devendra-skill-package 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (223) hide show
  1. package/.github/skills/boiler-project-generator/SKILL.md +103 -0
  2. package/.github/skills/boiler-project-generator/assets/templates/android/README.md +3 -0
  3. package/.github/skills/boiler-project-generator/assets/templates/angular/README.md +3 -0
  4. package/.github/skills/boiler-project-generator/assets/templates/flutter/README.md +3 -0
  5. package/.github/skills/boiler-project-generator/assets/templates/ios/README.md +3 -0
  6. package/.github/skills/boiler-project-generator/assets/templates/react/README.md +3 -0
  7. package/.github/skills/boiler-project-generator/assets/templates/react-native/README.md +3 -0
  8. package/.github/skills/boiler-project-generator/assets/templates/react-native/api-setup.ts +76 -0
  9. package/.github/skills/boiler-project-generator/assets/templates/react-native/component-primary-button.tsx +29 -0
  10. package/.github/skills/boiler-project-generator/assets/templates/react-native/env-config.env +4 -0
  11. package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-auth-screen.tsx +45 -0
  12. package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-dashboard-screen.tsx +45 -0
  13. package/.github/skills/boiler-project-generator/assets/templates/react-native/feature-profile-screen.tsx +45 -0
  14. package/.github/skills/boiler-project-generator/assets/templates/react-native/hook-use-app-boot.ts +11 -0
  15. package/.github/skills/boiler-project-generator/assets/templates/react-native/navigation-setup.tsx +25 -0
  16. package/.github/skills/boiler-project-generator/assets/templates/react-native/project-structure.md +24 -0
  17. package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-hooks.ts +5 -0
  18. package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-session-slice.ts +29 -0
  19. package/.github/skills/boiler-project-generator/assets/templates/react-native/redux-store.ts +15 -0
  20. package/.github/skills/boiler-project-generator/assets/templates/react-native/theme-index.ts +23 -0
  21. package/.github/skills/boiler-project-generator/assets/templates/react-native/utils-helpers.ts +7 -0
  22. package/.github/skills/boiler-project-generator/metadata.yaml +29 -0
  23. package/.github/skills/boiler-project-generator/references/android.md +19 -0
  24. package/.github/skills/boiler-project-generator/references/angular.md +14 -0
  25. package/.github/skills/boiler-project-generator/references/flutter.md +17 -0
  26. package/.github/skills/boiler-project-generator/references/ios.md +17 -0
  27. package/.github/skills/boiler-project-generator/references/react-native.md +103 -0
  28. package/.github/skills/boiler-project-generator/references/react.md +17 -0
  29. package/.github/skills/boiler-project-generator/scripts/angular.js +43 -0
  30. package/.github/skills/boiler-project-generator/scripts/generate-project.mjs +107 -0
  31. package/.github/skills/boiler-project-generator/scripts/init.js +105 -0
  32. package/.github/skills/boiler-project-generator/scripts/react-native.js +1041 -0
  33. package/.github/skills/boiler-project-generator/scripts/react.js +32 -0
  34. package/.github/skills/clean-architecture-generator/SKILL.md +235 -0
  35. package/.github/skills/clean-architecture-generator/references/architecture-core.md +126 -0
  36. package/.github/skills/clean-architecture-generator/references/platform-angular.md +374 -0
  37. package/.github/skills/clean-architecture-generator/references/platform-flutter.md +366 -0
  38. package/.github/skills/clean-architecture-generator/references/platform-react-native.md +590 -0
  39. package/.github/skills/clean-architecture-generator/references/platform-react.md +261 -0
  40. package/.github/skills/code-test-coverage-analyzer/SKILL.md +1358 -0
  41. package/.github/skills/code-test-coverage-analyzer/assets/config-questionnaire.md +118 -0
  42. package/.github/skills/code-test-coverage-analyzer/assets/conflict-resolution-protocol.md +99 -0
  43. package/.github/skills/code-test-coverage-analyzer/assets/coverage-calculation-rules.md +294 -0
  44. package/.github/skills/code-test-coverage-analyzer/assets/multi-strategy-search.md +145 -0
  45. package/.github/skills/code-test-coverage-analyzer/assets/output-file-contracts.md +651 -0
  46. package/.github/skills/code-test-coverage-analyzer/assets/status-definitions.md +273 -0
  47. package/.github/skills/code-test-coverage-analyzer/examples/example-invocation.md +208 -0
  48. package/.github/skills/code-test-coverage-analyzer/references/android-patterns.md +229 -0
  49. package/.github/skills/code-test-coverage-analyzer/references/angular-patterns.md +177 -0
  50. package/.github/skills/code-test-coverage-analyzer/references/backend-patterns.md +383 -0
  51. package/.github/skills/code-test-coverage-analyzer/references/flutter-patterns.md +254 -0
  52. package/.github/skills/code-test-coverage-analyzer/references/ios-patterns.md +228 -0
  53. package/.github/skills/code-test-coverage-analyzer/references/react-native-patterns.md +431 -0
  54. package/.github/skills/code-test-coverage-analyzer/references/react-patterns.md +206 -0
