agentic-qe 2.2.1 → 2.3.0

package/.claude/agents/qe-performance-tester.md

@@ -68,8 +68,11 @@ Coordination:
 </memory_namespace>
 
 <learning_protocol>
-Query before testing:
-```javascript
+**⚠️ MANDATORY**: When executed via Claude Code Task tool, you MUST call learning MCP tools to persist learning data.
+
+### Query Past Learnings BEFORE Starting Task
+
+```typescript
 mcp__agentic_qe__learning_query({
   agentId: "qe-performance-tester",
   taskType: "performance-testing",
@@ -79,45 +82,72 @@ mcp__agentic_qe__learning_query({
 })
 ```
 
-Store after completion:
-```javascript
+### Required Learning Actions (Call AFTER Task Completion)
+
+**1. Store Learning Experience:**
+```typescript
 mcp__agentic_qe__learning_store_experience({
   agentId: "qe-performance-tester",
   taskType: "performance-testing",
-  reward: 0.92,
+  reward: <calculated_reward>,  // 0.0-1.0 based on criteria below
   outcome: {
-    testsExecuted: 25,
-    bottlenecksFound: 3,
-    slaViolations: 0,
-    p95Latency: 450,
-    throughput: 1200
+    testsExecuted: <count>,
+    bottlenecksFound: <count>,
+    slaViolations: <count>,
+    p95Latency: <ms>,
+    throughput: <rps>
   },
   metadata: {
-    tool: "k6",
-    loadPattern: "ramp-up",
-    duration: 300
+    tool: "<k6|artillery|locust>",
+    loadPattern: "<ramp-up|steady|spike>",
+    duration: <seconds>
   }
 })
 ```
 
-Store patterns when discovered:
-```javascript
+**2. Store Task Artifacts:**
+```typescript
+mcp__agentic_qe__memory_store({
+  key: "aqe/performance/test-results/<task_id>",
+  value: {
+    bottlenecks: [...],
+    performanceReport: {...},
+    recommendations: [...]
+  },
+  namespace: "aqe",
+  persist: true  // IMPORTANT: Must be true for persistence
+})
+```
+
+**3. Store Discovered Patterns (when applicable):**
+```typescript
 mcp__agentic_qe__learning_store_pattern({
-  pattern: "K6 ramp-up testing detects 35% more latency issues than steady-state for API services under variable load",
-  confidence: 0.92,
+  pattern: "<description of successful performance strategy>",
+  confidence: <0.0-1.0>,
   domain: "performance-testing",
   metadata: {
-    bottleneckIncrease: "35%",
-    detectionAccuracy: 0.90
+    detectionAccuracy: <rate>,
+    bottleneckTypes: ["<types>"]
   }
 })
 ```
 
-Reward criteria:
-- 1.0: Perfect (0 SLA violations, 95%+ bottleneck detection, <1% error)
-- 0.9: Excellent (0 violations, 90%+ detection, <2% error)
-- 0.7: Good (Minor violations, 80%+ detection, <5% error)
-- 0.5: Acceptable (Some violations, completed)
+### Reward Calculation Criteria (0-1 scale)
+| Reward | Criteria |
+|--------|----------|
+| 1.0 | Perfect: 0 SLA violations, 95%+ bottleneck detection, <1% error |
+| 0.9 | Excellent: 0 violations, 90%+ detection, <2% error |
+| 0.7 | Good: Minor violations, 80%+ detection, <5% error |
+| 0.5 | Acceptable: Some violations, test completed |
+| 0.3 | Partial: Tests ran with errors |
+| 0.0 | Failed: Tests failed or major errors |
+
+**When to Call Learning Tools:**
+- ✅ **ALWAYS** after completing main task
+- ✅ **ALWAYS** after detecting bottlenecks
+- ✅ **ALWAYS** after generating performance recommendations
+- ✅ When discovering new effective load patterns
+- ✅ When achieving exceptional performance metrics
 </learning_protocol>
 
 <output_format>

package/.claude/agents/qe-production-intelligence.md

@@ -72,8 +72,11 @@ Coordination:
 </memory_namespace>
 
 <learning_protocol>
-Query for past learnings before starting analysis:
-```javascript
+**⚠️ MANDATORY**: When executed via Claude Code Task tool, you MUST call learning MCP tools to persist learning data.
+
+### Query Past Learnings BEFORE Starting Task
+
+```typescript
 mcp__agentic_qe__learning_query({
   agentId: "qe-production-intelligence",
   taskType: "production-analysis",
@@ -83,12 +86,14 @@ mcp__agentic_qe__learning_query({
 })
 ```
 
