Add performance monitoring and testing documentation

Nolin Naidoo · Nolin Naidoo · commit d15028bbe565 · 2025-11-02T09:08:27.000-06:00
- Add docs/PERFORMANCE.md - Performance monitoring documentation
- Add docs/TESTING.md - Testing guidelines with core principle
- Update README.md:
  - Link to PERFORMANCE.md in Performance section
  - Add core principle: 'No broken or failed tests in commits'
  - Link to TESTING.md in Testing section
- All tests must pass before committing/merging
- CI/CD validates on all platforms (Ubuntu, macOS, Windows)
diff --git a/README.md b/README.md
@@ -242,6 +242,8 @@ For the complete list of available settings, open VS Code Settings and search fo
 
 Secrets-LE includes built-in performance monitoring and configurable thresholds to help track operation speed and resource usage.
 
+For detailed information, see [Performance Monitoring](docs/PERFORMANCE.md).
+
 ## 🔧 Troubleshooting
 
 **Not detecting secrets?**  
@@ -271,13 +273,19 @@ High accuracy with configurable sensitivity to reduce false positives
 
 **17 unit tests across 1 test file** • Powered by Vitest • Run with `bun run test:coverage`
 
+### Core Principle
+
+**No broken or failed tests are allowed in commits.** All tests must pass before code can be committed or merged.
+
 ### Test Suite Highlights
 
 - **Comprehensive secret detection** across 15+ types
 - **Sanitization validation** with replacement verification
 - **Error handling** with graceful degradation
 - **Security-focused** testing for edge cases
 
+For detailed testing guidelines, see [Testing Guidelines](docs/TESTING.md).
+
 ---
 
