agentic-qe 3.8.1 → 3.8.3

package/assets/skills/e2e-flow-verifier/SKILL.md

@@ -0,0 +1,78 @@
+---
+name: e2e-flow-verifier
+description: "Use when verifying complete user flows end-to-end with Playwright, recording video evidence, and asserting state at each step. For product verification with real browser automation."
+user-invocable: true
+---
+
+# E2E Flow Verifier
+
+Product verification skill that drives user flows with Playwright, asserts state at each step, and records video evidence.
+
+## Activation
+
+```
+/e2e-flow-verifier [flow-name]
+```
+
+## Flow Verification Pattern
+
+```typescript
+import { test, expect } from '@playwright/test';
+
+test.describe('{{Flow Name}}', () => {
+  // Record video for evidence
+  test.use({
+    video: 'on',
+    screenshot: 'on',
+    trace: 'on',
+  });
+
+  test('complete user journey', async ({ page }) => {
+    // Step 1: Navigate
+    await page.goto('{{base_url}}');
+    await expect(page).toHaveTitle(/{{expected_title}}/);
+
+    // Step 2: Authenticate (if needed)
+    await page.fill('[data-testid="email"]', '{{test_user}}');
+    await page.fill('[data-testid="password"]', '{{test_password}}');
+    await page.click('[data-testid="login-btn"]');
+    await expect(page.locator('[data-testid="dashboard"]')).toBeVisible();
+
+    // Step 3: Perform action
+    await page.click('[data-testid="{{action_element}}"]');
+    await expect(page.locator('[data-testid="{{result_element}}"]')).toContainText('{{expected_text}}');
+
+    // Step 4: Verify state change
+    // Assert both UI state AND backend state
+    const apiResponse = await page.request.get('/api/{{resource}}');
+    expect(apiResponse.status()).toBe(200);
+    const data = await apiResponse.json();
+    expect(data.{{field}}).toBe('{{expected_value}}');
+  });
+});
+```
+
+## Evidence Collection
+
+After each flow verification:
+1. **Video** — `test-results/{{flow-name}}/video.webm`
+2. **Screenshots** — at each assertion point
+3. **Trace** — `test-results/{{flow-name}}/trace.zip` (open with `npx playwright show-trace`)
+4. **Network log** — HAR file with all API calls
+
+## Common Flows to Verify
+
+| Flow | Steps | Critical Assertions |
+|------|-------|-------------------|
+| Sign-up | Register → Verify email → Login | Account created, session valid |
+| Purchase | Browse → Add to cart → Checkout → Pay | Order created, payment processed |
+| Profile | Login → Edit profile → Save | Changes persisted, shown on reload |
+| Search | Enter query → Filter → Select result | Results relevant, filters work |
+
+## Gotchas
+
+- Agent writes Playwright tests but doesn't run them — always execute and check video evidence
+- Selectors break on deployment — use `data-testid` attributes, never CSS classes
+- Tests pass locally but fail in CI — headless browser behavior differs, use `--headed` for debugging
+- Auth tokens in E2E tests expire — use fresh login per test, not shared tokens
+- Video evidence is large — clean up after verification, keep only failure videos

package/assets/skills/enterprise-integration-testing/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: enterprise-integration-testing
-description: "Orchestration skill for enterprise integration testing across SAP, middleware, WMS, and backend systems. Covers E2E enterprise flows, SAP-specific patterns (RFC, BAPI, IDoc, OData, Fiori), cross-system data validation, and enterprise quality gates."
+description: "Use when testing enterprise integrations across SAP, middleware, WMS, or backend systems, validating E2E enterprise flows, testing SAP-specific patterns (RFC, BAPI, IDoc, OData, Fiori), or enforcing cross-system quality gates."
 category: enterprise-integration
 priority: high
 tokenEstimate: 2000

package/assets/skills/exploratory-testing-advanced/SKILL.md

@@ -13,7 +13,6 @@ quick_reference_card: true
 tags: [exploratory, sbtm, rst, heuristics, test-tours, session-based]
 trust_tier: 0
 validation:
-
 ---
 
 # Advanced Exploratory Testing
@@ -202,3 +201,11 @@ const exploratoryFleet = await FleetManager.coordinate({
 Not random clicking. Structured, skilled investigation guided by heuristics and oracles. Document discoveries in real-time. Pair testing amplifies findings.
 
