agentic-qe 3.8.1 → 3.8.3

package/assets/skills/qe-visual-accessibility/SKILL.md

@@ -1,12 +1,11 @@
 ---
 name: "QE Visual Accessibility"
-description: "Visual regression testing, responsive design validation, and WCAG accessibility compliance testing."
+description: "Use when detecting visual regressions, validating responsive design across viewports, testing WCAG accessibility compliance, or ensuring UI consistency after changes."
 trust_tier: 3
 validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/qe-visual-accessibility.yaml
-
 ---
 
 # QE Visual Accessibility

package/assets/skills/quality-metrics/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/quality-metrics.yaml
-
 ---
 
 # Quality Metrics
@@ -24,21 +23,9 @@ validation:
 <default_to_action>
 When measuring quality or building dashboards:
 1. MEASURE outcomes (bug escape rate, MTTD) not activities (test count)
-2. FOCUS on DORA metrics: Deployment frequency, Lead time, MTTD, MTTR, Change failure rate
-3. AVOID vanity metrics: 100% coverage means nothing if tests don't catch bugs
-4. SET thresholds that drive behavior (quality gates block bad code)
-5. TREND over time: Direction matters more than absolute numbers
-
-**Quick Metric Selection:**
-- Speed: Deployment frequency, lead time for changes
-- Stability: Change failure rate, MTTR
-- Quality: Bug escape rate, defect density, test effectiveness
-- Process: Code review time, flaky test rate
-
-**Critical Success Factors:**
-- Metrics without action are theater
-- What you measure is what you optimize
-- Trends matter more than snapshots
+2. AVOID vanity metrics: 100% coverage means nothing if tests don't catch bugs
+3. SET thresholds that drive behavior (quality gates block bad code)
+4. TREND over time: Direction matters more than absolute numbers
 </default_to_action>
 
 ## Quick Reference Card
@@ -49,23 +36,6 @@ When measuring quality or building dashboards:
 - Evaluating testing effectiveness
 - Justifying quality investments
 
-### Meaningful vs Vanity Metrics
-| ✅ Meaningful | ❌ Vanity |
-|--------------|-----------|
-| Bug escape rate | Test case count |
-| MTTD (detection) | Lines of test code |
-| MTTR (recovery) | Test executions |
-| Change failure rate | Coverage % (alone) |
-| Lead time for changes | Requirements traced |
-
-### DORA Metrics
-| Metric | Elite | High | Medium | Low |
-|--------|-------|------|--------|-----|
-| Deploy Frequency | On-demand | Weekly | Monthly | Yearly |
-| Lead Time | < 1 hour | < 1 week | < 1 month | > 6 months |
-| Change Failure Rate | < 5% | < 15% | < 30% | > 45% |
-| MTTR | < 1 hour | < 1 day | < 1 week | > 1 month |
-
 ### Quality Gate Thresholds
 | Metric | Blocking Threshold | Warning |
 |--------|-------------------|---------|
@@ -77,38 +47,6 @@ When measuring quality or building dashboards:
 
