agentic-qe 3.7.8 → 3.7.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (569) hide show
  1. package/.claude/skills/.validation/README.md +111 -111
  2. package/.claude/skills/.validation/examples/chaos-engineering-output.example.json +530 -530
  3. package/.claude/skills/.validation/examples/performance-testing-output.example.json +252 -252
  4. package/.claude/skills/.validation/examples/security-testing-output.example.json +413 -413
  5. package/.claude/skills/.validation/examples/testability-scoring-output.example.json +350 -350
  6. package/.claude/skills/.validation/schemas/skill-eval.schema.json +462 -462
  7. package/.claude/skills/.validation/schemas/skill-frontmatter.schema.json +341 -341
  8. package/.claude/skills/.validation/schemas/skill-output-meta.schema.json +199 -199
  9. package/.claude/skills/.validation/schemas/skill-output.template.json +610 -610
  10. package/.claude/skills/.validation/skill-validation-mcp-integration.md +250 -250
  11. package/.claude/skills/.validation/templates/eval.template.yaml +366 -366
  12. package/.claude/skills/.validation/templates/schemas/output.json +145 -145
  13. package/.claude/skills/.validation/templates/security-testing-eval.template.yaml +725 -725
  14. package/.claude/skills/.validation/templates/skill-frontmatter.example.yaml +225 -225
  15. package/.claude/skills/.validation/test-data/invalid-output.json +5 -5
  16. package/.claude/skills/.validation/test-data/minimal-output.json +9 -9
  17. package/.claude/skills/.validation/test-data/sample-output.json +73 -73
  18. package/.claude/skills/a11y-ally/evals/a11y-ally.yaml +376 -376
  19. package/.claude/skills/a11y-ally/schemas/output.json +549 -549
  20. package/.claude/skills/accessibility-testing/evals/accessibility-testing.yaml +719 -719
  21. package/.claude/skills/accessibility-testing/schemas/output.json +776 -776
  22. package/.claude/skills/accessibility-testing/test-data/sample-output.json +191 -191
  23. package/.claude/skills/agentic-quality-engineering/schemas/output.json +577 -577
  24. package/.claude/skills/api-testing-patterns/evals/api-testing-patterns.yaml +696 -696
  25. package/.claude/skills/api-testing-patterns/schemas/output.json +845 -845
  26. package/.claude/skills/aqe-v2-v3-migration/schemas/output.json +513 -513
  27. package/.claude/skills/brutal-honesty-review/schemas/output.json +291 -291
  28. package/.claude/skills/bug-reporting-excellence/schemas/output.json +288 -288
  29. package/.claude/skills/chaos-engineering-resilience/evals/chaos-engineering-resilience.yaml +761 -761
  30. package/.claude/skills/chaos-engineering-resilience/schemas/output.json +1205 -1205
  31. package/.claude/skills/cicd-pipeline-qe-orchestrator/evals/cicd-pipeline-qe-orchestrator.yaml +157 -157
  32. package/.claude/skills/cicd-pipeline-qe-orchestrator/schemas/output.json +542 -542
  33. package/.claude/skills/code-review-quality/schemas/output.json +264 -264
  34. package/.claude/skills/compatibility-testing/evals/compatibility-testing.yaml +410 -410
  35. package/.claude/skills/compatibility-testing/schemas/output.json +551 -551
  36. package/.claude/skills/compliance-testing/evals/compliance-testing.yaml +1107 -1107
  37. package/.claude/skills/compliance-testing/schemas/output.json +845 -845
  38. package/.claude/skills/consultancy-practices/schemas/output.json +282 -282
  39. package/.claude/skills/contract-testing/evals/contract-testing.yaml +748 -748
  40. package/.claude/skills/contract-testing/schemas/output.json +638 -638
  41. package/.claude/skills/database-testing/evals/database-testing.yaml +968 -968
  42. package/.claude/skills/database-testing/schemas/output.json +1446 -1446
  43. package/.claude/skills/debug-loop/SKILL.md +61 -61
  44. package/.claude/skills/enterprise-integration-testing/SKILL.md +735 -735
  45. package/.claude/skills/enterprise-integration-testing/evals/enterprise-integration-testing.yaml +158 -0
  46. package/.claude/skills/enterprise-integration-testing/schemas/output.json +74 -0
  47. package/.claude/skills/enterprise-integration-testing/scripts/validate-config.json +25 -0
  48. package/.claude/skills/iterative-loop/SKILL.md +371 -371
  49. package/.claude/skills/localization-testing/evals/localization-testing.yaml +544 -544
  50. package/.claude/skills/localization-testing/schemas/output.json +325 -325
  51. package/.claude/skills/middleware-testing-patterns/SKILL.md +798 -798
  52. package/.claude/skills/middleware-testing-patterns/evals/middleware-testing-patterns.yaml +153 -0
  53. package/.claude/skills/middleware-testing-patterns/schemas/output.json +58 -0
  54. package/.claude/skills/middleware-testing-patterns/scripts/validate-config.json +25 -0
  55. package/.claude/skills/mobile-testing/evals/mobile-testing.yaml +537 -537
  56. package/.claude/skills/mobile-testing/schemas/output.json +318 -318
  57. package/.claude/skills/mutation-testing/evals/mutation-testing.yaml +652 -652
  58. package/.claude/skills/mutation-testing/schemas/output.json +707 -707
  59. package/.claude/skills/mutation-testing/test-data/sample-output.json +295 -295
  60. package/.claude/skills/n8n-expression-testing/evals/n8n-expression-testing.yaml +450 -450
  61. package/.claude/skills/n8n-expression-testing/schemas/output.json +369 -369
  62. package/.claude/skills/n8n-integration-testing-patterns/evals/n8n-integration-testing-patterns.yaml +522 -522
  63. package/.claude/skills/n8n-integration-testing-patterns/schemas/output.json +291 -291
  64. package/.claude/skills/n8n-security-testing/evals/n8n-security-testing.yaml +493 -493
  65. package/.claude/skills/n8n-security-testing/schemas/output.json +293 -293
  66. package/.claude/skills/n8n-trigger-testing-strategies/evals/n8n-trigger-testing-strategies.yaml +500 -500
  67. package/.claude/skills/n8n-trigger-testing-strategies/schemas/output.json +295 -295
  68. package/.claude/skills/n8n-workflow-testing-fundamentals/evals/n8n-workflow-testing-fundamentals.yaml +497 -497
  69. package/.claude/skills/n8n-workflow-testing-fundamentals/schemas/output.json +254 -254
  70. package/.claude/skills/observability-testing-patterns/SKILL.md +930 -930
  71. package/.claude/skills/observability-testing-patterns/evals/observability-testing-patterns.yaml +157 -0
  72. package/.claude/skills/observability-testing-patterns/schemas/output.json +58 -0
  73. package/.claude/skills/observability-testing-patterns/scripts/validate-config.json +25 -0
  74. package/.claude/skills/pentest-validation/SKILL.md +268 -268
  75. package/.claude/skills/pentest-validation/evals/pentest-validation.yaml +708 -708
  76. package/.claude/skills/pentest-validation/schemas/output.json +281 -281
  77. package/.claude/skills/performance-analysis/evals/performance-analysis.yaml +144 -144
  78. package/.claude/skills/performance-analysis/schemas/output.json +588 -588
  79. package/.claude/skills/performance-testing/evals/performance-testing.yaml +772 -772
  80. package/.claude/skills/performance-testing/schemas/output.json +1184 -1184
  81. package/.claude/skills/pr-review/SKILL.md +61 -61
  82. package/.claude/skills/qcsd-cicd-swarm/SKILL.md +2206 -2206
  83. package/.claude/skills/qcsd-cicd-swarm/evals/qcsd-cicd-swarm.yaml +211 -0
  84. package/.claude/skills/qcsd-cicd-swarm/schemas/output.json +86 -0
  85. package/.claude/skills/qcsd-cicd-swarm/scripts/validate-config.json +30 -0
  86. package/.claude/skills/qcsd-development-swarm/SKILL.md +2154 -2154
  87. package/.claude/skills/qcsd-development-swarm/evals/qcsd-development-swarm.yaml +162 -0
  88. package/.claude/skills/qcsd-development-swarm/schemas/output.json +72 -0
  89. package/.claude/skills/qcsd-development-swarm/scripts/validate-config.json +25 -0
