npm - @nano-step/skill-manager - Versions diffs - 5.4.0 → 5.4.2 - Mend

@nano-step/skill-manager 5.4.0 → 5.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +14 -3
package/dist/utils.d.ts +1 -1
package/dist/utils.js +1 -1
package/package.json +1 -1
package/skills/feature-analysis/SKILL.md +0 -290
package/skills/feature-analysis/skill.json +0 -15
package/skills/rri-t-testing/SKILL.md +0 -76
package/skills/rri-t-testing/assets/rri-t-coverage-dashboard.md +0 -101
package/skills/rri-t-testing/assets/rri-t-persona-interview.md +0 -226
package/skills/rri-t-testing/assets/rri-t-stress-matrix.md +0 -100
package/skills/rri-t-testing/assets/rri-t-test-case.md +0 -155
package/skills/rri-t-testing/skill.json +0 -9

package/README.md CHANGED Viewed

@@ -26,20 +26,20 @@ npx @nano-step/skill-manager install --all
 | `update [name]` | Update one or all installed skills |
 | `installed` | Show currently installed skills |
-## Available Skills (17)
+## Available Skills (15 public + 6 private)
+### Public Skills (bundled in npm)
 | Skill | Description |
 |-------|-------------|
 | `blog-workflow` | Generate SEO-optimized blog posts for dev.to, Medium, LinkedIn, Hashnode |
 | `comprehensive-feature-builder` | Systematic 5-phase workflow for researching, designing, implementing, and testing features |
-| `feature-analysis` | Deep code analysis with execution tracing, data transformation audits, and gap analysis |
 | `graphql-inspector` | GraphQL schema inspection with progressive discovery workflow |
 | `idea-workflow` | Analyze source code and produce monetization strategy with execution blueprint |
 | `mermaid-validator` | Validate Mermaid diagram syntax — enforces rules that prevent parse errors |
 | `nano-brain` | Persistent memory for AI agents — hybrid search across sessions, codebase, and notes |
 | `pdf` | PDF manipulation toolkit — extract, create, merge, split, OCR, fill forms, watermark |
 | `reddit-workflow` | Draft Reddit posts optimized for subreddit rules, tone, and spam filters |
-| `rri-t-testing` | RRI-T QA methodology — 5-phase testing with 7 dimensions, 5 personas, and release gates |
 | `rtk` | Token optimizer — wraps CLI commands with rtk to reduce token consumption by 60-90% |
 | `rtk-setup` | One-time RTK setup + ongoing enforcement across sessions and subagents |
 | `security-workflow` | OWASP Top 10 security audit with CVE scanning and prioritized hardening plan |
@@ -47,6 +47,17 @@ npx @nano-step/skill-manager install --all
 | `skill-management` | AI skill routing — isolates tool definitions in subagent context to save 80-95% tokens |
 | `team-workflow` | Simulate an autonomous software team — architecture, execution plan, QA strategy |
 | `ui-ux-pro-max` | UI/UX design intelligence with searchable database of styles, palettes, fonts, and guidelines |
+### Private Skills (requires `login`)
+| Skill | Description |
+|-------|-------------|
+| `e2e-test-generator` | E2E test generation from PRD using Playwright MCP |
+| `feature-analysis` | Deep code analysis with execution tracing and gap analysis |
+| `mcp-management` | MCP tool routing and execution with token-saving isolation |
+| `pr-code-reviewer` | Comprehensive PR code review with 4 parallel subagents |
+| `rri-t-testing` | RRI-T QA methodology — 5-phase testing with 7 dimensions and release gates |
+| `database-inspector` | Database schema inspection for MySQL and PostgreSQL with progressive discovery |
 ## What Gets Installed
 When you install a skill, the manager:

package/dist/utils.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export declare const MANAGER_VERSION = "5.4.0";
+export declare const MANAGER_VERSION = "5.4.2";
 export interface SkillManifest {
     name: string;
     version: string;

package/dist/utils.js CHANGED Viewed

@@ -13,7 +13,7 @@ exports.writeText = writeText;
 const path_1 = __importDefault(require("path"));
 const os_1 = __importDefault(require("os"));
 const fs_extra_1 = __importDefault(require("fs-extra"));
-exports.MANAGER_VERSION = "5.4.0";
+exports.MANAGER_VERSION = "5.4.2";
 async function detectOpenCodePaths() {
     const homeConfig = path_1.default.join(os_1.default.homedir(), ".config", "opencode");
     const cwd = process.cwd();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nano-step/skill-manager",
-  "version": "5.4.0",
+  "version": "5.4.2",
   "description": "CLI tool that installs and manages AI agent skills, MCP tool routing, and workflow configurations.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/skills/feature-analysis/SKILL.md DELETED Viewed