 **With Agents:** Agents generate variations, recognize patterns, and maintain session notes while humans apply judgment and intuition. Combine agent thoroughness with human insight.
+
+## Gotchas
+
+- Agent treats exploratory testing as scripted test execution — remind it: exploration means learning + adapting in real-time
+- Session notes from agents lack the "why I tried this" reasoning — explicitly ask for decision rationale
+- 90-minute sessions cause context overflow — cap at 45 minutes with explicit debrief
+- Agent defaults to happy-path exploration — explicitly assign "Bad Neighborhood" or "Saboteur" tours for negative testing
+- SFDIPOT heuristics are misapplied when agent doesn't understand the domain — provide domain context upfront

package/assets/skills/exploratory-testing-advanced/references/heuristic-cheatsheet.md

@@ -0,0 +1,48 @@
+# Exploratory Testing Heuristic Cheat Sheet
+
+## SFDIPOT (What to Test)
+| Factor | Questions to Ask |
+|--------|-----------------|
+| **Structure** | What is it made of? What are the components? |
+| **Function** | What does it do? What are all the features? |
+| **Data** | What data does it process? Boundary values? |
+| **Interfaces** | How does it connect to other things? APIs? UI? |
+| **Platform** | What does it depend on? OS? Browser? Network? |
+| **Operations** | How will it be used? By whom? How often? |
+| **Time** | What changes over time? Timeouts? Scheduling? |
+
+## FEW HICCUPPS (How to Recognize Problems)
+| Oracle | What to Compare Against |
+|--------|----------------------|
+| **Familiar** | Does it work like similar products I know? |
+| **Explainable** | Can I explain what it does to someone? |
+| **World** | Does it match how the real world works? |
+| **History** | Is it consistent with previous versions? |
+| **Image** | Does it match the organization's brand/values? |
+| **Comparable** | How does it compare to competitors? |
+| **Claims** | Does it match specs, docs, marketing? |
+| **Users** | Does it serve the actual users' needs? |
+| **Product** | Is it internally consistent? |
+| **Purpose** | Does it fulfill its reason for existing? |
+| **Standards** | Does it meet relevant standards (WCAG, RFC)? |
+
+## Test Tours (How to Explore)
+| Tour | Strategy |
+|------|----------|
+| **Guidebook** | Follow the documentation exactly |
+| **Money** | Test the revenue-critical features |
+| **Landmark** | Navigate between major features |
+| **Bad Neighborhood** | Focus on historically buggy areas |
+| **Intellectual** | Test the most complex features |
+| **FedEx** | Follow data through the system |
+| **Garbage Collector** | Navigate to least-used features |
+| **Saboteur** | Try to break things intentionally |
+
+## Session Charter Template
+```
+CHARTER: Explore [target area]
+WITH: [resources/tools/heuristics]
+TO DISCOVER: [what we're looking for]
+TIME BOX: [45/60/90 minutes]
+PRIORITY: [P0/P1/P2]
+```

package/assets/skills/freeze-tests/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: freeze-tests
+description: "Use when refactoring production code and you want to ensure test files are not modified. Activate with /freeze-tests to block all edits to test files for safe refactoring."
+user-invocable: true
+---
+
+# Freeze Tests Mode
+
+When activated, blocks all modifications to test files. Use during refactoring to ensure behavior (as captured by tests) is preserved.
+
+## What It Does
+
+Blocks Write and Edit operations on any file matching test patterns:
+- `**/*.test.{ts,js,tsx,jsx}`
+- `**/*.spec.{ts,js,tsx,jsx}`
+- `**/__tests__/**`
+- `**/tests/**`
+
+## Activation
+
+```
+/freeze-tests
+```
+
+Deactivate with `/freeze-tests off`.
+
+## Hook Configuration
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hook": ".claude/skills/freeze-tests/scripts/block-test-edits.sh",
+        "condition": "file matches **/*.test.* OR **/*.spec.* OR **/__tests__/** OR **/tests/**"
+      }
+    ]
+  }
+}
+```
+
+## Enforcement Logic
+
+```bash
+#!/bin/bash
+# block-test-edits.sh
+FILE="$1"
+
+if echo "$FILE" | grep -qP '\.(test|spec)\.(ts|js|tsx|jsx)$|__tests__|/tests/'; then
+  echo "BLOCKED: Test files are frozen during refactoring."
+  echo "If tests need updating, deactivate with: /freeze-tests off"
+  exit 1
+fi
+```
+
+## When to Use
+
+1. **Refactoring**: Changing code structure without changing behavior
+2. **Performance optimization**: Making code faster without changing logic
+3. **Dependency updates**: Upgrading libraries while preserving behavior
+
+## Gotchas
+
+- Frozen tests can't be fixed if they break during refactoring — that's the point (the refactoring broke behavior)
+- If a refactoring requires test changes, it's not a pure refactoring — deactivate and treat as a feature change
+- This doesn't prevent running tests — only modifying test files

