@nano-step/skill-manager 5.6.0 → 5.6.2

package/skills/rri-t-testing/assets/rri-t-quality-scorecard.md

@@ -0,0 +1,122 @@
+# RRI-T Quality Scorecard
+
+**Feature:** {feature-name}
+**Date:** {YYYY-MM-DD}
+**Assessor:** {agent/person}
+
+## Score Calculation
+
+### Starting Score: 100
+
+---
+
+## Violations
+
+### Critical Violations (-10 each)
+
+| ID | Violation | Description | Present | Penalty |
+|----|-----------|-------------|---------|---------|
+| CRIT-1 | Hard waits | Using sleep/wait instead of proper assertions | Y / N | -10 |
+| CRIT-2 | Missing assertions | Test has no verification of expected outcome | Y / N | -10 |
+| CRIT-3 | CSS selectors | Using fragile CSS selectors instead of semantic locators | Y / N | -10 |
+| CRIT-4 | Conditional flow | Using if/else in test logic (non-deterministic) | Y / N | -10 |
+
+**Critical Subtotal:** -{count} x 10 = -{total}
+
+### High Violations (-5 each)
+
+| ID | Violation | Description | Present | Penalty |
+|----|-----------|-------------|---------|---------|
+| HIGH-1 | No isolation | Tests share state or depend on execution order | Y / N | -5 |
+| HIGH-2 | Duplicate setup | Same setup code repeated across tests | Y / N | -5 |
+| HIGH-3 | Flaky test | Test fails intermittently without code changes | Y / N | -5 |
+| HIGH-4 | Missing error coverage | No tests for error/edge cases | Y / N | -5 |
+
+**High Subtotal:** -{count} x 5 = -{total}
+
+### Medium Violations (-2 each)
+
+| ID | Violation | Description | Present | Penalty |
+|----|-----------|-------------|---------|---------|
+| MED-1 | Vague names | Test names do not describe what is being tested | Y / N | -2 |
+| MED-2 | File > 300 lines | Test file exceeds 300 lines | Y / N | -2 |
+| MED-3 | Test > 90s | Individual test takes longer than 90 seconds | Y / N | -2 |
+| MED-4 | No test ID | Test cases lack unique identifiers | Y / N | -2 |
+
+**Medium Subtotal:** -{count} x 2 = -{total}
+
+### Low Violations (-1 each)
+
+| ID | Violation | Description | Present | Penalty |
+|----|-----------|-------------|---------|---------|
+| LOW-1 | Style inconsistency | Inconsistent naming, formatting, or structure | Y / N | -1 |
+| LOW-2 | Missing comment | Complex logic without explanatory comment | Y / N | -1 |
+
+**Low Subtotal:** -{count} x 1 = -{total}
+
+---
+
+## Violation Tracking
+
+| ID | Description | Severity | Penalty | File/Line |
+|----|-------------|----------|---------|-----------|
+| V-001 | | CRIT / HIGH / MED / LOW | | |
+| V-002 | | | | |
+| V-003 | | | | |
+| V-004 | | | | |
+| V-005 | | | | |
+
+**Total Penalties:** -{total}
+
+---
+
+## Bonuses (+5 each, max +30)
+
+| ID | Criteria | Description | Present | Points |
+|----|----------|-------------|---------|--------|
+| BON-1 | Semantic locators | Uses data-testid, aria-label, role selectors | Y / N | +5 |
+| BON-2 | Data factories | Uses factories/fixtures for test data | Y / N | +5 |
+| BON-3 | Network-first | Mocks/intercepts network for determinism | Y / N | +5 |
+| BON-4 | Isolation | Each test is fully independent | Y / N | +5 |
+| BON-5 | Test IDs | All test cases have unique TC-XXX identifiers | Y / N | +5 |
+| BON-6 | BDD style | Uses Given/When/Then or similar structure | Y / N | +5 |
+
+**Total Bonuses:** +{total} (capped at +30)
+
+---
+
+## Final Score Calculation
+
+| Component | Value |
+|-----------|-------|
+| Starting Score | 100 |
+| Critical Penalties | -{total} |
+| High Penalties | -{total} |
+| Medium Penalties | -{total} |
+| Low Penalties | -{total} |
+| Bonuses | +{total} |
+| **Final Score** | **{score}** |
+
+---
+
+## Grade
+
+| Grade | Score Range | Description |
+|-------|-------------|-------------|