  55. package/.github/skills/code-test-coverage-analyzer/scripts/detect-platform.ps1 +261 -0
  56. package/.github/skills/code-test-coverage-analyzer/scripts/scan-repository.ps1 +242 -0
  57. package/.github/skills/code-test-coverage-analyzer/templates/brd-compliance-row.md +107 -0
  58. package/.github/skills/code-test-coverage-analyzer/templates/test-case-row.md +130 -0
  59. package/.github/skills/code-test-coverage-analyzer/templates/user-story-compliance-row.md +170 -0
  60. package/.github/skills/custom-font-integrator/SKILL.md +373 -0
  61. package/.github/skills/custom-font-integrator/assets/FontTestScreen.js +150 -0
  62. package/.github/skills/custom-font-integrator/references/example-info-plist.xml +21 -0
  63. package/.github/skills/custom-font-integrator/scripts/setup-fonts.sh +99 -0
  64. package/.github/skills/encryption-decryption-utility/Instructions.md +282 -0
  65. package/.github/skills/encryption-decryption-utility/README.md +222 -0
  66. package/.github/skills/encryption-decryption-utility/SKILL.md +645 -0
  67. package/.github/skills/encryption-decryption-utility/assets/encryption-config-template.json +13 -0
  68. package/.github/skills/encryption-decryption-utility/assets/platform-matrix.json +180 -0
  69. package/.github/skills/encryption-decryption-utility/metadata.yaml +51 -0
  70. package/.github/skills/encryption-decryption-utility/references/android-crypto.md +157 -0
  71. package/.github/skills/encryption-decryption-utility/references/angular-crypto.md +130 -0
  72. package/.github/skills/encryption-decryption-utility/references/approach-1-webcrypto.md +95 -0
  73. package/.github/skills/encryption-decryption-utility/references/approach-2-rsa-aes-cbc.md +111 -0
  74. package/.github/skills/encryption-decryption-utility/references/approach-3-aes-sharedkey.md +114 -0
  75. package/.github/skills/encryption-decryption-utility/references/architecture.md +233 -0
  76. package/.github/skills/encryption-decryption-utility/references/backend-alignment.md +506 -0
  77. package/.github/skills/encryption-decryption-utility/references/dependency-guidance.md +234 -0
  78. package/.github/skills/encryption-decryption-utility/references/ec-implementation.md +832 -0
  79. package/.github/skills/encryption-decryption-utility/references/error-handling-playbook.md +234 -0
  80. package/.github/skills/encryption-decryption-utility/references/flutter-crypto.md +105 -0
  81. package/.github/skills/encryption-decryption-utility/references/ios-crypto.md +338 -0
  82. package/.github/skills/encryption-decryption-utility/references/native-rsa-implementation.md +373 -0
  83. package/.github/skills/encryption-decryption-utility/references/node-crypto.md +86 -0
  84. package/.github/skills/encryption-decryption-utility/references/react-crypto.md +105 -0
  85. package/.github/skills/encryption-decryption-utility/references/react-native-crypto.md +1001 -0
  86. package/.github/skills/encryption-decryption-utility/references/react-web-crypto.md +668 -0
  87. package/.github/skills/encryption-decryption-utility/references/security-checklist.md +176 -0
  88. package/.github/skills/encryption-decryption-utility/references/web-crypto.md +74 -0
  89. package/.github/skills/encryption-decryption-utility/scripts/detect.js +128 -0
  90. package/.github/skills/encryption-decryption-utility/scripts/install.js +1713 -0
  91. package/.github/skills/encryption-decryption-utility/scripts/setup.js +800 -0
  92. package/.github/skills/encryption-decryption-utility/template.md +241 -0
  93. package/.github/skills/encryption-decryption-utility/templates/config-questionnaire.md +467 -0
  94. package/.github/skills/encryption-decryption-utility/templates/delivery-checklist.md +206 -0
  95. package/.github/skills/encryption-decryption-utility/templates/implementation-plan.md +304 -0
  96. package/.github/skills/feature-generator/SKILL.MD +2741 -0
  97. package/.github/skills/feature-generator/assets/fingerprint-schema.json +385 -0
  98. package/.github/skills/feature-generator/assets/spec-template.md +172 -0
  99. package/.github/skills/feature-generator/assets/transform-rules.json +82 -0
  100. package/.github/skills/feature-generator/references/api-envelope-patterns.md +327 -0
  101. package/.github/skills/feature-generator/references/screen-logic-patterns.md +399 -0
  102. package/.github/skills/feature-generator/references/state-library-patterns.md +464 -0
  103. package/.github/skills/figma-ui-mapper/README.md +34 -0
  104. package/.github/skills/figma-ui-mapper/SKILL.md +101 -0
  105. package/.github/skills/figma-ui-mapper/assets/templates/component-map-template.md +30 -0
  106. package/.github/skills/figma-ui-mapper/assets/templates/generation-report-template.md +49 -0
  107. package/.github/skills/figma-ui-mapper/metadata.yaml +22 -0
  108. package/.github/skills/figma-ui-mapper/references/android.md +11 -0
  109. package/.github/skills/figma-ui-mapper/references/angular.md +18 -0
  110. package/.github/skills/figma-ui-mapper/references/capacitor.md +18 -0
  111. package/.github/skills/figma-ui-mapper/references/common.md +23 -0
