ctrlshiftleft
Version:
AI-powered toolkit for embedding QA and security testing into development workflows
183 lines (175 loc) • 7.49 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.OpenAIAgent = void 0;
const openai_1 = __importDefault(require("openai"));
/**
* OpenAI Agent for generating tests and checklists from source code
*/
class OpenAIAgent {
constructor() {
// Initialize OpenAI client with API key from environment variable
const apiKey = process.env.OPENAI_API_KEY;
if (!apiKey) {
console.warn('OPENAI_API_KEY environment variable not set. Agent features will not work.');
}
this.client = new openai_1.default({
apiKey: process.env.OPENAI_API_KEY,
});
}
/**
* Generate tests and checklists from source code
* @param content Source code or content to analyze
* @returns Generated tests and checklists
*/
async generateTestsAndChecklists(content) {
if (!process.env.OPENAI_API_KEY) {
throw new Error('OPENAI_API_KEY environment variable not set');
}
const response = await this.client.chat.completions.create({
model: 'gpt-4-turbo-preview',
messages: [
{
role: 'system',
content: `You are Cascade, a powerful agentic AI coding assistant designed by the Codeium engineering team. Your mission is to create QA and security tests that shift testing left in the development process.
As an expert in the Ctrl.shift.left toolkit, you specialize in analyzing source code to generate:
1. Comprehensive end-to-end test scenarios with clear steps and assertions that detect security vulnerabilities early
2. Detailed QA and security checklists covering both functionality and security risks
You prioritize:
- Input validation & sanitization tests
- Authentication & authorization control validation
- Data exposure prevention
- Prevention of injection attacks (XSS, SQL, command injection)
- Proper error handling and state management
- Edge case detection and boundary testing
Your analysis should be thorough, identifying both obvious and subtle security risks in the provided code.`
},
{
role: 'user',
content: `Generate tests and checklists for the following code using a structured reasoning approach:
1. ANALYSIS: First analyze the code to identify components, functionality, and potential security vulnerabilities
2. TEST PLAN: Develop test scenarios based on the identified components and vulnerabilities
3. CHECKLIST: Create security checklist items with verification steps
Code to analyze:
\`\`\`
${content}
\`\`\``
}
],
temperature: 0.2,
response_format: { type: 'json_object' }
});
const generatedContent = response.choices[0]?.message.content;
if (!generatedContent) {
throw new Error('Empty response from OpenAI API');
}
const parsedResponse = JSON.parse(generatedContent);
// Extract tests and checklist from the response
const tests = this.extractTestScenarios(parsedResponse);
const checklist = this.extractChecklist(parsedResponse);
return { tests, checklist };
}
/**
* Extract test scenarios from response
*/
extractTestScenarios(response) {
if (!response.tests || !Array.isArray(response.tests)) {
return [];
}
return response.tests.map((test, index) => ({
id: test.id || `test-${index + 1}`,
description: test.description || `Test Scenario ${index + 1}`,
steps: Array.isArray(test.steps) ? test.steps : [],
assertions: Array.isArray(test.assertions) ? test.assertions : [],
priority: test.priority || 'medium',
category: test.category || 'functional'
}));
}
/**
* Extract checklist from response
*/
extractChecklist(response) {
if (!response.checklist) {
return {
title: 'Generated QA and Security Checklist',
description: 'Auto-generated checklist for source code',
categories: [],
items: []
};
}
const checklist = response.checklist;
return {
title: checklist.title || 'Generated QA and Security Checklist',
description: checklist.description || 'Auto-generated checklist for source code',
categories: Array.isArray(checklist.categories) ? checklist.categories : [],
items: Array.isArray(checklist.items)
? checklist.items.map((item, index) => ({
id: item.id || `item-${index + 1}`,
title: item.title || `Checklist Item ${index + 1}`,
description: item.description || '',
category: item.category || 'general',
severity: item.severity || 'medium',
verification: item.verification
}))
: []
};
}
/**
* Perform a semantic search across code files
* @param query The search query
* @param files Array of file objects with path and content
* @returns Search results with relevance scores
*/
async performSemanticSearch(query, files) {
if (!process.env.OPENAI_API_KEY) {
throw new Error('OPENAI_API_KEY environment variable not set');
}
const response = await this.client.chat.completions.create({
model: 'gpt-4-turbo-preview',
messages: [
{
role: 'system',
content: `You are an expert code analyzer that specializes in semantic search across codebases.
Your task is to identify the most relevant files and code snippets for a given search query.
Focus on security and QA aspects that match the query.
Provide your response in JSON format.`
},
{
role: 'user',
content: `Perform a semantic search for: "${query}"
Across these files:
${files.map(f => `=== ${f.filePath} ===
${f.content}
`).join('\n')}
Respond with a JSON object containing an array of results with fields: filePath, relevance (0-1), snippet, and reasons.`
}
],
temperature: 0.1,
response_format: { type: 'json_object' }
});
const generatedContent = response.choices[0]?.message.content;
if (!generatedContent) {
return [];
}
try {
const parsedResponse = JSON.parse(generatedContent);
if (!parsedResponse.results || !Array.isArray(parsedResponse.results)) {
return [];
}
return parsedResponse.results.map((result) => ({
filePath: result.filePath || '',
relevance: parseFloat(result.relevance) || 0,
snippet: result.snippet || '',
reasons: Array.isArray(result.reasons) ? result.reasons : []
}));
}
catch (error) {
console.error('Error parsing semantic search results:', error);
return [];
}
}
}
exports.OpenAIAgent = OpenAIAgent;
//# sourceMappingURL=openaiAgent.js.map