agentic-qe 3.4.2 → 3.4.4

package/.claude/skills/README.md

@@ -1,50 +1,141 @@
 # AQE Skills Index
 
-This directory contains Quality Engineering skills installed by `aqe init`.
-
-> **Note**: Claude Flow platform skills (agentdb, n8n, github, flow-nexus, etc.) are managed
-> separately by the claude-flow package. This directory contains only QE-specific skills.
+This directory contains Quality Engineering skills managed by Agentic QE.
 
 ## Summary
 
-- **Total Skills**: 1
-- **V2 Methodology Skills**: 0
-- **V3 Domain Skills**: 1
+- **Total QE Skills**: 63
+- **V2 Methodology Skills**: 49
+- **V3 Domain Skills**: 14
+- **Platform Skills**: 34 (Claude Flow managed)
+- **Validation Infrastructure**: ✅ Installed
 
-## V2 Methodology Skills (0)
+> **Note**: Platform skills (agentdb, github, flow-nexus, etc.) are managed by claude-flow.
+> Only QE-specific skills are installed/updated by `aqe init`.
 
-Version-agnostic quality engineering best practices from the QE community.
+## V2 Methodology Skills (49)
 
-*None installed*
+Version-agnostic quality engineering best practices from the QE community.
 
-## V3 Domain Skills (1)
+- **a11y-ally**: Comprehensive WCAG accessibility auditing with multi-tool testing (axe-core + pa11y + Lighthouse), TRUE PARALLEL execution with Promise.allSettled, graceful degradation, retry with backoff, context-aware remediation, learning integration, and video accessibility. Uses 3-tier browser cascade: Vibium → agent-browser → Playwright+Stealth.
+- **accessibility-testing**: WCAG 2.2 compliance testing, screen reader validation, and inclusive design verification. Use when ensuring legal compliance (ADA, Section 508), testing for disabilities, or building accessible applications for 1 billion disabled users globally.
+- **agentic-quality-engineering**: AI agents as force multipliers for quality work. Core skill for all 19 QE agents using PACT principles.
+- **api-testing-patterns**: Comprehensive API testing patterns including contract testing, REST/GraphQL testing, and integration testing. Use when testing APIs or designing API test strategies.
+- **brutal-honesty-review**: Unvarnished technical criticism combining Linus Torvalds
+- **bug-reporting-excellence**: Write high-quality bug reports that get fixed quickly. Use when reporting bugs, training teams on bug reporting, or establishing bug report standards.
+- **chaos-engineering-resilience**: Chaos engineering principles, controlled failure injection, resilience testing, and system recovery validation. Use when testing distributed systems, building confidence in fault tolerance, or validating disaster recovery.
+- **cicd-pipeline-qe-orchestrator**: Orchestrate quality engineering across CI/CD pipeline phases. Use when designing test strategies, planning quality gates, or implementing shift-left/shift-right testing.
+- **code-review-quality**: Conduct context-driven code reviews focusing on quality, testability, and maintainability. Use when reviewing code, providing feedback, or establishing review practices.
+- **compatibility-testing**: Cross-browser, cross-platform, and cross-device compatibility testing ensuring consistent experience across environments. Use when validating browser support, testing responsive design, or ensuring platform compatibility.
+- **compliance-testing**: Regulatory compliance testing for GDPR, CCPA, HIPAA, SOC2, PCI-DSS and industry-specific regulations. Use when ensuring legal compliance, preparing for audits, or handling sensitive data.
+- **consultancy-practices**: Apply effective software quality consultancy practices. Use when consulting, advising clients, or establishing consultancy workflows.
+- **context-driven-testing**: Apply context-driven testing principles where practices are chosen based on project context, not universal
+- **contract-testing**: Consumer-driven contract testing for microservices using Pact, schema validation, API versioning, and backward compatibility testing. Use when testing API contracts or coordinating distributed teams.
