npm - @sun-asterisk/sungen - Versions diffs - 2.6.4 → 2.6.6 - Mend

@sun-asterisk/sungen 2.6.4 → 2.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/src/exporters/feature-parser.ts CHANGED Viewed

@@ -105,7 +105,6 @@ export function isSampleScaffoldScenario(sc: ScenarioMetadata): boolean {
  * Extract priority from scenario tags.
  */
 export function extractPriority(tags: string[]): string {
-  if (tags.includes('@critical')) return 'Critical';
   if (tags.includes('@high')) return 'High';
   if (tags.includes('@normal')) return 'Normal';
   if (tags.includes('@low')) return 'Low';
@@ -144,10 +143,15 @@ export function splitVpAndName(scenarioName: string): { vpId?: string; category1
 /**
  * Map VP prefix to Category 2.
+ * XSS/Injection security tests are input-validation tests → Function.
+ * All other VP-SEC tests (auth, RBAC, access control) → Accessing.
  */
-export function mapVpToCategory2(vpId: string | undefined): string {
+export function mapVpToCategory2(vpId: string | undefined, scenarioName?: string): string {
   if (!vpId) return 'Function';
-  if (vpId.startsWith('VP-SEC-')) return 'Accessing';
+  if (vpId.startsWith('VP-SEC-')) {
+    if (scenarioName && /xss|injection/i.test(scenarioName)) return 'Function';
+    return 'Accessing';
+  }
   if (vpId.startsWith('VP-UI-')) return 'GUI';
   if (vpId.startsWith('VP-VAL-')) return 'Function';
   if (vpId.startsWith('VP-LOGIC-')) return 'Function';
@@ -155,14 +159,13 @@ export function mapVpToCategory2(vpId: string | undefined): string {
 }
 /**
- * Generate TC ID: <SCREEN_UPPER>-<VP-part>-<NNN> OR <SCREEN_UPPER>-<NNN> if no VP.
+ * Generate TC ID: keep VP ID exactly as written (e.g. VP-UI-001) when present,
+ * or fall back to <SCREEN_UPPER>-<NNN> for scenarios without a VP ID.
  */
 export function generateTcId(screen: string, vpId: string | undefined, fallbackIndex: number): string {
-  const screenUpper = screen.toUpperCase().replace(/[^A-Z0-9]/g, '-');
   if (vpId) {
-    // VP-UI-001 → UI-001
-    const vpPart = vpId.replace(/^VP-/, '');
-    return `${screenUpper}-${vpPart}`;
+    return vpId;
   }
+  const screenUpper = screen.toUpperCase().replace(/[^A-Z0-9]/g, '-');
   return `${screenUpper}-${String(fallbackIndex).padStart(3, '0')}`;
 }

package/src/exporters/json-exporter.ts CHANGED Viewed

@@ -51,7 +51,7 @@ export function buildScreenSnapshot(input: BuildScreenSnapshotInput): ScreenSnap
     const tcId = generateTcId(input.screen, vpId, fallbackIndex);
     if (!vpId) fallbackIndex++;
-    const category2 = mapVpToCategory2(vpId);
+    const category2 = mapVpToCategory2(vpId, category1);
     const priority = extractPriority(m.feature.tags) as ScenarioSnapshot['priority'];
     const baseType = extractTestcaseType(m.feature.tags);
     const authRole = extractAuthRole(m.feature.tags);

package/src/exporters/spec-parser.ts CHANGED Viewed

@@ -52,7 +52,7 @@ function extractTestBlock(content: string, startIdx: number): {
  */
 function extractDescribeBlocks(content: string): Array<{ name: string; bodyStart: number; bodyEnd: number }> {
   const result: Array<{ name: string; bodyStart: number; bodyEnd: number }> = [];
-  const regex = /test\.describe\s*\(\s*['"]([^'"]+)['"]\s*,\s*\(\s*\)\s*=>\s*\{/g;
+  const regex = /test\.describe(?:\.serial)?\s*\(\s*['"]([^'"]+)['"]\s*,\s*\(\s*\)\s*=>\s*\{/g;
   let match: RegExpExecArray | null;
   while ((match = regex.exec(content)) !== null) {
     const name = match[1];

package/src/generators/test-generator/adapters/adapter-interface.ts CHANGED Viewed

@@ -34,7 +34,7 @@ export interface ScenarioData {
   steps: Array<{ comment?: string; code: string }>;
   authRole?: string; // Auth role for storage state
   isParallel?: boolean; // @parallel: use fresh page from fixture
-  tags?: string; // Pass-through tags for Playwright { tag: [...] }, e.g. "'@smoke', '@critical'"
+  tags?: string; // Pass-through tags for Playwright { tag: [...] }, e.g. "'@smoke', '@high'"
 }
 export interface StepTemplateData {

package/src/generators/test-generator/patterns/navigation-patterns.ts CHANGED Viewed