+| A+ | 90-100+ | Excellent - production ready |
+| A | 80-89 | Good - minor improvements suggested |
+| B | 70-79 | Acceptable - improvements needed |
+| C | 60-69 | Below standard - significant issues |
+| F | < 60 | Failing - major rework required |
+
+**Final Grade:** {grade}
+
+---
+
+## Recommendations
+
+| Priority | Recommendation |
+|----------|----------------|
+| 1 | |
+| 2 | |
+| 3 | |

package/skills/rri-t-testing/assets/rri-t-risk-matrix.md

@@ -0,0 +1,87 @@
+# RRI-T Risk Matrix
+
+**Feature:** {feature-name}
+**Owner:** {owner}
+**Date:** {YYYY-MM-DD}
+**Build:** {build-id}
+
+## Risk Register
+
+| ID | Risk Description | Category | Probability | Impact | Score | Mitigation | Status |
+|----|------------------|----------|-------------|--------|-------|------------|--------|
+| R-001 | API rate limiting not tested under load | PERF | 2 | 3 | 6 | Add load test for 100 concurrent users | OPEN |
+| R-002 | User session not invalidated on role change | SEC | 2 | 3 | 6 | Test role revocation mid-session | OPEN |
+| R-003 | Offline sync may duplicate items on reconnect | DATA | 3 | 2 | 6 | Test offline queue with 50+ pending changes | OPEN |
+| R-004 | | | | | | | |
+| R-005 | | | | | | | |
+| R-006 | | | | | | | |
+| R-007 | | | | | | | |
+| R-008 | | | | | | | |
+| R-009 | | | | | | | |
+| R-010 | | | | | | | |
+
+## Scoring Guide
+
+### Probability
+
+| Score | Definition |
+|-------|------------|
+| 1 | Unlikely - well-tested area, minor change |
+| 2 | Possible - moderate complexity, some unknowns |
+| 3 | Likely - new area, high complexity, many dependencies |
+
+### Impact
+
+| Score | Definition |
+|-------|------------|
+| 1 | Low - cosmetic, workaround exists |
+| 2 | Medium - feature degraded, user friction |
+| 3 | High - data loss, security breach, revenue impact |
+
+### Risk Score = Probability x Impact
+
+| Score | Level | Action |
+|-------|-------|--------|
+| 1-2 | LOW | Monitor, test if time permits |
+| 3-5 | MEDIUM | Test with standard coverage |
+| 6-8 | HIGH | Requires mitigation before release |
+| 9 | CRITICAL | Blocks release if unmitigated |
+
+## Category Definitions
+
+| Code | Category | Description |
+|------|----------|-------------|
+| TECH | Technical | Architecture fragility, integration issues, technical debt |
+| SEC | Security | Authentication, authorization, data exposure, vulnerabilities |
+| PERF | Performance | Response time, throughput, scalability, resource usage |
+| DATA | Data | Integrity, corruption, loss, migration, consistency |
+| BUS | Business | Logic errors, calculation mistakes, workflow issues |
+| OPS | Operational | Deployment, monitoring, recovery, configuration |
+
+## Threshold Rules
+
+- Score >= 6: Requires documented mitigation plan
+- Score = 9: Blocks release until mitigated and verified
+- SEC category: Always requires security dimension testing
+- DATA category: Always requires data integrity dimension testing
+
+## Risk Summary
+
+| Metric | Value |
+|--------|-------|
+| Total Risks | {count} |
+| High (>= 6) | {count} |
+| Critical (= 9) | {count} |
+| Mitigated | {count} |
+| Open | {count} |
+
+## Risk by Category
+
+| Category | Count | Highest Score |
+|----------|-------|---------------|
+| TECH | | |
+| SEC | | |
+| PERF | | |
+| DATA | | |
+| BUS | | |
+| OPS | | |

package/skills/rri-t-testing/assets/rri-t-stress-matrix.md

@@ -0,0 +1,100 @@
+# RRI-T Stress Matrix Template
+
+## Feature
+- Name: <feature-name>
+- Owner: <owner>
+- Date: <yyyy-mm-dd>
+- Build/Release: <build-id>
+- Environment: <dev/staging/prod>
+
+## Summary
+This template covers RRI-T 8-axis stress testing for a household management app
+(inventory, meal planning, shopping lists, finances).
