@agentic-qe/v3 3.0.0-alpha.6 → 3.0.0-alpha.8

package/assets/skills/code-review-quality/SKILL.md

@@ -0,0 +1,227 @@
+---
+name: code-review-quality
+description: "Conduct context-driven code reviews focusing on quality, testability, and maintainability. Use when reviewing code, providing feedback, or establishing review practices."
+category: development-practices
+priority: high
+tokenEstimate: 900
+agents: [qe-quality-analyzer, qe-security-scanner, qe-performance-tester, qe-coverage-analyzer]
+implementation_status: optimized
+optimization_version: 1.0
+last_optimized: 2025-12-02
+dependencies: []
+quick_reference_card: true
+tags: [code-review, feedback, quality, testability, maintainability, pr-review]
+---
+
+# Code Review Quality
+
+<default_to_action>
+When reviewing code or establishing review practices:
+1. PRIORITIZE feedback: 🔴 Blocker (must fix) → 🟡 Major → 🟢 Minor → 💡 Suggestion
+2. FOCUS on: Bugs, security, testability, maintainability (not style preferences)
+3. ASK questions over commands: "Have you considered...?" > "Change this to..."
+4. PROVIDE context: Why this matters, not just what to change
+5. LIMIT scope: Review < 400 lines at a time for effectiveness
+
+**Quick Review Checklist:**
+- Logic: Does it work correctly? Edge cases handled?
+- Security: Input validation? Auth checks? Injection risks?
+- Testability: Can this be tested? Is it tested?
+- Maintainability: Clear naming? Single responsibility? DRY?
+- Performance: O(n²) loops? N+1 queries? Memory leaks?
+
+**Critical Success Factors:**
+- Review the code, not the person
+- Catching bugs > nitpicking style
+- Fast feedback (< 24h) > thorough feedback
+</default_to_action>
+
+## Quick Reference Card
+
+### When to Use
+- PR code reviews
+- Pair programming feedback
+- Establishing team review standards
+- Mentoring developers
+
+### Feedback Priority Levels
+| Level | Icon | Meaning | Action |
+|-------|------|---------|--------|
+| Blocker | 🔴 | Bug/security/crash | Must fix before merge |
+| Major | 🟡 | Logic issue/test gap | Should fix before merge |
+| Minor | 🟢 | Style/naming | Nice to fix |
+| Suggestion | 💡 | Alternative approach | Consider for future |
+
+### Review Scope Limits
+| Lines Changed | Recommendation |
+|---------------|----------------|
+| < 200 | Single review session |
+| 200-400 | Review in chunks |
+| > 400 | Request PR split |
+
+### What to Focus On
+| ✅ Review | ❌ Skip |
+|-----------|---------|
+| Logic correctness | Formatting (use linter) |
+| Security risks | Naming preferences |
+| Test coverage | Architecture debates |
+| Performance issues | Style opinions |
+| Error handling | Trivial changes |
+
+---
+
+## Feedback Templates
+
+### Blocker (Must Fix)
+```markdown
+🔴 **BLOCKER: SQL Injection Risk**
+
+This query is vulnerable to SQL injection:
+```javascript
+db.query(`SELECT * FROM users WHERE id = ${userId}`)
+```
+
+**Fix:** Use parameterized queries:
+```javascript
+db.query('SELECT * FROM users WHERE id = ?', [userId])
+```
+
+**Why:** User input directly in SQL allows attackers to execute arbitrary queries.
+```
+
+### Major (Should Fix)
+```markdown
+🟡 **MAJOR: Missing Error Handling**
+
+What happens if `fetchUser()` throws? The error bubbles up unhandled.
+
+**Suggestion:** Add try/catch with appropriate error response:
+```javascript
+try {
+  const user = await fetchUser(id);
+  return user;
+} catch (error) {
+  logger.error('Failed to fetch user', { id, error });
+  throw new NotFoundError('User not found');
+}
+```
+```
+
+### Minor (Nice to Fix)
+```markdown
+🟢 **minor:** Variable name could be clearer
+
+`d` doesn't convey meaning. Consider `daysSinceLastLogin`.
+```
+
+### Suggestion (Consider)
+```markdown
+💡 **suggestion:** Consider extracting this to a helper
+
+This validation logic appears in 3 places. A `validateEmail()` helper would reduce duplication. Not blocking, but might be worth a follow-up PR.