@@ -1,290 +0,0 @@
----
-name: feature-analysis
-description: "Deep code analysis of any feature or service before writing docs, diagrams, or making changes. Enforces read-everything-first discipline. Traces exact execution paths, data transformations, guard clauses, bugs, and gaps between existing docs and actual code. Produces a validated Mermaid diagram and structured analysis output. Language and framework agnostic."
-compatibility: "OpenCode"
-metadata:
-  version: "2.0.0"
-tools:
-  required:
-    - Read (every file in the feature)
-    - Bash (find all files, run mermaid validator)
-  uses:
-    - mermaid-validator skill (validate any diagram produced)
-triggers:
-  - "analyze [feature]"
-  - "how does X work"
-  - "trace the flow of"
-  - "understand X"
-  - "what does X do"
-  - "deep dive into"
-  - "working on X - understand it first"
-  - "update docs/brain for"
----
-# Feature Analysis Skill
-A disciplined protocol for deeply analyzing any feature in any codebase before producing docs, diagrams, or making changes. Framework-agnostic. Language-agnostic.
----
-## The Core Rule
-**READ EVERYTHING. PRODUCE NOTHING. THEN SYNTHESIZE.**
-Do not write a single diagram node, doc line, or description until every file in the feature has been read. Every time you produce output before reading all files, you will miss something.
----
-## Phase 1: Discovery — Find Every File
-Before reading anything, map the full file set.
-```bash
-# Find all source files for the feature
-find <feature-dir> -type f | sort
-# Check imports to catch shared utilities, decorators, helpers
-grep -r "import\|require" <feature-dir> | grep -v node_modules | sort -u
-```
-**Read in dependency order (bottom-up — foundations first):**
-1. **Entry point / bootstrap** — port, env vars, startup config
-2. **Schema / model files** — DB schema, columns, nullable, indexes, types
-3. **Utility / helper files** — every function, every transformation, every constant
-4. **Decorator / middleware files** — wrapping logic, side effects, return value handling
-5. **Infrastructure services** — cache, lock, queue, external connections
-6. **Core business logic** — the main service/handler files
-7. **External / fetch services** — HTTP calls, filters applied, error handling
-8. **Entry controllers / routers / handlers** — HTTP method, route, params, return
-9. **Wiring files** — module/DI config, middleware registration
-**Do not skip any file. Do not skim.**
----
-## Phase 2: Per-File Checklist
-For each file, answer these questions before moving to the next.
-### Entry point / bootstrap
-- [ ] What port or address? (default? env override?)
-- [ ] Any global middleware, pipes, interceptors, or lifecycle hooks?
-### Schema / model files
-- [ ] Table/collection name
-- [ ] Every field: type, nullable, default, constraints, indexes
-- [ ] Relations / references to other entities
-### Utility / helper files
-- [ ] Every exported function — what does it do, step by step?
-- [ ] For transformations: what inputs? what outputs? what edge cases handled?
-- [ ] Where is this function called? (grep for usages)
-- [ ] How many times is it called within a single method? (once per batch? once per item?)
-### Decorator / middleware files
-- [ ] What does it wrap?
-- [ ] What side effects before / after the original method?
-- [ ] **Does it `return` the result of the original method?** (missing `return` = silent discard bug)
-- [ ] Does it use try/finally? What runs in finally?
-- [ ] What happens on the early-exit path?
-### Core business logic files
-- [ ] Every method: signature, return type
-- [ ] For each method: trace every line — no summarizing
-- [ ] Accumulator variables — where initialized, where incremented, where returned
-- [ ] Loop structure: sequential or parallel?
-- [ ] Every external call: what service/module, what args, what returned
-- [ ] Guard clauses: every early return / continue / throw
-- [ ] Every branch in conditionals
-### External / fetch service files
-- [ ] Exact URLs or endpoints (hardcoded or env?)
-- [ ] Filters applied to response data (which calls filter, which don't?)
-- [ ] Error handling on external calls
-### Entry controllers / routers / handlers
-- [ ] HTTP method (GET vs POST — don't assume)
-- [ ] Route path
-- [ ] What core method is called?
-- [ ] What is returned?
-### Wiring / module files
-- [ ] What is imported / registered?
-- [ ] What is exported / exposed?
----
-## Phase 3: Execution Trace
-After reading all files, produce a numbered step-by-step trace of the full execution path. This is not prose — it is a precise trace.
-**Format:**
-```
-1. [HTTP METHOD] /route → HandlerName.methodName()
-2. HandlerName.methodName() → ServiceName.methodName()
-3. @DecoratorName: step A (e.g. acquire lock, check cache)
-4.   → if condition X: early return [what is returned / not returned]
-5. ServiceName.methodName():
-6.   step 1: call externalService.fetchAll() → parallel([fetchA(), fetchB()])
-7.     fetchA(): GET https://... → returns all items (no filter)
-8.     fetchB(): GET https://... → filter(x => x.field !== null) → returns filtered
-9.   step 2: parallel([processItems(a, 'typeA'), processItems(b, 'typeB')])
-10. processItems(items, type):
-11.   init: totalUpdated = 0, totalInserted = 0
-12.   for loop (sequential): i = 0 to items.length, step batchSize
-13.     batch = items.slice(i, i + batchSize)
-14.     { updated, inserted } = await processBatch(batch)
-15.     totalUpdated += updated; totalInserted += inserted
-16.   return { total: items.length, updated: totalUpdated, inserted: totalInserted }
-17. processBatch(batch):
-18.   guard: if batch.length === 0 → return { updated: 0, inserted: 0 }
