devendra-skill-package 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/skills/boiler-project-generator/SKILL.md +103 -0
- package/.github/skills/boiler-project-generator/assets/templates/android/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/angular/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/flutter/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/ios/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/react/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/README.md +3 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/api-setup.ts +76 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/component-primary-button.tsx +29 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/env-config.env +4 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-auth-screen.tsx +45 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-dashboard-screen.tsx +45 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-profile-screen.tsx +45 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/hook-use-app-boot.ts +11 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/navigation-setup.tsx +25 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/project-structure.md +24 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-hooks.ts +5 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-session-slice.ts +29 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-store.ts +15 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/theme-index.ts +23 -0
- package/.github/skills/boiler-project-generator/assets/templates/react-native/utils-helpers.ts +7 -0
- package/.github/skills/boiler-project-generator/metadata.yaml +29 -0
- package/.github/skills/boiler-project-generator/references/android.md +19 -0
- package/.github/skills/boiler-project-generator/references/angular.md +14 -0
- package/.github/skills/boiler-project-generator/references/flutter.md +17 -0
- package/.github/skills/boiler-project-generator/references/ios.md +17 -0
- package/.github/skills/boiler-project-generator/references/react-native.md +103 -0
- package/.github/skills/boiler-project-generator/references/react.md +17 -0
- package/.github/skills/boiler-project-generator/scripts/angular.js +43 -0
- package/.github/skills/boiler-project-generator/scripts/generate-project.mjs +107 -0
- package/.github/skills/boiler-project-generator/scripts/init.js +105 -0
- package/.github/skills/boiler-project-generator/scripts/react-native.js +1041 -0
- package/.github/skills/boiler-project-generator/scripts/react.js +32 -0
- package/.github/skills/clean-architecture-generator/SKILL.md +235 -0
- package/.github/skills/clean-architecture-generator/references/architecture-core.md +126 -0
- package/.github/skills/clean-architecture-generator/references/platform-angular.md +374 -0
- package/.github/skills/clean-architecture-generator/references/platform-flutter.md +366 -0
- package/.github/skills/clean-architecture-generator/references/platform-react-native.md +590 -0
- package/.github/skills/clean-architecture-generator/references/platform-react.md +261 -0
- package/.github/skills/code-test-coverage-analyzer/SKILL.md +1358 -0
- package/.github/skills/code-test-coverage-analyzer/assets/config-questionnaire.md +118 -0
- package/.github/skills/code-test-coverage-analyzer/assets/conflict-resolution-protocol.md +99 -0
- package/.github/skills/code-test-coverage-analyzer/assets/coverage-calculation-rules.md +294 -0
- package/.github/skills/code-test-coverage-analyzer/assets/multi-strategy-search.md +145 -0
- package/.github/skills/code-test-coverage-analyzer/assets/output-file-contracts.md +651 -0
- package/.github/skills/code-test-coverage-analyzer/assets/status-definitions.md +273 -0
- package/.github/skills/code-test-coverage-analyzer/examples/example-invocation.md +208 -0
- package/.github/skills/code-test-coverage-analyzer/references/android-patterns.md +229 -0
- package/.github/skills/code-test-coverage-analyzer/references/angular-patterns.md +177 -0
- package/.github/skills/code-test-coverage-analyzer/references/backend-patterns.md +383 -0
- package/.github/skills/code-test-coverage-analyzer/references/flutter-patterns.md +254 -0
- package/.github/skills/code-test-coverage-analyzer/references/ios-patterns.md +228 -0
- package/.github/skills/code-test-coverage-analyzer/references/react-native-patterns.md +431 -0
- package/.github/skills/code-test-coverage-analyzer/references/react-patterns.md +206 -0
- package/.github/skills/code-test-coverage-analyzer/scripts/detect-platform.ps1 +261 -0
- package/.github/skills/code-test-coverage-analyzer/scripts/scan-repository.ps1 +242 -0
- package/.github/skills/code-test-coverage-analyzer/templates/brd-compliance-row.md +107 -0
- package/.github/skills/code-test-coverage-analyzer/templates/test-case-row.md +130 -0
- package/.github/skills/code-test-coverage-analyzer/templates/user-story-compliance-row.md +170 -0
- package/.github/skills/custom-font-integrator/SKILL.md +373 -0
- package/.github/skills/custom-font-integrator/assets/FontTestScreen.js +150 -0
- package/.github/skills/custom-font-integrator/references/example-info-plist.xml +21 -0
- package/.github/skills/custom-font-integrator/scripts/setup-fonts.sh +99 -0
- package/.github/skills/encryption-decryption-utility/Instructions.md +282 -0
- package/.github/skills/encryption-decryption-utility/README.md +222 -0
- package/.github/skills/encryption-decryption-utility/SKILL.md +645 -0
- package/.github/skills/encryption-decryption-utility/assets/encryption-config-template.json +13 -0
- package/.github/skills/encryption-decryption-utility/assets/platform-matrix.json +180 -0
- package/.github/skills/encryption-decryption-utility/metadata.yaml +51 -0
- package/.github/skills/encryption-decryption-utility/references/android-crypto.md +157 -0
- package/.github/skills/encryption-decryption-utility/references/angular-crypto.md +130 -0
- package/.github/skills/encryption-decryption-utility/references/approach-1-webcrypto.md +95 -0
- package/.github/skills/encryption-decryption-utility/references/approach-2-rsa-aes-cbc.md +111 -0
- package/.github/skills/encryption-decryption-utility/references/approach-3-aes-sharedkey.md +114 -0
- package/.github/skills/encryption-decryption-utility/references/architecture.md +233 -0
- package/.github/skills/encryption-decryption-utility/references/backend-alignment.md +506 -0
- package/.github/skills/encryption-decryption-utility/references/dependency-guidance.md +234 -0
- package/.github/skills/encryption-decryption-utility/references/ec-implementation.md +832 -0
- package/.github/skills/encryption-decryption-utility/references/error-handling-playbook.md +234 -0
- package/.github/skills/encryption-decryption-utility/references/flutter-crypto.md +105 -0
- package/.github/skills/encryption-decryption-utility/references/ios-crypto.md +338 -0
- package/.github/skills/encryption-decryption-utility/references/native-rsa-implementation.md +373 -0
- package/.github/skills/encryption-decryption-utility/references/node-crypto.md +86 -0
- package/.github/skills/encryption-decryption-utility/references/react-crypto.md +105 -0
- package/.github/skills/encryption-decryption-utility/references/react-native-crypto.md +1001 -0
- package/.github/skills/encryption-decryption-utility/references/react-web-crypto.md +668 -0
- package/.github/skills/encryption-decryption-utility/references/security-checklist.md +176 -0
- package/.github/skills/encryption-decryption-utility/references/web-crypto.md +74 -0
- package/.github/skills/encryption-decryption-utility/scripts/detect.js +128 -0
- package/.github/skills/encryption-decryption-utility/scripts/install.js +1713 -0
- package/.github/skills/encryption-decryption-utility/scripts/setup.js +800 -0
- package/.github/skills/encryption-decryption-utility/template.md +241 -0
- package/.github/skills/encryption-decryption-utility/templates/config-questionnaire.md +467 -0
- package/.github/skills/encryption-decryption-utility/templates/delivery-checklist.md +206 -0
- package/.github/skills/encryption-decryption-utility/templates/implementation-plan.md +304 -0
- package/.github/skills/feature-generator/SKILL.MD +2741 -0
- package/.github/skills/feature-generator/assets/fingerprint-schema.json +385 -0
- package/.github/skills/feature-generator/assets/spec-template.md +172 -0
- package/.github/skills/feature-generator/assets/transform-rules.json +82 -0
- package/.github/skills/feature-generator/references/api-envelope-patterns.md +327 -0
- package/.github/skills/feature-generator/references/screen-logic-patterns.md +399 -0
- package/.github/skills/feature-generator/references/state-library-patterns.md +464 -0
- package/.github/skills/figma-ui-mapper/README.md +34 -0
- package/.github/skills/figma-ui-mapper/SKILL.md +101 -0
- package/.github/skills/figma-ui-mapper/assets/templates/component-map-template.md +30 -0
- package/.github/skills/figma-ui-mapper/assets/templates/generation-report-template.md +49 -0
- package/.github/skills/figma-ui-mapper/metadata.yaml +22 -0
- package/.github/skills/figma-ui-mapper/references/android.md +11 -0
- package/.github/skills/figma-ui-mapper/references/angular.md +18 -0
- package/.github/skills/figma-ui-mapper/references/capacitor.md +18 -0
- package/.github/skills/figma-ui-mapper/references/common.md +23 -0
- package/.github/skills/figma-ui-mapper/references/expo.md +18 -0
- package/.github/skills/figma-ui-mapper/references/flutter.md +18 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/angular/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/capacitor/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/expo/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/flutter/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/ionic/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/kotlin-multiplatform/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/native-android/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/native-ios/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/next/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/nuxt/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/react/rules.md +19 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/react-native/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/svelte/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/frameworks/vue/rules.md +23 -0
- package/.github/skills/figma-ui-mapper/references/ionic.md +18 -0
- package/.github/skills/figma-ui-mapper/references/ios.md +11 -0
- package/.github/skills/figma-ui-mapper/references/kotlin-multiplatform.md +18 -0
- package/.github/skills/figma-ui-mapper/references/native-android.md +18 -0
- package/.github/skills/figma-ui-mapper/references/native-ios.md +18 -0
- package/.github/skills/figma-ui-mapper/references/next.md +18 -0
- package/.github/skills/figma-ui-mapper/references/nuxt.md +18 -0
- package/.github/skills/figma-ui-mapper/references/react-figma-guideline.md +21 -0
- package/.github/skills/figma-ui-mapper/references/react-native.md +18 -0
- package/.github/skills/figma-ui-mapper/references/react.md +18 -0
- package/.github/skills/figma-ui-mapper/references/script-usage.md +46 -0
- package/.github/skills/figma-ui-mapper/references/svelte.md +18 -0
- package/.github/skills/figma-ui-mapper/references/vue.md +18 -0
- package/.github/skills/figma-ui-mapper/references/workflow.md +74 -0
- package/.github/skills/figma-ui-mapper/scripts/generate-page-through-figma.js +635 -0
- package/.github/skills/figma-ui-mapper/scripts/generate-react-page-through-figma.js +4 -0
- package/.github/skills/frontend-task-breakdown/SKILL.md +734 -0
- package/.github/skills/md-file-converter/SKILL.md +291 -0
- package/.github/skills/md-file-converter/config/formats.json +114 -0
- package/.github/skills/md-file-converter/extractors/extract-docx.sh +120 -0
- package/.github/skills/md-file-converter/extractors/extract-eml.py +108 -0
- package/.github/skills/md-file-converter/extractors/extract-pdf.sh +97 -0
- package/.github/skills/md-file-converter/extractors/extract-pptx.py +143 -0
- package/.github/skills/md-file-converter/extractors/extract-xlsx.py +175 -0
- package/.github/skills/md-file-converter/scripts/check-tools.sh +47 -0
- package/.github/skills/md-file-converter/scripts/extract-archive.sh +83 -0
- package/.github/skills/md-file-converter/scripts/extract-ocr.sh +77 -0
- package/.github/skills/md-file-converter/scripts/get-metadata.sh +57 -0
- package/.github/skills/md-file-converter/templates/output.md +73 -0
- package/.github/skills/md-file-converter/templates/unsupported-object.md +6 -0
- package/.github/skills/mockAPI-contract-generator/SKILL.md +607 -0
- package/.github/skills/test-case-validator/CHANGELOG.md +155 -0
- package/.github/skills/test-case-validator/CONFIGURATION.md +130 -0
- package/.github/skills/test-case-validator/EXAMPLES.md +50 -0
- package/.github/skills/test-case-validator/QUALITY_SCORING.md +98 -0
- package/.github/skills/test-case-validator/README.md +111 -0
- package/.github/skills/test-case-validator/REPORT_TEMPLATE.md +116 -0
- package/.github/skills/test-case-validator/SKILL.md +209 -0
- package/.github/skills/test-case-validator/SYSTEM_PROMPT.md +127 -0
