npm - @sun-asterisk/sungen - Versions diffs - 2.6.15 → 2.7.0-beta.1 - Mend

@sun-asterisk/sungen 2.6.15 → 2.7.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/dist/orchestrator/templates/ai-instructions/github-skill-sungen-viewpoint.md CHANGED Viewed

@@ -1,268 +1,97 @@
 ---
 name: sungen-viewpoint
-description: '10 UI patterns x 4 viewpoints — structured checklist for test case generation and review. Auto-loaded by create-test and review commands.'
+description: '17 UI patterns x 4 viewpoints — structured checklist for test case
+  generation and review. Auto-loaded by create-test and review commands.'
 user-invocable: false
 ---
-## 4 Viewpoints
-| VP | Focus | Keyword |
-|---|---|---|
-| **UI/UX** | Interface states, layout, feedback | VP-UI |
-| **Data & Validate** | Input constraints, data integrity, error messages | VP-VAL |
-| **Logic** | Business rules, interactions, state changes | VP-LOGIC |
-| **Security** | Auth, injection, permissions | VP-SEC |
-## Shared Checks (apply across all patterns)
-These appear in multiple patterns — test once per screen, not per pattern:
-| Check | ER |
-|---|---|
-| **Loading State** | Spinner/skeleton shown, UI interaction locked during fetch |
-| **Empty State** | Clear message when no data, layout intact |
-| **XSS/Injection** | Malicious input sanitized to plain text, never executed |
-| **URL Manipulation** | Invalid URL params fallback to defaults, no server crash |
----
-## GROUP 1: DATA ENTRY
-### 1. Form & Inputs
-**UI/UX**
-- Field States: disabled/readonly fields dimmed and locked, no interaction allowed
-- Button States: Submit disabled when form invalid, auto-enabled when valid
-- Keyboard Nav: Tab order correct, Enter submits form
-**Data & Validate**
-- Required/Optional: blank required field shows error; optional allows blank
-- Boundaries & Format: min/max length, format (email, number) with error messages
-- Whitespace: auto-trim or reject spaces-only input
-- Error Recovery: error at correct field, disappears immediately when user corrects data
-**Logic**
-- Field Dependencies: Field A value determines Field B status/options
-- Double Submit Prevention: button disabled after first click, only 1 request sent
-- Success Flow: redirect / success toast / form reset
-- Failure Flow: server error retains form data + shows system error
-**Security**
-- → Shared: XSS/Injection
----
-## GROUP 2: DATA MANAGEMENT
+## How to use this skill
-### 2. Data Table
+This skill is a **router**. The detailed checklists live in 5 group files — load only the ones relevant to the screen under test.
-**UI/UX**
-- → Shared: Empty State, Loading State
-- Truncation: long content shows `...` with tooltip on hover, column width stable
-- Sticky Elements: fixed header on vertical scroll, fixed action column on horizontal scroll
+1. Read the **4 Viewpoints** and **Shared Checks** below (always).
+2. Identify which UI patterns the screen contains, resolve any overlap via **Pattern selection** below, then read **only** the matching group file(s) from the routing table.
+3. Generate Tier 1 (`@high`) scenarios first, then Tier 2 (`@normal` + `@low`). Apply each Shared Check **once per screen**, not once per pattern.
-**Data & Validate**
-- Record Count: "Total records" on UI matches server data exactly
-- Row Limit: displayed rows never exceed configured page size
-- Cell Integrity: cell data matches database, correct format (date, currency, status label)
-**Logic**
-- Sorting: column sort refreshes table with correct order, updates header icon
-- Row Actions: Edit/Delete/View buttons act on correct row ID
-**Security**
-- RBAC: hide sensitive columns or privileged action buttons without authority
-- → Shared: XSS/Injection (data from DB displayed safely)
----
-### 3. Create / Add
-**UI/UX**
-- Blank Slate: all fields empty or BA-specified defaults, NO cache from previous operation
-- Required Indicator: required fields marked with visual cue (e.g., red *)
-- Unsaved Changes: navigate away with dirty form → browser/system warning popup
-**Data & Validate**
-- → Inherited: all Form & Inputs validation rules apply
-- Unique Constraint: duplicate unique field (e.g., Employee ID) → reject save, inline error
-- Data Dependency: selecting parent field loads correct child options
-**Logic**
-- Save & Close: toast notification, redirect to list, new record visible per sort rule