+- **database-testing**: Database schema validation, data integrity testing, migration testing, transaction isolation, and query performance. Use when testing data persistence, ensuring referential integrity, or validating database migrations.
+- **exploratory-testing-advanced**: Advanced exploratory testing techniques with Session-Based Test Management (SBTM), RST heuristics, and test tours. Use when planning exploration sessions, investigating bugs, or discovering unknown quality risks.
+- **holistic-testing-pact**: Apply the Holistic Testing Model evolved with PACT (Proactive, Autonomous, Collaborative, Targeted) principles. Use when designing comprehensive test strategies for Classical, AI-assisted, Agent based, or Agentic Systems building quality into the team, or implementing whole-team quality practices.
+- **localization-testing**: Internationalization (i18n) and localization (l10n) testing for global products including translations, locale formats, RTL languages, and cultural appropriateness. Use when launching in new markets or building multi-language products.
+- **mobile-testing**: Comprehensive mobile testing for iOS and Android platforms including gestures, sensors, permissions, device fragmentation, and performance. Use when testing native apps, hybrid apps, or mobile web, ensuring quality across 1000+ device variants.
+- **mutation-testing**: Test quality validation through mutation testing, assessing test suite effectiveness by introducing code mutations and measuring kill rate. Use when evaluating test quality, identifying weak tests, or proving tests actually catch bugs.
+- **n8n-expression-testing**: n8n expression syntax validation, context-aware testing, common pitfalls detection, and performance optimization. Use when validating n8n expressions and data transformations.
+- **n8n-integration-testing-patterns**: API contract testing, authentication flows, rate limit handling, and error scenario coverage for n8n integrations with external services. Use when testing n8n node integrations.
+- **n8n-security-testing**: Credential exposure detection, OAuth flow validation, API key management testing, and data sanitization verification for n8n workflows. Use when validating n8n workflow security.
+- **n8n-trigger-testing-strategies**: Webhook testing, schedule validation, event-driven triggers, and polling mechanism testing for n8n workflows. Use when testing how workflows are triggered.
+- **n8n-workflow-testing-fundamentals**: Comprehensive n8n workflow testing including execution lifecycle, node connection patterns, data flow validation, and error handling strategies. Use when testing n8n workflow automation applications.
+- **pair-programming**: AI-assisted pair programming with multiple modes (driver/navigator/switch), real-time verification, quality monitoring, and comprehensive testing. Supports TDD, debugging, refactoring, and learning sessions. Features automatic role switching, continuous code review, security scanning, and performance optimization with truth-score verification.
+- **performance-testing**: Test application performance, scalability, and resilience. Use when planning load testing, stress testing, or optimizing system performance.
+- **qcsd-ideation-swarm**: QCSD Ideation phase swarm for Quality Criteria sessions using HTSM v6.3, Risk Storming, and Testability analysis before development begins. Uses 5-tier browser cascade: Vibium → agent-browser → Playwright+Stealth → WebFetch → WebSearch-fallback.
+- **quality-metrics**: Measure quality effectively with actionable metrics. Use when establishing quality dashboards, defining KPIs, or evaluating test effectiveness.
+- **refactoring-patterns**: Apply safe refactoring patterns to improve code structure without changing behavior. Use when cleaning up code, reducing technical debt, or improving maintainability.
+- **regression-testing**: Strategic regression testing with test selection, impact analysis, and continuous regression management. Use when verifying fixes don
+- **risk-based-testing**: Focus testing effort on highest-risk areas using risk assessment and prioritization. Use when planning test strategy, allocating testing resources, or making coverage decisions.