  90. package/.claude/skills/qcsd-ideation-swarm/evals/qcsd-ideation-swarm.yaml +138 -138
  91. package/.claude/skills/qcsd-ideation-swarm/schemas/output.json +568 -568
  92. package/.claude/skills/qcsd-production-swarm/SKILL.md +2781 -2781
  93. package/.claude/skills/qcsd-production-swarm/evals/qcsd-production-swarm.yaml +246 -246
  94. package/.claude/skills/qcsd-production-swarm/schemas/output.json +505 -505
  95. package/.claude/skills/qcsd-production-swarm/scripts/validate-config.json +25 -25
  96. package/.claude/skills/qe-chaos-resilience/evals/qe-chaos-resilience.yaml +443 -443
  97. package/.claude/skills/qe-chaos-resilience/schemas/output.json +314 -314
  98. package/.claude/skills/qe-code-intelligence/evals/qe-code-intelligence.yaml +459 -459
  99. package/.claude/skills/qe-code-intelligence/schemas/output.json +315 -315
  100. package/.claude/skills/qe-contract-testing/evals/qe-contract-testing.yaml +513 -513
  101. package/.claude/skills/qe-contract-testing/schemas/output.json +295 -295
  102. package/.claude/skills/qe-coverage-analysis/evals/qe-coverage-analysis.yaml +494 -494
  103. package/.claude/skills/qe-coverage-analysis/schemas/output.json +286 -286
  104. package/.claude/skills/qe-defect-intelligence/evals/qe-defect-intelligence.yaml +511 -511
  105. package/.claude/skills/qe-defect-intelligence/schemas/output.json +283 -283
  106. package/.claude/skills/qe-iterative-loop/schemas/output.json +264 -264
  107. package/.claude/skills/qe-learning-optimization/evals/qe-learning-optimization.yaml +144 -144
  108. package/.claude/skills/qe-learning-optimization/schemas/output.json +288 -288
  109. package/.claude/skills/qe-quality-assessment/evals/qe-quality-assessment.yaml +506 -506
  110. package/.claude/skills/qe-quality-assessment/schemas/output.json +550 -550
  111. package/.claude/skills/qe-requirements-validation/evals/qe-requirements-validation.yaml +598 -598
  112. package/.claude/skills/qe-requirements-validation/schemas/output.json +587 -587
  113. package/.claude/skills/qe-security-compliance/evals/qe-security-compliance.yaml +595 -595
  114. package/.claude/skills/qe-security-compliance/schemas/output.json +498 -498
  115. package/.claude/skills/qe-test-execution/evals/qe-test-execution.yaml +607 -607
  116. package/.claude/skills/qe-test-execution/schemas/output.json +529 -529
  117. package/.claude/skills/qe-test-generation/evals/qe-test-generation.yaml +148 -148
  118. package/.claude/skills/qe-test-generation/schemas/output.json +439 -439
  119. package/.claude/skills/qe-visual-accessibility/evals/qe-visual-accessibility.yaml +142 -142
  120. package/.claude/skills/qe-visual-accessibility/schemas/output.json +491 -491
  121. package/.claude/skills/quality-metrics/evals/quality-metrics.yaml +494 -494
  122. package/.claude/skills/quality-metrics/schemas/output.json +403 -403
  123. package/.claude/skills/refactoring-patterns/schemas/output.json +475 -475
  124. package/.claude/skills/regression-testing/evals/regression-testing.yaml +504 -504
  125. package/.claude/skills/regression-testing/schemas/output.json +311 -311
  126. package/.claude/skills/release/SKILL.md +347 -347
  127. package/.claude/skills/risk-based-testing/evals/risk-based-testing.yaml +141 -141
  128. package/.claude/skills/risk-based-testing/schemas/output.json +480 -480
  129. package/.claude/skills/security-testing/evals/security-testing.yaml +789 -789
  130. package/.claude/skills/security-testing/schemas/output.json +879 -879
  131. package/.claude/skills/security-visual-testing/evals/security-visual-testing.yaml +163 -163
  132. package/.claude/skills/security-visual-testing/schemas/output.json +486 -486
  133. package/.claude/skills/sfdipot-product-factors/SKILL.md +239 -239
  134. package/.claude/skills/sherlock-review/schemas/output.json +297 -297
  135. package/.claude/skills/shift-left-testing/evals/shift-left-testing.yaml +145 -145
  136. package/.claude/skills/shift-left-testing/schemas/output.json +459 -459
  137. package/.claude/skills/shift-right-testing/evals/shift-right-testing.yaml +147 -147
  138. package/.claude/skills/shift-right-testing/schemas/output.json +418 -418
  139. package/.claude/skills/skills-manifest.json +1 -1
  140. package/.claude/skills/tdd-london-chicago/schemas/output.json +444 -444
  141. package/.claude/skills/technical-writing/schemas/output.json +268 -268
  142. package/.claude/skills/test-automation-strategy/evals/test-automation-strategy.yaml +148 -148
  143. package/.claude/skills/test-automation-strategy/schemas/output.json +444 -444
  144. package/.claude/skills/test-data-management/evals/test-data-management.yaml +504 -504
  145. package/.claude/skills/test-data-management/schemas/output.json +284 -284
  146. package/.claude/skills/test-design-techniques/evals/test-design-techniques.yaml +142 -142
  147. package/.claude/skills/test-design-techniques/schemas/output.json +295 -295
  148. package/.claude/skills/test-environment-management/schemas/output.json +310 -310
  149. package/.claude/skills/test-idea-rewriting/SKILL.md +229 -229
  150. package/.claude/skills/test-reporting-analytics/evals/test-reporting-analytics.yaml +155 -155
  151. package/.claude/skills/test-reporting-analytics/schemas/output.json +329 -329
  152. package/.claude/skills/testability-scoring/evals/testability-scoring.yaml +814 -814
  153. package/.claude/skills/testability-scoring/resources/templates/config.template.js +84 -84
  154. package/.claude/skills/testability-scoring/schemas/output.json +606 -606
  155. package/.claude/skills/testability-scoring/scripts/generate-html-report.js +1007 -1007
  156. package/.claude/skills/trust-tier-manifest.json +78 -7
  157. package/.claude/skills/verification-quality/evals/verification-quality.yaml +150 -150
  158. package/.claude/skills/verification-quality/schemas/output.json +432 -432
  159. package/.claude/skills/visual-testing-advanced/evals/visual-testing-advanced.yaml +154 -154
  160. package/.claude/skills/visual-testing-advanced/schemas/output.json +294 -294
  161. package/.claude/skills/wms-testing-patterns/evals/wms-testing-patterns.yaml +165 -165
  162. package/.claude/skills/wms-testing-patterns/schemas/output.json +150 -150
  163. package/.claude/skills/wms-testing-patterns/scripts/validate-config.json +51 -51
  164. package/CHANGELOG.md +34 -0
  165. package/README.md +169 -900
  166. package/assets/agents/v3/helpers/quality-criteria/evidence-classification.md +116 -116
  167. package/assets/agents/v3/helpers/quality-criteria/htsm-categories.md +139 -139
  168. package/assets/governance/constitution.md +202 -202
  169. package/assets/governance/shards/chaos-resilience.shard.md +221 -221
  170. package/assets/governance/shards/code-intelligence.shard.md +178 -178
  171. package/assets/governance/shards/contract-testing.shard.md +206 -206
  172. package/assets/governance/shards/coverage-analysis.shard.md +146 -146
  173. package/assets/governance/shards/defect-intelligence.shard.md +182 -182
  174. package/assets/governance/shards/learning-optimization.shard.md +248 -248
  175. package/assets/governance/shards/quality-assessment.shard.md +165 -165
  176. package/assets/governance/shards/requirements-validation.shard.md +177 -177
  177. package/assets/governance/shards/security-compliance.shard.md +196 -196
  178. package/assets/governance/shards/test-execution.shard.md +156 -156
  179. package/assets/governance/shards/test-generation.shard.md +128 -128
  180. package/assets/governance/shards/visual-accessibility.shard.md +209 -209
  181. package/assets/hooks/cross-phase-memory.yaml +253 -253
  182. package/assets/patterns/adr-051-booster-patterns.json +78 -78
