npm - @agentic-qe/v3 - Versions diffs - 3.0.0-alpha.6 → 3.0.0-alpha.8 - Mend

@agentic-qe/v3 3.0.0-alpha.6 → 3.0.0-alpha.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (612) hide show

package/assets/agents/v3/subagents/v3-qe-code-reviewer.md +339 -0
package/assets/agents/v3/subagents/v3-qe-integration-reviewer.md +344 -0
package/assets/agents/v3/subagents/v3-qe-performance-reviewer.md +351 -0
package/assets/agents/v3/subagents/v3-qe-security-reviewer.md +374 -0
package/assets/agents/v3/subagents/v3-qe-tdd-green.md +334 -0
package/assets/agents/v3/subagents/v3-qe-tdd-red.md +329 -0
package/assets/agents/v3/subagents/v3-qe-tdd-refactor.md +361 -0
package/assets/agents/v3/v3-qe-accessibility-auditor.md +266 -0
package/assets/agents/v3/v3-qe-bdd-generator.md +279 -0
package/assets/agents/v3/v3-qe-chaos-engineer.md +265 -0
package/assets/agents/v3/v3-qe-code-complexity.md +298 -0
package/assets/agents/v3/v3-qe-code-intelligence.md +262 -0
package/assets/agents/v3/v3-qe-contract-validator.md +267 -0
package/assets/agents/v3/v3-qe-coverage-specialist.md +227 -0
package/assets/agents/v3/v3-qe-defect-predictor.md +251 -0
package/assets/agents/v3/v3-qe-dependency-mapper.md +277 -0
package/assets/agents/v3/v3-qe-deployment-advisor.md +275 -0
package/assets/agents/v3/v3-qe-flaky-hunter.md +248 -0
package/assets/agents/v3/v3-qe-fleet-commander.md +293 -0
package/assets/agents/v3/v3-qe-gap-detector.md +260 -0
package/assets/agents/v3/v3-qe-graphql-tester.md +308 -0
package/assets/agents/v3/v3-qe-impact-analyzer.md +299 -0
package/assets/agents/v3/v3-qe-integration-tester.md +238 -0
package/assets/agents/v3/v3-qe-kg-builder.md +273 -0
package/assets/agents/v3/v3-qe-learning-coordinator.md +226 -0
package/assets/agents/v3/v3-qe-load-tester.md +280 -0
package/assets/agents/v3/v3-qe-metrics-optimizer.md +300 -0
package/assets/agents/v3/v3-qe-mutation-tester.md +301 -0
package/assets/agents/v3/v3-qe-parallel-executor.md +240 -0
package/assets/agents/v3/v3-qe-pattern-learner.md +271 -0
package/assets/agents/v3/v3-qe-performance-tester.md +262 -0
package/assets/agents/v3/v3-qe-property-tester.md +247 -0
package/assets/agents/v3/v3-qe-quality-gate.md +218 -0
package/assets/agents/v3/v3-qe-queen-coordinator.md +214 -0
package/assets/agents/v3/v3-qe-qx-partner.md +313 -0
package/assets/agents/v3/v3-qe-regression-analyzer.md +322 -0
package/assets/agents/v3/v3-qe-requirements-validator.md +360 -0
package/assets/agents/v3/v3-qe-responsive-tester.md +311 -0
package/assets/agents/v3/v3-qe-retry-handler.md +256 -0
package/assets/agents/v3/v3-qe-risk-assessor.md +273 -0
package/assets/agents/v3/v3-qe-root-cause-analyzer.md +286 -0
package/assets/agents/v3/v3-qe-security-auditor.md +299 -0
package/assets/agents/v3/v3-qe-security-scanner.md +235 -0
package/assets/agents/v3/v3-qe-tdd-specialist.md +239 -0
package/assets/agents/v3/v3-qe-test-architect.md +233 -0
package/assets/agents/v3/v3-qe-transfer-specialist.md +295 -0
package/assets/agents/v3/v3-qe-visual-tester.md +232 -0
package/assets/skills/accessibility-testing/SKILL.md +216 -0
package/assets/skills/agentdb-advanced/SKILL.md +550 -0
package/assets/skills/agentdb-learning/SKILL.md +545 -0
package/assets/skills/agentdb-memory-patterns/SKILL.md +339 -0
package/assets/skills/agentdb-optimization/SKILL.md +509 -0
package/assets/skills/agentdb-vector-search/SKILL.md +339 -0
package/assets/skills/agentic-jujutsu/SKILL.md +645 -0
package/assets/skills/agentic-quality-engineering/SKILL.md +335 -0
package/assets/skills/api-testing-patterns/SKILL.md +294 -0
package/assets/skills/aqe-v2-v3-migration/skill.md +322 -0
package/assets/skills/brutal-honesty-review/README.md +218 -0
package/assets/skills/brutal-honesty-review/SKILL.md +235 -0
package/assets/skills/brutal-honesty-review/resources/assessment-rubrics.md +295 -0
package/assets/skills/brutal-honesty-review/resources/review-template.md +102 -0
package/assets/skills/brutal-honesty-review/scripts/assess-code.sh +179 -0
package/assets/skills/brutal-honesty-review/scripts/assess-tests.sh +223 -0
package/assets/skills/bug-reporting-excellence/SKILL.md +225 -0
package/assets/skills/chaos-engineering-resilience/SKILL.md +158 -0
package/assets/skills/cicd-pipeline-qe-orchestrator/README.md +304 -0
package/assets/skills/cicd-pipeline-qe-orchestrator/SKILL.md +315 -0
package/assets/skills/cicd-pipeline-qe-orchestrator/resources/workflows/microservice-pipeline.md +239 -0
package/assets/skills/cicd-pipeline-qe-orchestrator/resources/workflows/mobile-pipeline.md +375 -0
package/assets/skills/cicd-pipeline-qe-orchestrator/resources/workflows/monolith-pipeline.md +268 -0
package/assets/skills/code-review-quality/SKILL.md +227 -0
package/assets/skills/compatibility-testing/SKILL.md +205 -0
package/assets/skills/compliance-testing/SKILL.md +225 -0
package/assets/skills/consultancy-practices/SKILL.md +202 -0
package/assets/skills/context-driven-testing/SKILL.md +196 -0
package/assets/skills/contract-testing/SKILL.md +222 -0
package/assets/skills/database-testing/SKILL.md +244 -0
package/assets/skills/exploratory-testing-advanced/SKILL.md +201 -0
package/assets/skills/flow-nexus-neural/SKILL.md +738 -0
package/assets/skills/flow-nexus-platform/SKILL.md +1157 -0
package/assets/skills/flow-nexus-swarm/SKILL.md +610 -0
package/assets/skills/github-code-review/SKILL.md +1140 -0
package/assets/skills/github-multi-repo/SKILL.md +874 -0
package/assets/skills/github-project-management/SKILL.md +1277 -0
package/assets/skills/github-release-management/SKILL.md +1081 -0
package/assets/skills/github-workflow-automation/SKILL.md +1065 -0
package/assets/skills/hive-mind-advanced/SKILL.md +712 -0
package/assets/skills/holistic-testing-pact/SKILL.md +171 -0
package/assets/skills/hooks-automation/SKILL.md +1201 -0
package/assets/skills/localization-testing/SKILL.md +221 -0
package/assets/skills/mobile-testing/SKILL.md +219 -0
package/assets/skills/mutation-testing/SKILL.md +229 -0
package/assets/skills/n8n-expression-testing/SKILL.md +434 -0
package/assets/skills/n8n-integration-testing-patterns/SKILL.md +540 -0
package/assets/skills/n8n-security-testing/SKILL.md +599 -0