@@ -12,22 +12,38 @@ export const navigationPatterns: StepPattern[] = [
       (step.text.includes('open') || step.text.includes('opens') || step.text.includes('is on') || step.text.includes('navigate to')) &&
       step.elementType === 'page',
     resolver: (step, context) => {
-      let path = context.featurePath || '/';
+      const isThen = context.effectiveKeyword === 'Then';
+      // Cross-screen page refs (e.g. Then User is on [dashboard] page) won't be in the
+      // current screen's selectors. Fall back to /<ref>/ for assertion paths instead of
+      // the current featurePath, which would silently make the assertion always pass.
+      const pathFallback = isThen && step.selectorRef
+        ? `/${step.selectorRef}/`
+        : (context.featurePath || '/');
+      let path = pathFallback;
       if (step.selectorRef) {
         try {
           const resolved = context.selectorResolver.resolveSelector(
             step.selectorRef, context.featureName, step.elementType, step.nth
           );
-          path = resolved.value || path;
+          path = resolved.value || pathFallback;
         } catch (error) {
-          path = context.featurePath || '/';
+          path = pathFallback;
         }
       }
       const finalPath = resolvePathVariables(path, context.scenarioSteps || []);
       const isAbsoluteUrl = /^https?:\/\//.test(finalPath);
+      // Then User is on [X] page — assert URL, don't navigate.
+      if (isThen) {
+        return {
+          templateName: 'route-assertion',
+          data: { path: finalPath },
+          comment: step.selectorRef ? `Assert on ${step.selectorRef} page` : `Assert page route`,
+        };
+      }
       return {
         templateName: 'navigation',
         data: { baseURL: isAbsoluteUrl ? undefined : context.baseURL, path: finalPath },
@@ -71,6 +87,7 @@ export const navigationPatterns: StepPattern[] = [
       !!(step.selectorRef || step.dataRef),
     resolver: (step, context) => {
       const route = step.selectorRef || step.dataRef;
+      const isThen = context.effectiveKeyword === 'Then';
       const inferredPath = inferPath(context.featurePath, {
         featureName: context.featureName,
@@ -81,6 +98,14 @@ export const navigationPatterns: StepPattern[] = [
       const cleanPath = pathCode.replace(/^['`]|['`]$/g, '');
       const isAbsoluteUrl = /^https?:\/\//.test(cleanPath);
+      if (isThen) {
+        return {
+          templateName: 'route-assertion',
+          data: { path: cleanPath },
+          comment: `Assert on ${route}`,
+        };
+      }
       return {
         templateName: 'navigation',
         data: { baseURL: isAbsoluteUrl ? undefined : context.baseURL, path: cleanPath },

package/src/orchestrator/templates/ai-instructions/claude-cmd-run-test.md CHANGED Viewed

@@ -56,8 +56,8 @@ Parse **name** from `$ARGUMENTS`. If missing, ask the user.
 ## Run & Fix (phased — per `sungen-selector-fix` skill)
-5. **Phase 1 — Smoke Check**: Run first 5 `@critical`/`@high` scenarios only. If failures → diagnose, fix fundamentals (page selector, auth, base @steps), re-run. Max 2 attempts. If still broken → ask user.
-6. **Phase 2 — Priority Wave**: Run all `@critical` + `@high` scenarios. Fix only failures from this wave. Max 2 attempts. Shared selectors fixed here cascade to later phases.
+5. **Phase 1 — Smoke Check**: Run first 5 `@high` scenarios only. If failures → diagnose, fix fundamentals (page selector, auth, base @steps), re-run. Max 2 attempts. If still broken → ask user.
+6. **Phase 2 — Priority Wave**: Run all `@high` scenarios. Fix only failures from this wave. Max 2 attempts. Shared selectors fixed here cascade to later phases.
 7. **Phase 3 — Full Run**: Run all tests. Fix only **new** failures (elements unique to `@normal`/`@low`). Max 1 attempt. Don't loop on low-priority failures.
 8. **Phase 4 — Regression**: One final full run. Report results. No more fix loops.

package/src/orchestrator/templates/ai-instructions/claude-skill-delivery.md CHANGED Viewed

@@ -68,7 +68,7 @@ The CLI reads the **per-target result file first** (co-located with `.spec.ts`),
 | Test Data | `{{vars}}` from scenario resolved via test-data.yaml → `key: value; key2: value2` |
 | Steps | `.spec.ts` code comments for interactions (numbered) |
 | Expected results | `.spec.ts` `expect(...)` comments (numbered) |
-| Priority | Tag: `@critical`/`@high`/`@normal`/`@low` (default: Normal) |
+| Priority | Tag: `@high`/`@normal`/`@low` (default: Normal) |
 | Testcase type | `@manual` → Manual, else Auto. Not compiled → "Not compiled" |
 | Test Result | results.json status: passed→Passed, failed/timedOut→Failed, skipped→N/A, else Pending |
 | Executed Date | results.json startTime formatted as `dd/mm/yyyy` |

package/src/orchestrator/templates/ai-instructions/claude-skill-gherkin-syntax.md CHANGED Viewed