- package/.github/skills/test-case-validator/TRACEABILITY_ENGINE.md +152 -0
- package/.github/skills/test-case-validator/VALIDATION_RULES.md +411 -0
- package/.github/skills/test-case-validator/config/default.config.yaml +62 -0
- package/.github/skills/test-case-validator/docs/ARCHITECTURE.md +66 -0
- package/.github/skills/test-case-validator/docs/EXTENDING.md +85 -0
- package/.github/skills/test-case-validator/docs/FAQ.md +88 -0
- package/.github/skills/test-case-validator/docs/VERSIONING.md +55 -0
- package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-brd.md +43 -0
- package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-test-cases.csv +9 -0
- package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-user-story.md +29 -0
- package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/output-report.md +303 -0
- package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/input-spec.md +43 -0
- package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/input-test-files-index.md +56 -0
- package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/output-report.md +274 -0
- package/.github/skills/test-case-validator/prompts/00-applicability-resolution.md +61 -0
- package/.github/skills/test-case-validator/prompts/01-extraction-user-story.md +58 -0
- package/.github/skills/test-case-validator/prompts/02-extraction-brd.md +64 -0
- package/.github/skills/test-case-validator/prompts/03-extraction-test-cases.md +92 -0
- package/.github/skills/test-case-validator/prompts/04-traceability-matrix.md +41 -0
- package/.github/skills/test-case-validator/prompts/05-coverage-analysis.md +46 -0
- package/.github/skills/test-case-validator/prompts/06-missing-scenario-detection.md +32 -0
- package/.github/skills/test-case-validator/prompts/07-duplicate-detection.md +36 -0
- package/.github/skills/test-case-validator/prompts/08-risk-analysis.md +39 -0
- package/.github/skills/test-case-validator/prompts/09-gated-wiring-validation.md +53 -0
- package/.github/skills/test-case-validator/prompts/10-observation-report.md +56 -0
- package/.github/skills/test-case-validator/prompts/11-final-report-assembly.md +57 -0
- package/.github/skills/test-case-validator/templates/coverage-table.md +25 -0
- package/.github/skills/test-case-validator/templates/executive-summary.md +38 -0
- package/.github/skills/test-case-validator/templates/final-summary-block.md +87 -0
- package/.github/skills/test-case-validator/templates/observation-entry.md +41 -0
- package/.github/skills/test-case-validator/templates/rtm-row.md +25 -0
- package/.github/skills/validation-engine-builder/README.md +50 -0
- package/.github/skills/validation-engine-builder/SKILL.md +241 -0
- package/.github/skills/validation-engine-builder/references/core.md +158 -0
- package/.github/skills/validation-engine-builder/references/platform-angular.md +166 -0
- package/.github/skills/validation-engine-builder/references/platform-flutter.md +118 -0
- package/.github/skills/validation-engine-builder/references/platform-react-native.md +170 -0
- package/.github/skills/validation-engine-builder/references/platform-react.md +94 -0
- package/.github/skills/validation-engine-builder/scripts/apply-to-project.js +80 -0
- package/.github/skills/validation-engine-builder/scripts/generate-angular.js +271 -0
- package/.github/skills/validation-engine-builder/scripts/generate-flutter.js +298 -0
- package/.github/skills/validation-engine-builder/scripts/generate-react-native.js +217 -0
- package/.github/skills/validation-engine-builder/scripts/generate-react.js +163 -0
- package/.github/skills/validation-engine-builder/scripts/install-deps.js +53 -0
- package/.github/skills/validation-engine-builder/scripts/shared/detect-platform.js +68 -0
- package/.github/skills/validation-engine-builder/scripts/shared/npm-deps.js +103 -0
- package/.github/skills/validation-engine-builder/scripts/shared/rhf-hook.js +43 -0
- package/.github/skills/validation-engine-builder/scripts/shared/ts-messages-regex.js +62 -0
- package/.github/skills/validation-engine-builder/scripts/shared/util.js +44 -0
- package/.github/skills/validation-engine-builder/scripts/shared/yup-schemas.js +80 -0
- package/.github/skills/validation-engine-builder/template.md +73 -0
- package/.github/skills/validation-engine-builder/templates/messages.json +22 -0
- package/.github/skills/validation-engine-builder/templates/regex.json +16 -0
- package/.github/skills/validation-engine-builder/templates/schemas.json +48 -0
- package/bin/index.js +145 -0
- package/package.json +22 -0
- package/readme.md +0 -0
|
@@ -0,0 +1,1358 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: code-test-coverage-analyzer
|
|
3
|
+
version: "3.0.0"
|
|
4
|
+
description: >
|
|
5
|
+
Audits any software project against three requirement documents — BRD (Business Requirement Document),
|
|
6
|
+
User Stories, and Test Cases — all provided as Markdown files. Performs a multi-pass multi-layered
|
|
7
|
+
repository scan, compares every single requirement against actual implementation with code evidence,
|
|
8
|
+
and generates 15 professional compliance-report files. Covers BRD compliance, user story fulfillment,
|
|
9
|
+
test case pass/fail analysis, validation analysis, UI analysis, API analysis, business logic, navigation,
|
|
10
|
+
traceability matrix, missing features, extra implementation, compliance scorecard, security analysis,
|
|
11
|
+
and final recommendations. Framework-agnostic: works with React Native, React, Angular, Flutter,
|
|
12
|
+
Android, iOS, NestJS, Node.js/Express, Spring Boot, .NET Core, and Go.
|
|
13
|
+
Behaves like a senior QA + Business Analyst + Technical Architect. Never guesses. Never marks
|
|
14
|
+
anything implemented without verified code evidence.
|
|
15
|
+
argument-hint: "<BRD.md> <USER_STORIES.md> <TEST_CASES.md> [project-root] [output-folder]"
|
|
16
|
+
user-invocable: true
|
|
17
|
+
---
|
|
18
|
+
|
|
19
|
+
# CODE TEST COVERAGE ANALYZER
|
|
20
|
+
|
|
21
|
+
This skill is fully AI-driven. Do NOT rely on any script to perform the analysis. Scripts in this skill
|
|
22
|
+
are helpers for platform detection and directory tree generation only. ALL requirement comparison,
|
|
23
|
+
evidence gathering, status determination, and report generation is performed by the AI through
|
|
24
|
+
systematic reading of source files.
|
|
25
|
+
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## Purpose
|
|
29
|
+
|
|
30
|
+
Determine with evidence-backed precision how closely the actual implementation matches the declared
|
|
31
|
+
requirements. Every requirement must be assessed. Every assessment must cite actual source files,
|
|
32
|
+
functions, classes, or UI elements. Nothing is assumed. Nothing is fabricated.
|
|
33
|
+
|
|
34
|
+
This is NOT a code quality review. This is NOT a SonarQube scan. This is a Business Requirements
|
|
35
|
+
Compliance Audit.
|
|
36
|
+
|
|
37
|
+
---
|
|
38
|
+
|
|
39
|
+
## When This Skill Applies
|
|
40
|
+
|
|
41
|
+
Use this skill when:
|
|
42
|
+
- The user provides (or points to) BRD.md, USER_STORIES.md, and TEST_CASES.md
|
|
43
|
+
- The user types `code-test-coverage-analyzer`, `/audit-requirements`, or similar
|
|
44
|
+
- The user asks "does our implementation match the requirements?"
|
|
45
|
+
- The user asks "what features are missing?", "what is the compliance score?", "audit the project against specs"
|
|
46
|
+
- Before a sprint review or production release
|
|
47
|
+
- After a major implementation to verify completeness
|
|
48
|
+
|
|
49
|
+
Do NOT use this skill when:
|
|
50
|
+
- No requirement documents are provided
|
|
51
|
+
- The user only wants code review or refactoring
|
|
52
|
+
- The user wants test generation (use tdd-spec-generator instead)
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
## Inputs
|
|
57
|
+
|
|
58
|
+
### Required
|
|
59
|
+
| Input | Description |
|
|
60
|
+
|---|---|
|
|
61
|
+
| `BRD.md` | Business Requirement Document — functional and non-functional requirements |
|
|
62
|
+
| `USER_STORIES.md` | User stories with acceptance criteria |
|
|
63
|
+
| `TEST_CASES.md` | Test cases with expected results |
|
|
64
|
+
| Project Source Code | The codebase to audit |
|
|
65
|
+
|
|
66
|
+
### Optional (include if provided)
|
|
67
|
+
| Input | Description |
|
|
68
|
+
|---|---|
|
|
69
|
+
| Architecture Documents | High-level system design |
|
|
70
|
+
| API Documents / Swagger / OpenAPI | API contracts |
|
|
71
|
+
| Database Schema | Entity definitions |
|
|
72
|
+
| Screen Specifications | Screen-level design documents |
|
|
73
|
+
| Design Documents / Flow Diagrams | UX flows |
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
## Execution Mode
|
|
78
|
+
|
|
79
|
+
| Archetype | Script % | LLM % |
|
|
80
|
+
|---|---|---|
|
|
81
|
+
| AI-Primary | ~10% | ~90% |
|
|
82
|
+
|
|
83
|
+
| Layer | Responsibility |
|
|
84
|
+
|---|---|
|
|
85
|
+
| Script | Platform auto-detection |
|
|
86
|
+
| Script | Directory tree generation |
|
|
87
|
+
| LLM | All 12 passes of analysis |
|
|
88
|
+
| LLM | BRD / User Story / Test Case parsing |
|
|
89
|
+
| LLM | Evidence gathering from source files |
|
|
90
|
+
| LLM | Status determination per requirement |
|
|
91
|
+
| LLM | Coverage calculation |
|
|
92
|
+
| LLM | All 15 report file generation |
|
|
93
|
+
|
|
94
|
+
---
|
|
95
|
+
|
|
96
|
+
## Step 0 — Collect Configuration
|
|
97
|
+
|
|
98
|
+
Read `assets/config-questionnaire.md` and collect the following from the user BEFORE scanning any file.
|
|
99
|
+
|
|
100
|
+
| # | Field | Type | Required | Notes |
|
|
101
|
+
|---|---|---|---|---|
|
|
102
|
+
| Q1 | BRD_PATH | file path | Yes | Path to BRD.md |
|
|
103
|
+
| Q2 | USER_STORIES_PATH | file path | Yes | Path to USER_STORIES.md |
|
|
104
|
+
| Q3 | TEST_CASES_PATH | file path | Yes | Path to TEST_CASES.md |
|
|
105
|
+
| Q4 | PROJECT_ROOT | directory path | Yes | Root directory of the source code |
|
|
106
|
+
| Q5 | OUTPUT_FOLDER | string | Yes | Name for output folder; warn if already exists |
|
|
107
|
+
| Q6 | PLATFORM | enum | Auto-detected | Run `scripts/detect-platform.ps1`; prompt only if confidence=0 |
|
|
108
|
+
| Q7 | OPTIONAL_DOCS | string[] | Optional | List of any additional documents provided |
|
|
109
|
+
| Q8 | SCOPED_OUT_IDS | string[] | Optional | BRD requirement IDs deferred from this audit |
|
|
110
|
+
| Q9 | PROJECT_TYPE | enum | Optional | Project type for coverage weight preset |
|
|
111
|
+
| Q10 | PRIOR_AUDIT_PATH | path | Optional | Prior audit folder for delta comparison |
|
|
112
|
+
|
|
113
|
+
Present the completed configuration summary and wait for user confirmation before proceeding.
|
|
114
|
+
|
|
115
|
+
---
|
|
116
|
+
|
|
117
|
+
## Step 1 — Platform Auto-Detection
|
|
118
|
+
|
|
119
|
+
Run the platform detection script. Try both commands (Mac/Linux uses `pwsh`, Windows uses `powershell`):
|
|
120
|
+
```powershell
|
|
121
|
+
# Mac/Linux:
|
|
122
|
+
pwsh .github/skills/code-test-coverage-analyzer/scripts/detect-platform.ps1 -ProjectRoot "<Q4>"
|
|
123
|
+
# Windows:
|
|
124
|
+
powershell .github/skills/code-test-coverage-analyzer/scripts/detect-platform.ps1 -ProjectRoot "<Q4>"
|
|
125
|
+
```
|
|
126
|
+
If neither command is available, skip the script and use the manual platform selection from Q6 in config-questionnaire.md.
|
|
127
|
+
|
|
128
|
+
Map output to one reference file. Load ONLY the matching reference:
|
|
129
|
+
|
|
130
|
+
| Platform | Reference File |
|
|
131
|
+
|---|---|
|
|
132
|
+
| ReactNative | `references/react-native-patterns.md` |
|
|
133
|
+
| React | `references/react-patterns.md` |
|
|
134
|
+
| Angular | `references/angular-patterns.md` |
|
|
135
|
+
| Flutter | `references/flutter-patterns.md` |
|
|
136
|
+
| Android | `references/android-patterns.md` |
|
|
137
|
+
| iOS | `references/ios-patterns.md` |
|
|
138
|
+
| NestJS | `references/backend-patterns.md` |
|
|
139
|
+
| NodeJS | `references/backend-patterns.md` |
|
|
140
|
+
| SpringBoot | `references/backend-patterns.md` |
|
|
141
|
+
| DotNet | `references/backend-patterns.md` |
|
|
142
|
+
| Go | `references/backend-patterns.md` |
|
|
143
|
+
| Unknown | Ask user to select from Q6 options; re-route after response |
|
|
144
|
+
|
|
145
|
+
When loading `references/backend-patterns.md`, read ONLY the section matching the detected platform.
|
|
146
|
+
Each section is labeled "## {Platform} — read this section only if Platform={X}." Skip all other sections.
|
|
147
|
+
|
|
148
|
+
---
|
|
149
|
+
|
|
150
|
+
## Step 2 — Parse Requirement Documents
|
|
151
|
+
|
|
152
|
+
Before scanning a single source file, fully parse all three input documents.
|
|
153
|
+
|
|
154
|
+
### 2A — Parse BRD.md
|
|
155
|
+
|
|
156
|
+
Read Q1 file completely. Extract every requirement. For each:
|
|
157
|
+
- Assign a BRD-ID (e.g., BRD-001, BRD-002) if not already present
|
|
158
|
+
- Extract: Category, Requirement Text, Priority, Acceptance Condition
|
|
159
|
+
- Detect requirement type: Functional | Non-Functional | UI | API | Validation | Business Rule | Navigation | Calculation | Security | Performance
|
|
160
|
+
|
|
161
|
+
Build the **BRD Requirement Catalog** — a structured list of all requirements.