+- **security-testing**: Test for security vulnerabilities using OWASP principles. Use when conducting security audits, testing auth, or implementing security practices.
+- **security-visual-testing**: Security-first visual testing combining URL validation, PII detection, and visual regression with parallel viewport support. Use when testing web applications that handle sensitive data, need visual regression coverage, or require WCAG accessibility compliance.
+- **sherlock-review**: Evidence-based investigative code review using deductive reasoning to determine what actually happened versus what was claimed. Use when verifying implementation claims, investigating bugs, validating fixes, or conducting root cause analysis. Elementary approach to finding truth through systematic observation.
+- **shift-left-testing**: Move testing activities earlier in the development lifecycle to catch defects when they
+- **shift-right-testing**: Testing in production with feature flags, canary deployments, synthetic monitoring, and chaos engineering. Use when implementing production observability or progressive delivery.
+- **six-thinking-hats**: Apply Edward de Bono
+- **tdd-london-chicago**: Apply London (mock-based) and Chicago (state-based) TDD schools. Use when practicing test-driven development or choosing testing style for your context.
+- **technical-writing**: Write clear, engaging technical content from real experience. Use when writing blog posts, documentation, tutorials, or technical articles.
+- **test-automation-strategy**: Design and implement effective test automation with proper pyramid, patterns, and CI/CD integration. Use when building automation frameworks or improving test efficiency.
+- **test-data-management**: Strategic test data generation, management, and privacy compliance. Use when creating test data, handling PII, ensuring GDPR/CCPA compliance, or scaling data generation for realistic testing scenarios.
+- **test-design-techniques**: Systematic test design with boundary value analysis, equivalence partitioning, decision tables, state transition testing, and combinatorial testing. Use when designing comprehensive test cases, reducing redundant tests, or ensuring systematic coverage.
+- **test-environment-management**: Test environment provisioning, infrastructure as code for testing, Docker/Kubernetes for test environments, service virtualization, and cost optimization. Use when managing test infrastructure, ensuring environment parity, or optimizing testing costs.
+- **test-reporting-analytics**: Advanced test reporting, quality dashboards, predictive analytics, trend analysis, and executive reporting for QE metrics. Use when communicating quality status, tracking trends, or making data-driven decisions.
+- **testability-scoring**: AI-powered testability assessment using 10 principles of intrinsic testability with Playwright and optional Vibium integration. Evaluates web applications against Observability, Controllability, Algorithmic Simplicity, Transparency, Stability, Explainability, Unbugginess, Smallness, Decomposability, and Similarity. Use when assessing software testability, evaluating test readiness, identifying testability improvements, or generating testability reports.
+- **verification-quality**: Comprehensive truth scoring, code quality verification, and automatic rollback system with 0.95 accuracy threshold for ensuring high-quality agent outputs and codebase reliability.
+- **visual-testing-advanced**: Advanced visual regression testing with pixel-perfect comparison, AI-powered diff analysis, responsive design validation, and cross-browser visual consistency. Use when detecting UI regressions, validating designs, or ensuring visual consistency.
+- **xp-practices**: Apply XP practices including pair programming, ensemble programming, continuous integration, and sustainable pace. Use when implementing agile development practices, improving team collaboration, or adopting technical excellence practices.
+
+## V3 Domain Skills (14)
 