+
+## Stress Axes Summary
+| Axis | Name | Focus | Notes |
+| --- | --- | --- | --- |
+| 1 | TIME | Deadlines, bulk ops, timeouts | Burst actions, long-running jobs |
+| 2 | DATA | 1000+ rows, search/filter speed | Large inventory, long history |
+| 3 | ERROR | Undo/redo, auto-save recovery, messages | Resilience, recoverability |
+| 4 | COLLAB | Concurrent editing, conflicts, multi-user | Household members overlap |
+| 5 | EMERGENCY | Interruptions, crash recovery | Browser/device failures |
+| 6 | SECURITY | Access revocation, audit logs, session expiry | Role changes, expiring auth |
+| 7 | INFRA | Server crash, RTO<15m, RPO<5m, offline | Service resilience |
+| 8 | LOCALE | Vietnamese diacritics, VND, GMT+7, overflow | Local UX correctness |
+
+## Axis Combination Matrix (Test Where X)
+| Axis | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
+| --- | --- | --- | --- | --- | --- | --- | --- | --- |
+| 1 TIME | - | X | X | X | X | X | X | X |
+| 2 DATA | X | - | X | X |  | X | X | X |
+| 3 ERROR | X | X | - | X | X |  | X | X |
+| 4 COLLAB | X | X | X | - |  | X |  | X |
+| 5 EMERGENCY | X |  | X |  | - | X | X |  |
+| 6 SECURITY | X | X |  | X | X | - | X | X |
+| 7 INFRA | X | X | X |  | X | X | - | X |
+| 8 LOCALE | X | X | X | X |  | X | X | - |
+
+## Stress Scenarios
+
+### Axis 1: TIME
+| # | Scenario | Steps | Expected | Priority |
+| --- | --- | --- | --- | --- |
+| S-TIME-001 | Bulk add 500 pantry items before dinner | Start timer 2 min, import CSV of pantry items | Import completes, progress visible, no timeout | P1 |
+| S-TIME-002 | Rapid meal plan edits during 10-min window | Update 10 meals in 60s, save each | Saves succeed, no stale data, UI responsive | P1 |
+| S-TIME-003 | Shopping list sync under poor network | Add 30 items quickly, toggle offline/online | Sync resolves within 60s, no duplicates | P2 |
+| S-TIME-004 | Finance entry auto-save timeout | Create expense, wait 45s idle, resume edit | Auto-save persists, no data loss | P2 |
+
+### Axis 2: DATA
+| # | Scenario | Steps | Expected | Priority |
+| S-DATA-001 | Inventory list 1000+ items | Load inventory with 1200 items | Scroll, search, filter remain under 2s | P1 |
+| S-DATA-002 | Shopping history filter speed | Filter 800 past purchases by category | Results appear under 2s, no UI freeze | P2 |
+| S-DATA-003 | Meal plan calendar 6 months | Open 6-month plan view with 180 entries | Render within 3s, no layout shift | P2 |
+| S-DATA-004 | Finance ledger export 2000 rows | Export 2k ledger rows to CSV | Export completes, file accurate | P2 |
+
+### Axis 3: ERROR
+| # | Scenario | Steps | Expected | Priority |
+| S-ERROR-001 | Undo/redo inventory quantity changes | Change item qty 5 times, undo 5, redo 5 | Exact state restored each step | P1 |
+| S-ERROR-002 | Auto-save recovery after crash | Edit meal notes, force close tab, reopen | Draft restored with last autosave | P1 |
+| S-ERROR-003 | Validation error messages | Add expense with negative value | Clear inline error, no save | P2 |
+| S-ERROR-004 | Failed bulk import rollback | Import malformed CSV for pantry | No partial data, error list shown | P1 |
+
+### Axis 4: COLLAB
+| # | Scenario | Steps | Expected | Priority |
+| S-COLLAB-001 | Two users edit shopping list | User A adds 5 items, User B deletes 2 | Conflict warning, final list consistent | P1 |
+| S-COLLAB-002 | Concurrent budget updates | Two users change monthly budget | Latest change prompts merge dialog | P2 |