-19.   step 1: names = batch.map(item => transform(item.field))   ← called ONCE per batch
-20.   step 2: existing = repo.find(WHERE field IN names)
-21.   step 3: map = existing.reduce(...)
-22.   step 4: for each item in batch:
-23.     value = transform(item.field)   ← called AGAIN per item
-24.     ...decision tree...
-25.   repo.save(itemsToSave)
-26.   return { updated, inserted }
-27. @DecoratorName finally: releaseLock()
-28. BUG: decorator does not return result → caller receives undefined
-```
-**Key things to call out in the trace:**
-- When a utility function is called more than once (note the count and context)
-- Every accumulator variable (where init, where increment, where return)
-- Every guard clause / early exit
-- Sequential vs parallel (for loop vs Promise.all / asyncio.gather / goroutines)
-- Any discarded return values
----
-## Phase 4: Data Transformations Audit
-For every utility/transformation function used:
-| Function | What it does (step by step) | Called where | Called how many times |
-|----------|----------------------------|--------------|----------------------|
-| `transformFn(x)` | 1. step A 2. step B 3. step C | methodName | TWICE: once in step N (batch), once per item in loop |
----
-## Phase 5: Gap Analysis — Docs vs Code
-Compare existing docs/brain files against what the code actually does:
-| Claim in docs | What code actually does | Verdict |
-|---------------|------------------------|---------|
-| "POST /endpoint" | `@Get()` in controller | ❌ Wrong |
-| "Port 3000" | `process.env.PORT \|\| 4001` in entrypoint | ❌ Wrong |
-| "function converts X" | Also does Y (undocumented) | ⚠️ Incomplete |
-| "returns JSON result" | Decorator discards return value | ❌ Bug |
----
-## Phase 6: Produce Outputs
-Only now, after phases 1–5 are complete, produce:
-### 6a. Structured Analysis Document
-```markdown
-## Feature Analysis: [Feature Name]
-Repo: [repo] | Date: [date]
-### Files Read
-- `path/to/controller.ts` — entry point, GET /endpoint, calls ServiceA.run()
-- `path/to/service.ts` — core logic, orchestrates fetch + batch loop
-- [... every file ...]
-### Execution Trace
-[numbered trace from Phase 3]
-### Data Transformations
-[table from Phase 4]
-### Guard Clauses & Edge Cases
-- processBatch: empty batch guard → returns {0,0} immediately
-- fetchItems: filters items where field === null
-- LockManager: if lock not acquired → returns void immediately (no error thrown)
-### Bugs / Issues Found
-- path/to/decorator.ts line N: `await originalMethod.apply(this, args)` missing `return`
-  → result is discarded, caller always receives undefined
-- [any others]
-### Gaps: Docs vs Code
-[table from Phase 5]
-### Files to Update
-- [ ] `.agents/_repos/[repo].md` — update port, endpoint method, transformation description
-- [ ] `.agents/_domains/[domain].md` — if architecture changed
-```
-### 6b. Mermaid Diagram
-Write the diagram. Then **immediately run the validator before doing anything else.**
-If you have the mermaid-validator skill:
-```bash
-node /path/to/project/scripts/validate-mermaid.mjs [file.md]
-```
-Otherwise validate manually — common syntax errors:
-- Labels with `()` must be wrapped in `"double quotes"`: `A["method()"]`
-- No `\n` in node labels — use `<br/>` or shorten
-- No HTML entities (`&amp;`, `&gt;`) in labels — use literal characters
-- `end` is a reserved word in Mermaid — use `END` or `done` as node IDs
-If errors → fix → re-run. Do not proceed until clean.
-**Diagram must include:**
-- Every step from the execution trace
-- Data transformation nodes (show what the function does, not just its name)
-- Guard clauses as decision nodes
-- Parallel vs sequential clearly distinguished
-- Bugs annotated inline (e.g. "BUG: result discarded")
-### 6c. Doc / Brain File Updates
-Update relevant docs with:
-- Corrected facts (port, endpoint method, etc.)
-- The validated Mermaid diagram
-- Data transformation table
-- Known bugs section
----
-## Anti-Patterns (What This Skill Prevents)
-| Anti-pattern | What gets missed | Rule violated |
-|---|---|---|
-| Drew diagram before reading utility files | Transformation called twice — not shown | READ EVERYTHING FIRST |
-| Trusted existing docs for endpoint method | GET vs POST wrong in docs | GAP ANALYSIS required |
-| Summarized service method instead of tracing | Guard clause (empty batch) missed | TRACE NOT SUMMARIZE |
-| Trusted existing docs for port/config | Wrong values | Verify entry point |
-| Read decorator without checking return | Silent result discard bug | RETURN VALUE AUDIT |
-| Merged H1/H2 paths into shared loop node | Sequential vs parallel distinction lost | TRACE LOOP STRUCTURE |
-| Assumed filter applies to all fetches | One fetch had no filter — skipped items | READ EVERY FETCH FILE |
----
-## Quick Reference Checklist
-Before producing any output, verify:
-- [ ] Entry point read — port/address confirmed
-- [ ] All schema/model files read — every field noted
-- [ ] All utility files read — every transformation step documented
-- [ ] All decorator/middleware files read — return value audited
-- [ ] All core service files read — every method traced line by line
-- [ ] All fetch/external services read — filters noted (which have filters, which don't)
-- [ ] All controller/router/handler files read — HTTP method confirmed (not assumed)
-- [ ] All wiring/module files read — dependency graph understood
-- [ ] Utility functions: call count per method noted
-- [ ] All guard clauses documented
-- [ ] Accumulator variables traced (init → increment → return)
-- [ ] Loop structure confirmed (sequential vs parallel)
-- [ ] Existing docs compared against code (gap analysis done)
-- [ ] Mermaid diagram validated before saving