@@ -192,18 +192,17 @@ Any tag not listed above passes through to Playwright `{ tag: [...] }`. Feature-
 |---|---|
 | `@smoke` | Quick sanity check — run after every deploy |
 | `@regression` | Full test suite — run nightly or before release |
-| `@critical` | Priority: system unusable if fails (login, auth, core CRUD) |
-| `@high` | Priority: major feature broken (required validation, key business rules) |
-| `@normal` | Priority: degraded experience (UI layout, secondary flows) |
-| `@low` | Priority: minor/cosmetic (tooltips, hover states, empty states) |
+| `@high` | Priority: must pass — login, auth, core CRUD, primary business flow |
+| `@normal` | Priority: important — validation rules, secondary features, search/filter |
+| `@low` | Priority: minor/cosmetic — tooltips, hover states, element presence |
 | `@auto` | Standard scenario, ready for automation |
 | Any custom | e.g., `@sprint-42`, `@team-payment` — any tag works |
 **Run filtered:**
 ```bash
 npx playwright test --grep "@smoke"          # only smoke tests
-npx playwright test --grep "@critical"       # only critical priority
-npx playwright test --grep "@smoke|@critical" # smoke OR critical
+npx playwright test --grep "@high"           # only high priority
+npx playwright test --grep "@smoke|@high"    # smoke OR high
 ```
 ### Serial vs Parallel (test execution mode)

package/src/orchestrator/templates/ai-instructions/claude-skill-selector-fix.md CHANGED Viewed