package/assets/skills/n8n-trigger-testing-strategies/SKILL.md +541 -0
package/assets/skills/n8n-workflow-testing-fundamentals/SKILL.md +447 -0
package/assets/skills/pair-programming/SKILL.md +1202 -0
package/assets/skills/performance-analysis/SKILL.md +563 -0
package/assets/skills/performance-testing/SKILL.md +310 -0
package/assets/skills/quality-metrics/SKILL.md +225 -0
package/assets/skills/reasoningbank-agentdb/SKILL.md +446 -0
package/assets/skills/reasoningbank-intelligence/SKILL.md +201 -0
package/assets/skills/refactoring-patterns/SKILL.md +205 -0
package/assets/skills/regression-testing/SKILL.md +227 -0
package/assets/skills/risk-based-testing/SKILL.md +206 -0
package/assets/skills/security-testing/SKILL.md +306 -0
package/assets/skills/sherlock-review/SKILL.md +250 -0
package/assets/skills/shift-left-testing/SKILL.md +225 -0
package/assets/skills/shift-right-testing/SKILL.md +227 -0
package/assets/skills/six-thinking-hats/README.md +190 -0
package/assets/skills/six-thinking-hats/SKILL.md +280 -0
package/assets/skills/six-thinking-hats/resources/examples/api-testing-example.md +345 -0
package/assets/skills/six-thinking-hats/resources/templates/solo-session-template.md +167 -0
package/assets/skills/six-thinking-hats/resources/templates/team-session-template.md +336 -0
package/assets/skills/skill-builder/SKILL.md +910 -0
package/assets/skills/sparc-methodology/SKILL.md +1115 -0
package/assets/skills/stream-chain/SKILL.md +563 -0
package/assets/skills/swarm-advanced/SKILL.md +973 -0
package/assets/skills/swarm-orchestration/SKILL.md +179 -0
package/assets/skills/tdd-london-chicago/SKILL.md +244 -0
package/assets/skills/technical-writing/SKILL.md +178 -0
package/assets/skills/test-automation-strategy/SKILL.md +230 -0
package/assets/skills/test-data-management/SKILL.md +270 -0
package/assets/skills/test-design-techniques/SKILL.md +244 -0
package/assets/skills/test-environment-management/SKILL.md +243 -0
package/assets/skills/test-reporting-analytics/SKILL.md +214 -0
package/assets/skills/testability-scoring/README.md +71 -0
package/assets/skills/testability-scoring/SKILL.md +346 -0
package/assets/skills/testability-scoring/resources/templates/config.template.js +84 -0
package/assets/skills/testability-scoring/resources/templates/testability-scoring.spec.template.js +532 -0
package/assets/skills/testability-scoring/scripts/generate-html-report.js +1007 -0
package/assets/skills/testability-scoring/scripts/run-assessment.sh +70 -0
package/assets/skills/v3-qe-chaos-resilience/SKILL.md +238 -0
package/assets/skills/v3-qe-code-intelligence/SKILL.md +209 -0
package/assets/skills/v3-qe-contract-testing/SKILL.md +218 -0
package/assets/skills/v3-qe-coverage-analysis/SKILL.md +187 -0
package/assets/skills/v3-qe-defect-intelligence/SKILL.md +205 -0
package/assets/skills/v3-qe-learning-optimization/SKILL.md +238 -0
package/assets/skills/v3-qe-quality-assessment/SKILL.md +213 -0
package/assets/skills/v3-qe-requirements-validation/SKILL.md +248 -0
package/assets/skills/v3-qe-test-execution/SKILL.md +182 -0
package/assets/skills/v3-qe-test-generation/SKILL.md +141 -0
package/assets/skills/v3-qe-visual-accessibility/SKILL.md +242 -0
package/assets/skills/verification-quality/SKILL.md +649 -0
package/assets/skills/visual-testing-advanced/SKILL.md +219 -0
package/assets/skills/xp-practices/SKILL.md +229 -0
package/dist/cli/bundle.js +23 -13
package/dist/init/agents-installer.js +4 -4
package/dist/init/agents-installer.js.map +1 -1
package/dist/init/init-wizard.d.ts.map +1 -1
package/dist/init/init-wizard.js +15 -5
package/dist/init/init-wizard.js.map +1 -1
package/dist/init/skills-installer.js +4 -4
package/dist/init/skills-installer.js.map +1 -1
package/package.json +7 -1
package/docs/analysis/V3-INIT-REQUIREMENTS-ANALYSIS.md +0 -352
package/implementation/README.md +0 -90
package/implementation/adrs/ADR-030-coherence-gated-quality-gates.md +0 -312
package/implementation/adrs/ADR-031-strange-loop-self-awareness.md +0 -484
package/implementation/adrs/ADR-032-time-crystal-scheduling.md +0 -530
package/implementation/adrs/ADR-033-early-exit-testing.md +0 -634
package/implementation/adrs/ADR-034-neural-topology-optimizer.md +0 -589
package/implementation/adrs/ADR-035-causal-discovery.md +0 -610
package/implementation/adrs/ADR-036-result-persistence.md +0 -326
package/implementation/adrs/ADR-037-v3-qe-agent-naming.md +0 -105
package/implementation/adrs/ADR-038-v3-qe-memory-unification.md +0 -154
package/implementation/adrs/ADR-039-v3-qe-mcp-optimization.md +0 -179
package/implementation/adrs/ADR-040-v3-qe-agentic-flow-integration.md +0 -240
package/implementation/adrs/ADR-041-v3-qe-cli-enhancement.md +0 -296
package/implementation/adrs/ADR-042-v3-qe-token-tracking-integration.md +0 -517
package/implementation/adrs/v3-adrs.md +0 -2783
package/implementation/planning/AQE-V3-MASTER-PLAN.md +0 -815
package/security-scan-report-2026-01-11.md +0 -410
package/security-verification-report-2026-01-11.md +0 -278
package/src/benchmarks/performance-benchmarks.ts +0 -646
package/src/benchmarks/run-benchmarks.ts +0 -324
package/src/causal-discovery/causal-graph.ts +0 -450
package/src/causal-discovery/discovery-engine.ts +0 -438
package/src/causal-discovery/index.ts +0 -117
package/src/causal-discovery/types.ts +0 -456
package/src/causal-discovery/weight-matrix.ts +0 -453
package/src/cli/commands/qe-tools.ts +0 -634
package/src/cli/index.ts +0 -1976
package/src/compatibility/agent-mapper.ts +0 -291
package/src/compatibility/cli-adapter.ts +0 -277
package/src/compatibility/config-migrator.ts +0 -334
package/src/compatibility/index.ts +0 -112
package/src/compatibility/mcp-adapter.ts +0 -248
package/src/compatibility/types.ts +0 -156
package/src/coordination/claims/claim-repository.ts +0 -636
package/src/coordination/claims/claim-service.ts +0 -675
package/src/coordination/claims/handoff-manager.ts +0 -535
package/src/coordination/claims/index.ts +0 -276
package/src/coordination/claims/interfaces.ts +0 -687
package/src/coordination/claims/work-stealing.ts +0 -436
package/src/coordination/cross-domain-router.ts +0 -492
package/src/coordination/index.ts +0 -127
package/src/coordination/interfaces.ts +0 -691