  183. package/assets/patterns/adr-051-embedding-patterns.json +147 -147
  184. package/assets/patterns/adr-051-integration-summary.json +62 -62
  185. package/assets/patterns/adr-051-reasoning-patterns.json +166 -166
  186. package/assets/patterns/adr-051-router-patterns.json +113 -113
  187. package/assets/patterns/index.json +136 -136
  188. package/assets/skills/.validation/README.md +111 -111
  189. package/assets/skills/.validation/examples/chaos-engineering-output.example.json +530 -530
  190. package/assets/skills/.validation/examples/performance-testing-output.example.json +252 -252
  191. package/assets/skills/.validation/examples/security-testing-output.example.json +413 -413
  192. package/assets/skills/.validation/examples/testability-scoring-output.example.json +350 -350
  193. package/assets/skills/.validation/schemas/skill-eval.schema.json +462 -462
  194. package/assets/skills/.validation/schemas/skill-frontmatter.schema.json +341 -341
  195. package/assets/skills/.validation/schemas/skill-output-meta.schema.json +199 -199
  196. package/assets/skills/.validation/schemas/skill-output.template.json +610 -610
  197. package/assets/skills/.validation/skill-validation-mcp-integration.md +250 -250
  198. package/assets/skills/.validation/templates/eval.template.yaml +366 -366
  199. package/assets/skills/.validation/templates/schemas/output.json +145 -145
  200. package/assets/skills/.validation/templates/security-testing-eval.template.yaml +725 -725
  201. package/assets/skills/.validation/templates/skill-frontmatter.example.yaml +225 -225
  202. package/assets/skills/.validation/test-data/invalid-output.json +5 -5
  203. package/assets/skills/.validation/test-data/minimal-output.json +9 -9
  204. package/assets/skills/.validation/test-data/sample-output.json +73 -73
  205. package/assets/skills/a11y-ally/SKILL.md +1664 -1658
  206. package/assets/skills/a11y-ally/evals/a11y-ally.yaml +376 -0
  207. package/assets/skills/a11y-ally/schemas/output.json +549 -0
  208. package/assets/skills/a11y-ally/scripts/validate-config.json +42 -0
  209. package/assets/skills/accessibility-testing/evals/accessibility-testing.yaml +719 -719
  210. package/assets/skills/accessibility-testing/schemas/output.json +776 -776
  211. package/assets/skills/accessibility-testing/test-data/sample-output.json +191 -191
  212. package/assets/skills/agentic-quality-engineering/schemas/output.json +577 -577
  213. package/assets/skills/api-testing-patterns/evals/api-testing-patterns.yaml +696 -696
  214. package/assets/skills/api-testing-patterns/schemas/output.json +845 -845
  215. package/assets/skills/aqe-v2-v3-migration/schemas/output.json +513 -513
  216. package/assets/skills/brutal-honesty-review/SKILL.md +5 -0
  217. package/assets/skills/brutal-honesty-review/schemas/output.json +291 -0
  218. package/assets/skills/brutal-honesty-review/scripts/validate-config.json +34 -0
  219. package/assets/skills/bug-reporting-excellence/schemas/output.json +288 -288
  220. package/assets/skills/chaos-engineering-resilience/evals/chaos-engineering-resilience.yaml +761 -761
  221. package/assets/skills/chaos-engineering-resilience/schemas/output.json +1205 -1205
  222. package/assets/skills/cicd-pipeline-qe-orchestrator/README.md +1 -1
  223. package/assets/skills/cicd-pipeline-qe-orchestrator/SKILL.md +6 -0
  224. package/assets/skills/cicd-pipeline-qe-orchestrator/evals/cicd-pipeline-qe-orchestrator.yaml +157 -0
  225. package/assets/skills/cicd-pipeline-qe-orchestrator/schemas/output.json +542 -0
  226. package/assets/skills/cicd-pipeline-qe-orchestrator/scripts/validate-config.json +42 -0
  227. package/assets/skills/code-review-quality/schemas/output.json +264 -264
  228. package/assets/skills/compatibility-testing/evals/compatibility-testing.yaml +410 -410
  229. package/assets/skills/compatibility-testing/schemas/output.json +551 -551
  230. package/assets/skills/compliance-testing/evals/compliance-testing.yaml +1107 -1107
  231. package/assets/skills/compliance-testing/schemas/output.json +845 -845
  232. package/assets/skills/consultancy-practices/schemas/output.json +282 -282
  233. package/assets/skills/contract-testing/evals/contract-testing.yaml +748 -748
  234. package/assets/skills/contract-testing/schemas/output.json +638 -638
  235. package/assets/skills/database-testing/evals/database-testing.yaml +968 -968
  236. package/assets/skills/database-testing/schemas/output.json +1446 -1446
  237. package/assets/skills/debug-loop/SKILL.md +61 -61
  238. package/assets/skills/enterprise-integration-testing/SKILL.md +735 -735
  239. package/assets/skills/enterprise-integration-testing/evals/enterprise-integration-testing.yaml +158 -0
  240. package/assets/skills/enterprise-integration-testing/schemas/output.json +74 -0
  241. package/assets/skills/enterprise-integration-testing/scripts/validate-config.json +25 -0
  242. package/assets/skills/localization-testing/evals/localization-testing.yaml +544 -544
  243. package/assets/skills/localization-testing/schemas/output.json +325 -325
  244. package/assets/skills/middleware-testing-patterns/SKILL.md +798 -798
  245. package/assets/skills/middleware-testing-patterns/evals/middleware-testing-patterns.yaml +153 -0
  246. package/assets/skills/middleware-testing-patterns/schemas/output.json +58 -0
  247. package/assets/skills/middleware-testing-patterns/scripts/validate-config.json +25 -0
  248. package/assets/skills/mobile-testing/evals/mobile-testing.yaml +537 -537
  249. package/assets/skills/mobile-testing/schemas/output.json +318 -318
  250. package/assets/skills/mutation-testing/evals/mutation-testing.yaml +652 -652
  251. package/assets/skills/mutation-testing/schemas/output.json +707 -707
  252. package/assets/skills/mutation-testing/test-data/sample-output.json +295 -295
  253. package/assets/skills/n8n-expression-testing/SKILL.md +6 -0
  254. package/assets/skills/n8n-expression-testing/evals/n8n-expression-testing.yaml +450 -0
  255. package/assets/skills/n8n-expression-testing/schemas/output.json +369 -0
  256. package/assets/skills/n8n-expression-testing/scripts/validate-config.json +39 -0
  257. package/assets/skills/n8n-integration-testing-patterns/SKILL.md +6 -0
  258. package/assets/skills/n8n-integration-testing-patterns/evals/n8n-integration-testing-patterns.yaml +522 -0
  259. package/assets/skills/n8n-integration-testing-patterns/schemas/output.json +291 -0
  260. package/assets/skills/n8n-integration-testing-patterns/scripts/validate-config.json +34 -0
  261. package/assets/skills/n8n-security-testing/SKILL.md +6 -0
  262. package/assets/skills/n8n-security-testing/evals/n8n-security-testing.yaml +493 -0
  263. package/assets/skills/n8n-security-testing/schemas/output.json +293 -0
  264. package/assets/skills/n8n-security-testing/scripts/validate-config.json +34 -0
  265. package/assets/skills/n8n-trigger-testing-strategies/SKILL.md +6 -0
  266. package/assets/skills/n8n-trigger-testing-strategies/evals/n8n-trigger-testing-strategies.yaml +500 -0
  267. package/assets/skills/n8n-trigger-testing-strategies/schemas/output.json +295 -0
  268. package/assets/skills/n8n-trigger-testing-strategies/scripts/validate-config.json +34 -0
  269. package/assets/skills/n8n-workflow-testing-fundamentals/SKILL.md +6 -0
  270. package/assets/skills/n8n-workflow-testing-fundamentals/evals/n8n-workflow-testing-fundamentals.yaml +497 -0
  271. package/assets/skills/n8n-workflow-testing-fundamentals/schemas/output.json +254 -0
  272. package/assets/skills/n8n-workflow-testing-fundamentals/scripts/validate-config.json +35 -0
  273. package/assets/skills/observability-testing-patterns/SKILL.md +930 -930