|
|
162
|
+
|
|
163
|
+
### 2B — Parse USER_STORIES.md
|
|
164
|
+
|
|
165
|
+
Read Q2 file completely. Extract every user story. For each:
|
|
166
|
+
- Assign a Story-ID (e.g., US-001) if not already present
|
|
167
|
+
- Extract: Role, Goal, Business Value
|
|
168
|
+
- Extract every acceptance criterion individually
|
|
169
|
+
- Assign Criterion-ID (e.g., US-001-AC-01)
|
|
170
|
+
- Detect related BRD requirements (by keyword and context match)
|
|
171
|
+
|
|
172
|
+
Build the **User Story Catalog**.
|
|
173
|
+
|
|
174
|
+
### 2C — Parse TEST_CASES.md
|
|
175
|
+
|
|
176
|
+
Read Q3 file completely. Extract every test case. For each:
|
|
177
|
+
- Assign TC-ID (e.g., TC-001) if not already present
|
|
178
|
+
- Extract: Scenario, Preconditions, Test Steps, Expected Result
|
|
179
|
+
- Identify related User Story ID and BRD requirement ID
|
|
180
|
+
- Classify test type: Functional | Validation | Navigation | API | Business Logic | UI | Edge Case | Negative
|
|
181
|
+
|
|
182
|
+
Build the **Test Case Catalog**.
|
|
183
|
+
|
|
184
|
+
### 2D — Cross-Reference and Conflict Detection
|
|
185
|
+
|
|
186
|
+
Build initial traceability links:
|
|
187
|
+
- BRD-ID → Related Story-IDs → Related TC-IDs
|
|
188
|
+
- Flag any TC that has no BRD or Story link (orphan test)
|
|
189
|
+
- Flag any BRD requirement with no related Story or TC (orphan requirement)
|
|
190
|
+
|
|
191
|
+
**Conflict Detection (mandatory)**:
|
|
192
|
+
Load `assets/conflict-resolution-protocol.md` now. For each entity shared across documents
|
|
193
|
+
(same field name, same screen, same API endpoint, same business rule), compare constraints:
|
|
194
|
+
- Does the BRD specify one value while a User Story specifies a different value?
|
|
195
|
+
- Does one BRD section contradict another BRD section?
|
|
196
|
+
- Does an acceptance criterion require different behavior than the parent story?
|
|
197
|
+
|
|
198
|
+
Apply the conflict detection algorithm from conflict-resolution-protocol.md. Flag all CONFLICTED
|
|
199
|
+
pairs with a CONFLICT-ID before proceeding to Pass 1. CONFLICTED items score 0% coverage until
|
|
200
|
+
the conflict is resolved by the project team.
|
|
201
|
+
|
|
202
|
+
---
|
|
203
|
+
|
|
204
|
+
## Step 3 — Generate Repository Directory Tree
|
|
205
|
+
|
|
206
|
+
Run the repository scan script. Try both commands:
|
|
207
|
+
```powershell
|
|
208
|
+
# Mac/Linux:
|
|
209
|
+
pwsh .github/skills/code-test-coverage-analyzer/scripts/scan-repository.ps1 -ProjectRoot "<Q4>" -Platform "<Q6>"
|
|
210
|
+
# Windows:
|
|
211
|
+
powershell .github/skills/code-test-coverage-analyzer/scripts/scan-repository.ps1 -ProjectRoot "<Q4>" -Platform "<Q6>"
|
|
212
|
+
```
|
|
213
|
+
The script output is the authoritative Master File List. Proceed to Step 3B using this output.
|
|
214
|
+
|
|
215
|
+
---
|
|
216
|
+
|
|
217
|
+
## Step 3B — Exhaustive File Enumeration (MANDATORY)
|
|
218
|
+
|
|
219
|
+
Before any pass begins, build the **Master File List** — a complete catalogue of every source file
|
|
220
|
+
in the project. This is not optional. Every file must appear in this list. No file may be skipped.
|
|
221
|
+
|
|
222
|
+
**How to build**:
|
|
223
|
+
1. Use the output from Step 3's scan-repository.ps1 as the Master File List. Do NOT run a separate
|
|
224
|
+
Glob enumeration — the script output is the authoritative categorized file list.
|
|
225
|
+
Only use Glob directly if the script could not be executed (no PowerShell available).
|
|
226
|
+
2. Organize into these mandatory categories:
|
|
227
|
+
|
|
228
|
+
| Category | What goes here |
|
|
229
|
+
|---|---|
|
|
230
|
+
| **Screens** | All screen / page / activity / view-controller files |
|
|
231
|
+
| **Components** | All reusable UI component files (not full screens — buttons, cards, inputs, modals, bottom sheets, loaders, banners, etc.) |
|
|
232
|
+
| **Hooks** | All custom hook files (useXxx.ts, *_hook.dart, etc.) |
|
|
233
|
+
| **APILayer** | All service, repository, data-source, API-client files |
|
|
234
|
+
| **StateManagement** | All slice, reducer, action, effect, BLoC, Cubit, ViewModel, store files |
|
|
235
|
+
| **Navigation** | All navigator, router, route-definition files |
|
|
236
|
+
| **BusinessLogic** | All use-case, interactor, manager, domain-service, calculation-service files |
|
|
237
|
+
| **Validation** | All schema, validator, form-rule, field-validation files |
|
|
238
|
+
| **Models** | All model, DTO, entity, request/response files |
|
|
239
|
+
| **Core/Security** | All encryption, security, crypto, auth, interceptor, middleware, session files |
|
|
240
|
+
| **Constants** | All constants, config, enum, theme, color, typography files |
|
|
241
|
+
| **Utilities** | All helper, formatter, calculator, date-util, string-util, number-util files |
|
|
242
|
+
| **Localization** | All i18n, l10n, translation, strings, ARB, Localizable.strings files |
|
|
243
|
+
| **Tests** | All test, spec, mock, fixture files |
|
|
244
|
+
| **Assets** | All image, font, icon, lottie asset files |
|
|
245
|
+
| **Generated** | All auto-generated files (note but still inspect for enum values / constants) |
|
|
246
|
+
| **Other** | Everything else |
|
|
247
|
+
|
|
248
|
+
3. Record the **total file count** per category and the **total across all categories**.
|
|
249
|
+
4. This list is the **read obligation** — every file in every category (except Assets and Generated)
|
|
250
|
+
must be opened and inspected at least once during the 12 passes.
|
|
251
|
+
5. After all passes complete, verify that every non-excluded file was read. Files not read during
|
|
252
|
+
a logical pass must be read in a catch-up sweep before Pass 12.
|
|
253
|
+
|
|
254
|
+
**Commitment statement** (print this at the start of analysis):
|
|
255
|
+
```
|
|
256
|
+
EXHAUSTIVE SCAN COMMITMENT
|
|
257
|
+
Total source files to read: {N}
|
|
258
|
+
Screens: {n}
|
|
259
|
+
Components: {n}
|
|
260
|
+
Hooks: {n}
|
|
261
|
+
APILayer: {n}
|
|
262
|
+
StateManagement: {n}
|
|
263
|
+
Navigation: {n}
|
|
264
|
+
BusinessLogic: {n}
|
|
265
|
+
Validation: {n}
|
|
266
|
+
Models: {n}
|
|
267
|
+
Core/Security: {n}
|
|
268
|
+
Constants: {n}
|
|
269
|
+
Utilities: {n}
|
|
270
|
+
Localization: {n}
|
|
271
|
+
Tests: {n}
|
|
272
|
+
Other: {n}
|
|
273
|
+
No file will be skipped.
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
---
|
|
277
|
+
|
|
278
|
+
## §Repository Scanning Efficiency
|
|
279
|
+
|
|
280
|
+
### Read-Once Principle
|
|
281
|
+
Each source file is read once, in the earliest pass that requires it. Subsequent passes reference
|
|
282
|
+
findings from the Inventory built in that first pass. Passes 3–11 must say "using findings from
|
|
283
|
+
[Pass N] Inventory" rather than re-reading the same files.
|
|
284
|
+
|
|
285
|
+
### Grep-First Principle
|
|
286
|
+
Use Grep for pattern discovery across many files. Use Read only for logic flow, context, and
|
|
287
|
+
confirmed evidence. For a new requirement type search:
|
|
288
|
+
1. Grep the whole codebase for the most discriminating pattern
|
|
289
|
+
2. Read only the matched files for verification
|
|
290
|
+
Do NOT read every file in a category to find one pattern when Grep can locate it in one call.
|
|
291
|
+
|
|
292
|
+
### Large File Protocol
|
|
293
|
+
Before reading any source file:
|
|
294
|
+
- Quickly check if it exceeds 2000 lines (using a head/wc equivalent or read with a limit probe)
|
|
295
|
+
- If it exceeds 2000 lines: read in 1800-line chunks with a 200-line overlap between chunks
|
|
296
|
+
- Record key findings from each chunk before proceeding to the next chunk
|
|
297
|
+
- Files confirmed under 2000 lines may be read in one call
|
|
298
|
+
|
|
299
|
+
### String Map Durability
|
|
300
|
+
After building the String Map in Pass 1, write it to `{Q5}/wip/string-map.md` before proceeding
|
|
301
|
+
to Pass 2. Every subsequent pass must reference this file rather than reconstructing from memory.
|
|
302
|
+
Passes must use `Read {Q5}/wip/string-map.md` for string lookups, not recall from context.
|
|
303
|
+
|
|
304
|
+
---
|
|
305
|
+
|
|
306
|
+
## §Checkpoint Protocol
|
|
307
|
+
|
|
308
|
+
After each pass completes, write a checkpoint file before starting the next pass:
|
|
309
|
+
```
|
|
310
|
+
Write: {Q5}/wip/pass-{N}-findings.md
|
|
311
|
+
Content: Summary of findings from this pass (finding count, key discoveries, files read)
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
If context approaches its limit mid-pass:
|
|
315
|
+
1. Complete the current requirement being analyzed
|
|
316
|
+
2. Write the checkpoint file for the current pass
|
|
317
|
+
3. State explicitly: "CHECKPOINT: Pass {N} complete — {M} requirements assessed. Resume from Pass {N+1}."
|
|
318
|
+
4. The user can continue in a new session starting from Pass {N+1}
|
|
319
|
+
|
|
320
|
+
This prevents silent truncation where the audit continues from an empty context and produces
|
|
321
|
+
incomplete findings with no indication of the truncation.
|
|
322
|
+
|
|
323
|
+
---
|
|
324
|
+
|
|
325
|
+
## Multi-Pass Repository Analysis
|
|
326
|
+
|
|
327
|
+
Perform the following passes. Each pass is a targeted scan of source files.
|
|
328
|
+
Do NOT skip any pass. Do NOT combine passes into one.
|
|
329
|
+
After every pass, record findings in working memory AND write a checkpoint file before proceeding.
|
|
330
|
+
|
|
331
|
+
**EXHAUSTIVENESS RULE**: Every pass must process its full file set — not a sample, not the first N
|
|
332
|
+
files. If a pass covers "all service files", it means EVERY file in the APILayer + BusinessLogic
|
|
333
|
+
categories. Mark each file as "read" as you go. At the end of all passes, any unread file must be
|
|
334
|
+
read in a sweep before Pass 12.
|
|
335
|
+
|
|
336
|
+
---
|
|
337
|
+
|
|
338
|
+
### Pass 1 — Project Structure Discovery
|
|
339
|
+
|
|
340
|
+
**Goal**: Map the complete project architecture and read every structural / configuration file.
|
|
341
|
+
|
|
342
|
+
Scan: ALL directories and files under Q4 using the Master File List from Step 3B.
|
|
343
|
+
Read every file in: **Constants**, **Core/Security**, **Localization**, and **Generated** categories.
|
|
344
|
+
Also read: package.json / pubspec.yaml / build.gradle, .env files, app.config.ts/js, app.json.
|
|
345
|
+
|
|
346
|
+
Discover and record:
|
|
347
|
+
- Top-level folder structure (src, lib, app, features, modules, etc.)
|
|
348
|
+
- Technology stack (languages, frameworks, state management)
|
|
349
|
+
- State management library (Redux, Zustand, BLoC, NgRx, Provider, GetX, ViewModel, etc.)
|
|
350
|
+
- HTTP client (Axios, Dio, OkHttp, Alamofire, fetch, etc.)
|
|
351
|
+
- Navigation library (React Navigation, GoRouter, Angular Router, NavController, etc.)
|
|
352
|
+
- Authentication mechanism (JWT, OAuth, session tokens, encryption)
|
|
353
|
+
- Security / encryption implementation (ECDH, AES, RSA, SSL pinning, etc.)
|
|
354
|
+
- Localization/i18n setup — read ALL string resource files and resolve ALL message keys
|
|
355
|
+
- Feature flags and environment flags
|
|
356
|
+
- Configuration files — read every .env, constants file, and config file completely
|
|
357
|
+
- Build configuration
|
|
358
|
+
- Every enum definition (enums constrain allowed values for fields and statuses)
|
|
359
|
+
- Every theme / typography / color constant (these define UI labels via constants)
|
|
360
|
+
- Middleware, interceptors, and request/response transformers
|
|
361
|
+
|
|
362
|
+
**Resolve all string constants now** — before any pass that needs to compare text.
|
|
363
|
+
Read every localization file (Localizable.strings, en.json, strings.xml, ARB files, messages.ts).
|
|
364
|
+
Build a **String Map**: key → resolved string. Every validation message, button label, and
|
|
365
|
+
error text must be resolvable from this map without re-reading localization files each time.