+| S-COLLAB-003 | Shared meal plan edit | User A updates recipe, User B updates servings | Both changes applied without loss | P2 |
+| S-COLLAB-004 | New member joins household | Invite new user during active edits | New user sees updated list | P3 |
+
+### Axis 5: EMERGENCY
+| # | Scenario | Steps | Expected | Priority |
+| S-EMERGENCY-001 | Browser crash while editing | Edit grocery item notes, kill browser | Reopen, draft restored | P1 |
+| S-EMERGENCY-002 | Power loss during bulk update | Start bulk pantry update, go offline | Partial changes queued or rolled back | P1 |
+| S-EMERGENCY-003 | Device sleep mid-sync | Start sync, close laptop lid | Resume sync without duplication | P2 |
+| S-EMERGENCY-004 | App reload mid-transaction | Save expense, hit refresh instantly | No double charge, one entry saved | P2 |
+
+### Axis 6: SECURITY
+| # | Scenario | Steps | Expected | Priority |
+| S-SECURITY-001 | Access revoked during edit | Admin removes user role mid-edit | User warned, changes blocked, data safe | P1 |
+| S-SECURITY-002 | Session expiry while shopping | Session expires, user adds item | Redirect to login, item queued | P1 |
+| S-SECURITY-003 | Audit log for finance edits | Edit expense amount | Audit entry with user, time, change | P2 |
+| S-SECURITY-004 | Private list access attempt | Non-member tries to open list | Access denied, no data leak | P1 |
+
+### Axis 7: INFRA
+| # | Scenario | Steps | Expected | Priority |
+| S-INFRA-001 | Server crash during sync | Trigger sync, kill server | Retry logic, no data loss | P1 |
+| S-INFRA-002 | RTO < 15m recovery | Simulate outage, restore service | Service back within 15m, status updated | P1 |
+| S-INFRA-003 | RPO < 5m data recovery | Create 3 entries, failover | Max 5m data loss, latest persists | P1 |
+| S-INFRA-004 | Offline mode for shopping list | Go offline, add 10 items | Local cache used, sync on reconnect | P2 |
+
+### Axis 8: LOCALE
+| # | Scenario | Steps | Expected | Priority |
+| S-LOCALE-001 | Diacritic-insensitive search | Search "nguyen" in household members | Finds "Nguyen" matches | P1 |
+| S-LOCALE-002 | VND currency formatting | View finance summary | Shows "1.000.000d" not "1,000,000" | P1 |
+| S-LOCALE-003 | Vietnamese text overflow | Open long Vietnamese recipe names | No overflow, wraps cleanly | P2 |
+| S-LOCALE-004 | Date format DD/MM/YYYY | View meal plan date header | Displays DD/MM/YYYY | P1 |
+
+## Notes
+- Attach logs, screenshots, and timings for any P1 or P2 failures.
+- Capture device, OS, browser, and network conditions.
+- Link to any incident or bug IDs created from results.

package/skills/rri-t-testing/assets/rri-t-test-case.md

@@ -0,0 +1,181 @@
+# RRI-T Test Cases — {Feature Name}
+
+**Feature:** {feature-name}
+**Generated from:** Persona Interview ({date})
+**Total Test Cases:** {count}
+
+## Priority Distribution
+| Priority | Count | Description |
+|----------|-------|-------------|
+| P0 | 0 | Critical — blocks release |
+| P1 | 0 | Major — fix before release |
+| P2 | 0 | Minor — next sprint |
+| P3 | 0 | Trivial — backlog |
+
+## Dimension Distribution
+| Dimension | Count | Target Coverage |
+|-----------|-------|----------------|
+| D1: UI/UX | 0 | >= 85% |
+| D2: API | 0 | >= 85% |
+| D3: Performance | 0 | >= 70% |
+| D4: Security | 0 | >= 85% |
+| D5: Data Integrity | 0 | >= 85% |
+| D6: Infrastructure | 0 | >= 70% |
+| D7: Edge Cases | 0 | >= 85% |
+
+---
+
+## Test Cases
+
+### TC-RRI-{FEATURE}-001
+- **Q (Question):** As an end user, what happens when I add an inventory item while on a weak 3G connection?