 ---
 
-## Core Metrics
-
-### Bug Escape Rate
-```
-Bug Escape Rate = (Production Bugs / Total Bugs Found) × 100
-
-Target: < 10% (90% caught before production)
-```
-
-### Test Effectiveness
-```
-Test Effectiveness = (Bugs Found by Tests / Total Bugs) × 100
-
-Target: > 70%
-```
-
-### Defect Density
-```
-Defect Density = Defects / KLOC
-
-Good: < 1 defect per KLOC
-```
-
-### Mean Time to Detect (MTTD)
-```
-MTTD = Time(Bug Reported) - Time(Bug Introduced)
-
-Target: < 1 day for critical, < 1 week for others
-```
-
----
-
 ## Dashboard Design
 
 ```typescript
@@ -205,17 +143,6 @@ const metricsFleet = await FleetManager.coordinate({
 
 ---
 
-## Common Traps
-
-| Trap | Problem | Solution |
-|------|---------|----------|
-| Coverage worship | 100% coverage, bugs still escape | Measure bug escape rate instead |
-| Test count focus | Many tests, slow feedback | Measure execution time |
-| Activity metrics | Busy work, no outcomes | Measure outcomes (MTTD, MTTR) |
-| Point-in-time | Snapshot without context | Track trends over time |
-
----
-
 ## Related Skills
 - [agentic-quality-engineering](../agentic-quality-engineering/) - Agent coordination
 - [cicd-pipeline-qe-orchestrator](../cicd-pipeline-qe-orchestrator/) - Quality gates
@@ -226,6 +153,4 @@ const metricsFleet = await FleetManager.coordinate({
 
 ## Remember
 
-**Measure outcomes, not activities.** Bug escape rate > test count. MTTD/MTTR > coverage %. Trends > snapshots. Set gates that block bad code. What you measure is what you optimize.
-
 **With Agents:** Agents track metrics automatically, analyze trends, trigger alerts, and make gate decisions. Use agents to maintain continuous quality visibility.

package/assets/skills/refactoring-patterns/SKILL.md

@@ -15,7 +15,6 @@ trust_tier: 2
 validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
-
 ---
 
 # Refactoring Patterns

package/assets/skills/regression-testing/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/regression-testing.yaml
-
 ---
 
 # Regression Testing
@@ -48,14 +47,6 @@ When verifying changes don't break existing functionality:
 - After dependency updates
 - After environment changes
 
-### Regression Types
-| Type | When | Scope |
-|------|------|-------|
-| **Corrective** | No code change | Full suite |
-| **Progressive** | New features | Existing + new |
-| **Selective** | Specific changes | Changed + dependent |
-| **Complete** | Major refactor | Everything |
-
 ### Test Selection Strategies
 | Strategy | How | Reduction |
 |----------|-----|-----------|
@@ -91,22 +82,6 @@ function selectTests(changedFiles: string[]): string[] {
 
 ---
 
-## Regression Suite Pyramid
-
-```
-         /\
-        /  \  Full Regression (weekly)
-       /    \  - All tests (2-4 hours)
-      /------\
-     /        \  Extended Regression (nightly)
-    /          \  - Unit + integration + critical E2E (30-60 min)
-   /------------\
-  /              \  Quick Regression (per commit)
- /________________\  - Changed code + smoke tests (5-10 min)
-```
-
----
-
 ## CI/CD Integration
 
 ```yaml
@@ -141,27 +116,6 @@ jobs:
 