|
|
366
|
+
|
|
367
|
+
**String Map Durability**: Write the String Map to `{Q5}/wip/string-map.md` immediately after
|
|
368
|
+
building it. Format: one row per key (key | resolved string | source file). All subsequent passes
|
|
369
|
+
must use `Read {Q5}/wip/string-map.md` for string lookups — never reconstruct from context.
|
|
370
|
+
|
|
371
|
+
Output: **Architecture Fingerprint** + **String Map** (in `{Q5}/wip/string-map.md`) + **Constant Inventory**.
|
|
372
|
+
|
|
373
|
+
---
|
|
374
|
+
|
|
375
|
+
### Pass 2 — Screen AND Component Discovery
|
|
376
|
+
|
|
377
|
+
**Goal**: Enumerate ALL user-facing screens AND all reusable UI components AND all hooks.
|
|
378
|
+
This pass covers the entire UI layer — not just top-level screens.
|
|
379
|
+
|
|
380
|
+
#### Pass 2A — Screen Discovery
|
|
381
|
+
|
|
382
|
+
Read EVERY file in the **Screens** category from the Master File List (Step 3B).
|
|
383
|
+
Do not skip any screen file.
|
|
384
|
+
|
|
385
|
+
Platform screen patterns (for file categorization reference):
|
|
386
|
+
| Platform | Screen Patterns |
|
|
387
|
+
|---|---|
|
|
388
|
+
| React Native | `*Screen.tsx`, `*Screen.ts`, `*Page.tsx`, `*View.tsx`; exports from `screens/` directories |
|
|
389
|
+
| React | `*Page.tsx`, `*View.tsx`, route-registered components |
|
|
390
|
+
| Angular | `*.component.ts` registered in routing modules |
|
|
391
|
+
| Flutter | `*_screen.dart`, `*_page.dart`; widgets with `Scaffold` |
|
|
392
|
+
| Android | `*Activity.kt`, `*Fragment.kt`, `*Activity.java`, `*Fragment.java` |
|
|
393
|
+
| iOS | `*ViewController.swift`, `*View.swift`, UIViewController subclasses |
|
|
394
|
+
|
|
395
|
+
For each screen, record:
|
|
396
|
+
- File path
|
|
397
|
+
- Screen name
|
|
398
|
+
- Parent module/feature
|
|
399
|
+
- Every form field (name, type, placeholder, label)
|
|
400
|
+
- Every button (label, action)
|
|
401
|
+
- Every conditional UI element (condition, element shown/hidden)
|
|
402
|
+
- Navigation calls in/out
|
|
403
|
+
- API calls made (note the call site)
|
|
404
|
+
- State management usage (which store/slice/BLoC)
|
|
405
|
+
- Loading state indicator present: Yes/No
|
|
406
|
+
- Empty state component present: Yes/No
|
|
407
|
+
- Error state handling: Yes/No
|
|
408
|
+
|
|
409
|
+
Output: **Screen Inventory**.
|
|
410
|
+
|
|
411
|
+
#### Pass 2B — Component Discovery
|
|
412
|
+
|
|
413
|
+
Read EVERY file in the **Components** category from the Master File List.
|
|
414
|
+
Do not skip any component file — every reusable widget, card, modal, button, input, bottom sheet,
|
|
415
|
+
loader, banner, form field, header, footer, list item, empty state, and error state component
|
|
416
|
+
must be inspected.
|
|
417
|
+
|
|
418
|
+
For each component, record:
|
|
419
|
+
- File path
|
|
420
|
+
- Component name
|
|
421
|
+
- Props accepted (especially: label, placeholder, errorMessage, value, onPress)
|
|
422
|
+
- UI elements it renders
|
|
423
|
+
- Any hardcoded text (button labels, default messages, placeholder text)
|
|
424
|
+
- Any conditional rendering logic
|
|
425
|
+
- Any validation it performs internally
|
|
426
|
+
- Which screens import and use it (back-reference from Screen Inventory)
|
|
427
|
+
|
|
428
|
+
**Why components matter**: Requirements may prescribe specific button text, placeholder text,
|
|
429
|
+
or error messages that live inside shared components, not in screen files. A compliance check
|
|
430
|
+
on the screen alone will miss these. Every component that renders text or validation feedback
|
|
431
|
+
must be read.
|
|
432
|
+
|
|
433
|
+
Output: **Component Inventory**.
|
|
434
|
+
|
|
435
|
+
#### Pass 2C — Hook Discovery
|
|
436
|
+
|
|
437
|
+
Read EVERY file in the **Hooks** category from the Master File List.
|
|
438
|
+
Custom hooks often contain the actual business logic, validation, and state management
|
|
439
|
+
that screens delegate to.
|
|
440
|
+
|
|
441
|
+
For each hook, record:
|
|
442
|
+
- File path
|
|
443
|
+
- Hook name
|
|
444
|
+
- What it does (state it manages, side effects, API calls)
|
|
445
|
+
- Validation rules it contains
|
|
446
|
+
- Business conditions it evaluates
|
|
447
|
+
- Which screens/components use it
|
|
448
|
+
|
|
449
|
+
Output: **Hook Inventory**.
|
|
450
|
+
|
|
451
|
+
---
|
|
452
|
+
|
|
453
|
+
### Pass 3 — API Discovery
|
|
454
|
+
|
|
455
|
+
**Goal**: Enumerate ALL API calls made from the project. Every single endpoint call.
|
|
456
|
+
|
|
457
|
+
Read EVERY file in the **APILayer** category from the Master File List.
|
|
458
|
+
Also read every file in **Core/Security** (interceptors, middleware, request wrappers).
|
|
459
|
+
Also read every file in **Hooks** that makes API calls (check Hook Inventory from Pass 2C).
|
|
460
|
+
Also read every **Screen** file for inline API calls not delegated to a service.
|
|
461
|
+
|
|
462
|
+
Do NOT stop after finding the obvious service files. Check:
|
|
463
|
+
- Shared API client / axios instance configuration files
|
|
464
|
+
- Interceptor files (request interceptors, response interceptors)
|
|
465
|
+
- Auth interceptor / token injection files
|
|
466
|
+
- Retry logic files
|
|
467
|
+
- Error handler middleware
|
|
468
|
+
- Any file that calls `fetch(`, `axios.`, `.get(`, `.post(`, `.request(`, `dio.`, `http.`
|
|
469
|
+
|
|
470
|
+
Scan all repository, service, and data source files. Using the platform reference:
|
|
471
|
+
|
|
472
|
+
| Platform | API Patterns |
|
|
473
|
+
|---|---|
|
|
474
|
+
| React Native / React | `axios.get/post/put/delete`, `fetch(`, `apiClient.`, `.request(`, service class methods |
|
|
475
|
+
| Angular | `HttpClient.get/post/put/delete`, `http.`, service class `@Injectable` |
|
|
476
|
+
| Flutter | `dio.get/post/put/delete`, `http.get/post`, repository class methods |
|
|
477
|
+
| Android | `OkHttp.newCall`, `Retrofit` interface methods, `HttpURLConnection` |
|
|
478
|
+
| iOS | `URLSession.dataTask`, `Alamofire.request`, `AF.request` |
|
|
479
|
+
|
|
480
|
+
For each API call, record:
|
|
481
|
+
- HTTP method (GET/POST/PUT/PATCH/DELETE)
|
|
482
|
+
- Endpoint URL or path template
|
|
483
|
+
- Request payload structure
|
|
484
|
+
- Response model
|
|
485
|
+
- Authentication (token injected? which header?)
|
|
486
|
+
- Error handling (which HTTP codes handled?)
|
|
487
|
+
- Retry logic
|
|
488
|
+
- Timeout configuration
|
|
489
|
+
- File path and function name
|
|
490
|
+
|
|
491
|
+
Output: **API Inventory** — complete list of all API calls with metadata.
|
|
492
|
+
|
|
493
|
+
---
|
|
494
|
+
|
|
495
|
+
### Pass 4 — Business Logic Discovery
|
|
496
|
+
|
|
497
|
+
**Goal**: Enumerate ALL business rules, conditions, and decision trees implemented.
|
|
498
|
+
Every file that contains conditional logic related to a business outcome must be read.
|
|
499
|
+
|
|
500
|
+
Read EVERY file in: **BusinessLogic**, **StateManagement**, **Hooks**, **Utilities** categories.
|
|
501
|
+
Also read: every Screen file (screens often contain inline business logic).
|
|
502
|
+
Also read: every Component file (components may encode business rules in their props/rendering).
|
|
503
|
+
Also read: every file in Core/Security (security rules are business rules).
|
|
504
|
+
|
|
505
|
+
Do NOT assume business logic only lives in "service" files. It can be in:
|
|
506
|
+
- Redux thunks and selectors
|
|
507
|
+
- React hooks (useEffect with conditions, useMemo with calculations)
|
|
508
|
+
- ViewModel computed properties
|
|
509
|
+
- BLoC event handlers
|
|
510
|
+
- Screen-level onSubmit handlers
|
|
511
|
+
- Utility functions used by multiple screens
|
|
512
|
+
- Constants files that define business thresholds (MIN_AMOUNT, MAX_RETRIES, etc.)
|
|
513
|
+
|
|
514
|
+
Scan: Service files, BLoC files, ViewModel files, Thunks, Reducers, Use Cases, Interactors, Helpers, Utilities.
|
|
515
|
+
|
|
516
|
+
Look for:
|
|
517
|
+
- Conditional branches related to eligibility, approval, status
|
|
518
|
+
- Threshold and limit checks (amount limits, count limits, age checks)
|
|
519
|
+
- Status transitions and state machines
|
|
520
|
+
- Interest / charge / fee / tax calculations
|
|
521
|
+
- Date-based rules (maturity, expiry, lockout periods)
|
|
522
|
+
- Discount and tier logic
|
|
523
|
+
- Permission-gated behavior
|
|
524
|
+
- Role-based logic
|
|
525
|
+
|
|
526
|
+
For each business rule, record:
|
|
527
|
+
- Rule description (inferred from code)
|
|
528
|
+
- File path, function name, line range
|
|
529
|
+
- Input conditions
|
|
530
|
+
- Output/effect
|
|
531
|
+
- Related constants or config values
|
|
532
|
+
|
|
533
|
+
Output: **Business Logic Inventory**.
|
|
534
|
+
|
|
535
|
+
---
|
|
536
|
+
|
|
537
|
+
### Pass 5 — Validation Discovery
|
|
538
|
+
|
|
539
|
+
**Goal**: Enumerate ALL input validations implemented — in every file they appear in.
|
|
540
|
+
Validation is scattered. It appears in schemas, components, hooks, screens, services, and
|
|
541
|
+
even constants files. Read ALL of them.
|
|
542
|
+
|
|
543
|
+
Read EVERY file in: **Validation**, **Screens**, **Components**, **Hooks**, **Models** categories.
|
|
544
|
+
Also read: every Constants file (regex constants, min/max value constants).
|
|
545
|
+
Also read: every Localization file (already done in Pass 1 — use the String Map).
|
|
546
|
+
|
|
547
|
+
Validation can appear in:
|
|
548
|
+
- Yup / Zod / Joi schema definitions
|
|
549
|
+
- React Hook Form `register()` options
|
|
550
|
+
- Angular Validators in FormGroup / FormControl
|
|
551
|
+
- Flutter TextFormField `validator:` callbacks
|
|
552
|
+
- Android binding error setters
|
|
553
|
+
- iOS guard statements and NSPredicate matchers
|
|
554
|
+
- Custom hooks that validate before API calls
|
|
555
|
+
- Shared input components that have built-in validation props
|
|
556
|
+
- Constants that define REGEX patterns, MIN lengths, MAX lengths
|
|
557
|
+
- Server-side validation response mapping (what API error codes become what UI messages)
|
|
558
|
+
|
|
559
|
+
For every validation found, also check:
|
|
560
|
+
- Is the same field validated in a shared component AND in a screen schema? Do they conflict?
|
|
561
|
+
- Is the validation message hardcoded or resolved from a constant/localization key?
|
|
562
|
+
- If it's a key, resolve the actual string using the String Map from Pass 1.
|
|
563
|
+
|
|
564
|
+
Scan: Form files, screen files, validators, schema files (Yup, Joi, Formik, reactive forms, BLoC validators, ViewModel validators).
|
|
565
|
+
|
|
566
|
+
For every validation found, record:
|
|
567
|
+
- Field name
|
|
568
|
+
- Validation type (required, min, max, regex, custom, cross-field)
|
|
569
|
+
- Validation rule (exact regex or condition)
|
|
570
|
+
- Error message (exact string or string resource key — resolve to actual string)
|
|
571
|
+
- Where triggered (onBlur, onChange, onSubmit, server-side)
|
|
572
|
+
- File path
|
|
573
|
+
|
|
574
|
+
Also scan:
|
|
575
|
+
- Server-side validation responses (API error codes mapped to messages)
|
|
576
|
+
- Localization files for validation strings
|
|
577
|
+
|
|
578
|
+
Output: **Validation Inventory** — field by field, rule by rule.
|
|
579
|
+
|
|
580
|
+
---
|
|
581
|
+
|
|
582
|
+
### Pass 6 — Navigation Discovery
|
|
583
|
+
|
|
584
|
+
**Goal**: Map ALL navigation flows implemented — in every file they appear in.
|
|
585
|
+
|
|
586
|
+
Read EVERY file in the **Navigation** category from the Master File List.
|
|
587
|
+
Also read: every Screen file (navigation calls originate in screens).
|
|
588
|
+
Also read: every Hook file (navigation is often in custom hooks).
|
|
589
|
+
Also read: every Component file (some components navigate on press).
|
|
590
|
+
Also read: Auth files (authentication triggers navigation).
|
|
591
|
+
|
|
592
|
+
Do NOT just check the router config file. Also check:
|
|
593
|
+
- Deep link handler files
|
|
594
|
+
- Notification tap handlers (navigate on notification)
|
|
595
|
+
- App-level lifecycle files (navigate on session expiry, on cold start)
|
|
596
|
+
- Auth middleware (redirect on unauthorized)
|
|
597
|
+
- Error boundary files (navigate on fatal error)
|
|
598
|
+
|
|
599
|
+
Using the platform reference, scan for:
|
|
600
|
+
|
|
601
|
+
| Platform | Navigation Patterns |
|
|
602
|
+
|---|---|
|
|
603
|
+
| React Native | `navigation.navigate(`, `navigation.push(`, `navigation.goBack(`, `useNavigation`, Stack/Tab/Drawer navigators |
|
|
604
|
+
| React | `useNavigate`, `<Link to=`, `useRouter`, `router.push(`, route definitions |
|
|
605
|
+
| Angular | `router.navigate(`, `routerLink=`, `Router.navigateByUrl`, route guards |
|
|
606
|
+
| Flutter | `Navigator.push(`, `Navigator.pushNamed(`, `GoRouter.go(`, `context.go(` |
|
|
607
|
+
| Android | `startActivity(Intent(`, `NavController.navigate(`, `findNavController(` |
|
|
608
|
+
| iOS | `navigationController?.pushViewController`, `present(`, `NavigationLink(` |
|
|
609
|
+
|
|
610
|
+
For each navigation, record:
|
|
611
|
+
- Source screen
|
|
612
|
+
- Destination screen
|
|
613
|
+
- Trigger (button tap, API success, error, lifecycle)
|
|
614
|
+
- Parameters passed
|
|
615
|
+
- Back navigation behavior
|
|
616
|
+
- Deep link pattern (if any)
|
|
617
|
+
- Authentication guard (if any)
|
|
618
|
+
|
|
619
|
+
Output: **Navigation Flow Map**.
|
|
620
|
+
|
|
621
|
+
---
|
|
622
|
+
|
|
623
|
+
### Pass 7 — Calculation Discovery
|
|
624
|
+
|
|
625
|
+
**Goal**: Find ALL mathematical or business calculations in the codebase — wherever they live.
|
|
626
|
+
|
|
627
|
+
Read EVERY file in: **Utilities**, **BusinessLogic**, **Hooks**, **StateManagement** categories.
|
|
628
|
+
Also re-scan every Screen file for inline calculations not extracted to a utility.
|
|
629
|
+
Also read every Component file for calculations within render logic.
|
|
630
|
+
|
|
631
|
+
Calculations can hide in:
|
|
632
|
+
- A single line inside a screen's `onSubmit` handler
|
|
633
|
+
- A `useMemo` or `useSelector` in a hook
|
|
634
|
+
- A formatted display value computed in a list item component
|
|
635
|
+
- A computed property in a ViewModel
|
|
636
|
+
- An event handler in a BLoC
|
|
637
|
+
|
|
638
|
+
Scan: Calculation services, utility files, business logic files, ViewModel files, BLoC handlers, reducers.
|
|
639
|
+
|
|
640
|
+
Look for:
|
|
641
|
+
- Interest rate calculations
|
|
642
|
+
- EMI / installment calculations
|
|
643
|
+
- Fee and charge computations
|
|
644
|
+
- Tax calculations
|
|
645
|
+
- Discount computations
|
|
646
|
+
- Date difference calculations (days, months, years between dates)
|
|
647
|
+
- Percentage calculations
|
|
648
|
+
- Currency formatting logic
|
|
649
|
+
- Amount rounding rules
|
|
650
|
+
- Limit and threshold computations
|
|
651
|
+
|
|
652
|
+
For each calculation, record:
|
|
653
|
+
- Formula (expressed as algebraic formula: `result = a op b`)
|
|
654
|
+
- File path, function name, exact code snippet
|
|
655
|
+
- Input parameters and types
|
|
656
|
+
- Output type
|
|
657
|
+
- Edge case handling (null, zero division, negative)
|
|
658
|
+
|
|
659
|
+
Output: **Calculation Inventory**.
|
|
660
|
+
|
|
661
|
+
---
|
|
662
|
+
|
|
663
|
+
### Pass 7B — Security Deep-Dive
|
|
664
|
+
|
|
665
|
+
**Goal**: Perform a dedicated security audit of all security-related files before the BRD comparison.
|
|
666
|
+
This pass builds the Security Inventory that feeds into File 15.
|
|
667
|
+
|
|
668
|
+
Read EVERY file in the **Core/Security** category from the Master File List.
|
|
669
|
+
Also read: interceptor files, middleware files, auth wrapper files, token handler files.
|
|
670
|
+
Also grep for: encryption, jwt, bcrypt, hash, salt, cipher, session, pin, password, biometric.
|
|
671
|
+
|
|
672
|
+
For each security control found, record:
|
|
673
|
+
- Control type: Encryption | Token | PIN | Session | Auth | SSL | Error Safety | Logging
|
|
674
|
+
- Implementation file path and function name
|
|
675
|
+
- Data protected (what is being secured)
|
|
676
|
+
- Algorithm or mechanism used
|
|
677
|
+
- Key/secret management approach
|
|
678
|
+
- Expiry or rotation behavior
|
|
679
|
+
|
|
680
|
+
**Security checks to perform**:
|
|
681
|
+
1. **Encryption** — read the encryption utility. Confirm algorithm (AES-256? RSA? ECDH?).
|
|
682
|
+
Confirm key derivation. Confirm IV/salt generation. Compare against BRD security requirements.
|
|
683
|
+
2. **Token storage** — find where access tokens and refresh tokens are stored.
|
|
684
|
+
Flag if stored in plain AsyncStorage/localStorage without encryption.
|
|
685
|
+
3. **PIN lockout** — find the lockout logic. Confirm threshold, duration, and reset behavior.
|
|
686
|
+
Compare against BRD requirements.
|
|
687
|
+
4. **Session timeout** — find the session timeout logic. Confirm enforcement.
|
|
688
|
+
5. **SSL pinning** — check if certificate pinning is configured for production.
|
|
689
|
+
6. **Sensitive data in logs** — grep for console.log / Log.d / print near PIN, password, token, OTP.
|
|
690
|
+
7. **Error message safety** — find global error handlers. Check that stack traces and internal
|
|
691
|
+
paths are not exposed in error messages shown to the user.
|
|
692
|
+
8. **Biometric auth** — if required, verify it is wired to the auth flow correctly.
|
|
693
|
+
|
|
694
|
+
Output: **Security Inventory** — used by Pass 11H Self-Verification and File 15.
|
|
695
|
+
|
|
696
|
+
---
|
|
697
|
+
|
|
698
|
+
### Pass 8 — BRD Comparison
|
|
699
|
+
|
|
700
|
+
**Goal**: For every requirement in the BRD Requirement Catalog, find evidence in the source code.
|
|
701
|
+
|
|
702
|
+
**Before starting this pass**: Load `assets/status-definitions.md` — it is the ONLY authoritative
|
|
703
|
+
source for all status definitions. Do not rely on status descriptions elsewhere in this file.
|
|
704
|
+
|
|
705
|
+
For each BRD requirement:
|
|
706
|
+
|
|
707
|
+
1. Identify the requirement type (from Step 2A)
|
|
708
|
+
2. Search relevant layers based on type (use findings from Inventories built in Passes 1–7B):
|
|
709
|
+
- UI requirement → Search Screen Inventory AND Component Inventory AND Hook Inventory.
|
|
710
|
+
If a UI requirement is not found in screen files, check ALL components used by those screens
|
|
711
|
+
before declaring MISSING. UI elements often live in shared components, not in screen files.
|
|
712
|
+
- API requirement → Search API Inventory, service files
|
|
713
|
+
- Validation requirement → Search Validation Inventory
|
|
714
|
+
- Business Logic requirement → Search Business Logic Inventory, service files
|
|
715
|
+
- Navigation requirement → Search Navigation Flow Map
|
|
716
|
+
- Calculation requirement → Search Calculation Inventory
|
|
717
|
+
- Security requirement → Search Security Inventory (from Pass 7B), Core/Security files
|
|
718
|
+
- Performance requirement → Search config files, loading indicators, lazy loading
|
|
719
|
+
3. For every search: read actual source files to confirm evidence
|
|
720
|
+
4. **Before marking MISSING**: Follow the protocol in `assets/multi-strategy-search.md`.
|
|
721
|
+
All six search strategies must be exhausted (or confirmed inapplicable for the requirement type).
|
|
722
|
+
Record evidence from each strategy attempted. Two strategies is never sufficient.
|
|
723
|
+
5. **Feature Flag handling**: If a requirement's implementation is gated behind a feature flag,
|
|
724
|
+
mark IMPLEMENTED with qualifier "FEATURE FLAG GATED: {flag name}". Check the flag's default
|
|
725
|
+
value and environment-specific values. If the flag is off in all environments, downgrade to
|
|
726
|
+
PARTIALLY_IMPLEMENTED.
|
|
727
|
+
6. Assign status using `assets/status-definitions.md` (the loaded authoritative source)
|
|
728
|
+
7. Record evidence: file path, function/class name, line range, code excerpt (max 5 lines)
|
|
729
|
+
|
|
730
|
+
**Status options** (see `assets/status-definitions.md` for full definitions):
|
|
731
|
+
- `IMPLEMENTED` — complete, correct implementation found with evidence
|
|
732
|
+
- `PARTIALLY_IMPLEMENTED` — implementation exists but incomplete or deviates
|
|
733
|
+
- `MISSING` — no implementation found after exhaustive six-strategy search
|
|
734
|
+
- `INCORRECT` — implementation exists but contradicts the requirement
|
|
735
|
+
- `EXTRA` — implemented feature not requested in BRD (flag as extra)
|
|
736
|
+
- `NOT_VERIFIED` — insufficient evidence to make a determination
|
|
737
|
+
- `CONFLICTED` — contradictory specifications across documents (set in Step 2D)
|
|
738
|
+
- `SCOPED_OUT` — excluded from audit scope via Q8
|
|
739
|
+
|
|
740
|
+
Record confidence level: `HIGH` | `MEDIUM` | `LOW` (per decision tree in status-definitions.md)
|
|
741
|
+
|
|
742
|
+
Output: **BRD Compliance Matrix**.
|
|
743
|
+
|
|
744
|
+
---
|
|
745
|
+
|
|
746
|
+
### Pass 9 — User Story Comparison
|
|
747
|
+
|
|
748
|
+
**Goal**: For every user story and every acceptance criterion, verify implementation.
|
|
749
|
+
|
|
750
|
+
For each User Story:
|
|
751
|
+
1. Identify the business flow being tested
|
|
752
|
+
2. Verify the complete end-to-end flow:
|
|
753
|
+
- UI elements (form, buttons, labels, icons) — check Screen Inventory + screen files
|
|
754
|
+
- Navigation (from where, to where) — check Navigation Flow Map
|
|
755
|
+
- API calls (which endpoint, payload, response mapping) — check API Inventory
|
|
756
|
+
- Business rules (eligibility, conditions) — check Business Logic Inventory
|
|
757
|
+
- Validation (every field mentioned) — check Validation Inventory
|
|
758
|
+
- Calculations (any formula mentioned) — check Calculation Inventory
|
|
759
|
+
- Error handling (what happens on failure) — read error handling in files
|
|
760
|
+
- Loading states — check screen files for loading indicators
|
|
761
|
+
- Empty states — check screen files for empty state components
|
|
762
|
+
- Retry behavior — check error handling, retry logic
|
|
763
|
+
- Offline handling — check network error handling
|
|
764
|
+
- Localization — check string resources / i18n files
|
|
765
|
+
- Accessibility — check accessibility labels, screen readers
|
|
766
|
+
|
|
767
|
+
For each Acceptance Criterion (AC):
|
|
768
|
+
- Verify individually
|
|
769
|
+
- Assign status: `SATISFIED` | `PARTIALLY_SATISFIED` | `NOT_SATISFIED` | `NOT_VERIFIABLE`
|
|
770
|
+
- Record evidence
|
|
771
|
+
|
|
772
|
+
Output: **User Story Compliance Matrix**.
|
|
773
|
+
|
|
774
|
+
---
|
|
775
|
+
|
|
776
|
+
### Pass 10 — Test Case Comparison
|
|
777
|
+
|
|
778
|
+
**Goal**: For every test case, logically execute it against the implementation.
|
|
779
|
+
|
|
780
|
+
Do NOT check if a test file exists. Instead, determine if the actual implementation can satisfy the test case.
|
|
781
|
+
|
|
782
|
+
For each Test Case:
|
|
783
|
+
|
|
784
|
+
1. Read the test steps and expected result
|
|
785
|
+
2. Trace through the actual implementation:
|
|
786
|
+
- Step 1 of TC → Which screen does this map to? Does it exist?
|
|
787
|
+
- Step 2 of TC → Which action is performed? Is it implemented?
|
|
788
|
+
- ...
|
|
789
|
+
- Expected Result → Does the implementation produce this result?
|
|
790
|
+
3. Check:
|
|
791
|
+
- Is the relevant screen implemented?
|
|
792
|
+
- Is the required API call made with the correct payload?
|
|
793
|
+
- Is the response correctly mapped?
|
|
794
|
+
- Is the expected validation message displayed with exact text?
|
|
795
|
+
- Is the expected navigation triggered?
|
|
796
|
+
- Is the expected UI state shown?
|
|
797
|
+
4. Assign test case verdict:
|
|
798
|
+
- `PASS` — implementation fully satisfies all test steps and expected result
|
|
799
|
+
- `PARTIAL_PASS` — most steps pass but one or more expected results are wrong
|
|
800
|
+
- `FAIL` — implementation cannot satisfy the test case
|
|
801
|
+
- `NOT_IMPLEMENTED` — required feature/screen/API does not exist
|
|
802
|
+
- `BLOCKED` — test case depends on another missing feature
|
|
803
|
+
- `UNKNOWN` — cannot determine due to insufficient code evidence
|
|
804
|
+
|
|
805
|
+
For FAIL, PARTIAL_PASS, and NOT_IMPLEMENTED, record:
|
|
806
|
+
- Which step fails
|
|
807
|
+
- What is missing
|
|
808
|
+
- Which file is the gap in
|
|
809
|
+
- What specific function, validation, or UI element is absent
|
|
810
|
+
|
|
811
|
+
Output: **Test Case Results Matrix**.
|
|
812
|
+
|
|
813
|
+
---
|
|
814
|
+
|
|
815
|
+
### Pass 11 — Cross-Validation
|
|
816
|
+
|
|
817
|
+
**Goal**: Identify inconsistencies and gaps across all previous passes.
|
|
818
|
+
|
|
819
|
+
Perform the following cross-checks:
|
|
820
|
+
|
|
821
|
+
**11A — Validation Message Audit**
|
|
822
|
+
For every validation message found in the Validation Inventory:
|
|
823
|
+
- Compare exact message text against BRD requirements
|
|
824
|
+
- Compare against User Story acceptance criteria
|
|
825
|
+
- Compare against Test Case expected results
|
|
826
|
+
- Flag any mismatch, even minor (e.g., "Mobile required" vs "Please enter mobile number")
|
|
827
|
+
|
|
828
|
+
**11B — API Contract Audit**
|
|
829
|
+
For every API in the API Inventory:
|
|
830
|
+
- Compare endpoint, method, payload against BRD / API documentation if provided
|
|
831
|
+
- Verify response mapping against model definitions
|
|
832
|
+
- Check that every required API mentioned in BRD / User Stories is present
|
|
833
|
+
- Flag extra APIs not mentioned in requirements
|
|
834
|
+
|
|
835
|
+
**11C — UI Label Audit**
|
|
836
|
+
For every screen in the Screen Inventory:
|
|
837
|
+
- Extract all visible text labels, button text, placeholder text, error messages
|
|
838
|
+
- Compare against BRD / User Stories where specific text is prescribed
|
|
839
|
+
- Flag mismatches
|
|
840
|
+
|
|
841
|
+
**11D — Navigation Flow Audit**
|
|
842
|
+
- Compare Navigation Flow Map against required flows in BRD / User Stories
|
|
843
|
+
- Flag missing flows
|
|
844
|
+
- Flag extra flows not requested
|
|
845
|
+
|
|
846
|
+
**11E — Extra Implementation Detection**
|
|
847
|
+
Using all inventories, identify:
|
|
848
|
+
- Screens that exist but are not mentioned in any requirement
|
|
849
|
+
- APIs called that are not referenced in any requirement
|
|
850
|
+
- Business logic / calculations not traced to any requirement
|
|
851
|
+
- Validations not mentioned in any requirement
|
|
852
|
+
- Navigation flows not mentioned in any requirement
|
|
853
|
+
|
|
854
|
+
**11F — Orphan Analysis**
|
|
855
|
+
- BRD requirements with no User Story or Test Case coverage → flag as orphan
|
|
856
|
+
- User Stories with no BRD traceability → flag as orphan
|
|
857
|
+
- Test Cases with no User Story or BRD traceability → flag as orphan
|
|
858
|
+
- Implemented features with no requirement traceability → flag as extra
|
|
859
|
+
|
|
860
|
+
**11G — Localization Audit**
|
|
861
|
+
- Read the primary locale file (en.json / en.strings / Localizable.strings / app_en.arb)
|
|
862
|
+
- Read all other locale files (fr.json, es.json, ar.json, etc.)
|
|
863
|
+
- For each key in the primary locale, verify it exists in all other locale files
|
|
864
|
+
- Flag missing translation keys (primary key absent from another locale)
|
|
865
|
+
- Also compare required string keys from BRD against the primary locale file
|
|
866
|
+
- Flag BRD-required strings that are absent from ALL locale files
|
|
867
|
+
- Add findings to File 06 §Localization Coverage table
|
|
868
|
+
|
|
869
|
+
**11H — Self-Verification Protocol** (mandatory before Pass 12)
|
|
870
|
+
Before generating any report:
|
|
871
|
+
1. Randomly select 3 IMPLEMENTED findings and 2 INCORRECT findings from the BRD Compliance Matrix
|
|
872
|
+
2. For each selected finding, re-open the cited file at the cited function
|
|
873
|
+
3. Confirm: (a) the file path exists, (b) the function/component exists, (c) the described behavior
|
|
874
|
+
matches what the code actually does
|
|
875
|
+
4. If any verification fails: downgrade the status to NOT_VERIFIED (citing "Self-verification failed:
|
|
876
|
+
{reason}") and extend the verification check to ALL findings in that category
|
|
877
|
+
5. Record self-verification results: "{N} of 5 spot-checks CONFIRMED, {M} REVISED"
|
|
878
|
+
|
|
879
|
+
Output: **Cross-Validation Findings** + **Self-Verification Summary**.
|
|
880
|
+
|
|
881
|
+
---
|
|
882
|
+
|
|
883
|
+
### Pass 12 — Report Generation
|
|
884
|
+
|
|
885
|
+
**Goal**: Generate all 15 output files.
|
|
886
|
+
|
|
887
|
+
Load `assets/output-file-contracts.md` before generating any file.
|
|
888
|
+
Follow each file's content contract exactly.
|
|
889
|
+
**Generate files in this sequence** (see §Generation Order in output-file-contracts.md for rationale):
|
|
890
|
+
|
|
891
|
+
**Phase 1** — Detail files (any order within this phase):
|
|
892
|
+
Files 02, 03, 04, 05, 06, 07, 08, 09, 10, 11
|
|
893
|
+
|
|
894
|
+
**Phase 2** — Extra implementation:
|
|
895
|
+
File 12
|
|
896
|
+
|
|
897
|
+
**Phase 3** — Scorecard (aggregates all Phase 1 + Phase 2 scores):
|
|
898
|
+
File 13
|
|
899
|
+
|
|
900
|
+
**Phase 4** — Executive Summary (derived from File 13 scorecard — MUST be after File 13):
|
|
901
|
+
File 01
|
|
902
|
+
|
|
903
|
+
**Phase 5** — Recommendations and Security:
|
|
904
|
+
Files 14 and 15
|
|
905
|
+
|
|
906
|
+
Do NOT generate File 01 first. File 01 requires the weighted score from File 13.
|
|
907
|
+
Do NOT skip any file. Do NOT leave placeholder text (`[...]`, `TODO`, `N/A`) in any file
|
|
908
|
+
unless explicitly allowed by the contract.
|
|
909
|
+
|
|
910
|
+
---
|
|
911
|
+
|
|
912
|
+
## Status Definitions
|
|
913
|
+
|
|
914
|
+
Load `assets/status-definitions.md` before Pass 8. This is the ONLY authoritative source for all
|
|
915
|
+
status definitions, confidence levels, message match statuses, CONFLICTED, and SCOPED_OUT.
|
|
916
|
+
Do not rely on the brief descriptions in this file — they are for orientation only.
|
|
917
|
+
|
|
918
|
+
The status taxonomy covers: IMPLEMENTED, PARTIALLY_IMPLEMENTED, MISSING, INCORRECT, EXTRA,
|
|
919
|
+
NOT_VERIFIED, CONFLICTED, SCOPED_OUT (BRD requirements); PASS, PARTIAL_PASS, FAIL,
|
|
920
|
+
NOT_IMPLEMENTED, BLOCKED, UNKNOWN (Test Cases); SATISFIED, PARTIALLY_SATISFIED, NOT_SATISFIED,
|
|
921
|
+
NOT_VERIFIABLE (Acceptance Criteria).
|
|
922
|
+
|
|
923
|
+
---
|
|
924
|
+
|
|
925
|
+
## Coverage Calculation
|
|
926
|
+
|
|
927
|
+
Load `assets/coverage-calculation-rules.md` for the complete authoritative formula set.
|
|
928
|
+
`coverage-calculation-rules.md` is the single source of truth for:
|
|
929
|
+
- Dimension weight percentages (including Q9 project type preset adjustments)
|
|
930
|
+
- Zero-denominator guards and weight redistribution
|
|
931
|
+
- Grade scale (A+/A/A-/B+/B/B-/C+/C/C-/D/F)
|
|
932
|
+
- Risk band definitions
|
|
933
|
+
|
|
934
|
+
Coverage is NEVER based on file existence. Coverage is based on verified implementation.
|
|
935
|
+
|
|
936
|
+
Key formula (from coverage-calculation-rules.md — use the file for exact weights):
|
|
937
|
+
```
|
|
938
|
+
TC Fail % = (FAIL + NOT_IMPLEMENTED + BLOCKED-with-no-BRD-link) / (Total TCs − BLOCKED-linked-to-MISSING) × 100
|
|
939
|
+
Note: BLOCKED tests that are blocked by a MISSING BRD requirement already counted as MISSING
|
|
940
|
+
are excluded from both numerator and denominator to avoid double-penalizing the same gap.
|
|
941
|
+
|
|
942
|
+
SCOPED_OUT items are excluded from ALL denominators — they do not affect any coverage score.
|
|
943
|
+
CONFLICTED items score 0% until resolved.
|
|
944
|
+
```
|
|
945
|
+
|
|
946
|
+
Overall Compliance Score = weighted sum of all dimension scores (use weights from coverage-calculation-rules.md).
|
|
947
|
+
If Q9 was set to a non-default project type, apply the matching weight preset from that file.
|
|
948
|
+
|
|
949
|
+
---
|
|
950
|
+
|
|
951
|
+
## Output Files
|
|
952
|
+
|
|
953
|
+
Load `assets/output-file-contracts.md` for complete content specifications.
|
|
954
|
+
|
|
955
|
+
### File 01 — 01_EXECUTIVE_SUMMARY.md
|
|
956
|
+
**Audience**: Project managers, stakeholders, QA leads
|
|
957
|
+
**Content**:
|
|
958
|
+
- Project name, audit date, auditor (Claude Code)
|
|
959
|
+
- Overall Compliance % (large, prominent)
|
|
960
|
+
- Risk Score: `CRITICAL` (0–49%) | `HIGH` (50–69%) | `MEDIUM` (70–84%) | `LOW` (85–94%) | `MINIMAL` (95–100%)
|
|
961
|
+
- Production Readiness: `NOT READY` | `NEEDS WORK` | `CONDITIONAL` | `READY`
|
|
962
|
+
- Quality Score (weighted composite)
|
|
963
|
+
- Coverage summary table (all dimensions in one table)
|
|
964
|
+
- Top 5 critical missing features (with BRD IDs)
|
|
965
|
+
- Top 5 critical test case failures (with TC IDs)
|
|
966
|
+
- Key risks (3–5 bullets)
|
|
967
|
+
- Immediate action items (3–5 bullets)
|
|
968
|
+
|
|
969
|
+
### File 02 — 02_BRD_COMPLIANCE.md
|
|
970
|
+
**Audience**: Business analysts, product managers
|
|
971
|
+
**Content**:
|
|
972
|
+
- BRD compliance summary table (counts by status)
|
|
973
|
+
- BRD coverage pie chart (ASCII bar chart by status)
|
|
974
|
+
- Detailed requirement table — for every BRD requirement:
|
|
975
|
+
|
|
976
|
+
| Column | Content |
|
|
977
|
+
|---|---|
|
|
978
|
+
| BRD-ID | Requirement identifier |
|
|
979
|
+
| Category | Requirement type |
|
|
980
|
+
| Priority | Business priority |
|
|
981
|
+
| Requirement | Requirement text |
|
|
982
|
+
| Status | Implementation status |
|
|
983
|
+
| Coverage % | Partial coverage percentage if PARTIALLY_IMPLEMENTED |
|
|
984
|
+
| Evidence | File paths and function names |
|
|
985
|
+
| Issues | What is missing or incorrect |
|
|
986
|
+
| Recommendation | What needs to be done |
|
|
987
|
+
|
|
988
|
+
- Group by Category (UI, API, Validation, Business Logic, Navigation, etc.)
|
|
989
|
+
- Color-code: use markdown bold for MISSING, italics for PARTIAL
|
|
990
|
+
|
|
991
|
+
### File 03 — 03_USER_STORY_COMPLIANCE.md
|
|
992
|
+
**Audience**: Product owners, QA leads
|
|
993
|
+
**Content**:
|
|
994
|
+
- User story compliance summary
|
|
995
|
+
- For each user story:
|
|
996
|
+
- Story ID, Role, Goal, Business Value
|
|
997
|
+
- Overall story status
|
|
998
|
+
- Acceptance criteria table: AC-ID | Criterion Text | Status | Evidence | Issues
|
|
999
|
+
- Business flow verified: Yes/Partial/No
|
|
1000
|
+
- Missing elements list
|
|
1001
|
+
- Recommendation
|
|
1002
|
+
- Group by feature/epic if detectable from story structure
|
|
1003
|
+
|
|
1004
|
+
### File 04 — 04_TEST_CASE_COMPLIANCE.md
|
|
1005
|
+
**Audience**: QA engineers, test managers
|
|
1006
|
+
**Content**:
|
|
1007
|
+
- Test case summary (total, PASS, PARTIAL_PASS, FAIL, NOT_IMPLEMENTED, BLOCKED, UNKNOWN counts)
|
|
1008
|
+
- Pass rate as ASCII bar chart
|
|
1009
|
+
- For every test case:
|
|
1010
|
+
|
|
1011
|
+
| Column | Content |
|
|
1012
|
+
|---|---|
|
|
1013
|
+
| TC-ID | Test case identifier |
|
|
1014
|
+
| Scenario | Test scenario name |
|
|
1015
|
+
| Type | Test type |
|
|
1016
|
+
| Related Story | US-ID |
|
|
1017
|
+
| Related BRD | BRD-ID |
|
|
1018
|
+
| Status | Verdict |
|
|
1019
|
+
| Expected Result | From test case |
|
|
1020
|
+
| Actual Implementation | What the code actually does |
|
|
1021
|
+
| Evidence | File paths |
|
|
1022
|
+
| Reason for Failure | If FAIL/PARTIAL_PASS |
|
|
1023
|
+
| Recommendation | What must be fixed |
|
|
1024
|
+
|
|
1025
|
+
- Group by: FAIL first, then PARTIAL_PASS, then NOT_IMPLEMENTED, then BLOCKED, then PASS
|
|
1026
|
+
|
|
1027
|
+
### File 05 — 05_VALIDATION_ANALYSIS.md
|
|
1028
|
+
**Audience**: Developers, QA
|
|
1029
|
+
**Content**:
|
|
1030
|
+
- Validation coverage summary
|
|
1031
|
+
- For every required validation (from BRD/Stories):
|
|
1032
|
+
- Field name
|
|
1033
|
+
- Required rule (from BRD)
|
|
1034
|
+
- Implemented rule (from code, exact regex or condition)
|
|
1035
|
+
- Required message (from BRD, exact text)
|
|
1036
|
+
- Implemented message (from code, exact string)
|
|
1037
|
+
- Message match: `EXACT` | `SIMILAR` | `MISMATCH` | `MISSING`
|
|
1038
|
+
- Status
|
|
1039
|
+
- File path
|
|
1040
|
+
- Validation Message Mismatch Table (all mismatches in one table)
|
|
1041
|
+
- Missing validations list
|
|
1042
|
+
- Extra validations list (implemented but not required)
|
|
1043
|
+
- Server-side validation coverage
|
|
1044
|
+
- Validation timing issues (required onChange but implemented onSubmit only)
|
|
1045
|
+
|
|
1046
|
+
### File 06 — 06_UI_ANALYSIS.md
|
|
1047
|
+
**Audience**: UI developers, QA
|
|
1048
|
+
**Content**:
|
|
1049
|
+
- UI coverage summary
|
|
1050
|
+
- For each required screen:
|
|
1051
|
+
- Screen name
|
|
1052
|
+
- Implemented: Yes/No
|
|
1053
|
+
- File path
|
|
1054
|
+
- Required UI elements vs implemented (table: element, required, implemented, status)
|
|
1055
|
+
- Label/text mismatches (required text vs implemented text)
|
|
1056
|
+
- Missing elements
|
|
1057
|
+
- Extra elements
|
|
1058
|
+
- Conditional UI analysis (conditions that control element visibility)
|
|
1059
|
+
- Loading state: implemented Yes/No
|
|
1060
|
+
- Empty state: implemented Yes/No
|
|
1061
|
+
- Error state: implemented Yes/No
|
|
1062
|
+
- Missing screens list
|
|
1063
|
+
- Extra screens list (no requirement reference)
|
|
1064
|
+
|
|
1065
|
+
### File 07 — 07_API_ANALYSIS.md
|
|
1066
|
+
**Audience**: Backend developers, QA
|
|
1067
|
+
**Content**:
|
|
1068
|
+
- API coverage summary
|
|
1069
|
+
- For each required API (from BRD/Stories):
|
|
1070
|
+
- Requirement reference (BRD-ID or US-ID)
|
|
1071
|
+
- Required: method, endpoint, payload, response
|
|
1072
|
+
- Implemented: method, endpoint (from API Inventory)
|
|
1073
|
+
- Endpoint match: Yes/No
|
|
1074
|
+
- Method match: Yes/No
|
|
1075
|
+
- Authentication: required/implemented
|
|
1076
|
+
- Error handling: required/implemented
|
|
1077
|
+
- Retry: required/implemented
|
|
1078
|
+
- Status
|
|
1079
|
+
- File path
|
|
1080
|
+
- API not in requirements (extra APIs)
|
|
1081
|
+
- APIs in requirements but not implemented (missing APIs)
|
|
1082
|
+
- Response mapping issues
|
|
1083
|
+
- Authentication gaps
|
|
1084
|
+
|
|
1085
|
+
### File 08 — 08_BUSINESS_LOGIC_ANALYSIS.md
|
|
1086
|
+
**Audience**: Developers, business analysts
|
|
1087
|
+
**Content**:
|
|
1088
|
+
- Business logic coverage summary
|
|
1089
|
+
- For each required business rule (from BRD/Stories):
|
|
1090
|
+
- BRD-ID / US-ID reference
|
|
1091
|
+
- Business rule description
|
|
1092
|
+
- Rule type (condition, calculation, threshold, eligibility, state machine)
|
|
1093
|
+
- Implementation status
|
|
1094
|
+
- Evidence: file path, function name, code excerpt
|
|
1095
|
+
- Issues (if PARTIAL or INCORRECT)
|
|
1096
|
+
- Recommendation
|
|
1097
|
+
- Calculation verification:
|
|
1098
|
+
- For each required calculation: formula, implemented formula (from code), match status, worked example
|
|
1099
|
+
- Missing business rules
|
|
1100
|
+
- Extra business logic (not in requirements)
|
|
1101
|
+
- Decision tree coverage
|
|
1102
|
+
|
|
1103
|
+
### File 09 — 09_NAVIGATION_ANALYSIS.md
|
|
1104
|
+
**Audience**: Developers, QA
|
|
1105
|
+
**Content**:
|
|
1106
|
+
- Navigation coverage summary
|
|
1107
|
+
- Required navigation flows vs implemented flows (table)
|
|
1108
|
+
- For each required flow:
|
|
1109
|
+
- Flow ID (from BRD / User Story)
|
|
1110
|
+
- From screen → To screen
|
|
1111
|
+
- Trigger condition
|
|
1112
|
+
- Parameters
|
|
1113
|
+
- Implemented: Yes/No
|
|
1114
|
+
- File path
|
|
1115
|
+
- Status
|
|
1116
|
+
- Missing navigation flows
|
|
1117
|
+
- Extra navigation (not in requirements)
|
|
1118
|
+
- Back navigation analysis
|
|
1119
|
+
- Deep link analysis (if required)
|
|
1120
|
+
- Auth guard on navigation: required vs implemented
|
|
1121
|
+
|
|
1122
|
+
### File 10 — 10_TRACEABILITY_MATRIX.md
|
|
1123
|
+
**Audience**: Project managers, QA, auditors
|
|
1124
|
+
**Content**:
|
|
1125
|
+
Complete horizontal traceability table:
|
|
1126
|
+
|
|
1127
|
+
| BRD-ID | BRD Requirement | Story-ID | Story Title | AC-IDs | TC-IDs | Implementation Files | Status |
|
|
1128
|
+
|---|---|---|---|---|---|---|---|
|
|
1129
|
+
|
|
1130
|
+
- One row per BRD requirement
|
|
1131
|
+
- Orphan analysis section: BRD requirements with no story/TC, stories with no BRD, TCs with no story/BRD
|
|
1132
|
+
- Implementation gap analysis
|
|
1133
|
+
- Full traceability score (% of items with complete chain)
|
|
1134
|
+
|
|
1135
|
+
### File 11 — 11_MISSING_FEATURES.md
|
|
1136
|
+
**Audience**: Developers, project managers
|
|
1137
|
+
**Content**:
|
|
1138
|
+
- Total missing features count
|
|
1139
|
+
- Grouped by priority: Critical, High, Medium, Low
|
|
1140
|
+
- For each missing feature:
|
|
1141
|
+
- BRD-ID / US-ID
|
|
1142
|
+
- Feature description
|
|
1143
|
+
- Priority
|
|
1144
|
+
- Impact assessment (what breaks without this)
|
|
1145
|
+
- Effort estimate: High/Medium/Low (based on complexity)
|
|
1146
|
+
- Dependencies (what other features depend on this)
|
|
1147
|
+
- Recommendation
|
|
1148
|
+
- Missing API endpoints
|
|
1149
|
+
- Missing screens
|
|
1150
|
+
- Missing validations
|
|
1151
|
+
- Missing business rules
|
|
1152
|
+
- Missing navigation flows
|
|
1153
|
+
- Missing calculations
|
|
1154
|
+
|
|
1155
|
+
### File 12 — 12_EXTRA_IMPLEMENTATION.md
|
|
1156
|
+
**Audience**: Project managers, architects
|
|
1157
|
+
**Content**:
|
|
1158
|
+
- Total extra implementation items found
|
|
1159
|
+
- For each extra item:
|
|
1160
|
+
- Item type: Screen | API | Business Logic | Validation | Navigation | Calculation
|
|
1161
|
+
- Description
|
|
1162
|
+
- File path
|
|
1163
|
+
- Assessment: Intentional (known extension) | Leftover (orphaned code) | Speculative (premature feature)
|
|
1164
|
+
- Recommendation: Keep | Remove | Document as requirement | Defer
|
|
1165
|
+
- Risk assessment of extra implementation
|
|
1166
|
+
- Dead code analysis
|
|
1167
|
+
|
|
1168
|
+
### File 13 — 13_COMPLIANCE_SCORECARD.md
|
|
1169
|
+
**Audience**: All stakeholders
|
|
1170
|
+
**Content**:
|
|
1171
|
+
- Visual scorecard (ASCII tables with scores)
|
|
1172
|
+
- Dimension scores:
|
|
1173
|
+
|
|
1174
|
+
| Dimension | Score | Status |
|
|
1175
|
+
|---|---|---|
|
|
1176
|
+
| BRD Compliance | XX% | ✓ / ✗ |
|
|
1177
|
+
| User Story Fulfillment | XX% | |
|
|
1178
|
+
| Acceptance Criteria | XX% | |
|
|
1179
|
+
| Test Case Pass Rate | XX% | |
|
|
1180
|
+
| Validation Coverage | XX% | |
|
|
1181
|
+
| API Coverage | XX% | |
|
|
1182
|
+
| UI Coverage | XX% | |
|
|
1183
|
+
| Business Logic Coverage | XX% | |
|
|
1184
|
+
| Navigation Coverage | XX% | |
|
|
1185
|
+
| **Overall Compliance** | **XX%** | |
|
|
1186
|
+
|
|
1187
|
+
- ASCII bar charts for each dimension
|
|
1188
|
+
- Benchmark comparisons:
|
|
1189
|
+
- Production ready: ≥ 90%
|
|
1190
|
+
- Acceptable for beta: ≥ 75%
|
|
1191
|
+
- Needs significant work: < 75%
|
|
1192
|
+
- Not shippable: < 50%
|
|
1193
|
+
- Trend indicators (if prior audit data available)
|
|
1194
|
+
- Quality gates status
|
|
1195
|
+
|
|
1196
|
+
### File 14 — 14_FINAL_RECOMMENDATIONS.md
|
|
1197
|
+
**Audience**: All stakeholders, developers
|
|
1198
|
+
**Content**:
|
|
1199
|
+
- Executive decision: SHIP / CONDITIONAL SHIP / DO NOT SHIP
|
|
1200
|
+
- Rationale
|
|
1201
|
+
- Prioritized action plan — ordered list of what to fix:
|
|
1202
|
+
- Priority 1 (Blockers): must fix before any release
|
|
1203
|
+
- Priority 2 (Critical): fix before production release
|
|
1204
|
+
- Priority 3 (Important): fix before stable release
|
|
1205
|
+
- Priority 4 (Nice to have): can defer
|
|
1206
|
+
- Sprint plan suggestion: T-shirt size groupings (XL/L/M/S) — see output-file-contracts.md §File 14
|
|
1207
|
+
- Risk register (identified risks with likelihood and impact)
|
|
1208
|
+
- Technical debt items identified during audit
|
|
1209
|
+
- Process recommendations (what went wrong in requirements to implementation handoff)
|
|
1210
|
+
- Team recommendations (areas needing knowledge transfer or additional QA)
|
|
1211
|
+
|
|
1212
|
+
### File 15 — 15_SECURITY_ANALYSIS.md
|
|
1213
|
+
**Audience**: Security engineers, compliance teams, all stakeholders
|
|
1214
|
+
**Content**:
|
|
1215
|
+
- Security findings summary (CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL)
|
|
1216
|
+
- Encryption compliance (algorithm, key management, data at rest and in transit)
|
|
1217
|
+
- Token and session security (storage, expiry, refresh, revocation)
|
|
1218
|
+
- PIN / password security (lockout, complexity, change flow, biometric)
|
|
1219
|
+
- Error message safety (stack trace exposure, internal path leakage)
|
|
1220
|
+
- SSL / certificate pinning status
|
|
1221
|
+
- Sensitive data logging scan results
|
|
1222
|
+
- Missing security requirements (required but not implemented)
|
|
1223
|
+
- Security recommendations (ordered by severity)
|
|
1224
|
+
See `assets/output-file-contracts.md` §File 15 for full contract.
|
|
1225
|
+
|
|
1226
|
+
---
|
|
1227
|
+
|
|
1228
|
+
## §Extensibility Guide
|
|
1229
|
+
|
|
1230
|
+
### Adding a New Platform
|
|
1231
|
+
|
|
1232
|
+
To add support for a new platform (e.g., Python/Django), touch these 4 files:
|
|
1233
|
+
|
|
1234
|
+
1. **detect-platform.ps1** — Add a new detection block that checks for the platform's marker file
|
|
1235
|
+
(e.g., `requirements.txt` containing `django`). Set `$result.platform = "Django"`.
|
|
1236
|
+
|
|
1237
|
+
2. **scan-repository.ps1** — Add the new platform to the `[ValidateSet]` on the `$Platform` param.
|
|
1238
|
+
Add file extensions to the `$extensions` switch block. Add backend category rules to
|
|
1239
|
+
`Get-FileCategory` for the platform's file patterns.
|
|
1240
|
+
|
|
1241
|
+
3. **SKILL.md §Step 1 routing table** — Add a row: `| Django | references/django-patterns.md |`
|
|
1242
|
+
|
|
1243
|
+
4. **references/django-patterns.md** (new file) — Create following the same structure as
|
|
1244
|
+
`backend-patterns.md`. Add "## Django — read this section only if Platform=Django" header.
|
|
1245
|
+
|
|
1246
|
+
### Adding a New Output File
|
|
1247
|
+
|
|
1248
|
+
1. **assets/output-file-contracts.md** — Add a new §File NN section with full content contract.
|
|
1249
|
+
2. **SKILL.md §Output Files** — Add a description of the new file.
|
|
1250
|
+
3. **SKILL.md §Pass 12** — Add the file to the appropriate generation phase.
|
|
1251
|
+
4. **SKILL.md Completion Report** — Add `[NN] NN_FILENAME.md` to the Files Generated list.
|
|
1252
|
+
|
|
1253
|
+
### Adding a New Requirement Type
|
|
1254
|
+
|
|
1255
|
+
1. **SKILL.md §Pass 8 Step 2** — Add a routing rule: `{Type} requirement → Search {Inventory}`.
|
|
1256
|
+
2. **assets/multi-strategy-search.md §Minimum Strategies** — Add the new type and its minimum
|
|
1257
|
+
required strategies.
|
|
1258
|
+
|
|
1259
|
+
---
|
|
1260
|
+
|
|
1261
|
+
## Strict Rules (MUST follow every rule)
|
|
1262
|
+
|
|
1263
|
+
1. **Never guess.** If you cannot find evidence in the source code, the status is `MISSING` or `NOT_VERIFIED`, never `IMPLEMENTED`.
|
|
1264
|
+
2. **Never hallucinate.** Do not invent file paths, function names, or code behavior. Only cite files you have read.
|
|
1265
|
+
3. **Never mark as implemented without evidence.** A requirement is not implemented until you have read the actual code that implements it.
|
|
1266
|
+
4. **Every finding must cite.** Every IMPLEMENTED, PARTIAL, or INCORRECT status must include: file path, function/class name (if applicable), and a brief description of what was found.
|
|
1267
|
+
5. **Never skip a requirement.** Every single BRD requirement, User Story, Acceptance Criterion, and Test Case must appear in the reports with a status.
|
|
1268
|
+
6. **Perform all 12 passes.** Do not combine passes. Do not skip passes. Each pass builds on the previous.
|
|
1269
|
+
7. **Read files, do not assume.** Use the Glob tool to find files and the Read/Grep tools to read them. Do not assume what a file contains based on its name alone.
|
|
1270
|
+
8. **Read EVERY source file — no exceptions.** The Master File List from Step 3B is a read obligation. Every file in every category (except Assets) must be opened and read at least once. A file that has not been opened cannot be claimed as searched.
|
|
1271
|
+
9. **Components are not optional.** Reusable UI components must be read. They contain text labels, placeholders, error messages, conditional rendering, and inline validation that screens delegate to them. A compliance check that only reads screens will miss component-level requirements.
|
|
1272
|
+
10. **Hooks are not optional.** Custom hooks contain business logic, validation, API calls, and state management. Every hook must be read and its logic catalogued.
|
|
1273
|
+
11. **Core and security files are not optional.** Interceptors, middleware, encryption modules, session managers, and auth wrappers implement critical cross-cutting requirements. Read them all.
|
|
1274
|
+
12. **Follow import chains.** When a screen imports a component, a component imports a hook, or a hook imports a service — that is an implementation chain. Follow it one level deep for every requirement being verified.
|
|
1275
|
+
13. **Constants define requirements.** Constant files (min/max values, regex patterns, timeout durations, retry counts) encode business rules. Every constant file must be read and its values compared against BRD requirements.
|
|
1276
|
+
14. **Validation messages must be exact.** When comparing validation messages, compare character-by-character. "Mobile number is required" and "Mobile number required" are a mismatch. Resolve string keys using the String Map built in Pass 1.
|
|
1277
|
+
15. **Resolve string resources.** If an error message is stored in a strings file (strings.xml, en.json, Localizable.strings), read that file and resolve the actual string before comparing.
|
|
1278
|
+
16. **Extra features are not failures.** Extra implementation is not a defect but must be reported separately in File 12.
|
|
1279
|
+
17. **Confidence must be honest.** Do not assign HIGH confidence unless you have directly read the implementing code. Do not assign LOW confidence speculatively — LOW means you found something suggestive but not conclusive.
|
|
1280
|
+
18. **Generate all 15 files.** Do not omit any output file, even if a section has nothing to report (report "None found"). File 15 (Security Analysis) is always generated regardless of platform.
|
|
1281
|
+
19. **No placeholder text in output files.** Every table cell, every finding, every recommendation must be filled. No `[TODO]`, `[TBD]`, or `[N/A]` unless the contract explicitly allows it.
|
|
1282
|
+
20. **Use all six search strategies.** Before marking any requirement as `MISSING`, follow the complete protocol in `assets/multi-strategy-search.md`. All six strategies must be exhausted (or confirmed inapplicable). Record evidence from each strategy. Two searches is never sufficient.
|
|
1283
|
+
21. **Search in components AND screens.** When a requirement mentions a UI element (button, field, label), search both Screen files AND Component files. The element may be in a shared component used by the screen.
|
|
1284
|
+
22. **Prioritize correctness over speed.** This audit takes precedence over response time. Scan thoroughly.
|
|
1285
|
+
23. **Framework agnostic.** Apply the platform reference loaded in Step 1. Do not impose assumptions from one framework onto another.
|
|
1286
|
+
24. **Report format must be professional.** Use proper markdown: headers, tables, bold for status, code blocks for code excerpts. The reports are read by non-technical stakeholders and developers alike.
|
|
1287
|
+
25. **No emojis in output files.** Use plain text status indicators and markdown formatting only.
|
|
1288
|
+
26. **Scores must be calculated, not estimated.** Every coverage percentage must be computed from actual counts. Show the calculation.
|
|
1289
|
+
27. **Output folder must be created at project root** unless the user specifies otherwise.
|
|
1290
|
+
28. **Report files read in completion summary.** The final completion report must include `Files read: {N}` — the total count of files actually opened during the audit. This number must match or exceed the non-asset, non-generated file count from the Master File List.
|
|
1291
|
+
29. **Unread files = coverage gap.** If a file category was not fully read, every requirement that could be implemented in that category must be marked `NOT_VERIFIED`, not `MISSING` or `IMPLEMENTED`. Partial scanning produces unreliable results.
|
|
1292
|
+
|
|
1293
|
+
---
|
|
1294
|
+
|
|
1295
|
+
## Completion Report
|
|
1296
|
+
|
|
1297
|
+
After generating all 15 files, print:
|
|
1298
|
+
|
|
1299
|
+
```
|
|
1300
|
+
AUDIT COMPLETE
|
|
1301
|
+
==============
|
|
1302
|
+
Skill Version: 3.0.0
|
|
1303
|
+
Project: {project name}
|
|
1304
|
+
Platform: {detected platform}
|
|
1305
|
+
Output Folder: {Q5}/
|
|
1306
|
+
Delta Mode: {Yes — compared against {Q10} | No}
|
|
1307
|
+
|
|
1308
|
+
Input Documents:
|
|
1309
|
+
BRD: {Q1} — {N} requirements parsed ({SCOPED_OUT} scoped out, {CONFLICTED} conflicts)
|
|
1310
|
+
User Stories: {Q2} — {M} stories, {K} acceptance criteria
|
|
1311
|
+
Test Cases: {Q3} — {P} test cases
|
|
1312
|
+
|
|
1313
|
+
Repository Scan Coverage:
|
|
1314
|
+
Total source files in project: {N}
|
|
1315
|
+
Files read during audit: {N}
|
|
1316
|
+
Coverage by category:
|
|
1317
|
+
Screens: {read}/{total}
|
|
1318
|
+
Components: {read}/{total}
|
|
1319
|
+
Hooks: {read}/{total}
|
|
1320
|
+
APILayer: {read}/{total}
|
|
1321
|
+
StateManagement: {read}/{total}
|
|
1322
|
+
Navigation: {read}/{total}
|
|
1323
|
+
BusinessLogic: {read}/{total}
|
|
1324
|
+
Validation: {read}/{total}
|
|
1325
|
+
Models: {read}/{total}
|
|
1326
|
+
Core/Security: {read}/{total}
|
|
1327
|
+
Constants: {read}/{total}
|
|
1328
|
+
Utilities: {read}/{total}
|
|
1329
|
+
Localization: {read}/{total}
|
|
1330
|
+
Other: {read}/{total}
|
|
1331
|
+
Files NOT read (if any): {list unread files or "None — 100% coverage"}
|
|
1332
|
+
|
|
1333
|
+
Self-Verification Results: {N} of 5 spot-checks CONFIRMED | {M} REVISED
|
|
1334
|
+
|
|
1335
|
+
Files Generated (in generation order):
|
|
1336
|
+
[02] 02_BRD_COMPLIANCE.md — Status: COMPLETE | PARTIAL
|
|
1337
|
+
[03] 03_USER_STORY_COMPLIANCE.md — Status: COMPLETE | PARTIAL
|
|
1338
|
+
[04] 04_TEST_CASE_COMPLIANCE.md — Status: COMPLETE | PARTIAL
|
|
1339
|
+
[05] 05_VALIDATION_ANALYSIS.md — Status: COMPLETE | PARTIAL
|
|
1340
|
+
[06] 06_UI_ANALYSIS.md — Status: COMPLETE | PARTIAL
|
|
1341
|
+
[07] 07_API_ANALYSIS.md — Status: COMPLETE | PARTIAL
|
|
1342
|
+
[08] 08_BUSINESS_LOGIC_ANALYSIS.md — Status: COMPLETE | PARTIAL
|
|
1343
|
+
[09] 09_NAVIGATION_ANALYSIS.md — Status: COMPLETE | PARTIAL
|
|
1344
|
+
[10] 10_TRACEABILITY_MATRIX.md — Status: COMPLETE | PARTIAL
|
|
1345
|
+
[11] 11_MISSING_FEATURES.md — Status: COMPLETE | PARTIAL
|
|
1346
|
+
[12] 12_EXTRA_IMPLEMENTATION.md — Status: COMPLETE | PARTIAL
|
|
1347
|
+
[13] 13_COMPLIANCE_SCORECARD.md — Status: COMPLETE | PARTIAL
|
|
1348
|
+
[01] 01_EXECUTIVE_SUMMARY.md — Status: COMPLETE | PARTIAL
|
|
1349
|
+
[14] 14_FINAL_RECOMMENDATIONS.md — Status: COMPLETE | PARTIAL
|
|
1350
|
+
[15] 15_SECURITY_ANALYSIS.md — Status: COMPLETE | PARTIAL
|
|
1351
|
+
|
|
1352
|
+
Overall Compliance Score: {X}%
|
|
1353
|
+
Risk Level: {CRITICAL | HIGH | MEDIUM | LOW | MINIMAL}
|
|
1354
|
+
Production Readiness: {NOT READY | NEEDS WORK | CONDITIONAL | READY}
|
|
1355
|
+
|
|
1356
|
+
File Read Obligation: FULFILLED ({N}/{N} files) | PARTIAL ({N}/{N} files — list gaps)
|
|
1357
|
+
Placeholder Validation: PASS (0 remaining) | FAIL (list occurrences)
|
|
1358
|
+
```
|