package/assets/skills/freeze-tests/scripts/block-test-edits.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+# block-test-edits.sh — Freeze Tests hook
+# Blocks all modifications to test files during refactoring.
+# Called by PreToolUse hook on Write/Edit targeting test files.
+
+FILE="$1"
+
+if [ -z "$FILE" ]; then
+  exit 0
+fi
+
+# Check if file matches test patterns
+if echo "$FILE" | grep -qP '\.(test|spec)\.(ts|js|tsx|jsx)$' 2>/dev/null; then
+  echo "BLOCKED: Test files are frozen during refactoring."
+  echo "File: $FILE"
+  echo "Deactivate with: /freeze-tests off"
+  exit 1
+fi
+
+if echo "$FILE" | grep -qP '__tests__/|/tests/' 2>/dev/null; then
+  echo "BLOCKED: Test directories are frozen during refactoring."
+  echo "File: $FILE"
+  echo "Deactivate with: /freeze-tests off"
+  exit 1
+fi
+
+exit 0

package/assets/skills/holistic-testing-pact/SKILL.md

@@ -13,7 +13,6 @@ quick_reference_card: true
 tags: [holistic, pact, quality, whole-team, proactive, autonomous, collaborative, targeted]
 trust_tier: 0
 validation:
-
 ---
 
 # Holistic Testing Model with PACT Principles

package/assets/skills/localization-testing/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/localization-testing.yaml
-
 ---
 
 # Localization & Internationalization Testing
@@ -50,19 +49,6 @@ When testing multi-language/region support:
 - Before international releases
 - After UI changes
 
-### i18n vs l10n
-| Term | Full Name | Focus |
-|------|-----------|-------|
-| **i18n** | Internationalization | Building for localization |
-| **l10n** | Localization | Adapting for specific locale |
-
-### Common Locale Formats
-| Type | US (en-US) | UK (en-GB) | Japan (ja-JP) |
-|------|------------|------------|---------------|
-| **Date** | 10/24/2025 | 24/10/2025 | 2025/10/24 |
-| **Currency** | $1,234.56 | £1,234.56 | ¥1,235 |
-| **Number** | 1,234.56 | 1,234.56 | 1,234.56 |
-
 ---
 
 ## Translation Coverage Testing
@@ -220,8 +206,4 @@ const l10nFleet = await FleetManager.coordinate({
 
 ## Remember
 
-**Don't hardcode. Externalize all user-facing strings.** Every string visible to users must come from translation files, not code.
-
-**Test with native speakers, not just translation files.** Machine translations and translation files can have context issues that only native speakers catch.
-
 **With Agents:** Agents validate translation coverage, detect hardcoded strings, test locale-specific formatting, and verify RTL layouts automatically across all supported languages.

package/assets/skills/mobile-testing/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/mobile-testing.yaml
-
 ---
 
 # Mobile Testing
@@ -66,51 +65,6 @@ When testing mobile applications:
 | **Tier 2** | 30% users | iPhone 14/13, Pixel 8 |
 | **Tier 3** | 10% users | Older devices, other manufacturers |
 