 ---
 
-## Optimization Techniques
-
-```javascript
-// 1. Parallel execution
-module.exports = {
-  maxWorkers: '50%', // Use half CPU cores
-  testTimeout: 30000
-};
-
-// 2. Sharding across CI workers
-// npm test -- --shard=1/4
-
-// 3. Incremental testing (only changed since last run)
-// Track last run state, skip passing unchanged tests
-
-// 4. Fast-fail on smoke
-// Run critical tests first, abort if they fail
-```
-
----
-
 ## Agent-Driven Regression
 
 ```typescript
@@ -226,8 +180,18 @@ const regressionFleet = await FleetManager.coordinate({
 
 ## Remember
 
-**Regression testing is insurance against change.** Every code change is a risk. Smart regression testing mitigates that risk by testing what matters based on what changed.
+**With Agents:** `qe-regression-risk-analyzer` provides intelligent test selection achieving 90% defect detection in 10% of execution time. Agents generate regression tests from production bugs automatically.
 
-**Good regression testing is strategic, not exhaustive.** You cannot test everything, every time. Select based on changes, risk, and time budget.
+## Skill Composition
 
-**With Agents:** `qe-regression-risk-analyzer` provides intelligent test selection achieving 90% defect detection in 10% of execution time. Agents generate regression tests from production bugs automatically.
+- **Test failing?** → Use `/test-failure-investigator` to diagnose root cause
+- **File a bug** → Use `/bug-reporting-excellence` for proper bug reporting
+- **Test selection** → Use `/risk-based-testing` for risk-based prioritization
+
+## Gotchas
+
+- Agent defaults to "run everything" despite being told to select — explicitly constrain with `--affected` or file list
+- Change-based selection misses transitive dependencies — a model change can break a controller test 3 hops away
+- Flaky tests in regression suites erode trust faster than missing tests — quarantine immediately, don't skip
+- Agent may report "0 regressions" when tests simply weren't run — verify test count in output, not just pass/fail
+- Running full regression in containers often OOMs — use `--workers=2` and `--shard` for CI environments

package/assets/skills/risk-based-testing/SKILL.md

@@ -16,28 +16,16 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/risk-based-testing.yaml
-
 ---
 
 # Risk-Based Testing
 
 <default_to_action>
 When planning tests or allocating testing resources:
-1. IDENTIFY risks: What can go wrong? What's the impact? What's the likelihood?
-2. CALCULATE risk: Risk = Probability × Impact (use 1-5 scale for each)
-3. PRIORITIZE: Critical (20+) → High (12-19) → Medium (6-11) → Low (1-5)
-4. ALLOCATE effort: 60% critical, 25% high, 10% medium, 5% low
-5. REASSESS continuously: New info, changes, production incidents
-
-**Quick Risk Assessment:**
-- Probability factors: Complexity, change frequency, developer experience, technical debt
-- Impact factors: User count, revenue, safety, reputation, regulatory
-- Dynamic adjustment: Production bugs increase risk; stable code decreases
-
-**Critical Success Factors:**
-- Test where bugs hurt most, not everywhere equally
-- Risk is dynamic - reassess with new information
-- Production data informs risk (shift-right feeds shift-left)
+1. IDENTIFY risks per component (use 1-5 scale for probability and impact)
+2. PRIORITIZE: Critical (20+) → High (12-19) → Medium (6-11) → Low (1-5)
+3. ALLOCATE effort: 60% critical, 25% high, 10% medium, 5% low
+4. REASSESS continuously: Production incidents raise risk; stable code lowers it
 </default_to_action>
 
 ## Quick Reference Card
@@ -48,11 +36,7 @@ When planning tests or allocating testing resources:
 - Allocating limited testing time
 - Justifying test coverage decisions
 
-### Risk Calculation
-```
-Risk Score = Probability (1-5) × Impact (1-5)
-```
-
+### Effort Allocation by Risk Score
 | Score | Priority | Effort | Action |
 |-------|----------|--------|--------|
 | 20-25 | Critical | 60% | Comprehensive testing, multiple techniques |
@@ -60,37 +44,9 @@ Risk Score = Probability (1-5) × Impact (1-5)
 | 6-11 | Medium | 10% | Standard testing, basic automation |
 | 1-5 | Low | 5% | Smoke test, exploratory only |
 
-### Probability Factors
-| Factor | Low (1) | Medium (3) | High (5) |
-|--------|---------|------------|----------|
-| Complexity | Simple CRUD | Business logic | Algorithms, integrations |
-| Change Rate | Stable 6+ months | Monthly changes | Weekly/daily changes |
-| Developer Experience | Senior, domain expert | Mid-level | Junior, new to codebase |
-| Technical Debt | Clean code | Some debt | Legacy, no tests |
-
-### Impact Factors
-| Factor | Low (1) | Medium (3) | High (5) |
-|--------|---------|------------|----------|
-| Users Affected | Admin only | Department | All users |
-| Revenue | None | Indirect | Direct (checkout) |
-| Safety | Convenience | Data loss | Physical harm |
-| Reputation | Internal | Industry | Public scandal |
-
 ---
 
-## Risk Assessment Workflow
-
-### Step 1: List Features/Components
-```
-Feature | Probability | Impact | Risk | Priority
---------|-------------|--------|------|----------
-Checkout | 4 | 5 | 20 | Critical
-User Auth | 3 | 5 | 15 | High
-Admin Panel | 2 | 2 | 4 | Low
-Search | 3 | 3 | 9 | Medium
-```
-
-### Step 2: Apply Test Depth
+## Apply Test Depth by Risk
 ```typescript
 await Task("Risk-Based Test Generation", {
   critical: {
@@ -207,6 +163,4 @@ const riskFleet = await FleetManager.coordinate({
 
 ## Remember
 
-**Risk = Probability × Impact.** Test where bugs hurt most. Critical gets 60%, low gets 5%. Risk is dynamic - reassess with new info. Production incidents raise risk scores.
-
 **With Agents:** Agents calculate risk using ML on historical data, select risk-appropriate tests, and adjust scores from production feedback. Use agents to maintain dynamic risk profiles at scale.