  112. package/.github/skills/figma-ui-mapper/references/expo.md +18 -0
  113. package/.github/skills/figma-ui-mapper/references/flutter.md +18 -0
  114. package/.github/skills/figma-ui-mapper/references/frameworks/angular/rules.md +23 -0
  115. package/.github/skills/figma-ui-mapper/references/frameworks/capacitor/rules.md +23 -0
  116. package/.github/skills/figma-ui-mapper/references/frameworks/expo/rules.md +23 -0
  117. package/.github/skills/figma-ui-mapper/references/frameworks/flutter/rules.md +23 -0
  118. package/.github/skills/figma-ui-mapper/references/frameworks/ionic/rules.md +23 -0
  119. package/.github/skills/figma-ui-mapper/references/frameworks/kotlin-multiplatform/rules.md +23 -0
  120. package/.github/skills/figma-ui-mapper/references/frameworks/native-android/rules.md +23 -0
  121. package/.github/skills/figma-ui-mapper/references/frameworks/native-ios/rules.md +23 -0
  122. package/.github/skills/figma-ui-mapper/references/frameworks/next/rules.md +23 -0
  123. package/.github/skills/figma-ui-mapper/references/frameworks/nuxt/rules.md +23 -0
  124. package/.github/skills/figma-ui-mapper/references/frameworks/react/rules.md +19 -0
  125. package/.github/skills/figma-ui-mapper/references/frameworks/react-native/rules.md +23 -0
  126. package/.github/skills/figma-ui-mapper/references/frameworks/svelte/rules.md +23 -0
  127. package/.github/skills/figma-ui-mapper/references/frameworks/vue/rules.md +23 -0
  128. package/.github/skills/figma-ui-mapper/references/ionic.md +18 -0
  129. package/.github/skills/figma-ui-mapper/references/ios.md +11 -0
  130. package/.github/skills/figma-ui-mapper/references/kotlin-multiplatform.md +18 -0
  131. package/.github/skills/figma-ui-mapper/references/native-android.md +18 -0
  132. package/.github/skills/figma-ui-mapper/references/native-ios.md +18 -0
  133. package/.github/skills/figma-ui-mapper/references/next.md +18 -0
  134. package/.github/skills/figma-ui-mapper/references/nuxt.md +18 -0
  135. package/.github/skills/figma-ui-mapper/references/react-figma-guideline.md +21 -0
  136. package/.github/skills/figma-ui-mapper/references/react-native.md +18 -0
  137. package/.github/skills/figma-ui-mapper/references/react.md +18 -0
  138. package/.github/skills/figma-ui-mapper/references/script-usage.md +46 -0
  139. package/.github/skills/figma-ui-mapper/references/svelte.md +18 -0
  140. package/.github/skills/figma-ui-mapper/references/vue.md +18 -0
  141. package/.github/skills/figma-ui-mapper/references/workflow.md +74 -0
  142. package/.github/skills/figma-ui-mapper/scripts/generate-page-through-figma.js +635 -0
  143. package/.github/skills/figma-ui-mapper/scripts/generate-react-page-through-figma.js +4 -0
  144. package/.github/skills/frontend-task-breakdown/SKILL.md +734 -0
  145. package/.github/skills/md-file-converter/SKILL.md +291 -0
  146. package/.github/skills/md-file-converter/config/formats.json +114 -0
  147. package/.github/skills/md-file-converter/extractors/extract-docx.sh +120 -0
  148. package/.github/skills/md-file-converter/extractors/extract-eml.py +108 -0
  149. package/.github/skills/md-file-converter/extractors/extract-pdf.sh +97 -0
  150. package/.github/skills/md-file-converter/extractors/extract-pptx.py +143 -0
  151. package/.github/skills/md-file-converter/extractors/extract-xlsx.py +175 -0
  152. package/.github/skills/md-file-converter/scripts/check-tools.sh +47 -0
  153. package/.github/skills/md-file-converter/scripts/extract-archive.sh +83 -0
  154. package/.github/skills/md-file-converter/scripts/extract-ocr.sh +77 -0
  155. package/.github/skills/md-file-converter/scripts/get-metadata.sh +57 -0
  156. package/.github/skills/md-file-converter/templates/output.md +73 -0
  157. package/.github/skills/md-file-converter/templates/unsupported-object.md +6 -0
  158. package/.github/skills/mockAPI-contract-generator/SKILL.md +607 -0
  159. package/.github/skills/test-case-validator/CHANGELOG.md +155 -0
  160. package/.github/skills/test-case-validator/CONFIGURATION.md +130 -0
  161. package/.github/skills/test-case-validator/EXAMPLES.md +50 -0
  162. package/.github/skills/test-case-validator/QUALITY_SCORING.md +98 -0
  163. package/.github/skills/test-case-validator/README.md +111 -0
  164. package/.github/skills/test-case-validator/REPORT_TEMPLATE.md +116 -0
  165. package/.github/skills/test-case-validator/SKILL.md +209 -0
  166. package/.github/skills/test-case-validator/SYSTEM_PROMPT.md +127 -0
  167. package/.github/skills/test-case-validator/TRACEABILITY_ENGINE.md +152 -0
  168. package/.github/skills/test-case-validator/VALIDATION_RULES.md +411 -0
  169. package/.github/skills/test-case-validator/config/default.config.yaml +62 -0
  170. package/.github/skills/test-case-validator/docs/ARCHITECTURE.md +66 -0
  171. package/.github/skills/test-case-validator/docs/EXTENDING.md +85 -0
  172. package/.github/skills/test-case-validator/docs/FAQ.md +88 -0
  173. package/.github/skills/test-case-validator/docs/VERSIONING.md +55 -0
  174. package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-brd.md +43 -0
  175. package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-test-cases.csv +9 -0