+- **A (Answer):** The item should be saved locally immediately, show a "syncing" indicator, and sync to the server when connection improves. No data loss should occur.
+- **R (Requirement):** REQ-OFFLINE-001: App must support offline-first operations with automatic sync
+- **P (Priority):** P0
+- **T (Test Case):**
+  - **Preconditions:** 
+    - User logged in to household
+    - Device has weak 3G connection (simulated: 500ms latency, 50% packet loss)
+    - At least 1 existing inventory item for comparison
+  - **Steps:**
+    1. Navigate to Inventory screen
+    2. Tap "Add Item" button
+    3. Fill in: Name "Gao ST25", Quantity "5", Unit "kg", Expiration "2026-03-15"
+    4. Tap "Save"
+    5. Observe UI feedback
+    6. Wait 30 seconds
+    7. Check item appears in inventory list
+    8. Restore normal network connection
+    9. Wait for sync indicator to complete
+    10. Verify item exists on server (check from another device)
+  - **Expected Result:** 
+    - Item appears in list immediately with "syncing" badge
+    - No error message shown
+    - After network restores, item syncs successfully
+    - Item visible from other devices within 5 seconds of sync
+  - **Dimension:** D3: Performance
+  - **Stress Axis:** TIME, INFRA
+  - **Source Persona:** End User
+- **Risk Category:** PERF
+- **Risk Score:** 6
+- **Traceability:** REQ-OFFLINE-001
+- **Result:** PASS
+- **Notes:** Tested on iPhone 12 with Network Link Conditioner. Sync completed in 3.2s after network restored.
+
+---
+
+### TC-RRI-{FEATURE}-002
+- **Q (Question):** As a business analyst, what happens when a household member with "viewer" role tries to delete an inventory item?
+- **A (Answer):** The delete button should be hidden or disabled for viewers. If they somehow trigger a delete (via API manipulation), the server should reject it with a 403 Forbidden error.
+- **R (Requirement):** REQ-RBAC-003: Viewers can only read data, not modify or delete
+- **P (Priority):** P1
+- **T (Test Case):**
+  - **Preconditions:**
+    - User "viewer@example.com" has "viewer" role in household "Test Family"
+    - Household has inventory item "Sua tuoi" (ID: inv_123)
+    - User logged in on mobile app
+  - **Steps:**
+    1. Login as viewer@example.com
+    2. Navigate to Inventory screen
+    3. Tap on "Sua tuoi" item to view details
+    4. Look for delete button/option
+    5. (If delete button exists) Attempt to tap it
+    6. (Alternative) Use GraphQL client to send deleteInventoryItem mutation directly
+  - **Expected Result:**
+    - Delete button should not be visible in UI
+    - If mutation sent directly, server returns error: `{"errors": [{"message": "Forbidden: insufficient permissions", "extensions": {"code": "FORBIDDEN"}}]}`
+    - Item remains in database unchanged
+  - **Dimension:** D4: Security
+  - **Stress Axis:** SECURITY
+  - **Source Persona:** Business Analyst
+- **Risk Category:** SEC
+- **Risk Score:** 6
+- **Traceability:** REQ-RBAC-003
+- **Result:** PAINFUL
+- **Notes:** Delete button is correctly hidden, but when mutation sent via GraphQL Playground, error message is generic "Unauthorized" instead of specific "Forbidden: insufficient permissions". UX improvement: add clearer error messages for debugging. Item was NOT deleted (security works), but error clarity needs improvement.
+
+---
+
+### TC-RRI-{FEATURE}-003
+- **Q (Question):** As a QA destroyer, what happens when I paste 50,000 characters into the "item name" field?