package/skills/feature-analysis/skill.json DELETED Viewed

@@ -1,15 +0,0 @@
-{
-    "name": "feature-analysis",
-    "version": "2.0.0",
-    "description": "Deep code analysis of any feature or service before writing docs, diagrams, or making changes. Enforces read-everything-first discipline with execution tracing, data transformation audits, and gap analysis.",
-    "compatibility": "OpenCode",
-    "agent": null,
-    "commands": [],
-    "tags": [
-        "analysis",
-        "code-review",
-        "documentation",
-        "mermaid",
-        "tracing"
-    ]
-}

package/skills/rri-t-testing/SKILL.md DELETED Viewed

@@ -1,76 +0,0 @@
----
-name: rri-t-testing
-description: RRI-T QA methodology skill. Execute 5-phase testing: PREPARE, DISCOVER, STRUCTURE, EXECUTE, ANALYZE. Use before release, creating test cases, or QA review.
----
-# RRI-T Testing Skill
-Execute comprehensive QA testing using Reverse Requirements Interview - Testing methodology.
-## When to Use
-- Testing any feature before release
-- Creating test cases for new features
-- Performing thorough QA review
-- Running stress tests and edge case analysis
-## Input
-| Param | Req | Description |
-|-------|-----|-------------|
-| feature | Yes | Feature name in kebab-case |
-| phase | No | `prepare`, `discover`, `structure`, `execute`, `analyze` |
-| dimensions | No | `ui-ux,api,performance,security,data,infra,edge-cases` |
-## 5 Phases
-1. **PREPARE** — Read specs, setup output dir
-2. **DISCOVER** — Interview 5 personas for test scenarios
-3. **STRUCTURE** — Format as Q-A-R-P-T test cases
-4. **EXECUTE** — Run tests, capture screenshots
-5. **ANALYZE** — Calculate coverage, apply release gates
-## Output
-```
-/ai/test-case/rri-t/{feature-name}/
-├── 01-prepare.md
-├── 02-discover.md
-├── 03-structure.md
-├── 04-execute.md
-├── 05-analyze.md
-└── summary.md
-```
-## Templates
-Use templates bundled in `assets/` directory of this skill:
-- `rri-t-persona-interview.md` — Persona interviews
-- `rri-t-test-case.md` — Q-A-R-P-T format
-- `rri-t-coverage-dashboard.md` — 7-dimension tracking
-- `rri-t-stress-matrix.md` — 8-axis stress testing
-## 7 Dimensions
-UI/UX | API | Performance | Security | Data Integrity | Infrastructure | Edge Cases
-## 5 Personas
-End User | Business Analyst | QA Destroyer | DevOps Tester | Security Auditor
-## Release Gates
-| GO | NO-GO |
-|----|-------|
-| All 7 dims >= 70% | Any dim < 50% |
-| 5/7 >= 85% | >2 P0 FAILs |
-| Zero P0 FAIL | Critical MISSING |
-## Guardrails
-1. Test all 7 dimensions
-2. Use all 5 personas
-3. Document everything
-4. PAINFUL is valid (not failure)
-5. Follow release gates
-6. Test Vietnamese locale