  176. package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/input-user-story.md +29 -0
  177. package/.github/skills/test-case-validator/examples/example-1-manual-qa-ecommerce/output-report.md +303 -0
  178. package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/input-spec.md +43 -0
  179. package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/input-test-files-index.md +56 -0
  180. package/.github/skills/test-case-validator/examples/example-2-automated-frontend-suite/output-report.md +274 -0
  181. package/.github/skills/test-case-validator/prompts/00-applicability-resolution.md +61 -0
  182. package/.github/skills/test-case-validator/prompts/01-extraction-user-story.md +58 -0
  183. package/.github/skills/test-case-validator/prompts/02-extraction-brd.md +64 -0
  184. package/.github/skills/test-case-validator/prompts/03-extraction-test-cases.md +92 -0
  185. package/.github/skills/test-case-validator/prompts/04-traceability-matrix.md +41 -0
  186. package/.github/skills/test-case-validator/prompts/05-coverage-analysis.md +46 -0
  187. package/.github/skills/test-case-validator/prompts/06-missing-scenario-detection.md +32 -0
  188. package/.github/skills/test-case-validator/prompts/07-duplicate-detection.md +36 -0
  189. package/.github/skills/test-case-validator/prompts/08-risk-analysis.md +39 -0
  190. package/.github/skills/test-case-validator/prompts/09-gated-wiring-validation.md +53 -0
  191. package/.github/skills/test-case-validator/prompts/10-observation-report.md +56 -0
  192. package/.github/skills/test-case-validator/prompts/11-final-report-assembly.md +57 -0
  193. package/.github/skills/test-case-validator/templates/coverage-table.md +25 -0
  194. package/.github/skills/test-case-validator/templates/executive-summary.md +38 -0
  195. package/.github/skills/test-case-validator/templates/final-summary-block.md +87 -0
  196. package/.github/skills/test-case-validator/templates/observation-entry.md +41 -0
  197. package/.github/skills/test-case-validator/templates/rtm-row.md +25 -0
  198. package/.github/skills/validation-engine-builder/README.md +50 -0
  199. package/.github/skills/validation-engine-builder/SKILL.md +241 -0
  200. package/.github/skills/validation-engine-builder/references/core.md +158 -0
  201. package/.github/skills/validation-engine-builder/references/platform-angular.md +166 -0
  202. package/.github/skills/validation-engine-builder/references/platform-flutter.md +118 -0
  203. package/.github/skills/validation-engine-builder/references/platform-react-native.md +170 -0
  204. package/.github/skills/validation-engine-builder/references/platform-react.md +94 -0
  205. package/.github/skills/validation-engine-builder/scripts/apply-to-project.js +80 -0
  206. package/.github/skills/validation-engine-builder/scripts/generate-angular.js +271 -0
  207. package/.github/skills/validation-engine-builder/scripts/generate-flutter.js +298 -0
  208. package/.github/skills/validation-engine-builder/scripts/generate-react-native.js +217 -0
  209. package/.github/skills/validation-engine-builder/scripts/generate-react.js +163 -0
  210. package/.github/skills/validation-engine-builder/scripts/install-deps.js +53 -0
  211. package/.github/skills/validation-engine-builder/scripts/shared/detect-platform.js +68 -0
  212. package/.github/skills/validation-engine-builder/scripts/shared/npm-deps.js +103 -0
  213. package/.github/skills/validation-engine-builder/scripts/shared/rhf-hook.js +43 -0
  214. package/.github/skills/validation-engine-builder/scripts/shared/ts-messages-regex.js +62 -0
  215. package/.github/skills/validation-engine-builder/scripts/shared/util.js +44 -0
  216. package/.github/skills/validation-engine-builder/scripts/shared/yup-schemas.js +80 -0
  217. package/.github/skills/validation-engine-builder/template.md +73 -0
  218. package/.github/skills/validation-engine-builder/templates/messages.json +22 -0
  219. package/.github/skills/validation-engine-builder/templates/regex.json +16 -0
  220. package/.github/skills/validation-engine-builder/templates/schemas.json +48 -0
  221. package/bin/index.js +145 -0
  222. package/package.json +22 -0
  223. package/readme.md +0 -0
@@ -0,0 +1,1358 @@
1
+ ---
2
+ name: code-test-coverage-analyzer
3
+ version: "3.0.0"
4
+ description: >
5
+ Audits any software project against three requirement documents — BRD (Business Requirement Document),
6
+ User Stories, and Test Cases — all provided as Markdown files. Performs a multi-pass multi-layered
7
+ repository scan, compares every single requirement against actual implementation with code evidence,
8
+ and generates 15 professional compliance-report files. Covers BRD compliance, user story fulfillment,
9
+ test case pass/fail analysis, validation analysis, UI analysis, API analysis, business logic, navigation,
10
+ traceability matrix, missing features, extra implementation, compliance scorecard, security analysis,
11
+ and final recommendations. Framework-agnostic: works with React Native, React, Angular, Flutter,
12
+ Android, iOS, NestJS, Node.js/Express, Spring Boot, .NET Core, and Go.