+- **A (Answer):** The field should enforce a maximum length (e.g., 200 characters), truncate or reject input gracefully, and show a validation error. The app should not crash or freeze.
+- **R (Requirement):** REQ-VALIDATION-005: All text inputs must have reasonable length limits
+- **P (Priority):** P1
+- **T (Test Case):**
+  - **Preconditions:**
+    - User logged in
+    - On "Add Inventory Item" screen
+    - Clipboard contains 50,000-character string
+  - **Steps:**
+    1. Tap into "Item Name" field
+    2. Paste 50,000-character string
+    3. Observe UI behavior
+    4. Attempt to save the form
+  - **Expected Result:**
+    - Field truncates input to max length (200 chars) OR shows validation error
+    - UI remains responsive (no freeze)
+    - Save button disabled or shows error: "Item name too long (max 200 characters)"
+    - No crash or GraphQL error
+  - **Dimension:** D7: Edge Cases
+  - **Stress Axis:** DATA, ERROR
+  - **Source Persona:** QA Destroyer
+- **Risk Category:** DATA
+- **Risk Score:** 4
+- **Traceability:** REQ-VALIDATION-005
+- **Result:** MISSING
+- **Notes:** Feature not yet implemented. Current behavior: field accepts all 50,000 characters, UI freezes for 2-3 seconds, GraphQL mutation fails with "Payload too large" error. Need to add client-side validation and maxLength attribute.
+
+---
+
+### TC-RRI-{FEATURE}-004
+- **Q (Question):** {From persona's perspective — what are they trying to do/verify?}
+- **A (Answer):** {Expected behavior — what SHOULD happen}
+- **R (Requirement):** {Requirement ID or description}
+- **P (Priority):** P0 | P1 | P2 | P3
+- **T (Test Case):**
+  - **Preconditions:** {required state}
+  - **Steps:**
+    1. {step 1}
+    2. {step 2}
+  - **Expected Result:** {specific, measurable outcome}
+  - **Dimension:** D{n}: {name}
+  - **Stress Axis:** {axis name} (if applicable)
+  - **Source Persona:** {persona name}
+- **Risk Category:** TECH | SEC | PERF | DATA | BUS | OPS
+- **Risk Score:** {1-9}
+- **Traceability:** {REQ-XXX}
+- **Result:** PASS | FAIL | PAINFUL | MISSING
+- **Notes:** {observations, screenshots, bug IDs}
+
+---
+
+### TC-RRI-{FEATURE}-005
+- **Q (Question):** {From persona's perspective — what are they trying to do/verify?}
+- **A (Answer):** {Expected behavior — what SHOULD happen}
+- **R (Requirement):** {Requirement ID or description}
+- **P (Priority):** P0 | P1 | P2 | P3
+- **T (Test Case):**
+  - **Preconditions:** {required state}
+  - **Steps:**
+    1. {step 1}
+    2. {step 2}
+  - **Expected Result:** {specific, measurable outcome}
+  - **Dimension:** D{n}: {name}
+  - **Stress Axis:** {axis name} (if applicable)
+  - **Source Persona:** {persona name}
+- **Risk Category:** TECH | SEC | PERF | DATA | BUS | OPS
+- **Risk Score:** {1-9}
+- **Traceability:** {REQ-XXX}
+- **Result:** PASS | FAIL | PAINFUL | MISSING
+- **Notes:** {observations, screenshots, bug IDs}
+
+---
+
+## Result Legend
+
+| Result | Symbol | Description |
+|--------|--------|-------------|
+| PASS | PASS | Test passed, feature works as expected |
+| FAIL | FAIL | Test failed, feature does not work |
+| PAINFUL | PAINFUL | Feature works but UX is poor |
+| MISSING | MISSING | Feature not implemented yet |

package/skills/rri-t-testing/assets/rri-t-testability-gate.md

@@ -0,0 +1,131 @@
+# RRI-T Testability Gate
+
+**Feature:** {feature-name}
+**Date:** {YYYY-MM-DD}