package/skills/rri-t-testing/assets/rri-t-coverage-dashboard.md DELETED Viewed

@@ -1,101 +0,0 @@
-# RRI-T Coverage Dashboard — {feature_name}
-Feature: {feature_name}
-Date: {date}
-Release Gate Status: {release_gate_status}
-Release Version: {release_version}
-Owner: {owner}
-Prepared By: {prepared_by}
-## Release Gate Criteria
-| Rule | Criteria | Status |
-| --- | --- | --- |
-| RG-1 | All 7 dimensions >= 70% coverage | {rg1_status} |
-| RG-2 | At least 5/7 dimensions >= 85% coverage | {rg2_status} |
-| RG-3 | Zero P0 items in FAIL state | {rg3_status} |
-## Dimension Coverage
-| Dimension | Total | PASS | FAIL | PAINFUL | MISSING | Coverage % | Gate |
-| --- | --- | --- | --- | --- | --- | --- | --- |
-| D1: UI/UX | {d1_total} | {d1_pass} | {d1_fail} | {d1_painful} | {d1_missing} | {d1_coverage} | {d1_gate} |
-| D2: API | {d2_total} | {d2_pass} | {d2_fail} | {d2_painful} | {d2_missing} | {d2_coverage} | {d2_gate} |
-| D3: Performance | {d3_total} | {d3_pass} | {d3_fail} | {d3_painful} | {d3_missing} | {d3_coverage} | {d3_gate} |
-| D4: Security | {d4_total} | {d4_pass} | {d4_fail} | {d4_painful} | {d4_missing} | {d4_coverage} | {d4_gate} |
-| D5: Data Integrity | {d5_total} | {d5_pass} | {d5_fail} | {d5_painful} | {d5_missing} | {d5_coverage} | {d5_gate} |
-| D6: Infrastructure | {d6_total} | {d6_pass} | {d6_fail} | {d6_painful} | {d6_missing} | {d6_coverage} | {d6_gate} |
-| D7: Edge Cases | {d7_total} | {d7_pass} | {d7_fail} | {d7_painful} | {d7_missing} | {d7_coverage} | {d7_gate} |
-Legend: ✅ PASS | ❌ FAIL | ⚠️ PAINFUL | ☐ MISSING
-## Priority Breakdown
-| Priority | Total | PASS | FAIL | PAINFUL | MISSING | Coverage % | Gate |
-| --- | --- | --- | --- | --- | --- | --- | --- |
-| P0 | {p0_total} | {p0_pass} | {p0_fail} | {p0_painful} | {p0_missing} | {p0_coverage} | {p0_gate} |
-| P1 | {p1_total} | {p1_pass} | {p1_fail} | {p1_painful} | {p1_missing} | {p1_coverage} | {p1_gate} |
-| P2 | {p2_total} | {p2_pass} | {p2_fail} | {p2_painful} | {p2_missing} | {p2_coverage} | {p2_gate} |
-| P3 | {p3_total} | {p3_pass} | {p3_fail} | {p3_painful} | {p3_missing} | {p3_coverage} | {p3_gate} |
-## Summary Metrics
-- Total Test Cases: {total_tc}
-- Overall Coverage %: {overall_coverage}
-- Dimensions Passing Gate: {dimensions_passing_gate}
-- P0 FAIL Count: {p0_fail_count}
-- P0 PAINFUL Count: {p0_painful_count}
-- MISSING Count: {missing_count}
-- Latest Update: {latest_update}
-- Notes: {summary_notes}
-- Risks: {summary_risks}
-## FAIL Items
-| TC ID | Priority | Dimension | Description | Assigned To |
-| --- | --- | --- | --- | --- |
-| {fail_tc_id_1} | {fail_priority_1} | {fail_dimension_1} | {fail_description_1} | {fail_assigned_to_1} |
-| {fail_tc_id_2} | {fail_priority_2} | {fail_dimension_2} | {fail_description_2} | {fail_assigned_to_2} |
-| {fail_tc_id_3} | {fail_priority_3} | {fail_dimension_3} | {fail_description_3} | {fail_assigned_to_3} |
-| {fail_tc_id_4} | {fail_priority_4} | {fail_dimension_4} | {fail_description_4} | {fail_assigned_to_4} |
-| {fail_tc_id_5} | {fail_priority_5} | {fail_dimension_5} | {fail_description_5} | {fail_assigned_to_5} |
-## PAINFUL Items
-| TC ID | Priority | Dimension | Description | UX Impact |
-| --- | --- | --- | --- | --- |
-| {painful_tc_id_1} | {painful_priority_1} | {painful_dimension_1} | {painful_description_1} | {painful_ux_impact_1} |
-| {painful_tc_id_2} | {painful_priority_2} | {painful_dimension_2} | {painful_description_2} | {painful_ux_impact_2} |
-| {painful_tc_id_3} | {painful_priority_3} | {painful_dimension_3} | {painful_description_3} | {painful_ux_impact_3} |
-| {painful_tc_id_4} | {painful_priority_4} | {painful_dimension_4} | {painful_description_4} | {painful_ux_impact_4} |
-| {painful_tc_id_5} | {painful_priority_5} | {painful_dimension_5} | {painful_description_5} | {painful_ux_impact_5} |
-## MISSING Items
-| TC ID | Priority | Dimension | Description | User Need |
-| --- | --- | --- | --- | --- |
-| {missing_tc_id_1} | {missing_priority_1} | {missing_dimension_1} | {missing_description_1} | {missing_user_need_1} |
-| {missing_tc_id_2} | {missing_priority_2} | {missing_dimension_2} | {missing_description_2} | {missing_user_need_2} |
-| {missing_tc_id_3} | {missing_priority_3} | {missing_dimension_3} | {missing_description_3} | {missing_user_need_3} |
-| {missing_tc_id_4} | {missing_priority_4} | {missing_dimension_4} | {missing_description_4} | {missing_user_need_4} |
-| {missing_tc_id_5} | {missing_priority_5} | {missing_dimension_5} | {missing_description_5} | {missing_user_need_5} |
-## Regression Test List
-| Test ID | Title | Dimension | Priority | Status |
-| --- | --- | --- | --- | --- |
-| {regression_id_1} | {regression_title_1} | {regression_dimension_1} | {regression_priority_1} | {regression_status_1} |
-| {regression_id_2} | {regression_title_2} | {regression_dimension_2} | {regression_priority_2} | {regression_status_2} |
-| {regression_id_3} | {regression_title_3} | {regression_dimension_3} | {regression_priority_3} | {regression_status_3} |
-| {regression_id_4} | {regression_title_4} | {regression_dimension_4} | {regression_priority_4} | {regression_status_4} |
-| {regression_id_5} | {regression_title_5} | {regression_dimension_5} | {regression_priority_5} | {regression_status_5} |
-## Sign-off
-| Role | Name | Decision | Notes |
-| --- | --- | --- | --- |
-| QA Lead | {qa_lead_name} | {qa_lead_decision} | {qa_lead_notes} |
-| Dev Lead | {dev_lead_name} | {dev_lead_decision} | {dev_lead_notes} |
-| Product | {product_name} | {product_decision} | {product_notes} |
-Decision Legend: {approve_label}/{reject_label}