package/src/coordination/protocol-executor.ts +0 -760
package/src/coordination/protocols/code-intelligence-index.ts +0 -855
package/src/coordination/protocols/defect-investigation.ts +0 -1184
package/src/coordination/protocols/index.ts +0 -11
package/src/coordination/protocols/learning-consolidation.ts +0 -1181
package/src/coordination/protocols/morning-sync.ts +0 -1055
package/src/coordination/protocols/quality-gate.ts +0 -1566
package/src/coordination/protocols/security-audit.ts +0 -1587
package/src/coordination/queen-coordinator.ts +0 -1176
package/src/coordination/result-saver.ts +0 -780
package/src/coordination/task-executor.ts +0 -1146
package/src/coordination/workflow-orchestrator.ts +0 -1917
package/src/domains/chaos-resilience/coordinator.ts +0 -1032
package/src/domains/chaos-resilience/index.ts +0 -143
package/src/domains/chaos-resilience/interfaces.ts +0 -659
package/src/domains/chaos-resilience/plugin.ts +0 -691
package/src/domains/chaos-resilience/services/chaos-engineer.ts +0 -1097
package/src/domains/chaos-resilience/services/index.ts +0 -19
package/src/domains/chaos-resilience/services/load-tester.ts +0 -799
package/src/domains/chaos-resilience/services/performance-profiler.ts +0 -792
package/src/domains/code-intelligence/coordinator.ts +0 -631
package/src/domains/code-intelligence/index.ts +0 -86
package/src/domains/code-intelligence/interfaces.ts +0 -162
package/src/domains/code-intelligence/plugin.ts +0 -451
package/src/domains/code-intelligence/services/impact-analyzer.ts +0 -567
package/src/domains/code-intelligence/services/index.ts +0 -26
package/src/domains/code-intelligence/services/knowledge-graph.ts +0 -1067
package/src/domains/code-intelligence/services/semantic-analyzer.ts +0 -901
package/src/domains/contract-testing/coordinator.ts +0 -1038
package/src/domains/contract-testing/index.ts +0 -122
package/src/domains/contract-testing/interfaces.ts +0 -458
package/src/domains/contract-testing/plugin.ts +0 -746
package/src/domains/contract-testing/services/api-compatibility.ts +0 -748
package/src/domains/contract-testing/services/contract-validator.ts +0 -1700
package/src/domains/contract-testing/services/index.ts +0 -19
package/src/domains/contract-testing/services/schema-validator.ts +0 -1102
package/src/domains/coverage-analysis/coordinator.ts +0 -485
package/src/domains/coverage-analysis/index.ts +0 -114
package/src/domains/coverage-analysis/interfaces.ts +0 -142
package/src/domains/coverage-analysis/plugin.ts +0 -172
package/src/domains/coverage-analysis/services/coverage-analyzer.ts +0 -449
package/src/domains/coverage-analysis/services/coverage-embedder.ts +0 -733
package/src/domains/coverage-analysis/services/coverage-parser.ts +0 -753
package/src/domains/coverage-analysis/services/gap-detector.ts +0 -592
package/src/domains/coverage-analysis/services/hnsw-index.ts +0 -728
package/src/domains/coverage-analysis/services/index.ts +0 -61
package/src/domains/coverage-analysis/services/risk-scorer.ts +0 -540
package/src/domains/coverage-analysis/services/sublinear-analyzer.ts +0 -747
package/src/domains/defect-intelligence/coordinator.ts +0 -635
package/src/domains/defect-intelligence/index.ts +0 -83
package/src/domains/defect-intelligence/interfaces.ts +0 -152
package/src/domains/defect-intelligence/plugin.ts +0 -483
package/src/domains/defect-intelligence/services/causal-root-cause-analyzer.ts +0 -494
package/src/domains/defect-intelligence/services/defect-predictor.ts +0 -852
package/src/domains/defect-intelligence/services/index.ts +0 -37
package/src/domains/defect-intelligence/services/pattern-learner.ts +0 -738
package/src/domains/defect-intelligence/services/root-cause-analyzer.ts +0 -637
package/src/domains/domain-interface.ts +0 -77
package/src/domains/index.ts +0 -23
package/src/domains/learning-optimization/coordinator.ts +0 -1215
package/src/domains/learning-optimization/index.ts +0 -127
package/src/domains/learning-optimization/interfaces.ts +0 -570
package/src/domains/learning-optimization/plugin.ts +0 -851
package/src/domains/learning-optimization/services/index.ts +0 -29
package/src/domains/learning-optimization/services/learning-coordinator.ts +0 -972
package/src/domains/learning-optimization/services/metrics-optimizer.ts +0 -915
package/src/domains/learning-optimization/services/production-intel.ts +0 -971
package/src/domains/learning-optimization/services/transfer-specialist.ts +0 -723
package/src/domains/quality-assessment/coherence/gate-controller.ts +0 -549
package/src/domains/quality-assessment/coherence/index.ts +0 -211
package/src/domains/quality-assessment/coherence/lambda-calculator.ts +0 -384
package/src/domains/quality-assessment/coherence/partition-detector.ts +0 -469
package/src/domains/quality-assessment/coherence/types.ts +0 -384
package/src/domains/quality-assessment/coordinator.ts +0 -605
package/src/domains/quality-assessment/index.ts +0 -97
package/src/domains/quality-assessment/interfaces.ts +0 -152
package/src/domains/quality-assessment/plugin.ts +0 -496
package/src/domains/quality-assessment/services/coherence-gate.ts +0 -358
package/src/domains/quality-assessment/services/deployment-advisor.ts +0 -571
package/src/domains/quality-assessment/services/index.ts +0 -34
package/src/domains/quality-assessment/services/quality-analyzer.ts +0 -670
package/src/domains/quality-assessment/services/quality-gate.ts +0 -384
package/src/domains/requirements-validation/coordinator.ts +0 -812
package/src/domains/requirements-validation/index.ts +0 -92
package/src/domains/requirements-validation/interfaces.ts +0 -303
package/src/domains/requirements-validation/plugin.ts +0 -576
package/src/domains/requirements-validation/services/bdd-scenario-writer.ts +0 -676
package/src/domains/requirements-validation/services/index.ts +0 -20
package/src/domains/requirements-validation/services/requirements-validator.ts +0 -559
package/src/domains/requirements-validation/services/testability-scorer.ts +0 -639
package/src/domains/security-compliance/coordinator.ts +0 -757
package/src/domains/security-compliance/index.ts +0 -120
package/src/domains/security-compliance/interfaces.ts +0 -434
