Add public API commands by ramilamparo · Pull Request #58 · Hypersequent/qas-cli

ramilamparo · 2026-03-18T14:09:36Z

Summary

Adds a new qasphere api command that provides direct CLI access to the full QA Sphere public API. Users can now manage projects, test runs, test cases, results, and other resources programmatically without writing custom API integration code.

What's included

16 resource subcommands: projects, runs, test-cases, results, folders, milestones, tags, requirements, shared-steps, shared-preconditions, custom-fields, audit-logs, settings, test-plans, files, users
JSON argument flexibility: Complex args accept inline JSON or file path.
Zod validation with path-based errors: Detailed error messages like [0].tcaseIds: not allowed for "live" runs
Lazy env loading: QAS_URL/QAS_TOKEN loaded only when the API is called, so CLI validation errors surface first
Path parameter validation: Regex-based validation prevents injection via crafted identifiers
File upload size limits: File body mode supports optional maxSize enforcement (e.g., 50 MiB for file uploads)
Agent Skills: New SKILL.md file allows installing skills via npx skills add Hypersequent/qas-cli

Architecture

The API command uses a manifest-based pattern

src/api/                          # API client layer
├── index.ts                      # createApi() — composes fetch chain and assembles all sub-modules
├── schemas.ts                    # Shared types, RequestValidationError, validateRequest(), common Zod fields
├── utils.ts                      # Fetch decorators, resourceIdSchema, printJson()
└── <resource>.ts                 # One per resource — exports create<Resource>Api(fetcher) factory,
                                  #   defines Zod request schemas for early validation before API calls

src/commands/api/                 # CLI command layer
├── types.ts                      # ApiEndpointSpec discriminated union (bodyMode: 'none' | 'json' | 'file')
├── manifests/                    # Declarative endpoint specs — one file per resource
│   ├── index.ts                  # Aggregates all specs into allSpecs array
│   ├── utils.ts                  # Shared param definitions (projectCodeParam, etc.)
│   └── <resource>.ts             # Array of ApiEndpointSpec objects per resource
├── builder.ts                    # Builds yargs command tree from flat specs array
├── executor.ts                   # Orchestrates validation → body processing → API call → error mapping
├── main.ts                       # Registers the api command
└── utils.ts                      # Shared helpers: validation, body parsing, error formatting

src/tests/api/                    # API command tests
├── test-helper.ts                # Shared infrastructure: useMockServer(), runCli(), test fixture
│                                 #   with project lifecycle (mock or live), helper creators
└── <resource>/
    └── <action>.spec.ts          # One spec per action — mocked tests (MSW), validation error
                                  #   tests, and live tests (tagged, run against real instance)

Each endpoint is a plain declarative object — the builder and executor handle all yargs wiring, validation, and error handling generically

Other changes

New API modules: audit-logs, custom-fields, milestones, requirements, results, settings, shared-preconditions, shared-steps, tags, test-plans, users, file — plus expanded runs, tcases, projects, folders
CLAUDE.md updated with full architecture docs for the manifest-based API command
README.md updated with usage documentation
SKILL.md added for AI coding agent support
CI workflow updated
npm audit fix applied to dependencies

Testing

55+ test files under src/tests/api/ organized by resource, one spec per action
Each spec typically contains: mocked tests with MSW handlers, validation error tests, and live tests tagged with { tags: ['live'] }
Shared test infrastructure in test-helper.ts with useMockServer(), runCli(), expectValidationError(), and a test fixture with project lifecycle management
Global setup (global-setup.ts) handles live API authentication
Missing subcommand help tests ensure incomplete commands show help text
File upload tests verify max size enforcement

🤖 Generated with Claude Code

- Add Zod schemas at API level for all request types with validateRequest() that throws RequestValidationError, caught by apiHandler for clean error output - Add handleValidationError() + buildArgumentMap() to map API field names to CLI argument names (e.g., title → --title) for user-friendly error messages - Move validation schemas from command-level to API-level as single source of truth; command handlers pass args directly to API functions - Add customFields, parameterValues, and filledTCaseTitleSuffixParams to test-case create/update commands with proper validation (parameterValues restricted to template type) - Fix jsonResponse null crash, expand ResultStatus with custom statuses, relax test-cases update check, extract shared superRefine for run schemas - Add tests for new fields (mocked + live) and batch-create validation errors

ramilamparo · 2026-03-31T09:15:18Z

src/commands/main.ts

 						msg.startsWith('Not enough non-option arguments')
 					) {
 						yi.showHelp()
-						process.exit(0)


When invalid arguments are provided, it should return a non-zero exit code.

claude

Review Summary

All 12+ previously raised issues across 20 review rounds have been resolved. The manifest-based rewrite is a major architectural improvement — ApiEndpointSpec with executeCommand centralizing validation/body processing/error handling cleanly eliminates the prior classes of bugs (yargs metadata leak, inconsistent validation, DRY violations).

2 minor inline comments posted (not blockers):

withHttpRetry doesn't consume response bodies before retrying — potential socket leak under sustained rate-limiting
updateSearchParams nested-object branch drops parent keys — latent bug in dead code

Test coverage observation (non-blocking): src/commands/api/utils.ts and executor.ts have no direct unit tests — formatApiError, handleApiValidationError, parseBodyInput, and validateFieldValues are only exercised indirectly through integration tests.

Security: Clean — path parameter validation via regex schemas, Zod enforcement at all API boundaries, no hardcoded credentials.

Well-structured PR overall.

Add public API commands

67480e3

This comment was marked as resolved.

Sign in to view