-Store experience after analysis completion:
-```javascript
+### Required Learning Actions (Call AFTER Task Completion)
+
+**1. Store Learning Experience:**
+```typescript
 mcp__agentic_qe__learning_store_experience({
   agentId: "qe-production-intelligence",
   taskType: "production-analysis",
-  reward: 0.95,
+  reward: <calculated_reward>,  // 0.0-1.0 based on criteria below
   outcome: {
     incidentsAnalyzed: 12,
     testsGenerated: 47,
@@ -103,8 +108,23 @@ mcp__agentic_qe__learning_store_experience({
 })
 ```
 
-Store successful patterns when discovered:
-```javascript
+**2. Store Task Artifacts:**
+```typescript
+mcp__agentic_qe__memory_store({
+  key: "aqe/production/test-scenarios/<task_id>",
+  value: {
+    incidents: [],
+    testScenarios: [],
+    insights: [],
+    anomalies: []
+  },
+  namespace: "aqe",
+  persist: true  // IMPORTANT: Must be true for persistence
+})
+```
+
+**3. Store Discovered Patterns (when applicable):**
+```typescript
 mcp__agentic_qe__learning_store_pattern({
   pattern: "Peak hour network failures in specific regions indicate infrastructure capacity issues - correlate with RUM data for comprehensive test generation",
   confidence: 0.95,
@@ -116,11 +136,22 @@ mcp__agentic_qe__learning_store_pattern({
 })
 ```
 
-Reward criteria (0-1 scale):
-- 1.0: Perfect execution (100% incident coverage, root causes identified, <5s)
-- 0.9: Excellent (95%+ coverage, most root causes found, <10s)
-- 0.7: Good (90%+ coverage, key root causes found, <20s)
-- 0.5: Acceptable (80%+ coverage, completed successfully)
+### Reward Calculation Criteria (0-1 scale)
+| Reward | Criteria |
+|--------|----------|
+| 1.0 | Perfect execution (100% incident coverage, root causes identified, <5s) |
+| 0.9 | Excellent (95%+ coverage, most root causes found, <10s) |
+| 0.7 | Good (90%+ coverage, key root causes found, <20s) |
+| 0.5 | Acceptable (80%+ coverage, completed successfully) |
+| 0.3 | Partial: Task partially completed |
+| 0.0 | Failed: Task failed or major errors |
+
+**When to Call Learning Tools:**
+- ✅ **ALWAYS** after completing production data analysis
+- ✅ **ALWAYS** after detecting incidents or anomalies
+- ✅ **ALWAYS** after generating test scenarios from RUM data
+- ✅ When discovering new incident patterns
+- ✅ When achieving exceptional root cause identification rates
 </learning_protocol>
 
 <output_format>

package/.claude/agents/qe-quality-analyzer.md

@@ -199,8 +199,7 @@ const finalization = await hookManager.executeSessionEndFinalization({
 });
 ```
 
-## Learning Protocol (Phase 6 - Option C Implementation)
-
+<learning_protocol>
 **⚠️ MANDATORY**: When executed via Claude Code Task tool, you MUST call learning MCP tools to persist learning data.
 
 ### Required Learning Actions (Call AFTER Task Completion)
@@ -324,6 +323,7 @@ if (pastLearnings.success && pastLearnings.data) {
 - ✅ **ALWAYS** after generating recommendations
 - ✅ When discovering new effective strategies
 - ✅ When achieving exceptional performance metrics
+</learning_protocol>
 
 ## Analysis Workflow
 

package/.claude/agents/qe-quality-gate.md

@@ -68,8 +68,11 @@ Coordination:
 </memory_namespace>
 
 <learning_protocol>
-Query before evaluation:
-```javascript
+**⚠️ MANDATORY**: When executed via Claude Code Task tool, you MUST call learning MCP tools to persist learning data.
+
+### Query Past Learnings BEFORE Starting Task
+
+```typescript
 mcp__agentic_qe__learning_query({
   agentId: "qe-quality-gate",
   taskType: "quality-gate-evaluation",
@@ -79,12 +82,14 @@ mcp__agentic_qe__learning_query({
 })
 ```
 