-- Save & Add Another: save to DB, form resets to blank for next entry
-- Double Submit Prevention: → same as Form & Inputs
-- Cancel: form closes, NO garbage record in DB, next open shows blank form
-**Security**
-- API Bypass / 403: unauthorized POST → system blocks (403 Forbidden), no record created
-- → Shared: XSS/Injection (persisted safely, not executed on display)
----
-### 4. Update / Edit
-**UI/UX**
-- Pre-fill / Data Binding: all fields display exact current DB data (text, dropdown, radio, date...)
-- Readonly Fields: identity fields (ID, username, employee code) disabled, no interaction
-- Cancel: no data changed in DB; if dirty → unsaved changes warning
-**Data & Validate**
-- → Inherited: all Form & Inputs validation rules apply
-- Unique Self: saving without changing unique field → success, no self-duplicate error
-- Unique Conflict: changing unique field to existing value → duplicate error, block save
-- Unchanged Submit: Save disabled until dirty, or success without DB UPDATE
-**Logic**
-- Update Success: toast "Updated successfully", new data reflects on UI immediately without reload
-- Concurrent Edit: another user already edited → conflict warning, require reload
-**Security**
-- Authorization / 403: access edit without permission → 403 page
-- Not Found / 404: edit deleted object → 404
----
+> All checklist items are written in English. Render scenario names, step text, and test IDs in English.
-### 5. Delete
+## Routing table
-**UI/UX**
-- Confirmation: click Delete → MUST show confirmation dialog, delete button in warning color
-- Cancel: popup closes, record intact on UI and DB, no API called
-- Success Update: toast "Deleted successfully", record disappears immediately without reload
-- Pagination Fallback: delete only record on current page → auto-navigate to previous page
-**Data & Validate — Dependencies**
-- Independent: delete succeeds normally
-- Referenced (Restrict): delete parent with children → blocked, clear error "in use at [Module]"
-- Referenced (Cascade): warning first, then deletes parent AND all related children
-- Referenced (Set Null): parent deleted, child reference set to Unassigned/Empty
-**Logic — Storage**
-- Soft Delete: record hidden from UI, DB retains with status flag (is_deleted, deleted_at)
-- Hard Delete: record removed from UI AND permanently deleted from DB
-**Security**
-- Deleted Access / 404: soft or hard delete → direct URL/API returns 404
-- API Bypass: API delete on restricted object → backend rejects with business error, no 500
----
-### 6. Search
-**UI/UX**
-- → Shared: Empty State ("No results found"), Loading State
-- Clear Action: search box empties, list reloads default data
-**Data & Validate**
-- Whitespace: auto-trim, results match cleaned keyword
-- Input Limits: prevent beyond max length or show error
-- Normalization: case-insensitive, handles accented characters correctly
-**Logic**
-- Matching: partial/exact match returns correct results, no 500
-- Multi-keyword: results based on AND/OR logic per spec
-- Debounce: ~300ms delay before API call
-**Security**
-- → Shared: XSS/Injection
-- Wildcards: `%`, `_`, `*` treated as literal text (escaped), not DB commands
----
-### 7. Filter
-**UI/UX**
-- Feedback: selected filters displayed as tags/badges
-- Persistence: collapse/expand retains selected values
-- Conflicts: conflicting conditions show "No data" message, layout intact
-**Data & Validate**
-- Range Validation: start > end or min > max → field error, Apply disabled
-- Dropdown Integrity: options match 100% of actual data, hide unauthorized values
-**Logic**
-- AND/OR Logic: results satisfy correct filter logic, total count updated
-- Dependent Filters: selecting Filter A updates Filter B options
-- Reset & Navigation: reset returns original data or preserves state per spec
-**Security**
-- → Shared: URL Manipulation
----
-### 8. Pagination
-**UI/UX**
-- Boundary States: Previous/First disabled on page 1, Next/Last disabled on last page
-- Active Page: highlighted, loading effect during page transition
-- Hidden: pagination bar hidden when data fits one page
-**Data & Validate**
-- Label Consistency: "Viewing X of Y" matches actual data exactly
-- Zero Records: pagination hidden, empty state displayed
-**Logic**
-- Navigation: loads correct dataset for page (page 2, limit 10 = records 11-20)
-- Change Page Size: shows correct quantity, resets to page 1
-- Interaction Resets: new search/filter resets to page 1