  274. package/assets/skills/observability-testing-patterns/evals/observability-testing-patterns.yaml +157 -0
  275. package/assets/skills/observability-testing-patterns/schemas/output.json +58 -0
  276. package/assets/skills/observability-testing-patterns/scripts/validate-config.json +25 -0
  277. package/assets/skills/pentest-validation/SKILL.md +268 -268
  278. package/assets/skills/pentest-validation/evals/pentest-validation.yaml +708 -708
  279. package/assets/skills/pentest-validation/schemas/output.json +281 -281
  280. package/assets/skills/pentest-validation/scripts/validate-config.json +12 -0
  281. package/assets/skills/performance-testing/evals/performance-testing.yaml +772 -772
  282. package/assets/skills/performance-testing/schemas/output.json +1184 -1184
  283. package/assets/skills/pr-review/SKILL.md +61 -61
  284. package/assets/skills/qcsd-cicd-swarm/SKILL.md +2206 -2206
  285. package/assets/skills/qcsd-cicd-swarm/evals/qcsd-cicd-swarm.yaml +211 -0
  286. package/assets/skills/qcsd-cicd-swarm/schemas/output.json +86 -0
  287. package/assets/skills/qcsd-cicd-swarm/scripts/validate-config.json +30 -0
  288. package/assets/skills/qcsd-development-swarm/SKILL.md +2154 -2154
  289. package/assets/skills/qcsd-development-swarm/evals/qcsd-development-swarm.yaml +162 -0
  290. package/assets/skills/qcsd-development-swarm/schemas/output.json +72 -0
  291. package/assets/skills/qcsd-development-swarm/scripts/validate-config.json +25 -0
  292. package/assets/skills/qcsd-ideation-swarm/evals/qcsd-ideation-swarm.yaml +138 -0
  293. package/assets/skills/qcsd-ideation-swarm/schemas/output.json +568 -0
  294. package/assets/skills/qcsd-ideation-swarm/scripts/validate-config.json +25 -0
  295. package/assets/skills/qcsd-production-swarm/SKILL.md +2781 -0
  296. package/assets/skills/qcsd-production-swarm/evals/qcsd-production-swarm.yaml +246 -0
  297. package/assets/skills/qcsd-production-swarm/schemas/output.json +505 -0
  298. package/assets/skills/qcsd-production-swarm/scripts/validate-config.json +25 -0
  299. package/assets/skills/qcsd-refinement-swarm/evals/qcsd-refinement-swarm.yaml +139 -0
  300. package/assets/skills/qcsd-refinement-swarm/schemas/output.json +811 -0
  301. package/assets/skills/qcsd-refinement-swarm/scripts/validate-config.json +25 -0
  302. package/assets/skills/qe-chaos-resilience/evals/qe-chaos-resilience.yaml +443 -443
  303. package/assets/skills/qe-chaos-resilience/schemas/output.json +314 -314
  304. package/assets/skills/qe-code-intelligence/evals/qe-code-intelligence.yaml +459 -459
  305. package/assets/skills/qe-code-intelligence/schemas/output.json +315 -315
  306. package/assets/skills/qe-contract-testing/evals/qe-contract-testing.yaml +513 -513
  307. package/assets/skills/qe-contract-testing/schemas/output.json +295 -295
  308. package/assets/skills/qe-coverage-analysis/evals/qe-coverage-analysis.yaml +494 -494
  309. package/assets/skills/qe-coverage-analysis/schemas/output.json +286 -286
  310. package/assets/skills/qe-defect-intelligence/evals/qe-defect-intelligence.yaml +511 -511
  311. package/assets/skills/qe-defect-intelligence/schemas/output.json +283 -283
  312. package/assets/skills/qe-iterative-loop/schemas/output.json +264 -264
  313. package/assets/skills/qe-learning-optimization/evals/qe-learning-optimization.yaml +144 -144
  314. package/assets/skills/qe-learning-optimization/schemas/output.json +288 -288
  315. package/assets/skills/qe-quality-assessment/evals/qe-quality-assessment.yaml +506 -506
  316. package/assets/skills/qe-quality-assessment/schemas/output.json +550 -550
  317. package/assets/skills/qe-requirements-validation/evals/qe-requirements-validation.yaml +598 -598
  318. package/assets/skills/qe-requirements-validation/schemas/output.json +587 -587
  319. package/assets/skills/qe-security-compliance/evals/qe-security-compliance.yaml +595 -595
  320. package/assets/skills/qe-security-compliance/schemas/output.json +498 -498
  321. package/assets/skills/qe-test-execution/evals/qe-test-execution.yaml +607 -607
  322. package/assets/skills/qe-test-execution/schemas/output.json +529 -529
  323. package/assets/skills/qe-test-generation/evals/qe-test-generation.yaml +148 -148
  324. package/assets/skills/qe-test-generation/schemas/output.json +439 -439
  325. package/assets/skills/qe-visual-accessibility/evals/qe-visual-accessibility.yaml +142 -142
  326. package/assets/skills/qe-visual-accessibility/schemas/output.json +491 -491
  327. package/assets/skills/quality-metrics/evals/quality-metrics.yaml +494 -494
  328. package/assets/skills/quality-metrics/schemas/output.json +403 -403
  329. package/assets/skills/refactoring-patterns/schemas/output.json +475 -475
  330. package/assets/skills/regression-testing/evals/regression-testing.yaml +504 -504
  331. package/assets/skills/regression-testing/schemas/output.json +311 -311
  332. package/assets/skills/risk-based-testing/evals/risk-based-testing.yaml +141 -141
  333. package/assets/skills/risk-based-testing/schemas/output.json +480 -480
  334. package/assets/skills/security-testing/evals/security-testing.yaml +789 -789
  335. package/assets/skills/security-testing/schemas/output.json +879 -879
  336. package/assets/skills/security-visual-testing/evals/security-visual-testing.yaml +163 -163
  337. package/assets/skills/security-visual-testing/schemas/output.json +486 -486
  338. package/assets/skills/security-visual-testing/scripts/validate-config.json +45 -0
  339. package/assets/skills/sfdipot-product-factors/SKILL.md +239 -239
  340. package/assets/skills/sherlock-review/SKILL.md +5 -0
  341. package/assets/skills/sherlock-review/schemas/output.json +297 -0
  342. package/assets/skills/sherlock-review/scripts/validate-config.json +35 -0
  343. package/assets/skills/shift-left-testing/evals/shift-left-testing.yaml +145 -145
  344. package/assets/skills/shift-left-testing/schemas/output.json +459 -459
  345. package/assets/skills/shift-right-testing/evals/shift-right-testing.yaml +147 -147
  346. package/assets/skills/shift-right-testing/schemas/output.json +418 -418
  347. package/assets/skills/tdd-london-chicago/schemas/output.json +444 -444
  348. package/assets/skills/technical-writing/schemas/output.json +268 -268
  349. package/assets/skills/test-automation-strategy/evals/test-automation-strategy.yaml +148 -148
  350. package/assets/skills/test-automation-strategy/schemas/output.json +444 -444
  351. package/assets/skills/test-data-management/evals/test-data-management.yaml +504 -504
  352. package/assets/skills/test-data-management/schemas/output.json +284 -284
  353. package/assets/skills/test-design-techniques/evals/test-design-techniques.yaml +142 -142
  354. package/assets/skills/test-design-techniques/schemas/output.json +295 -295
  355. package/assets/skills/test-environment-management/schemas/output.json +310 -310
  356. package/assets/skills/test-idea-rewriting/SKILL.md +229 -229
  357. package/assets/skills/test-reporting-analytics/evals/test-reporting-analytics.yaml +155 -155
  358. package/assets/skills/test-reporting-analytics/schemas/output.json +329 -329
  359. package/assets/skills/testability-scoring/SKILL.md +5 -0
  360. package/assets/skills/testability-scoring/evals/testability-scoring.yaml +814 -0
  361. package/assets/skills/testability-scoring/resources/templates/config.template.js +84 -84
  362. package/assets/skills/testability-scoring/schemas/output.json +606 -0
  363. package/assets/skills/testability-scoring/scripts/generate-html-report.js +1007 -1007
  364. package/assets/skills/testability-scoring/scripts/validate-config.json +42 -0
  365. package/assets/skills/trust-tier-manifest.json +2404 -0