package/src/domains/security-compliance/plugin.ts +0 -509
package/src/domains/security-compliance/services/compliance-validator.ts +0 -1226
package/src/domains/security-compliance/services/index.ts +0 -31
package/src/domains/security-compliance/services/security-auditor.ts +0 -2227
package/src/domains/security-compliance/services/security-scanner.ts +0 -2354
package/src/domains/security-compliance/services/semgrep-integration.ts +0 -289
package/src/domains/test-execution/coordinator.ts +0 -426
package/src/domains/test-execution/index.ts +0 -76
package/src/domains/test-execution/interfaces.ts +0 -119
package/src/domains/test-execution/plugin.ts +0 -208
package/src/domains/test-execution/services/flaky-detector.ts +0 -1240
package/src/domains/test-execution/services/index.ts +0 -8
package/src/domains/test-execution/services/retry-handler.ts +0 -820
package/src/domains/test-execution/services/test-executor.ts +0 -885
package/src/domains/test-generation/coordinator.ts +0 -656
package/src/domains/test-generation/index.ts +0 -77
package/src/domains/test-generation/interfaces.ts +0 -118
package/src/domains/test-generation/plugin.ts +0 -397
package/src/domains/test-generation/services/index.ts +0 -23
package/src/domains/test-generation/services/pattern-matcher.ts +0 -1725
package/src/domains/test-generation/services/test-generator.ts +0 -2750
package/src/domains/visual-accessibility/coordinator.ts +0 -860
package/src/domains/visual-accessibility/index.ts +0 -116
package/src/domains/visual-accessibility/interfaces.ts +0 -435
package/src/domains/visual-accessibility/plugin.ts +0 -568
package/src/domains/visual-accessibility/services/accessibility-tester.ts +0 -982
package/src/domains/visual-accessibility/services/axe-core-audit.ts +0 -630
package/src/domains/visual-accessibility/services/index.ts +0 -28
package/src/domains/visual-accessibility/services/responsive-tester.ts +0 -934
package/src/domains/visual-accessibility/services/visual-tester.ts +0 -458
package/src/early-exit/early-exit-controller.ts +0 -490
package/src/early-exit/early-exit-decision.ts +0 -391
package/src/early-exit/index.ts +0 -115
package/src/early-exit/quality-signal.ts +0 -389
package/src/early-exit/speculative-executor.ts +0 -505
package/src/early-exit/types.ts +0 -407
package/src/feedback/coverage-learner.ts +0 -456
package/src/feedback/feedback-loop.ts +0 -426
package/src/feedback/index.ts +0 -72
package/src/feedback/pattern-promotion.ts +0 -373
package/src/feedback/quality-score-calculator.ts +0 -334
package/src/feedback/test-outcome-tracker.ts +0 -450
package/src/feedback/types.ts +0 -497
package/src/index.ts +0 -224
package/src/init/agents-installer.ts +0 -536
package/src/init/index.ts +0 -80
package/src/init/init-wizard.ts +0 -1061
package/src/init/project-analyzer.ts +0 -696
package/src/init/self-configurator.ts +0 -488
package/src/init/skills-installer.ts +0 -467
package/src/init/types.ts +0 -432
package/src/integrations/ruvector/ast-complexity.ts +0 -470
package/src/integrations/ruvector/coverage-router.ts +0 -594
package/src/integrations/ruvector/diff-risk-classifier.ts +0 -759
package/src/integrations/ruvector/fallback.ts +0 -942
package/src/integrations/ruvector/graph-boundaries.ts +0 -809
package/src/integrations/ruvector/index.ts +0 -363
package/src/integrations/ruvector/interfaces.ts +0 -609
package/src/integrations/ruvector/q-learning-router.ts +0 -550
package/src/kernel/agent-coordinator.ts +0 -165
package/src/kernel/agentdb-backend.ts +0 -504
package/src/kernel/event-bus.ts +0 -129
package/src/kernel/hybrid-backend.ts +0 -538
package/src/kernel/index.ts +0 -28
package/src/kernel/interfaces.ts +0 -257
package/src/kernel/kernel.ts +0 -285
package/src/kernel/memory-backend.ts +0 -169
package/src/kernel/memory-factory.ts +0 -293
package/src/kernel/plugin-loader.ts +0 -179
package/src/learning/index.ts +0 -219
package/src/learning/pattern-store.ts +0 -990
package/src/learning/qe-guidance.ts +0 -832
package/src/learning/qe-hooks.ts +0 -644
package/src/learning/qe-patterns.ts +0 -449
package/src/learning/qe-reasoning-bank.ts +0 -951
package/src/learning/real-embeddings.ts +0 -277
package/src/learning/real-qe-reasoning-bank.ts +0 -833
package/src/learning/sqlite-persistence.ts +0 -554
package/src/mcp/entry.ts +0 -59
package/src/mcp/handlers/agent-handlers.ts +0 -285
package/src/mcp/handlers/core-handlers.ts +0 -317
package/src/mcp/handlers/domain-handlers.ts +0 -1444
package/src/mcp/handlers/index.ts +0 -57
package/src/mcp/handlers/memory-handlers.ts +0 -338
package/src/mcp/handlers/task-handlers.ts +0 -363
package/src/mcp/index.ts +0 -30
package/src/mcp/metrics/index.ts +0 -14
package/src/mcp/metrics/metrics-collector.ts +0 -503
package/src/mcp/protocol-server.ts +0 -752
package/src/mcp/security/cve-prevention.ts +0 -742
package/src/mcp/security/index.ts +0 -356
package/src/mcp/security/oauth21-provider.ts +0 -821
package/src/mcp/security/rate-limiter.ts +0 -615
package/src/mcp/security/sampling-server.ts +0 -662
package/src/mcp/security/schema-validator.ts +0 -855
package/src/mcp/server.ts +0 -657
package/src/mcp/tool-registry.ts +0 -391
package/src/mcp/tools/base.ts +0 -399
package/src/mcp/tools/chaos-resilience/inject.ts +0 -699
package/src/mcp/tools/code-intelligence/analyze.ts +0 -745
package/src/mcp/tools/contract-testing/validate.ts +0 -708
package/src/mcp/tools/coverage-analysis/index.ts +0 -770
package/src/mcp/tools/defect-intelligence/predict.ts +0 -466
package/src/mcp/tools/index.ts +0 -214
package/src/mcp/tools/learning-optimization/optimize.ts +0 -772
package/src/mcp/tools/quality-assessment/evaluate.ts +0 -385
package/src/mcp/tools/registry.ts +0 -248
package/src/mcp/tools/requirements-validation/validate.ts +0 -394
package/src/mcp/tools/security-compliance/scan.ts +0 -365
package/src/mcp/tools/test-execution/execute.ts +0 -291
package/src/mcp/tools/test-generation/generate.ts +0 -544
package/src/mcp/tools/visual-accessibility/index.ts +0 -791
package/src/mcp/transport/index.ts +0 -31
package/src/mcp/transport/stdio.ts +0 -318
package/src/mcp/types.ts +0 -543
package/src/neural-optimizer/index.ts +0 -111
package/src/neural-optimizer/replay-buffer.ts +0 -455