-**Security**
-- → Shared: URL Manipulation
----
-## GROUP 3: NAVIGATION & CONTAINERS
-### 9. Modal / Dialog
-**UI/UX**
-- Overlay: centered modal, backdrop blur, background scroll locked
-- Focus Trapping: Tab key cycles only within modal elements
-- Responsive: modal resizes, action buttons always visible or scrollable
+| UI element on the screen | Pattern | Read file |
+|---|---|---|
+| Plain input form (settings, profile, contact) | 1. Form & Inputs **(base)** | `group-a-data-entry.md` |
+| File picker / drop zone | 2. File Upload | `group-a-data-entry.md` |
+| Bulk import / export | 3. Import / Export | `group-a-data-entry.md` |
+| "Add" / "Create" / "New" | 4. Create / Add | `group-b-data-ops.md` |
+| "Edit" / pencil icon / inline edit | 5. Update / Edit | `group-b-data-ops.md` |
+| "Delete" / trash icon | 6. Delete | `group-b-data-ops.md` |
+| Rows + columns grid | 7. Data Table | `group-c-data-explore.md` |
+| Search box / search bar | 8. Search | `group-c-data-explore.md` |
+| Filter controls (dropdown, date range, checkboxes) | 9. Filter | `group-c-data-explore.md` |
+| Card / list grid, infinite scroll, "Load More" | 10. List / Card View | `group-c-data-explore.md` |
+| Charts / KPI cards / dashboard | 11. Chart / Analytics | `group-d-display.md` |
+| Overlay panel on top of the page | 12. Modal / Dialog | `group-d-display.md` |
+| Side menu / tabs / breadcrumb / top nav | 13. Navigation | `group-d-display.md` |
+| Toast / snackbar / alert / banner | 14. Notification / Toast / Alert | `group-d-display.md` |
+| Login form / logout button | 15. Login / Logout | `group-e-identity.md` |
+| Sign-up form / SSO | 16. Register | `group-e-identity.md` |
+| Forgot / reset / change password | 17. Password Management | `group-e-identity.md` |
+## Pattern selection (precedence & inheritance)
+A screen often matches several patterns at once — a login screen is *both* a form and an authentication flow. Use these rules so the choice is deterministic and scenarios are never duplicated:
+1. **Most specific wins.** Pick the most specialized pattern as the screen's primary section. Auth and CRUD forms route to their specific pattern, NOT to Form & Inputs:
+   - Login/logout → **15**, sign-up → **16**, forgot/reset/change password → **17**
+   - Create form → **4**, edit form → **5**
+2. **Form & Inputs (1) is a BASE pattern, not a sibling.** Generate it as its own section only for a plain form with no more-specific role (settings, profile, contact). When a specialization applies, do NOT also create a separate "Form & Inputs" section.
+3. **Inheritance.** A specialized form pattern (4, 5, 15, 16, 17) **inherits** Form & Inputs field-level validation (required, format, maxlength, whitespace, real-time error clear) and adds its own rules. Apply the inherited checks inside the specialized section — generate each check once, never twice.
+4. **Genuinely parallel pairs** — these cover different concerns; choose per the table:
+   | If the screen has… | Decision |
+   |---|---|
+   | A grid of records | Pick **7. Data Table** *or* **10. List/Card** by layout (rows+columns → Table; cards/tiles/infinite-scroll → List/Card) — not both for the same surface |
+   | Both a keyword box and filter controls | Apply **8. Search** *and* **9. Filter** (Search = free-text match; Filter = structured narrowing) + one combined AND-logic scenario |
+   | A form rendered inside an overlay | Apply the form's pattern (1/4/5/15…) for fields/submit **and** **12. Modal/Dialog** for open/close/focus-trap/backdrop |
-**Data & Validate**
-- Dismiss Actions: close via X, Cancel, Escape, backdrop click → resets data to default on reopen
+## 4 Viewpoints
-**Logic**
-- Submit Success: action button shows loading, modal closes, background data updated
-- Submit Failure: modal stays open, shows error message, retains entered data
-- Stacked Modals: Modal B over A has higher z-index, closing B keeps A intact
+| VP | Focus | Tag |
+|---|---|---|
+| **UI/UX** | Interface state, layout, visual feedback | VP-UI |
+| **Data & Validate** | Input constraints, data integrity, error messages | VP-VAL |
+| **Logic** | Business rules, interactions, state changes | VP-LOGIC |
+| **Security** | Authentication, authorization, injection | VP-SEC |
-**Security**
-- DOM Cleanup: remove HTML from DOM on close to protect sensitive data
-- Reload: handles deep linking if present