-### Mobile Performance Goals
-| Metric | Target |
-|--------|--------|
-| App launch | < 2 seconds |
-| Screen transition | < 300ms |
-| Frame rate | 60 FPS |
-| Battery drain | < 5%/hour background |
-
----
-
-## Touch Gesture Testing
-
-```javascript
-// Appium gesture examples
-// Tap
-await driver.touchAction({ action: 'tap', x: 100, y: 200 });
-
-// Swipe (scroll down)
-await driver.touchAction([
-  { action: 'press', x: 200, y: 400 },
-  { action: 'moveTo', x: 200, y: 100 },
-  { action: 'release' }
-]);
-
-// Pinch to zoom
-const finger1 = [
-  { action: 'press', x: 100, y: 200 },
-  { action: 'moveTo', x: 50, y: 150 },
-  { action: 'release' }
-];
-const finger2 = [
-  { action: 'press', x: 200, y: 200 },
-  { action: 'moveTo', x: 250, y: 250 },
-  { action: 'release' }
-];
-await driver.multiTouchAction([finger1, finger2]);
-
-// Long press
-await driver.touchAction({
-  action: 'longPress',
-  x: 100, y: 200,
-  duration: 2000
-});
-```
-
 ---
 
 ## Mobile-Specific Scenarios
@@ -218,8 +172,6 @@ const mobileFleet = await FleetManager.coordinate({
 
 ## Remember
 
-**Mobile is not a smaller desktop - it's a different platform.** 60%+ of web traffic is mobile. Device fragmentation (1000+ Android devices), touch gestures, sensors, permissions, offline scenarios - all require specific testing.
-
-**Test on real devices for critical flows.** Emulators catch 80% of bugs but real devices needed for actual performance, sensor behavior, and platform quirks.
+**Test on real devices for critical flows.** Emulators catch 80% of bugs but real devices are needed for actual performance, sensor behavior, and platform quirks.
 
-**With Agents:** `qe-test-executor` orchestrates testing across device farms, manages platform differences, and tests 10+ devices in parallel. Reduces mobile testing from days to hours.
+**With Agents:** `qe-test-executor` orchestrates testing across device farms, manages platform differences, and tests 10+ devices in parallel.

package/assets/skills/mutation-testing/SKILL.md

@@ -11,7 +11,6 @@ last_optimized: 2025-12-02
 dependencies: []
 quick_reference_card: true
 tags: [mutation, stryker, test-quality, kill-rate, assertions, effectiveness]
-
 # ADR-056 Trust Tier 3 Validation
 trust_tier: 3
 validation:
@@ -234,3 +233,29 @@ const mutationFleet = await FleetManager.coordinate({
 **Focus on critical paths first.** Don't mutation test everything - prioritize payment, authentication, data integrity code.
 
 **With Agents:** Agents run mutation analysis, identify surviving mutants, and generate missing test cases to kill them. Automated improvement of test quality.
+
+## Run History
+
+After each mutation test run, append results to `run-history.json` in this skill directory:
+```bash
+node -e "
+const fs = require('fs');
+const h = JSON.parse(fs.readFileSync('.claude/skills/mutation-testing/run-history.json'));
+h.runs.push({date: new Date().toISOString().split('T')[0], mutation_score_pct: SCORE, killed: KILLED, survived: SURVIVED});
+fs.writeFileSync('.claude/skills/mutation-testing/run-history.json', JSON.stringify(h, null, 2));
+"
+```
+Read `run-history.json` before each run to track score improvements over time.
+
+## Skill Composition
+
+- **Before mutation testing** → Run `/qe-test-generation` to ensure tests exist
+- **After mutation results** → Use `/qe-coverage-analysis` to prioritize improvement areas
+- **Quality gate** → Feed results into `/qe-quality-assessment` for ship/no-ship decision
+
+## Gotchas
+
+- Stryker requires `--testRunner jest` explicitly if both jest and vitest are installed
+- Mutating `>=` to `>` in date comparisons rarely gets killed — add boundary tests
+- Running on files >500 LOC will timeout; use `--mutate` to target specific functions
+- `--concurrency` defaults to CPU count which OOMs in containers — set to 2

package/assets/skills/mutation-testing/config.json

@@ -0,0 +1,14 @@
+{
+  "$schema": "./config-schema.json",
+  "_description": "Mutation Testing configuration. Auto-created on first run. Edit to customize.",
+  "mutator": "stryker",
+  "concurrency": 2,
+  "score_threshold": 80,
+  "options": {
+    "testRunner": null,
+    "mutateGlob": "src/**/*.{ts,js}",
+    "excludeGlob": "src/**/*.test.{ts,js}",
+    "timeoutMs": 60000
+  },
+  "_setupPrompt": "If testRunner is null, ask: 'Which test runner does this project use? (jest/vitest/mocha)'. Warn: concurrency defaults to 2 to avoid OOM in containers."
+}

package/assets/skills/mutation-testing/references/mutation-operators.md

@@ -0,0 +1,38 @@
+# Mutation Operators Reference
+
+## Arithmetic Operators
+| Original | Mutant | What It Tests |
+|----------|--------|--------------|
+| `a + b` | `a - b` | Addition logic |
+| `a * b` | `a / b` | Multiplication logic |
+| `a % b` | `a * b` | Modulo logic |
+
+## Conditional Operators
+| Original | Mutant | What It Tests |
+|----------|--------|--------------|
+| `a > b` | `a >= b` | Off-by-one in boundaries |
+| `a >= b` | `a > b` | Boundary inclusion |
+| `a === b` | `a !== b` | Equality checks |
+| `a && b` | `a \|\| b` | Logical conjunction |
+
+## Statement Mutations
+| Original | Mutant | What It Tests |
+|----------|--------|--------------|
+| `return x` | `return !x` | Return value negation |
+| `if (cond)` | `if (true)` | Condition relevance |
+| `if (cond)` | `if (false)` | Dead code detection |
+| `statement` | _(removed)_ | Statement necessity |
+
+## Common Surviving Mutants and Fixes
+
+**`>=` to `>` survives**: Add boundary test with exact boundary value
+**`&&` to `||` survives**: Add test where only one condition is true
+**Removed `return` survives**: Function's return value isn't being checked
+**`+1` to `-1` survives**: Increment/decrement logic untested
+
+## Stryker Configuration Tips
+- `--testRunner jest` — explicit when multiple runners installed
+- `--concurrency 2` — prevents OOM in containers
+- `--mutate 'src/**/*.ts,!src/**/*.d.ts'` — skip type definitions
+- `--timeoutMS 60000` — increase for slow test suites
+- `--thresholds.high 80 --thresholds.low 60` — score quality bands

package/assets/skills/mutation-testing/run-history.json

@@ -0,0 +1,6 @@
+{
+  "_description": "Mutation testing run history. Append after each run. Claude reads this to track mutation score trends.",
+  "_format": "Each entry: {date, scope, mutation_score_pct, killed, survived, timeout, no_coverage, improvement_areas}",
+  "_instructions": "After running mutation testing, append results here. Track score improvements over time. Flag if score drops below threshold.",
+  "runs": []
+}

package/assets/skills/n8n-expression-testing/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/n8n-expression-testing.yaml
-
 ---
 
 # n8n Expression Testing

package/assets/skills/n8n-integration-testing-patterns/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/n8n-integration-testing-patterns.yaml
-
 ---
 
 # n8n Integration Testing Patterns

package/assets/skills/n8n-security-testing/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/n8n-security-testing.yaml
-
 ---
 
 # n8n Security Testing

package/assets/skills/n8n-trigger-testing-strategies/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/n8n-trigger-testing-strategies.yaml
-
 ---
 
 # n8n Trigger Testing Strategies

package/assets/skills/n8n-workflow-testing-fundamentals/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/n8n-workflow-testing-fundamentals.yaml
-
 ---
 
 # n8n Workflow Testing Fundamentals

package/assets/skills/no-skip/SKILL.md

@@ -0,0 +1,74 @@
+---
+name: no-skip
+description: "Use when you want to prevent .skip(), .only(), xit(), and xdescribe() from being committed to test files. Activate with /no-skip for session-scoped test skip prevention."
+user-invocable: true
+---
+
+# No-Skip Mode
+
+When activated, blocks any write that adds test-skipping patterns to test files.
+
+## What It Does
+
+Prevents these patterns from being written to test files:
+- `.skip()` — skips individual tests
+- `.only()` — runs only one test (excludes all others)
+- `xit(` / `xdescribe(` — Jasmine skip syntax
+- `test.todo(` — unimplemented test placeholders
+- `@Skip` / `@Disabled` — JUnit skip annotations
+
+## Activation
+
+```
+/no-skip
+```
+
+## Hook Configuration
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hook": ".claude/skills/no-skip/scripts/check-skips.sh",
+        "condition": "file matches **/*.test.{ts,js,tsx,jsx} OR **/*.spec.{ts,js}"
+      }
+    ]
+  }
+}
+```
+
+## Enforcement Logic
+
+```bash
+#!/bin/bash
+# check-skips.sh
+CONTENT="$1"
+
+SKIP_PATTERNS=(
+  '\.skip\s*\('
+  '\.only\s*\('
+  '\bxit\s*\('
+  '\bxdescribe\s*\('
+  '\bxcontext\s*\('
+  'test\.todo\s*\('
+  '@Skip'
+  '@Disabled'
+  '@Ignore'
+)
+
+for pattern in "${SKIP_PATTERNS[@]}"; do
+  if echo "$CONTENT" | grep -qP "$pattern"; then
+    echo "BLOCKED: Found skip pattern '$pattern'"
+    echo "Remove the skip and either fix the test or delete it."
+    exit 1
+  fi
+done
+```
+
+## Gotchas
+
+- This catches NEW skips being written, not existing ones — run `grep -r '.skip(' tests/` to find existing skips
+- `.only()` is sometimes used intentionally during debugging — deactivate with `/no-skip off` if needed
+- Some frameworks use `pending()` instead of `.skip()` — add to patterns if using Jasmine

package/assets/skills/no-skip/scripts/check-skips.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# check-skips.sh — No-Skip hook
+# Blocks writes that add test-skipping patterns to test files.
+# Called by PreToolUse hook on Write/Edit to **/*.test.* or **/*.spec.*
+
+CONTENT="$1"
+
+if [ -z "$CONTENT" ]; then
+  # If no content passed, read from stdin
+  CONTENT=$(cat)
+fi
+
+FOUND=0
+
+# Check for skip patterns
+for pattern in '\.skip\s*(' '\.only\s*(' '\bxit\s*(' '\bxdescribe\s*(' '\bxcontext\s*(' 'test\.todo\s*(' '@Skip' '@Disabled' '@Ignore'; do
+  if echo "$CONTENT" | grep -qP "$pattern" 2>/dev/null || echo "$CONTENT" | grep -q "$pattern" 2>/dev/null; then
+    echo "BLOCKED: Found skip pattern: $pattern"
+    FOUND=1
+  fi
+done
+
+if [ $FOUND -eq 1 ]; then
+  echo "Remove the skip and either fix the test or delete it."
+  exit 1
+fi
+
+exit 0

package/assets/skills/pair-programming/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: Pair Programming
-description: AI-assisted pair programming with multiple modes (driver/navigator/switch), real-time verification, quality monitoring, and comprehensive testing. Supports TDD, debugging, refactoring, and learning sessions. Features automatic role switching, continuous code review, security scanning, and performance optimization with truth-score verification.
+description: "Use when pair programming with AI assistance, practicing TDD with a navigator, debugging collaboratively, refactoring with real-time verification, or running learning sessions with continuous code review and quality monitoring."
 ---
 
 # Pair Programming

package/assets/skills/pentest-validation/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: pentest-validation
-description: "Orchestrate security finding validation through graduated exploitation. 4-phase pipeline: recon (SAST/DAST), analysis (code review), validation (exploit proof), report (No Exploit, No Report gate). Eliminates false positives by proving exploitability."
+description: "Use when validating security findings from SAST/DAST scans, proving exploitability of reported vulnerabilities, eliminating false positives, or running the 4-phase pentest pipeline (recon, analysis, validation, report)."
 category: specialized-testing
 priority: critical
 tokenEstimate: 1500
@@ -253,8 +253,7 @@ aqe/pentest/
 
 ## Related Skills
 
-- [security-testing](../security-testing/) - OWASP vulnerability scanning
-- [qe-security-compliance](../qe-security-compliance/) - SAST/DAST automation
+- [security-testing](../security-testing/) - OWASP vulnerability scanning, SAST/DAST automation
 - [compliance-testing](../compliance-testing/) - Regulatory compliance
 - [api-testing-patterns](../api-testing-patterns/) - API security testing
 - [chaos-engineering-resilience](../chaos-engineering-resilience/) - Security under chaos