agentic-qe 3.8.1 → 3.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (448) hide show
  1. package/.claude/agents/v3/qe-security-scanner.md +2 -2
  2. package/.claude/commands/claude-flow-help.md +1 -1
  3. package/.claude/helpers/github-setup.sh +4 -4
  4. package/.claude/helpers/post-commit +1 -1
  5. package/.claude/helpers/pre-commit +1 -1
  6. package/.claude/helpers/quick-start.sh +4 -4
  7. package/.claude/helpers/setup-mcp.sh +3 -3
  8. package/.claude/helpers/statusline-v3.cjs +1 -1
  9. package/.claude/helpers/validation-pipeline.cjs +625 -0
  10. package/.claude/skills/README.md +29 -7
  11. package/.claude/skills/TRUST-TIERS.md +26 -10
  12. package/.claude/skills/a11y-ally/SKILL.md +10 -2
  13. package/.claude/skills/accessibility-testing/SKILL.md +2 -1
  14. package/.claude/skills/agentic-quality-engineering/SKILL.md +1 -2
  15. package/.claude/skills/api-testing-patterns/SKILL.md +8 -0
  16. package/.claude/skills/api-testing-patterns/config.json +14 -0
  17. package/.claude/skills/api-testing-patterns/templates/api-test-scaffold.md +87 -0
  18. package/.claude/skills/brutal-honesty-review/SKILL.md +0 -1
  19. package/.claude/skills/bug-reporting-excellence/SKILL.md +14 -1
  20. package/.claude/skills/cicd-pipeline-qe-orchestrator/SKILL.md +0 -1
  21. package/.claude/skills/code-review-quality/SKILL.md +14 -1
  22. package/.claude/skills/compatibility-testing/SKILL.md +1 -54
  23. package/.claude/skills/compliance-testing/SKILL.md +8 -1
  24. package/.claude/skills/compliance-testing/config.json +13 -0
  25. package/.claude/skills/consultancy-practices/SKILL.md +1 -33
  26. package/.claude/skills/context-driven-testing/SKILL.md +0 -42
  27. package/.claude/skills/contract-testing/SKILL.md +12 -0
  28. package/.claude/skills/contract-testing/config.json +13 -0
  29. package/.claude/skills/contract-testing/references/agent-commands.md +103 -0
  30. package/.claude/skills/contract-testing/references/provider-states.md +45 -0
  31. package/.claude/skills/coverage-drop-investigator/SKILL.md +90 -0
  32. package/.claude/skills/coverage-guard/SKILL.md +82 -0
  33. package/.claude/skills/coverage-guard/scripts/check-coverage.sh +42 -0
  34. package/.claude/skills/database-testing/SKILL.md +0 -10
  35. package/.claude/skills/debug-loop/SKILL.md +1 -1
  36. package/.claude/skills/e2e-flow-verifier/SKILL.md +78 -0
  37. package/.claude/skills/enterprise-integration-testing/SKILL.md +1 -1
  38. package/.claude/skills/exploratory-testing-advanced/SKILL.md +8 -1
  39. package/.claude/skills/exploratory-testing-advanced/references/heuristic-cheatsheet.md +48 -0
  40. package/.claude/skills/freeze-tests/SKILL.md +67 -0
  41. package/.claude/skills/freeze-tests/scripts/block-test-edits.sh +27 -0
  42. package/.claude/skills/holistic-testing-pact/SKILL.md +0 -1
  43. package/.claude/skills/iterative-loop/SKILL.md +6 -6
  44. package/.claude/skills/localization-testing/SKILL.md +0 -18
  45. package/.claude/skills/mobile-testing/SKILL.md +2 -50
  46. package/.claude/skills/mutation-testing/SKILL.md +26 -1
  47. package/.claude/skills/mutation-testing/config.json +14 -0
  48. package/.claude/skills/mutation-testing/references/mutation-operators.md +38 -0
  49. package/.claude/skills/mutation-testing/run-history.json +6 -0
  50. package/.claude/skills/n8n-expression-testing/SKILL.md +0 -1
  51. package/.claude/skills/n8n-integration-testing-patterns/SKILL.md +0 -1
  52. package/.claude/skills/n8n-security-testing/SKILL.md +0 -1
  53. package/.claude/skills/n8n-trigger-testing-strategies/SKILL.md +0 -1
  54. package/.claude/skills/n8n-workflow-testing-fundamentals/SKILL.md +0 -1
  55. package/.claude/skills/no-skip/SKILL.md +74 -0
  56. package/.claude/skills/no-skip/scripts/check-skips.sh +28 -0
  57. package/.claude/skills/pair-programming/SKILL.md +1 -1
  58. package/.claude/skills/pentest-validation/SKILL.md +2 -3
  59. package/.claude/skills/performance-testing/SKILL.md +21 -0
  60. package/.claude/skills/performance-testing/config.json +18 -0
  61. package/.claude/skills/performance-testing/references/k6-patterns.md +72 -0
  62. package/.claude/skills/performance-testing/run-history.json +6 -0
  63. package/.claude/skills/pr-review/SKILL.md +3 -3
  64. package/.claude/skills/qcsd-cicd-swarm/SKILL.md +1 -2
  65. package/.claude/skills/qcsd-development-swarm/SKILL.md +1 -2
  66. package/.claude/skills/qcsd-ideation-swarm/SKILL.md +1 -2
  67. package/.claude/skills/qcsd-production-swarm/SKILL.md +1 -2
  68. package/.claude/skills/qcsd-production-swarm/steps/01-flag-detection.md +1 -1
  69. package/.claude/skills/qcsd-production-swarm/steps/07-learning-persistence.md +2 -2
  70. package/.claude/skills/qcsd-refinement-swarm/SKILL.md +1 -2
  71. package/.claude/skills/qcsd-refinement-swarm/steps/01-flag-detection.md +1 -1
  72. package/.claude/skills/qe-chaos-resilience/SKILL.md +2 -3
  73. package/.claude/skills/qe-code-intelligence/SKILL.md +9 -2
  74. package/.claude/skills/qe-coverage-analysis/SKILL.md +28 -2
  75. package/.claude/skills/qe-coverage-analysis/run-history.json +6 -0
  76. package/.claude/skills/qe-defect-intelligence/SKILL.md +1 -2
  77. package/.claude/skills/qe-iterative-loop/SKILL.md +0 -1
  78. package/.claude/skills/qe-learning-optimization/SKILL.md +1 -2
  79. package/.claude/skills/qe-quality-assessment/SKILL.md +29 -3
  80. package/.claude/skills/qe-quality-assessment/run-history.json +6 -0
  81. package/.claude/skills/qe-requirements-validation/SKILL.md +1 -2
  82. package/.claude/skills/qe-test-execution/SKILL.md +9 -2
  83. package/.claude/skills/qe-test-generation/SKILL.md +15 -2
  84. package/.claude/skills/qe-test-generation/config.json +14 -0
  85. package/.claude/skills/qe-test-generation/templates/test-scaffold-jest.md +72 -0
  86. package/.claude/skills/qe-visual-accessibility/SKILL.md +1 -2
  87. package/.claude/skills/quality-metrics/SKILL.md +3 -78
  88. package/.claude/skills/refactoring-patterns/SKILL.md +0 -1
  89. package/.claude/skills/regression-testing/SKILL.md +13 -49
  90. package/.claude/skills/risk-based-testing/SKILL.md +6 -52
  91. package/.claude/skills/security-testing/SKILL.md +30 -0
  92. package/.claude/skills/security-testing/config.json +13 -0
  93. package/.claude/skills/security-testing/references/compliance-agent-commands.md +131 -0
  94. package/.claude/skills/security-testing/references/owasp-top-10.md +66 -0
  95. package/.claude/skills/security-testing/run-history.json +6 -0
  96. package/.claude/skills/security-testing/templates/security-report.md +44 -0
  97. package/.claude/skills/security-visual-testing/SKILL.md +0 -1
  98. package/.claude/skills/security-watch/SKILL.md +93 -0
  99. package/.claude/skills/security-watch/scripts/scan-security.sh +46 -0
  100. package/.claude/skills/sherlock-review/SKILL.md +0 -1
  101. package/.claude/skills/shift-left-testing/SKILL.md +16 -88
  102. package/.claude/skills/shift-right-testing/SKILL.md +0 -1
  103. package/.claude/skills/six-thinking-hats/SKILL.md +0 -1
  104. package/.claude/skills/skill-stats/SKILL.md +79 -0
  105. package/.claude/skills/skills-manifest.json +1 -1
  106. package/.claude/skills/strict-tdd/SKILL.md +72 -0
  107. package/.claude/skills/strict-tdd/scripts/enforce-red-phase.sh +36 -0
  108. package/.claude/skills/tdd-london-chicago/SKILL.md +8 -1
  109. package/.claude/skills/technical-writing/SKILL.md +0 -1
  110. package/.claude/skills/test-automation-strategy/SKILL.md +13 -65
  111. package/.claude/skills/test-data-management/SKILL.md +1 -105
  112. package/.claude/skills/test-design-techniques/SKILL.md +2 -152
  113. package/.claude/skills/test-environment-management/SKILL.md +0 -48
  114. package/.claude/skills/test-failure-investigator/SKILL.md +99 -0
  115. package/.claude/skills/test-metrics-dashboard/SKILL.md +97 -0
  116. package/.claude/skills/test-reporting-analytics/SKILL.md +0 -1
  117. package/.claude/skills/trust-tier-manifest.json +135 -61
  118. package/.claude/skills/validation-pipeline/SKILL.md +5 -6
  119. package/.claude/skills/verification-quality/SKILL.md +15 -1
  120. package/.claude/skills/visual-testing-advanced/SKILL.md +0 -1
  121. package/.claude/skills/xp-practices/SKILL.md +2 -110
  122. package/.opencode/agents/collective-intelligence-coordinator.yaml +52 -0
  123. package/.opencode/agents/ddd-domain-expert.yaml +49 -0
  124. package/.opencode/agents/memory-specialist.yaml +49 -0
  125. package/.opencode/agents/performance-engineer.yaml +53 -0
  126. package/.opencode/agents/qe-accessibility-auditor.yaml +118 -0
  127. package/.opencode/agents/qe-api-contract-validator.yaml +85 -0
  128. package/.opencode/agents/qe-bdd-generator.yaml +83 -0
  129. package/.opencode/agents/qe-chaos-engineer.yaml +114 -0
  130. package/.opencode/agents/qe-code-complexity.yaml +82 -0
  131. package/.opencode/agents/qe-code-intelligence.yaml +80 -0
  132. package/.opencode/agents/qe-coverage-analyzer.yaml +75 -0
  133. package/.opencode/agents/qe-defect-predictor.yaml +81 -0
  134. package/.opencode/agents/qe-dependency-mapper.yaml +81 -0
  135. package/.opencode/agents/qe-deployment-advisor.yaml +82 -0
  136. package/.opencode/agents/qe-devils-advocate.yaml +63 -0
  137. package/.opencode/agents/qe-flaky-hunter.yaml +116 -0
  138. package/.opencode/agents/qe-fleet-commander.yaml +83 -0
  139. package/.opencode/agents/qe-gap-detector.yaml +81 -0
  140. package/.opencode/agents/qe-graphql-tester.yaml +84 -0
  141. package/.opencode/agents/qe-impact-analyzer.yaml +81 -0
  142. package/.opencode/agents/qe-integration-architect.yaml +46 -0
  143. package/.opencode/agents/qe-integration-tester.yaml +84 -0
  144. package/.opencode/agents/qe-kg-builder.yaml +75 -0
  145. package/.opencode/agents/qe-learning-coordinator.yaml +82 -0
  146. package/.opencode/agents/qe-load-tester.yaml +84 -0
  147. package/.opencode/agents/qe-message-broker-tester.yaml +94 -0
  148. package/.opencode/agents/qe-metrics-optimizer.yaml +81 -0
  149. package/.opencode/agents/qe-middleware-validator.yaml +92 -0
  150. package/.opencode/agents/qe-mutation-tester.yaml +84 -0
  151. package/.opencode/agents/qe-odata-contract-tester.yaml +98 -0
  152. package/.opencode/agents/qe-parallel-executor.yaml +79 -0
  153. package/.opencode/agents/qe-pattern-learner.yaml +80 -0
  154. package/.opencode/agents/qe-pentest-validator.yaml +137 -0
  155. package/.opencode/agents/qe-performance-tester.yaml +83 -0
  156. package/.opencode/agents/qe-product-factors-assessor.yaml +116 -0
  157. package/.opencode/agents/qe-property-tester.yaml +82 -0
  158. package/.opencode/agents/qe-quality-criteria-recommender.yaml +111 -0
  159. package/.opencode/agents/qe-quality-gate.yaml +80 -0
  160. package/.opencode/agents/qe-queen-coordinator.yaml +59 -0
  161. package/.opencode/agents/qe-qx-partner.yaml +75 -0
  162. package/.opencode/agents/qe-regression-analyzer.yaml +90 -0
  163. package/.opencode/agents/qe-requirements-validator.yaml +111 -0
  164. package/.opencode/agents/qe-responsive-tester.yaml +85 -0
  165. package/.opencode/agents/qe-retry-handler.yaml +82 -0
  166. package/.opencode/agents/qe-risk-assessor.yaml +81 -0
  167. package/.opencode/agents/qe-root-cause-analyzer.yaml +82 -0
  168. package/.opencode/agents/qe-sap-idoc-tester.yaml +104 -0
  169. package/.opencode/agents/qe-sap-rfc-tester.yaml +94 -0
  170. package/.opencode/agents/qe-security-auditor.yaml +90 -0
  171. package/.opencode/agents/qe-security-scanner.yaml +80 -0
  172. package/.opencode/agents/qe-soap-tester.yaml +93 -0
  173. package/.opencode/agents/qe-sod-analyzer.yaml +96 -0
  174. package/.opencode/agents/qe-tdd-specialist.yaml +84 -0
  175. package/.opencode/agents/qe-test-generator.yaml +78 -0
  176. package/.opencode/agents/qe-test-idea-rewriter.yaml +88 -0
  177. package/.opencode/agents/qe-transfer-specialist.yaml +81 -0
  178. package/.opencode/agents/qe-visual-tester.yaml +82 -0
  179. package/.opencode/agents/security-architect.yaml +51 -0
  180. package/.opencode/agents/security-auditor.yaml +50 -0
  181. package/.opencode/permissions.yaml +74 -0
  182. package/.opencode/skills/qcsd-cicd-swarm.yaml +45 -0
  183. package/.opencode/skills/qcsd-development-swarm.yaml +45 -0
  184. package/.opencode/skills/qcsd-ideation-swarm.yaml +45 -0
  185. package/.opencode/skills/qcsd-production-swarm.yaml +45 -0
  186. package/.opencode/skills/qcsd-refinement-swarm.yaml +45 -0
  187. package/.opencode/skills/qe-a11y-ally.yaml +45 -0
  188. package/.opencode/skills/qe-accessibility-testing.yaml +45 -0
  189. package/.opencode/skills/qe-agentic-jujutsu.yaml +45 -0
  190. package/.opencode/skills/qe-agentic-quality-engineering.yaml +45 -0
  191. package/.opencode/skills/qe-api-testing-patterns.yaml +45 -0
  192. package/.opencode/skills/qe-aqe-v2-v3-migration.yaml +45 -0
  193. package/.opencode/skills/qe-brutal-honesty-review.yaml +45 -0
  194. package/.opencode/skills/qe-bug-reporting-excellence.yaml +45 -0
  195. package/.opencode/skills/qe-chaos-engineering-resilience.yaml +30 -0
  196. package/.opencode/skills/qe-chaos-resilience.yaml +45 -0
  197. package/.opencode/skills/qe-cicd-pipeline-qe-orchestrator.yaml +45 -0
  198. package/.opencode/skills/qe-code-intelligence.yaml +45 -0
  199. package/.opencode/skills/qe-code-review-quality.yaml +45 -0
  200. package/.opencode/skills/qe-compatibility-testing.yaml +35 -0
  201. package/.opencode/skills/qe-compliance-testing.yaml +35 -0
  202. package/.opencode/skills/qe-consultancy-practices.yaml +45 -0
  203. package/.opencode/skills/qe-context-driven-testing.yaml +45 -0
  204. package/.opencode/skills/qe-coverage-analysis.yaml +45 -0
  205. package/.opencode/skills/qe-database-testing.yaml +40 -0
  206. package/.opencode/skills/qe-debug-loop.yaml +45 -0
  207. package/.opencode/skills/qe-defect-intelligence.yaml +45 -0
  208. package/.opencode/skills/qe-enterprise-integration-testing.yaml +45 -0
  209. package/.opencode/skills/qe-exploratory-testing-advanced.yaml +45 -0
  210. package/.opencode/skills/qe-github-code-review.yaml +45 -0
  211. package/.opencode/skills/qe-github-multi-repo.yaml +45 -0
  212. package/.opencode/skills/qe-github-project-management.yaml +45 -0
  213. package/.opencode/skills/qe-github-release-management.yaml +45 -0
  214. package/.opencode/skills/qe-github-workflow-automation.yaml +45 -0
  215. package/.opencode/skills/qe-holistic-testing-pact.yaml +45 -0
  216. package/.opencode/skills/qe-iterative-loop.yaml +45 -0
  217. package/.opencode/skills/qe-learning-optimization.yaml +45 -0
  218. package/.opencode/skills/qe-localization-testing.yaml +40 -0
  219. package/.opencode/skills/qe-middleware-testing-patterns.yaml +45 -0
  220. package/.opencode/skills/qe-mobile-testing.yaml +35 -0
  221. package/.opencode/skills/qe-mutation-testing.yaml +35 -0
  222. package/.opencode/skills/qe-n8n-expression-testing.yaml +45 -0
  223. package/.opencode/skills/qe-n8n-integration-testing-patterns.yaml +45 -0
  224. package/.opencode/skills/qe-n8n-security-testing.yaml +45 -0
  225. package/.opencode/skills/qe-n8n-trigger-testing-strategies.yaml +45 -0
  226. package/.opencode/skills/qe-n8n-workflow-testing-fundamentals.yaml +45 -0
  227. package/.opencode/skills/qe-observability-testing-patterns.yaml +45 -0
  228. package/.opencode/skills/qe-pair-programming.yaml +45 -0
  229. package/.opencode/skills/qe-pentest-validation.yaml +45 -0
  230. package/.opencode/skills/qe-performance-analysis.yaml +45 -0
  231. package/.opencode/skills/qe-performance-testing.yaml +45 -0
  232. package/.opencode/skills/qe-pr-review.yaml +45 -0
  233. package/.opencode/skills/qe-quality-assessment.yaml +45 -0
  234. package/.opencode/skills/qe-quality-metrics.yaml +45 -0
  235. package/.opencode/skills/qe-refactoring-patterns.yaml +40 -0
  236. package/.opencode/skills/qe-regression-testing.yaml +40 -0
  237. package/.opencode/skills/qe-release.yaml +45 -0
  238. package/.opencode/skills/qe-requirements-validation.yaml +45 -0
  239. package/.opencode/skills/qe-risk-based-testing.yaml +45 -0
  240. package/.opencode/skills/qe-security-testing.yaml +45 -0
  241. package/.opencode/skills/qe-security-visual-testing.yaml +45 -0
  242. package/.opencode/skills/qe-sfdipot-product-factors.yaml +45 -0
  243. package/.opencode/skills/qe-sherlock-review.yaml +45 -0
  244. package/.opencode/skills/qe-shift-left-testing.yaml +45 -0
  245. package/.opencode/skills/qe-shift-right-testing.yaml +45 -0
  246. package/.opencode/skills/qe-six-thinking-hats.yaml +45 -0
  247. package/.opencode/skills/qe-skill-builder.yaml +45 -0
  248. package/.opencode/skills/qe-sparc-methodology.yaml +45 -0
  249. package/.opencode/skills/qe-stream-chain.yaml +45 -0
  250. package/.opencode/skills/qe-tdd-london-chicago.yaml +45 -0
  251. package/.opencode/skills/qe-technical-writing.yaml +45 -0
  252. package/.opencode/skills/qe-test-automation-strategy.yaml +35 -0
  253. package/.opencode/skills/qe-test-data-management.yaml +45 -0
  254. package/.opencode/skills/qe-test-design-techniques.yaml +40 -0
  255. package/.opencode/skills/qe-test-environment-management.yaml +40 -0
  256. package/.opencode/skills/qe-test-execution.yaml +45 -0
  257. package/.opencode/skills/qe-test-generation.yaml +45 -0
  258. package/.opencode/skills/qe-test-idea-rewriting.yaml +45 -0
  259. package/.opencode/skills/qe-test-reporting-analytics.yaml +45 -0
  260. package/.opencode/skills/qe-testability-scoring.yaml +45 -0
  261. package/.opencode/skills/qe-verification-quality.yaml +45 -0
  262. package/.opencode/skills/qe-visual-accessibility.yaml +45 -0
  263. package/.opencode/skills/qe-visual-testing-advanced.yaml +40 -0
  264. package/.opencode/skills/qe-wms-testing-patterns.yaml +45 -0
  265. package/.opencode/skills/qe-xp-practices.yaml +45 -0
  266. package/.opencode/tools/qe-defect-scan.ts +79 -0
  267. package/.opencode/tools/qe-fleet-status.ts +59 -0
  268. package/.opencode/tools/qe-full-audit.ts +81 -0
  269. package/.opencode/tools/qe-learning-report.ts +74 -0
  270. package/.opencode/tools/qe-test-and-verify.ts +97 -0
  271. package/CHANGELOG.md +50 -0
  272. package/README.md +5 -1
  273. package/assets/agents/v3/qe-security-scanner.md +2 -2
  274. package/assets/helpers/statusline-v3.cjs +1 -1
  275. package/assets/helpers/validation-pipeline.cjs +625 -0
  276. package/assets/skills/README.md +173 -0
  277. package/assets/skills/TRUST-TIERS.md +174 -0
  278. package/assets/skills/a11y-ally/SKILL.md +10 -2
  279. package/assets/skills/accessibility-testing/SKILL.md +2 -1
  280. package/assets/skills/agentic-quality-engineering/SKILL.md +1 -2
  281. package/assets/skills/api-testing-patterns/SKILL.md +8 -0
  282. package/assets/skills/api-testing-patterns/config.json +14 -0
  283. package/assets/skills/api-testing-patterns/templates/api-test-scaffold.md +87 -0
  284. package/assets/skills/brutal-honesty-review/SKILL.md +0 -1
  285. package/assets/skills/bug-reporting-excellence/SKILL.md +14 -1
  286. package/assets/skills/cicd-pipeline-qe-orchestrator/SKILL.md +0 -1
  287. package/assets/skills/code-review-quality/SKILL.md +14 -1
  288. package/assets/skills/compatibility-testing/SKILL.md +1 -54
  289. package/assets/skills/compliance-testing/SKILL.md +8 -1
  290. package/assets/skills/compliance-testing/config.json +13 -0
  291. package/assets/skills/consultancy-practices/SKILL.md +1 -33
  292. package/assets/skills/context-driven-testing/SKILL.md +0 -42
  293. package/assets/skills/contract-testing/SKILL.md +12 -0
  294. package/assets/skills/contract-testing/config.json +13 -0
  295. package/assets/skills/contract-testing/references/agent-commands.md +103 -0
  296. package/assets/skills/contract-testing/references/provider-states.md +45 -0
  297. package/assets/skills/coverage-drop-investigator/SKILL.md +90 -0
  298. package/assets/skills/coverage-guard/SKILL.md +82 -0
  299. package/assets/skills/coverage-guard/scripts/check-coverage.sh +42 -0
  300. package/assets/skills/database-testing/SKILL.md +0 -10
  301. package/assets/skills/debug-loop/SKILL.md +1 -1
  302. package/assets/skills/e2e-flow-verifier/SKILL.md +78 -0
  303. package/assets/skills/enterprise-integration-testing/SKILL.md +1 -1
  304. package/assets/skills/exploratory-testing-advanced/SKILL.md +8 -1
  305. package/assets/skills/exploratory-testing-advanced/references/heuristic-cheatsheet.md +48 -0
  306. package/assets/skills/freeze-tests/SKILL.md +67 -0
  307. package/assets/skills/freeze-tests/scripts/block-test-edits.sh +27 -0
  308. package/assets/skills/holistic-testing-pact/SKILL.md +0 -1
  309. package/assets/skills/localization-testing/SKILL.md +0 -18
  310. package/assets/skills/mobile-testing/SKILL.md +2 -50
  311. package/assets/skills/mutation-testing/SKILL.md +26 -1
  312. package/assets/skills/mutation-testing/config.json +14 -0
  313. package/assets/skills/mutation-testing/references/mutation-operators.md +38 -0
  314. package/assets/skills/mutation-testing/run-history.json +6 -0
  315. package/assets/skills/n8n-expression-testing/SKILL.md +0 -1
  316. package/assets/skills/n8n-integration-testing-patterns/SKILL.md +0 -1
  317. package/assets/skills/n8n-security-testing/SKILL.md +0 -1
  318. package/assets/skills/n8n-trigger-testing-strategies/SKILL.md +0 -1
  319. package/assets/skills/n8n-workflow-testing-fundamentals/SKILL.md +0 -1
  320. package/assets/skills/no-skip/SKILL.md +74 -0
  321. package/assets/skills/no-skip/scripts/check-skips.sh +28 -0
  322. package/assets/skills/pair-programming/SKILL.md +1 -1
  323. package/assets/skills/pentest-validation/SKILL.md +2 -3
  324. package/assets/skills/performance-testing/SKILL.md +21 -0
  325. package/assets/skills/performance-testing/config.json +18 -0
  326. package/assets/skills/performance-testing/references/k6-patterns.md +72 -0
  327. package/assets/skills/performance-testing/run-history.json +6 -0
  328. package/assets/skills/pr-review/SKILL.md +3 -3
  329. package/assets/skills/qcsd-cicd-swarm/SKILL.md +1 -2
  330. package/assets/skills/qcsd-development-swarm/SKILL.md +1 -2
  331. package/assets/skills/qcsd-ideation-swarm/SKILL.md +1 -2
  332. package/assets/skills/qcsd-production-swarm/SKILL.md +1 -2
  333. package/assets/skills/qcsd-production-swarm/steps/01-flag-detection.md +1 -1
  334. package/assets/skills/qcsd-production-swarm/steps/07-learning-persistence.md +2 -2
  335. package/assets/skills/qcsd-refinement-swarm/SKILL.md +1 -2
  336. package/assets/skills/qcsd-refinement-swarm/steps/01-flag-detection.md +1 -1
  337. package/assets/skills/qe-chaos-resilience/SKILL.md +2 -3
  338. package/assets/skills/qe-code-intelligence/SKILL.md +9 -2
  339. package/assets/skills/qe-coverage-analysis/SKILL.md +28 -2
  340. package/assets/skills/qe-coverage-analysis/run-history.json +6 -0
  341. package/assets/skills/qe-defect-intelligence/SKILL.md +1 -2
  342. package/assets/skills/qe-iterative-loop/SKILL.md +0 -1
  343. package/assets/skills/qe-learning-optimization/SKILL.md +1 -2
  344. package/assets/skills/qe-quality-assessment/SKILL.md +29 -3
  345. package/assets/skills/qe-quality-assessment/run-history.json +6 -0
  346. package/assets/skills/qe-requirements-validation/SKILL.md +1 -2
  347. package/assets/skills/qe-test-execution/SKILL.md +9 -2
  348. package/assets/skills/qe-test-generation/SKILL.md +15 -2
  349. package/assets/skills/qe-test-generation/config.json +14 -0
  350. package/assets/skills/qe-test-generation/templates/test-scaffold-jest.md +72 -0
  351. package/assets/skills/qe-visual-accessibility/SKILL.md +1 -2
  352. package/assets/skills/quality-metrics/SKILL.md +3 -78
  353. package/assets/skills/refactoring-patterns/SKILL.md +0 -1
  354. package/assets/skills/regression-testing/SKILL.md +13 -49
  355. package/assets/skills/risk-based-testing/SKILL.md +6 -52
  356. package/assets/skills/security-testing/SKILL.md +30 -0
  357. package/assets/skills/security-testing/config.json +13 -0
  358. package/assets/skills/security-testing/references/compliance-agent-commands.md +131 -0
  359. package/assets/skills/security-testing/references/owasp-top-10.md +66 -0
  360. package/assets/skills/security-testing/run-history.json +6 -0
  361. package/assets/skills/security-testing/templates/security-report.md +44 -0
  362. package/assets/skills/security-visual-testing/SKILL.md +0 -1
  363. package/assets/skills/security-watch/SKILL.md +93 -0
  364. package/assets/skills/security-watch/scripts/scan-security.sh +46 -0
  365. package/assets/skills/sherlock-review/SKILL.md +0 -1
  366. package/assets/skills/shift-left-testing/SKILL.md +16 -88
  367. package/assets/skills/shift-right-testing/SKILL.md +0 -1
  368. package/assets/skills/six-thinking-hats/SKILL.md +0 -1
  369. package/assets/skills/skill-stats/SKILL.md +79 -0
  370. package/assets/skills/strict-tdd/SKILL.md +72 -0
  371. package/assets/skills/strict-tdd/scripts/enforce-red-phase.sh +36 -0
  372. package/assets/skills/tdd-london-chicago/SKILL.md +8 -1
  373. package/assets/skills/technical-writing/SKILL.md +0 -1
  374. package/assets/skills/test-automation-strategy/SKILL.md +13 -65
  375. package/assets/skills/test-data-management/SKILL.md +1 -105
  376. package/assets/skills/test-design-techniques/SKILL.md +2 -152
  377. package/assets/skills/test-environment-management/SKILL.md +0 -48
  378. package/assets/skills/test-failure-investigator/SKILL.md +99 -0
  379. package/assets/skills/test-metrics-dashboard/SKILL.md +97 -0
  380. package/assets/skills/test-reporting-analytics/SKILL.md +0 -1
  381. package/assets/skills/trust-tier-manifest.json +135 -61
  382. package/assets/skills/validation-pipeline/SKILL.md +5 -6
  383. package/assets/skills/verification-quality/SKILL.md +15 -1
  384. package/assets/skills/visual-testing-advanced/SKILL.md +0 -1
  385. package/assets/skills/xp-practices/SKILL.md +2 -110
  386. package/dist/adapters/claude-flow/detect.d.ts +5 -0
  387. package/dist/adapters/claude-flow/detect.js +38 -18
  388. package/dist/adapters/claude-flow/model-router-bridge.js +4 -3
  389. package/dist/adapters/claude-flow/pretrain-bridge.js +5 -4
  390. package/dist/adapters/claude-flow/trajectory-bridge.js +5 -4
  391. package/dist/cli/bundle.js +262 -79
  392. package/dist/cli/commands/claude-flow-setup.js +4 -4
  393. package/dist/domains/learning-optimization/coordinator.d.ts +6 -1
  394. package/dist/domains/learning-optimization/coordinator.js +26 -4
  395. package/dist/domains/learning-optimization/plugin.d.ts +2 -0
  396. package/dist/domains/learning-optimization/plugin.js +2 -0
  397. package/dist/governance/adversarial-defense-integration.js +1 -0
  398. package/dist/governance/continue-gate-integration.d.ts +1 -0
  399. package/dist/governance/continue-gate-integration.js +1 -0
  400. package/dist/governance/deterministic-gateway-integration.d.ts +1 -0
  401. package/dist/governance/deterministic-gateway-integration.js +1 -0
  402. package/dist/governance/evolution-pipeline-integration.d.ts +1 -0
  403. package/dist/governance/evolution-pipeline-integration.js +1 -0
  404. package/dist/governance/memory-write-gate-integration.d.ts +1 -0
  405. package/dist/governance/memory-write-gate-integration.js +1 -0
  406. package/dist/governance/proof-envelope-integration.d.ts +1 -0
  407. package/dist/governance/proof-envelope-integration.js +1 -0
  408. package/dist/governance/shard-retriever-integration.d.ts +1 -0
  409. package/dist/governance/shard-retriever-integration.js +1 -0
  410. package/dist/governance/trust-accumulator-integration.d.ts +1 -0
  411. package/dist/governance/trust-accumulator-integration.js +1 -0
  412. package/dist/init/agents-installer.js +28 -1
  413. package/dist/init/enhancements/claude-flow-adapter.js +15 -2
  414. package/dist/init/init-wizard-hooks.js +3 -3
  415. package/dist/init/kiro-installer.js +10 -4
  416. package/dist/init/opencode-installer.d.ts +13 -1
  417. package/dist/init/opencode-installer.js +52 -14
  418. package/dist/init/phases/07-hooks.js +21 -7
  419. package/dist/init/settings-merge.d.ts +1 -1
  420. package/dist/init/settings-merge.js +12 -13
  421. package/dist/init/skills-installer.d.ts +10 -0
  422. package/dist/init/skills-installer.js +68 -6
  423. package/dist/integrations/ruvector/sona-persistence.d.ts +6 -0
  424. package/dist/integrations/ruvector/sona-persistence.js +26 -1
  425. package/dist/mcp/bundle.js +98 -37
  426. package/dist/mcp/entry.js +6 -6
  427. package/dist/migration/agent-compat.js +2 -2
  428. package/package.json +9 -4
  429. package/.claude/skills/aqe-v2-v3-migration/schemas/output.json +0 -513
  430. package/.claude/skills/aqe-v2-v3-migration/skill.md +0 -326
  431. package/.claude/skills/qe-contract-testing/SKILL.md +0 -224
  432. package/.claude/skills/qe-contract-testing/evals/qe-contract-testing.yaml +0 -513
  433. package/.claude/skills/qe-contract-testing/schemas/output.json +0 -295
  434. package/.claude/skills/qe-contract-testing/scripts/validate-config.json +0 -42
  435. package/.claude/skills/qe-security-compliance/SKILL.md +0 -261
  436. package/.claude/skills/qe-security-compliance/evals/qe-security-compliance.yaml +0 -595
  437. package/.claude/skills/qe-security-compliance/schemas/output.json +0 -498
  438. package/.claude/skills/qe-security-compliance/scripts/validate-config.json +0 -41
  439. package/assets/skills/aqe-v2-v3-migration/schemas/output.json +0 -513
  440. package/assets/skills/aqe-v2-v3-migration/skill.md +0 -326
  441. package/assets/skills/qe-contract-testing/SKILL.md +0 -224
  442. package/assets/skills/qe-contract-testing/evals/qe-contract-testing.yaml +0 -513
  443. package/assets/skills/qe-contract-testing/schemas/output.json +0 -295
  444. package/assets/skills/qe-contract-testing/scripts/validate-config.json +0 -42
  445. package/assets/skills/qe-security-compliance/SKILL.md +0 -261
  446. package/assets/skills/qe-security-compliance/evals/qe-security-compliance.yaml +0 -595
  447. package/assets/skills/qe-security-compliance/schemas/output.json +0 -498
  448. package/assets/skills/qe-security-compliance/scripts/validate-config.json +0 -41
package/assets/skills/qe-security-compliance/evals/qe-security-compliance.yaml DELETED
@@ -1,595 +0,0 @@
1
- # =============================================================================
2
- # AQE Skill Evaluation Test Suite: QE Security Compliance v1.0.0
3
- # =============================================================================
4
- #
5
- # Comprehensive evaluation suite for the qe-security-compliance skill.
6
- # Tests SAST scanning, dependency vulnerability checking, compliance auditing,
7
- # secret detection, and OWASP Top 10 validation.
8
- #
9
- # Schema: .claude/skills/.validation/schemas/skill-eval.schema.json
10
- # Validator: .claude/skills/qe-security-compliance/scripts/validate-config.json
11
- #
12
- # Coverage:
13
- # - SAST scanning for code vulnerabilities
14
- # - Dependency vulnerability analysis
15
- # - OWASP Top 10 coverage
16
- # - Compliance auditing (SOC2, GDPR, HIPAA, PCI-DSS)
17
- # - Secret detection and prevention
18
- #
19
- # =============================================================================
20
-
21
- skill: qe-security-compliance
22
- version: 1.0.0
23
- description: >
24
- Comprehensive evaluation suite for the qe-security-compliance skill.
25
- Tests SAST and DAST scanning, dependency vulnerability checking, OWASP
26
- Top 10 validation, compliance auditing for multiple standards, and secret
27
- detection across codebase and configuration.
28
-
29
- # =============================================================================
30
- # Multi-Model Configuration
31
- # =============================================================================
32
-
33
- models_to_test:
34
- - claude-3.5-sonnet
35
- - claude-3-haiku
36
-
37
- # =============================================================================
38
- # MCP Integration Configuration
39
- # =============================================================================
40
-
41
- mcp_integration:
42
- enabled: true
43
- namespace: skill-validation
44
-
45
- query_patterns: true
46
- track_outcomes: true
47
- store_patterns: true
48
- share_learning: true
49
- update_quality_gate: true
50
-
51
- target_agents:
52
- - qe-learning-coordinator
53
- - qe-queen-coordinator
54
- - qe-security-auditor
55
- - qe-security-scanner
56
-
57
- # =============================================================================
58
- # ReasoningBank Learning Configuration
59
- # =============================================================================
60
-
61
- learning:
62
- store_success_patterns: true
63
- store_failure_patterns: true
64
- pattern_ttl_days: 90
65
- min_confidence_to_store: 0.7
66
- cross_model_comparison: true
67
-
68
- # =============================================================================
69
- # Result Format Configuration
70
- # =============================================================================
71
-
72
- result_format:
73
- json_output: true
74
- markdown_report: true
75
- include_raw_output: false
76
- include_timing: true
77
- include_token_usage: true
78
-
79
- # =============================================================================
80
- # Environment Setup
81
- # =============================================================================
82
-
83
- setup:
84
- required_tools:
85
- - jq
86
- environment_variables:
87
- SECURITY_SCAN_LEVEL: "comprehensive"
88
- OWASP_ENABLED: "true"
89
- SECRET_DETECTION: "enabled"
90
- fixtures: []
91
-
92
- # =============================================================================
93
- # TEST CASES
94
- # =============================================================================
95
-
96
- test_cases:
97
- # ---------------------------------------------------------------------------
98
- # CATEGORY: SAST Scanning
99
- # ---------------------------------------------------------------------------
100
-
101
- - id: tc001_sast_sql_injection_detection
102
- description: "Detect SQL injection vulnerabilities in code"
103
- category: sast
104
- priority: critical
105
-
106
- input:
107
- prompt: |
108
- Scan this code for SQL injection vulnerabilities:
109
-
110
- ```javascript
111
- app.get('/user/:id', (req, res) => {
112
- const userId = req.params.id;
113
- const query = `SELECT * FROM users WHERE id = ${userId}`;
114
- db.query(query, (err, results) => {
115
- res.json(results);
116
- });
117
- });
118
- ```
119
-
120
- VULNERABILITY:
121
- - Type: SQL Injection
122
- - Severity: CRITICAL
123
- - CWE: CWE-89
124
- - OWASP: A03:2021
125
- - Fix: Use parameterized query
126
-
127
- What are all the issues?
128
- context:
129
- scan_type: "sql_injection"
130
- include_remediation: true
131
-
132
- expected_output:
133
- must_contain:
134
- - "SQL injection"
135
- - "parameterized"
136
- - "CWE-89"
137
- - "critical"
138
- must_not_contain:
139
- - "secure"
140
- - "no vulnerability"
141
- severity_classification: critical
142
- finding_count:
143
- min: 1
144
-
145
- validation:
146
- schema_check: true
147
- keyword_match_threshold: 0.8
148
- reasoning_quality_min: 0.75
149
-
150
- - id: tc002_sast_xss_detection
151
- description: "Detect cross-site scripting (XSS) vulnerabilities"
152
- category: sast
153
- priority: critical
154
-
155
- input:
156
- prompt: |
157
- Scan for XSS vulnerabilities:
158
-
159
- ```javascript
160
- app.get('/profile', (req, res) => {
161
- const name = req.query.name;
162
- res.send(`<h1>Welcome, ${name}!</h1>`);
163
- });
164
- ```
165
-
166
- VULNERABILITY:
167
- - Type: Reflected XSS
168
- - Severity: HIGH
169
- - CWE: CWE-79
170
- - Attack: name=<script>alert('xss')</script>
171
- - Fix: Escape output or use textContent
172
-
173
- Identify all issues and fixes.
174
- context:
175
- scan_type: "xss"
176
- include_examples: true
177
-
178
- expected_output:
179
- must_contain:
180
- - "XSS"
181
- - "escape"
182
- - "sanitize"
183
- - "CWE-79"
184
- severity_classification: critical
185
-
186
- validation:
187
- schema_check: true
188
- keyword_match_threshold: 0.8
189
-
190
- - id: tc003_sast_hardcoded_secrets
191
- description: "Detect hardcoded credentials and secrets"
192
- category: sast
193
- priority: critical
194
-
195
- input:
196
- prompt: |
197
- Scan for hardcoded secrets:
198
-
199
- ```javascript
200
- const API_KEY = 'sk-12345678901234567890';
201
- const DB_PASSWORD = 'admin123';
202
- const JWT_SECRET = 'my-secret-key-do-not-share';
203
-
204
- const credentials = {
205
- username: 'admin',
206
- password: 'P@ssw0rd123'
207
- };
208
- ```
209
-
210
- FINDINGS:
211
- 1. API_KEY: Hardcoded - CRITICAL
212
- 2. DB_PASSWORD: Hardcoded - CRITICAL
213
- 3. JWT_SECRET: Hardcoded - CRITICAL
214
- 4. Credentials object: Hardcoded password - CRITICAL
215
-
216
- Fix: Move to environment variables, use vault
217
- context:
218
- scan_type: "secrets"
219
- secret_patterns: "all"
220
-
221
- expected_output:
222
- must_contain:
223
- - "secret"
224
- - "hardcoded"
225
- - "environment"
226
- - "credentials"
227
- must_not_contain:
228
- - "ok"
229
- - "no secrets"
230
- severity_classification: critical
231
-
232
- validation:
233
- schema_check: true
234
- keyword_match_threshold: 0.8
235
- reasoning_quality_min: 0.75
236
-
237
- # ---------------------------------------------------------------------------
238
- # CATEGORY: Dependency Scanning
239
- # ---------------------------------------------------------------------------
240
-
241
- - id: tc004_dependency_vulnerability_check
242
- description: "Detect known vulnerabilities in dependencies"
243
- category: dependencies
244
- priority: critical
245
-
246
- input:
247
- prompt: |
248
- Scan dependencies for vulnerabilities:
249
-
250
- package.json:
251
- - lodash@4.17.15 (outdated)
252
- - express@4.16.0 (vulnerable)
253
- - moment@2.24.0 (has CVEs)
254
- - axios@0.18.1 (vulnerable)
255
-
256
- VULNERABLE PACKAGES:
257
- 1. express@4.16.0: CVE-2018-16487 (HIGH)
258
- 2. axios@0.18.1: CVE-2020-28168 (HIGH)
259
- 3. lodash@4.17.15: CVE-2021-23337 (MEDIUM)
260
- 4. moment@2.24.0: Regular Expression DoS (MEDIUM)
261
-
262
- Action: Update to latest versions
263
- context:
264
- scan_scope: "package.json"
265
- include_cves: true
266
-
267
- expected_output:
268
- must_contain:
269
- - "vulnerable"
270
- - "CVE"
271
- - "dependency"
272
- - "update"
273
- must_not_contain:
274
- - "no vulnerabilities"
275
- - "all ok"
276
- severity_classification: critical
277
-
278
- validation:
279
- schema_check: true
280
- keyword_match_threshold: 0.8
281
-
282
- - id: tc005_outdated_package_detection
283
- description: "Identify outdated packages needing updates"
284
- category: dependencies
285
- priority: high
286
-
287
- input:
288
- prompt: |
289
- Analyze package freshness:
290
- - lodash@4.17.15 (current: 4.17.21) - 6 minor versions behind
291
- - express@4.16.0 (current: 4.18.2) - 2 major versions behind
292
- - jest@24.0.0 (current: 29.0.0) - 5 major versions behind
293
-
294
- RECOMMENDATIONS:
295
- 1. CRITICAL: Update express (major version)
296
- 2. HIGH: Update jest (major version, breaking changes)
297
- 3. MEDIUM: Update lodash (minor version, backward compatible)
298
-
299
- How would you prioritize updates?
300
- context:
301
- package_analysis: true
302
- prioritization: true
303
-
304
- expected_output:
305
- must_contain:
306
- - "outdated"
307
- - "update"
308
- - "version"
309
- - "prioritize"
310
- finding_count:
311
- min: 1
312
-
313
- validation:
314
- schema_check: true
315
- keyword_match_threshold: 0.75
316
-
317
- # ---------------------------------------------------------------------------
318
- # CATEGORY: OWASP Top 10
319
- # ---------------------------------------------------------------------------
320
-
321
- - id: tc006_owasp_comprehensive_check
322
- description: "Check code against full OWASP Top 10 2021"
323
- category: owasp
324
- priority: critical
325
-
326
- input:
327
- prompt: |
328
- Scan code for OWASP Top 10 2021 compliance:
329
-
330
- A01: Broken Access Control
331
- - Check: Authorization on endpoints
332
- - Status: FOUND - no authorization check on /admin
333
-
334
- A02: Cryptographic Failures
335
- - Check: Weak encryption, plaintext passwords
336
- - Status: FOUND - passwords stored plaintext
337
-
338
- A03: Injection (SQL, NoSQL, Command, XSS, LDAP)
339
- - Check: SQL injection, XSS
340
- - Status: FOUND - SQL injection vulnerability
341
-
342
- A07: Authentication Failures
343
- - Check: Weak passwords, session management
344
- - Status: OK - using bcrypt and secure sessions
345
-
346
- A06: Vulnerable Components
347
- - Check: Known CVEs in dependencies
348
- - Status: FOUND - 3 vulnerable packages
349
-
350
- Other categories: OK
351
-
352
- SUMMARY: 3 critical issues, 2 must fix immediately
353
- context:
354
- standard: "owasp-2021"
355
- categories: "all"
356
- include_status: true
357
-
358
- expected_output:
359
- must_contain:
360
- - "OWASP"
361
- - "A01"
362
- - "A03"
363
- - "critical"
364
- - "vulnerability"
365
- must_not_contain:
366
- - "no issues"
367
- - "compliant"
368
- severity_classification: critical
369
-
370
- validation:
371
- schema_check: true
372
- keyword_match_threshold: 0.8
373
- reasoning_quality_min: 0.75
374
-
375
- # ---------------------------------------------------------------------------
376
- # CATEGORY: Compliance Auditing
377
- # ---------------------------------------------------------------------------
378
-
379
- - id: tc007_soc2_compliance_audit
380
- description: "Audit code for SOC2 compliance"
381
- category: compliance
382
- priority: critical
383
-
384
- input:
385
- prompt: |
386
- Audit SOC2 compliance requirements:
387
-
388
- SECURITY:
389
- - Access control: PARTIAL (missing admin endpoint protection)
390
- - Encryption: OK (TLS in transit, AES at rest)
391
- - Secret management: FAIL (hardcoded secrets)
392
- - Monitoring: OK (logs captured)
393
-
394
- AVAILABILITY:
395
- - Error handling: OK
396
- - Backup: OK
397
- - Disaster recovery: PARTIAL (needs testing)
398
-
399
- PROCESSING INTEGRITY:
400
- - Input validation: FAIL (SQL injection found)
401
- - Error handling: OK
402
- - Audit logging: PARTIAL (some endpoints missing)
403
-
404
- CONFIDENTIALITY:
405
- - PII protection: FAIL (no encryption for user data)
406
- - Access controls: PARTIAL
407
-
408
- PRIVACY:
409
- - Data retention: PARTIAL (no policy)
410
- - User consent: OK
411
-
412
- COMPLIANCE: 45% - FAIL (multiple critical gaps)
413
- context:
414
- standard: "SOC2"
415
- categories: "all"
416
- remediation: true
417
-
418
- expected_output:
419
- must_contain:
420
- - "SOC2"
421
- - "compliance"
422
- - "fail"
423
- - "gap"
424
- - "remediation"
425
- must_not_contain:
426
- - "compliant"
427
- - "pass"
428
- severity_classification: critical
429
-
430
- validation:
431
- schema_check: true
432
- keyword_match_threshold: 0.8
433
-
434
- - id: tc008_gdpr_compliance_check
435
- description: "Verify GDPR compliance for user data handling"
436
- category: compliance
437
- priority: critical
438
-
439
- input:
440
- prompt: |
441
- Check GDPR compliance:
442
-
443
- REQUIREMENTS:
444
- 1. User consent documented: FAIL (no consent mechanism)
445
- 2. Privacy policy: OK (published)
446
- 3. Data retention policy: FAIL (no policy defined)
447
- 4. Right to deletion: PARTIAL (can delete but full audit trail)
448
- 5. Data portability: FAIL (no export functionality)
449
- 6. Breach notification: PARTIAL (process exists, 30-day compliance ok)
450
- 7. DPA in place: OK (processor agreements signed)
451
- 8. Privacy by design: FAIL (not implemented)
452
-
453
- COMPLIANCE: 38% - FAIL
454
-
455
- What are the top 3 fixes?
456
- context:
457
- standard: "GDPR"
458
- user_data_handling: true
459
-
460
- expected_output:
461
- must_contain:
462
- - "GDPR"
463
- - "compliance"
464
- - "consent"
465
- - "deletion"
466
- - "fail"
467
- severity_classification: critical
468
-
469
- validation:
470
- schema_check: true
471
- keyword_match_threshold: 0.8
472
-
473
- # ---------------------------------------------------------------------------
474
- # CATEGORY: Security Gate
475
- # ---------------------------------------------------------------------------
476
-
477
- - id: tc009_security_gate_enforcement
478
- description: "Enforce security gates in CI/CD pipeline"
479
- category: gates
480
- priority: critical
481
-
482
- input:
483
- prompt: |
484
- Define security gates for merge:
485
- 1. Critical vulnerabilities: 0 required
486
- 2. High vulnerabilities: <= 2
487
- 3. Known CVEs in dependencies: 0
488
- 4. Hardcoded secrets: 0
489
- 5. OWASP blocking issues: 0
490
-
491
- SCAN RESULTS:
492
- - Critical: 0 ✓
493
- - High: 1 (express vulnerability) ✗ BLOCK
494
- - CVEs: 3 ✗ BLOCK
495
- - Secrets: 1 hardcoded API key ✗ BLOCK
496
- - OWASP: 2 issues ✗ BLOCK
497
-
498
- VERDICT: BLOCK MERGE - fail security gates
499
-
500
- How would you help fix violations?
501
- context:
502
- blocking: true
503
- remediation_guidance: true
504
-
505
- expected_output:
506
- must_contain:
507
- - "security"
508
- - "gate"
509
- - "block"
510
- - "merge"
511
- must_not_contain:
512
- - "approve"
513
- - "pass"
514
- severity_classification: critical
515
-
516
- validation:
517
- schema_check: true
518
- keyword_match_threshold: 0.8
519
-
520
- # ---------------------------------------------------------------------------
521
- # CATEGORY: Negative Tests
522
- # ---------------------------------------------------------------------------
523
-
524
- - id: tc010_security_remediation_guidance
525
- description: "Provide actionable remediation for security findings"
526
- category: negative
527
- priority: high
528
-
529
- input:
530
- prompt: |
531
- For each security issue, provide remediation:
532
-
533
- ISSUE 1: SQL Injection in getUserById()
534
- REMEDIATION:
535
- ```javascript
536
- // BEFORE (vulnerable)
537
- const query = `SELECT * FROM users WHERE id = ${userId}`;
538
-
539
- // AFTER (safe)
540
- const query = 'SELECT * FROM users WHERE id = ?';
541
- db.query(query, [userId], callback);
542
- ```
543
-
544
- ISSUE 2: Hardcoded API Key
545
- REMEDIATION:
546
- // BEFORE
547
- const API_KEY = 'sk-123456789';
548
-
549
- // AFTER
550
- const API_KEY = process.env.STRIPE_API_KEY;
551
- // Set in .env or secrets manager
552
-
553
- Generate clear fix for each issue found.
554
- context:
555
- issue_remediation: true
556
- code_examples: true
557
-
558
- expected_output:
559
- must_contain:
560
- - "remediation"
561
- - "before"
562
- - "after"
563
- - "fix"
564
- finding_count:
565
- min: 1
566
-
567
- validation:
568
- schema_check: true
569
- allow_partial: true
570
-
571
- # =============================================================================
572
- # SUCCESS CRITERIA
573
- # =============================================================================
574
-
575
- success_criteria:
576
- pass_rate: 0.8
577
- critical_pass_rate: 1.0
578
- avg_reasoning_quality: 0.75
579
- max_execution_time_ms: 300000
580
- cross_model_variance: 0.15
581
-
582
- # =============================================================================
583
- # METADATA
584
- # =============================================================================
585
-
586
- metadata:
587
- author: "qe-security-auditor"
588
- created: "2026-02-02"
589
- last_updated: "2026-02-02"
590
- coverage_target: >
591
- SAST scanning for SQL injection, XSS, hardcoded secrets, path traversal,
592
- insecure crypto, dependency vulnerability analysis with CVE detection,
593
- OWASP Top 10 2021 comprehensive checking, compliance auditing for SOC2/GDPR,
594
- security gate enforcement with blocking criteria, and detailed remediation
595
- guidance with code examples for all identified vulnerabilities.