package/src/neural-optimizer/swarm-topology.ts +0 -508
package/src/neural-optimizer/topology-optimizer.ts +0 -828
package/src/neural-optimizer/types.ts +0 -481
package/src/neural-optimizer/value-network.ts +0 -351
package/src/optimization/auto-tuner.ts +0 -817
package/src/optimization/index.ts +0 -77
package/src/optimization/metric-collectors.ts +0 -474
package/src/optimization/qe-workers.ts +0 -704
package/src/optimization/tuning-algorithm.ts +0 -401
package/src/optimization/types.ts +0 -314
package/src/routing/index.ts +0 -51
package/src/routing/qe-agent-registry.ts +0 -963
package/src/routing/qe-task-router.ts +0 -564
package/src/routing/routing-feedback.ts +0 -365
package/src/routing/types.ts +0 -406
package/src/shared/embeddings/embedding-cache.ts +0 -157
package/src/shared/embeddings/index.ts +0 -50
package/src/shared/embeddings/nomic-embedder.ts +0 -404
package/src/shared/embeddings/ollama-client.ts +0 -195
package/src/shared/embeddings/types.ts +0 -147
package/src/shared/entities/agent.ts +0 -141
package/src/shared/entities/base-entity.ts +0 -79
package/src/shared/entities/index.ts +0 -6
package/src/shared/events/domain-events.ts +0 -259
package/src/shared/events/index.ts +0 -5
package/src/shared/git/git-analyzer.ts +0 -656
package/src/shared/git/index.ts +0 -11
package/src/shared/http/http-client.ts +0 -420
package/src/shared/http/index.ts +0 -13
package/src/shared/index.ts +0 -41
package/src/shared/io/file-reader.ts +0 -525
package/src/shared/io/index.ts +0 -25
package/src/shared/llm/cache.ts +0 -473
package/src/shared/llm/circuit-breaker.ts +0 -369
package/src/shared/llm/cost-tracker.ts +0 -460
package/src/shared/llm/index.ts +0 -140
package/src/shared/llm/interfaces.ts +0 -629
package/src/shared/llm/provider-manager.ts +0 -685
package/src/shared/llm/providers/claude.ts +0 -524
package/src/shared/llm/providers/index.ts +0 -8
package/src/shared/llm/providers/ollama.ts +0 -575
package/src/shared/llm/providers/openai.ts +0 -609
package/src/shared/metrics/code-metrics.ts +0 -520
package/src/shared/metrics/index.ts +0 -23
package/src/shared/metrics/system-metrics.ts +0 -353
package/src/shared/parsers/index.ts +0 -6
package/src/shared/parsers/typescript-parser.ts +0 -841
package/src/shared/security/compliance-patterns.ts +0 -666
package/src/shared/security/index.ts +0 -30
package/src/shared/security/osv-client.ts +0 -468
package/src/shared/types/index.ts +0 -150
package/src/shared/value-objects/index.ts +0 -273
package/src/strange-loop/healing-controller.ts +0 -833
package/src/strange-loop/index.ts +0 -104
package/src/strange-loop/self-model.ts +0 -494
package/src/strange-loop/strange-loop.ts +0 -446
package/src/strange-loop/swarm-observer.ts +0 -448
package/src/strange-loop/topology-analyzer.ts +0 -565
package/src/strange-loop/types.ts +0 -640
package/src/time-crystal/default-phases.ts +0 -520
package/src/time-crystal/index.ts +0 -164
package/src/time-crystal/oscillator.ts +0 -425
package/src/time-crystal/phase-executor.ts +0 -521
package/src/time-crystal/scheduler.ts +0 -1025
package/src/time-crystal/test-runner.ts +0 -787
package/src/time-crystal/types.ts +0 -421
package/src/workers/base-worker.ts +0 -304
package/src/workers/daemon.ts +0 -264
package/src/workers/index.ts +0 -119
package/src/workers/interfaces.ts +0 -393
package/src/workers/worker-manager.ts +0 -424
package/src/workers/workers/compliance-checker.ts +0 -445
package/src/workers/workers/coverage-tracker.ts +0 -344
package/src/workers/workers/defect-predictor.ts +0 -375
package/src/workers/workers/flaky-detector.ts +0 -390
package/src/workers/workers/index.ts +0 -17
package/src/workers/workers/learning-consolidation.ts +0 -442
package/src/workers/workers/performance-baseline.ts +0 -434
package/src/workers/workers/quality-gate.ts +0 -419
package/src/workers/workers/regression-monitor.ts +0 -357
package/src/workers/workers/security-scan.ts +0 -349
package/src/workers/workers/test-health.ts +0 -359
package/tests/integration/code-intelligence/knowledge-graph-real.test.ts +0 -540
package/tests/integration/coordination/cross-domain-router.test.ts +0 -403
package/tests/integration/coordination/protocol-executor.test.ts +0 -454
package/tests/integration/coordination/workflow-orchestrator.test.ts +0 -418
package/tests/integration/feedback/feedback-loop-integration.test.ts +0 -560
package/tests/integration/migration/v2-to-v3-migration.test.ts +0 -471
package/tests/integration/parsers/typescript-parser.test.ts +0 -463
package/tests/integration/security/vulnerability-detection.test.ts +0 -628
package/tests/integration/test-execution/coordinator.test.ts +0 -410
package/tests/integration/test-generation/coordinator.test.ts +0 -361
package/tests/mocks/index.ts +0 -228
package/tests/time-crystal/default-phases.test.ts +0 -476
package/tests/time-crystal/oscillator.test.ts +0 -541
package/tests/time-crystal/phase-executor.test.ts +0 -653
package/tests/time-crystal/scheduler.test.ts +0 -626
package/tests/time-crystal/test-runner.test.ts +0 -594
package/tests/unit/causal-discovery/causal-graph.test.ts +0 -504
package/tests/unit/causal-discovery/causal-root-cause-analyzer.test.ts +0 -347
package/tests/unit/causal-discovery/discovery-engine.test.ts +0 -435
package/tests/unit/causal-discovery/weight-matrix.test.ts +0 -328
package/tests/unit/cli/cli.test.ts +0 -341
package/tests/unit/cli/commands.test.ts +0 -414
package/tests/unit/cli/init-command.test.ts +0 -274
package/tests/unit/cli/migrate-command.test.ts +0 -396
package/tests/unit/coordination/claims/claim-service.test.ts +0 -949
package/tests/unit/coordination/claims/handoff-manager.test.ts +0 -773
package/tests/unit/coordination/claims/work-stealing.test.ts +0 -492
package/tests/unit/coordination/queen-coordinator.test.ts +0 -966
package/tests/unit/coordination/result-saver.test.ts +0 -653
package/tests/unit/coordination/task-executor.test.ts +0 -810
package/tests/unit/domains/chaos-resilience/chaos-engineer.test.ts +0 -484
package/tests/unit/domains/chaos-resilience/load-tester.test.ts +0 -559
package/tests/unit/domains/chaos-resilience/performance-profiler.test.ts +0 -490
package/tests/unit/domains/code-intelligence/impact-analyzer.test.ts +0 -560
