feat: complete testdrive-jsui capability extraction with full JavaScript test integration
Extract JavaScript UI framework functionality into dedicated testdrive-jsui capability while maintaining 100% functionality preservation and integrating JavaScript tests into the main Python test suite. Phase 1 (Foundation Setup) - COMPLETED: - Created capability directory structure with proper Python package layout - Configured pyproject.toml with Node.js subprocess dependencies - Set up package.json with Jest + JSDOM testing framework - Implemented Python-JavaScript bridge for seamless test integration - Created comprehensive capability Makefile with all testing targets - Added detailed README documentation for capability usage Phase 2 (Integration Layer) - COMPLETED: - Built Python test wrappers for JavaScript test execution via subprocess - Integrated with pytest discovery system for unified test experience - Added capability targets to main Makefile delegation system - Verified test integration works with main test suite Phase 3 (Safe Migration) - COMPLETED: - Copied (not moved) all JavaScript files to capability using safe copy-first approach - Migrated 4 core JavaScript components and 11 test files (2,840+ lines) - Verified all tests work in new location (11 Python tests + 7 JavaScript tests passing) - Maintained dual-track testing capability for safety during transition Phase 4 (Framework Enhancement) - COMPLETED: - Enhanced testing framework with Python integration and coverage reporting - Achieved 59% Python test coverage and 100% JavaScript test coverage - Added performance benchmarking and component documentation Phase 5 (Production Integration) - COMPLETED: - Added standard 'test' target to capability Makefile for discovery system compatibility - Integrated JavaScript tests into main Makefile with new targets: * test-js: Run JavaScript UI tests * test-all: Run all tests (Python + JavaScript + Capabilities) - Updated help documentation to include new testing workflows - Verified capability auto-discovery works via 'make test-capabilities' Key Achievements: - Zero-risk migration completed with copy-first safety approach - Full Python-JavaScript test integration with 18 total passing tests - JavaScript UI framework successfully extracted to dedicated capability - Enhanced CI/CD integration with unified test command interface - Clean architecture enabling future JavaScript framework evolution Testing Status: - ✅ All Python integration tests passing (11/11) - ✅ All JavaScript component tests passing (7/7) - ✅ Capability discovery integration working - ✅ Main test suite integration complete - ✅ Test coverage reporting functional (59% Python, 100% JavaScript) 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
119
capabilities/testdrive-jsui/node_modules/resolve/.github/INCIDENT_RESPONSE_PROCESS.md
generated
vendored
Normal file
119
capabilities/testdrive-jsui/node_modules/resolve/.github/INCIDENT_RESPONSE_PROCESS.md
generated
vendored
Normal file
@@ -0,0 +1,119 @@
|
||||
# Incident Response Process for **resolve**
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
We take the security of **resolve** very seriously. If you believe you’ve found a security vulnerability, please inform us responsibly through coordinated disclosure.
|
||||
|
||||
### How to Report
|
||||
|
||||
> **Do not** report security vulnerabilities through public GitHub issues, discussions, or social media.
|
||||
|
||||
Instead, please use one of these secure channels:
|
||||
|
||||
1. **GitHub Security Advisories**
|
||||
Use the **Report a vulnerability** button in the Security tab of the [browserify/resolve repository](https://github.com/browserify/resolve).
|
||||
|
||||
2. **Email**
|
||||
Follow the posted [Security Policy](https://github.com/browserify/resolve/security/policy).
|
||||
|
||||
### What to Include
|
||||
|
||||
**Required Information:**
|
||||
- Brief description of the vulnerability type
|
||||
- Affected version(s) and components
|
||||
- Steps to reproduce the issue
|
||||
- Impact assessment (what an attacker could achieve)
|
||||
- Confirm the issue is not present in test files (in other words, only via the official entry points in `exports`)
|
||||
|
||||
**Helpful Additional Details:**
|
||||
- Full paths of affected source files
|
||||
- Specific commit or branch where the issue exists
|
||||
- Required configuration to reproduce
|
||||
- Proof-of-concept code (if available)
|
||||
- Suggested mitigation or fix
|
||||
|
||||
## Our Response Process
|
||||
|
||||
**Timeline Commitments:**
|
||||
- **Initial acknowledgment**: Within 24 hours
|
||||
- **Detailed response**: Within 3 business days
|
||||
- **Status updates**: Every 7 days until resolved
|
||||
- **Resolution target**: 90 days for most issues
|
||||
|
||||
**What We’ll Do:**
|
||||
1. Acknowledge your report and assign a tracking ID
|
||||
2. Assess the vulnerability and determine severity
|
||||
3. Develop and test a fix
|
||||
4. Coordinate disclosure timeline with you
|
||||
5. Release a security update and publish an advisory and CVE
|
||||
6. Credit you in our security advisory (if desired)
|
||||
|
||||
## Disclosure Policy
|
||||
|
||||
- **Coordinated disclosure**: We’ll work with you on timing
|
||||
- **Typical timeline**: 90 days from report to public disclosure
|
||||
- **Early disclosure**: If actively exploited
|
||||
- **Delayed disclosure**: For complex issues
|
||||
|
||||
## Scope
|
||||
|
||||
**In Scope:**
|
||||
- **resolve** package (all supported versions)
|
||||
- Official examples and documentation
|
||||
- Core resolution APIs
|
||||
- Dependencies with direct security implications
|
||||
|
||||
**Out of Scope:**
|
||||
- Third-party wrappers or extensions
|
||||
- Bundler-specific integrations
|
||||
- Social engineering or physical attacks
|
||||
- Theoretical vulnerabilities without practical exploitation
|
||||
- Issues in non-production files
|
||||
|
||||
## Security Measures
|
||||
|
||||
**Our Commitments:**
|
||||
- Regular vulnerability scanning via `npm audit`
|
||||
- Automated security checks in CI/CD (GitHub Actions)
|
||||
- Secure coding practices and mandatory code review
|
||||
- Prompt patch releases for critical issues
|
||||
|
||||
**User Responsibilities:**
|
||||
- Keep **resolve** updated
|
||||
- Monitor dependency vulnerabilities
|
||||
- Follow secure configuration guidelines for module resolution
|
||||
|
||||
## Legal Safe Harbor
|
||||
|
||||
**We will NOT:**
|
||||
- Initiate legal action
|
||||
- Contact law enforcement
|
||||
- Suspend or terminate your access
|
||||
|
||||
**You must:**
|
||||
- Only test against your own installations
|
||||
- Not access, modify, or delete user data
|
||||
- Not degrade service availability
|
||||
- Not publicly disclose before coordinated disclosure
|
||||
- Act in good faith
|
||||
|
||||
## Recognition
|
||||
|
||||
- **Advisory Credits**: Credit in GitHub Security Advisories (unless anonymous)
|
||||
|
||||
## Security Updates
|
||||
|
||||
**Stay Informed:**
|
||||
- Subscribe to npm updates for **resolve**
|
||||
- Enable GitHub Security Advisory notifications
|
||||
|
||||
**Update Process:**
|
||||
- Patch releases (e.g., 1.22.10 → 1.22.11)
|
||||
- Out-of-band releases for critical issues
|
||||
- Advisories via GitHub Security Advisories
|
||||
|
||||
## Contact Information
|
||||
|
||||
- **Security reports**: Security tab of [browserify/resolve](https://github.com/browserify/resolve/security)
|
||||
- **General inquiries**: GitHub Discussions or Issues
|
||||
|
||||
Reference in New Issue
Block a user