package/assets/skills/security-testing/SKILL.md

@@ -295,6 +295,10 @@ API keys in code → **Environment variables, secret management**
 
 ---
 
+## Compliance & Agent CLI
+
+For v3 agent-specific commands (`aqe security ...`), SAST/DAST scanning code, compliance audits (SOC2/GDPR/HIPAA), secret detection, and security gates, see [references/compliance-agent-commands.md](references/compliance-agent-commands.md).
+
 ## Related Skills
 - [agentic-quality-engineering](../agentic-quality-engineering/) - Security with agents
 - [api-testing-patterns](../api-testing-patterns/) - API security testing
@@ -309,3 +313,29 @@ API keys in code → **Environment variables, secret management**
 **Test continuously:** Security testing is ongoing, not one-time.
 
 **With Agents:** Agents automate vulnerability scanning, track remediation, and validate fixes. Use agents to maintain security posture at scale.
+
+## Run History
+
+After each security scan, append results to `run-history.json` in this skill directory:
+```bash
+node -e "
+const fs = require('fs');
+const h = JSON.parse(fs.readFileSync('.claude/skills/security-testing/run-history.json'));
+h.runs.push({date: new Date().toISOString().split('T')[0], scan_types: ['sast','deps'], findings: {critical: 0, high: 0, medium: 0, low: 0}});
+fs.writeFileSync('.claude/skills/security-testing/run-history.json', JSON.stringify(h, null, 2));
+"
+```
+Read `run-history.json` before each scan — track finding count by severity over time. Alert if critical findings increase.
+
+## Skill Composition
+
+- **During code review** → Use with `/code-review-quality` for combined quality + security review
+- **Validate findings** → Use `/pentest-validation` to prove exploitability
+- **Compliance** → Use `/compliance-testing` for regulatory requirements
+
+## Gotchas
+
+- `npm audit` may report false positives for dev dependencies — filter with `--omit=dev` for production-relevant results
+- Agent may skip DAST in favor of faster SAST-only scans — explicitly request both if needed
+- security-compliance domain has 100% success rate — use as model for other skill reliability
+- When scanning dependencies, check both direct and transitive — `npm audit --all` catches nested vulnerabilities

package/assets/skills/security-testing/config.json

@@ -0,0 +1,13 @@
+{
+  "$schema": "./config-schema.json",
+  "_description": "Security Testing configuration. Auto-created on first run. Edit to customize.",
+  "severity_threshold": "high",
+  "scan_types": ["sast", "deps"],
+  "owasp_version": "2021",
+  "options": {
+    "includeDevDependencies": false,
+    "autoFix": false,
+    "reportFormat": "json"
+  },
+  "_setupPrompt": "If severity_threshold is default, ask: 'What minimum severity should block deployment? (critical/high/medium/low)'. If scan_types only has defaults, ask: 'Which scan types to run? (sast/dast/deps/secrets — comma-separated)'."
+}

