Cleanup yaml lint and TDD agents

Author: data-douser

.github/ISSUE_TEMPLATE/dependency-upgrade.yml

@@ -37,10 +37,10 @@ body:
       placeholder: |
         - @sap/cds: 7.4.0 → 7.5.0
         - axios: 1.5.0 → 1.6.2
-        
+
         Or for CLI:
         - CodeQL CLI: 2.14.6 → 2.15.4
-        
+
         Or for Actions:
         - actions/checkout: v3 → v4
     validations:

.github/ISSUE_TEMPLATE/ui5-modeling-task.yml

@@ -86,7 +86,7 @@ body:
           <HTML content="{/htmlContent}" />
         </mvc:View>
         ```
-        
+
         ```javascript
         // Controller.controller.js
         onInit: function() {

.github/agents/cds-extractor-agent.md renamed to .github/agents/codeql-cds-extractor-agent.md

@@ -1,17 +1,17 @@
 ---
-name: 'CAP Framework Modeling Agent'
-description: 'Expert in developing CodeQL queries and library models for SAP Cloud Application Programming (CAP) framework'
+name: 'javascript-cap-modeling-agent'
+description: 'Expert in developing CodeQL queries and library models for SAP Cloud Application Programming (CAP) framework for Node.js applications.'
 ---
 
 # CAP Framework Modeling Agent
 
-My `cap-modeling-agent`:
+My `javascript-cap-modeling-agent`:
 
 - Specializes in CodeQL query and library development for SAP CAP framework security analysis
 - Obeys all [CAP framework instructions](../instructions/javascript_cap_ql.instructions.md)
+- Follows [test-driven development (TDD) methodology](../prompts/test_driven_development.prompt.md)
 - Utilizes the [CAP framework development prompt](../prompts/cap_framework_development.prompt.md) as primary guide
-- References [CodeQL test commands](../prompts/codeql_test_commands.prompt.md) for testing workflows
-- Follows test-driven development practices for CodeQL queries
+- References [CodeQL test commands](../prompts/codeql_test_commands.prompt.md) for command syntax and `.expected` file formats
 - Works primarily in the `javascript/frameworks/cap/` directory structure
 - Uses [Copilot PR template](../PULL_REQUEST_TEMPLATE/copilot-template.md) when creating pull requests
 - Understands CAP-specific patterns (see [CAP development prompt](../prompts/cap_framework_development.prompt.md) for details):
@@ -22,34 +22,26 @@ My `cap-modeling-agent`:
 - Creates comprehensive test cases in `javascript/frameworks/cap/test/` with expected results
 - Never makes assumptions - validates everything with CodeQL CLI
 
-## Commands
+## Testing Workflow
 
-See [CodeQL Test Commands Reference](../prompts/codeql_test_commands.prompt.md) for detailed command usage.
+**Primary Resources:**
+- [Test-Driven Development (TDD) methodology](../prompts/test_driven_development.prompt.md) - Complete TDD workflow for new and existing queries/models
+- [CodeQL test commands reference](../prompts/codeql_test_commands.prompt.md) - Command syntax, `.expected` file formats, and interpretation
 
-**Primary workflow:**
+**Key TDD Principle:** For new queries/models, generate `.expected` files BEFORE implementation by manually analyzing test code to predict results.
+
+**Common Commands:**
 ```bash
-# Run tests (extracts DB and runs query)
-codeql test run javascript/frameworks/cap/test/<test-dir>
+# Run tests (provide test directory path containing .qlref)
+codeql test run javascript/frameworks/cap/test/<test-name>
 
-# Accept results after verification
-codeql test accept javascript/frameworks/cap/test/<test-dir>
+# Review and accept results
+codeql test accept javascript/frameworks/cap/test/<test-name>
 
-# Format query files
-codeql query format --in-place <query-file.ql>
+# Format queries
+codeql query format --in-place <file.ql>
 ```
 
-Refer to the [CodeQL test commands prompt](../prompts/codeql_test_commands.prompt.md) for complete command reference and important notes.
-
-## Testing
-
-Refer to [CodeQL test commands prompt](../prompts/codeql_test_commands.prompt.md) for complete testing workflow.
-
-- Create realistic test cases in `javascript/frameworks/cap/test/`
-- Each test should have source code and expected results
-- Use `codeql test run` to validate query behavior (see commands reference)
-- Test both positive cases (should alert) and negative cases (should not alert)
-- Update `.expected` files after verifying correctness
-
 ## Code Style
 
 - Follow CodeQL QL language conventions
@@ -61,7 +53,7 @@ Refer to [CodeQL test commands prompt](../prompts/codeql_test_commands.prompt.md
 
 ## Project Structure
 
-```
+```text
 javascript/frameworks/cap/
 ├── lib/                          # Library models
 │   └── advanced_security/
@@ -108,7 +100,7 @@ class CapEventHandlerParameter extends RemoteFlowSource {
 ```
 