package/skills/rri-t-testing/assets/rri-t-persona-interview.md DELETED Viewed

@@ -1,226 +0,0 @@
-# RRI-T Persona Interview — {Feature Name}
-**Feature:** {feature-name}
-**Date:** {YYYY-MM-DD}
-**Interviewer:** {agent/person}
-## Interview Summary
-| Persona | Questions Generated | Key Concerns |
-|---------|-------------------|--------------|
-| End User | 0/25 | |
-| Business Analyst | 0/25 | |
-| QA Destroyer | 0/25 | |
-| DevOps Tester | 0/25 | |
-| Security Auditor | 0/25 | |
-| **Total** | **0/125** | |
----
-## Persona 1: End User (Người dùng cuối)
-### Context
-As a household member using {feature-name} daily to manage my family's shared resources, I need the feature to work reliably across different devices, network conditions, and usage patterns. I care about speed, clarity, and not losing my work.
-### Questions
-1. What happens when I add an inventory item while my phone has weak 3G signal?
-2. What happens when I start editing a shopping list on mobile, then switch to desktop mid-task?
-3. What happens when I search for "nguyen" but the item name is "Nguyễn Văn A"?
-4. What happens when I accidentally navigate away from a half-filled form?
-5. What happens when I try to delete an item that another household member is currently editing?
-6. What happens when I upload a photo of a receipt and the file is 10MB?
-7. What happens when I filter 500+ inventory items by expiration date on a mid-range phone?
-8. What happens when I receive a phone call while recording a voice note for a meal plan?
-9. What happens when the app shows "1,000,000đ" instead of "1.000.000đ" for Vietnamese currency?
-10. What happens when I'm offline for 2 days and then reconnect with 50 pending changes?
-11.
-12.
-13.
-14.
-15.
-16.
-17.
-18.
-19.
-20.
-21.
-22.
-23.
-24.
-25.
-### Key Concerns
-- {list concerns discovered}
----
-## Persona 2: Business Analyst (Phân tích nghiệp vụ)
-### Context
-As someone responsible for ensuring business rules are correctly implemented, I need to verify that household permissions, data ownership, financial calculations, and multi-household scenarios work as specified. I care about data consistency and rule enforcement.
-### Questions
-1. What happens when a household member with "viewer" role tries to delete an inventory item?
-2. What happens when a user belongs to 3 households and switches between them rapidly?
-3. What happens when two members simultaneously mark the same shopping list item as "purchased"?
-4. What happens when a household admin removes a member who has pending edits?
-5. What happens when the total expense calculation includes items in different currencies (VND and USD)?
-6. What happens when a recurring meal plan conflicts with a one-time event on the same date?
-7. What happens when a user tries to share an inventory item with a household they don't belong to?
-8. What happens when the system calculates "items expiring in 3 days" across different timezones?
-9. What happens when a household reaches the maximum allowed inventory items (if there's a limit)?
-10. What happens when a deleted household still has active shopping lists in other members' offline caches?
-11.
-12.
-13.
-14.
-15.
-16.
-17.
-18.
-19.
-20.
-21.
-22.
-23.
-24.
-25.
-### Key Concerns
-- {list concerns discovered}
----
-## Persona 3: QA Destroyer (Phá hoại viên QA)
-### Context
-As someone whose job is to break things, I need to find every edge case, race condition, and unexpected input that could crash the system or corrupt data. I care about boundary conditions, malformed inputs, and timing attacks.
-### Questions
-1. What happens when I paste 50,000 characters into the "item name" field?
-2. What happens when I rapidly click "save" 20 times in 1 second?
-3. What happens when I set my device date to 2099 and create an inventory item?
-4. What happens when I upload a file named `"; DROP TABLE inventory; --"` as an item photo?
-5. What happens when I create an item with expiration date "yesterday" and quantity "-5"?
-6. What happens when I open the app in 10 browser tabs and edit the same item in all of them?
-7. What happens when I force-kill the app during a GraphQL mutation?
-8. What happens when I inject `<script>alert('xss')</script>` into a meal plan description?
-9. What happens when I create a circular dependency (Item A requires Item B, Item B requires Item A)?
-10. What happens when I change my device timezone mid-session and create a timestamped event?
-11.
-12.
-13.
-14.
-15.
-16.
-17.
-18.
-19.
-20.
-21.
-22.
-23.
-24.
-25.
-### Key Concerns
-- {list concerns discovered}
----
-## Persona 4: DevOps Tester (Kiểm thử hạ tầng)
-### Context
-As someone responsible for deployment, monitoring, and infrastructure reliability, I need to verify that the feature works under load, handles server restarts gracefully, and doesn't leak resources. I care about scalability, observability, and recovery.
-### Questions
-1. What happens when the GraphQL server restarts while a user is mid-sync?
-2. What happens when 100 users simultaneously bulk-import 500 inventory items each?
-3. What happens when the database connection pool is exhausted during peak usage?
-4. What happens when the CDN serving item photos goes down?
-5. What happens when a GraphQL query takes longer than the 30-second timeout?
-6. What happens when the Redis cache is cleared while users have active sessions?
-7. What happens when a deployment rolls out a new schema version while old clients are still connected?
-8. What happens when disk space runs out during a photo upload?
-9. What happens when the monitoring system detects 500 errors but the app still appears functional?
-10. What happens when a user's offline queue grows to 1000+ pending mutations?
-11.
-12.
-13.
-14.
-15.
-16.
-17.
-18.
-19.
-20.
-21.
-22.
-23.
-24.
-25.
-### Key Concerns
-- {list concerns discovered}
----
-## Persona 5: Security Auditor (Kiểm toán bảo mật)
-### Context
-As someone responsible for security compliance, I need to verify that authentication, authorization, data exposure, and audit trails are properly implemented. I care about access control, data leakage, and attack surface.
-### Questions
-1. What happens when a user's JWT token expires mid-session?
-2. What happens when a user tries to access another household's data by guessing the household ID?
-3. What happens when a removed household member still has cached data on their device?
-4. What happens when someone intercepts the GraphQL request and replays it with modified variables?
-5. What happens when a user tries to upload a malicious file disguised as an image?
-6. What happens when the audit log shows who deleted an item, but the user claims they didn't?
-7. What happens when a user shares their session token with someone outside the household?
-8. What happens when someone uses SQL injection in a search query (even though it's GraphQL)?
-9. What happens when a user's password is compromised and they don't realize it for 3 days?
-10. What happens when the system logs sensitive data (like financial amounts) in plain text?
-11.
-12.
-13.
-14.
-15.
-16.
-17.
-18.
-19.
-20.
-21.
-22.
-23.
-24.
-25.
-### Key Concerns
-- {list concerns discovered}
----
-## Raw Test Ideas (Consolidated)
-| # | Idea | Source Persona | Potential Dimension | Priority Estimate |
-|---|------|---------------|--------------------|--------------------|
-| 1 | | | | |
-| 2 | | | | |
-| 3 | | | | |
-| 4 | | | | |
-| 5 | | | | |
-| 6 | | | | |
-| 7 | | | | |
-| 8 | | | | |
-| 9 | | | | |
-| 10 | | | | |
-| 11 | | | | |
-| 12 | | | | |
-| 13 | | | | |
-| 14 | | | | |
-| 15 | | | | |
-| 16 | | | | |
-| 17 | | | | |
-| 18 | | | | |
-| 19 | | | | |
-| 20 | | | | |