@@ -118,7 +118,7 @@ Skip if `specs/.auth/<role>.json` already exists and a probe navigation reaches
 ## Phase 1: Smoke Check (catch fundamentals)
-Run **up to 5 scenarios** — pick the first `@critical` or `@high` scenarios in the feature file.
+Run **up to 5 scenarios** — pick the first `@high` scenarios in the feature file.
 ```bash
 npx playwright test --grep "VP-.*-001|VP-.*-002|VP-.*-003|VP-.*-004|VP-.*-005" --reporter=line
@@ -134,15 +134,15 @@ npx playwright test --grep "VP-.*-001|VP-.*-002|VP-.*-003|VP-.*-004|VP-.*-005" -
 ---
-## Phase 2: Priority Wave (@critical + @high)
+## Phase 2: Priority Wave (@high)
-Run all `@critical` and `@high` scenarios:
+Run all `@high` scenarios:
 ```bash
-npx playwright test --grep "@critical|@high" --reporter=line
+npx playwright test --grep "@high" --reporter=line
 ```
-If your Playwright config doesn't support tag grep, use scenario name grep from the feature file — collect VP IDs of `@critical` and `@high` scenarios.
+If your Playwright config doesn't support tag grep, use scenario name grep from the feature file — collect VP IDs of `@high` scenarios.
 **Fix only failures from this wave.** Most shared selectors (buttons, headings, navigation) get fixed here because critical/high scenarios exercise them.
@@ -292,8 +292,8 @@ user detail:
 |---|---|---|---|
 | 0. Pre-gen | Playwright MCP snapshot → write selectors.yaml | 1 snapshot | Ask user — skip or retry navigation |
 | 0.5. Auth | Manual login in MCP browser → `browser_storage_state` → `specs/.auth/<role>.json` | 1 login | Ask user — retry login or fall back to `sungen makeauth` |
-| 1. Smoke | First 5 @critical/@high | 2 | Ask user — fundamentals broken |
-| 2. Priority | All @critical + @high | 2 | Report failures, continue to Phase 3 |
+| 1. Smoke | First 5 @high | 2 | Ask user — fundamentals broken |
+| 2. Priority | All @high | 2 | Report failures, continue to Phase 3 |
 | 3. Full | All tests | 1 | Report @low/@normal failures, continue |
 | 4. Regression | All tests | 0 | Report final results |

package/src/orchestrator/templates/ai-instructions/claude-skill-tc-generation.md CHANGED Viewed

@@ -12,7 +12,7 @@ Generate **focused test cases per screen section** using a **tier-based approach
 | Tier | Priority | What to generate | When |
 |---|---|---|---|
-| **Tier 1** (default) | `@critical` + `@high` | Happy paths, required validation, core business rules, security basics | First run of `create-test` |
+| **Tier 1** (default) | `@high` | Happy paths, required validation, core business rules, security basics | First run of `create-test` |
 | **Tier 2** (expand) | `@normal` + `@low` | UI presence, optional validation, edge cases, cosmetic checks | User runs `create-test` again with "Add viewpoints" mode |
 **Round 1 (Tier 1)** targets **~10-15 scenarios per section** — enough to cover critical flows and catch real bugs. This is the default behavior.
@@ -24,7 +24,7 @@ Generate **focused test cases per screen section** using a **tier-based approach
 When `.feature` already has scenarios, summarize and ask:
 1. **Add new sections** — append new sections with Tier 2 (`@normal` + `@low`) scenarios, continue numbering
 2. **Add viewpoints** — expand existing sections with Tier 2 (`@normal` + `@low`) scenarios
-3. **Replace all** — overwrite with fresh Tier 1 (`@critical` + `@high`) generation
+3. **Replace all** — overwrite with fresh Tier 1 (`@high`) generation
 For append: read highest `VP-<CAT>-<NNN>`, continue from next number. Never modify existing scenarios.
@@ -89,7 +89,7 @@ Apply `sungen-test-design-techniques` to spec-extracted conditions:
 Use `sungen-viewpoint` skill for per-pattern checklists across 4 viewpoints: UI/UX, Data & Validate, Logic, Security.
 **Tier-aware gap filling:**
-- **Tier 1 (first run)**: only add `@critical` and `@high` items from the checklists — core security checks (VP-SEC), required field validation (VP-VAL), key state transitions (VP-LOGIC). Skip `@normal`/`@low` items like hover states, empty states, tooltips.
+- **Tier 1 (first run)**: only add `@high` items from the checklists — core security checks (VP-SEC), required field validation (VP-VAL), key state transitions (VP-LOGIC). Skip `@normal`/`@low` items like hover states, empty states, tooltips.
 - **Tier 2 (expand run)**: add `@normal` + `@low` scenarios — UI presence, optional validation, edge cases, cosmetic checks, keyboard nav, hover effects.
 **Validation rule**: capture actual error messages from live page or spec.md. Use `User see {{error_var}}` — never assert just "is visible".
@@ -98,24 +98,29 @@ Use `sungen-viewpoint` skill for per-pattern checklists across 4 viewpoints: UI/