package/tests/unit/domains/code-intelligence/knowledge-graph.test.ts +0 -460
package/tests/unit/domains/code-intelligence/semantic-analyzer.test.ts +0 -584
package/tests/unit/domains/contract-testing/api-compatibility.test.ts +0 -483
package/tests/unit/domains/contract-testing/contract-validator.test.ts +0 -370
package/tests/unit/domains/contract-testing/schema-validator.test.ts +0 -610
package/tests/unit/domains/coverage-analysis/coverage-embedder.test.ts +0 -298
package/tests/unit/domains/coverage-analysis/hnsw-index.test.ts +0 -292
package/tests/unit/domains/coverage-analysis/sublinear-analyzer.test.ts +0 -506
package/tests/unit/domains/defect-intelligence/defect-predictor.test.ts +0 -370
package/tests/unit/domains/defect-intelligence/pattern-learner.test.ts +0 -546
package/tests/unit/domains/defect-intelligence/root-cause-analyzer.test.ts +0 -534
package/tests/unit/domains/learning-optimization/learning-coordinator.test.ts +0 -541
package/tests/unit/domains/learning-optimization/metrics-optimizer.test.ts +0 -552
package/tests/unit/domains/learning-optimization/production-intel.test.ts +0 -589
package/tests/unit/domains/learning-optimization/transfer-specialist.test.ts +0 -453
package/tests/unit/domains/quality-assessment/coherence-gate.test.ts +0 -1006
package/tests/unit/domains/quality-assessment/deployment-advisor.test.ts +0 -515
package/tests/unit/domains/quality-assessment/quality-analyzer.test.ts +0 -401
package/tests/unit/domains/quality-assessment/quality-gate.test.ts +0 -324
package/tests/unit/domains/requirements-validation/bdd-scenario-writer.test.ts +0 -479
package/tests/unit/domains/requirements-validation/requirements-validator.test.ts +0 -452
package/tests/unit/domains/requirements-validation/testability-scorer.test.ts +0 -505
package/tests/unit/domains/security-compliance/compliance-validator.test.ts +0 -500
package/tests/unit/domains/security-compliance/security-auditor.test.ts +0 -498
package/tests/unit/domains/security-compliance/security-scanner.test.ts +0 -412
package/tests/unit/domains/visual-accessibility/accessibility-tester.test.ts +0 -432
package/tests/unit/domains/visual-accessibility/responsive-tester.test.ts +0 -506
package/tests/unit/domains/visual-accessibility/visual-tester.test.ts +0 -412
package/tests/unit/early-exit/early-exit-controller.test.ts +0 -548
package/tests/unit/early-exit/early-exit-decision.test.ts +0 -617
package/tests/unit/early-exit/index.test.ts +0 -254
package/tests/unit/early-exit/quality-signal.test.ts +0 -589
package/tests/unit/early-exit/speculative-executor.test.ts +0 -453
package/tests/unit/feedback/coverage-learner.test.ts +0 -288
package/tests/unit/feedback/feedback-loop.test.ts +0 -458
package/tests/unit/feedback/pattern-promotion.test.ts +0 -390
package/tests/unit/feedback/quality-score-calculator.test.ts +0 -364
package/tests/unit/feedback/test-outcome-tracker.test.ts +0 -243
package/tests/unit/init/init-wizard.test.ts +0 -881
package/tests/unit/init/project-analyzer.test.ts +0 -807
package/tests/unit/init/self-configurator.test.ts +0 -493
package/tests/unit/integrations/ruvector/ast-complexity.test.ts +0 -240
package/tests/unit/integrations/ruvector/coverage-router.test.ts +0 -366
package/tests/unit/integrations/ruvector/diff-risk-classifier.test.ts +0 -340
package/tests/unit/integrations/ruvector/graph-boundaries.test.ts +0 -355
package/tests/unit/integrations/ruvector/q-learning-router.test.ts +0 -314
package/tests/unit/kernel/agent-coordinator.test.ts +0 -220
package/tests/unit/kernel/event-bus.test.ts +0 -197
package/tests/unit/learning/qe-reasoning-bank.test.ts +0 -666
package/tests/unit/learning/real-qe-reasoning-bank.benchmark.test.ts +0 -415
package/tests/unit/mcp/mcp-server.test.ts +0 -544
package/tests/unit/mcp/metrics/metrics-collector.test.ts +0 -340
package/tests/unit/mcp/security/cve-prevention.test.ts +0 -512
package/tests/unit/mcp/security/oauth21-provider.test.ts +0 -624
package/tests/unit/mcp/security/rate-limiter.test.ts +0 -410
package/tests/unit/mcp/security/sampling-server.test.ts +0 -420
package/tests/unit/mcp/security/schema-validator.test.ts +0 -494
package/tests/unit/mcp/tools/base.test.ts +0 -336
package/tests/unit/mcp/tools/domain-tools.test.ts +0 -759
package/tests/unit/mcp/tools/registry.test.ts +0 -240
package/tests/unit/neural-optimizer/replay-buffer.test.ts +0 -403
package/tests/unit/neural-optimizer/swarm-topology.test.ts +0 -473
package/tests/unit/neural-optimizer/topology-optimizer.test.ts +0 -595
package/tests/unit/neural-optimizer/value-network.test.ts +0 -343
package/tests/unit/optimization/auto-tuner.test.ts +0 -506
package/tests/unit/optimization/metric-collectors.test.ts +0 -352
package/tests/unit/optimization/qe-workers.test.ts +0 -407
package/tests/unit/optimization/tuning-algorithm.test.ts +0 -467
package/tests/unit/routing/qe-agent-registry.test.ts +0 -229
package/tests/unit/routing/qe-task-router.test.ts +0 -390
package/tests/unit/routing/routing-feedback.test.ts +0 -339
package/tests/unit/shared/embeddings/nomic-embedder.test.ts +0 -419
package/tests/unit/shared/http/http-client.test.ts +0 -719
package/tests/unit/shared/io/file-reader.test.ts +0 -511
package/tests/unit/shared/llm/cache.test.ts +0 -391
package/tests/unit/shared/llm/circuit-breaker.test.ts +0 -293
package/tests/unit/shared/llm/cost-tracker.test.ts +0 -431
package/tests/unit/shared/llm/provider-manager.test.ts +0 -550
package/tests/unit/shared/llm/providers.test.ts +0 -532
package/tests/unit/shared/parsers/typescript-parser.test.ts +0 -693
package/tests/unit/shared/value-objects.test.ts +0 -184
package/tests/unit/strange-loop/strange-loop.test.ts +0 -1170
package/tests/unit/workers/base-worker.test.ts +0 -341
package/tests/unit/workers/daemon.test.ts +0 -291
package/tests/unit/workers/worker-manager.test.ts +0 -284
package/tsconfig.json +0 -32
package/vitest.config.ts +0 -27

package/assets/skills/security-testing/SKILL.md ADDED Viewed

@@ -0,0 +1,306 @@
+---
+name: security-testing
+description: "Test for security vulnerabilities using OWASP principles. Use when conducting security audits, testing auth, or implementing security practices."
