agentic-qe 1.2.0 → 1.3.1

package/.claude/skills/chaos-engineering-resilience/SKILL.md

@@ -0,0 +1,109 @@
+---
+name: chaos-engineering-resilience
+description: Chaos engineering principles, controlled failure injection, resilience testing, and system recovery validation. Use when testing distributed systems, building confidence in fault tolerance, or validating disaster recovery.
+version: 1.0.0
+category: specialized-testing
+tags: [chaos-engineering, resilience, fault-injection, disaster-recovery, distributed-systems]
+difficulty: advanced
+estimated_time: 90 minutes
+author: agentic-qe
+---
+
+# Chaos Engineering & Resilience Testing
+
+## Core Principle
+
+**Systems fail. Build systems that fail gracefully.**
+
+Chaos engineering proactively introduces failures to discover weaknesses before they cause outages. Resilience testing validates recovery capabilities.
+
+## What is Chaos Engineering?
+
+**Chaos Engineering:** Experimenting on distributed systems to build confidence in system ability to withstand turbulent conditions.
+
+**Principles:**
+1. Define steady state (normal metrics)
+2. Hypothesize steady state continues
+3. Introduce real-world failures
+4. Try to disprove hypothesis
+5. Fix weaknesses, repeat
+
+## Types of Failures to Inject
+
+### Network Failures
+- Latency injection
+- Packet loss
+- Network partitions
+- DNS failures
+- Connection timeouts
+
+### Infrastructure Failures
+- Instance termination
+- Disk failures
+- CPU exhaustion
+- Memory pressure
+- Cascading failures
+
+### Application Failures
+- Exceptions
+- Slow responses
+- Resource leaks
+- Deadlocks
+
+## Controlled Experiments
+
+**Start small, increase blast radius gradually:**
+```
+1. Development: Test locally
+2. Staging: Test in staging environment
+3. Production Canary: 1% of traffic
+4. Production Gradual: 10% → 50% → 100%
+```
+
+## Netflix Chaos Monkey
+
+**Randomly terminates instances:**
+```javascript
+// Chaos Monkey configuration
+{
+  "enabled": true,
+  "meanTimeBetweenKillsInWorkDays": 2,
+  "minTimeBetweenKillsInWorkDays": 1,
+  "grouping": "cluster",
+  "regions": ["us-east-1"],
+  "exceptions": ["production-critical"]
+}
+```
+
+## With qe-chaos-engineer Agent
+
+```typescript
+// Agent runs controlled chaos experiments
+const experiment = await agent.runChaosExperiment({
+  target: 'payment-service',
+  failure: 'terminate-random-instance',
+  blastRadius: '10%',
+  duration: '5m',
+  steadyStateHypothesis: {
+    metric: 'success-rate',
+    threshold: 0.99
+  }
+});
+
+// Verifies:
+// - System recovers automatically
+// - Error rate stays below threshold
+// - No data loss
+// - Alerts triggered appropriately
+```
+
+## Remember
+
+**Break things on purpose to prevent unplanned outages.**
+
+- Find weaknesses before users do
+- Build confidence in system resilience
+- Validate recovery procedures work
+- Create runbooks from experiments
+
+**With Agents:** `qe-chaos-engineer` automates chaos experiments with blast radius control, automatic rollback, and comprehensive resilience validation.