 Every scenario **MUST** have exactly one priority tag. Add it before the scenario line (after `@extend:` if present).
+**Rule: look at what the WHEN step does and what THEN asserts — that determines the tag.**
 | Tag | When to use |
 |---|---|
-| `@critical` | System unusable if fails — login/logout, authentication redirect, main create/submit/delete, permission denied |
-| `@high` | Major feature broken — required field validation, core business rules, data displays correctly, key navigation |
-| `@normal` | Degraded experience — UI layout/element presence, secondary flows, optional field validation, search/filter |
-| `@low` | Minor/cosmetic — tooltips, hover states, empty states, default sort, placeholder text |
+| `@high` | WHEN performs: login/logout, submit happy path, auth-check, primary CRUD action. THEN asserts: success state, redirect, or security gate |
+| `@normal` | WHEN provides invalid/empty input, OR scenario tests search/filter/notification/secondary flow. THEN asserts: error message, secondary feature result |
+| `@low` | THEN only asserts: element visible, text label, placeholder, tooltip, icon, layout. WHEN (if any) is navigation only |
 ### Auto-assign heuristics
-| Viewpoint + Pattern | Default priority |
+| Scenario type (by WHEN + THEN structure) | Tag |
 |---|---|
-| VP-SEC-* (all security scenarios) | `@critical` |
-| VP-LOGIC-* with create/submit/delete/login | `@critical` |
-| VP-LOGIC-* other state changes | `@high` |
-| VP-VAL-* required field / submit empty | `@high` |
-| VP-VAL-* format, boundary, optional fields | `@normal` |
-| VP-UI-* form fields present, table columns | `@normal` |
-| VP-UI-* hover, tooltip, empty state, placeholder | `@low` |
+| Auth: login / logout / protected page redirect | `@high` |
+| CRUD happy path: create / update / delete → success message or redirect | `@high` |
+| Security: unauthenticated access → redirected to login | `@high` |
+| Primary business flow step completes successfully | `@high` |
+| Validation: invalid / empty input → error message shown | `@normal` |
+| Boundary / format validation (email, length, range) | `@normal` |
+| Secondary features: search, filter, sort, pagination, notification | `@normal` |
+| State transition not on primary success path (cancel, undo, back) | `@normal` |
+| Element / component presence check (is it visible?) | `@low` |
+| Text content: label, placeholder, tooltip, warning message text | `@low` |
+| Visual / cosmetic: alignment, icon, empty state, hover style | `@low` |
 **`@steps:` scenarios** do NOT get a priority tag (they are setup blocks, not test cases).
@@ -175,11 +180,11 @@ Serial (default) is best for: CRUD flows, sequential user journeys, UI checks on
 @cleanup:forms
 Feature: kudos Screen
-  @critical
+  @high
   Scenario: Send kudos
     ...
-  @critical @no-auth
+  @high @no-auth
   Scenario: Unauthenticated user is redirected
     ...
 ```
@@ -205,9 +210,9 @@ Feature: <Screen> Screen
     When User click [Create] button
     Then User see [Form] dialog
-  # --- Section: Create User Form (Tier 1: @critical + @high) ---
+  # --- Section: Create User Form (Tier 1: @high) ---
-  @critical @extend:open_form
+  @high @extend:open_form
   Scenario: VP-LOGIC-001 Submit form with valid data creates record
     Given User is on [Form] dialog
     When User fill [Name] field with {{valid_name}}
@@ -220,7 +225,7 @@ Feature: <Screen> Screen
     When User click [Submit] button
     Then User see [Name error] message with {{name_required_error}}
-  # --- Section: User Table (Tier 1: @critical + @high) ---
+  # --- Section: User Table (Tier 1: @high) ---
   @high
   Scenario: VP-VAL-010 Table displays correct data
@@ -228,7 +233,7 @@ Feature: <Screen> Screen
       | Name       | Email        |
       | {{name_1}} | {{email_1}}  |
-  @critical
+  @high
   Scenario: VP-SEC-010 Unauthorized user cannot access page
     Given User is not logged in
     When User navigate to [Screen] page
@@ -300,14 +305,14 @@ Feature: Award Submission Flow
   Background:
     Given User is on [Login] page
-  @critical
+  @high
   Scenario: User login successfully
     When User fill [Login:Email] field with {{login.email}}
     And User fill [Login:Password] field with {{login.password}}
     And User click [Login:Submit] button
     Then User see [Dashboard] page
-  @critical
+  @high
   Scenario: User navigates to awards and submits
     When User click [Dashboard:Awards] link
     Then User see [Awards] page

