npm - agentic-qe - Versions diffs - 3.4.0 → 3.4.2 - Mend

agentic-qe 3.4.0 → 3.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (498) hide show

package/.claude/skills/security-visual-testing/SKILL.md CHANGED Viewed

@@ -1,217 +1,223 @@
----
-name: security-visual-testing
-description: "Security-first visual testing combining URL validation, PII detection, and visual regression with parallel viewport support. Use when testing web applications that handle sensitive data, need visual regression coverage, or require WCAG accessibility compliance."
-category: specialized-testing
-priority: high
-tokenEstimate: 1400
-agents: [qe-visual-tester, qe-security-scanner, qe-accessibility-auditor]
-implementation_status: stable
-optimization_version: 1.0
-last_optimized: 2026-01-21
-dependencies: [visual-testing-advanced, security-testing, accessibility-testing]
-quick_reference_card: true
-tags: [security, visual-testing, pii, accessibility, wcag, parallel-viewport, regression]
----
-# Security Visual Testing
-<default_to_action>
-When performing security-aware visual testing:
-1. VALIDATE URLs before navigation (check for malicious patterns)
-2. SCAN for PII before saving screenshots (mask sensitive data)
-3. CAPTURE parallel viewports (mobile, tablet, desktop)
-4. COMPARE against baselines (detect visual regressions)
-5. AUDIT accessibility (WCAG 2.1 AA compliance)
-**Quick Security-Visual Checklist:**
-- URL validation (no javascript:, data:, file: schemes)
-- PII detection (emails, phones, SSN, credit cards, API keys)
-- Visual regression (diff threshold < 0.1%)
-- Viewport coverage (320px, 768px, 1024px, 1440px)
-- Accessibility score (> 90% axe-core pass rate)
-**Critical Success Factors:**
-- Always mask PII before storing screenshots
-- Test across all target viewports in parallel
-- Store baselines in version control
-- Run accessibility audits on every visual change
-</default_to_action>
-## Quick Reference Card
-### When to Use
-| Scenario | Use This Skill? | Why |
-|----------|-----------------|-----|
-| Testing login pages | Yes | Contains PII (passwords, emails) |
-| Visual regression suite | Yes | Parallel viewport + baseline comparison |
-| Payment forms | Yes | Credit card data needs masking |
-| Public marketing pages | Maybe | Only if sensitive data possible |
-| API-only testing | No | Use security-testing skill instead |
-### Key Capabilities
-| Capability | Description | Performance |
-|------------|-------------|-------------|
-| URL Validation | Block malicious URLs before navigation | <5ms |
-| PII Detection | Find 6+ types of sensitive data | <100ms |
-| Parallel Viewports | Test 4 viewports simultaneously | 4x faster |
-| Visual Regression | Pixel-diff with configurable threshold | <500ms |
-| Accessibility Audit | WCAG 2.1 A/AA/AAA compliance | <2s |
----
-## Workflows
-### 1. Security Visual Audit (Full Pipeline)
-```bash
-# Run complete security + visual audit
-aqe test visual-audit --url https://example.com --security --accessibility
-```
-**Steps:**
-1. Validate URL security (block malicious schemes)
-2. Scan page for security issues (XSS, injection patterns)
-3. Capture screenshots across 4 viewports in parallel
-4. Compare against stored baselines
-5. Run accessibility audit (axe-core)
-6. Generate consolidated report
-### 2. PII-Safe Screenshot
-```bash
-# Capture screenshot with automatic PII masking
-aqe screenshot --url https://example.com/profile --pii-safe
-```
-**PII Detection Patterns:**
-- Email addresses: `user@example.com`
-- Phone numbers: `+1-555-123-4567`
-- Credit cards: `4111-1111-1111-1111`
-- SSN: `123-45-6789`
-- API keys: `sk_live_...`, `AKIA...`
-- Passwords: Form fields with type="password"
-**Masking Strategy:**
-- Default: Blur with high intensity
-- Options: `redact` (black box), `pixelate`, `blur`
-### 3. Responsive Visual Audit
-```bash
-# Test visual consistency across viewports
-aqe test responsive --url https://example.com --viewports mobile,tablet,desktop
-```
-**Default Viewports:**
-| Name | Width | Height | Device |
-|------|-------|--------|--------|
-| mobile | 320px | 568px | iPhone SE |
-| tablet | 768px | 1024px | iPad |
-| desktop | 1440px | 900px | MacBook |
-| wide | 1920px | 1080px | Full HD |
----
-## Integration with AQE v3
-### Using with BrowserSecurityScanner
-```typescript
-import { BrowserSecurityScanner } from '@agentic-qe/v3';
-const scanner = new BrowserSecurityScanner(memory, {
-  urlValidation: { enabled: true },
-  piiDetection: { enabled: true, maskBeforeSave: true },
-  parallelViewports: { maxConcurrent: 4 }
-});
-const result = await scanner.scanUrl('https://example.com', {
-  viewports: ['mobile', 'tablet', 'desktop'],
-  accessibility: true
-});
-```
-### Using with TrajectoryAdapter
-```typescript
-import { TrajectoryAdapter } from '@agentic-qe/v3';
-const adapter = new TrajectoryAdapter(memory);
-// Record testing trajectory for learning
-await adapter.startTrajectory('security-visual-test', {
-  url: 'https://example.com',
-  testType: 'security-visual'
-});
-// ... perform tests ...
-await adapter.endTrajectory(trajectoryId, {
-  success: true,
-  piiFound: 3,
-  visualRegressions: 0,
-  accessibilityScore: 95
-});
-```
----
-## Agent Coordination
-### Memory Namespace
-```
-aqe/security-visual/
-├── baselines/*          - Visual regression baselines
-├── screenshots/*        - Captured screenshots (PII masked)
-├── reports/*            - Audit reports
-└── trajectories/*       - Learning trajectories
-```
-### Fleet Coordination
-```typescript
-const fleet = await FleetManager.coordinate({
-  strategy: 'security-visual-audit',
-  agents: [
-    'qe-visual-tester',      // Visual regression
-    'qe-security-scanner',   // URL/PII scanning
-    'qe-accessibility-auditor' // WCAG compliance
-  ],
-  topology: 'parallel',
-  maxConcurrent: 4
-});
-```
----
-## Error Handling
-| Error | Cause | Resolution |
-|-------|-------|------------|
-| `URL_BLOCKED` | Malicious URL pattern detected | Check URL, remove javascript:/data: |
-| `PII_DETECTED` | Sensitive data found in screenshot | Enable masking or redact manually |
-| `BASELINE_MISSING` | No baseline for comparison | Run with `--update-baseline` first |
-| `VIEWPORT_TIMEOUT` | Browser didn't respond | Increase timeout or reduce parallel |
-| `ACCESSIBILITY_FAILED` | WCAG violations found | Review violations, fix issues |
----
-## Related Skills
-- [visual-testing-advanced](../visual-testing-advanced/) - Pure visual testing without security
-- [security-testing](../security-testing/) - Security testing without visual component
-- [accessibility-testing](../accessibility-testing/) - Accessibility-only testing
-- [qe-visual-accessibility](../qe-visual-accessibility/) - AQE v3 visual domain skill
----
-## Performance Targets
-| Metric | Target | Measured |
-|--------|--------|----------|
-| URL validation | <5ms | 2ms |
-| PII detection | <100ms | 45ms |
-| Single viewport capture | <2s | 1.2s |
-| 4-viewport parallel | <3s | 2.1s |
-| Visual diff | <500ms | 320ms |
-| Accessibility audit | <2s | 1.5s |
-| Full pipeline | <10s | 7.2s |
+---
+name: security-visual-testing
+description: "Security-first visual testing combining URL validation, PII detection, and visual regression with parallel viewport support. Use when testing web applications that handle sensitive data, need visual regression coverage, or require WCAG accessibility compliance."
+category: specialized-testing
+priority: high
+tokenEstimate: 1400
+agents: [qe-visual-tester, qe-security-scanner, qe-accessibility-auditor]
+implementation_status: stable
+optimization_version: 1.0
+last_optimized: 2026-01-21
+dependencies: [visual-testing-advanced, security-testing, accessibility-testing]
+quick_reference_card: true
+tags: [security, visual-testing, pii, accessibility, wcag, parallel-viewport, regression]
+trust_tier: 3
+validation:
+  schema_path: schemas/output.json
+  validator_path: scripts/validate.sh
+  eval_path: evals/security-visual-testing.yaml
+---
+# Security Visual Testing
+<default_to_action>
+When performing security-aware visual testing:
+1. VALIDATE URLs before navigation (check for malicious patterns)
+2. SCAN for PII before saving screenshots (mask sensitive data)
+3. CAPTURE parallel viewports (mobile, tablet, desktop)
+4. COMPARE against baselines (detect visual regressions)
+5. AUDIT accessibility (WCAG 2.1 AA compliance)
+**Quick Security-Visual Checklist:**
+- URL validation (no javascript:, data:, file: schemes)
+- PII detection (emails, phones, SSN, credit cards, API keys)
+- Visual regression (diff threshold < 0.1%)
+- Viewport coverage (320px, 768px, 1024px, 1440px)
+- Accessibility score (> 90% axe-core pass rate)
+**Critical Success Factors:**
+- Always mask PII before storing screenshots
+- Test across all target viewports in parallel
+- Store baselines in version control
+- Run accessibility audits on every visual change
+</default_to_action>
+## Quick Reference Card
+### When to Use
+| Scenario | Use This Skill? | Why |
+|----------|-----------------|-----|
+| Testing login pages | Yes | Contains PII (passwords, emails) |
+| Visual regression suite | Yes | Parallel viewport + baseline comparison |
+| Payment forms | Yes | Credit card data needs masking |
+| Public marketing pages | Maybe | Only if sensitive data possible |
+| API-only testing | No | Use security-testing skill instead |
+### Key Capabilities
+| Capability | Description | Performance |
+|------------|-------------|-------------|
+| URL Validation | Block malicious URLs before navigation | <5ms |
+| PII Detection | Find 6+ types of sensitive data | <100ms |
+| Parallel Viewports | Test 4 viewports simultaneously | 4x faster |
+| Visual Regression | Pixel-diff with configurable threshold | <500ms |
+| Accessibility Audit | WCAG 2.1 A/AA/AAA compliance | <2s |
+---
+## Workflows
+### 1. Security Visual Audit (Full Pipeline)
+```bash
+# Run complete security + visual audit
+aqe test visual-audit --url https://example.com --security --accessibility
+```
+**Steps:**
+1. Validate URL security (block malicious schemes)
+2. Scan page for security issues (XSS, injection patterns)
+3. Capture screenshots across 4 viewports in parallel
+4. Compare against stored baselines
+5. Run accessibility audit (axe-core)
+6. Generate consolidated report
+### 2. PII-Safe Screenshot
+```bash
+# Capture screenshot with automatic PII masking
+aqe screenshot --url https://example.com/profile --pii-safe
+```
+**PII Detection Patterns:**
+- Email addresses: `user@example.com`
+- Phone numbers: `+1-555-123-4567`
+- Credit cards: `4111-1111-1111-1111`
+- SSN: `123-45-6789`
+- API keys: `sk_live_...`, `AKIA...`
+- Passwords: Form fields with type="password"
+**Masking Strategy:**
+- Default: Blur with high intensity
+- Options: `redact` (black box), `pixelate`, `blur`
+### 3. Responsive Visual Audit
+```bash
+# Test visual consistency across viewports
+aqe test responsive --url https://example.com --viewports mobile,tablet,desktop
+```
+**Default Viewports:**
+| Name | Width | Height | Device |
+|------|-------|--------|--------|
+| mobile | 320px | 568px | iPhone SE |
+| tablet | 768px | 1024px | iPad |
+| desktop | 1440px | 900px | MacBook |
+| wide | 1920px | 1080px | Full HD |
+---
+## Integration with AQE v3
+### Using with BrowserSecurityScanner
+```typescript
+import { BrowserSecurityScanner } from '@agentic-qe/v3';
+const scanner = new BrowserSecurityScanner(memory, {
+  urlValidation: { enabled: true },
+  piiDetection: { enabled: true, maskBeforeSave: true },
+  parallelViewports: { maxConcurrent: 4 }
+});
+const result = await scanner.scanUrl('https://example.com', {
+  viewports: ['mobile', 'tablet', 'desktop'],
+  accessibility: true
+});
+```
+### Using with TrajectoryAdapter
+```typescript
+import { TrajectoryAdapter } from '@agentic-qe/v3';
+const adapter = new TrajectoryAdapter(memory);
+// Record testing trajectory for learning
+await adapter.startTrajectory('security-visual-test', {
+  url: 'https://example.com',
+  testType: 'security-visual'
+});
+// ... perform tests ...
+await adapter.endTrajectory(trajectoryId, {
+  success: true,
+  piiFound: 3,
+  visualRegressions: 0,
+  accessibilityScore: 95
+});
+```
+---
+## Agent Coordination
+### Memory Namespace
+```
+aqe/security-visual/
+├── baselines/*          - Visual regression baselines
+├── screenshots/*        - Captured screenshots (PII masked)
+├── reports/*            - Audit reports
+└── trajectories/*       - Learning trajectories
+```
+### Fleet Coordination
+```typescript
+const fleet = await FleetManager.coordinate({
+  strategy: 'security-visual-audit',
+  agents: [
+    'qe-visual-tester',      // Visual regression
+    'qe-security-scanner',   // URL/PII scanning
+    'qe-accessibility-auditor' // WCAG compliance
+  ],
+  topology: 'parallel',
+  maxConcurrent: 4
+});
+```
+---
+## Error Handling
+| Error | Cause | Resolution |
+|-------|-------|------------|
+| `URL_BLOCKED` | Malicious URL pattern detected | Check URL, remove javascript:/data: |
+| `PII_DETECTED` | Sensitive data found in screenshot | Enable masking or redact manually |
+| `BASELINE_MISSING` | No baseline for comparison | Run with `--update-baseline` first |
+| `VIEWPORT_TIMEOUT` | Browser didn't respond | Increase timeout or reduce parallel |
+| `ACCESSIBILITY_FAILED` | WCAG violations found | Review violations, fix issues |
+---
+## Related Skills
+- [visual-testing-advanced](../visual-testing-advanced/) - Pure visual testing without security
+- [security-testing](../security-testing/) - Security testing without visual component
+- [accessibility-testing](../accessibility-testing/) - Accessibility-only testing
+- [qe-visual-accessibility](../qe-visual-accessibility/) - AQE v3 visual domain skill
+---
+## Performance Targets
+| Metric | Target | Measured |
+|--------|--------|----------|
+| URL validation | <5ms | 2ms |
+| PII detection | <100ms | 45ms |
+| Single viewport capture | <2s | 1.2s |
+| 4-viewport parallel | <3s | 2.1s |
+| Visual diff | <500ms | 320ms |
+| Accessibility audit | <2s | 1.5s |
+| Full pipeline | <10s | 7.2s |

package/.claude/skills/security-visual-testing/evals/security-visual-testing.yaml ADDED Viewed

@@ -0,0 +1,163 @@
+skill: security-visual-testing
+version: 1.0.0
+description: >
+  Evaluation suite for security-visual-testing skill.