 V3-specific implementation guides for the 12 DDD bounded contexts.
 
-### qe-a11y-ally (visual-accessibility domain)
-
-**File:** `library/qe-a11y-ally.md`
-
-WCAG accessibility auditing with **mandatory video accessibility generation**. This skill ensures the full V3 video pipeline is executed.
-
-**Key Features:**
-- WCAG 2.1/2.2 AA/AAA compliance auditing
-- Video detection and download
-- Frame extraction with ffmpeg (10 frames @ 3s intervals)
-- AI frame analysis with Claude Vision
-- WebVTT caption generation (`*-captions.vtt`)
-- Audio description generation (`*-audiodesc.vtt`)
-- EU compliance (EN 301 549, EAA, BITV 2.0)
-
-**Output:** `docs/accessibility/captions/{page-slug}/`
-
-**Usage:**
-```
-/qe-a11y-ally https://example.com/page-with-video
-```
-
-
+- **aqe-v2-v3-migration**: Migrate Agentic QE projects from v2 to v3 with zero data loss
+- **qe-chaos-resilience**: Chaos engineering and resilience testing including fault injection, load testing, and system recovery validation.
+- **qe-code-intelligence**: Knowledge graph-based code understanding with semantic search and 80% token reduction through intelligent context retrieval.
+- **qe-contract-testing**: Consumer-driven contract testing for APIs including REST, GraphQL, and event-driven systems with schema validation.
+- **qe-coverage-analysis**: O(log n) sublinear coverage gap detection with risk-weighted analysis and intelligent test prioritization.
+- **qe-defect-intelligence**: AI-powered defect prediction, pattern learning, and root cause analysis for proactive quality management.
+- **qe-iterative-loop**: Quality Engineering iteration loops for autonomous test improvement, coverage achievement, and quality gate compliance. Use when tests need to pass, coverage targets must be met, quality gates require compliance, or flaky tests need stabilization. Integrates with AQE v3 fleet agents for coordinated quality iteration.
+- **qe-learning-optimization**: Transfer learning, metrics optimization, and continuous improvement for AI-powered QE agents.
+- **qe-quality-assessment**: Comprehensive quality gates, metrics analysis, and deployment readiness assessment for continuous quality assurance.
+- **qe-requirements-validation**: Requirements traceability, acceptance criteria validation, and BDD scenario management for complete requirements coverage.
+- **qe-security-compliance**: Security auditing, vulnerability scanning, and compliance validation for OWASP, SOC2, GDPR, and other standards.
+- **qe-test-execution**: Parallel test execution orchestration with intelligent scheduling, retry logic, and comprehensive result aggregation.
+- **qe-test-generation**: AI-powered test generation using pattern recognition, code analysis, and intelligent test synthesis for comprehensive test coverage.
+- **qe-visual-accessibility**: Visual regression testing, responsive design validation, and WCAG accessibility compliance testing.
+
+## Platform Skills (34)
+
+Claude Flow platform skills (managed separately).
+
+- agentdb-advanced
+- agentdb-learning
+- agentdb-memory-patterns
+- agentdb-optimization
+- agentdb-vector-search
+- agentic-jujutsu
+- flow-nexus-neural
+- flow-nexus-platform
+- flow-nexus-swarm
+- github-code-review
+- github-multi-repo
+- github-project-management
+- github-release-management
+- github-workflow-automation
+- hive-mind-advanced
+- hooks-automation
+- iterative-loop
+- performance-analysis
+- reasoningbank-agentdb
+- reasoningbank-intelligence
+- skill-builder
+- sparc-methodology
+- stream-chain
+- swarm-advanced
+- swarm-orchestration
+- v3-cli-modernization
+- v3-core-implementation
+- v3-ddd-architecture
+- v3-integration-deep
+- v3-mcp-optimization
+- v3-memory-unification
+- v3-performance-optimization
+- v3-security-overhaul
+- v3-swarm-coordination
+
+## Validation Infrastructure
+
+The `.validation/` directory contains the skill validation infrastructure (ADR-056):
+
+- **schemas/**: JSON Schema definitions for validating skill outputs
+- **templates/**: Validator script templates for creating skill validators
+- **examples/**: Example skill outputs that validate against schemas
+- **test-data/**: Test data for validator self-testing
+
+See `.validation/README.md` for usage instructions.
 
 ---
 
-*Generated by AQE v3 init on 2026-01-25T14:23:40.890Z*
+*Generated by AQE v3 init on 2026-02-02T12:17:47.766Z*

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentic-qe",
-  "version": "3.4.2",
+  "version": "3.4.4",
   "description": "Agentic Quality Engineering V3 - Domain-Driven Design Architecture with 12 Bounded Contexts, O(log n) coverage analysis, ReasoningBank learning, 51 specialized QE agents, mathematical Coherence verification, deep Claude Flow integration",
   "main": "./v3/dist/index.js",
   "types": "./v3/dist/index.d.ts",