+**Classification rules:**
+- VP-UI = state that is always true regardless of what the user does (element present, layout, label)
+- VP-VAL = outcome depends on the input *value* (valid / invalid / boundary)
+- VP-LOGIC = outcome depends on the user's *action* (click, submit, navigate)
+- VP-SEC = checks access control and malicious input
 ---
-## GROUP 4: DISPLAY PATTERNS
-### 10. List / Card
-**UI/UX**
-- → Shared: Empty State, Loading State
-- Hover Effect: shadow/scale on card hover
-- Content: text truncation without breaking card height, placeholder image on broken image
+## Shared Checks
-**Data & Validate**
-- Integrity: data fields (price, status, tag) 100% accurate vs system
-- Total Count: matches actual database count after filtering
+Generate **once per screen**, do not repeat for each pattern.
+Each pattern only points back with "Shared checks applied: [name]".
-**Logic**
-- Navigation: clicking card navigates to correct detail page
-- Direct Actions: Like/Add to Cart updates immediately without reloading list
-- Infinite Scroll / Load More: appends records, maintains scroll position
-- Layout Toggle: Grid/List view switch changes UI but preserves data
+| Check | Condition → Expected | VP | Priority |
+|---|---|---|---|
+| **Loading State** | Data fetch in progress → spinner/skeleton shown, user cannot interact | UI | @normal |
+| **Empty State** | Query returns 0 records → clear message shown, layout does not break | UI | @normal |
+| **XSS** | Script tag entered into a field → rendered as literal text, not executed | SEC | @high |
+| **SQL injection** | SQL payload entered into a field → DB unaffected, no data exposed | SEC | @high |
+| **URL Manipulation** | URL params wrong/missing/out-of-range → fallback to default, no 500 crash | SEC | @high |
-**Security**
-- RBAC: hide sensitive data or privileged buttons from DOM
-- Network Resilience: error message + "Retry" button on connection loss
+> **SQL injection — 2 layers for search/LIKE fields**: (1) field-level: UI blocks special chars → `@high` automated; (2) API-level: if the field reaches a LIKE query (search, partial-match), send `1 OR 1=1` straight to the API endpoint (bypassing the UI) → verify a parameterized query is used → `@high @manual`. Missing layer 2 = a real attack vector is overlooked even when field validation is correct.
 ---
 ## Security Tag Rules
 For VP-SEC scenarios testing **unauthorized access** (no login, wrong role, direct URL):
-- Use **`@no-auth`** tag — runs without authentication to verify redirect/block.
+- Use the **`@no-auth`** tag — runs without authentication to verify the redirect/block.
 - Do NOT use `@manual` for these — they are automatable.
 ```gherkin

package/dist/orchestrator/templates/qa-context.md ADDED Viewed

@@ -0,0 +1,90 @@
+# Project Context
+> Read by the AI before generating test cases for any screen in this project.
+> Fill in what applies — leave sections empty if not relevant.
+> **The more specific you are, the more accurate the generated test cases.**
+---
+## Project Overview
+**Application:**
+<!-- One sentence: what does this app do? -->
+<!-- Example: B2B award nomination platform for enterprise HR teams. -->
+**Target users:**
+<!-- Who uses this app and in what context? -->
+<!-- Example: HR managers submit nominations; employees view results. -->
+**Domain notes:**
+<!-- Key terminology, conventions, or constraints the AI should know. -->
+<!-- Example: "Nomination = an award record. Once submitted, status cannot revert to Draft." -->
+<!-- Example: "All monetary values are in JPY. No decimal places." -->
+---
+## Auth Roles
+> The AI maps these directly to `@auth:X` tags and generates permission-boundary test scenarios.
+> Leave the table empty (or delete it) if the app has no auth system.
+| Role | Can do | Cannot do |
+|------|--------|-----------|
+| | | |
+<!--
+Example:
+| Role    | Can do                                      | Cannot do                            |
+|---------|---------------------------------------------|--------------------------------------|
+| admin   | All CRUD, manage users, configure settings  | Nothing blocked                      |
+| manager | Create/edit records, view reports           | Delete records, manage users         |
+| staff   | View and submit own records only            | Edit others' records, view reports   |
+-->
+---
+## Testing Strategy