 Copyright © 2025
diff --git a/docs/PERFORMANCE.md b/docs/PERFORMANCE.md
@@ -0,0 +1,110 @@
+# Secrets-LE Performance Monitoring
+
+Secrets-LE includes built-in performance monitoring capabilities to track operation metrics and ensure optimal performance during secret detection and sanitization.
+
+## Overview
+
+Performance monitoring is automatically enabled for all detection and sanitization operations. The system tracks:
+
+- **Execution Time** - How long operations take to complete
+- **Memory Usage** - Heap memory consumed during operations
+- **CPU Usage** - System and user CPU time
+- **Operation Metrics** - Secrets detected, errors, warnings
+
+## Configuration
+
+Performance monitoring can be configured in VS Code settings:
+
+```json
+{
+  "secrets-le.performance.enabled": true,
+  "secrets-le.performance.maxDuration": 5000,
+  "secrets-le.performance.maxMemoryUsage": 104857600,
+  "secrets-le.performance.maxCpuUsage": 1000000
+}
+```
+
+### Settings
+
+- **`secrets-le.performance.enabled`** - Enable/disable performance monitoring (default: `true`)
+- **`secrets-le.performance.maxDuration`** - Maximum operation duration in milliseconds (default: `5000`)
+- **`secrets-le.performance.maxMemoryUsage`** - Maximum memory usage in bytes (default: `104857600` = 100MB)
+- **`secrets-le.performance.maxCpuUsage`** - Maximum CPU usage in microseconds (default: `1000000` = 1 second)
+
+## How It Works
+
+### Automatic Monitoring
+
+When you run detection or sanitization commands, performance monitoring automatically:
+
+1. **Tracks start time** and initial resource usage
+2. **Monitors operation progress** during execution
+3. **Captures end metrics** when operations complete
+4. **Compares against thresholds** to detect performance issues
+5. **Reports metrics** via telemetry (if enabled)
+
+### Pattern Matching Efficiency
+
+Secret detection uses optimized pattern matching:
+
+- **Multiple detector types** run in parallel where possible
+- **Early termination** for certain patterns
+- **Efficient regex matching**
+- **Memory-efficient processing** for large files
+
+## Performance Reports
+
+Performance metrics are displayed in command results:
+
+- Detection operations show processing time and secret count
+- Sanitization operations show replacement time
+- Large file warnings when approaching limits
+
+## Best Practices
+
+1. **Monitor large files** - Enable performance monitoring when scanning large codebases
+2. **Check thresholds** - Adjust limits based on your system capabilities
+3. **Review metrics** - Use performance data to optimize scanning patterns
+4. **Watch for warnings** - System will warn if operations exceed thresholds
+
+## Troubleshooting
+
+### Operations Taking Too Long
+
+If operations exceed `maxDuration`:
+- Check file size - large files take longer to scan
+- Review sensitivity level - higher sensitivity scans more patterns
+- Consider scanning specific file types only
+
+### High Memory Usage
+
+If operations exceed `maxMemoryUsage`:
+- Large input files consume more memory
+- Many detected secrets increase memory usage
+- Consider processing files in smaller batches
+
+### CPU Usage Warnings
+
+If operations exceed `maxCpuUsage`:
+- Multiple pattern detectors increase CPU usage
+- Higher sensitivity levels require more CPU
+- Consider limiting concurrent operations
+
+## Telemetry
+
+When telemetry is enabled, performance metrics are logged to the Output panel for debugging:
+
+- Operation duration
+- Memory usage
+- CPU usage
+- Secret counts
+- Errors and warnings
+
+This helps identify performance patterns over time.
+
+## Related Documentation
+
+- [Commands](../README.md#commands) - Available commands and their usage
+- [Configuration](../README.md#configuration) - Full configuration options
+- [Detection Types](../README.md#detecting-api-keys--credentials) - Supported secret types
+
diff --git a/docs/TESTING.md b/docs/TESTING.md
@@ -0,0 +1,220 @@
+# Secrets-LE Testing Guidelines
+
+This document outlines testing practices and policies for Secrets-LE development.
+
+## Core Principle
+
+**No broken or failed tests are allowed in commits.**
+
+All tests must pass before code can be committed or merged. This ensures code quality and prevents regressions.
+
+## Running Tests
+
+### Run All Tests
+
+```bash
+bun run test
+```
+
+### Run Tests with Coverage
+
+```bash
+bun run test:coverage
+```
+
+### Run Tests in Watch Mode
+
+```bash
+bun run test:watch
+```
+
+### Run Tests for Specific File
+
+```bash
+bun x vitest run src/extraction/detectors.test.ts
+```
+
+## Test Structure
+
+### Unit Tests
+
+Located in `src/**/*.test.ts` and `src/**/*.spec.ts`:
+
+- **Detector tests** - Test secret detection logic
+- **Utility tests** - Test helper functions
+- **Configuration tests** - Test config validation
+
+### Integration Tests
+
+Located in `src/sampleFiles.spec.ts`:
+
+- **Sample file tests** - Test detection against real file formats
+- **Cross-platform tests** - Ensure case-sensitivity compatibility
+- **End-to-end workflows** - Test complete command flows
+
+## Test Coverage Requirements
+
+- **Minimum Coverage**: Maintain reasonable coverage across core functionality
+- **Critical Paths**: All detection logic must be tested
+- **Error Handling**: All error paths must be covered
+- **Edge Cases**: Boundary conditions must be tested
+
+## Before Committing
+
+### Checklist
+
+- [ ] All tests pass (`bun run test`)
+- [ ] No broken tests
+- [ ] No skipped tests (unless intentionally)
+- [ ] Type checking passes (`bun x tsc -p ./`)
+- [ ] Linting passes (`bun run lint`)
+
+### CI/CD Validation
+
+The CI pipeline automatically:
+
+1. Runs all tests on Ubuntu, macOS, and Windows
+2. Generates coverage reports
+3. Verifies all tests pass
+4. Fails the build if any tests fail
+
+## Fixing Failed Tests
+
+### When a Test Fails
+
+1. **Don't commit the failure** - Fix the test or the code
+2. **Run locally first** - Verify fix works before pushing
+3. **Check all platforms** - Ensure fix works on Linux/Windows (case sensitivity, etc.)
+4. **Update test if needed** - If behavior changed intentionally, update test
+
+### Common Issues
+
+- **Case sensitivity** - Use exact case for file references (`README.md` not `readme.md`)
+- **Mock issues** - Ensure mocks are properly reset in `beforeEach`
+- **Pattern matching** - Test with realistic secret patterns
+
+## Test Best Practices
+
+### 1. Use Descriptive Test Names
+
+```typescript
+// ✅ Good
+it('should detect AWS access keys', () => {
+  // ...
+});
+
+// ❌ Bad
+it('works', () => {
+  // ...
+});
+```
+
+### 2. Test One Thing Per Test
+
+```typescript
+// ✅ Good - separate tests
+it('should detect AWS keys', () => { /* ... */ });
+it('should detect GitHub tokens', () => { /* ... */ });
+
+// ❌ Bad - multiple concerns
+it('should detect AWS keys and GitHub tokens', () => { /* ... */ });
+```
+
+### 3. Use Arrange-Act-Assert Pattern
+
+```typescript
+it('should detect secret with high confidence', () => {
+  // Arrange
+  const content = 'const apiKey = "AKIAIOSFODNN7EXAMPLE"';
+  
+  // Act
+  const result = detectSecretsInContent(content, {
+    includeApiKeys: true,
+    sensitivity: 'high',
+  });
+  
+  // Assert
+  expect(result.success).toBe(true);
+  expect(result.secrets.length).toBeGreaterThan(0);
+});
+```
+
+### 4. Clean Up Mocks
+
+```typescript
+beforeEach(() => {
+  vi.clearAllMocks();
+  // Reset mocks to default state
+});
+```
+
+## Cross-Platform Testing
+
+### Case Sensitivity
+
+Always use exact case for file references:
+
+```typescript
+// ✅ Good - works on all platforms
+const content = readSampleFile('README.md');
+
+// ❌ Bad - fails on Linux
+const content = readSampleFile('readme.md');
+```
+
+### Path Separators
+
+Use platform-agnostic path handling:
+
+```typescript
+import { join } from 'path';
+const filePath = join(SAMPLE_DIR, filename);
+```
+
+## Coverage Reports
+
+Coverage reports are generated automatically:
+
+- **Location**: `coverage/index.html`
+- **Format**: HTML, LCOV, JSON
+- **CI/CD**: Coverage uploaded as artifact
+
+## Continuous Integration
+
+### GitHub Actions
+
+Tests run automatically on:
+
+- **Ubuntu** (latest)
+- **macOS** (latest)
+- **Windows** (latest)
+
+All platforms must pass for the build to succeed.
+
+### Pre-commit Hooks
+
+Consider setting up pre-commit hooks to run tests before commits:
+
+```bash
+# Install husky (if needed)
+bun add -d husky
+
+# Add pre-commit hook
+echo "bun run test" > .husky/pre-commit
+```
+
+## Reporting Test Issues
+
+If you encounter test failures:
+
+1. **Run locally** - Verify it fails consistently
+2. **Check CI logs** - See platform-specific errors
+3. **Reproduce** - Document steps to reproduce
+4. **Fix or report** - Either fix or create an issue
+
+## Related Documentation
+
+- [Performance Monitoring](PERFORMANCE.md) - Performance testing and benchmarks
+- [Architecture](../README.md#technical-implementation) - Code structure
+- [Contributing](../README.md#contributing) - Contribution guidelines
+