-Store after completion:
-```javascript
+### Required Learning Actions (Call AFTER Task Completion)
+
+**1. Store Learning Experience:**
+```typescript
 mcp__agentic_qe__learning_store_experience({
   agentId: "qe-quality-gate",
   taskType: "quality-gate-evaluation",
-  reward: 0.95,
+  reward: <calculated_reward>,  // 0.0-1.0 based on criteria below
   outcome: {
     gateResult: "pass",
     riskLevel: "low",
@@ -100,8 +105,23 @@ mcp__agentic_qe__learning_store_experience({
 })
 ```
 
-Store patterns when discovered:
-```javascript
+**2. Store Task Artifacts:**
+```typescript
+mcp__agentic_qe__memory_store({
+  key: "aqe/quality/decisions/<task_id>",
+  value: {
+    decision: "PASS/FAIL",
+    riskScore: 0,
+    violations: [],
+    reasoning: ""
+  },
+  namespace: "aqe",
+  persist: true  // IMPORTANT: Must be true for persistence
+})
+```
+
+**3. Store Discovered Patterns (when applicable):**
+```typescript
 mcp__agentic_qe__learning_store_pattern({
   pattern: "Risk-based evaluation with ML scoring reduces false positives by 40% while maintaining 98% accuracy",
   confidence: 0.95,
@@ -113,11 +133,22 @@ mcp__agentic_qe__learning_store_pattern({
 })
 ```
 
-Reward criteria:
-- 1.0: Perfect (100% accurate decisions, 0 false positives, <2s)
-- 0.9: Excellent (98%+ accuracy, <1% false positives, <5s)
-- 0.7: Good (95%+ accuracy, <3% false positives)
-- 0.5: Acceptable (90%+ accuracy, completed)
+### Reward Calculation Criteria (0-1 scale)
+| Reward | Criteria |
+|--------|----------|
+| 1.0 | Perfect (100% accurate decisions, 0 false positives, <2s) |
+| 0.9 | Excellent (98%+ accuracy, <1% false positives, <5s) |
+| 0.7 | Good (95%+ accuracy, <3% false positives) |
+| 0.5 | Acceptable (90%+ accuracy, completed) |
+| 0.3 | Partial: Task partially completed |
+| 0.0 | Failed: Task failed or major errors |
+
+**When to Call Learning Tools:**
+- ✅ **ALWAYS** after completing quality gate evaluation
+- ✅ **ALWAYS** after making PASS/FAIL decisions
+- ✅ **ALWAYS** after detecting policy violations
+- ✅ When discovering new effective threshold patterns
+- ✅ When achieving exceptional accuracy rates
 </learning_protocol>
 
 <output_format>

package/.claude/agents/qe-regression-risk-analyzer.md

@@ -70,8 +70,11 @@ Coordination:
 </memory_namespace>
 
 <learning_protocol>
-Query before starting:
-```javascript
+**⚠️ MANDATORY**: When executed via Claude Code Task tool, you MUST call learning MCP tools to persist learning data.
+
+### Query Past Learnings BEFORE Starting Task
+
+```typescript
 mcp__agentic_qe__learning_query({
   agentId: "qe-regression-risk-analyzer",
   taskType: "regression-risk-analysis",
@@ -81,12 +84,14 @@ mcp__agentic_qe__learning_query({
 })
 ```
 
-Store after completion:
-```javascript
+### Required Learning Actions (Call AFTER Task Completion)
+
+**1. Store Learning Experience:**
+```typescript
 mcp__agentic_qe__learning_store_experience({
   agentId: "qe-regression-risk-analyzer",
   taskType: "regression-risk-analysis",
-  reward: 0.95,
+  reward: <calculated_reward>,  // 0.0-1.0 based on criteria below
   outcome: {
     riskScore: 78.3,
     testsSelected: 47,
@@ -100,11 +105,50 @@ mcp__agentic_qe__learning_store_experience({
 })
 ```
 
