Sie befinden sich hier: start » en » Internal Documentation » vsce » fpc » WvdS FPC RAD Studio - Developer Documentation » Quality Assurance

Inhaltsverzeichnis

Quality Assurance

Overview of QA processes and checks for WvdS FPC RAD Studio.

These checklists apply to all developers - both for manual reviews and AI-assisted audits.

QA Workflow

Every change goes through these 5 verification steps:

Step Check Checklist
1 Production-Ready No TODOs, stubs, mocks
2 Security KRITIS/NIS2, OWASP
3 Code Quality Naming, DRY, error handling
4 SSOT Common libraries instead of local copies
5 Documentation PasDoc comments, API docs

Profile Matrix

Which checklists to apply depending on project type:

Project Type Required Optional
VSCode Extension Core, Cross-Platform, VSCode Stack Security, Logging
Desktop App Core, Build, Logging i18n, Security
TUI/CLI Core, CLI Stack, Cross-Platform Security, Performance
Library Core, Naming, Functions, Build Security, Cross-Platform
Web API Core, Security, Logging Performance, SQL

Detailed Checklists

Document Content When to Apply
Core Checklist Production-ready, error handling, logging Always
Security Checklist KRITIS/NIS2, OWASP, crypto For network, auth, crypto
Code Quality Checklist Naming, functions, DRY For API changes
Documentation Standards PasDoc, XMLDoc, principles For new units
VSCode Checklist Extension-specific, pas2js For extension work

Zero-Tolerance Rules

These rules are non-negotiable - code with violations will be rejected.

Forbidden in Production Code

FORBIDDEN                        REQUIRED
─────────────────────────────────────────────────
// TODO: ...                  →  Complete implementation
// FIXME: ...                 →  Fixed code
raise ENotImplemented         →  Working code
Stub functions                →  Real implementations
Mock implementations          →  Production code
Placeholder values            →  Real values
Hardcoded strings             →  Resource strings (i18n)
Empty exception handlers      →  Specific error handling
Magic numbers                 →  Named constants

Security Basics

FORBIDDEN                        REQUIRED
─────────────────────────────────────────────────
SQL string concatenation      →  Parameterized queries
Secrets in logs               →  Zeroization after use
Hardcoded credentials         →  Environment variables
Error messages with paths     →  Sanitized messages

Review Process

Step 1: Core Checklist

[ ] No TODO/FIXME comments
[ ] No stub or mock functions
[ ] All functions fully implemented
[ ] No empty exception handlers
[ ] Errors logged BEFORE handling
[ ] Resources released deterministically
[ ] No duplicated code (DRY)
[ ] No magic numbers

Step 2: Security (if applicable)

[ ] Input validated at all boundaries
[ ] SQL parameterized (no concatenation)
[ ] No secrets in logs
[ ] Error messages sanitized (no paths/versions)
[ ] Secrets cleared after use (zeroization)
[ ] Timeouts for external operations

Step 3: SSOT Check

[ ] NodeJS APIs via ~/sources/common/web/nodejs/
[ ] VSCode APIs via ~/sources/common/web/vscode/
[ ] Logging via WvdS.System.Logging
[ ] No direct require() calls in extensions
[ ] No duplicates of common units

Step 4: Documentation

[ ] Public API has PasDoc comments
[ ] Comments explain WHY, not WHAT
[ ] No outdated comments
[ ] Comments in English

AI-Assisted Audits

The same checklists are used for automated AI audits: 

# Audit tasks (see docs/automated-test-tasks.txt)
 
1. IMPLEMENT ALL STUBS/MOCKS
   - Create inventory of all units
   - Identify stubs/mocks
   - Implement production-ready
 
2. EXECUTE QUALITY/SECURITY AUDIT
   - Identify security risks
   - Find SoC violations
   - Fix according to standards
 
3. ADD CODE COMMENTS
   - Identify missing comments
   - Write PasDoc comments
 
4. SSOT CHECK
   - Find local require() calls
   - Replace with common library calls
 
5. BUILD EXTENSIONS
   - Compile and test
   - Create VSIX

Logging

All audit steps are logged in stack trace format: 

[2026-01-13 10:30:22.001] Audit started
   at TWvdSAudit.Initialize(Audit.Service.pas:42)
   Scope: sources/extensions/**

[2026-01-13 10:30:22.015] Found: TODO comment
   at extension_main.pas:156
   Text: "// TODO: Implement error handling"
   Action: Implementation required

[2026-01-13 10:30:22.042] Fixed: TODO comment removed
   at extension_main.pas:156
   Change: Complete error handling implemented

See also

Zuletzt geändert: on 2026/01/29 at 10:29 PM

Seiten-Werkzeuge