+**Focus areas** — what to cover thoroughly:
+<!-- List from: functional, security, ui, accessibility, performance -->
+<!-- Example: functional, security -->
+**Mandatory coverage:**
+<!-- Rules that override the AI's default tier decisions for every screen. -->
+<!-- Example: "Every screen with admin-only actions MUST have a non-admin blocked-access scenario." -->
+<!-- Example: "All free-text inputs MUST have XSS + SQL injection scenarios regardless of screen risk level." -->
+**Deprioritize / skip:**
+<!-- What to move to @low or skip entirely for this project. -->
+<!-- Example: "Skip VP-UI cosmetic checks (label/placeholder presence) — handled separately by design review." -->
+<!-- Example: "Skip accessibility scenarios — separate audit planned." -->
+---
+## Global Business Rules
+> Rules that apply across multiple screens.
+> The AI adds these to the Coverage Map for every screen as `[G]`-tagged Business rules.
+> Screen-specific rules belong in `requirements/spec.md`, not here.
+<!-- - Soft-delete only: records are never hard-deleted, only marked inactive -->
+<!-- - All timestamps stored in UTC, displayed in UTC+7 -->
+<!-- - Pagination default: 20 items per page; max 100 -->
+<!-- - File uploads: PNG/JPG/PDF only, max 5 MB -->
+<!-- - After any write operation, the list view must refresh automatically -->
+---
+## Error Message Patterns
+> If your app follows consistent validation error formats, list them here.
+> The AI uses these to fill `test-data.yaml` error keys when `spec.md` doesn't specify exact text.
+> Leave empty to let the AI infer from spec.md.
+- Required field: `<!-- "This field is required" -->`
+- Max length: `<!-- "Must be X characters or less" -->`
+- Min length: `<!-- "Must be at least X characters" -->`
+- Invalid format: `<!-- "Invalid format" -->`
+- Unique constraint: `<!-- "Already exists" -->`
+- Not found: `<!-- "Not found" -->`
+- Unauthorized: `<!-- "You do not have permission to perform this action" -->`

package/dist/orchestrator/templates/readme.md CHANGED Viewed

@@ -12,14 +12,16 @@ sungen generate → compiles Gherkin + selectors + data → Playwright .spec.ts
 ## Directory Structure
 ```
-├── qa/screens/<name>/
-│   ├── features/         # .feature files (Gherkin)
-│   ├── selectors/        # Element locator YAML mappings
-│   ├── test-data/        # Test data YAML values
-│   └── requirements/     # Screen specs, UI designs, notes
-│       ├── spec.md       # Structured screen specification
-│       ├── ui/           # Screenshots, mockups, design images
-│       └── test-viewpoint.md      # Edge cases, decisions (optional)
+├── qa/
+│   ├── context.md        # Project-wide context: roles, testing strategy, global rules (fill once)
+│   ├── screens/<name>/
+│   │   ├── features/         # .feature files (Gherkin)
+│   │   ├── selectors/        # Element locator YAML mappings
+│   │   ├── test-data/        # Test data YAML values
+│   │   └── requirements/     # Screen specs, UI designs, notes
+│   │       ├── spec.md       # Structured screen specification
+│   │       ├── ui/           # Screenshots, mockups, design images
+│   │       └── test-viewpoint.md      # Edge cases, decisions (optional)
 ├── specs/
 │   └── generated/        # Auto-generated Playwright tests
 ├── .claude/
@@ -66,11 +68,12 @@ Scaffolds `qa/screens/<name>/` with empty feature, selectors, test-data, and req
 | `/sungen:create-test login` | `/sungen-create-test login` |
 AI acts as a **Senior QA Engineer**:
-1. Reads `requirements/spec.md` for screen specs (fields, validation, business rules, states)
-2. Optionally explores the live page via Playwright MCP to verify and supplement
-3. Identifies screen sections → asks user which to focus on
-4. Generates **20+ scenarios per viewpoint** (UI/UX, Validation, Logic, Security) for each section
-5. Confirms test plan before generating `.feature` + `test-data.yaml`
+1. Reads `qa/context.md` for project-wide context (roles, testing strategy, global rules)
+2. Reads `requirements/spec.md` for screen specs (fields, validation, business rules, states)
+3. Optionally explores the live page via Playwright MCP to verify and supplement
+4. Identifies screen sections → asks user which to focus on
+5. Generates **20+ scenarios per viewpoint** (UI/UX, Validation, Logic, Security) for each section
+6. Confirms test plan before generating `.feature` + `test-data.yaml`
 ### Step 3: Compile & run tests