13
+ Behaves like a senior QA + Business Analyst + Technical Architect. Never guesses. Never marks
14
+ anything implemented without verified code evidence.
15
+ argument-hint: "<BRD.md> <USER_STORIES.md> <TEST_CASES.md> [project-root] [output-folder]"
16
+ user-invocable: true
17
+ ---
18
+
19
+ # CODE TEST COVERAGE ANALYZER
20
+
21
+ This skill is fully AI-driven. Do NOT rely on any script to perform the analysis. Scripts in this skill
22
+ are helpers for platform detection and directory tree generation only. ALL requirement comparison,
23
+ evidence gathering, status determination, and report generation is performed by the AI through
24
+ systematic reading of source files.
25
+
26
+ ---
27
+
28
+ ## Purpose
29
+
30
+ Determine with evidence-backed precision how closely the actual implementation matches the declared
31
+ requirements. Every requirement must be assessed. Every assessment must cite actual source files,
32
+ functions, classes, or UI elements. Nothing is assumed. Nothing is fabricated.
33
+
34
+ This is NOT a code quality review. This is NOT a SonarQube scan. This is a Business Requirements
35
+ Compliance Audit.
36
+
37
+ ---
38
+
39
+ ## When This Skill Applies
40
+
41
+ Use this skill when:
42
+ - The user provides (or points to) BRD.md, USER_STORIES.md, and TEST_CASES.md
43
+ - The user types `code-test-coverage-analyzer`, `/audit-requirements`, or similar
44
+ - The user asks "does our implementation match the requirements?"
45
+ - The user asks "what features are missing?", "what is the compliance score?", "audit the project against specs"
46
+ - Before a sprint review or production release
47
+ - After a major implementation to verify completeness
48
+
49
+ Do NOT use this skill when:
50
+ - No requirement documents are provided
51
+ - The user only wants code review or refactoring
52
+ - The user wants test generation (use tdd-spec-generator instead)
53
+
54
+ ---
55
+
56
+ ## Inputs
57
+
58
+ ### Required
59
+ | Input | Description |
60
+ |---|---|
61
+ | `BRD.md` | Business Requirement Document — functional and non-functional requirements |
62
+ | `USER_STORIES.md` | User stories with acceptance criteria |
63
+ | `TEST_CASES.md` | Test cases with expected results |
64
+ | Project Source Code | The codebase to audit |
65
+
66
+ ### Optional (include if provided)
67
+ | Input | Description |
68
+ |---|---|
69
+ | Architecture Documents | High-level system design |
70
+ | API Documents / Swagger / OpenAPI | API contracts |
71
+ | Database Schema | Entity definitions |
72
+ | Screen Specifications | Screen-level design documents |
73
+ | Design Documents / Flow Diagrams | UX flows |
74
+
75
+ ---
76
+
77
+ ## Execution Mode
78
+
79
+ | Archetype | Script % | LLM % |
80
+ |---|---|---|
81
+ | AI-Primary | ~10% | ~90% |
82
+
83
+ | Layer | Responsibility |
84
+ |---|---|
85
+ | Script | Platform auto-detection |
86
+ | Script | Directory tree generation |
87
+ | LLM | All 12 passes of analysis |
88
+ | LLM | BRD / User Story / Test Case parsing |
89
+ | LLM | Evidence gathering from source files |
90
+ | LLM | Status determination per requirement |
91
+ | LLM | Coverage calculation |
92
+ | LLM | All 15 report file generation |
93
+
94
+ ---
95
+
96
+ ## Step 0 — Collect Configuration
97
+
98
+ Read `assets/config-questionnaire.md` and collect the following from the user BEFORE scanning any file.