package/src/orchestrator/templates/ai-instructions/claude-skill-tc-review.md CHANGED Viewed

@@ -38,12 +38,12 @@ Score: `(dimensions_covered / 6) * 40`. Validate technique application with `sun
 | All applicable VP present (UI/VAL/LOGIC/SEC) | 10 |
 | Correct classification | 8 |
 | `VP-<CAT>-<NNN>` naming + section grouping | 4 |
-| Priority tag present and correct (`@critical`/`@high`/`@normal`/`@low`) | 4 |
+| Priority tag present and correct (`@high`/`@normal`/`@low`) | 4 |
 | Assertion quality (see rules below) | 4 |
 **Classification**: UI = static/always-same appearance. VAL = input validation/errors. LOGIC = behavior/state changes (includes persisted state without When). SEC = auth/permissions.
-**Tier-aware scoring**: If the feature file only contains `@critical` + `@high` scenarios (Tier 1), do NOT penalize for missing VP-UI viewpoint — UI scenarios are intentionally deferred to Tier 2. Score "All applicable VP present" based on Tier 1-relevant viewpoints only (VAL, LOGIC, SEC). Note in the review output: *"VP-UI deferred to Tier 2 — run `/sungen:create-test` with 'Add viewpoints' to expand."*
+**Tier-aware scoring**: If the feature file only contains `@high` scenarios (Tier 1), do NOT penalize for missing VP-UI viewpoint — UI scenarios are intentionally deferred to Tier 2. Score "All applicable VP present" based on Tier 1-relevant viewpoints only (VAL, LOGIC, SEC). Note in the review output: *"VP-UI deferred to Tier 2 — run `/sungen:create-test` with 'Add viewpoints' to expand."*
 ---
@@ -80,7 +80,7 @@ Do NOT mark `@manual` when data is visible in snapshot or documented in spec —
 2. **Misclassified VP** — UI tests behavior? Move to LOGIC. Logic tests appearance? Move to UI
 3. **Dynamic content** — exact match on counters/timestamps? Use `contains` instead
 4. **Duplicate across sections** — SEC scenario identical to UI? Remove duplicate
-5. **Missing/wrong priority tag** — every non-`@steps` scenario needs exactly one of `@critical`/`@high`/`@normal`/`@low`. SEC→`@critical`, VAL required→`@high`, UI layout→`@normal`, hover/tooltip→`@low`
+5. **Missing/wrong priority tag** — every non-`@steps` scenario needs exactly one of `@high`/`@normal`/`@low`. SEC/CRUD happy path/auth→`@high`, validation/secondary features→`@normal`, presence/cosmetic→`@low`
 6. **Always-enabled elements** — `is enabled` on never-disabled element? Remove
 7. **Test-data completeness** — every `{{var}}` must exist in test-data.yaml
 8. **Missing BVA boundaries** — spec defines min/max range but scenarios only test midpoint? Add `min-1`, `min`, `max`, `max+1`

package/src/orchestrator/templates/ai-instructions/claude-skill-test-design-techniques.md CHANGED Viewed