  366. package/assets/skills/verification-quality/evals/verification-quality.yaml +150 -150
  367. package/assets/skills/verification-quality/schemas/output.json +432 -432
  368. package/assets/skills/visual-testing-advanced/evals/visual-testing-advanced.yaml +154 -154
  369. package/assets/skills/visual-testing-advanced/schemas/output.json +294 -294
  370. package/assets/skills/wms-testing-patterns/evals/wms-testing-patterns.yaml +165 -0
  371. package/assets/skills/wms-testing-patterns/schemas/output.json +150 -0
  372. package/assets/skills/wms-testing-patterns/scripts/validate-config.json +51 -0
  373. package/assets/templates/validation-summary.json +56 -56
  374. package/dist/benchmarks/performance-benchmarks.js +1 -1
  375. package/dist/cli/bundle.js +9158 -2288
  376. package/dist/cli/commands/hooks.d.ts.map +1 -1
  377. package/dist/cli/commands/hooks.js +92 -0
  378. package/dist/cli/commands/hooks.js.map +1 -1
  379. package/dist/cli/commands/mcp.d.ts.map +1 -1
  380. package/dist/cli/commands/mcp.js +11 -9
  381. package/dist/cli/commands/mcp.js.map +1 -1
  382. package/dist/cli/commands/migrate.js +2 -2
  383. package/dist/coordination/constants.d.ts +1 -1
  384. package/dist/coordination/constants.js +1 -1
  385. package/dist/coordination/handlers/coverage-handlers.js +1 -1
  386. package/dist/coordination/handlers/coverage-handlers.js.map +1 -1
  387. package/dist/domains/code-intelligence/services/semantic-analyzer.d.ts +1 -1
  388. package/dist/domains/code-intelligence/services/semantic-analyzer.d.ts.map +1 -1
  389. package/dist/domains/code-intelligence/services/semantic-analyzer.js +1 -1
  390. package/dist/domains/code-intelligence/services/semantic-analyzer.js.map +1 -1
  391. package/dist/domains/coverage-analysis/coordinator.js +1 -1
  392. package/dist/domains/coverage-analysis/services/coverage-analyzer.js +1 -1
  393. package/dist/domains/coverage-analysis/services/coverage-embedder.d.ts +1 -1
  394. package/dist/domains/coverage-analysis/services/coverage-embedder.js +1 -1
  395. package/dist/domains/coverage-analysis/services/gap-detector.js +1 -1
  396. package/dist/domains/coverage-analysis/services/ghost-coverage-analyzer.js +1 -1
  397. package/dist/domains/coverage-analysis/services/hnsw-index.d.ts +2 -2
  398. package/dist/domains/coverage-analysis/services/hnsw-index.js +3 -3
  399. package/dist/domains/coverage-analysis/services/sublinear-analyzer.d.ts +1 -1
  400. package/dist/domains/coverage-analysis/services/sublinear-analyzer.js +1 -1
  401. package/dist/domains/test-execution/services/test-prioritizer.js +1 -1
  402. package/dist/domains/test-generation/context/rust-context-builder.d.ts +31 -0
  403. package/dist/domains/test-generation/context/rust-context-builder.d.ts.map +1 -0
  404. package/dist/domains/test-generation/context/rust-context-builder.js +27 -0
  405. package/dist/domains/test-generation/context/rust-context-builder.js.map +1 -0
  406. package/dist/domains/test-generation/coordinator.js +3 -3
  407. package/dist/domains/test-generation/coordinator.js.map +1 -1
  408. package/dist/domains/test-generation/detectors/mobile-detector.d.ts +41 -0
  409. package/dist/domains/test-generation/detectors/mobile-detector.d.ts.map +1 -0
  410. package/dist/domains/test-generation/detectors/mobile-detector.js +111 -0
  411. package/dist/domains/test-generation/detectors/mobile-detector.js.map +1 -0
  412. package/dist/domains/test-generation/detectors/spring-detector.d.ts +22 -0
  413. package/dist/domains/test-generation/detectors/spring-detector.d.ts.map +1 -0
  414. package/dist/domains/test-generation/detectors/spring-detector.js +37 -0
  415. package/dist/domains/test-generation/detectors/spring-detector.js.map +1 -0
  416. package/dist/domains/test-generation/factories/test-generator-factory.d.ts +2 -1
  417. package/dist/domains/test-generation/factories/test-generator-factory.d.ts.map +1 -1
  418. package/dist/domains/test-generation/factories/test-generator-factory.js +33 -13
  419. package/dist/domains/test-generation/factories/test-generator-factory.js.map +1 -1
  420. package/dist/domains/test-generation/generators/flutter-test-generator.d.ts +107 -0
  421. package/dist/domains/test-generation/generators/flutter-test-generator.d.ts.map +1 -0
  422. package/dist/domains/test-generation/generators/flutter-test-generator.js +590 -0
  423. package/dist/domains/test-generation/generators/flutter-test-generator.js.map +1 -0
  424. package/dist/domains/test-generation/generators/go-test-generator.d.ts +139 -0
  425. package/dist/domains/test-generation/generators/go-test-generator.d.ts.map +1 -0
  426. package/dist/domains/test-generation/generators/go-test-generator.js +654 -0
  427. package/dist/domains/test-generation/generators/go-test-generator.js.map +1 -0
  428. package/dist/domains/test-generation/generators/index.d.ts +8 -0
  429. package/dist/domains/test-generation/generators/index.d.ts.map +1 -1
  430. package/dist/domains/test-generation/generators/index.js +8 -0
  431. package/dist/domains/test-generation/generators/index.js.map +1 -1
  432. package/dist/domains/test-generation/generators/jest-rn-generator.d.ts +95 -0
  433. package/dist/domains/test-generation/generators/jest-rn-generator.d.ts.map +1 -0
  434. package/dist/domains/test-generation/generators/jest-rn-generator.js +591 -0
  435. package/dist/domains/test-generation/generators/jest-rn-generator.js.map +1 -0
  436. package/dist/domains/test-generation/generators/junit5-generator.d.ts +107 -0
  437. package/dist/domains/test-generation/generators/junit5-generator.d.ts.map +1 -0
  438. package/dist/domains/test-generation/generators/junit5-generator.js +588 -0
  439. package/dist/domains/test-generation/generators/junit5-generator.js.map +1 -0
  440. package/dist/domains/test-generation/generators/kotlin-junit-generator.d.ts +109 -0
  441. package/dist/domains/test-generation/generators/kotlin-junit-generator.d.ts.map +1 -0
  442. package/dist/domains/test-generation/generators/kotlin-junit-generator.js +588 -0
  443. package/dist/domains/test-generation/generators/kotlin-junit-generator.js.map +1 -0
  444. package/dist/domains/test-generation/generators/pytest-generator.d.ts +8 -1
  445. package/dist/domains/test-generation/generators/pytest-generator.d.ts.map +1 -1
  446. package/dist/domains/test-generation/generators/pytest-generator.js +57 -0
  447. package/dist/domains/test-generation/generators/pytest-generator.js.map +1 -1
  448. package/dist/domains/test-generation/generators/rust-test-generator.d.ts +80 -0
  449. package/dist/domains/test-generation/generators/rust-test-generator.d.ts.map +1 -0
  450. package/dist/domains/test-generation/generators/rust-test-generator.js +442 -0
  451. package/dist/domains/test-generation/generators/rust-test-generator.js.map +1 -0
  452. package/dist/domains/test-generation/generators/swift-testing-generator.d.ts +97 -0
  453. package/dist/domains/test-generation/generators/swift-testing-generator.d.ts.map +1 -0
  454. package/dist/domains/test-generation/generators/swift-testing-generator.js +482 -0
  455. package/dist/domains/test-generation/generators/swift-testing-generator.js.map +1 -0
  456. package/dist/domains/test-generation/generators/xunit-generator.d.ts +110 -0
  457. package/dist/domains/test-generation/generators/xunit-generator.d.ts.map +1 -0
  458. package/dist/domains/test-generation/generators/xunit-generator.js +611 -0
  459. package/dist/domains/test-generation/generators/xunit-generator.js.map +1 -0
  460. package/dist/domains/test-generation/interfaces.d.ts +11 -2
  461. package/dist/domains/test-generation/interfaces.d.ts.map +1 -1
  462. package/dist/domains/test-generation/prompts/language-prompts.d.ts +29 -0
  463. package/dist/domains/test-generation/prompts/language-prompts.d.ts.map +1 -0
  464. package/dist/domains/test-generation/prompts/language-prompts.js +135 -0
  465. package/dist/domains/test-generation/prompts/language-prompts.js.map +1 -0
  466. package/dist/domains/test-generation/services/compilation-validator.d.ts +43 -0
  467. package/dist/domains/test-generation/services/compilation-validator.d.ts.map +1 -0
  468. package/dist/domains/test-generation/services/compilation-validator.js +134 -0
  469. package/dist/domains/test-generation/services/compilation-validator.js.map +1 -0
  470. package/dist/domains/test-generation/services/index.d.ts +2 -1
  471. package/dist/domains/test-generation/services/index.d.ts.map +1 -1
  472. package/dist/domains/test-generation/services/index.js +3 -1
  473. package/dist/domains/test-generation/services/index.js.map +1 -1
  474. package/dist/domains/test-generation/services/test-file-resolver.d.ts +32 -0
  475. package/dist/domains/test-generation/services/test-file-resolver.d.ts.map +1 -0
  476. package/dist/domains/test-generation/services/test-file-resolver.js +159 -0
  477. package/dist/domains/test-generation/services/test-file-resolver.js.map +1 -0
  478. package/dist/domains/test-generation/services/test-generator.d.ts +10 -0
  479. package/dist/domains/test-generation/services/test-generator.d.ts.map +1 -1
  480. package/dist/domains/test-generation/services/test-generator.js +87 -10
  481. package/dist/domains/test-generation/services/test-generator.js.map +1 -1
  482. package/dist/governance/feature-flags.js +2 -2
  483. package/dist/governance/feature-flags.js.map +1 -1
  484. package/dist/governance/shard-embeddings.js +1 -1
  485. package/dist/init/init-wizard-hooks.d.ts.map +1 -1
  486. package/dist/init/init-wizard-hooks.js +0 -1
  487. package/dist/init/init-wizard-hooks.js.map +1 -1
  488. package/dist/init/phases/07-hooks.d.ts.map +1 -1
  489. package/dist/init/phases/07-hooks.js +0 -2
  490. package/dist/init/phases/07-hooks.js.map +1 -1
  491. package/dist/init/phases/08-mcp.d.ts +8 -4
  492. package/dist/init/phases/08-mcp.d.ts.map +1 -1
  493. package/dist/init/phases/08-mcp.js +13 -31
  494. package/dist/init/phases/08-mcp.js.map +1 -1
  495. package/dist/init/phases/10-workers.js +4 -4
  496. package/dist/init/phases/10-workers.js.map +1 -1
  497. package/dist/init/settings-merge.d.ts.map +1 -1
  498. package/dist/init/settings-merge.js +0 -2
  499. package/dist/init/settings-merge.js.map +1 -1
  500. package/dist/init/token-bootstrap.js +1 -1
  501. package/dist/init/token-bootstrap.js.map +1 -1
  502. package/dist/integrations/rl-suite/algorithms/decision-transformer.js +1 -1
  503. package/dist/kernel/constants.d.ts +2 -2
  504. package/dist/kernel/constants.js +2 -2
  505. package/dist/kernel/hnsw-adapter.js +1 -1
  506. package/dist/kernel/progressive-hnsw-backend.d.ts +2 -2
  507. package/dist/kernel/progressive-hnsw-backend.js +2 -2
  508. package/dist/learning/dream/concept-graph.d.ts +1 -1
  509. package/dist/learning/dream/concept-graph.js +1 -1
  510. package/dist/learning/dream/dream-engine.d.ts +1 -1
  511. package/dist/learning/dream/dream-engine.js +1 -1
  512. package/dist/learning/dream/index.d.ts +1 -1
  513. package/dist/learning/dream/index.js +1 -1
  514. package/dist/learning/dream/types.d.ts +1 -1
  515. package/dist/learning/dream/types.d.ts.map +1 -1
  516. package/dist/learning/dream/types.js +1 -1
  517. package/dist/learning/dream/types.js.map +1 -1
  518. package/dist/learning/token-tracker.js +1 -1
  519. package/dist/learning/token-tracker.js.map +1 -1
  520. package/dist/mcp/bundle.js +7538 -893
  521. package/dist/routing/qe-agent-registry.js +4 -4
  522. package/dist/routing/qe-agent-registry.js.map +1 -1
  523. package/dist/routing/types.d.ts +5 -8
  524. package/dist/routing/types.d.ts.map +1 -1
  525. package/dist/routing/types.js.map +1 -1
  526. package/dist/shared/embeddings/embedding-cache.js +2 -2
  527. package/dist/shared/embeddings/index.d.ts +2 -2
  528. package/dist/shared/embeddings/index.js +2 -2
  529. package/dist/shared/embeddings/nomic-embedder.d.ts +4 -4
  530. package/dist/shared/embeddings/nomic-embedder.js +2 -2
  531. package/dist/shared/embeddings/ollama-client.d.ts +1 -1
  532. package/dist/shared/embeddings/ollama-client.js +2 -2
  533. package/dist/shared/embeddings/ollama-client.js.map +1 -1
  534. package/dist/shared/embeddings/types.d.ts +2 -2
  535. package/dist/shared/embeddings/types.js +2 -2
  536. package/dist/shared/language-detector.d.ts +46 -0
  537. package/dist/shared/language-detector.d.ts.map +1 -0
  538. package/dist/shared/language-detector.js +183 -0
  539. package/dist/shared/language-detector.js.map +1 -0
  540. package/dist/shared/llm/providers/ollama.js +1 -1
  541. package/dist/shared/metrics/code-metrics.d.ts.map +1 -1
  542. package/dist/shared/metrics/code-metrics.js +24 -1
  543. package/dist/shared/metrics/code-metrics.js.map +1 -1
  544. package/dist/shared/parsers/index.d.ts +2 -0
  545. package/dist/shared/parsers/index.d.ts.map +1 -1
  546. package/dist/shared/parsers/index.js +2 -0
  547. package/dist/shared/parsers/index.js.map +1 -1
  548. package/dist/shared/parsers/interfaces.d.ts +81 -0
  549. package/dist/shared/parsers/interfaces.d.ts.map +1 -0
  550. package/dist/shared/parsers/interfaces.js +6 -0
  551. package/dist/shared/parsers/interfaces.js.map +1 -0
  552. package/dist/shared/parsers/multi-language-parser.d.ts +144 -0
  553. package/dist/shared/parsers/multi-language-parser.d.ts.map +1 -0
  554. package/dist/shared/parsers/multi-language-parser.js +1271 -0
  555. package/dist/shared/parsers/multi-language-parser.js.map +1 -0
  556. package/dist/shared/parsers/rust-ownership-analyzer.d.ts +45 -0
  557. package/dist/shared/parsers/rust-ownership-analyzer.d.ts.map +1 -0
  558. package/dist/shared/parsers/rust-ownership-analyzer.js +52 -0
  559. package/dist/shared/parsers/rust-ownership-analyzer.js.map +1 -0
  560. package/dist/shared/parsers/typescript-parser.d.ts +16 -0
  561. package/dist/shared/parsers/typescript-parser.d.ts.map +1 -1
  562. package/dist/shared/parsers/typescript-parser.js +85 -0
  563. package/dist/shared/parsers/typescript-parser.js.map +1 -1
  564. package/dist/shared/types/test-frameworks.d.ts +25 -0
  565. package/dist/shared/types/test-frameworks.d.ts.map +1 -0
  566. package/dist/shared/types/test-frameworks.js +111 -0
  567. package/dist/shared/types/test-frameworks.js.map +1 -0
  568. package/package.json +1 -1
  569. package/scripts/prepare-assets.sh +16 -2
package/assets/governance/shards/security-compliance.shard.md CHANGED
@@ -1,196 +1,196 @@
1
- # Security Compliance Domain Shard
2
-
3
- **Domain**: security-compliance
4
- **Version**: 1.0.0
5
- **Last Updated**: 2026-02-03
6
- **Parent Constitution**: `.claude/guidance/constitution.md`
7
-
8
- ---
9
-
10
- ## Domain Rules
11
-
12
- 1. **Zero Critical Vulnerabilities**: Code changes affecting auth, security, or sensitive data MUST have zero critical vulnerabilities before deployment; no exceptions without security team sign-off.
13
-
14
- 2. **SAST Before Merge**: Static Application Security Testing (SAST) MUST complete before any merge to protected branches; bypass is a constitutional violation.
15
-
16
- 3. **Secret Detection Mandatory**: All code MUST pass secret scanning; detected secrets MUST be revoked immediately and commits purged from history.
17
-
18
- 4. **Compliance Evidence Required**: Compliance claims MUST be backed by evidence (audit logs, scan results, attestations); unsubstantiated claims are prohibited.
19
-
20
- 5. **DAST in Staging**: Dynamic Application Security Testing (DAST) MUST run against staging environments before production deployment.
21
-
22
- 6. **Vulnerability Triage SLA**: Critical vulnerabilities MUST be triaged within 24 hours; high within 72 hours. SLA violations escalate automatically.
23
-
24
- ---
25
-
26
- ## Quality Thresholds
27
-
28
- | Metric | Minimum | Target | Critical |
29
- |--------|---------|--------|----------|
30
- | Security Score | 0.8 | 0.95 | < 0.6 |
31
- | SAST Pass Rate | 1.0 (critical) | 0.95 (all) | < 0.9 |
32
- | Secret Detection | 0 secrets | 0 secrets | > 0 secrets |
33
- | Compliance Score | 0.8 | 0.95 | < 0.7 |
34
- | Vulnerability SLA | 100% | 100% | < 90% |
35
- | DAST Coverage | 0.7 | 0.9 | < 0.5 |
36
-
37
- ---
38
-
39
- ## Invariants
40
-
41
- ```
42
- INVARIANT zero_critical_vulnerabilities:
43
- FOR ALL change IN security_sensitive_changes:
44
- IF change.affects_auth OR change.affects_security OR change.affects_sensitive_data THEN
45
- change.critical_vulnerabilities = 0
46
- ```
47
-
48
- ```
49
- INVARIANT sast_before_merge:
50
- FOR ALL merge IN protected_branch_merges:
51
- EXISTS sast_scan WHERE
52
- sast_scan.commit = merge.source_commit AND
53
- sast_scan.status = 'passed' AND
54
- sast_scan.timestamp < merge.timestamp
55
- ```
56
-
57
- ```
58
- INVARIANT secret_detection:
59
- FOR ALL commit IN commits:
60
- commit.detected_secrets = 0 OR
61
- (commit.secrets_revoked = true AND commit.purged_from_history = true)
62
- ```
63
-
64
- ```
65
- INVARIANT compliance_evidence:
66
- FOR ALL claim IN compliance_claims:
67
- EXISTS evidence WHERE
68
- evidence.claim_id = claim.id AND
69
- evidence.type IN ['audit_log', 'scan_result', 'attestation'] AND
70
- evidence.verified = true
71
- ```
72
-
73
- ```
74
- INVARIANT vulnerability_sla:
75
- FOR ALL vuln IN vulnerabilities:
76
- IF vuln.severity = 'critical' THEN
77
- (NOW() - vuln.detected_at) < 24_HOURS OR vuln.triaged = true
78
- IF vuln.severity = 'high' THEN
79
- (NOW() - vuln.detected_at) < 72_HOURS OR vuln.triaged = true
80
- ```
81
-
82
- ---
83
-
84
- ## Patterns
85
-
86
- **Domain Source**: `v3/src/domains/security-compliance/`
87
-
88
- | Pattern | Location | Description |
89
- |---------|----------|-------------|
90
- | Security Scanner Service | `services/security-scanner.ts` | SAST/DAST orchestration |
91
- | Security Auditor Service | `services/security-auditor.ts` | Security posture assessment |
92
- | Compliance Validator Service | `services/compliance-validator.ts` | Standards validation |
93
- | Scanners | `services/scanners/` | Individual scanner implementations |
94
- | Security Compliance Coordinator | `coordinator.ts` | Workflow orchestration |
95
-
96
- **Supported Standards**: OWASP Top 10, PCI-DSS, HIPAA, SOC 2, GDPR (via ComplianceValidatorService).
97
-
98
- ---
99
-
100
- ## Agent Constraints
101
-
102
- | Role | Agent ID | Permissions |
103
- |------|----------|-------------|
104
- | **Primary** | `qe-security-scanner` | Full scanning, vulnerability detection |
105
- | **Secondary** | `qe-security-auditor` | Posture assessment, triage |
106
- | **Secondary** | `qe-compliance-validator` | Standards validation, evidence collection |
107
- | **Support** | `qe-code-analyst` | Provide code paths for analysis |
108
- | **Approval** | `security-team` (human) | Critical vulnerability override |
109
-
110
- **Forbidden Agents**: Non-security agents MUST NOT override security findings or bypass security gates.
111
-
112
- ---
113
-
114
- ## Escalation Triggers
115
-
116
- | Trigger | Severity | Action |
117
- |---------|----------|--------|
118
- | Critical vulnerability in auth code | CRITICAL | Block deployment, escalate to security team immediately |
119
- | Secret detected in commit | CRITICAL | Revoke secret, purge history, escalate |
120
- | SAST bypass attempted | CRITICAL | Block merge, escalate to Queen Coordinator |
121
- | Compliance score < 0.7 | CRITICAL | Block deployment, initiate gap analysis |
122
- | Vulnerability SLA breach | HIGH | Escalate to Queen Coordinator |
123
- | DAST coverage < 0.5 | HIGH | Block production deploy, escalate |
124
- | High vulnerability untriaged > 72h | HIGH | Auto-escalate to security team |
125
- | Unsubstantiated compliance claim | MEDIUM | Block claim, request evidence |
126
-
127
- ---
128
-
129
- ## Memory Namespace
130
-
131
- - **Namespace**: `qe-patterns/security-compliance`
132
- - **Retention**: 365 days (compliance requirement)
133
- - **Contradiction Check**: Enabled
134
- - **Audit Trail**: Required for all findings
135
-
136
- ---
137
-
138
- ## Integration Points
139
-
140
- | Domain | Integration Type | Purpose |
141
- |--------|-----------------|---------|
142
- | `code-intelligence` | Input | Receive code paths for scanning |
143
- | `quality-assessment` | Output | Report security score |
144
- | `requirements-validation` | Bidirectional | Security requirements validation |
145
- | `test-execution` | Input | Receive auth test results |
146
- | `learning-optimization` | Output | Share vulnerability patterns |
147
-
148
- ---
149
-
150
- ## Vulnerability Severity Classification
151
-
152
- | Severity | CVSS Score | SLA | Examples |
153
- |----------|------------|-----|----------|
154
- | Critical | 9.0 - 10.0 | 24h | RCE, Auth bypass, SQL injection in auth |
155
- | High | 7.0 - 8.9 | 72h | XSS, CSRF, Privilege escalation |
156
- | Medium | 4.0 - 6.9 | 7 days | Information disclosure, DoS |
157
- | Low | 0.1 - 3.9 | 30 days | Minor info leak, verbose errors |
158
-
159
- ---
160
-
161
- ## Compliance Evidence Schema
162
-
163
- ```typescript
164
- interface ComplianceEvidence {
165
- id: string;
166
- claimId: string;
167
- standard: 'OWASP' | 'PCI-DSS' | 'HIPAA' | 'SOC2' | 'GDPR';
168
- control: string;
169
- type: 'audit_log' | 'scan_result' | 'attestation' | 'policy_document';
170
- collectedAt: Date;
171
- expiresAt: Date;
172
- verified: boolean;
173
- verifier: string;
174
- artifacts: {
175
- name: string;
176
- hash: string;
177
- location: string;
178
- }[];
179
- }
180
- ```
181
-
182
- ---
183
-
184
- ## Secret Detection Categories
185
-
186
- | Category | Action | Example |
187
- |----------|--------|---------|
188
- | API Keys | Revoke immediately | AWS, GCP, Azure keys |
189
- | Passwords | Force rotation | Database, service passwords |
190
- | Tokens | Invalidate | JWT, OAuth tokens |
191
- | Private Keys | Regenerate | SSH, SSL certificates |
192
- | Connection Strings | Rotate credentials | Database URLs with embedded passwords |
193
-
194
- ---
195
-
196
- *This shard is enforced by @claude-flow/guidance governance system.*
1
+ # Security Compliance Domain Shard
2
+
3
+ **Domain**: security-compliance
4
+ **Version**: 1.0.0
5
+ **Last Updated**: 2026-02-03
6
+ **Parent Constitution**: `.claude/guidance/constitution.md`
7
+
8
+ ---
9
+
10
+ ## Domain Rules
11
+
12
+ 1. **Zero Critical Vulnerabilities**: Code changes affecting auth, security, or sensitive data MUST have zero critical vulnerabilities before deployment; no exceptions without security team sign-off.
13
+
14
+ 2. **SAST Before Merge**: Static Application Security Testing (SAST) MUST complete before any merge to protected branches; bypass is a constitutional violation.