package/.claude/skills/compatibility-testing/SKILL.md

@@ -0,0 +1,101 @@
+---
+name: compatibility-testing
+description: Cross-browser, cross-platform, and cross-device compatibility testing ensuring consistent experience across environments. Use when validating browser support, testing responsive design, or ensuring platform compatibility.
+version: 1.0.0
+category: specialized-testing
+tags: [compatibility, cross-browser, cross-platform, responsive-design, browser-testing]
+difficulty: intermediate
+estimated_time: 60 minutes
+author: agentic-qe
+---
+
+# Compatibility Testing
+
+## Core Principle
+
+**Users access your app from 100+ browser/device combinations.**
+
+Compatibility testing ensures consistent functionality and UX across browsers, operating systems, devices, and screen sizes.
+
+## Browser Matrix
+
+**Test on:**
+- Chrome (latest, N-1)
+- Firefox (latest, N-1)
+- Safari (latest, N-1)
+- Edge (latest)
+- Mobile Safari (iOS)
+- Mobile Chrome (Android)
+
+**Market share guidance:** Test browsers representing 95%+ of user base.
+
+## Responsive Design Testing
+
+**Screen sizes:**
+```
+Mobile: 320px - 480px
+Tablet: 481px - 768px
+Desktop: 769px - 1920px+
+```
+
+**Test with Playwright:**
+```javascript
+const devices = [
+  { name: 'iPhone 12', width: 390, height: 844 },
+  { name: 'iPad', width: 768, height: 1024 },
+  { name: 'Desktop', width: 1920, height: 1080 }
+];
+
+for (const device of devices) {
+  test(`layout on ${device.name}`, async ({ page }) => {
+    await page.setViewportSize({
+      width: device.width,
+      height: device.height
+    });
+
+    await page.goto('https://example.com');
+
+    // Verify responsive layout
+    const nav = await page.locator('nav');
+    if (device.width < 768) {
+      // Mobile: hamburger menu
+      expect(await nav.locator('.hamburger')).toBeVisible();
+    } else {
+      // Desktop: full menu
+      expect(await nav.locator('.menu-items')).toBeVisible();
+    }
+  });
+}
+```
+
+## Cloud Testing Services
+
+**BrowserStack:**
+```javascript
+const capabilities = {
+  'browserName': 'Chrome',
+  'browser_version': '118.0',
+  'os': 'Windows',
+  'os_version': '11',
+  'browserstack.user': process.env.BROWSERSTACK_USER,
+  'browserstack.key': process.env.BROWSERSTACK_KEY
+};
+```
+
+## Related Skills
+
+- [mobile-testing](../mobile-testing/)
+- [accessibility-testing](../accessibility-testing/)
+- [visual-testing-advanced](../visual-testing-advanced/)
+
+## Remember
+
+**Test where users are, not where you develop.**
+
+Developers use latest browsers, users don't. Test on:
+- Older browsers (N-1, N-2)
+- Low-end devices
+- Slow networks
+- Different screen sizes
+
+**With Agents:** Agents orchestrate parallel cross-browser testing across cloud platforms, reducing 10 hours of testing to 15 minutes.