@@ -53,7 +53,7 @@ Scenario: VP-VAL-003 Above maximum is rejected           # value = 101
 | Mode | Values | Use when |
 |---|---|---|
 | **Compact (default)** | `min-1`, `min`, `max`, `max+1` | Most fields |
-| **Full 6-point** | `min-1`, `min`, `min+1`, `max-1`, `max`, `max+1` | Critical fields with `@critical`/`@high` priority |
+| **Full 6-point** | `min-1`, `min`, `min+1`, `max-1`, `max`, `max+1` | Critical fields with `@high` priority |
 **How to apply** (example: "quantity must be 1-10"):
 - `min-1` = 0 -> invalid
@@ -82,7 +82,7 @@ Scenario: VP-VAL-003 Above maximum is rejected           # value = 101
 - `@normal` Form invalid + no permission → disabled
 - `@normal` Form valid + no permission → disabled
 - `@normal` Has permission + form invalid → disabled
-- `@critical` Form valid + has permission → succeeds
+- `@high` Form valid + has permission → succeeds
 ---

package/src/orchestrator/templates/ai-instructions/claude-skill-viewpoint.md CHANGED Viewed

@@ -266,7 +266,7 @@ For VP-SEC scenarios testing **unauthorized access** (no login, wrong role, dire
 - Do NOT use `@manual` for these — they are automatable.
 ```gherkin
-@critical @no-auth
+@high @no-auth
 Scenario: VP-SEC-001 Unauthenticated user cannot access admin page
   Given User is on [Admin] page
   Then User see [Login] page

package/src/orchestrator/templates/ai-instructions/copilot-cmd-run-test.md CHANGED Viewed

@@ -56,8 +56,8 @@ Parse **name** from `$ARGUMENTS`. If missing, ask the user.
 ## Run & Fix (phased — per `sungen-selector-fix` skill)
-5. **Phase 1 — Smoke Check**: Run first 5 `@critical`/`@high` scenarios only. If failures → diagnose, fix fundamentals (page selector, auth, base @steps), re-run. Max 2 attempts. If still broken → ask user.
-6. **Phase 2 — Priority Wave**: Run all `@critical` + `@high` scenarios. Fix only failures from this wave. Max 2 attempts. Shared selectors fixed here cascade to later phases.
+5. **Phase 1 — Smoke Check**: Run first 5 `@high` scenarios only. If failures → diagnose, fix fundamentals (page selector, auth, base @steps), re-run. Max 2 attempts. If still broken → ask user.
+6. **Phase 2 — Priority Wave**: Run all `@high` scenarios. Fix only failures from this wave. Max 2 attempts. Shared selectors fixed here cascade to later phases.
 7. **Phase 3 — Full Run**: Run all tests. Fix only **new** failures (elements unique to `@normal`/`@low`). Max 1 attempt. Don't loop on low-priority failures.
 8. **Phase 4 — Regression**: One final full run. Report results. No more fix loops.

package/src/orchestrator/templates/ai-instructions/github-skill-sungen-delivery.md CHANGED Viewed

@@ -68,7 +68,7 @@ The CLI reads the **per-target result file first** (co-located with `.spec.ts`),
 | Test Data | `{{vars}}` from scenario resolved via test-data.yaml → `key: value; key2: value2` |
 | Steps | `.spec.ts` code comments for interactions (numbered) |
 | Expected results | `.spec.ts` `expect(...)` comments (numbered) |
-| Priority | Tag: `@critical`/`@high`/`@normal`/`@low` (default: Normal) |
+| Priority | Tag: `@high`/`@normal`/`@low` (default: Normal) |
 | Testcase type | `@manual` → Manual, else Auto. Not compiled → "Not compiled" |
 | Test Result | results.json status: passed→Passed, failed/timedOut→Failed, skipped→N/A, else Pending |
 | Executed Date | results.json startTime formatted as `dd/mm/yyyy` |

package/src/orchestrator/templates/ai-instructions/github-skill-sungen-gherkin-syntax.md CHANGED Viewed

@@ -192,18 +192,17 @@ Any tag not listed above passes through to Playwright `{ tag: [...] }`. Feature-
 |---|---|
 | `@smoke` | Quick sanity check — run after every deploy |
 | `@regression` | Full test suite — run nightly or before release |
-| `@critical` | Priority: system unusable if fails (login, auth, core CRUD) |
-| `@high` | Priority: major feature broken (required validation, key business rules) |
-| `@normal` | Priority: degraded experience (UI layout, secondary flows) |
-| `@low` | Priority: minor/cosmetic (tooltips, hover states, empty states) |
+| `@high` | Priority: must pass — login, auth, core CRUD, primary business flow |
+| `@normal` | Priority: important — validation rules, secondary features, search/filter |
+| `@low` | Priority: minor/cosmetic — tooltips, hover states, element presence |
 | `@auto` | Standard scenario, ready for automation |
 | Any custom | e.g., `@sprint-42`, `@team-payment` — any tag works |
 **Run filtered:**
 ```bash
 npx playwright test --grep "@smoke"          # only smoke tests
-npx playwright test --grep "@critical"       # only critical priority
-npx playwright test --grep "@smoke|@critical" # smoke OR critical
+npx playwright test --grep "@high"           # only high priority
+npx playwright test --grep "@smoke|@high"    # smoke OR high
 ```
 ### Serial vs Parallel (test execution mode)

package/src/orchestrator/templates/ai-instructions/github-skill-sungen-selector-fix.md CHANGED Viewed

@@ -179,7 +179,7 @@ Skip if `specs/.auth/<role>.json` already exists and a probe navigation reaches
 ## Phase 1: Smoke Check (catch fundamentals)
-Run **up to 5 scenarios** — pick the first `@critical` or `@high` scenarios in the feature file.
+Run **up to 5 scenarios** — pick the first `@high` scenarios in the feature file.
 ```bash
 npx playwright test --grep "VP-.*-001|VP-.*-002|VP-.*-003|VP-.*-004|VP-.*-005" --reporter=line
@@ -195,15 +195,15 @@ npx playwright test --grep "VP-.*-001|VP-.*-002|VP-.*-003|VP-.*-004|VP-.*-005" -
 ---
-## Phase 2: Priority Wave (@critical + @high)
+## Phase 2: Priority Wave (@high)
-Run all `@critical` and `@high` scenarios:
+Run all `@high` scenarios:
 ```bash
-npx playwright test --grep "@critical|@high" --reporter=line
+npx playwright test --grep "@high" --reporter=line
 ```
-If your Playwright config doesn't support tag grep, use scenario name grep from the feature file — collect VP IDs of `@critical` and `@high` scenarios.
+If your Playwright config doesn't support tag grep, use scenario name grep from the feature file — collect VP IDs of `@high` scenarios.
 **Fix only failures from this wave.** Most shared selectors (buttons, headings, navigation) get fixed here because critical/high scenarios exercise them.
@@ -353,8 +353,8 @@ user detail:
 |---|---|---|---|
 | 0. Pre-gen | Playwright MCP snapshot → write selectors.yaml | 1 snapshot | Ask user — skip or retry navigation |
 | 0.5. Auth | Manual login in MCP browser → `browser_storage_state` → `specs/.auth/<role>.json` | 1 login | Ask user — retry login or fall back to `sungen makeauth` |
-| 1. Smoke | First 5 @critical/@high | 2 | Ask user — fundamentals broken |
-| 2. Priority | All @critical + @high | 2 | Report failures, continue to Phase 3 |
+| 1. Smoke | First 5 @high | 2 | Ask user — fundamentals broken |
+| 2. Priority | All @high | 2 | Report failures, continue to Phase 3 |
 | 3. Full | All tests | 1 | Report @low/@normal failures, continue |
 | 4. Regression | All tests | 0 | Report final results |