+category: specialized-testing
+priority: critical
+tokenEstimate: 1200
+agents: [qe-security-scanner, qe-api-contract-validator, qe-quality-analyzer]
+implementation_status: optimized
+optimization_version: 1.0
+last_optimized: 2025-12-02
+dependencies: []
+quick_reference_card: true
+tags: [security, owasp, sast, dast, vulnerabilities, auth, injection]
+---
+# Security Testing
+<default_to_action>
+When testing security or conducting audits:
+1. TEST OWASP Top 10 vulnerabilities systematically
+2. VALIDATE authentication and authorization on every endpoint
+3. SCAN dependencies for known vulnerabilities (npm audit)
+4. CHECK for injection attacks (SQL, XSS, command)
+5. VERIFY secrets aren't exposed in code/logs
+**Quick Security Checks:**
+- Access control → Test horizontal/vertical privilege escalation
+- Crypto → Verify password hashing, HTTPS, no sensitive data exposed
+- Injection → Test SQL injection, XSS, command injection
+- Auth → Test weak passwords, session fixation, MFA enforcement
+- Config → Check error messages don't leak info
+**Critical Success Factors:**
+- Think like an attacker, build like a defender
+- Security is built in, not added at the end
+- Test continuously in CI/CD, not just before release
+</default_to_action>
+## Quick Reference Card
+### When to Use
+- Security audits and penetration testing
+- Testing authentication/authorization
+- Validating input sanitization
+- Reviewing security configuration
+### OWASP Top 10 (2021)
+| # | Vulnerability | Key Test |
+|---|---------------|----------|
+| 1 | Broken Access Control | User A accessing User B's data |
+| 2 | Cryptographic Failures | Plaintext passwords, HTTP |
+| 3 | Injection | SQL/XSS/command injection |
+| 4 | Insecure Design | Rate limiting, session timeout |
+| 5 | Security Misconfiguration | Verbose errors, exposed /admin |
+| 6 | Vulnerable Components | npm audit, outdated packages |
+| 7 | Auth Failures | Weak passwords, no MFA |
+| 8 | Integrity Failures | Unsigned updates, malware |
+| 9 | Logging Failures | No audit trail for breaches |
+| 10 | SSRF | Server fetching internal URLs |
+### Tools
+| Type | Tool | Purpose |
+|------|------|---------|
+| SAST | SonarQube, Semgrep | Static code analysis |
+| DAST | OWASP ZAP, Burp | Dynamic scanning |
+| Deps | npm audit, Snyk | Dependency vulnerabilities |
+| Secrets | git-secrets, TruffleHog | Secret scanning |
+### Agent Coordination
+- `qe-security-scanner`: Multi-layer SAST/DAST scanning
+- `qe-api-contract-validator`: API security testing
+- `qe-quality-analyzer`: Security code review
+---
+## Key Vulnerability Tests
+### 1. Broken Access Control
+```javascript
+// Horizontal escalation - User A accessing User B's data
+test('user cannot access another user\'s order', async () => {
+  const userAToken = await login('userA');
+  const userBOrder = await createOrder('userB');
+  const response = await api.get(`/orders/${userBOrder.id}`, {
+    headers: { Authorization: `Bearer ${userAToken}` }
+  });
+  expect(response.status).toBe(403);
+});
+// Vertical escalation - Regular user accessing admin
+test('regular user cannot access admin', async () => {
+  const userToken = await login('regularUser');
+  expect((await api.get('/admin/users', {
+    headers: { Authorization: `Bearer ${userToken}` }
+  })).status).toBe(403);
+});
+```
+### 2. Injection Attacks
+```javascript
+// SQL Injection
+test('prevents SQL injection', async () => {
+  const malicious = "' OR '1'='1";
+  const response = await api.get(`/products?search=${malicious}`);
+  expect(response.body.length).toBeLessThan(100); // Not all products
+});
+// XSS
+test('sanitizes HTML output', async () => {
+  const xss = '<script>alert("XSS")</script>';
+  await api.post('/comments', { text: xss });
+  const html = (await api.get('/comments')).body;
+  expect(html).toContain('&lt;script&gt;');
+  expect(html).not.toContain('<script>');
+});
+```
+### 3. Cryptographic Failures
+```javascript
+test('passwords are hashed', async () => {
+  await db.users.create({ email: 'test@example.com', password: 'MyPassword123' });
+  const user = await db.users.findByEmail('test@example.com');
+  expect(user.password).not.toBe('MyPassword123');
+  expect(user.password).toMatch(/^\$2[aby]\$\d{2}\$/); // bcrypt
+});
+test('no sensitive data in API response', async () => {
+  const response = await api.get('/users/me');
+  expect(response.body).not.toHaveProperty('password');
+  expect(response.body).not.toHaveProperty('ssn');
+});
+```
+### 4. Security Misconfiguration
+```javascript
+test('errors don\'t leak sensitive info', async () => {
+  const response = await api.post('/login', { email: 'nonexistent@test.com', password: 'wrong' });
+  expect(response.body.error).toBe('Invalid credentials'); // Generic message
+});
+test('sensitive endpoints not exposed', async () => {
+  const endpoints = ['/debug', '/.env', '/.git', '/admin'];
+  for (let ep of endpoints) {
+    expect((await fetch(`https://example.com${ep}`)).status).not.toBe(200);
+  }
+});
+```
+### 5. Rate Limiting
+```javascript
+test('rate limiting prevents brute force', async () => {
+  const responses = [];
+  for (let i = 0; i < 20; i++) {
+    responses.push(await api.post('/login', { email: 'test@example.com', password: 'wrong' }));
+  }
+  expect(responses.filter(r => r.status === 429).length).toBeGreaterThan(0);
+});
+```
+---
+## Security Checklist
+### Authentication
+- [ ] Strong password requirements (12+ chars)
+- [ ] Password hashing (bcrypt, scrypt, Argon2)
+- [ ] MFA for sensitive operations
+- [ ] Account lockout after failed attempts
+- [ ] Session ID changes after login
+- [ ] Session timeout
+### Authorization
+- [ ] Check authorization on every request
+- [ ] Least privilege principle
+- [ ] No horizontal escalation
+- [ ] No vertical escalation
+### Data Protection
+- [ ] HTTPS everywhere
+- [ ] Encrypted at rest
+- [ ] Secrets not in code/logs
+- [ ] PII compliance (GDPR)
+### Input Validation
+- [ ] Server-side validation
+- [ ] Parameterized queries (no SQL injection)
+- [ ] Output encoding (no XSS)
+- [ ] Rate limiting
+---
+## CI/CD Integration
+```yaml
+# GitHub Actions
+security-checks:
+  steps:
+    - name: Dependency audit
+      run: npm audit --audit-level=high
+    - name: SAST scan
+      run: npm run sast
+    - name: Secret scan
+      uses: trufflesecurity/trufflehog@main
+    - name: DAST scan
+      if: github.ref == 'refs/heads/main'
+      run: docker run owasp/zap2docker-stable zap-baseline.py -t https://staging.example.com
+```
+**Pre-commit hooks:**
+```bash
+#!/bin/sh
+git-secrets --scan
+npm run lint:security
+```
+---
+## Agent-Assisted Security Testing
+```typescript
+// Comprehensive multi-layer scan
+await Task("Security Scan", {
+  target: 'src/',
+  layers: { sast: true, dast: true, dependencies: true, secrets: true },
+  severity: ['critical', 'high', 'medium']
+}, "qe-security-scanner");
+// OWASP Top 10 testing
+await Task("OWASP Scan", {
+  categories: ['broken-access-control', 'injection', 'cryptographic-failures'],
+  depth: 'comprehensive'
+}, "qe-security-scanner");
+// Validate fix
+await Task("Validate Fix", {
+  vulnerability: 'CVE-2024-12345',
+  expectedResolution: 'upgrade package to v2.0.0',
+  retestAfterFix: true
+}, "qe-security-scanner");
+```
+---
+## Agent Coordination Hints
+### Memory Namespace
+```
+aqe/security/
+├── scans/*           - Scan results
+├── vulnerabilities/* - Found vulnerabilities
+├── fixes/*           - Remediation tracking
+└── compliance/*      - Compliance status
+```
+### Fleet Coordination
+```typescript
+const securityFleet = await FleetManager.coordinate({
+  strategy: 'security-testing',
+  agents: [
+    'qe-security-scanner',
+    'qe-api-contract-validator',
+    'qe-quality-analyzer',
+    'qe-deployment-readiness'
+  ],
+  topology: 'parallel'
+});
+```
+---
+## Common Mistakes
+### ❌ Security by Obscurity
+Hiding admin at `/super-secret-admin` → **Use proper auth**
+### ❌ Client-Side Validation Only
+JavaScript validation can be bypassed → **Always validate server-side**
+### ❌ Trusting User Input
+Assuming input is safe → **Sanitize, validate, escape all input**
+### ❌ Hardcoded Secrets
+API keys in code → **Environment variables, secret management**
+---
+## Related Skills
+- [agentic-quality-engineering](../agentic-quality-engineering/) - Security with agents
+- [api-testing-patterns](../api-testing-patterns/) - API security testing
+- [compliance-testing](../compliance-testing/) - GDPR, HIPAA, SOC2
+---
+## Remember
+**Think like an attacker:** What would you try to break? Test that.
+**Build like a defender:** Assume input is malicious until proven otherwise.
+**Test continuously:** Security testing is ongoing, not one-time.