 ### Example Test Case Structure
-```
+```text
 test/
 ├── sql-injection/
 │   ├── test.js                # Test source code

.github/agents/cap-modeling-agent.md renamed to .github/agents/javascript-cap-modeling-agent.md

@@ -9,9 +9,9 @@ My `javascript-ui5-modeling-agent`:
 
 - Specializes in CodeQL query and library development for SAPUI5 framework security analysis
 - Obeys all [UI5 framework instructions](../instructions/javascript_ui5_ql.instructions.md)
+- Follows [test-driven development (TDD) methodology](../prompts/test_driven_development.prompt.md)
 - Utilizes the [UI5 framework development prompt](../prompts/ui5_framework_development.prompt.md) as primary guide
-- References [CodeQL test commands](../prompts/codeql_test_commands.prompt.md) for testing workflows
-- Follows test-driven development practices for CodeQL queries
+- References [CodeQL test commands](../prompts/codeql_test_commands.prompt.md) for command syntax and `.expected` file formats
 - Works primarily in the `javascript/frameworks/ui5/` directory structure
 - Uses [Copilot PR template](../PULL_REQUEST_TEMPLATE/copilot-template.md) when creating pull requests
 - Understands UI5-specific patterns (see [UI5 development prompt](../prompts/ui5_framework_development.prompt.md) for details):
@@ -44,16 +44,27 @@ codeql query format --in-place <query-file.ql>
 
 Refer to the [CodeQL test commands prompt](../prompts/codeql_test_commands.prompt.md) for complete command reference.
 
-## Testing
+## Testing Workflow
 
-Refer to [CodeQL test commands prompt](../prompts/codeql_test_commands.prompt.md) for complete testing workflow.
+**Primary Resources:**
+- [Test-Driven Development (TDD) methodology](../prompts/test_driven_development.prompt.md) - Complete TDD workflow for new and existing queries/models
+- [CodeQL test commands reference](../prompts/codeql_test_commands.prompt.md) - Command syntax, `.expected` file formats, and interpretation
 
-- Create realistic UI5 test cases in `javascript/frameworks/ui5/test/`
-- Include both JavaScript and XML view files
-- Each test should have source code and expected results
-- Use `codeql test run` to validate query behavior (see commands reference)
-- Test both positive cases (should alert) and negative cases (should not alert)
-- Update `.expected` files after verifying correctness
+**Key TDD Principle:** For new queries/models, generate `.expected` files BEFORE implementation by manually analyzing test code to predict results.
+
+**UI5-Specific:** Include both JavaScript controllers and XML view files in tests.
+
+**Common Commands:**
+```bash
+# Run tests (provide test directory path containing .qlref)
+codeql test run javascript/frameworks/ui5/test/<test-name>
+
+# Review and accept results
+codeql test accept javascript/frameworks/ui5/test/<test-name>
+
+# Format queries
+codeql query format --in-place <file.ql>
+```
 
 ## Code Style
 

.github/agents/ui5-modeling-agent.md renamed to .github/agents/javascript-ui5-modeling-agent.md

@@ -9,9 +9,9 @@ My `javascript-xsjs-modeling-agent`:
 
 - Specializes in CodeQL query and library development for SAP XSJS framework security analysis
 - Obeys all [XSJS framework instructions](../instructions/javascript_xsjs_ql.instructions.md)
+- Follows [test-driven development (TDD) methodology](../prompts/test_driven_development.prompt.md)
 - Utilizes the [XSJS framework development prompt](../prompts/xsjs_framework_development.prompt.md) as primary guide
-- References [CodeQL test commands](../prompts/codeql_test_commands.prompt.md) for testing workflows
-- Follows test-driven development practices for CodeQL queries
+- References [CodeQL test commands](../prompts/codeql_test_commands.prompt.md) for command syntax and `.expected` file formats
 - Works primarily in the `javascript/frameworks/xsjs/` directory structure
 - Uses [Copilot PR template](../PULL_REQUEST_TEMPLATE/copilot-template.md) when creating pull requests
 - Understands XSJS-specific patterns (see [XSJS development prompt](../prompts/xsjs_framework_development.prompt.md) for details):
@@ -43,15 +43,25 @@ codeql query format --in-place <query-file.ql>
 
 Refer to the [CodeQL test commands prompt](../prompts/codeql_test_commands.prompt.md) for complete command reference.
 