+**Assessor:** {agent/person}
+**Build:** {build-id}
+**Environment:** {dev/staging/prod}
+
+## Prerequisites Validation
+
+| # | Prerequisite | Status | Notes |
+|---|--------------|--------|-------|
+| PRE-1 | Environment accessible | PASS / FAIL | |
+| PRE-2 | Test data available | PASS / FAIL | |
+| PRE-3 | Feature deployed | PASS / FAIL | |
+| PRE-4 | Acceptance criteria exist | PASS / FAIL | |
+| PRE-5 | No blockers from dev | PASS / FAIL | |
+
+**Prerequisites Result:** {count}/5 PASS
+
+---
+
+## Testability Assessment
+
+| # | Testability Criteria | Status | Notes |
+|---|---------------------|--------|-------|
+| TEST-1 | Semantic locators present (data-testid, aria-label) | PASS / PARTIAL / FAIL | |
+| TEST-2 | API endpoints documented | PASS / PARTIAL / FAIL | |
+| TEST-3 | Auth flows accessible | PASS / PARTIAL / FAIL | |
+| TEST-4 | Error states reproducible | PASS / PARTIAL / FAIL | |
+| TEST-5 | Performance baselines available | PASS / PARTIAL / FAIL | |
+
+**Testability Result:** {count}/5 PASS
+
+---
+
+## Risk Assessment
+
+### Probability (1-3)
+
+| Score | Definition |
+|-------|------------|
+| 1 | Unlikely - well-tested area, minor change |
+| 2 | Possible - moderate complexity, some unknowns |
+| 3 | Likely - new area, high complexity, many dependencies |
+
+**Probability Score:** {1-3}
+**Rationale:** {why this score}
+
+### Impact (1-3)
+
+| Score | Definition |
+|-------|------------|
+| 1 | Low - cosmetic, workaround exists |
+| 2 | Medium - feature degraded, user friction |
+| 3 | High - data loss, security breach, revenue impact |
+
+**Impact Score:** {1-3}
+**Rationale:** {why this score}
+
+### Risk Score Calculation
+
+**Risk Score = Probability x Impact = {P} x {I} = {score}**
+
+| Score Range | Risk Level | Tier |
+|-------------|------------|------|
+| 1-2 | LOW | Minimal |
+| 3-5 | MEDIUM | Standard |
+| 6-8 | HIGH | Full |
+| 9 | CRITICAL | Full + blocks release if untested |
+
+---
+
+## Category Classification
+
+| Category | Code | Applies |
+|----------|------|---------|
+| Technical (architecture/integration) | TECH | Y / N |
+| Security (vulnerabilities) | SEC | Y / N |
+| Performance (scalability) | PERF | Y / N |
+| Data (integrity/corruption) | DATA | Y / N |
+| Business (logic errors) | BUS | Y / N |
+| Operational (deployment) | OPS | Y / N |
+
+**Primary Category:** {CODE}
+**Secondary Categories:** {CODE, CODE}
+
+---
+
+## Tier Selection
+
+Based on Risk Score: {score}
+
+| Selected | Tier | Personas | Dimensions | Stress Axes |
+|----------|------|----------|------------|-------------|
+| [ ] | Full | 5 | 7 | 8 |
+| [ ] | Standard | 3 | 4 | 4 |
+| [ ] | Minimal | 1 | 2 | 2 |
+
+**Selected Tier:** {tier}
+
+---
+
+## Decision
+
+| Decision | Criteria |
+|----------|----------|
+| PROCEED | All prerequisites PASS, testability >= 3/5 PASS |
+| CONCERNS | 1-2 prerequisites FAIL or testability 2/5 PASS |
+| BLOCK | >= 3 prerequisites FAIL or testability < 2/5 PASS |
+
+**Decision:** PROCEED / CONCERNS / BLOCK
+
+### Action Items (if CONCERNS or BLOCK)
+
+| # | Action | Owner | Due |
+|---|--------|-------|-----|
+| 1 | | | |
+| 2 | | | |
+| 3 | | | |
+
+---
+
+## Summary
+
+- **Feature:** {feature-name}
+- **Risk Score:** {score} ({level})
+- **Category:** {CODE}
+- **Tier:** {tier}
+- **Decision:** {decision}
+- **Next Phase:** {PREPARE / address blockers}