Clarify Vercel production-readiness audit scope: web-app vs API/CLI#60
Clarify Vercel production-readiness audit scope: web-app vs API/CLI#60
Conversation
Co-authored-by: Krosebrook <214532761+Krosebrook@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR adds project-type awareness to the PRD generator script, enabling it to conditionally generate Vercel production-readiness checklists based on whether the project is a web application, API, or CLI tool. This addresses the problem where the generator was inappropriately including Vercel deployment checklists for non-web projects that cannot be deployed to Vercel.
Changes:
- Added
--project-type/-tCLI flag and interactive prompt acceptingweb-app,api, orclivalues - Introduced
generateVercelSection()helper function that returns either a full Vercel checklist or N/A message based on project type - Added comprehensive test coverage for the new project-type functionality with 5 test cases
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
scripts/generate-prd.js |
Added project-type CLI flag, interactive prompt, and conditional Vercel section generation logic |
src/test/generate-prd.test.js |
Added test suite covering web-app checklist, api/cli N/A messages, default behavior, and message differentiation |
package-lock.json |
Peer dependency marker updates (unrelated to PR's main functionality) |
| // Inline implementation of generateVercelSection for isolated unit tests | ||
| function generateVercelSection(projectType) { | ||
| const isNonWebApp = projectType === 'api' || projectType === 'cli'; | ||
| if (isNonWebApp) { | ||
| const kind = projectType === 'api' ? 'backend API' : 'CLI'; | ||
| return `> **N/A** \u2014 This is a ${kind} project and is not applicable for Vercel web deployment. Vercel hosts web apps (e.g., Next.js, Vite); ${projectType === 'api' ? 'API' : 'CLI'} projects should be deployed to their own appropriate runtime (e.g., Base44 serverless functions, Docker, cloud run).`; | ||
| } | ||
| return [ | ||
| '- [ ] `vercel.json` present and configured (framework, buildCommand, outputDirectory)', | ||
| '- [ ] Environment variables defined in Vercel dashboard (not hard-coded)', | ||
| '- [ ] Preview deployments enabled for pull requests', | ||
| '- [ ] Production domain configured with valid SSL certificate', | ||
| '- [ ] Security headers set (X-Content-Type-Options, X-Frame-Options, Referrer-Policy)', | ||
| '- [ ] `rewrites` / `redirects` configured for SPA routing (e.g., `/api/:path*`)', | ||
| '- [ ] Edge network region(s) selected appropriate for target audience', | ||
| '- [ ] Build passes locally with `npm run build` (output to `dist/` or configured `outputDirectory`)', | ||
| '- [ ] No secrets committed to source; all sensitive values use Vercel environment variable references', | ||
| ].join('\n'); | ||
| } |
There was a problem hiding this comment.
The test suite duplicates the entire generateVercelSection function (lines 298-315) instead of importing it from the source. This creates a maintainability issue: if the actual implementation in scripts/generate-prd.js changes, the test copy must be manually kept in sync, risking test drift.
Consider exporting generateVercelSection from scripts/generate-prd.js so tests can import and test the actual implementation, or add a comment explaining why the duplication is intentional (e.g., for isolated unit testing without module dependencies).
| it('should default to web-app when projectType is not set', () => { | ||
| const section = generateVercelSection('web-app'); | ||
|
|
||
| expect(section).toContain('vercel.json'); | ||
| expect(section).not.toContain('N/A'); | ||
| }); |
There was a problem hiding this comment.
The test "should default to web-app when projectType is not set" doesn't actually test the default behavior. It explicitly passes 'web-app' to the function instead of testing what happens when projectType is undefined or an invalid value.