99
+
100
+ | # | Field | Type | Required | Notes |
101
+ |---|---|---|---|---|
102
+ | Q1 | BRD_PATH | file path | Yes | Path to BRD.md |
103
+ | Q2 | USER_STORIES_PATH | file path | Yes | Path to USER_STORIES.md |
104
+ | Q3 | TEST_CASES_PATH | file path | Yes | Path to TEST_CASES.md |
105
+ | Q4 | PROJECT_ROOT | directory path | Yes | Root directory of the source code |
106
+ | Q5 | OUTPUT_FOLDER | string | Yes | Name for output folder; warn if already exists |
107
+ | Q6 | PLATFORM | enum | Auto-detected | Run `scripts/detect-platform.ps1`; prompt only if confidence=0 |
108
+ | Q7 | OPTIONAL_DOCS | string[] | Optional | List of any additional documents provided |
109
+ | Q8 | SCOPED_OUT_IDS | string[] | Optional | BRD requirement IDs deferred from this audit |
110
+ | Q9 | PROJECT_TYPE | enum | Optional | Project type for coverage weight preset |
111
+ | Q10 | PRIOR_AUDIT_PATH | path | Optional | Prior audit folder for delta comparison |
112
+
113
+ Present the completed configuration summary and wait for user confirmation before proceeding.
114
+
115
+ ---
116
+
117
+ ## Step 1 — Platform Auto-Detection
118
+
119
+ Run the platform detection script. Try both commands (Mac/Linux uses `pwsh`, Windows uses `powershell`):
120
+ ```powershell
121
+ # Mac/Linux:
122
+ pwsh .github/skills/code-test-coverage-analyzer/scripts/detect-platform.ps1 -ProjectRoot "<Q4>"
123
+ # Windows:
124
+ powershell .github/skills/code-test-coverage-analyzer/scripts/detect-platform.ps1 -ProjectRoot "<Q4>"
125
+ ```
126
+ If neither command is available, skip the script and use the manual platform selection from Q6 in config-questionnaire.md.
127
+
128
+ Map output to one reference file. Load ONLY the matching reference:
129
+
130
+ | Platform | Reference File |
131
+ |---|---|
132
+ | ReactNative | `references/react-native-patterns.md` |
133
+ | React | `references/react-patterns.md` |
134
+ | Angular | `references/angular-patterns.md` |
135
+ | Flutter | `references/flutter-patterns.md` |
136
+ | Android | `references/android-patterns.md` |
137
+ | iOS | `references/ios-patterns.md` |
138
+ | NestJS | `references/backend-patterns.md` |
139
+ | NodeJS | `references/backend-patterns.md` |
140
+ | SpringBoot | `references/backend-patterns.md` |
141
+ | DotNet | `references/backend-patterns.md` |
142
+ | Go | `references/backend-patterns.md` |
143
+ | Unknown | Ask user to select from Q6 options; re-route after response |
144
+
145
+ When loading `references/backend-patterns.md`, read ONLY the section matching the detected platform.
146
+ Each section is labeled "## {Platform} — read this section only if Platform={X}." Skip all other sections.
147
+
148
+ ---
149
+
150
+ ## Step 2 — Parse Requirement Documents
151
+
152
+ Before scanning a single source file, fully parse all three input documents.
153
+
154
+ ### 2A — Parse BRD.md
155
+
156
+ Read Q1 file completely. Extract every requirement. For each:
157
+ - Assign a BRD-ID (e.g., BRD-001, BRD-002) if not already present
158
+ - Extract: Category, Requirement Text, Priority, Acceptance Condition
159
+ - Detect requirement type: Functional | Non-Functional | UI | API | Validation | Business Rule | Navigation | Calculation | Security | Performance
160
+
161
+ Build the **BRD Requirement Catalog** — a structured list of all requirements.
162
+
163
+ ### 2B — Parse USER_STORIES.md
164
+
165
+ Read Q2 file completely. Extract every user story. For each:
166
+ - Assign a Story-ID (e.g., US-001) if not already present
167
+ - Extract: Role, Goal, Business Value
168
+ - Extract every acceptance criterion individually
169
+ - Assign Criterion-ID (e.g., US-001-AC-01)
170
+ - Detect related BRD requirements (by keyword and context match)
171
+
172
+ Build the **User Story Catalog**.
173
+
174
+ ### 2C — Parse TEST_CASES.md
175
+
176
+ Read Q3 file completely. Extract every test case. For each:
177
+ - Assign TC-ID (e.g., TC-001) if not already present
178
+ - Extract: Scenario, Preconditions, Test Steps, Expected Result
179
+ - Identify related User Story ID and BRD requirement ID
180
+ - Classify test type: Functional | Validation | Navigation | API | Business Logic | UI | Edge Case | Negative
181
+
182
+ Build the **Test Case Catalog**.
183
+
184
+ ### 2D — Cross-Reference and Conflict Detection
185
+
186
+ Build initial traceability links:
187
+ - BRD-ID → Related Story-IDs → Related TC-IDs
188
+ - Flag any TC that has no BRD or Story link (orphan test)
189
+ - Flag any BRD requirement with no related Story or TC (orphan requirement)
190
+
191
+ **Conflict Detection (mandatory)**:
192
+ Load `assets/conflict-resolution-protocol.md` now. For each entity shared across documents
193
+ (same field name, same screen, same API endpoint, same business rule), compare constraints:
194
+ - Does the BRD specify one value while a User Story specifies a different value?
195
+ - Does one BRD section contradict another BRD section?
196
+ - Does an acceptance criterion require different behavior than the parent story?
197
+
198
+ Apply the conflict detection algorithm from conflict-resolution-protocol.md. Flag all CONFLICTED
199
+ pairs with a CONFLICT-ID before proceeding to Pass 1. CONFLICTED items score 0% coverage until
200
+ the conflict is resolved by the project team.
201
+
202
+ ---
203
+
204
+ ## Step 3 — Generate Repository Directory Tree
205
+
206
+ Run the repository scan script. Try both commands:
207
+ ```powershell
208
+ # Mac/Linux:
209
+ pwsh .github/skills/code-test-coverage-analyzer/scripts/scan-repository.ps1 -ProjectRoot "<Q4>" -Platform "<Q6>"
210
+ # Windows:
211
+ powershell .github/skills/code-test-coverage-analyzer/scripts/scan-repository.ps1 -ProjectRoot "<Q4>" -Platform "<Q6>"
212
+ ```
213
+ The script output is the authoritative Master File List. Proceed to Step 3B using this output.
214
+
215
+ ---
216
+
217
+ ## Step 3B — Exhaustive File Enumeration (MANDATORY)
218
+
219
+ Before any pass begins, build the **Master File List** — a complete catalogue of every source file
220
+ in the project. This is not optional. Every file must appear in this list. No file may be skipped.
221
+
222
+ **How to build**:
223
+ 1. Use the output from Step 3's scan-repository.ps1 as the Master File List. Do NOT run a separate
224
+ Glob enumeration — the script output is the authoritative categorized file list.
225
+ Only use Glob directly if the script could not be executed (no PowerShell available).
226
+ 2. Organize into these mandatory categories:
227
+
228
+ | Category | What goes here |
229
+ |---|---|
230
+ | **Screens** | All screen / page / activity / view-controller files |
231
+ | **Components** | All reusable UI component files (not full screens — buttons, cards, inputs, modals, bottom sheets, loaders, banners, etc.) |
232
+ | **Hooks** | All custom hook files (useXxx.ts, *_hook.dart, etc.) |
233
+ | **APILayer** | All service, repository, data-source, API-client files |
234
+ | **StateManagement** | All slice, reducer, action, effect, BLoC, Cubit, ViewModel, store files |
235
+ | **Navigation** | All navigator, router, route-definition files |
236
+ | **BusinessLogic** | All use-case, interactor, manager, domain-service, calculation-service files |
237
+ | **Validation** | All schema, validator, form-rule, field-validation files |
238
+ | **Models** | All model, DTO, entity, request/response files |
239
+ | **Core/Security** | All encryption, security, crypto, auth, interceptor, middleware, session files |
240
+ | **Constants** | All constants, config, enum, theme, color, typography files |
241
+ | **Utilities** | All helper, formatter, calculator, date-util, string-util, number-util files |
242
+ | **Localization** | All i18n, l10n, translation, strings, ARB, Localizable.strings files |
243
+ | **Tests** | All test, spec, mock, fixture files |
244
+ | **Assets** | All image, font, icon, lottie asset files |
245
+ | **Generated** | All auto-generated files (note but still inspect for enum values / constants) |
246
+ | **Other** | Everything else |
247
+
248
+ 3. Record the **total file count** per category and the **total across all categories**.
249
+ 4. This list is the **read obligation** — every file in every category (except Assets and Generated)
250
+ must be opened and inspected at least once during the 12 passes.
251
+ 5. After all passes complete, verify that every non-excluded file was read. Files not read during
252
+ a logical pass must be read in a catch-up sweep before Pass 12.
253
+
254
+ **Commitment statement** (print this at the start of analysis):
255
+ ```
256
+ EXHAUSTIVE SCAN COMMITMENT
257
+ Total source files to read: {N}
258
+ Screens: {n}
259
+ Components: {n}
260
+ Hooks: {n}
261
+ APILayer: {n}
262
+ StateManagement: {n}
263
+ Navigation: {n}
264
+ BusinessLogic: {n}
265
+ Validation: {n}
266
+ Models: {n}
267
+ Core/Security: {n}
268
+ Constants: {n}
269
+ Utilities: {n}
270
+ Localization: {n}
271
+ Tests: {n}
272
+ Other: {n}
273
+ No file will be skipped.
274
+ ```
275
+
276
+ ---
277
+
278
+ ## §Repository Scanning Efficiency
279
+
280
+ ### Read-Once Principle
281
+ Each source file is read once, in the earliest pass that requires it. Subsequent passes reference
282
+ findings from the Inventory built in that first pass. Passes 3–11 must say "using findings from
283
+ [Pass N] Inventory" rather than re-reading the same files.
284
+
285
+ ### Grep-First Principle
286
+ Use Grep for pattern discovery across many files. Use Read only for logic flow, context, and
287
+ confirmed evidence. For a new requirement type search:
288
+ 1. Grep the whole codebase for the most discriminating pattern
289
+ 2. Read only the matched files for verification
290
+ Do NOT read every file in a category to find one pattern when Grep can locate it in one call.