package/assets/skills/security-testing/references/compliance-agent-commands.md

@@ -0,0 +1,131 @@
+# Security Testing — Compliance & Agent CLI Commands
+
+Merged from `qe-security-compliance`. Use these for v3 agent-specific security/compliance capabilities.
+
+## AQE CLI Commands
+
+```bash
+# Full security scan
+aqe security scan --scope src/ --checks all
+
+# Vulnerability check
+aqe security vulns --dependencies --severity critical,high
+
+# Compliance audit
+aqe security compliance --standard soc2 --output report.html
+
+# OWASP check
+aqe security owasp --top-10 --scope src/
+```
+
+## Agent Workflow
+
+```typescript
+// Security audit
+Task("Security audit", `
+  Perform comprehensive security audit:
+  - SAST scan for code vulnerabilities
+  - Dependency vulnerability check
+  - Secret detection in code and configs
+  - OWASP Top 10 validation
+  Generate security report with remediation steps.
+`, "qe-security-auditor")
+
+// Compliance validation
+Task("SOC2 compliance check", `
+  Validate SOC2 compliance requirements:
+  - Access control verification
+  - Encryption validation
+  - Audit logging check
+  - Data retention compliance
+  Generate compliance evidence report.
+`, "qe-compliance-checker")
+```
+
+## SAST Scanning
+
+```typescript
+await securityScanner.staticAnalysis({
+  scope: 'src/**/*.ts',
+  checks: ['sql-injection', 'xss', 'command-injection', 'path-traversal', 'insecure-crypto', 'hardcoded-secrets'],
+  rules: 'owasp-top-10',
+  severity: ['critical', 'high', 'medium']
+});
+```
+
+## Dependency Scanning
+
+```typescript
+await securityScanner.dependencyCheck({
+  sources: ['package.json', 'package-lock.json'],
+  checks: { knownVulnerabilities: true, outdatedPackages: true, licenseCompliance: true, supplyChainRisk: true },
+  severity: ['critical', 'high'],
+  autoFix: { enabled: true, dryRun: false }
+});
+```
+
+## Compliance Audit
+
+```typescript
+await complianceChecker.audit({
+  standards: ['SOC2', 'GDPR', 'HIPAA'],
+  scope: { code: 'src/', configs: 'config/', infrastructure: 'terraform/' },
+  output: { gaps: true, evidence: true, recommendations: true }
+});
+```
+
+## Secret Detection
+
+```typescript
+await securityScanner.detectSecrets({
+  scope: ['.', 'config/', '.env*'],
+  patterns: ['api-keys', 'passwords', 'tokens', 'private-keys', 'connection-strings'],
+  exclude: ['*.test.ts', 'mocks/'],
+  action: { onDetect: 'block', notify: ['security-team'] }
+});
+```
+
+## Security Gates
+
+```yaml
+security_gates:
+  block_merge:
+    - critical_vulnerabilities > 0
+    - high_vulnerabilities > 2
+    - secrets_detected > 0
+    - compliance_failures > 0
+  warn:
+    - medium_vulnerabilities > 5
+    - outdated_dependencies > 10
+  enforce:
+    - signed_commits: required
+    - code_review: required
+    - security_scan: required
+```
+
+## Compliance Standards Coverage
+
+| Standard | Scope | Auto-Check |
+|----------|-------|------------|
+| SOC2 | Security controls | Partial |
+| GDPR | Data privacy | Partial |
+| HIPAA | Health data | Partial |
+| PCI-DSS | Payment data | Yes |
+| ISO 27001 | InfoSec | Partial |
+
+## Security Report Interface
+
+```typescript
+interface SecurityReport {
+  summary: { score: number; critical: number; high: number; medium: number; low: number };
+  vulnerabilities: { id: string; type: string; severity: string; location: string; description: string; remediation: string; cwe: string; owasp: string }[];
+  dependencies: { vulnerable: number; outdated: number; details: DependencyVuln[] };
+  compliance: { standard: string; status: 'compliant' | 'non-compliant' | 'partial'; gaps: ComplianceGap[]; evidence: Evidence[] }[];
+  secrets: { detected: number; locations: SecretLocation[] };
+}
+```
+
+## Coordination
+
+**Primary Agents**: qe-security-auditor, qe-security-scanner, qe-compliance-checker
+**Coordinator**: qe-security-coordinator