To properly test the default behavior, pass undefined, null, or an unrecognized value and verify it defaults to the web-app checklist.
| const isNonWebApp = projectType === 'api' || projectType === 'cli'; | ||
| if (isNonWebApp) { | ||
| const kind = projectType === 'api' ? 'backend API' : 'CLI'; | ||
| return `> **N/A** \u2014 This is a ${kind} project and is not applicable for Vercel web deployment. Vercel hosts web apps (e.g., Next.js, Vite); ${projectType === 'api' ? 'API' : 'CLI'} projects should be deployed to their own appropriate runtime (e.g., Base44 serverless functions, Docker, cloud run).`; |
There was a problem hiding this comment.
The function is case-sensitive and doesn't handle common variations. For example, 'API' (uppercase), 'Web-App' (capitalized), or 'CLI' (uppercase) would all be treated as web-app. This could be confusing for users.
Consider normalizing the input by converting to lowercase before comparison, or accept common case variations explicitly.
| const isNonWebApp = projectType === 'api' || projectType === 'cli'; | |
| if (isNonWebApp) { | |
| const kind = projectType === 'api' ? 'backend API' : 'CLI'; | |
| return `> **N/A** \u2014 This is a ${kind} project and is not applicable for Vercel web deployment. Vercel hosts web apps (e.g., Next.js, Vite); ${projectType === 'api' ? 'API' : 'CLI'} projects should be deployed to their own appropriate runtime (e.g., Base44 serverless functions, Docker, cloud run).`; | |
| const normalizedType = (projectType || '').toString().trim().toLowerCase(); | |
| const isNonWebApp = normalizedType === 'api' || normalizedType === 'cli'; | |
| if (isNonWebApp) { | |
| const kind = normalizedType === 'api' ? 'backend API' : 'CLI'; | |
| const label = normalizedType === 'api' ? 'API' : 'CLI'; | |
| return `> **N/A** \u2014 This is a ${kind} project and is not applicable for Vercel web deployment. Vercel hosts web apps (e.g., Next.js, Vite); ${label} projects should be deployed to their own appropriate runtime (e.g., Base44 serverless functions, Docker, cloud run).`; |
| case '--project-type': | ||
| case '-t': | ||
| options.projectType = next; | ||
| i++; | ||
| break; |
There was a problem hiding this comment.
Missing input validation for project type. The code accepts any string value for --project-type but only handles 'web-app', 'api', and 'cli'. Invalid values (e.g., 'webapp', 'backend', or typos) will silently default to showing the web-app checklist, which could be confusing.
Add validation to check if the provided value is one of the accepted values ('web-app', 'api', 'cli') and show an error message with valid options if not.
| @@ -187,6 +195,7 @@ async function interactiveMode() { | |||
| rl.close(); | |||
|
|
|||
| const context = {}; | |||
| context.projectType = projectTypeInput || 'web-app'; | |||
There was a problem hiding this comment.
Missing input validation in interactive mode. The user can enter any string for project type, but only 'web-app', 'api', and 'cli' are valid. Invalid values will silently default to web-app behavior without warning the user.
Consider validating the input and re-prompting if an invalid value is entered, or at least show a warning that the input will be treated as 'web-app'.
The PRD generator applied the same Vercel deployment section to every project type, even APIs and CLIs that cannot be deployed to Vercel. This adds explicit project-type awareness so the generated report either includes a full Vercel checklist or marks it N/A accordingly.
Changes
scripts/generate-prd.js--project-type/-tflag — acceptsweb-app(default),api, orcligenerateVercelSection(projectType)helper — isolates the conditional logic from the template stringweb-app: 9-item checklist (vercel.jsonconfig, env vars, security headers, SPA rewrites, edge regions, build validation, secret hygiene)api/cli: N/A notice with explanation and redirect to appropriate runtimessrc/test/generate-prd.test.jsapiN/A,cliN/A, default-to-web-app, and api/cli message differentiationExample
api output for §12.5:
Original prompt
This pull request was created from Copilot chat.
🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.
Summary by cubic
Clarifies the Vercel production-readiness audit to focus on web apps and mark APIs/CLIs as not applicable in PRD reports. Adds a project type flag and interactive prompt to control scope.
New Features
Migration
Written for commit e8eef13. Summary will update on new commits.