package/v3/CHANGELOG.md

@@ -5,6 +5,56 @@ All notable changes to Agentic QE will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.4.4] - 2026-02-03
+
+### Added
+
+#### Infrastructure Self-Healing Extension (ADR-057)
+- **TestOutputObserver** - Pattern-matches 22+ OS-level error signatures (ECONNREFUSED, ETIMEDOUT, ENOTFOUND, ENOMEM, ENOSPC) from test stderr to detect infrastructure failures
+- **RecoveryPlaybook** - YAML-driven configuration for service recovery with `${VAR}` environment interpolation
+- **CoordinationLock** - In-process TTL-based mutex preventing duplicate recovery attempts for the same service
+- **InfraActionExecutor** - Executes recovery cycle: healthCheck → recover → backoff → verify
+- **CompositeActionExecutor** - Routes swarm actions to original executor, infra actions to InfraActionExecutor
+- **InfraAwareAgentProvider** - Wraps AgentProvider to inject synthetic infrastructure agents with health derived from observer state
+- **InfraHealingOrchestrator** - Top-level coordinator: `feedTestOutput()` → `runRecoveryCycle()` → stats
+- **Factory functions** - `createStrangeLoopWithInfraHealing()` and `createInMemoryStrangeLoopWithInfraHealing()` for easy integration
+- **Default playbook** - Reference YAML template for 8 services (postgres, mysql, mongodb, redis, elasticsearch, rabbitmq, selenium-grid, generic-service)
+- **Demo script** - `scripts/demo-infra-healing.ts` demonstrates full pipeline
+
+### Changed
+- **Strange Loop types** - Added 8 infrastructure vulnerability types to `SwarmVulnerability['type']` union
+- **Healing controller** - Extended with `restart_service` action type and infra-agent override logic in `mapVulnerabilityToAction()`
+- **ADR index** - Updated v3-adrs.md with ADR-057 entry (54 total ADRs implemented)
+
+### Technical Details
+- Extends Strange Loop through existing DI seams without modifying core OMDA cycle
+- Framework-agnostic: works with Jest, Pytest, JUnit, or any test framework
+- 245 tests (151 new + 94 existing), zero regressions
+- Security: uses `execFile` (not `exec`), documents trust boundary for playbook YAML
+
+## [3.4.3] - 2026-02-02
+
+### Added
+- **`--upgrade` flag for `aqe init`** - Enables overwriting existing skills, agents, and validation infrastructure when upgrading between versions
+- Skills installer now scans actual directory for accurate README generation
+
+### Fixed
+- **Skills README accuracy** - README now shows actual 63 QE skills instead of only newly-installed skills
+- **Upgrade path from v3.2.3 to v3.4.x** - Previously only 31 new files were installed; now all 63 QE skills + agents + validation are properly updated when using `--upgrade`
+
+### Changed
+- Assets phase respects `--upgrade` flag for all installers (skills, agents, n8n)
+- Improved init help text with upgrade examples
+
+### Usage
+```bash
+# Upgrade existing installation (overwrites all skills, agents, validation)
+aqe init --auto --upgrade
+
+# Or standalone
+aqe init --upgrade
+```
+
 ## [3.4.0] - 2026-02-01
 
 ### 🎯 Highlights

package/v3/README.md

@@ -7,22 +7,16 @@
 
 > Domain-Driven Quality Engineering with Mathematical Coherence Verification, 12 Bounded Contexts, 51 Specialized QE Agents, 63 QE Skills, and ReasoningBank Learning
 
-### What's New in v3.4.2
+### Key Features
 
 | Feature | Description |
 |---------|-------------|
-| **Trust Tiers** | 4-layer skill validation system (Tier 0-3) for deterministic outputs |
-| **46 Tier 3 Skills** | Full evaluation test suites with verified behavior |
-| **Skill Validation CLI** | `aqe skill report`, `aqe eval run` for validation workflows |
-| **ReasoningBank Integration** | Validation patterns persisted for cross-domain learning |
-
-### What's New in v3.4.0
-
-| Feature | Description |
-|---------|-------------|
-| **AG-UI Protocol** | Anthropic's streaming interface - real-time agent progress to UI |
-| **A2A Protocol** | Google's agent-to-agent standard - cross-tool interoperability |
-| **A2UI Components** | Hybrid UI components combining streaming + events |
+| **63 QE Skills** | Quality engineering skills with 4-tier trust validation system |
+| **51 QE Agents** | Specialized agents for test generation, security, coverage, and more |
+| **12 DDD Domains** | Modular bounded contexts for all quality engineering needs |
+| **MCP Integration** | Full Claude Code integration via Model Context Protocol |
+| **AG-UI/A2A Protocols** | Industry-standard agent streaming and interoperability |
+| **O(log n) Analysis** | Sublinear coverage analysis with HNSW vector indexing |
 