+```
+
+---
+
+## Review Questions to Ask
+
+### Logic
+- What happens when X is null/empty/negative?
+- Is there a race condition here?
+- What if the API call fails?
+
+### Security
+- Is user input validated/sanitized?
+- Are auth checks in place?
+- Any secrets or PII exposed?
+
+### Testability
+- How would you test this?
+- Are dependencies injectable?
+- Is there a test for the happy path? Edge cases?
+
+### Maintainability
+- Will the next developer understand this?
+- Is this doing too many things?
+- Is there duplication we could reduce?
+
+---
+
+## Agent-Assisted Reviews
+
+```typescript
+// Comprehensive code review
+await Task("Code Review", {
+  prNumber: 123,
+  checks: ['security', 'performance', 'testability', 'maintainability'],
+  feedbackLevels: ['blocker', 'major', 'minor'],
+  autoApprove: { maxBlockers: 0, maxMajor: 2 }
+}, "qe-quality-analyzer");
+
+// Security-focused review
+await Task("Security Review", {
+  prFiles: changedFiles,
+  scanTypes: ['injection', 'auth', 'secrets', 'dependencies']
+}, "qe-security-scanner");
+
+// Test coverage review
+await Task("Coverage Review", {
+  prNumber: 123,
+  requireNewTests: true,
+  minCoverageDelta: 0
+}, "qe-coverage-analyzer");
+```
+
+---
+
+## Agent Coordination Hints
+
+### Memory Namespace
+```
+aqe/code-review/
+├── review-history/*     - Past review decisions
+├── patterns/*           - Common issues by team/repo
+├── feedback-templates/* - Reusable feedback
+└── metrics/*            - Review turnaround time
+```
+
+### Fleet Coordination
+```typescript
+const reviewFleet = await FleetManager.coordinate({
+  strategy: 'code-review',
+  agents: [
+    'qe-quality-analyzer',    // Logic, maintainability
+    'qe-security-scanner',    // Security risks
+    'qe-performance-tester',  // Performance issues
+    'qe-coverage-analyzer'    // Test coverage
+  ],
+  topology: 'parallel'
+});
+```
+
+---
+
+## Review Etiquette
+
+| ✅ Do | ❌ Don't |
+|-------|---------|
+| "Have you considered...?" | "This is wrong" |
+| Explain why it matters | Just say "fix this" |
+| Acknowledge good code | Only point out negatives |
+| Suggest, don't demand | Be condescending |
+| Review < 400 lines | Review 2000 lines at once |
+
+---
+
+## Related Skills
+- [agentic-quality-engineering](../agentic-quality-engineering/) - Agent coordination
+- [security-testing](../security-testing/) - Security review depth
+- [refactoring-patterns](../refactoring-patterns/) - Maintainability patterns
+
+---
+
+## Remember
+
+**Prioritize feedback:** 🔴 Blocker → 🟡 Major → 🟢 Minor → 💡 Suggestion. Focus on bugs and security, not style. Ask questions, don't command. Review < 400 lines at a time. Fast feedback (< 24h) beats thorough feedback.
+
+**With Agents:** Agents automate security, performance, and coverage checks, freeing human reviewers to focus on logic and design. Use agents for consistent, fast initial review.

package/assets/skills/compatibility-testing/SKILL.md

@@ -0,0 +1,205 @@
+---
+name: compatibility-testing
+description: "Cross-browser, cross-platform, and cross-device compatibility testing ensuring consistent experience across environments. Use when validating browser support, testing responsive design, or ensuring platform compatibility."