package/.claude/skills/compliance-testing/SKILL.md

@@ -0,0 +1,162 @@
+---
+name: compliance-testing
+description: Regulatory compliance testing for GDPR, CCPA, HIPAA, SOC2, PCI-DSS and industry-specific regulations. Use when ensuring legal compliance, preparing for audits, or handling sensitive data.
+version: 1.0.0
+category: specialized-testing
+tags: [compliance, gdpr, ccpa, hipaa, soc2, pci-dss, regulatory, audit]
+difficulty: advanced
+estimated_time: 90 minutes
+author: agentic-qe
+---
+
+# Compliance Testing
+
+## Core Principle
+
+**Non-compliance = fines, lawsuits, reputation damage.**
+
+Compliance testing validates software meets legal and regulatory requirements. Critical for avoiding penalties and protecting users.
+
+## GDPR Compliance Testing
+
+**Key Requirements:**
+- Right to access
+- Right to erasure ("right to be forgotten")
+- Data portability
+- Consent management
+- Breach notification
+
+**Test data subject rights:**
+```javascript
+test('user can request their data', async () => {
+  const userId = 'user123';
+
+  // User requests data export
+  const response = await api.post('/data-export', { userId });
+
+  // Should receive download link
+  expect(response.status).toBe(200);
+  expect(response.data.downloadUrl).toBeDefined();
+
+  // Download contains all user data
+  const data = await downloadFile(response.data.downloadUrl);
+  expect(data).toHaveProperty('profile');
+  expect(data).toHaveProperty('orders');
+  expect(data).toHaveProperty('preferences');
+});
+
+test('user can delete their account', async () => {
+  const userId = 'user123';
+
+  // User requests deletion
+  await api.delete(`/users/${userId}`);
+
+  // All personal data deleted
+  expect(await db.users.findOne({ id: userId })).toBeNull();
+  expect(await db.orders.find({ userId })).toHaveLength(0);
+
+  // Audit log retained (legal requirement)
+  const auditLog = await db.auditLogs.find({ userId });
+  expect(auditLog).toBeDefined();
+});
+
+test('consent is tracked', async () => {
+  await api.post('/consent', {
+    userId: 'user123',
+    type: 'marketing',
+    granted: true,
+    timestamp: new Date(),
+    ipAddress: '192.168.1.1'
+  });
+
+  const consent = await db.consents.findOne({
+    userId: 'user123',
+    type: 'marketing'
+  });
+
+  expect(consent.granted).toBe(true);
+  expect(consent.timestamp).toBeDefined();
+  expect(consent.ipAddress).toBe('192.168.1.1');
+});
+```
+
+## HIPAA Compliance (Healthcare)
+
+**Test PHI (Protected Health Information) security:**
+```javascript
+test('PHI is encrypted at rest', async () => {
+  const patient = await db.patients.create({
+    ssn: '123-45-6789',
+    medicalHistory: 'Diabetes, Hypertension'
+  });
+
+  // Verify encrypted in database
+  const raw = await db.raw('SELECT * FROM patients WHERE id = ?', patient.id);
+  expect(raw.ssn).not.toBe('123-45-6789'); // Should be encrypted
+  expect(raw.ssn).toMatch(/^[a-f0-9]{64}$/); // Looks like hash
+});
+
+test('access to PHI is logged', async () => {
+  await api.get('/patients/123', {
+    headers: { 'User-Id': 'doctor456' }
+  });
+
+  const auditLog = await db.auditLogs.findOne({
+    resourceType: 'patient',
+    resourceId: '123',
+    userId: 'doctor456'
+  });
+
+  expect(auditLog.action).toBe('read');
+  expect(auditLog.timestamp).toBeDefined();
+});
+```
+
+## PCI-DSS (Payment Card Industry)
+
+**Test credit card handling:**
+```javascript
+test('credit card numbers not stored', async () => {
+  await api.post('/payment', {
+    cardNumber: '4242424242424242',
+    expiry: '12/25',
+    cvv: '123'
+  });
+
+  // Card number should NOT be in database
+  const payment = await db.payments.findOne({ /* ... */ });
+  expect(payment.cardNumber).toBeUndefined();
+  expect(payment.last4).toBe('4242'); // Only last 4 digits OK
+  expect(payment.tokenId).toBeDefined(); // Token from gateway
+});
+
+test('CVV never stored', async () => {
+  // CVV should never touch database
+  const payments = await db.raw('SELECT * FROM payments');
+  const hasCV = payments.some(p =>
+    JSON.stringify(p).includes('cvv') ||
+    JSON.stringify(p).includes('cvc')
+  );
+
+  expect(hasCVV).toBe(false);
+});
+```
+
+## Related Skills
+
+- [security-testing](../security-testing/)
+- [test-data-management](../test-data-management/)
+- [accessibility-testing](../accessibility-testing/)
+
+## Remember
+
+**Compliance is mandatory, not optional.**
+
+Fines:
+- GDPR: Up to €20M or 4% of revenue
+- HIPAA: Up to $1.5M per violation
+- PCI-DSS: Up to $100k per month
+
+**Test continuously, audit trail everything.**
+
+**With Agents:** Agents validate compliance requirements, detect violations, and generate audit reports automatically.