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sungen",
-  "version": "2.6.15",
+  "version": "2.7.0-beta.1",
   "description": "Deterministic E2E Test Compiler - Gherkin + Selectors → Playwright tests",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -65,6 +65,14 @@
   "peerDependencies": {
     "@playwright/test": "^1.57.0"
   },
+  "overrides": {
+    "brace-expansion": "^5.0.6",
+    "uuid": "^11.1.1"
+  },
+  "resolutions": {
+    "brace-expansion": "^5.0.6",
+    "uuid": "^11.1.1"
+  },
   "files": [
     "dist",
     "bin",

package/src/cli/index.ts CHANGED Viewed

@@ -15,13 +15,16 @@ import { registerFigmaCommand } from './commands/figma';
 import { registerAddFlowCommand } from './commands/add-flow';
 import { registerDashboardCommand } from './commands/dashboard';
+// Read version from package.json so `--version` never drifts from the released version.
+const { version } = require('../../package.json') as { version: string };
 async function main() {
   const program = new Command();
   program
     .name('sungen')
     .description('Deterministic E2E Test Compiler — Gherkin + Selectors → Playwright')
-    .version('2.6.15');
+    .version(version);
   // Global options
   program

package/src/exporters/feature-parser.ts CHANGED Viewed

@@ -178,13 +178,21 @@ export function mapVpToCategory2(vpId: string | undefined, scenarioName?: string
 }
 /**
- * Generate TC ID: keep VP ID exactly as written (e.g. VP-UI-001) when present,
- * or fall back to <SCREEN_UPPER>-<NNN> for scenarios without a VP ID.
+ * Generate TC ID, namespaced by screen/flow so it is globally unique across the
+ * whole project. This matters because the dashboard tracks each test case by its
+ * tcId — without a namespace, `VP-SEC-001` collides across screens (every screen
+ * starts its VP numbering at 001) and one screen's results overwrite another's.
+ *
+ *   - With VP ID:    VP-SEC-001 + screen "login" → "LOGIN-SEC-001" (strip leading "VP-")
+ *   - Without VP ID: "LOGIN-001" via the fallback index
+ *
+ * The scenario title in the .feature still keeps the bare `VP-SEC-001` (human-facing).
  */
 export function generateTcId(screen: string, vpId: string | undefined, fallbackIndex: number): string {
+  const screenUpper = screen.toUpperCase().replace(/[^A-Z0-9]/g, '-');
   if (vpId) {
-    return vpId;
+    const vpCore = vpId.replace(/^VP-/, '');
+    return `${screenUpper}-${vpCore}`;
   }
-  const screenUpper = screen.toUpperCase().replace(/[^A-Z0-9]/g, '-');
   return `${screenUpper}-${String(fallbackIndex).padStart(3, '0')}`;
 }