package/skills/rri-t-testing/assets/rri-t-stress-matrix.md DELETED Viewed

@@ -1,100 +0,0 @@
-# RRI-T Stress Matrix Template
-## Feature
-- Name: <feature-name>
-- Owner: <owner>
-- Date: <yyyy-mm-dd>
-- Build/Release: <build-id>
-- Environment: <dev/staging/prod>
-## Summary
-This template covers RRI-T 8-axis stress testing for a household management app
-(inventory, meal planning, shopping lists, finances).
-## Stress Axes Summary
-| Axis | Name | Focus | Notes |
-| --- | --- | --- | --- |
-| 1 | TIME | Deadlines, bulk ops, timeouts | Burst actions, long-running jobs |
-| 2 | DATA | 1000+ rows, search/filter speed | Large inventory, long history |
-| 3 | ERROR | Undo/redo, auto-save recovery, messages | Resilience, recoverability |
-| 4 | COLLAB | Concurrent editing, conflicts, multi-user | Household members overlap |
-| 5 | EMERGENCY | Interruptions, crash recovery | Browser/device failures |
-| 6 | SECURITY | Access revocation, audit logs, session expiry | Role changes, expiring auth |
-| 7 | INFRA | Server crash, RTO<15m, RPO<5m, offline | Service resilience |
-| 8 | LOCALE | Vietnamese diacritics, VND, GMT+7, overflow | Local UX correctness |
-## Axis Combination Matrix (Test Where X)
-| Axis | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
-| --- | --- | --- | --- | --- | --- | --- | --- | --- |
-| 1 TIME | - | X | X | X | X | X | X | X |
-| 2 DATA | X | - | X | X |  | X | X | X |
-| 3 ERROR | X | X | - | X | X |  | X | X |
-| 4 COLLAB | X | X | X | - |  | X |  | X |
-| 5 EMERGENCY | X |  | X |  | - | X | X |  |
-| 6 SECURITY | X | X |  | X | X | - | X | X |
-| 7 INFRA | X | X | X |  | X | X | - | X |
-| 8 LOCALE | X | X | X | X |  | X | X | - |
-## Stress Scenarios
-### Axis 1: TIME
-| # | Scenario | Steps | Expected | Priority |
-| --- | --- | --- | --- | --- |
-| S-TIME-001 | Bulk add 500 pantry items before dinner | Start timer 2 min, import CSV of pantry items | Import completes, progress visible, no timeout | P1 |
-| S-TIME-002 | Rapid meal plan edits during 10-min window | Update 10 meals in 60s, save each | Saves succeed, no stale data, UI responsive | P1 |
-| S-TIME-003 | Shopping list sync under poor network | Add 30 items quickly, toggle offline/online | Sync resolves within 60s, no duplicates | P2 |
-| S-TIME-004 | Finance entry auto-save timeout | Create expense, wait 45s idle, resume edit | Auto-save persists, no data loss | P2 |
-### Axis 2: DATA
-| # | Scenario | Steps | Expected | Priority |
-| S-DATA-001 | Inventory list 1000+ items | Load inventory with 1200 items | Scroll, search, filter remain under 2s | P1 |
-| S-DATA-002 | Shopping history filter speed | Filter 800 past purchases by category | Results appear under 2s, no UI freeze | P2 |
-| S-DATA-003 | Meal plan calendar 6 months | Open 6-month plan view with 180 entries | Render within 3s, no layout shift | P2 |
-| S-DATA-004 | Finance ledger export 2000 rows | Export 2k ledger rows to CSV | Export completes, file accurate | P2 |
-### Axis 3: ERROR
-| # | Scenario | Steps | Expected | Priority |
-| S-ERROR-001 | Undo/redo inventory quantity changes | Change item qty 5 times, undo 5, redo 5 | Exact state restored each step | P1 |
-| S-ERROR-002 | Auto-save recovery after crash | Edit meal notes, force close tab, reopen | Draft restored with last autosave | P1 |
-| S-ERROR-003 | Validation error messages | Add expense with negative value | Clear inline error, no save | P2 |
-| S-ERROR-004 | Failed bulk import rollback | Import malformed CSV for pantry | No partial data, error list shown | P1 |
-### Axis 4: COLLAB
-| # | Scenario | Steps | Expected | Priority |
-| S-COLLAB-001 | Two users edit shopping list | User A adds 5 items, User B deletes 2 | Conflict warning, final list consistent | P1 |
-| S-COLLAB-002 | Concurrent budget updates | Two users change monthly budget | Latest change prompts merge dialog | P2 |
-| S-COLLAB-003 | Shared meal plan edit | User A updates recipe, User B updates servings | Both changes applied without loss | P2 |
-| S-COLLAB-004 | New member joins household | Invite new user during active edits | New user sees updated list | P3 |
-### Axis 5: EMERGENCY
-| # | Scenario | Steps | Expected | Priority |
-| S-EMERGENCY-001 | Browser crash while editing | Edit grocery item notes, kill browser | Reopen, draft restored | P1 |
-| S-EMERGENCY-002 | Power loss during bulk update | Start bulk pantry update, go offline | Partial changes queued or rolled back | P1 |
-| S-EMERGENCY-003 | Device sleep mid-sync | Start sync, close laptop lid | Resume sync without duplication | P2 |
-| S-EMERGENCY-004 | App reload mid-transaction | Save expense, hit refresh instantly | No double charge, one entry saved | P2 |
-### Axis 6: SECURITY
-| # | Scenario | Steps | Expected | Priority |
-| S-SECURITY-001 | Access revoked during edit | Admin removes user role mid-edit | User warned, changes blocked, data safe | P1 |
-| S-SECURITY-002 | Session expiry while shopping | Session expires, user adds item | Redirect to login, item queued | P1 |
-| S-SECURITY-003 | Audit log for finance edits | Edit expense amount | Audit entry with user, time, change | P2 |
-| S-SECURITY-004 | Private list access attempt | Non-member tries to open list | Access denied, no data leak | P1 |
-### Axis 7: INFRA
-| # | Scenario | Steps | Expected | Priority |
-| S-INFRA-001 | Server crash during sync | Trigger sync, kill server | Retry logic, no data loss | P1 |
-| S-INFRA-002 | RTO < 15m recovery | Simulate outage, restore service | Service back within 15m, status updated | P1 |
-| S-INFRA-003 | RPO < 5m data recovery | Create 3 entries, failover | Max 5m data loss, latest persists | P1 |
-| S-INFRA-004 | Offline mode for shopping list | Go offline, add 10 items | Local cache used, sync on reconnect | P2 |
-### Axis 8: LOCALE
-| # | Scenario | Steps | Expected | Priority |
-| S-LOCALE-001 | Diacritic-insensitive search | Search "nguyen" in household members | Finds "Nguyễn" matches | P1 |
-| S-LOCALE-002 | VND currency formatting | View finance summary | Shows "1.000.000đ" not "1,000,000" | P1 |
-| S-LOCALE-003 | Vietnamese text overflow | Open long Vietnamese recipe names | No overflow, wraps cleanly | P2 |
-| S-LOCALE-004 | Date format DD/MM/YYYY | View meal plan date header | Displays DD/MM/YYYY | P1 |
-## Notes
-- Attach logs, screenshots, and timings for any P1 or P2 failures.
-- Capture device, OS, browser, and network conditions.
-- Link to any incident or bug IDs created from results.