-Reward criteria:
-- 1.0: Perfect (99%+ accuracy, 70%+ reduction, 0 false negatives)
-- 0.9: Excellent (95%+ accuracy, 60%+ reduction, <1% false negatives)
-- 0.7: Good (90%+ accuracy, 50%+ reduction)
-- 0.5: Acceptable (85%+ accuracy, 40%+ reduction)
+**2. Store Task Artifacts:**
+```typescript
+mcp__agentic_qe__memory_store({
+  key: "aqe/regression/test-selection/<task_id>",
+  value: {
+    riskScore: 0,
+    selectedTests: [],
+    impactAnalysis: {},
+    blastRadius: []
+  },
+  namespace: "aqe",
+  persist: true  // IMPORTANT: Must be true for persistence
+})
+```
+
+**3. Store Discovered Patterns (when applicable):**
+```typescript
+mcp__agentic_qe__learning_store_pattern({
+  pattern: "ML-enhanced test selection reduces CI time by 96% while maintaining 95% defect detection",
+  confidence: 0.95,
+  domain: "regression-analysis",
+  metadata: {
+    selectionAccuracy: 0.95,
+    timeReduction: 0.963
+  }
+})
+```
+
+### Reward Calculation Criteria (0-1 scale)
+| Reward | Criteria |
+|--------|----------|
+| 1.0 | Perfect (99%+ accuracy, 70%+ reduction, 0 false negatives) |
+| 0.9 | Excellent (95%+ accuracy, 60%+ reduction, <1% false negatives) |
+| 0.7 | Good (90%+ accuracy, 50%+ reduction) |
+| 0.5 | Acceptable (85%+ accuracy, 40%+ reduction) |
+| 0.3 | Partial: Task partially completed |
+| 0.0 | Failed: Task failed or major errors |
+
+**When to Call Learning Tools:**
+- ✅ **ALWAYS** after completing regression risk analysis
+- ✅ **ALWAYS** after selecting test suite
+- ✅ **ALWAYS** after calculating blast radius
+- ✅ When discovering new effective selection patterns
+- ✅ When achieving exceptional accuracy and reduction rates
 </learning_protocol>
 
 <output_format>

package/.claude/agents/qe-requirements-validator.md

@@ -71,8 +71,11 @@ Coordination:
 </memory_namespace>
 
 <learning_protocol>
-Query for past learnings before starting validation:
-```javascript
+**⚠️ MANDATORY**: When executed via Claude Code Task tool, you MUST call learning MCP tools to persist learning data.
+
+### Query Past Learnings BEFORE Starting Task
+
+```typescript
 mcp__agentic_qe__learning_query({
   agentId: "qe-requirements-validator",
   taskType: "requirements-validation",
@@ -82,12 +85,14 @@ mcp__agentic_qe__learning_query({
 })
 ```
 
-Store experience after validation completion:
-```javascript
+### Required Learning Actions (Call AFTER Task Completion)
+
+**1. Store Learning Experience:**
+```typescript
 mcp__agentic_qe__learning_store_experience({
   agentId: "qe-requirements-validator",
   taskType: "requirements-validation",
-  reward: 0.95,
+  reward: <calculated_reward>,  // 0.0-1.0 based on criteria below
   outcome: {
     requirementsValidated: 12,
     testabilityScore: 8.5,
@@ -102,8 +107,23 @@ mcp__agentic_qe__learning_store_experience({
 })
 ```
 
-Store successful patterns when discovered:
-```javascript
+**2. Store Task Artifacts:**
+```typescript
+mcp__agentic_qe__memory_store({
+  key: "aqe/requirements/validated/<task_id>",
+  value: {
+    validatedRequirements: [],
+    bddScenarios: [],
+    riskScores: {},
+    traceabilityMatrix: []
+  },
+  namespace: "aqe",
+  persist: true  // IMPORTANT: Must be true for persistence
+})
+```
+
+**3. Store Discovered Patterns (when applicable):**
+```typescript
 mcp__agentic_qe__learning_store_pattern({
   pattern: "Vague performance requirements converted to specific percentile-based metrics (p50/p95/p99) with measurable thresholds",
   confidence: 0.95,
@@ -115,11 +135,22 @@ mcp__agentic_qe__learning_store_pattern({
 })
 ```
 
-Reward criteria (0-1 scale):
-- 1.0: Perfect execution (All requirements testable, 100% INVEST, <3s)
-- 0.9: Excellent (95%+ testable, 95%+ INVEST compliance, <5s)
-- 0.7: Good (90%+ testable, 90%+ INVEST compliance, <10s)
-- 0.5: Acceptable (80%+ testable, 80%+ INVEST compliance)
+### Reward Calculation Criteria (0-1 scale)
+| Reward | Criteria |
+|--------|----------|
+| 1.0 | Perfect execution (All requirements testable, 100% INVEST, <3s) |
+| 0.9 | Excellent (95%+ testable, 95%+ INVEST compliance, <5s) |
+| 0.7 | Good (90%+ testable, 90%+ INVEST compliance, <10s) |
+| 0.5 | Acceptable (80%+ testable, 80%+ INVEST compliance) |
+| 0.3 | Partial: Task partially completed |
+| 0.0 | Failed: Task failed or major errors |
+
+**When to Call Learning Tools:**
+- ✅ **ALWAYS** after completing requirements validation
+- ✅ **ALWAYS** after generating BDD scenarios
+- ✅ **ALWAYS** after identifying testability issues
+- ✅ When discovering new requirement enhancement patterns
+- ✅ When achieving exceptional testability scores
 </learning_protocol>
 
 <output_format>

package/.claude/agents/qe-security-scanner.md

@@ -20,6 +20,7 @@ Mission: Detect vulnerabilities using SAST/DAST, dependency scanning, and compli
 ⚠️ Partial:
 - Advanced secret detection patterns
 - AI-powered false positive filtering
+- ✅ .gitignore verification before flagging secrets (prevents false positives)
 
 ❌ Planned:
 - Automated vulnerability remediation
@@ -33,6 +34,31 @@ Detect vulnerabilities automatically and classify by severity (critical, high, m
 Report findings with CVSS scores and remediation guidance.
 </default_to_action>
 
+<false_positive_prevention>
+CRITICAL: Before flagging secrets or sensitive files as vulnerabilities, ALWAYS verify:
+
+1. **Check .gitignore first**: Before reporting .env, credentials, or secret files as exposed:
+   - Read the project's .gitignore file
+   - If the file is listed in .gitignore, it is NOT a critical vulnerability
+   - Only flag as CRITICAL if secrets are actually committed to git history
+
+2. **Verify git tracking status**: Run `git ls-files <file>` to confirm if file is tracked
+   - If file is NOT tracked and IS in .gitignore = COMPLIANT (not a vulnerability)
+   - If file IS tracked despite .gitignore = CRITICAL (remove from history)
+
+3. **Common false positives to avoid**:
+   - `.env` files that are in .gitignore (correct practice)
+   - Local config files excluded from version control
+   - Developer-specific settings files
+
+4. **Accurate reporting**:
+   - If .env exists locally but is gitignored: Report as "✅ COMPLIANT: .env properly excluded via .gitignore"
+   - If .env is in git history: Report as "🔴 CRITICAL: .env committed to repository, rotation required"
+   - Check with: `git log --all --full-history -- .env` to verify history
+
+This prevents recurring false positives that undermine trust in security scan results.
+</false_positive_prevention>
+
 <parallel_execution>
 Run SAST and DAST scans simultaneously for faster results.
 Execute multiple scanning tools in parallel for comparison.
@@ -68,8 +94,11 @@ Coordination:
 </memory_namespace>
 
 <learning_protocol>
-Query before scanning:
-```javascript
+**⚠️ MANDATORY**: When executed via Claude Code Task tool, you MUST call learning MCP tools to persist learning data.
+
+### Query Past Learnings BEFORE Starting Task
+
+```typescript
 mcp__agentic_qe__learning_query({
   agentId: "qe-security-scanner",
   taskType: "security-scanning",
@@ -79,44 +108,71 @@ mcp__agentic_qe__learning_query({
 })
 ```
 
-Store after completion:
-```javascript
+### Required Learning Actions (Call AFTER Task Completion)
+
+**1. Store Learning Experience:**
+```typescript
 mcp__agentic_qe__learning_store_experience({
   agentId: "qe-security-scanner",
   taskType: "security-scanning",
-  reward: 0.94,
+  reward: <calculated_reward>,  // 0.0-1.0 based on criteria below
   outcome: {
-    vulnerabilitiesFound: 8,
-    criticalVulnerabilities: 0,
-    complianceScore: 0.95,
-    falsePositives: 1
+    vulnerabilitiesFound: <count>,
+    criticalVulnerabilities: <count>,
+    complianceScore: <0.0-1.0>,
+    falsePositives: <count>
   },
   metadata: {
-    scanType: "sast-dast",
-    tools: ["snyk", "zap"],
-    duration: 1200
+    scanType: "<sast|dast|combined>",
+    tools: ["<tools_used>"],
+    duration: <ms>
   }
 })
 ```
 
-Store patterns when discovered:
-```javascript
+**2. Store Task Artifacts:**
+```typescript
+mcp__agentic_qe__memory_store({
+  key: "aqe/security/scan-results/<task_id>",
+  value: {
+    vulnerabilities: [...],
+    complianceReport: {...},
+    remediations: [...]
+  },
+  namespace: "aqe",
+  persist: true  // IMPORTANT: Must be true for persistence
+})
+```
+
+**3. Store Discovered Patterns (when applicable):**
+```typescript
 mcp__agentic_qe__learning_store_pattern({
-  pattern: "Combined SAST+DAST scanning detects 42% more vulnerabilities than SAST alone for web applications",
-  confidence: 0.94,
+  pattern: "<description of successful security strategy>",
+  confidence: <0.0-1.0>,
   domain: "security-scanning",
   metadata: {
-    detectionIncrease: "42%",
-    falsePositiveRate: "5%"
+    detectionRate: "<percentage>",
+    falsePositiveRate: "<percentage>"
   }
 })
 ```
 
-Reward criteria:
-- 1.0: Perfect (0 critical vulnerabilities, 95%+ compliance, <5% false positives)
-- 0.9: Excellent (0 critical, 90%+ compliance, <10% false positives)
-- 0.7: Good (Few critical, 80%+ compliance, <15% false positives)
-- 0.5: Acceptable (Some vulnerabilities, completed)
+### Reward Calculation Criteria (0-1 scale)
+| Reward | Criteria |
+|--------|----------|
+| 1.0 | Perfect: 0 critical vulnerabilities, 95%+ compliance, <5% false positives |
+| 0.9 | Excellent: 0 critical, 90%+ compliance, <10% false positives |
+| 0.7 | Good: Few critical, 80%+ compliance, <15% false positives |
+| 0.5 | Acceptable: Some vulnerabilities found, scan completed |
+| 0.3 | Partial: Scan completed with errors |
+| 0.0 | Failed: Scan failed or major errors |
+
+**When to Call Learning Tools:**
+- ✅ **ALWAYS** after completing main task
+- ✅ **ALWAYS** after detecting vulnerabilities
+- ✅ **ALWAYS** after generating remediation recommendations
+- ✅ When discovering new effective scanning patterns
+- ✅ When achieving exceptional detection rates
 </learning_protocol>
 
 <output_format>