package/src/orchestrator/ai-rules-updater.ts CHANGED Viewed

@@ -43,6 +43,11 @@ export const AI_RULES_FILE_MAPPING: [string, string][] = [
   ['claude-skill-selector-fix.md', '.claude/skills/sungen-selector-fix/SKILL.md'],
   ['claude-skill-tc-review.md', '.claude/skills/sungen-tc-review/SKILL.md'],
   ['claude-skill-viewpoint.md', '.claude/skills/sungen-viewpoint/SKILL.md'],
+  ['claude-skill-viewpoint-group-a-data-entry.md', '.claude/skills/sungen-viewpoint/group-a-data-entry.md'],
+  ['claude-skill-viewpoint-group-b-data-ops.md', '.claude/skills/sungen-viewpoint/group-b-data-ops.md'],
+  ['claude-skill-viewpoint-group-c-data-explore.md', '.claude/skills/sungen-viewpoint/group-c-data-explore.md'],
+  ['claude-skill-viewpoint-group-d-display.md', '.claude/skills/sungen-viewpoint/group-d-display.md'],
+  ['claude-skill-viewpoint-group-e-identity.md', '.claude/skills/sungen-viewpoint/group-e-identity.md'],
   ['claude-skill-delivery.md', '.claude/skills/sungen-delivery/SKILL.md'],
   ['claude-skill-dashboard.md', '.claude/skills/sungen-dashboard/SKILL.md'],
   ['claude-skill-capture-figma.md', '.claude/skills/sungen-capture-figma/SKILL.md'],
@@ -63,6 +68,11 @@ export const AI_RULES_FILE_MAPPING: [string, string][] = [
   ['github-skill-sungen-selector-fix.md', '.github/skills/sungen-selector-fix/SKILL.md'],
   ['github-skill-sungen-tc-review.md', '.github/skills/sungen-tc-review/SKILL.md'],
   ['github-skill-sungen-viewpoint.md', '.github/skills/sungen-viewpoint/SKILL.md'],
+  ['github-skill-sungen-viewpoint-group-a-data-entry.md', '.github/skills/sungen-viewpoint/group-a-data-entry.md'],
+  ['github-skill-sungen-viewpoint-group-b-data-ops.md', '.github/skills/sungen-viewpoint/group-b-data-ops.md'],
+  ['github-skill-sungen-viewpoint-group-c-data-explore.md', '.github/skills/sungen-viewpoint/group-c-data-explore.md'],
+  ['github-skill-sungen-viewpoint-group-d-display.md', '.github/skills/sungen-viewpoint/group-d-display.md'],
+  ['github-skill-sungen-viewpoint-group-e-identity.md', '.github/skills/sungen-viewpoint/group-e-identity.md'],
   ['github-skill-sungen-delivery.md', '.github/skills/sungen-delivery/SKILL.md'],
   ['github-skill-sungen-dashboard.md', '.github/skills/sungen-dashboard/SKILL.md'],
   ['github-skill-sungen-capture-figma.md', '.github/skills/sungen-capture-figma/SKILL.md'],

package/src/orchestrator/project-initializer.ts CHANGED Viewed

@@ -39,6 +39,9 @@ export class ProjectInitializer {
     // Create directories
     this.createDirectories();
+    // Create qa/context.md for QA lead to fill project-wide context
+    this.createContext();
     // Ensure package.json and install Playwright
     await this.setupDependencies();
@@ -363,6 +366,23 @@ export class ProjectInitializer {
   }
+  /**
+   * Create qa/context.md for the QA lead to fill project-wide context
+   * (roles, testing strategy, global rules, error patterns).
+   */
+  private createContext(): void {
+    const contextPath = path.join(this.cwd, 'qa', 'context.md');
+    if (fs.existsSync(contextPath)) {
+      this.skippedItems.push('qa/context.md');
+      return;
+    }
+    const content = this.readTemplate('qa-context.md');
+    fs.writeFileSync(contextPath, content, 'utf-8');
+    this.createdItems.push('qa/context.md');
+  }
   /**
    * Create specs/base.ts for shared browser context
    */

package/src/orchestrator/templates/ai-instructions/claude-cmd-create-test.md CHANGED Viewed

@@ -32,7 +32,15 @@ Parse **name** from `$ARGUMENTS`. If missing, ask the user.
    - If no → fresh creation. Use `AskUserQuestion` to ask generation scope:
      - **Tier 1 — Critical & High priority** — ~10-15 scenarios/section covering happy paths, core validation, security basics **(Recommended)**
      - **Full coverage — All tiers at once** — generates Tier 1 + 2 + 3 in one run. Large output (~40-60 scenarios/section), best for experienced users who want complete coverage immediately
-3. **Read requirements & resolve visual source** — check `qa/<screens|flows>/<name>/requirements/`:
+3. **Read project context + screen requirements**
+   **Project context** — check `qa/context.md` (project root, not screen-specific):
+   - If exists → read it. Extract: roles, testing strategy directives, global business rules, error patterns.
+   - Summarize what you found in one line (e.g. `"Roles: admin/staff/user | Strategy: focus security, skip VP-UI T1 | 2 global rules"`).
+   - These are carried into the Coverage Map when invoking `sungen-tc-generation`.
+   - If absent → continue without it, no action needed.
+   **Screen requirements** — check `qa/<screens|flows>/<name>/requirements/`:
    - If `spec.md` exists → read it as PRIMARY source (sections, fields, validation rules, business rules, states).
    - If `test-viewpoint.md` exists → read it. If it only contains HTML comments (scaffold template), use `AskUserQuestion` to ask:
      - **Fill test-viewpoint.md first** — I'll help you identify edge cases, known issues, and design decisions for this screen before generating tests