+category: specialized-testing
+priority: medium
+tokenEstimate: 800
+agents: [qe-visual-tester, qe-test-executor, qe-performance-tester]
+implementation_status: optimized
+optimization_version: 1.0
+last_optimized: 2025-12-02
+dependencies: []
+quick_reference_card: true
+tags: [compatibility, cross-browser, responsive, browserstack, playwright, devices]
+---
+
+# Compatibility Testing
+
+<default_to_action>
+When validating cross-browser/platform compatibility:
+1. DEFINE browser matrix (cover 95%+ of users)
+2. TEST responsive breakpoints (mobile, tablet, desktop)
+3. RUN in parallel across browsers/devices
+4. USE cloud services for device coverage (BrowserStack, Sauce Labs)
+5. COMPARE visual screenshots across platforms
+
+**Quick Compatibility Checklist:**
+- Chrome, Firefox, Safari, Edge (latest + N-1)
+- Mobile Safari (iOS), Mobile Chrome (Android)
+- Screen sizes: 320px, 768px, 1920px
+- Test on actual target devices for critical flows
+
+**Critical Success Factors:**
+- Users access from 100+ browser/device combinations
+- Test where users are, not where you develop
+- Cloud testing reduces 10 hours to 15 minutes
+</default_to_action>
+
+## Quick Reference Card
+
+### When to Use
+- Before release
+- After CSS/layout changes
+- Launching in new markets
+- Responsive design validation
+
+### Browser Matrix
+| Browser | Versions | Priority |
+|---------|----------|----------|
+| **Chrome** | Latest, N-1 | High |
+| **Firefox** | Latest, N-1 | High |
+| **Safari** | Latest, N-1 | High |
+| **Edge** | Latest | Medium |
+| **Mobile Safari** | iOS latest | High |
+| **Mobile Chrome** | Android latest | High |
+
+### Screen Breakpoints
+| Category | Width Range |
+|----------|-------------|
+| **Mobile** | 320px - 480px |
+| **Tablet** | 481px - 768px |
+| **Desktop** | 769px - 1920px+ |
+
+---
+
+## Responsive Design Testing
+
+```javascript
+import { test, expect } from '@playwright/test';
+
+const devices = [
+  { name: 'iPhone 12', width: 390, height: 844 },
+  { name: 'iPad', width: 768, height: 1024 },
+  { name: 'Desktop', width: 1920, height: 1080 }
+];
+
+for (const device of devices) {
+  test(`layout on ${device.name}`, async ({ page }) => {
+    await page.setViewportSize({
+      width: device.width,
+      height: device.height
+    });
+
+    await page.goto('https://example.com');
+
+    const nav = await page.locator('nav');
+    if (device.width < 768) {
+      // Mobile: hamburger menu
+      expect(await nav.locator('.hamburger')).toBeVisible();
+    } else {
+      // Desktop: full menu
+      expect(await nav.locator('.menu-items')).toBeVisible();
+    }
+  });
+}
+```
+
+---
+
+## Cross-Browser with Playwright
+
+```javascript
+// playwright.config.ts
+import { defineConfig, devices } from '@playwright/test';
+
+export default defineConfig({
+  projects: [
+    { name: 'chromium', use: { ...devices['Desktop Chrome'] } },
+    { name: 'firefox', use: { ...devices['Desktop Firefox'] } },
+    { name: 'webkit', use: { ...devices['Desktop Safari'] } },
+    { name: 'mobile-chrome', use: { ...devices['Pixel 5'] } },
+    { name: 'mobile-safari', use: { ...devices['iPhone 12'] } }
+  ]
+});
+
+// Run: npx playwright test --project=chromium --project=firefox
+```
+
+---
+
+## Cloud Testing Integration
+
+```javascript
+// BrowserStack configuration
+const capabilities = {
+  'browserName': 'Chrome',
+  'browser_version': '118.0',
+  'os': 'Windows',
+  'os_version': '11',
+  'browserstack.user': process.env.BROWSERSTACK_USER,
+  'browserstack.key': process.env.BROWSERSTACK_KEY
+};
+
+// Parallel execution across devices
+const deviceMatrix = [
+  { os: 'Windows', browser: 'Chrome' },
+  { os: 'OS X', browser: 'Safari' },
+  { os: 'Android', device: 'Samsung Galaxy S24' },
+  { os: 'iOS', device: 'iPhone 15' }
+];
+```
+
+---
+
+## Agent-Driven Compatibility Testing
+
+```typescript
+// Cross-platform visual comparison
+await Task("Compatibility Testing", {
+  url: 'https://example.com',
+  browsers: ['chrome', 'firefox', 'safari', 'edge'],
+  devices: ['desktop', 'tablet', 'mobile'],
+  platform: 'browserstack',
+  parallel: true
+}, "qe-visual-tester");
+
+// Returns:
+// {
+//   combinations: 12,  // 4 browsers × 3 devices
+//   passed: 11,
+//   differences: [{ browser: 'safari', device: 'mobile', diff: 0.02 }]
+// }
+```
+
+---
+
+## Agent Coordination Hints
+
+### Memory Namespace
+```
+aqe/compatibility-testing/
+├── browser-matrix/*     - Browser/version configurations
+├── device-matrix/*      - Device configurations
+├── visual-diffs/*       - Cross-browser visual differences
+└── reports/*            - Compatibility reports
+```
+
+### Fleet Coordination
+```typescript
+const compatFleet = await FleetManager.coordinate({
+  strategy: 'compatibility-testing',
+  agents: [
+    'qe-visual-tester',       // Visual comparison
+    'qe-test-executor',       // Cross-browser execution
+    'qe-performance-tester'   // Performance by platform
+  ],
+  topology: 'parallel'
+});
+```
+
+---
+
+## Related Skills
+- [mobile-testing](../mobile-testing/) - Mobile-specific testing
+- [visual-testing-advanced](../visual-testing-advanced/) - Visual regression
+- [accessibility-testing](../accessibility-testing/) - Cross-platform a11y
+
+---
+
+## Remember
+
+**Test where users are, not where you develop.** Developers use latest Chrome on high-end machines. Users access from older browsers, low-end devices, and slow networks.