15
+
16
+ 3. **Secret Detection Mandatory**: All code MUST pass secret scanning; detected secrets MUST be revoked immediately and commits purged from history.
17
+
18
+ 4. **Compliance Evidence Required**: Compliance claims MUST be backed by evidence (audit logs, scan results, attestations); unsubstantiated claims are prohibited.
19
+
20
+ 5. **DAST in Staging**: Dynamic Application Security Testing (DAST) MUST run against staging environments before production deployment.
21
+
22
+ 6. **Vulnerability Triage SLA**: Critical vulnerabilities MUST be triaged within 24 hours; high within 72 hours. SLA violations escalate automatically.
23
+
24
+ ---
25
+
26
+ ## Quality Thresholds
27
+
28
+ | Metric | Minimum | Target | Critical |
29
+ |--------|---------|--------|----------|
30
+ | Security Score | 0.8 | 0.95 | < 0.6 |
31
+ | SAST Pass Rate | 1.0 (critical) | 0.95 (all) | < 0.9 |
32
+ | Secret Detection | 0 secrets | 0 secrets | > 0 secrets |
33
+ | Compliance Score | 0.8 | 0.95 | < 0.7 |
34
+ | Vulnerability SLA | 100% | 100% | < 90% |
35
+ | DAST Coverage | 0.7 | 0.9 | < 0.5 |
36
+
37
+ ---
38
+
39
+ ## Invariants
40
+
41
+ ```
42
+ INVARIANT zero_critical_vulnerabilities:
43
+ FOR ALL change IN security_sensitive_changes:
44
+ IF change.affects_auth OR change.affects_security OR change.affects_sensitive_data THEN
45
+ change.critical_vulnerabilities = 0
46
+ ```
47
+
48
+ ```
49
+ INVARIANT sast_before_merge:
50
+ FOR ALL merge IN protected_branch_merges:
51
+ EXISTS sast_scan WHERE
52
+ sast_scan.commit = merge.source_commit AND
53
+ sast_scan.status = 'passed' AND
54
+ sast_scan.timestamp < merge.timestamp
55
+ ```
56
+
57
+ ```
58
+ INVARIANT secret_detection:
59
+ FOR ALL commit IN commits:
60
+ commit.detected_secrets = 0 OR
61
+ (commit.secrets_revoked = true AND commit.purged_from_history = true)
62
+ ```
63
+
64
+ ```
65
+ INVARIANT compliance_evidence:
66
+ FOR ALL claim IN compliance_claims:
67
+ EXISTS evidence WHERE
68
+ evidence.claim_id = claim.id AND
69
+ evidence.type IN ['audit_log', 'scan_result', 'attestation'] AND
70
+ evidence.verified = true
71
+ ```
72
+
73
+ ```
74
+ INVARIANT vulnerability_sla:
75
+ FOR ALL vuln IN vulnerabilities:
76
+ IF vuln.severity = 'critical' THEN
77
+ (NOW() - vuln.detected_at) < 24_HOURS OR vuln.triaged = true
78
+ IF vuln.severity = 'high' THEN
79
+ (NOW() - vuln.detected_at) < 72_HOURS OR vuln.triaged = true
80
+ ```
81
+
82
+ ---
83
+
84
+ ## Patterns
85
+
86
+ **Domain Source**: `v3/src/domains/security-compliance/`
87
+
88
+ | Pattern | Location | Description |
89
+ |---------|----------|-------------|
90
+ | Security Scanner Service | `services/security-scanner.ts` | SAST/DAST orchestration |
91
+ | Security Auditor Service | `services/security-auditor.ts` | Security posture assessment |
92
+ | Compliance Validator Service | `services/compliance-validator.ts` | Standards validation |
93
+ | Scanners | `services/scanners/` | Individual scanner implementations |
94
+ | Security Compliance Coordinator | `coordinator.ts` | Workflow orchestration |
95
+
96
+ **Supported Standards**: OWASP Top 10, PCI-DSS, HIPAA, SOC 2, GDPR (via ComplianceValidatorService).
97
+
98
+ ---
99
+
100
+ ## Agent Constraints
101
+
102
+ | Role | Agent ID | Permissions |
103
+ |------|----------|-------------|
104
+ | **Primary** | `qe-security-scanner` | Full scanning, vulnerability detection |
105
+ | **Secondary** | `qe-security-auditor` | Posture assessment, triage |
106
+ | **Secondary** | `qe-compliance-validator` | Standards validation, evidence collection |
107
+ | **Support** | `qe-code-analyst` | Provide code paths for analysis |
108
+ | **Approval** | `security-team` (human) | Critical vulnerability override |
109
+
110
+ **Forbidden Agents**: Non-security agents MUST NOT override security findings or bypass security gates.
111
+
112
+ ---
113
+
114
+ ## Escalation Triggers
115
+
116
+ | Trigger | Severity | Action |
117
+ |---------|----------|--------|
118
+ | Critical vulnerability in auth code | CRITICAL | Block deployment, escalate to security team immediately |
119
+ | Secret detected in commit | CRITICAL | Revoke secret, purge history, escalate |
120
+ | SAST bypass attempted | CRITICAL | Block merge, escalate to Queen Coordinator |
121
+ | Compliance score < 0.7 | CRITICAL | Block deployment, initiate gap analysis |
122
+ | Vulnerability SLA breach | HIGH | Escalate to Queen Coordinator |
123
+ | DAST coverage < 0.5 | HIGH | Block production deploy, escalate |
124
+ | High vulnerability untriaged > 72h | HIGH | Auto-escalate to security team |
125
+ | Unsubstantiated compliance claim | MEDIUM | Block claim, request evidence |
126
+
127
+ ---
128
+
129
+ ## Memory Namespace
130
+
131
+ - **Namespace**: `qe-patterns/security-compliance`
132
+ - **Retention**: 365 days (compliance requirement)
133
+ - **Contradiction Check**: Enabled
134
+ - **Audit Trail**: Required for all findings
135
+
136
+ ---
137
+
138
+ ## Integration Points
139
+
140
+ | Domain | Integration Type | Purpose |
141
+ |--------|-----------------|---------|
142
+ | `code-intelligence` | Input | Receive code paths for scanning |
143
+ | `quality-assessment` | Output | Report security score |
144
+ | `requirements-validation` | Bidirectional | Security requirements validation |
145
+ | `test-execution` | Input | Receive auth test results |
146
+ | `learning-optimization` | Output | Share vulnerability patterns |
147
+
148
+ ---
149
+
150
+ ## Vulnerability Severity Classification
151
+
152
+ | Severity | CVSS Score | SLA | Examples |
153
+ |----------|------------|-----|----------|
154
+ | Critical | 9.0 - 10.0 | 24h | RCE, Auth bypass, SQL injection in auth |
155
+ | High | 7.0 - 8.9 | 72h | XSS, CSRF, Privilege escalation |
156
+ | Medium | 4.0 - 6.9 | 7 days | Information disclosure, DoS |
157
+ | Low | 0.1 - 3.9 | 30 days | Minor info leak, verbose errors |
158
+
159
+ ---
160
+
161
+ ## Compliance Evidence Schema
162
+
163
+ ```typescript
164
+ interface ComplianceEvidence {
165
+ id: string;
166
+ claimId: string;
167
+ standard: 'OWASP' | 'PCI-DSS' | 'HIPAA' | 'SOC2' | 'GDPR';
168
+ control: string;
169
+ type: 'audit_log' | 'scan_result' | 'attestation' | 'policy_document';
170
+ collectedAt: Date;
171
+ expiresAt: Date;
172
+ verified: boolean;
173
+ verifier: string;
174
+ artifacts: {
175
+ name: string;
176
+ hash: string;
177
+ location: string;
178
+ }[];
179
+ }
180
+ ```
181
+
182
+ ---
183
+
184
+ ## Secret Detection Categories
185
+
186
+ | Category | Action | Example |
187
+ |----------|--------|---------|
188
+ | API Keys | Revoke immediately | AWS, GCP, Azure keys |
189
+ | Passwords | Force rotation | Database, service passwords |
190
+ | Tokens | Invalidate | JWT, OAuth tokens |
191
+ | Private Keys | Regenerate | SSH, SSL certificates |
192
+ | Connection Strings | Rotate credentials | Database URLs with embedded passwords |
193
+
194
+ ---
195
+
196
+ *This shard is enforced by @claude-flow/guidance governance system.*