+  Tests combined security and visual testing capabilities, ensuring findings
+  are correctly identified and classified across both domains.
+models_to_test:
+  - claude-3.5-sonnet
+  - claude-3-haiku
+mcp_integration:
+  enabled: true
+  namespace: skill-validation
+  query_patterns: true
+  track_outcomes: true
+  store_patterns: true
+  share_learning: true
+  update_quality_gate: true
+  target_agents:
+    - qe-learning-coordinator
+    - qe-queen-coordinator
+learning:
+  store_success_patterns: true
+  store_failure_patterns: true
+  pattern_ttl_days: 90
+  min_confidence_to_store: 0.7
+  cross_model_comparison: true
+result_format:
+  json_output: true
+  markdown_report: false
+  include_raw_output: false
+  include_timing: true
+  include_token_usage: true
+setup:
+  required_tools:
+    - jq
+  environment_variables:
+    SECURITY_SCAN_DEPTH: "standard"
+    VISUAL_DIFF_THRESHOLD: "0.05"
+  fixtures: []
+test_cases:
+  - id: tc001_basic_security_visual_analysis
+    description: "Skill returns both security findings and visual diffs"
+    category: basic
+    priority: critical
+    input:
+      url: "https://example.com"
+      context:
+        testScope: "full_page"
+        compareViewports: ["desktop", "mobile"]
+    expected_output:
+      must_contain:
+        - "securityFindings"
+        - "visualDiffs"
+        - "combinedScore"
+      must_not_contain:
+        - "error"
+        - "failed to analyze"
+    validation:
+      schema_check: true
+      keyword_match_threshold: 0.8
+  - id: tc002_security_findings_structure
+    description: "Security findings have required fields and valid structure"
+    category: core
+    priority: critical
+    input:
+      url: "https://example.com/vulnerable"
+      context:
+        testScope: "full_page"
+    expected_output:
+      must_contain:
+        - "totalFindings"
+        - "score"
+        - "OWASP"
+      finding_count:
+        min: 0
+        max: 50
+    validation:
+      schema_check: true
+      keyword_match_threshold: 0.8
+  - id: tc003_visual_diffs_detection
+    description: "Visual diffs are properly detected and reported"
+    category: core
+    priority: high
+    input:
+      url: "https://example.com"
+      baselineUrl: "https://baseline.example.com"
+      context:
+        compareViewports: ["desktop", "mobile"]
+    expected_output:
+      must_contain:
+        - "totalComparisons"
+        - "diffsDetected"
+        - "passRate"
+    validation:
+      schema_check: true
+  - id: tc004_combined_scoring_accuracy
+    description: "Combined score correctly weights security and visual scores"
+    category: core
+    priority: high
+    input:
+      url: "https://example.com"
+      context:
+        testScope: "full_page"
+    expected_output:
+      must_contain:
+        - "combinedScore"
+        - "securityWeight"
+        - "visualWeight"
+    validation:
+      schema_check: true
+      keyword_match_threshold: 0.7
+  - id: tc005_cross_domain_issue_detection
+    description: "Cross-domain issues spanning security and visual are identified"
+    category: core
+    priority: high
+    input:
+      url: "https://example.com"
+      context:
+        detectCrossDomainIssues: true
+    expected_output:
+      must_contain:
+        - "crossDomainIssues"
+    validation:
+      schema_check: true
+      allow_partial: true
+success_criteria:
+  pass_rate: 0.8
+  critical_pass_rate: 1.0
+  avg_reasoning_quality: 0.7
+  max_execution_time_ms: 300000
+  cross_model_variance: 0.15
+metadata:
+  author: "qe-security-auditor"
+  created: "2026-02-02"
+  last_updated: "2026-02-02"
+  coverage_target: "Security-visual integration, combined scoring, cross-domain detection"