+
+**Cover 95%+ of your user base.** Use analytics to identify actual browser/device usage. Don't waste time on browsers nobody uses.
+
+**With Agents:** Agents orchestrate parallel cross-browser testing across cloud platforms, reducing 10 hours of manual testing to 15 minutes. `qe-visual-tester` catches visual inconsistencies across platforms automatically.

package/assets/skills/compliance-testing/SKILL.md

@@ -0,0 +1,225 @@
+---
+name: compliance-testing
+description: "Regulatory compliance testing for GDPR, CCPA, HIPAA, SOC2, PCI-DSS and industry-specific regulations. Use when ensuring legal compliance, preparing for audits, or handling sensitive data."
+category: specialized-testing
+priority: high
+tokenEstimate: 900
+agents: [qe-security-scanner, qe-test-executor, qe-quality-gate]
+implementation_status: optimized
+optimization_version: 1.0
+last_optimized: 2025-12-02
+dependencies: []
+quick_reference_card: true
+tags: [compliance, gdpr, hipaa, pci-dss, ccpa, soc2, privacy, audit]
+---
+
+# Compliance Testing
+
+<default_to_action>
+When validating regulatory compliance:
+1. IDENTIFY applicable regulations (GDPR, HIPAA, PCI-DSS, etc.)
+2. MAP requirements to testable controls
+3. TEST data rights (access, erasure, portability)
+4. VERIFY encryption and access logging
+5. GENERATE audit-ready reports with evidence
+
+**Quick Compliance Checklist:**
+- Data subject rights work (access, delete, export)
+- PII is encrypted at rest and in transit
+- Access to sensitive data is logged
+- Consent is tracked with timestamps
+- Payment card data not stored (only tokenized)
+
+**Critical Success Factors:**
+- Non-compliance = €20M or 4% revenue (GDPR)
+- Audit trail everything
+- Test continuously, not just before audits
+</default_to_action>
+
+## Quick Reference Card
+
+### When to Use
+- Legal compliance requirements
+- Before security audits
+- Handling PII/PHI/PCI data
+- Entering new markets (EU, CA, healthcare)
+
+### Major Regulations
+| Regulation | Scope | Key Focus |
+|------------|-------|-----------|
+| **GDPR** | EU data | Privacy rights, consent |
+| **CCPA** | California | Consumer data rights |
+| **HIPAA** | Healthcare | PHI protection |
+| **PCI-DSS** | Payments | Card data security |
+| **SOC2** | SaaS | Security controls |
+
+### Penalties
+| Regulation | Maximum Fine |
+|------------|--------------|
+| **GDPR** | €20M or 4% revenue |
+| **HIPAA** | $1.5M per violation |
+| **PCI-DSS** | $100k/month |
+| **CCPA** | $7,500 per violation |
+
+---
+
+## GDPR Compliance Testing
+
+```javascript
+// Test data subject rights
+test('user can request their data', async () => {
+  const response = await api.post('/data-export', { userId });
+
+  expect(response.status).toBe(200);
+  expect(response.data.downloadUrl).toBeDefined();
+
+  const data = await downloadFile(response.data.downloadUrl);
+  expect(data).toHaveProperty('profile');
+  expect(data).toHaveProperty('orders');
+});
+
+test('user can delete their account', async () => {
+  await api.delete(`/users/${userId}`);
+
+  // All personal data deleted
+  expect(await db.users.findOne({ id: userId })).toBeNull();
+  expect(await db.orders.find({ userId })).toHaveLength(0);
+
+  // Audit log retained (legal requirement)
+  expect(await db.auditLogs.find({ userId })).toBeDefined();
+});
+
+test('consent is tracked', async () => {
+  await api.post('/consent', {
+    userId, type: 'marketing', granted: true,
+    timestamp: new Date(), ipAddress: '192.168.1.1'
+  });
+
+  const consent = await db.consents.findOne({ userId, type: 'marketing' });
+  expect(consent.timestamp).toBeDefined();
+  expect(consent.ipAddress).toBeDefined();
+});
+```
+
+---
+
+## HIPAA Compliance Testing
+
+```javascript
+// Test PHI security
+test('PHI is encrypted at rest', async () => {
+  const patient = await db.patients.create({
+    ssn: '123-45-6789',
+    medicalHistory: 'Diabetes'
+  });
+
+  const raw = await db.raw('SELECT * FROM patients WHERE id = ?', patient.id);
+  expect(raw.ssn).not.toBe('123-45-6789'); // Should be encrypted
+});
+
+test('access to PHI is logged', async () => {
+  await api.get('/patients/123', {
+    headers: { 'User-Id': 'doctor456' }
+  });
+
+  const auditLog = await db.auditLogs.findOne({
+    resourceType: 'patient',
+    resourceId: '123',
+    userId: 'doctor456'
+  });
+
+  expect(auditLog.action).toBe('read');
+  expect(auditLog.timestamp).toBeDefined();
+});
+```
+
+---
+
+## PCI-DSS Compliance Testing
+
+```javascript
+// Test payment card handling
+test('credit card numbers not stored', async () => {
+  await api.post('/payment', {
+    cardNumber: '4242424242424242',
+    expiry: '12/25', cvv: '123'
+  });
+
+  const payment = await db.payments.findOne({ /* ... */ });
+  expect(payment.cardNumber).toBeUndefined();
+  expect(payment.last4).toBe('4242'); // Only last 4
+  expect(payment.tokenId).toBeDefined(); // Token from gateway
+});
+
+test('CVV never stored', async () => {
+  const payments = await db.raw('SELECT * FROM payments');
+  const hasCVV = payments.some(p =>
+    JSON.stringify(p).toLowerCase().includes('cvv')
+  );
+  expect(hasCVV).toBe(false);
+});
+```
+
+---
+
+## Agent-Driven Compliance
+
+```typescript
+// Comprehensive compliance validation
+await Task("Compliance Validation", {
+  regulations: ['GDPR', 'PCI-DSS'],
+  scope: 'full-application',
+  generateAuditReport: true
+}, "qe-security-scanner");
+
+// Returns:
+// {
+//   gdpr: { compliant: true, controls: 12, passed: 12 },
+//   pciDss: { compliant: false, controls: 8, passed: 7 },
+//   violations: [{ control: 'card-storage', severity: 'critical' }],
+//   auditReport: 'compliance-audit-2025-12-02.pdf'
+// }
+```
+
+---
+
+## Agent Coordination Hints
+
+### Memory Namespace
+```
+aqe/compliance-testing/
+├── regulations/*        - Regulation requirements
+├── controls/*           - Control test results
+├── audit-reports/*      - Generated audit reports
+└── violations/*         - Compliance violations
+```
+
+### Fleet Coordination
+```typescript
+const complianceFleet = await FleetManager.coordinate({
+  strategy: 'compliance-validation',
+  agents: [
+    'qe-security-scanner',   // Scan for vulnerabilities
+    'qe-test-executor',      // Execute compliance tests
+    'qe-quality-gate'        // Block non-compliant releases
+  ],
+  topology: 'sequential'
+});
+```
+
+---
+
+## Related Skills
+- [security-testing](../security-testing/) - Security vulnerabilities
+- [test-data-management](../test-data-management/) - PII handling
+- [accessibility-testing](../accessibility-testing/) - Legal requirements
+
+---
+
+## Remember
+
+**Compliance is mandatory, not optional.** Fines are severe: GDPR up to €20M or 4% of revenue, HIPAA up to $1.5M per violation. But beyond fines, non-compliance damages reputation and user trust.
+
+**Audit trail everything.** Every access to sensitive data, every consent, every deletion must be logged with timestamps and user IDs.
+
+**With Agents:** Agents validate compliance requirements continuously, detect violations early, and generate audit-ready reports. Catch compliance issues in development, not in audits.