+**With Agents:** Agents automate vulnerability scanning, track remediation, and validate fixes. Use agents to maintain security posture at scale.

package/assets/skills/sherlock-review/SKILL.md ADDED Viewed

@@ -0,0 +1,250 @@
+---
+name: sherlock-review
+description: "Evidence-based investigative code review using deductive reasoning to determine what actually happened versus what was claimed. Use when verifying implementation claims, investigating bugs, validating fixes, or conducting root cause analysis. Elementary approach to finding truth through systematic observation."
+category: quality-review
+priority: high
+tokenEstimate: 1100
+agents: [qe-code-reviewer, qe-security-auditor, qe-performance-validator]
+implementation_status: optimized
+optimization_version: 1.0
+last_optimized: 2025-12-03
+dependencies: []
+quick_reference_card: true
+tags: [investigation, evidence-based, code-review, root-cause, deduction]
+---
+# Sherlock Review
+<default_to_action>
+When investigating code claims:
+1. OBSERVE: Gather all evidence (code, tests, history, behavior)
+2. DEDUCE: What does evidence actually show vs. what was claimed?
+3. ELIMINATE: Rule out what cannot be true
+4. CONCLUDE: Does evidence support the claim?
+5. DOCUMENT: Findings with proof, not assumptions
+**The 3-Step Investigation:**
+```bash
+# 1. OBSERVE: Gather evidence
+git diff <commit>
+npm test -- --coverage
+# 2. DEDUCE: Compare claim vs reality
+# Does code match description?
+# Do tests prove the fix/feature?
+# 3. CONCLUDE: Verdict with evidence
+# SUPPORTED / PARTIALLY SUPPORTED / NOT SUPPORTED
+```
+**Holmesian Principles:**
+- "Data! Data! Data!" - Collect before concluding
+- "Eliminate the impossible" - What cannot be true?
+- "You see, but do not observe" - Run code, don't just read
+- Trust only reproducible evidence
+</default_to_action>
+## Quick Reference Card
+### Evidence Collection Checklist
+| Category | What to Check | How |
+|----------|---------------|-----|
+| **Claim** | PR description, commit messages | Read thoroughly |
+| **Code** | Actual file changes | `git diff` |
+| **Tests** | Coverage, assertions | Run independently |
+| **Behavior** | Runtime output | Execute locally |
+| **Timeline** | When things happened | `git log`, `git blame` |
+### Verdict Levels
+| Verdict | Meaning |
+|---------|---------|
+| ✓ **TRUE** | Evidence fully supports claim |
+| ⚠ **PARTIALLY TRUE** | Claim accurate but incomplete |
+| ✗ **FALSE** | Evidence contradicts claim |
+| ? **NONSENSICAL** | Claim doesn't apply to context |
+---
+## Investigation Template
+```markdown
+## Sherlock Investigation: [Claim]
+### The Claim
+"[What PR/commit claims to do]"
+### Evidence Examined
+- Code changes: [files, lines]
+- Tests added: [count, coverage]
+- Behavior observed: [what actually happens]
+### Deductive Analysis
+**Claim**: [specific assertion]
+**Evidence**: [what you found]
+**Deduction**: [logical conclusion]
+**Verdict**: ✓/⚠/✗
+### Findings
+- What works: [with evidence]
+- What doesn't: [with evidence]
+- What's missing: [gaps in implementation/testing]
+### Recommendations
+1. [Action based on findings]
+```
+---
+## Investigation Scenarios
+### Scenario 1: "This Fixed the Bug"
+**Steps:**
+1. Reproduce bug on commit before fix
+2. Verify bug is gone on commit with fix
+3. Check if fix addresses root cause or symptom
+4. Test edge cases not in original report
+**Red Flags:**
+- Fix that just removes error logging
+- Works only for specific test case
+- Workarounds instead of root cause fix
+- No regression test added
+### Scenario 2: "Improved Performance by 50%"
+**Steps:**
+1. Run benchmark on baseline commit
+2. Run same benchmark on optimized commit
+3. Compare in identical conditions
+4. Verify measurement methodology
+**Red Flags:**
+- Tested only on toy data
+- Different comparison conditions
+- Trade-offs not mentioned
+### Scenario 3: "Handles All Edge Cases"
+**Steps:**
+1. List all edge cases in code path
+2. Check each has test coverage
+3. Test boundary conditions
+4. Verify error handling paths
+**Red Flags:**
+- `catch {}` swallowing errors
+- Generic error messages
+- No logging of critical errors
+---
+## Example Investigation
+```markdown
+## Case: PR #123 "Fix race condition in async handler"
+### Claims Examined:
+1. "Eliminates race condition"
+2. "Adds mutex locking"
+3. "100% thread safe"
+### Evidence:
+- File: src/handlers/async-handler.js
+- Changes: Added `async/await`, removed callbacks
+- Tests: 2 new tests for async flow
+- Coverage: 85% (was 75%)
+### Analysis:
+**Claim 1: "Eliminates race condition"**
+Evidence: Added `await` to sequential operations. No actual mutex.
+Deduction: Race avoided by removing concurrency, not synchronization.
+Verdict: ⚠ PARTIALLY TRUE (solved differently than claimed)
+**Claim 2: "Adds mutex locking"**
+Evidence: No mutex library, no lock variables, no sync primitives.
+Verdict: ✗ FALSE
+**Claim 3: "100% thread safe"**
+Evidence: JavaScript is single-threaded. No worker threads used.
+Verdict: ? NONSENSICAL (meaningless in this context)
+### Conclusion:
+Fix works but not for reasons claimed. Race condition avoided by
+making operations sequential, not by adding synchronization.
+### Recommendations:
+1. Update PR description to accurately reflect solution
+2. Add test for concurrent request handling
+3. Remove incorrect technical claims
+```
+---
+## Agent Integration
+```typescript
+// Evidence-based code review
+await Task("Sherlock Review", {
+  prNumber: 123,
+  claims: [
+    "Fixes memory leak",
+    "Improves performance 30%"
+  ],
+  verifyReproduction: true,
+  testEdgeCases: true
+}, "qe-code-reviewer");
+// Bug fix verification
+await Task("Verify Fix", {
+  bugCommit: 'abc123',
+  fixCommit: 'def456',
+  reproductionSteps: steps,
+  testBoundaryConditions: true
+}, "qe-code-reviewer");
+```
+---
+## Agent Coordination Hints
+### Memory Namespace
+```
+aqe/sherlock/
+├── investigations/*   - Investigation reports
+├── evidence/*         - Collected evidence
+├── verdicts/*         - Claim verdicts
+└── patterns/*         - Common deception patterns
+```
+### Fleet Coordination
+```typescript
+const investigationFleet = await FleetManager.coordinate({
+  strategy: 'evidence-investigation',
+  agents: [
+    'qe-code-reviewer',        // Code analysis
+    'qe-security-auditor',     // Security claim verification
+    'qe-performance-validator' // Performance claim verification
+  ],
+  topology: 'parallel'
+});
+```
+---
+## Related Skills
+- [brutal-honesty-review](../brutal-honesty-review/) - Direct technical criticism
+- [context-driven-testing](../context-driven-testing/) - Adapt to context
+- [bug-reporting-excellence](../bug-reporting-excellence/) - Document findings
+---
+## Remember
+**"It is a capital mistake to theorize before one has data."** Trust only reproducible evidence. Don't trust commit messages, documentation, or "works on my machine."
+**The Sherlock Standard:** Every claim must be verified empirically. What does the evidence actually show?