package/.claude/skills/contract-testing/SKILL.md

@@ -0,0 +1,193 @@
+---
+name: contract-testing
+description: Consumer-driven contract testing for microservices using Pact, schema validation, API versioning, and backward compatibility testing. Use when testing API contracts, preventing breaking changes, or coordinating distributed teams.
+version: 1.0.0
+category: specialized-testing
+tags: [contract-testing, pact, microservices, api-versioning, consumer-driven, schema-validation]
+difficulty: advanced
+estimated_time: 90 minutes
+author: agentic-qe
+---
+
+# Contract Testing
+
+## Core Principle
+
+**Microservices fail when API contracts break.**
+
+Contract testing validates that providers (APIs) fulfill contracts expected by consumers (clients). Prevents breaking changes that cause production failures in distributed systems.
+
+## What is Contract Testing?
+
+**Contract:** Agreement between API provider and consumer about request/response structure.
+
+**Traditional Testing Problems:**
+```
+Consumer Team: "We need user.id as integer"
+Provider Team: "We changed it to UUID string"
+→ Production failure! No one noticed until deployed.
+```
+
+**Contract Testing Solution:**
+```
+1. Consumer defines expected contract
+2. Provider validates against contract
+3. Breaking changes caught before deployment
+```
+
+## Consumer-Driven Contracts (Pact)
+
+**Install Pact:**
+```bash
+npm install --save-dev @pact-foundation/pact
+```
+
+**Consumer Test (defines contract):**
+```javascript
+import { PactV3 } from '@pact-foundation/pact';
+
+const provider = new PactV3({
+  consumer: 'UserWebApp',
+  provider: 'UserAPI'
+});
+
+test('get user by id', async () => {
+  // Define expected interaction
+  await provider
+    .given('user 123 exists')
+    .uponReceiving('a request for user 123')
+    .withRequest({
+      method: 'GET',
+      path: '/users/123'
+    })
+    .willRespondWith({
+      status: 200,
+      headers: { 'Content-Type': 'application/json' },
+      body: {
+        id: 123,
+        email: 'user@example.com',
+        name: 'John Doe'
+      }
+    });
+
+  // Execute test
+  await provider.executeTest(async (mockServer) => {
+    const api = new UserAPI(mockServer.url);
+    const user = await api.getUser(123);
+
+    expect(user.id).toBe(123);
+    expect(user.email).toBe('user@example.com');
+  });
+});
+
+// Generates pact contract file
+```
+
+**Provider Verification:**
+```javascript
+import { Verifier } from '@pact-foundation/pact';
+
+test('provider honors all consumer contracts', async () => {
+  const verifier = new Verifier({
+    provider: 'UserAPI',
+    providerBaseUrl: 'http://localhost:3000',
+
+    // Load contracts from Pact Broker
+    pactBrokerUrl: 'https://pact-broker.example.com',
+    pactBrokerToken: process.env.PACT_BROKER_TOKEN,
+
+    // Or load local contracts
+    pactUrls: ['./pacts/UserWebApp-UserAPI.json'],
+
+    // Provider states
+    stateHandlers: {
+      'user 123 exists': async () => {
+        await db.users.create({ id: 123, email: 'user@example.com', name: 'John Doe' });
+      }
+    }
+  });
+
+  await verifier.verifyProvider();
+  // Fails if provider doesn't match consumer expectations
+});
+```
+
+## Schema Validation
+
+**JSON Schema Contract:**
+```javascript
+const userSchema = {
+  type: 'object',
+  required: ['id', 'email'],
+  properties: {
+    id: { type: 'integer' },
+    email: { type: 'string', format: 'email' },
+    name: { type: 'string' },
+    createdAt: { type: 'string', format: 'date-time' }
+  }
+};
+
+test('API response matches schema', async () => {
+  const response = await fetch('/api/users/123');
+  const user = await response.json();
+
+  const validator = new Ajv();
+  const valid = validator.validate(userSchema, user);
+
+  expect(valid).toBe(true);
+  expect(validator.errors).toBeNull();
+});
+```
+
+## API Versioning Testing
+
+**Test backward compatibility:**
+```javascript
+test('v2 API is backward compatible with v1', async () => {
+  // v1 client
+  const v1Response = await fetch('/api/v1/users/123');
+  const v1User = await v1Response.json();
+
+  // v2 client
+  const v2Response = await fetch('/api/v2/users/123');
+  const v2User = await v2Response.json();
+
+  // v2 must include all v1 fields
+  expect(v2User).toMatchObject(v1User);
+
+  // v2 can have additional fields
+  expect(v2User.newField).toBeDefined();
+});
+
+test('deprecated fields still present', async () => {
+  const response = await fetch('/api/v2/users/123');
+  const user = await response.json();
+
+  // Deprecated field still works (with warning header)
+  expect(user.oldField).toBeDefined();
+  expect(response.headers.get('Deprecation')).toBeTruthy();
+});
+```
+
+## Related Skills
+
+- [api-testing-patterns](../api-testing-patterns/) - API testing strategies
+- [regression-testing](../regression-testing/) - Contract regression
+- [agentic-quality-engineering](../agentic-quality-engineering/)
+
+## Remember
+
+**Breaking API changes break production.**
+
+- Microservices depend on each other
+- Changes propagate across services
+- Integration tests miss distributed issues
+- Contract testing catches breaks early
+
+**Consumer-driven prevents surprises:**
+- Consumers define expectations
+- Providers validate before deployment
+- Breaking changes caught in CI
+- Safe, independent deployments
+
+**With Agents:** `qe-api-contract-validator` automatically validates contracts, detects breaking changes, and ensures backward compatibility across all API versions.