 ## Quick Start
 
@@ -63,12 +57,12 @@ npx aqe test generate src/
 - **ReasoningBank + SONA + Dream Cycles** - Neural pattern learning with 9 RL algorithms
 - **Queen-led Coordination** - 3-5x throughput with work stealing and consensus
 - **MinCut Topology** - Graph-based self-healing agent coordination
-- **Coherence Verification** (v3.3.0) - Mathematical proof of belief consistency using WASM engines
-- **MinCut/Consensus Integration** (v3.3.3) - Full 12/12 domain integration with self-healing
-- **Cross-Phase Memory Unification** (v3.3.5) - Unified SQLite storage for QCSD feedback loops
+- **Coherence Verification** - Mathematical proof of belief consistency using WASM engines
+- **MinCut/Consensus Integration** - Full 12/12 domain integration with self-healing
+- **Cross-Phase Memory Unification** - Unified SQLite storage for QCSD feedback loops
 - **Zero-Breaking-Changes Migration** - Full v2 backward compatibility
-- **Browser Automation** (v3.1.0) - @claude-flow/browser integration with 9 workflow templates
-- **AG-UI/A2A/A2UI Protocols** (v3.4.0) - Industry-standard agent communication
+- **Browser Automation** - @claude-flow/browser integration with 9 workflow templates
+- **AG-UI/A2A/A2UI Protocols** - Industry-standard agent communication
 
 ## Get Value Fast
 
@@ -87,9 +81,9 @@ claude "Run quality assessment: tests, coverage, security, and deployment recomm
 aqe status --verbose
 ```
 
-## New in v3: Key Features
+## Architecture Highlights
 
-### AG-UI, A2A & A2UI Protocols (v3.4.0)
+### AG-UI, A2A & A2UI Protocols
 
 Industry-standard agent communication protocols:
 
@@ -115,7 +109,7 @@ await a2aAdapter.delegateTask({
 });
 ```
 
-### Trust Tiers - Skill Validation (v3.4.2)
+### Trust Tiers - Skill Validation
 
 4-layer validation system ensuring deterministic, trustworthy skill outputs:
 
@@ -137,7 +131,7 @@ aqe eval run --skill security-testing --model claude-sonnet-4
 aqe skill report --input results/ --output validation-report.md
 ```
 
-### TinyDancer Intelligent Model Routing (ADR-026)
+### TinyDancer Intelligent Model Routing
 
 3-tier intelligent model routing for cost optimization:
 
@@ -158,7 +152,7 @@ Background neural consolidation for continuous improvement:
 - **EWC++ Protection**: Elastic Weight Consolidation prevents catastrophic forgetting
 - **Novelty Scoring**: Prioritize learning from novel patterns
 
-### Consensus & MinCut Coordination (v3.3.3)
+### Consensus & MinCut Coordination
 
 Advanced coordination for reliable multi-agent decisions with **full 12/12 domain integration**:
 
@@ -170,7 +164,7 @@ Advanced coordination for reliable multi-agent decisions with **full 12/12 domai
 - **Topology-Aware Routing**: `getTopologyBasedRouting()` avoids weak vertices
 - **Self-Healing Triggers**: `shouldPauseOperations()` enables automatic recovery
 
-### Coherence-Gated Quality Engineering (v3.3.0)
+### Coherence-Gated Quality Engineering
 
 Mathematical verification using Prime Radiant WASM engines: