agentic-team-templates 0.8.3 → 0.9.1

package/templates/qa-engineering/.cursorrules/quality-gates.md

@@ -0,0 +1,372 @@
+# Quality Gates
+
+Standards for release readiness and quality control.
+
+## Gate Definitions
+
+### Development Gate (Code Complete)
+
+Before code is considered ready for QA:
+
+```markdown
+## Development Gate Checklist
+
+### Code Quality
+- [ ] Code compiles without errors
+- [ ] Code review approved
+- [ ] No critical static analysis issues
+- [ ] Self-tested by developer
+
+### Unit Testing
+- [ ] Unit tests written for new code
+- [ ] Unit tests passing (100%)
+- [ ] Code coverage meets threshold (80%+)
+- [ ] No regressions in existing tests
+
+### Documentation
+- [ ] Code comments where needed
+- [ ] API documentation updated
+- [ ] README updated if applicable
+
+### Integration
+- [ ] Feature branch merged to develop
+- [ ] No merge conflicts
+- [ ] Build pipeline passing
+```
+
+### QA Gate (Test Complete)
+
+Before code is promoted to staging:
+
+```markdown
+## QA Gate Checklist
+
+### Test Execution
+- [ ] All planned test cases executed
+- [ ] Pass rate > 95%
+- [ ] All P0/P1 tests passing
+- [ ] Regression suite passing
+
+### Defect Status
+- [ ] No open P0 defects
+- [ ] No open P1 defects (or approved exceptions)
+- [ ] P2 defects < threshold (5)
+- [ ] All defects triaged
+
+### Automation
+- [ ] New features have automated tests
+- [ ] Automated regression passing
+- [ ] No new flaky tests introduced
+
+### Sign-off
+- [ ] QA lead approval
+- [ ] Test summary report generated
+```
+
+### Staging Gate (Pre-Production)
+
+Before code is promoted to production:
+
+```markdown
+## Staging Gate Checklist
+
+### Functional Verification
+- [ ] Smoke tests passing in staging
+- [ ] Integration tests passing
+- [ ] E2E critical paths verified
+- [ ] Cross-browser testing complete
+
+### Non-Functional Testing
+- [ ] Performance benchmarks met
+- [ ] Security scan clean
+- [ ] Accessibility audit passed
+- [ ] Load testing completed (if applicable)
+
+### Operational Readiness
+- [ ] Monitoring dashboards configured
+- [ ] Alerting rules in place
+- [ ] Runbook updated
+- [ ] Rollback procedure tested
+
+### Stakeholder Approval
+- [ ] Product owner sign-off
+- [ ] QA lead sign-off
+- [ ] Engineering lead sign-off
+- [ ] Operations sign-off (if applicable)
+```
+
+### Production Gate (Go-Live)
+
+Final checks before release:
+
+```markdown
+## Production Gate Checklist
+
+### Pre-Deployment
+- [ ] All lower environment gates passed
+- [ ] Release notes prepared
+- [ ] Customer communication ready
+- [ ] Support team briefed
+
+### Deployment Verification
+- [ ] Deployment successful
+- [ ] Smoke tests passing in production
+- [ ] No error spikes in monitoring
+- [ ] Feature flags configured correctly
+
+### Post-Deployment
+- [ ] Monitor for 30 minutes
+- [ ] Verify key metrics stable
+- [ ] Confirm no customer complaints
+- [ ] Update deployment log
+```
+
+## Threshold Definitions
+
+### Test Pass Rate Thresholds
+
+| Gate | Smoke | Regression | New Features |
+|------|-------|------------|--------------|
+| QA Complete | 100% | 95% | 90% |
+| Staging | 100% | 98% | 95% |
+| Production | 100% | 100% | 100% |
+
+### Defect Thresholds
+
+| Severity | QA Gate | Staging Gate | Production Gate |
+|----------|---------|--------------|-----------------|
+| P0 | 0 open | 0 open | 0 open |
+| P1 | 0 open | 0 open | 0 open |
+| P2 | < 10 open | < 5 open | < 3 open |
+| P3 | No limit | < 20 open | < 10 open |
+
+### Coverage Thresholds
+
+| Metric | Minimum | Target | Stretch |
+|--------|---------|--------|---------|
+| Code Coverage | 70% | 80% | 90% |
+| Branch Coverage | 60% | 70% | 80% |
+| Requirement Coverage | 90% | 100% | 100% |
+
+## Performance Gates
+
+### Response Time Thresholds
+
+| Endpoint Type | Warning | Critical | Block Release |
+|---------------|---------|----------|---------------|
+| API (p50) | > 100ms | > 200ms | > 500ms |
+| API (p95) | > 300ms | > 500ms | > 1000ms |
+| Page Load (p50) | > 1s | > 2s | > 3s |
+| Page Load (p95) | > 2s | > 3s | > 5s |
+
+### Reliability Thresholds
+
+| Metric | Warning | Critical | Block Release |
+|--------|---------|----------|---------------|
+| Error Rate | > 0.1% | > 0.5% | > 1% |
+| Availability | < 99.9% | < 99.5% | < 99% |
+| Timeout Rate | > 0.5% | > 1% | > 2% |
+
+### Load Test Thresholds
+
+| Metric | Baseline | +20% Load | +50% Load |
+|--------|----------|-----------|-----------|
+| Response Time | < 200ms | < 300ms | < 500ms |
+| Error Rate | < 0.1% | < 0.5% | < 1% |
+| Throughput | 1000 rps | 1200 rps | 1500 rps |
+
+## Security Gates
+
+### Vulnerability Thresholds
+
+| Severity | Development | Staging | Production |
+|----------|-------------|---------|------------|
+| Critical | Block merge | Block deploy | Block release |
+| High | Block merge | Block deploy | Block release |
+| Medium | Warning | Block deploy | Review required |
+| Low | Warning | Warning | Warning |
+
+### Security Scan Requirements
+
+```markdown
+## Security Gate Requirements
+
+### Static Analysis (SAST)
+- [ ] No critical/high vulnerabilities
+- [ ] No hardcoded secrets
+- [ ] No SQL injection patterns
+- [ ] No XSS vulnerabilities
+
+### Dependency Scanning
+- [ ] No critical vulnerabilities in dependencies
+- [ ] No known malicious packages
+- [ ] Dependencies up to date (< 2 major versions behind)
+
+### Dynamic Analysis (DAST)
+- [ ] No critical findings
+- [ ] No authentication bypasses
+- [ ] No injection vulnerabilities
+- [ ] HTTPS enforced
+
+### Container Scanning (if applicable)
+- [ ] Base image from approved list
+- [ ] No critical vulnerabilities in image
+- [ ] Non-root user configured
+- [ ] Minimal attack surface
+```
+
+## Exception Process
+
+### Requesting an Exception
+
+```markdown
+## Quality Gate Exception Request
+
+**Requestor**: [Name]
+**Date**: [Date]
+**Gate**: [Which gate]
+**Release**: [Version]
+
+### Exception Details
+**Criterion not met**: [Specific criterion]
+**Current state**: [What it is]
+**Required state**: [What it should be]
+
+### Business Justification
+[Why this release cannot wait for the criterion to be met]
+
+### Risk Assessment
+**Impact if released**: [What could go wrong]
+**Likelihood**: [High/Medium/Low]
+**Mitigation**: [How we'll handle issues]
+
+### Remediation Plan
+**Fix timeline**: [When will it be fixed]
+**Owner**: [Who is responsible]
+**Verification**: [How we'll verify the fix]
+
+### Approval
+| Approver | Role | Date | Decision |
+|----------|------|------|----------|
+| [Name] | QA Lead | | |
+| [Name] | Dev Lead | | |
+| [Name] | Product Owner | | |
+```
+
+### Exception Criteria
+
+Exceptions may be considered when:
+
+- Fix would delay critical business deadline
+- Risk is low and well-understood
+- Mitigation plan is in place
+- Remediation is scheduled
+- Stakeholders accept the risk
+
+Exceptions are NOT appropriate when:
+
+- Security vulnerability exists
+- Data integrity at risk
+- User safety concerns
+- Compliance requirements
+- No remediation plan
+
+## Gate Automation
+
+### CI/CD Gate Implementation
+
+```yaml
+# Example: GitHub Actions quality gates
+name: Quality Gates
+
+on:
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  development-gate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Run unit tests
+        run: npm run test:unit -- --coverage
+        
+      - name: Check coverage threshold
+        run: |
+          COVERAGE=$(cat coverage/coverage-summary.json | jq '.total.lines.pct')
+          if (( $(echo "$COVERAGE < 80" | bc -l) )); then
+            echo "Coverage $COVERAGE% is below 80% threshold"
+            exit 1
+          fi
+          
+      - name: Run static analysis
+        run: npm run lint
+        
+      - name: Security scan
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+  qa-gate:
+    needs: development-gate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run integration tests
+        run: npm run test:integration
+        
+      - name: Run E2E tests
+        run: npm run test:e2e
+        
+      - name: Check test results
+        run: |
+          PASS_RATE=$(cat test-results.json | jq '.passRate')
+          if (( $(echo "$PASS_RATE < 95" | bc -l) )); then
+            echo "Pass rate $PASS_RATE% is below 95% threshold"
+            exit 1
+          fi
+
+  staging-gate:
+    needs: qa-gate
+    runs-on: ubuntu-latest
+    environment: staging
+    steps:
+      - name: Deploy to staging
+        run: ./deploy.sh staging
+        
+      - name: Run smoke tests
+        run: npm run test:smoke -- --env=staging
+        
+      - name: Run performance tests
+        run: npm run test:performance -- --env=staging
+        
+      - name: Check performance thresholds
+        run: ./check-performance-thresholds.sh
+```
+
+### Quality Dashboard
+
+```markdown
+## Quality Gate Dashboard
+
+### Current Release: v2.5.0
+
+| Gate | Status | Details |
+|------|--------|---------|
+| Development | ✅ Passed | All criteria met |
+| QA | ✅ Passed | 97.2% pass rate |
+| Staging | 🔄 In Progress | Performance testing |
+| Production | ⏳ Pending | Awaiting staging |
+
+### Blocking Issues
+None
+
+### Warnings
+- P2 defect count at threshold (5)
+- One flaky test identified (being fixed)
+
+### Next Actions
+1. Complete performance testing (ETA: 2 hours)
+2. Fix flaky test before staging gate
+3. Schedule production deployment window
+```

package/templates/qa-engineering/.cursorrules/test-design.md

@@ -0,0 +1,301 @@
+# Test Design
+
+Best practices for designing effective test cases.
+
+## Test Case Structure
+
+### Standard Template
+
+```markdown
+## Test Case: [TC-XXX]
+
+**Title**: [Clear, action-oriented description]
+
+**Priority**: P0 | P1 | P2 | P3
+
+**Type**: Smoke | Regression | Functional | Integration | E2E
+
+**Requirement**: [Linked user story or requirement ID]
+
+### Preconditions
+- [Required system state]
+- [Required test data]
+- [Required user permissions]
+
+### Test Steps
+| Step | Action | Expected Result |
+|------|--------|-----------------|
+| 1 | [Specific action] | [Observable outcome] |
+| 2 | [Specific action] | [Observable outcome] |
+| 3 | [Specific action] | [Observable outcome] |
+
+### Postconditions
+- [Expected system state after test]
+- [Cleanup actions if needed]
+
+### Test Data
+| Input | Value | Notes |
+|-------|-------|-------|
+| [Field] | [Value] | [Any special notes] |
+
+### Notes
+- [Any additional context]
+- [Known issues or workarounds]
+```
+
+### Good vs. Bad Test Cases
+
+**Good Test Case:**
+```markdown
+## TC-001: User successfully logs in with valid credentials
+
+**Priority**: P0
+**Type**: Smoke
+
+### Preconditions
+- User account exists with email: test@example.com
+- Account is active and not locked
+
+### Test Steps
+| Step | Action | Expected Result |
+|------|--------|-----------------|
+| 1 | Navigate to /login | Login form displayed |
+| 2 | Enter email: test@example.com | Email field populated |
+| 3 | Enter password: ValidPass123! | Password field shows masked input |
+| 4 | Click "Sign In" button | Loading indicator appears |
+| 5 | Wait for response | Redirected to /dashboard |
+
+### Postconditions
+- User session created
+- Last login timestamp updated
+```
+
+**Bad Test Case:**
+```markdown
+## TC-001: Login test
+
+### Steps
+1. Login
+2. Check if it works
+```
+(Vague, no preconditions, no expected results)
+
+## Test Design Techniques
+
+### Equivalence Partitioning
+
+Divide inputs into groups that should behave identically:
+
+```markdown
+## Input: Email Address
+
+### Valid Partitions
+- Standard email: user@domain.com
+- With subdomain: user@mail.domain.com
+- With plus: user+tag@domain.com
+
+### Invalid Partitions
+- Missing @: userdomain.com
+- Missing domain: user@
+- Missing local part: @domain.com
+- Empty string: ""
+- Invalid characters: user@domain..com
+
+### Test Cases
+| ID | Input | Expected | Partition |
+|----|-------|----------|-----------|
+| EP-01 | user@example.com | Valid | Standard |
+| EP-02 | user@mail.example.com | Valid | Subdomain |
+| EP-03 | user+test@example.com | Valid | Plus addressing |
+| EP-04 | userexample.com | Invalid | Missing @ |
+| EP-05 | "" | Invalid | Empty |
+```
+
+### Boundary Value Analysis
+
+Test at the edges of valid ranges:
+
+```markdown
+## Input: Age (Valid Range: 18-120)
+
+### Boundary Values
+| Value | Type | Expected |
+|-------|------|----------|
+| 17 | Below minimum | Invalid |
+| 18 | Minimum | Valid |
+| 19 | Just above minimum | Valid |
+| 119 | Just below maximum | Valid |
+| 120 | Maximum | Valid |
+| 121 | Above maximum | Invalid |
+| 0 | Zero | Invalid |
+| -1 | Negative | Invalid |
+```
+
+### State Transition Testing
+
+For features with distinct states:
+
+```markdown
+## Order State Machine
+
+### States
+- Created
+- Submitted
+- Approved
+- Rejected
+- Shipped
+- Delivered
+- Cancelled
+
+### Transitions
+| From | To | Trigger | Guard |
+|------|-----|---------|-------|
+| Created | Submitted | Submit | Has items |
+| Created | Cancelled | Cancel | - |
+| Submitted | Approved | Approve | Auth user |
+| Submitted | Rejected | Reject | Auth user |
+| Approved | Shipped | Ship | In stock |
+| Approved | Cancelled | Cancel | Not shipped |
+| Shipped | Delivered | Deliver | - |
+
+### Test Cases
+| ID | Scenario | Expected |
+|----|----------|----------|
+| ST-01 | Created → Submitted | Success |
+| ST-02 | Created → Approved | Fail (invalid transition) |
+| ST-03 | Shipped → Cancelled | Fail (too late) |
+| ST-04 | Submitted → Rejected → Resubmit | Fail (no path back) |
+```
+
+### Decision Table Testing
+
+For complex business rules:
+
+```markdown
+## Shipping Cost Calculation
+
+### Conditions
+| Condition | Rule 1 | Rule 2 | Rule 3 | Rule 4 | Rule 5 |
+|-----------|--------|--------|--------|--------|--------|
+| Order > $100 | Y | Y | N | N | N |
+| Prime Member | Y | N | Y | N | N |
+| Heavy Item | - | - | - | Y | N |
+
+### Actions
+| Action | Rule 1 | Rule 2 | Rule 3 | Rule 4 | Rule 5 |
+|--------|--------|--------|--------|--------|--------|
+| Free Shipping | X | X | - | - | - |
+| $5.99 Shipping | - | - | X | - | - |
+| $9.99 Shipping | - | - | - | - | X |
+| $14.99 Shipping | - | - | - | X | - |
+
+### Test Cases
+| ID | Order | Prime | Heavy | Expected Cost |
+|----|-------|-------|-------|---------------|
+| DT-01 | $150 | Yes | No | Free |
+| DT-02 | $150 | No | No | Free |
+| DT-03 | $50 | Yes | No | $5.99 |
+| DT-04 | $50 | No | Yes | $14.99 |
+| DT-05 | $50 | No | No | $9.99 |
+```
+
+### Pairwise Testing
+
+For features with many input combinations:
+
+```markdown
+## Search Filter Combinations
+
+### Parameters
+- Category: Electronics, Clothing, Books
+- Price Range: Under $25, $25-$100, Over $100
+- Sort: Price, Rating, Newest
+- Availability: In Stock, All
+
+### Pairwise Test Cases (reduced from 36 to ~12)
+| ID | Category | Price | Sort | Availability |
+|----|----------|-------|------|--------------|
+| PW-01 | Electronics | Under $25 | Price | In Stock |
+| PW-02 | Electronics | $25-$100 | Rating | All |
+| PW-03 | Electronics | Over $100 | Newest | In Stock |
+| PW-04 | Clothing | Under $25 | Rating | In Stock |
+| PW-05 | Clothing | $25-$100 | Newest | In Stock |
+| PW-06 | Clothing | Over $100 | Price | All |
+| ... | ... | ... | ... | ... |
+```
+
+## Edge Cases & Error Handling
+
+### Common Edge Cases
+
+| Category | Examples |
+|----------|----------|
+| Empty/Null | Empty string, null, undefined, whitespace only |
+| Boundaries | Zero, negative, max int, min int |
+| Format | Wrong type, wrong encoding, special characters |
+| Timing | Concurrent requests, timeouts, race conditions |
+| State | Already exists, doesn't exist, locked, expired |
+| Permissions | Unauthorized, wrong role, expired token |
+
+### Error Scenario Template
+
+```markdown
+## Error Scenario: [Description]
+
+### Trigger
+[How to cause this error]
+
+### Expected Behavior
+- User message: [What user should see]
+- System action: [What system should do]
+- Logging: [What should be logged]
+- Recovery: [How to recover]
+
+### Test Cases
+| ID | Scenario | Expected Response |
+|----|----------|-------------------|
+| ERR-01 | Network timeout | Retry with backoff |
+| ERR-02 | Invalid input | Validation message |
+| ERR-03 | Permission denied | 403 with clear message |
+```
+
+## Traceability
+
+### Requirements Mapping
+
+```markdown
+## Traceability Matrix
+
+| Requirement | Test Cases | Coverage |
+|-------------|------------|----------|
+| REQ-001: User login | TC-001, TC-002, TC-003 | Full |
+| REQ-002: Password reset | TC-010, TC-011 | Full |
+| REQ-003: User profile | TC-020 | Partial |
+| REQ-004: Notifications | - | None |
+```
+
+### Coverage Analysis
+
+- **Full Coverage**: All acceptance criteria have test cases
+- **Partial Coverage**: Some criteria tested, gaps identified
+- **No Coverage**: Tests needed - flag for prioritization
+
+## Test Data Design
+
+### Data Categories
+
+| Category | Description | Example |
+|----------|-------------|---------|
+| Valid | Normal, expected values | "John", 25, "user@test.com" |
+| Boundary | At limits of valid range | 0, 100, max length |
+| Invalid | Outside valid range | -1, 101, empty |
+| Special | Characters that may cause issues | <script>, ', ", NULL |
+| Realistic | Production-like data | Actual names, addresses |
+
+### Test Data Best Practices
+
+- **Externalize**: Store data outside tests
+- **Version control**: Track data changes
+- **Isolation**: Each test manages its own data
+- **Cleanup**: Tests clean up after themselves
+- **Seeding**: Consistent starting state