package/skills/rri-t-testing/assets/rri-t-test-case.md DELETED Viewed

@@ -1,155 +0,0 @@
-# RRI-T Test Cases — {Feature Name}
-**Feature:** {feature-name}
-**Generated from:** Persona Interview ({date})
-**Total Test Cases:** {count}
-## Priority Distribution
-| Priority | Count | Description |
-|----------|-------|-------------|
-| P0 | 0 | Critical — blocks release |
-| P1 | 0 | Major — fix before release |
-| P2 | 0 | Minor — next sprint |
-| P3 | 0 | Trivial — backlog |
-## Dimension Distribution
-| Dimension | Count | Target Coverage |
-|-----------|-------|----------------|
-| D1: UI/UX | 0 | >= 85% |
-| D2: API | 0 | >= 85% |
-| D3: Performance | 0 | >= 70% |
-| D4: Security | 0 | >= 85% |
-| D5: Data Integrity | 0 | >= 85% |
-| D6: Infrastructure | 0 | >= 70% |
-| D7: Edge Cases | 0 | >= 85% |
----
-## Test Cases
-### TC-RRI-{FEATURE}-001
-- **Q (Question):** As an end user, what happens when I add an inventory item while on a weak 3G connection?
-- **A (Answer):** The item should be saved locally immediately, show a "syncing" indicator, and sync to the server when connection improves. No data loss should occur.
-- **R (Requirement):** REQ-OFFLINE-001: App must support offline-first operations with automatic sync
-- **P (Priority):** P0
-- **T (Test Case):**
-  - **Preconditions:**
-    - User logged in to household
-    - Device has weak 3G connection (simulated: 500ms latency, 50% packet loss)
-    - At least 1 existing inventory item for comparison
-  - **Steps:**
-    1. Navigate to Inventory screen
-    2. Tap "Add Item" button
-    3. Fill in: Name "Gạo ST25", Quantity "5", Unit "kg", Expiration "2026-03-15"
-    4. Tap "Save"
-    5. Observe UI feedback
-    6. Wait 30 seconds
-    7. Check item appears in inventory list
-    8. Restore normal network connection
-    9. Wait for sync indicator to complete
-    10. Verify item exists on server (check from another device)
-  - **Expected Result:**
-    - Item appears in list immediately with "syncing" badge
-    - No error message shown
-    - After network restores, item syncs successfully
-    - Item visible from other devices within 5 seconds of sync
-  - **Dimension:** D3: Performance
-  - **Stress Axis:** TIME, INFRA
-  - **Source Persona:** End User
-- **Result:** ✅ PASS
-- **Notes:** Tested on iPhone 12 with Network Link Conditioner. Sync completed in 3.2s after network restored.
----
-### TC-RRI-{FEATURE}-002
-- **Q (Question):** As a business analyst, what happens when a household member with "viewer" role tries to delete an inventory item?
-- **A (Answer):** The delete button should be hidden or disabled for viewers. If they somehow trigger a delete (via API manipulation), the server should reject it with a 403 Forbidden error.
-- **R (Requirement):** REQ-RBAC-003: Viewers can only read data, not modify or delete
-- **P (Priority):** P1
-- **T (Test Case):**
-  - **Preconditions:**
-    - User "viewer@example.com" has "viewer" role in household "Test Family"
-    - Household has inventory item "Sữa tươi" (ID: inv_123)
-    - User logged in on mobile app
-  - **Steps:**
-    1. Login as viewer@example.com
-    2. Navigate to Inventory screen
-    3. Tap on "Sữa tươi" item to view details
-    4. Look for delete button/option
-    5. (If delete button exists) Attempt to tap it
-    6. (Alternative) Use GraphQL client to send deleteInventoryItem mutation directly
-  - **Expected Result:**
-    - Delete button should not be visible in UI
-    - If mutation sent directly, server returns error: `{"errors": [{"message": "Forbidden: insufficient permissions", "extensions": {"code": "FORBIDDEN"}}]}`
-    - Item remains in database unchanged
-  - **Dimension:** D4: Security
-  - **Stress Axis:** SECURITY
-  - **Source Persona:** Business Analyst
-- **Result:** ⚠️ PAINFUL
-- **Notes:** Delete button is correctly hidden, but when mutation sent via GraphQL Playground, error message is generic "Unauthorized" instead of specific "Forbidden: insufficient permissions". UX improvement: add clearer error messages for debugging. Item was NOT deleted (security works), but error clarity needs improvement.
----
-### TC-RRI-{FEATURE}-003
-- **Q (Question):** As a QA destroyer, what happens when I paste 50,000 characters into the "item name" field?
-- **A (Answer):** The field should enforce a maximum length (e.g., 200 characters), truncate or reject input gracefully, and show a validation error. The app should not crash or freeze.
-- **R (Requirement):** REQ-VALIDATION-005: All text inputs must have reasonable length limits
-- **P (Priority):** P1
-- **T (Test Case):**
-  - **Preconditions:**
-    - User logged in
-    - On "Add Inventory Item" screen
-    - Clipboard contains 50,000-character string
-  - **Steps:**
-    1. Tap into "Item Name" field
-    2. Paste 50,000-character string
-    3. Observe UI behavior
-    4. Attempt to save the form
-  - **Expected Result:**
-    - Field truncates input to max length (200 chars) OR shows validation error
-    - UI remains responsive (no freeze)
-    - Save button disabled or shows error: "Item name too long (max 200 characters)"
-    - No crash or GraphQL error
-  - **Dimension:** D7: Edge Cases
-  - **Stress Axis:** DATA, ERROR
-  - **Source Persona:** QA Destroyer
-- **Result:** ☐ MISSING
-- **Notes:** Feature not yet implemented. Current behavior: field accepts all 50,000 characters, UI freezes for 2-3 seconds, GraphQL mutation fails with "Payload too large" error. Need to add client-side validation and maxLength attribute.
----
-### TC-RRI-{FEATURE}-004
-- **Q (Question):** {From persona's perspective — what are they trying to do/verify?}
-- **A (Answer):** {Expected behavior — what SHOULD happen}
-- **R (Requirement):** {Requirement ID or description}
-- **P (Priority):** P0 | P1 | P2 | P3
-- **T (Test Case):**
-  - **Preconditions:** {required state}
-  - **Steps:**
-    1. {step 1}
-    2. {step 2}
-  - **Expected Result:** {specific, measurable outcome}
-  - **Dimension:** D{n}: {name}
-  - **Stress Axis:** {axis name} (if applicable)
-  - **Source Persona:** {persona name}
-- **Result:** ✅ PASS | ❌ FAIL | ⚠️ PAINFUL | ☐ MISSING
-- **Notes:** {observations, screenshots, bug IDs}
----
-### TC-RRI-{FEATURE}-005
-- **Q (Question):** {From persona's perspective — what are they trying to do/verify?}
-- **A (Answer):** {Expected behavior — what SHOULD happen}
-- **R (Requirement):** {Requirement ID or description}
-- **P (Priority):** P0 | P1 | P2 | P3
-- **T (Test Case):**
-  - **Preconditions:** {required state}
-  - **Steps:**
-    1. {step 1}
-    2. {step 2}
-  - **Expected Result:** {specific, measurable outcome}
-  - **Dimension:** D{n}: {name}
-  - **Stress Axis:** {axis name} (if applicable)
-  - **Source Persona:** {persona name}
-- **Result:** ✅ PASS | ❌ FAIL | ⚠️ PAINFUL | ☐ MISSING
-- **Notes:** {observations, screenshots, bug IDs}

package/skills/rri-t-testing/skill.json DELETED Viewed

@@ -1,9 +0,0 @@
-{
-  "name": "rri-t-testing",
-  "version": "1.0.0",
-  "description": "RRI-T QA methodology — 5-phase testing (PREPARE, DISCOVER, STRUCTURE, EXECUTE, ANALYZE) with 7 dimensions, 5 personas, and release gates",
-  "compatibility": "OpenCode",
-  "agent": null,
-  "commands": [],
-  "tags": ["testing", "qa", "rri-t", "release-gates", "test-cases"]
-}