Skip to content

Cofy-ME/testforge

Repository files navigation

🛡️ TestForge Bob: Autonomous Test & Vulnerability Guard

TestForge Bob is an autonomous repository guard that leverages IBM Bob to identify structural vulnerabilities, remediate exposed credentials, and generate comprehensive, context-aware Jest test suites.


IBM Bob Evidence

This repository features a fully populated and sanitized bob_sessions/ directory documenting our interactive development cycle with IBM Bob IDE. These session history files, telemetry screenshots, and artifact logs serve as auditable evidence of Bob's role in tracing workspace dependencies, refactoring structural logic, and generating deep test coverage.

Auditable Session Deliverables

Our engineering lifecycle with IBM Bob is categorized into two core operational loops:

  1. Automated Test Generation Loop

    • 📄 Task Log: bob_sessions/generation_history.md — Documents full-repository intent analysis, cognitive complexity scanning, and the generation of a comprehensive Jest test suite.
    • 🖼️ Telemetry Screenshot: bob_sessions/generation_metrics.png — Provides visual evidence of token consumption data and context window sizing during test suite generation.
  2. Secure Vulnerability Remediation Loop

    • 📄 Task Log: bob_sessions/remediation_history.md — Tracks the step-by-step refactoring workflow where a hardcoded fallback secret was safely replaced with a dynamic environment variable pattern (process.env).
    • 🖼️ Telemetry Screenshot: bob_sessions/remediation_metrics.png — Captures resource cost metrics and task execution checks for the security patching sequence.

Core Capabilities Utilized

IBM Bob served as our central software development partner, orchestrating:

  • Full-Repository Intent Analysis: Mapping cross-module logic pathways across Python orchestration code and JavaScript service logic.
  • Test-Generation Planning: Formulating targeted test manifests based on cognitive branch density and repository risk signals.
  • Secure Refactoring Guidance: Non-destructively eliminating exposed credential patterns while preserving original functional behavior.
  • Isolated Dependency Mocking: Creating sandboxed stubs and fixtures aligned with our .bobrules workspace requirements.
  • Judging Verification: Providing exported task histories and telemetry screenshots required for hackathon review.

Getting Started & Local Setup

Prerequisites

To run the TestForge Bob orchestrator and dashboard locally, ensure you have the following installed on your system:

  • Python 3.8+ (for the orchestrator and Streamlit dashboard)
  • Node.js & npm (to execute the generated Jest test suites)
  • Git

1. Installation

Clone the repository and install the required Python data visualization and UI dependencies.

# Clone the repository (replace with your actual URL)
git clone [https://github.com/YOUR_GITHUB_USERNAME/testforge-bob.git](https://github.com/YOUR_GITHUB_USERNAME/testforge-bob.git)
cd testforge-bob

# Install required Python packages for the dashboard
pip install streamlit pandas plotly

# Install Jest globally to run the generated tests locally
npm install -g jest

### 2. Execute the Test Suite
Because TestForge Bob successfully refactored the hardcoded vulnerability into a dynamic environment configuration, you must temporarily set the mock sandbox key in your terminal before running the tests.

*For Mac/Linux (Bash/Zsh):*
```bash
export DEV_MASTER_FALLBACK_KEY="api_key=sandboxTestKey123ABC"
npx jest target_service/authService.test.js

*For Windows (PowerShell):
$env:DEV_MASTER_FALLBACK_KEY="api_key=sandboxTestKey123ABC"
npx jest target_service/authService.test.js

About

Enterprise codebases are riddled with hidden vulnerabilities and lacking comprehensive test coverage. Finding and fixing these flaws manually slows down deployment and drains engineering resources.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors