@arcadialdev/arcality 4.1.0 → 4.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/skills/db-validation-evidence/SKILL.md +43 -0
- package/.agents/skills/db-validation-evidence/agents/openai.yaml +4 -0
- package/.agents/skills/db-validation-evidence/references/mission-patterns.md +130 -0
- package/.agents/skills/evidence-synthesis-reporting/SKILL.md +31 -0
- package/.agents/skills/form-expert/SKILL.md +98 -0
- package/.agents/skills/investigation-protocol/SKILL.md +56 -0
- package/.agents/skills/mission-generation-reviewer/SKILL.md +25 -0
- package/.agents/skills/modal-master/SKILL.md +46 -0
- package/.agents/skills/native-control-expert/SKILL.md +74 -0
- package/.agents/skills/qa-context-governance/SKILL.md +23 -0
- package/.agents/skills/security-evidence-triage/SKILL.md +23 -0
- package/.agents/skills/test-data-lifecycle/SKILL.md +24 -0
- package/README.md +103 -163
- package/bin/arcality.mjs +25 -25
- package/package.json +75 -75
- package/scripts/edit-config.mjs +843 -0
- package/scripts/gen-and-run.mjs +260 -170
- package/scripts/generate.mjs +236 -236
- package/scripts/init.mjs +47 -47
- package/src/configManager.mjs +13 -13
- package/src/envSetup.ts +229 -205
- package/src/services/codebaseAnalyzer.mjs +59 -59
- package/src/services/databaseValidationService.mjs +598 -0
- package/src/services/executionEvidenceService.mjs +124 -0
- package/src/services/generatedMissionSchema.mjs +76 -76
- package/src/services/generatedMissionStore.mjs +117 -117
- package/src/services/generationContext.mjs +242 -242
- package/src/services/mcpStdioClient.mjs +204 -0
- package/src/services/missionGenerator.mjs +329 -329
- package/src/services/routeDiscovery.mjs +762 -762
- package/tests/_helpers/ArcalityReporter.js +1342 -1255
- package/tests/_helpers/agentic-runner.bundle.spec.js +1377 -244
- package/.agent/skills/form-expert.md +0 -102
- package/.agent/skills/investigation-protocol.md +0 -61
- package/.agent/skills/modal-master.md +0 -41
- package/.agent/skills/native-control-expert.md +0 -82
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: db-validation-evidence
|
|
3
|
+
description: Define, review, or execute Arcality mission corroboration against PostgreSQL or an MCP-backed database bridge. Use when a mission must validate database state after UI execution, compare exact field values, verify record existence, protect connection secrets, or reflect database evidence in reports.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# DB Validation Evidence
|
|
7
|
+
|
|
8
|
+
Corroborate business outcomes in the database after the UI flow finishes.
|
|
9
|
+
|
|
10
|
+
## Follow this workflow
|
|
11
|
+
|
|
12
|
+
1. Read `.arcality/db-validations.yaml` before changing mission-level database checks.
|
|
13
|
+
2. Keep raw SQL out of missions. Reference allowlisted `query_id` entries only.
|
|
14
|
+
3. Keep connection strings and credentials in `.env` or local secret stores only.
|
|
15
|
+
4. Prefer read-only queries that return the minimum fields needed for validation.
|
|
16
|
+
5. Start with two assertion types unless the user explicitly needs more:
|
|
17
|
+
- record existence
|
|
18
|
+
- exact field values
|
|
19
|
+
6. Attach or preserve `database_validation_report` evidence so the HTML report shows the database outcome.
|
|
20
|
+
|
|
21
|
+
## Choose the provider
|
|
22
|
+
|
|
23
|
+
- Use direct PostgreSQL when the local runner can reach the database and the query catalog is enough.
|
|
24
|
+
- Use MCP when the team already has a PostgreSQL MCP server, wants centralized access policy, or needs a custom tool contract.
|
|
25
|
+
|
|
26
|
+
## Author mission validations carefully
|
|
27
|
+
|
|
28
|
+
- Use one validation per business expectation.
|
|
29
|
+
- Name validations in business language, not technical shorthand.
|
|
30
|
+
- Pass only the parameters needed by the allowlisted query.
|
|
31
|
+
- Fail the mission when the UI result and database result contradict each other.
|
|
32
|
+
|
|
33
|
+
## Add or review query catalog entries carefully
|
|
34
|
+
|
|
35
|
+
- Keep each query focused on one entity lookup or one business rule.
|
|
36
|
+
- Parameterize dynamic values.
|
|
37
|
+
- Avoid `select *`.
|
|
38
|
+
- Prefer deterministic ordering and explicit limits where the schema allows duplicates.
|
|
39
|
+
- Return stable field names that map cleanly to expected assertions.
|
|
40
|
+
|
|
41
|
+
## Read more when needed
|
|
42
|
+
|
|
43
|
+
- Read [references/mission-patterns.md](references/mission-patterns.md) when defining YAML examples, connection profiles, or rollout priorities.
|
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
# DB validation patterns for Arcality
|
|
2
|
+
|
|
3
|
+
## Scope
|
|
4
|
+
|
|
5
|
+
Use this skill for local Arcality runs that need database corroboration after a mission completes. Keep CI/CD and pipeline concerns out of scope unless the user explicitly reintroduces them.
|
|
6
|
+
|
|
7
|
+
## Preferred rollout order
|
|
8
|
+
|
|
9
|
+
1. Validate record existence.
|
|
10
|
+
2. Validate exact field values.
|
|
11
|
+
3. Add negative validations only when the happy path is stable.
|
|
12
|
+
4. Add broader consistency checks only after the query catalog is trusted.
|
|
13
|
+
|
|
14
|
+
## Recommended secret model
|
|
15
|
+
|
|
16
|
+
Store connection values in `.env` only.
|
|
17
|
+
|
|
18
|
+
```env
|
|
19
|
+
ARCALITY_DB_ENABLED=true
|
|
20
|
+
ARCALITY_DB_PROVIDER=postgres
|
|
21
|
+
ARCALITY_DB_PROFILE=qa_local
|
|
22
|
+
ARCALITY_DB_QA_LOCAL_URL=postgresql://readonly_user:password@host:5432/database?sslmode=require
|
|
23
|
+
ARCALITY_DB_CATALOG=.arcality/db-validations.yaml
|
|
24
|
+
ARCALITY_DB_TIMEOUT_MS=8000
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
For MCP-backed validation:
|
|
28
|
+
|
|
29
|
+
```env
|
|
30
|
+
ARCALITY_DB_ENABLED=true
|
|
31
|
+
ARCALITY_DB_PROVIDER=mcp
|
|
32
|
+
ARCALITY_DB_PROFILE=qa_local
|
|
33
|
+
ARCALITY_DB_CATALOG=.arcality/db-validations.yaml
|
|
34
|
+
ARCALITY_DB_MCP_CONFIG=.arcality/mcp.postgres.json
|
|
35
|
+
ARCALITY_DB_TIMEOUT_MS=8000
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
Do not place credentials in mission YAML, reports, screenshots, or attachments.
|
|
39
|
+
|
|
40
|
+
## Query preview pattern
|
|
41
|
+
|
|
42
|
+
Before wiring a strict mission assertion, use `preview_db_validation` with the same `query_id` and `params` to confirm:
|
|
43
|
+
|
|
44
|
+
- the provider can connect
|
|
45
|
+
- the query returns the expected entity
|
|
46
|
+
- the returned field names match the intended `expect.fields`
|
|
47
|
+
|
|
48
|
+
Example preview payload:
|
|
49
|
+
|
|
50
|
+
```json
|
|
51
|
+
{
|
|
52
|
+
"name": "preview_cliente_creado",
|
|
53
|
+
"query_id": "client_by_name",
|
|
54
|
+
"params": {
|
|
55
|
+
"name": "Cliente QA 001"
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
## Mission pattern
|
|
61
|
+
|
|
62
|
+
Use mission-level `db_validations` entries with business-oriented names and allowlisted `query_id` values.
|
|
63
|
+
|
|
64
|
+
```yaml
|
|
65
|
+
db_validations:
|
|
66
|
+
- name: cliente_creado_en_bd
|
|
67
|
+
query_id: client_by_name
|
|
68
|
+
params:
|
|
69
|
+
name: "Cliente QA 001"
|
|
70
|
+
expect:
|
|
71
|
+
exists: true
|
|
72
|
+
fields:
|
|
73
|
+
status: "ACTIVE"
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## Query catalog pattern
|
|
77
|
+
|
|
78
|
+
Keep `.arcality/db-validations.yaml` small, reviewable, and read-only in spirit.
|
|
79
|
+
|
|
80
|
+
```yaml
|
|
81
|
+
queries:
|
|
82
|
+
- id: client_by_name
|
|
83
|
+
description: Buscar cliente por nombre exacto
|
|
84
|
+
parameters:
|
|
85
|
+
- name: name
|
|
86
|
+
required: true
|
|
87
|
+
sql: |
|
|
88
|
+
select id, name, status
|
|
89
|
+
from clients
|
|
90
|
+
where name = :name
|
|
91
|
+
order by id desc
|
|
92
|
+
limit 1
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
## When to prefer MCP
|
|
96
|
+
|
|
97
|
+
Prefer MCP when:
|
|
98
|
+
|
|
99
|
+
- the team already uses an approved PostgreSQL MCP server
|
|
100
|
+
- access policy should stay centralized
|
|
101
|
+
- the MCP server exposes audited or pre-shaped tools that fit your environment
|
|
102
|
+
|
|
103
|
+
Prefer direct PostgreSQL when:
|
|
104
|
+
|
|
105
|
+
- the runner already has network access
|
|
106
|
+
- a simple readonly connection is enough
|
|
107
|
+
- you want fewer moving parts during local validation
|
|
108
|
+
|
|
109
|
+
## Report expectations
|
|
110
|
+
|
|
111
|
+
The database result should be visible in the generated evidence. At minimum, preserve:
|
|
112
|
+
|
|
113
|
+
- validation name
|
|
114
|
+
- query id
|
|
115
|
+
- provider used
|
|
116
|
+
- expected existence
|
|
117
|
+
- expected fields
|
|
118
|
+
- actual row presence
|
|
119
|
+
- actual returned fields
|
|
120
|
+
- pass or fail status
|
|
121
|
+
|
|
122
|
+
## First backlog after this skill
|
|
123
|
+
|
|
124
|
+
The next highest-value skills after DB validation are:
|
|
125
|
+
|
|
126
|
+
1. evidence-synthesis-reporting
|
|
127
|
+
2. qa-context-governance
|
|
128
|
+
3. mission-generation-reviewer
|
|
129
|
+
4. test-data-lifecycle
|
|
130
|
+
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: evidence-synthesis-reporting
|
|
3
|
+
description: Normalize Arcality UI, console, network, attachment, and database evidence into one business-readable conclusion. Use when a mission needs a final narrative, contradiction analysis, remediation hints, or a compact summary that merges multiple evidence sources.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Evidence Synthesis Reporting
|
|
7
|
+
|
|
8
|
+
Produce one clear conclusion from mixed evidence.
|
|
9
|
+
|
|
10
|
+
## Follow this workflow
|
|
11
|
+
|
|
12
|
+
1. Start with the business outcome, not the raw telemetry.
|
|
13
|
+
2. Compare UI outcome against database corroboration before declaring success.
|
|
14
|
+
3. Treat console or network errors as supporting evidence, not as the only conclusion.
|
|
15
|
+
4. Call out contradictions explicitly when UI and database disagree.
|
|
16
|
+
5. Prefer short evidence summaries with attachment names, failure reason, and next action.
|
|
17
|
+
6. Redact secrets or sensitive values before including examples in the narrative.
|
|
18
|
+
|
|
19
|
+
## Synthesize in this order
|
|
20
|
+
|
|
21
|
+
1. UI outcome
|
|
22
|
+
2. Database corroboration
|
|
23
|
+
3. Console or network anomalies
|
|
24
|
+
4. Attachments that prove the state
|
|
25
|
+
5. Final user-facing conclusion
|
|
26
|
+
|
|
27
|
+
## Escalate when needed
|
|
28
|
+
|
|
29
|
+
- Mark the run as failed when the UI appears successful but the database validation fails.
|
|
30
|
+
- Mark the run as inconclusive when the evidence is incomplete or contradictory.
|
|
31
|
+
- Add remediation hints only when they are grounded in the captured evidence.
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: form-expert
|
|
3
|
+
description: Metodologia experta para explorar, identificar y llenar formularios complejos en aplicaciones web.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Form Expert Skill
|
|
7
|
+
|
|
8
|
+
Esta habilidad define el protocolo que el agente DEBE seguir cuando la mision involucra llenar, crear o editar registros a traves de formularios.
|
|
9
|
+
|
|
10
|
+
## Principio Fundamental
|
|
11
|
+
**NUNCA interactues con un campo que no hayas inspeccionado primero.** Si un componente tiene un nombre generico, un tag inferred como `[INFERRED]`, o simplemente no estas seguro de que es, usa `inspect_element_details` ANTES de hacer click o fill.
|
|
12
|
+
|
|
13
|
+
## Protocolo de Formularios (4 fases obligatorias)
|
|
14
|
+
|
|
15
|
+
### Fase 1: RECONOCIMIENTO (Scan)
|
|
16
|
+
Antes de llenar cualquier campo, dedica tu primer turno en el formulario a **analizar todos los componentes visibles**:
|
|
17
|
+
|
|
18
|
+
1. **Lee la lista completa de CURRENT COMPONENTS** e identifica:
|
|
19
|
+
- Campos de tipo FIELD (inputs, textareas, selects)
|
|
20
|
+
- Campos con label visible (prioritarios)
|
|
21
|
+
- Campos sin label o con nombre generico (requieren inspeccion)
|
|
22
|
+
- Botones de accion (GUARDAR, CANCELAR, etc.)
|
|
23
|
+
- Tabs o pestanas si el formulario tiene secciones
|
|
24
|
+
|
|
25
|
+
2. **Clasifica los campos** en:
|
|
26
|
+
- Confiables: Tienen un nombre claro como `[input] Titulo del documento`
|
|
27
|
+
- Sospechosos: Tienen nombre generico como `[input] Editar` o `[INFERRED] xxx`
|
|
28
|
+
- Desconocidos: Solo tienen tag generico como `[input]`
|
|
29
|
+
|
|
30
|
+
3. **Para campos sospechosos o desconocidos** usa `inspect_element_details` para obtener:
|
|
31
|
+
- El placeholder text
|
|
32
|
+
- El aria-label
|
|
33
|
+
- El atributo name o id
|
|
34
|
+
- Si esta disabled o readonly
|
|
35
|
+
|
|
36
|
+
### Fase 2: PLANIFICACION (Plan)
|
|
37
|
+
Con la informacion del reconocimiento, planifica la secuencia de acciones:
|
|
38
|
+
|
|
39
|
+
1. **Prioriza los campos obligatorios**. Los que tienen asterisco (`*`), clase `required`, o estan marcados en rojo.
|
|
40
|
+
2. **Genera datos unicos**. Si la mision dice "generico" o "aleatorio", genera datos que incluyan un timestamp o ID unico para evitar duplicados. Ejemplo: `TEST-${timestamp}` o `Prueba QA Feb24`.
|
|
41
|
+
3. **Planifica el orden**. Llena los campos de arriba a abajo, izquierda a derecha, siguiendo el orden del DOM.
|
|
42
|
+
|
|
43
|
+
### Fase 3: EJECUCION (Act)
|
|
44
|
+
Ejecuta las acciones planificadas:
|
|
45
|
+
|
|
46
|
+
1. **Llena multiples campos por turno**. No pierdas un turno por campo. Agrupa 3-5 fills en una sola llamada a `perform_ui_actions`.
|
|
47
|
+
2. **Para cada campo fill**: click + fill (en ese orden). El click asegura que el campo tiene focus.
|
|
48
|
+
3. **Para dropdowns/selects** usa el protocolo de re-render:
|
|
49
|
+
- **Turno A**: Click para abrir el dropdown, espera el siguiente turno para ver las opciones.
|
|
50
|
+
- **Turno B**: Click en la opcion deseada. Si el formulario requiere llenar mas campos despues de seleccionar (por ejemplo, se habilitan nuevos inputs), deten la secuencia ahi. No agrupes el select con los siguientes fills en el mismo turno porque React puede re-renderizar el DOM y romper los IDs. Espera al Turno C para seguir.
|
|
51
|
+
- Si la seleccion del dropdown era el ultimo paso y ya no hay mas campos que llenar, si puedes hacer click en `Siguiente` o `Guardar` en ese mismo turno.
|
|
52
|
+
4. **Si un fill falla**, no reintentes inmediatamente. Usa `inspect_element_details` para ver si el campo es un select, un datepicker, o tiene un overlay encima.
|
|
53
|
+
|
|
54
|
+
### Fase 4: VERIFICACION (Verify)
|
|
55
|
+
Antes de hacer GUARDAR:
|
|
56
|
+
|
|
57
|
+
1. Usa `validate_element_state` en el boton de GUARDAR para confirmar que esta enabled.
|
|
58
|
+
2. Revisa visualmente si hay campos en rojo o mensajes de error.
|
|
59
|
+
3. Solo entonces haz click en GUARDAR.
|
|
60
|
+
4. Despues de GUARDAR, espera la respuesta de la UI. Si aparece un toast de exito o regresas a la lista, la mision fue exitosa.
|
|
61
|
+
|
|
62
|
+
## Manejo de Errores en Formularios
|
|
63
|
+
|
|
64
|
+
### Si un campo falla con Timeout
|
|
65
|
+
1. No reintentes el mismo click o fill inmediatamente.
|
|
66
|
+
2. Usa `inspect_element_details` en ese IDX.
|
|
67
|
+
3. Analiza si:
|
|
68
|
+
- El elemento esta cubierto por un overlay o modal
|
|
69
|
+
- El elemento es readonly o disabled
|
|
70
|
+
- El IDX cambio porque la pagina se re-renderizo
|
|
71
|
+
4. Si el elemento no sirve, busca un campo alternativo con nombre similar.
|
|
72
|
+
|
|
73
|
+
### Si aparece un error de "duplicado" o "ya existe"
|
|
74
|
+
1. Identifica que campo causo el error (claves, codigos, nombres).
|
|
75
|
+
2. Cambia el valor a algo unico (agrega sufijo numerico o timestamp).
|
|
76
|
+
3. Reintenta GUARDAR.
|
|
77
|
+
|
|
78
|
+
### Si el formulario tiene tabs o secciones
|
|
79
|
+
1. Llena los campos de la seccion actual primero.
|
|
80
|
+
2. Identifica el elemento de la pestana. Busca el texto de la pestana (por ejemplo, `CAMPOS DE LA FORMA`) en componentes tipo ACTION.
|
|
81
|
+
3. Evita hacer click en contenedores grandes que agrupan varias pestanas. Prefiere el elemento mas pequeno (span o label) que contenga el texto exacto.
|
|
82
|
+
4. Haz click en la pestana. Si un click simple no funciona tras 2 intentos, usa `double_click`.
|
|
83
|
+
5. Espera el siguiente turno para ver los nuevos campos.
|
|
84
|
+
|
|
85
|
+
## Uso de Double Click
|
|
86
|
+
|
|
87
|
+
Usalo solo cuando:
|
|
88
|
+
- La mision lo pida explicitamente
|
|
89
|
+
- Un elemento, como una pestana o un icono, no responda tras dos intentos de click simple
|
|
90
|
+
- Quieras activar modos de edicion en tablas o componentes complejos
|
|
91
|
+
|
|
92
|
+
## Anti-patrones
|
|
93
|
+
|
|
94
|
+
- No hacer click en un campo `[INFERRED]` sin inspeccionarlo primero
|
|
95
|
+
- No intentar llenar todo el formulario en el primer turno sin saber que campos hay
|
|
96
|
+
- No hacer click en GUARDAR sin haber verificado que los campos estan llenos
|
|
97
|
+
- No reintentar la misma accion fallida sin investigar la causa
|
|
98
|
+
- No asumir que un componente con nombre largo (mas de 50 caracteres) es un campo, probablemente es un contenedor
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: investigation-protocol
|
|
3
|
+
description: Protocolo obligatorio de investigacion cuando una accion falla o un elemento es ambiguo.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Investigation Protocol Skill
|
|
7
|
+
|
|
8
|
+
## Regla de Oro
|
|
9
|
+
**NUNCA reintentes una accion fallida sin investigar primero.** Si algo falla, SIEMPRE ejecuta el protocolo de investigacion antes de intentar de nuevo.
|
|
10
|
+
|
|
11
|
+
## Protocolo de Investigacion
|
|
12
|
+
|
|
13
|
+
### Paso 1: Inspeccion del elemento
|
|
14
|
+
|
|
15
|
+
Usa `inspect_element_details` sobre el elemento que fallo para determinar por que fallo.
|
|
16
|
+
|
|
17
|
+
Revisa en el resultado:
|
|
18
|
+
- Si el elemento es `disabled` o `readonly`
|
|
19
|
+
- Si el elemento esta cubierto por otro (`pointer-events: none`, overlay)
|
|
20
|
+
- Si el elemento es un `<select>` que requiere interaccion diferente a `fill`
|
|
21
|
+
- Si el elemento esta en un iframe diferente (`frameIdx`)
|
|
22
|
+
|
|
23
|
+
### Paso 2: Auditoria de consola
|
|
24
|
+
|
|
25
|
+
Usa `capture_console_errors` para buscar errores JavaScript silenciosos.
|
|
26
|
+
|
|
27
|
+
Si la UI no responde o esta congelada, revisa:
|
|
28
|
+
- Errores de red (`fetch failed`, `404`, `500`)
|
|
29
|
+
- Errores de JS (`TypeError`, `undefined`)
|
|
30
|
+
- Warnings del framework
|
|
31
|
+
|
|
32
|
+
### Paso 3: Captura de evidencia
|
|
33
|
+
|
|
34
|
+
Usa `create_test_evidence` con `type: annotated_screenshot` para documentar el estado actual.
|
|
35
|
+
|
|
36
|
+
Si identificas un bug real de la aplicacion, documentalo con evidencia anotada.
|
|
37
|
+
|
|
38
|
+
### Paso 4: Decision
|
|
39
|
+
|
|
40
|
+
Despues de investigar, toma una de estas decisiones:
|
|
41
|
+
1. **Reintentar con variacion**: Si descubriste que el campo es un select, usa click en vez de fill.
|
|
42
|
+
2. **Buscar alternativa**: Si el elemento esta cubierto, busca otro camino al mismo objetivo.
|
|
43
|
+
3. **Reportar bug**: Si es un bug de la aplicacion, usa `report_application_bug`.
|
|
44
|
+
4. **Reportar incapacidad**: Si no puedes avanzar, usa `report_inability_to_proceed`.
|
|
45
|
+
|
|
46
|
+
## Cuando usar cada herramienta
|
|
47
|
+
|
|
48
|
+
| Situacion | Herramienta | Obligatoria |
|
|
49
|
+
|-----------|-------------|-------------|
|
|
50
|
+
| Accion fallo con Timeout | `inspect_element_details` | Si |
|
|
51
|
+
| Elemento con nombre `[INFERRED]` | `inspect_element_details` | Si |
|
|
52
|
+
| UI no responde o congelada | `capture_console_errors` | Si |
|
|
53
|
+
| Antes de hacer GUARDAR o SAVE | `validate_element_state` | Si |
|
|
54
|
+
| Despues de GUARDAR exitoso | `extract_table_data` | Recomendada |
|
|
55
|
+
| Bug encontrado | `create_test_evidence` | Si |
|
|
56
|
+
| Fin de mision exitosa | `create_test_evidence` | Recomendada |
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: mission-generation-reviewer
|
|
3
|
+
description: Review generated Arcality YAML missions before execution. Use when a mission may contain vague prompts, weak assertions, missing business checkpoints, poor evidence strategy, or unclear need for UI-only versus database-backed validation.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Mission Generation Reviewer
|
|
7
|
+
|
|
8
|
+
Review generated missions before they run.
|
|
9
|
+
|
|
10
|
+
## Follow this workflow
|
|
11
|
+
|
|
12
|
+
1. Check whether the mission objective is specific and observable.
|
|
13
|
+
2. Replace vague success criteria with concrete assertions.
|
|
14
|
+
3. Confirm the mission names the real business checkpoint, not only low-level clicks.
|
|
15
|
+
4. Decide whether the flow needs UI-only validation or additional database corroboration.
|
|
16
|
+
5. Flag missing evidence steps when the mission would be hard to explain after failure.
|
|
17
|
+
6. Keep mission edits small and tied to test intent.
|
|
18
|
+
|
|
19
|
+
## Watch for these gaps
|
|
20
|
+
|
|
21
|
+
- Generic prompts like "validate the page works"
|
|
22
|
+
- Assertions without expected values
|
|
23
|
+
- Missing post-save verification
|
|
24
|
+
- Database validation added without a matching allowlisted query_id
|
|
25
|
+
- Repeated actions that do not prove a business outcome
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: modal-master
|
|
3
|
+
description: Gestion experta de ventanas modales, dialogos y popups en pruebas de QA.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Modal Master Skill
|
|
7
|
+
|
|
8
|
+
Esta habilidad permite al agente detectar, navegar y cerrar ventanas modales de manera eficiente, evitando que el flujo del test se bloquee por elementos superpuestos.
|
|
9
|
+
|
|
10
|
+
## Cuando usar esta habilidad
|
|
11
|
+
|
|
12
|
+
- Cuando el agente realiza una accion y aparece un dialogo de confirmacion
|
|
13
|
+
- Cuando un popup de error o notificacion bloquea el acceso al resto de la pagina
|
|
14
|
+
- Cuando la mision requiere interactuar especificamente con elementos dentro de un modal
|
|
15
|
+
|
|
16
|
+
## Instrucciones para el Agente
|
|
17
|
+
|
|
18
|
+
### 1. Deteccion de Modales
|
|
19
|
+
|
|
20
|
+
Antes de intentar interactuar con un elemento del fondo, verifica si hay un modal activo buscando:
|
|
21
|
+
- Elementos con `role="dialog"` o `role="alertdialog"`
|
|
22
|
+
- Atributos `aria-modal="true"`
|
|
23
|
+
- Overlays oscuros que cubren la pantalla
|
|
24
|
+
- Titulos destacados que no estaban antes de la accion
|
|
25
|
+
|
|
26
|
+
### 2. Prioridad de Interaccion
|
|
27
|
+
|
|
28
|
+
Si un modal esta abierto:
|
|
29
|
+
- **Prioridad 1**: Si el modal es informativo (warning o error), leelo y reportalo en tu pensamiento antes de cerrarlo.
|
|
30
|
+
- **Prioridad 2**: Si el modal es de confirmacion para la accion que acabas de realizar, haz click en el boton afirmativo (por ejemplo, `Aceptar`, `Si`, `Confirmar`).
|
|
31
|
+
- **Prioridad 3**: Si el modal es intrusivo y no permite seguir, busca el boton de cierre (usualmente una `X`, `Cerrar` o `Cancelar`).
|
|
32
|
+
|
|
33
|
+
### 3. Estrategias de Cierre
|
|
34
|
+
|
|
35
|
+
Si no encuentras un boton de cierre claro:
|
|
36
|
+
- Busca botones con clases `close`, `btn-close` o que tengan un icono dentro
|
|
37
|
+
- Usa `send_keyboard_event` con key `Escape`
|
|
38
|
+
- Verifica si el modal desaparece al hacer click en el backdrop
|
|
39
|
+
|
|
40
|
+
### 4. Flujo de Trabajo
|
|
41
|
+
|
|
42
|
+
1. Accion: click en `Eliminar`
|
|
43
|
+
2. Scan: detecta un modal con texto tipo `Estas seguro?`
|
|
44
|
+
3. Validacion: usa `validate_element_state` para verificar que el boton destructivo o confirmatorio es visible dentro del modal
|
|
45
|
+
4. Ejecucion: click en el boton del modal
|
|
46
|
+
5. Verificacion: espera a que el modal desaparezca antes de continuar
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: native-control-expert
|
|
3
|
+
description: Protocolo experto para interactuar con controles nativos del navegador (time pickers, date pickers, selects, etc.).
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Native Control Expert Skill
|
|
7
|
+
|
|
8
|
+
Esta habilidad define el protocolo que el agente DEBE seguir cuando la mision involucra interactuar con controles nativos del navegador que no responden bien a la accion estandar `fill`.
|
|
9
|
+
|
|
10
|
+
## Controles Nativos que requieren esta skill
|
|
11
|
+
|
|
12
|
+
| Control | Ejemplo | Accion preferida |
|
|
13
|
+
|---------|---------|------------------|
|
|
14
|
+
| `<input type="time">` | Campo de hora `HH:mm` | `interact_native_control` con `control_type: "time"` |
|
|
15
|
+
| `<input type="date">` | Campo de fecha `YYYY-MM-DD` | `interact_native_control` con `control_type: "date"` |
|
|
16
|
+
| `<input type="datetime-local">` | Fecha y hora combinados | `interact_native_control` con `control_type: "datetime"` |
|
|
17
|
+
| `<input type="color">` | Selector de color | `interact_native_control` con `control_type: "color"` |
|
|
18
|
+
| `<input type="range">` | Slider numerico | `interact_native_control` con `control_type: "range"` |
|
|
19
|
+
| `<select>` nativo | Dropdown estandar HTML | `interact_native_control` con `control_type: "select"` |
|
|
20
|
+
| Combobox o autocomplete | Campos con `role="combobox"` | `click` + `fill` + `send_keyboard_event` |
|
|
21
|
+
| Time picker con dialogo | Campos que abren popup al hacer click | `send_keyboard_event` con arrows |
|
|
22
|
+
|
|
23
|
+
## Protocolo de Interaccion con Time Pickers
|
|
24
|
+
|
|
25
|
+
### Lo que no debes hacer
|
|
26
|
+
|
|
27
|
+
- No intentar `fill` repetidamente si falla la primera vez
|
|
28
|
+
- No hacer click una y otra vez sin cambiar de estrategia
|
|
29
|
+
- No asumir que un time picker funciona como un input de texto normal
|
|
30
|
+
|
|
31
|
+
### Estrategia 1: `interact_native_control`
|
|
32
|
+
|
|
33
|
+
1. Usa `inspect_element_details` para confirmar que es `type="time"`.
|
|
34
|
+
2. Usa `interact_native_control` con `control_type: "time"` y un valor como `13:05`.
|
|
35
|
+
3. Verifica el resultado.
|
|
36
|
+
|
|
37
|
+
### Estrategia 2: Keyboard Navigation
|
|
38
|
+
|
|
39
|
+
1. Haz click en el campo de hora.
|
|
40
|
+
2. Usa `send_keyboard_event` con `Control+a` para seleccionar todo.
|
|
41
|
+
3. Escribe los digitos del tiempo.
|
|
42
|
+
4. Para `13:05`, envia las teclas `1`, `3`, `0`, `5`.
|
|
43
|
+
5. Usa `Tab` para navegar al siguiente campo.
|
|
44
|
+
|
|
45
|
+
### Estrategia 3: Arrow Keys
|
|
46
|
+
|
|
47
|
+
1. Haz click en el segmento de horas del campo.
|
|
48
|
+
2. Usa `ArrowUp` o `ArrowDown` para ajustar la hora.
|
|
49
|
+
3. Usa `Tab` para mover al segmento de minutos.
|
|
50
|
+
4. Repite con `ArrowUp` o `ArrowDown` para minutos.
|
|
51
|
+
|
|
52
|
+
## Protocolo de Interaccion con Date Pickers
|
|
53
|
+
|
|
54
|
+
1. Confirma con `inspect_element_details` que es `type="date"`.
|
|
55
|
+
2. Usa `interact_native_control` con `control_type: "date"` y valor `YYYY-MM-DD`.
|
|
56
|
+
|
|
57
|
+
## Deteccion
|
|
58
|
+
|
|
59
|
+
Activa esta skill cuando:
|
|
60
|
+
1. Ves un componente FIELD cuyo nombre incluye `HH:mm`, `hora` o `time`
|
|
61
|
+
2. Un campo tiene `role="combobox"` y `aria-expanded`
|
|
62
|
+
3. Un `fill()` falla en un campo de fecha u hora
|
|
63
|
+
4. El inspector muestra `type="time"` o `type="date"`
|
|
64
|
+
|
|
65
|
+
## Keyboard shortcuts utiles
|
|
66
|
+
|
|
67
|
+
| Tecla | Efecto |
|
|
68
|
+
|-------|--------|
|
|
69
|
+
| `Tab` | Mover al siguiente segmento |
|
|
70
|
+
| `ArrowUp` | Incrementar valor |
|
|
71
|
+
| `ArrowDown` | Decrementar valor |
|
|
72
|
+
| `Escape` | Cerrar dropdown o calendar |
|
|
73
|
+
| `Enter` | Confirmar seleccion |
|
|
74
|
+
| `Control+a` | Seleccionar todo |
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: qa-context-governance
|
|
3
|
+
description: Govern .arcality/qa-context.md and .arcality/qa-context.meta.json so Arcality uses fresh, owned, and reviewable customer rules. Use when validating context completeness, metadata quality, enforcement mode, stale guidance, or conflicts between local rules and observed behavior.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# QA Context Governance
|
|
7
|
+
|
|
8
|
+
Keep local QA context usable, current, and reviewable.
|
|
9
|
+
|
|
10
|
+
## Follow this workflow
|
|
11
|
+
|
|
12
|
+
1. Read both .arcality/qa-context.md and .arcality/qa-context.meta.json together.
|
|
13
|
+
2. Confirm ownership, version, updated_by, owner_team, and change_summary before trusting the context.
|
|
14
|
+
3. Separate real business rules from placeholders, examples, or stale notes.
|
|
15
|
+
4. Warn when context exists without governance metadata.
|
|
16
|
+
5. Escalate when strict governance is enabled and required metadata is incomplete.
|
|
17
|
+
6. Prefer small, auditable updates over broad rewrites.
|
|
18
|
+
|
|
19
|
+
## Resolve conflicts carefully
|
|
20
|
+
|
|
21
|
+
- If local context contradicts observed application behavior, report the contradiction instead of silently trusting one side.
|
|
22
|
+
- If context is incomplete, fall back to base heuristics but make the gap visible.
|
|
23
|
+
- If the user asks to change governance mode, preserve the current files and only adjust the enforcement decision.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: security-evidence-triage
|
|
3
|
+
description: Triage security-related evidence captured by Arcality into confirmed findings, suspicious signals, or unsupported noise. Use when reviewing console errors, headers, reflected payloads, auth bypass behavior, or mixed signals from the existing security QA tools.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Security Evidence Triage
|
|
7
|
+
|
|
8
|
+
Classify security evidence before escalating it.
|
|
9
|
+
|
|
10
|
+
## Follow this workflow
|
|
11
|
+
|
|
12
|
+
1. Separate a confirmed vulnerability from a suspicious signal.
|
|
13
|
+
2. Tie every claim to at least one concrete artifact: screenshot, response, console output, storage evidence, or replayable step.
|
|
14
|
+
3. Record severity and confidence independently.
|
|
15
|
+
4. Downgrade findings that lack proof of exploitability.
|
|
16
|
+
5. Preserve raw payload details only when they are necessary for reproduction.
|
|
17
|
+
6. Prefer a short reproduction note plus evidence list over a long speculative explanation.
|
|
18
|
+
|
|
19
|
+
## Use these categories
|
|
20
|
+
|
|
21
|
+
- Confirmed: reproducible and supported by direct evidence
|
|
22
|
+
- Suspected: credible signal but incomplete proof
|
|
23
|
+
- Noise: no reliable reproduction or benign explanation found
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: test-data-lifecycle
|
|
3
|
+
description: Define safe Arcality patterns for creating, reusing, locating, and cleaning test data across missions. Use when reducing flaky validations caused by shared records, deciding whether to reuse existing entities, or planning setup and cleanup responsibilities.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Test Data Lifecycle
|
|
7
|
+
|
|
8
|
+
Keep test data deterministic and reviewable.
|
|
9
|
+
|
|
10
|
+
## Follow this workflow
|
|
11
|
+
|
|
12
|
+
1. Decide whether the mission should create fresh data or reuse an existing fixture.
|
|
13
|
+
2. Prefer unique, traceable values when the application allows duplicate records.
|
|
14
|
+
3. Record how the mission will locate the target record again for UI or DB validation.
|
|
15
|
+
4. Avoid shared mutable data unless the mission explicitly tests shared workflows.
|
|
16
|
+
5. Add cleanup steps only when they are reliable and proportional to the risk.
|
|
17
|
+
6. Document when cleanup is intentionally skipped and why.
|
|
18
|
+
|
|
19
|
+
## Prefer these patterns
|
|
20
|
+
|
|
21
|
+
- Unique suffixes for names or codes
|
|
22
|
+
- Read-only lookup queries for corroboration
|
|
23
|
+
- Cleanup by deterministic identifier
|
|
24
|
+
- Reuse only when the record is stable and part of the scenario
|