-## Testing
+## Testing Workflow
 
-Refer to [CodeQL test commands prompt](../prompts/codeql_test_commands.prompt.md) for complete testing workflow.
+**Primary Resources:**
+- [Test-Driven Development (TDD) methodology](../prompts/test_driven_development.prompt.md) - Complete TDD workflow for new and existing queries/models
+- [CodeQL test commands reference](../prompts/codeql_test_commands.prompt.md) - Command syntax, `.expected` file formats, and interpretation
 
-- Create realistic XSJS test cases in `javascript/frameworks/xsjs/test/`
-- Each test should have source code and expected results
-- Use `codeql test run` to validate query behavior (see commands reference)
-- Test both positive cases (should alert) and negative cases (should not alert)
-- Update `.expected` files after verifying correctness
+**Key TDD Principle:** For new queries/models, generate `.expected` files BEFORE implementation by manually analyzing test code to predict results.
+
+**Common Commands:**
+```bash
+# Run tests (provide test directory path containing .qlref)
+codeql test run javascript/frameworks/xsjs/test/<test-name>
+
+# Review and accept results
+codeql test accept javascript/frameworks/xsjs/test/<test-name>
+
+# Format queries
+codeql query format --in-place <file.ql>
+```
 
 ## Code Style
 

.github/agents/xsjs-modeling-agent.md renamed to .github/agents/javascript-xsjs-modeling-agent.md

@@ -14,6 +14,8 @@ This file contains instructions for working with CodeQL query (`.ql`) and librar
 ### COMMON REQUIREMENTS
 
 - ALWAYS follow test-driven development (TDD) practices using CodeQL test commands.
+- ALWAYS generate `.expected` files proactively for new tests BEFORE running `codeql test run`.
+- ALWAYS analyze test code to predict expected results rather than only accepting actual results.
 - ALWAYS run `codeql query format --in-place <file>` before committing changes to QL files.
 - ALWAYS use `codeql test run` to validate query changes before committing.
 - ALWAYS validate query behavior with both positive (should alert) and negative (should not alert) test cases.
@@ -42,7 +44,19 @@ This file contains instructions for working with CodeQL query (`.ql`) and librar
 
 - ALWAYS create comprehensive test cases in `javascript/frameworks/cap/test/`.
 - ALWAYS include both JavaScript and CDS files in tests when relevant.
-- ALWAYS verify expected results before accepting with `codeql test accept`.
+- FOR NEW TESTS: Generate `.expected` file BEFORE implementing the query/model:
+  1. Document what pattern should be detected
+  2. Create test code demonstrating the pattern
+  3. Manually create `.expected` file with predicted results based on analysis
+  4. Implement the query/model
+  5. Run `codeql test run` - ideally test passes immediately
+- FOR EXISTING TESTS: Verify expected results before accepting with `codeql test accept`.
+- ALWAYS understand the format of `.expected` files:
+  - Model tests: Each line = one matched instance of the modeled API/pattern
+  - Query tests: Multiple sections (edges, nodes, #select) showing data flow and alerts
+- ALWAYS validate that `.expected` files contain the correct number of results.
+- ALWAYS check that `#select` section in query tests shows only legitimate security alerts.
+- ALWAYS use `find javascript/frameworks/cap/ -type f -name "*.expected"` to locate test files.
 
 ## PREFERENCES
 

.github/instructions/javascript_cap_ql.instructions.md

@@ -49,6 +49,12 @@ This file contains instructions for working with CodeQL query (`.ql`) and librar
 - ALWAYS include both JavaScript controllers and XML views in tests.
 - ALWAYS verify expected results before accepting with `codeql test accept`.
 - ALWAYS test binding expression parsing separately.
+- ALWAYS understand the format of `.expected` files:
+  - Model tests: Each line = one matched instance of the modeled API/pattern
+  - Query tests: Multiple sections (edges, nodes, #select) showing data flow and alerts
+- ALWAYS validate that `.expected` files contain the correct number of results.
+- ALWAYS check that `#select` section in query tests shows only legitimate security alerts.
+- ALWAYS use `find javascript/frameworks/ui5/ -type f -name "*.expected"` to locate test files.
 
 ## PREFERENCES
 

.github/instructions/javascript_ui5_ql.instructions.md

@@ -46,6 +46,12 @@ This file contains instructions for working with CodeQL query (`.ql`) and librar
 - ALWAYS create comprehensive test cases in `javascript/frameworks/xsjs/test/`.
 - ALWAYS include realistic XSJS code patterns in tests.
 - ALWAYS verify expected results before accepting with `codeql test accept`.
+- ALWAYS understand the format of `.expected` files:
+  - Model tests: Each line = one matched instance of the modeled API/pattern
+  - Query tests: Multiple sections (edges, nodes, #select) showing data flow and alerts
+- ALWAYS validate that `.expected` files contain the correct number of results.
+- ALWAYS check that `#select` section in query tests shows only legitimate security alerts.
+- ALWAYS use `find javascript/frameworks/xsjs/ -type f -name "*.expected"` to locate test files.
 
 ## PREFERENCES