package/assets/skills/security-testing/references/owasp-top-10.md

@@ -0,0 +1,66 @@
+# OWASP Top 10 (2021) Quick Reference
+
+## A01: Broken Access Control
+- Test: Horizontal privilege escalation (user A accessing user B's data)
+- Test: Vertical privilege escalation (user accessing admin endpoints)
+- Test: IDOR on every object reference (change IDs in URLs/params)
+- Test: Missing function-level access control on API endpoints
+- Common miss: Admin APIs accessible without auth check
+
+## A02: Cryptographic Failures
+- Test: TLS version (require 1.2+, reject 1.0/1.1)
+- Test: Password hashing (bcrypt/argon2, never MD5/SHA1)
+- Test: Sensitive data in URLs/logs/error messages
+- Test: Cookie flags (Secure, HttpOnly, SameSite)
+- Common miss: API keys in client-side JavaScript
+
+## A03: Injection
+- Test: SQL injection on all input fields (parameterized queries?)
+- Test: XSS (reflected, stored, DOM-based) — try `<script>alert(1)</script>` and encoded variants
+- Test: Command injection on any server-side exec
+- Test: NoSQL injection on MongoDB queries
+- Common miss: Second-order SQL injection via stored data
+
+## A04: Insecure Design
+- Test: Business logic flaws (negative quantities, race conditions)
+- Test: Missing rate limiting on sensitive endpoints
+- Test: Lack of resource quotas
+- Common miss: Discount codes applied multiple times
+
+## A05: Security Misconfiguration
+- Test: Default credentials on all services
+- Test: Unnecessary HTTP methods (OPTIONS, TRACE)
+- Test: Directory listing enabled
+- Test: Stack traces in error responses
+- Common miss: S3 bucket with public ACL
+
+## A06: Vulnerable Components
+- Test: `npm audit` / `snyk test` for known CVEs
+- Test: Outdated framework versions
+- Test: Abandoned dependencies (no updates in 2+ years)
+- Common miss: Transitive dependencies with critical CVEs
+
+## A07: Auth Failures
+- Test: Credential stuffing protection (rate limiting, captcha)
+- Test: Session fixation (new session ID after login)
+- Test: JWT validation (algorithm confusion, expiry, signature)
+- Test: MFA bypass attempts
+- Common miss: Password reset token doesn't expire
+
+## A08: Software/Data Integrity
+- Test: CI/CD pipeline integrity (signed commits, reviewed PRs)
+- Test: Dependency integrity (lock files, SRI hashes)
+- Test: Deserialization attacks
+- Common miss: Auto-update mechanism without signature verification
+
+## A09: Logging/Monitoring Failures
+- Test: Failed login attempts logged with IP
+- Test: Sensitive data NOT in logs (passwords, tokens)
+- Test: Log injection prevention
+- Common miss: No alerting on repeated auth failures
+
+## A10: SSRF
+- Test: URL parameters that fetch external resources
+- Test: Internal network access via URL manipulation
+- Test: Cloud metadata endpoint access (169.254.169.254)
+- Common miss: Redirect chains bypassing allowlists

package/assets/skills/security-testing/run-history.json

@@ -0,0 +1,6 @@
+{
+  "_description": "Security testing run history. Append after each scan. Claude reads this to track finding severity trends.",
+  "_format": "Each entry: {date, scope, scan_types, findings: {critical, high, medium, low, info}, new_since_last, fixed_since_last}",
+  "_instructions": "After running security scan, append results here. Track finding count by severity over time. Alert if critical findings increase.",
+  "runs": []
+}

package/assets/skills/security-testing/templates/security-report.md

@@ -0,0 +1,44 @@
+# Security Assessment Report
+
+**Project**: {{project_name}}
+**Date**: {{date}}
+**Assessed by**: {{assessor}}
+**Scope**: {{scope_description}}
+
+## Executive Summary
+
+| Severity | Count | Fixed | Remaining |
+|----------|-------|-------|-----------|
+| Critical | | | |
+| High | | | |
+| Medium | | | |
+| Low | | | |
+| Info | | | |
+
+**Overall Risk Level**: {{risk_level}}
+**Recommendation**: {{ship/hold/remediate}}
+
+## Findings
+
+### Finding 1: {{title}}
+- **Severity**: {{critical/high/medium/low}}
+- **OWASP Category**: {{A01-A10}}
+- **Location**: {{file:line or endpoint}}
+- **Description**: {{what was found}}
+- **Impact**: {{what an attacker could do}}
+- **Reproduction**:
+  1. {{step 1}}
+  2. {{step 2}}
+- **Remediation**: {{how to fix}}
+- **Status**: {{open/fixed/accepted}}
+
+## Tools Used
+- [ ] npm audit
+- [ ] Semgrep SAST
+- [ ] OWASP ZAP DAST
+- [ ] Manual review
+- [ ] Secrets scanning
+
+## Sign-off
+- [ ] All critical/high findings addressed or accepted with risk justification
+- [ ] Remediation verified with re-test

package/assets/skills/security-visual-testing/SKILL.md

@@ -16,7 +16,6 @@ validation:
   schema_path: schemas/output.json
   validator_path: scripts/validate-config.json
   eval_path: evals/security-visual-testing.yaml
-
 ---
 
 # Security Visual Testing