package/src/orchestrator/templates/ai-instructions/github-skill-sungen-tc-generation.md CHANGED Viewed

@@ -12,7 +12,7 @@ Generate **focused test cases per screen section** using a **tier-based approach
 | Tier | Priority | What to generate | When |
 |---|---|---|---|
-| **Tier 1** (default) | `@critical` + `@high` | Happy paths, required validation, core business rules, security basics | First run of `create-test` |
+| **Tier 1** (default) | `@high` | Happy paths, required validation, core business rules, security basics | First run of `create-test` |
 | **Tier 2** (expand) | `@normal` + `@low` | UI presence, optional validation, edge cases, cosmetic checks | User runs `create-test` again with "Add viewpoints" mode |
 **Round 1 (Tier 1)** targets **~10-15 scenarios per section** — enough to cover critical flows and catch real bugs. This is the default behavior.
@@ -24,7 +24,7 @@ Generate **focused test cases per screen section** using a **tier-based approach
 When `.feature` already has scenarios, summarize and ask:
 1. **Add new sections** — append new sections with Tier 2 (`@normal` + `@low`) scenarios, continue numbering
 2. **Add viewpoints** — expand existing sections with Tier 2 (`@normal` + `@low`) scenarios
-3. **Replace all** — overwrite with fresh Tier 1 (`@critical` + `@high`) generation
+3. **Replace all** — overwrite with fresh Tier 1 (`@high`) generation
 For append: read highest `VP-<CAT>-<NNN>`, continue from next number. Never modify existing scenarios.
@@ -102,7 +102,7 @@ Apply `sungen-test-design-techniques` to spec-extracted conditions:
 Use `sungen-viewpoint` skill for per-pattern checklists across 4 viewpoints: UI/UX, Data & Validate, Logic, Security.
 **Tier-aware gap filling:**
-- **Tier 1 (first run)**: only add `@critical` and `@high` items from the checklists — core security checks (VP-SEC), required field validation (VP-VAL), key state transitions (VP-LOGIC). Skip `@normal`/`@low` items like hover states, empty states, tooltips.
+- **Tier 1 (first run)**: only add `@high` items from the checklists — core security checks (VP-SEC), required field validation (VP-VAL), key state transitions (VP-LOGIC). Skip `@normal`/`@low` items like hover states, empty states, tooltips.
 - **Tier 2 (expand run)**: add `@normal` + `@low` scenarios — UI presence, optional validation, edge cases, cosmetic checks, keyboard nav, hover effects.
 **Validation rule**: capture actual error messages from live page or spec.md. Use `User see {{error_var}}` — never assert just "is visible".
@@ -111,24 +111,29 @@ Use `sungen-viewpoint` skill for per-pattern checklists across 4 viewpoints: UI/
 Every scenario **MUST** have exactly one priority tag. Add it before the scenario line (after `@extend:` if present).
+**Rule: look at what the WHEN step does and what THEN asserts — that determines the tag.**
 | Tag | When to use |
 |---|---|
-| `@critical` | System unusable if fails — login/logout, authentication redirect, main create/submit/delete, permission denied |
-| `@high` | Major feature broken — required field validation, core business rules, data displays correctly, key navigation |
-| `@normal` | Degraded experience — UI layout/element presence, secondary flows, optional field validation, search/filter |
-| `@low` | Minor/cosmetic — tooltips, hover states, empty states, default sort, placeholder text |
+| `@high` | WHEN performs: login/logout, submit happy path, auth-check, primary CRUD action. THEN asserts: success state, redirect, or security gate |
+| `@normal` | WHEN provides invalid/empty input, OR scenario tests search/filter/notification/secondary flow. THEN asserts: error message, secondary feature result |
+| `@low` | THEN only asserts: element visible, text label, placeholder, tooltip, icon, layout. WHEN (if any) is navigation only |
 ### Auto-assign heuristics
-| Viewpoint + Pattern | Default priority |
+| Scenario type (by WHEN + THEN structure) | Tag |
 |---|---|
-| VP-SEC-* (all security scenarios) | `@critical` |
-| VP-LOGIC-* with create/submit/delete/login | `@critical` |
-| VP-LOGIC-* other state changes | `@high` |
-| VP-VAL-* required field / submit empty | `@high` |
-| VP-VAL-* format, boundary, optional fields | `@normal` |
-| VP-UI-* form fields present, table columns | `@normal` |
-| VP-UI-* hover, tooltip, empty state, placeholder | `@low` |
+| Auth: login / logout / protected page redirect | `@high` |
+| CRUD happy path: create / update / delete → success message or redirect | `@high` |
+| Security: unauthenticated access → redirected to login | `@high` |
+| Primary business flow step completes successfully | `@high` |
+| Validation: invalid / empty input → error message shown | `@normal` |
+| Boundary / format validation (email, length, range) | `@normal` |
+| Secondary features: search, filter, sort, pagination, notification | `@normal` |
+| State transition not on primary success path (cancel, undo, back) | `@normal` |
+| Element / component presence check (is it visible?) | `@low` |
+| Text content: label, placeholder, tooltip, warning message text | `@low` |
+| Visual / cosmetic: alignment, icon, empty state, hover style | `@low` |
 **`@steps:` scenarios** do NOT get a priority tag (they are setup blocks, not test cases).
@@ -188,11 +193,11 @@ Serial (default) is best for: CRUD flows, sequential user journeys, UI checks on
 @cleanup:forms
 Feature: kudos Screen
-  @critical
+  @high
   Scenario: Send kudos
     ...
-  @critical @no-auth
+  @high @no-auth
   Scenario: Unauthenticated user is redirected
     ...
 ```
@@ -218,9 +223,9 @@ Feature: <Screen> Screen
     When User click [Create] button
     Then User see [Form] dialog
-  # --- Section: Create User Form (Tier 1: @critical + @high) ---
+  # --- Section: Create User Form (Tier 1: @high) ---
-  @critical @extend:open_form
+  @high @extend:open_form
   Scenario: VP-LOGIC-001 Submit form with valid data creates record
     Given User is on [Form] dialog
     When User fill [Name] field with {{valid_name}}
@@ -233,7 +238,7 @@ Feature: <Screen> Screen
     When User click [Submit] button
     Then User see [Name error] message with {{name_required_error}}
-  # --- Section: User Table (Tier 1: @critical + @high) ---
+  # --- Section: User Table (Tier 1: @high) ---
   @high
   Scenario: VP-VAL-010 Table displays correct data
@@ -241,7 +246,7 @@ Feature: <Screen> Screen
       | Name       | Email        |
       | {{name_1}} | {{email_1}}  |
-  @critical
+  @high
   Scenario: VP-SEC-010 Unauthorized user cannot access page
     Given User is not logged in
     When User navigate to [Screen] page
@@ -317,14 +322,14 @@ Feature: Award Submission Flow
   Background:
     Given User is on [Login] page
-  @critical
+  @high
   Scenario: User login successfully
     When User fill [Login:Email] field with {{login.email}}
     And User fill [Login:Password] field with {{login.password}}
     And User click [Login:Submit] button
     Then User see [Dashboard] page
-  @critical
+  @high
   Scenario: User navigates to awards and submits
     Given User is on [Awards] page
     When User fill [Awards:Nominee] field with {{submission.nominee}}