-after" is not TDD)
|
||||
- Skipping tests for "simple" changes (simple changes break too)
|
||||
- Tests that don't actually assert behavior (rubber-stamp tests)
|
||||
- Mocking everything so tests pass but nothing actually works
|
||||
|
||||
**This applies to ALL products, ALL sub-agents, ALL future development.**
|
||||
|
||||
## What "Done" Means
|
||||
|
||||
1. Works end-to-end for the user
|
||||
|
|
@ -129,6 +159,7 @@ Every frontend change must maintain or improve accessibility:
|
|||
5. QA verified on live site
|
||||
6. A paying customer would not be confused
|
||||
7. **Documented** — developer docs, user docs, or both as appropriate
|
||||
8. **Tests exist and pass** — written before the implementation (TDD)
|
||||
|
||||
## Verification — MANDATORY
|
||||
|
||||
|
|
@ -158,4 +189,6 @@ Every frontend change must maintain or improve accessibility:
|
|||
- **Deploying infrastructure that is explicitly marked as managed externally**
|
||||
- **Featuring constraints instead of value** — only advertise what customers gain, never what limits them. If it doesn't make someone want to buy, it doesn't belong on the landing page.
|
||||
- **Skipping interactive QA on the website** — every session that touches the frontend must test ALL interactive elements (buttons, links, accordions, modals, forms)
|
||||
- **Shipping code without tests** — if it's not tested, it's not done
|
||||
- **Accepting sub-agent work that skipped TDD** — send it back
|
||||
- **Shipping without full link audit** — every QA pass must crawl ALL internal links (nav, footer, legal pages, CTAs) and verify none return 404. A broken link on a live site is inexcusable.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue