This demo is the definitive automated integration test for the focused TypeScript/NestJS Requirement-to-Code Impact Analyzer path. It validates:
scan → impact analysis → evidence → review → report → drift visibility
For a high-level visual representation of this flow, see the Visual Proof Pack.
Specifically, it demonstrates:
- Repository scanning: creating a snapshot and gathering scan health diagnostics.
- Impact analysis: evaluating a requirement change against the parsed repository to surface risks, unknowns, QA scenarios, and explicit evidence using the
booking@0.1.0domain pack. - Human review: simulating reviewer confirmation of insights and ensuring only evidenced claims pass.
- Report finalization: ensuring reports contain traceability matrices and evidence appendices without raw vector leakage.
- Drift visibility: proving that APIs can differentiate between two snapshot versions and flag
STALE_ARTIFACTS.
To execute the golden path demo deterministically in a local environment:
pnpm test tests/demo/golden-path-demo.spec.tsThe bounded multi-repo proof path is separate:
pnpm demo:multi-repo-golden-pathNote: If you have made docs-only changes, you do not need to run the full test suite.
When the test runs successfully, it asserts that the system properly generates:
- Expected Diagnostics:
SCAN_HEALTH,INCREMENTAL_SCAN_SUMMARY,EMBEDDING_REUSE_PLAN, andDOMAIN_PACK_APPLIED. - Expected Report Sections:
Executive Summary,Impact Flow Diagram,Impacted Areaswhen evidenced impacts exist,Open Questions / Unknowns, andEvidence Appendixwhen evidence exists.
- Fixture Repository:
nestjs-booking-with-payment - Domain Pack:
booking@0.1.0 - Scanner Maturity:
STABLETypeScript/NestJS path
For deterministic CI, this automated command deliberately uses mock providers:
- LLM Provider:
FakeLlmProvideris used to prevent real, non-deterministic token usage and external API calls. - Embedding Provider: Fake embeddings generated locally to bypass external semantic search costs.
- Drift Check: To prevent heavy load in CI, full snapshot rescans are partially mocked via a smoke-level drift check rather than doing a full duplicate
git clone.
The manual UI demo is different: it should run with AI_PROVIDER=google and a Gemini API key so generated insights come from the real provider while still remaining constrained by persisted evidence and human review.
Please be aware of the following:
- TypeScript/NestJS is the strongest scanner path.
- Java Spring support is
PARTIAL; Go, Python, C#, PHP, and Ruby adapters areEXPERIMENTALcapability proofs. - Pilot adapters are bounded static extractors, not full compiler-level semantic analyzers.
- Unsupported scanner patterns become diagnostics,
UNKNOWN, orRISKitems requiring review. - Domain packs are hints, not evidence.
- Evaluation metrics are internal quality signals, not public benchmarks.
- Automated CI golden path uses fake providers; manual UI demo uses Gemini real LLM when configured.
- Production SaaS concerns such as GitHub App auth, billing, and hosted multi-tenant deployment are not complete.
If you wish to test this visually:
- Spin up the local stack using
pnpm devfrom the root directory. - Follow the steps in Sample Requirement Change against a synced GitHub repository matching the fixture logic.