291
+
292
+ ### Large File Protocol
293
+ Before reading any source file:
294
+ - Quickly check if it exceeds 2000 lines (using a head/wc equivalent or read with a limit probe)
295
+ - If it exceeds 2000 lines: read in 1800-line chunks with a 200-line overlap between chunks
296
+ - Record key findings from each chunk before proceeding to the next chunk
297
+ - Files confirmed under 2000 lines may be read in one call
298
+
299
+ ### String Map Durability
300
+ After building the String Map in Pass 1, write it to `{Q5}/wip/string-map.md` before proceeding
301
+ to Pass 2. Every subsequent pass must reference this file rather than reconstructing from memory.
302
+ Passes must use `Read {Q5}/wip/string-map.md` for string lookups, not recall from context.
303
+
304
+ ---
305
+
306
+ ## §Checkpoint Protocol
307
+
308
+ After each pass completes, write a checkpoint file before starting the next pass:
309
+ ```
310
+ Write: {Q5}/wip/pass-{N}-findings.md
311
+ Content: Summary of findings from this pass (finding count, key discoveries, files read)
312
+ ```
313
+
314
+ If context approaches its limit mid-pass:
315
+ 1. Complete the current requirement being analyzed
316
+ 2. Write the checkpoint file for the current pass
317
+ 3. State explicitly: "CHECKPOINT: Pass {N} complete — {M} requirements assessed. Resume from Pass {N+1}."
318
+ 4. The user can continue in a new session starting from Pass {N+1}
319
+
320
+ This prevents silent truncation where the audit continues from an empty context and produces
321
+ incomplete findings with no indication of the truncation.
322
+
323
+ ---
324
+
325
+ ## Multi-Pass Repository Analysis
326
+
327
+ Perform the following passes. Each pass is a targeted scan of source files.
328
+ Do NOT skip any pass. Do NOT combine passes into one.
329
+ After every pass, record findings in working memory AND write a checkpoint file before proceeding.
330
+
331
+ **EXHAUSTIVENESS RULE**: Every pass must process its full file set — not a sample, not the first N
332
+ files. If a pass covers "all service files", it means EVERY file in the APILayer + BusinessLogic
333
+ categories. Mark each file as "read" as you go. At the end of all passes, any unread file must be
334
+ read in a sweep before Pass 12.
335
+
336
+ ---
337
+
338
+ ### Pass 1 — Project Structure Discovery
339
+
340
+ **Goal**: Map the complete project architecture and read every structural / configuration file.
341
+
342
+ Scan: ALL directories and files under Q4 using the Master File List from Step 3B.
343
+ Read every file in: **Constants**, **Core/Security**, **Localization**, and **Generated** categories.
344
+ Also read: package.json / pubspec.yaml / build.gradle, .env files, app.config.ts/js, app.json.
345
+
346
+ Discover and record:
347
+ - Top-level folder structure (src, lib, app, features, modules, etc.)
348
+ - Technology stack (languages, frameworks, state management)
349
+ - State management library (Redux, Zustand, BLoC, NgRx, Provider, GetX, ViewModel, etc.)
350
+ - HTTP client (Axios, Dio, OkHttp, Alamofire, fetch, etc.)
351
+ - Navigation library (React Navigation, GoRouter, Angular Router, NavController, etc.)
352
+ - Authentication mechanism (JWT, OAuth, session tokens, encryption)
353
+ - Security / encryption implementation (ECDH, AES, RSA, SSL pinning, etc.)
354
+ - Localization/i18n setup — read ALL string resource files and resolve ALL message keys
355
+ - Feature flags and environment flags
356
+ - Configuration files — read every .env, constants file, and config file completely
357
+ - Build configuration
358
+ - Every enum definition (enums constrain allowed values for fields and statuses)
359
+ - Every theme / typography / color constant (these define UI labels via constants)
360
+ - Middleware, interceptors, and request/response transformers
361
+
362
+ **Resolve all string constants now** — before any pass that needs to compare text.
363
+ Read every localization file (Localizable.strings, en.json, strings.xml, ARB files, messages.ts).
364
+ Build a **String Map**: key → resolved string. Every validation message, button label, and
365
+ error text must be resolvable from this map without re-reading localization files each time.
366
+
367
+ **String Map Durability**: Write the String Map to `{Q5}/wip/string-map.md` immediately after
368
+ building it. Format: one row per key (key | resolved string | source file). All subsequent passes
369
+ must use `Read {Q5}/wip/string-map.md` for string lookups — never reconstruct from context.
370
+
371
+ Output: **Architecture Fingerprint** + **String Map** (in `{Q5}/wip/string-map.md`) + **Constant Inventory**.
372
+
373
+ ---
374
+
375
+ ### Pass 2 — Screen AND Component Discovery
376
+
377
+ **Goal**: Enumerate ALL user-facing screens AND all reusable UI components AND all hooks.
378
+ This pass covers the entire UI layer — not just top-level screens.
379
+
380
+ #### Pass 2A — Screen Discovery
381
+
382
+ Read EVERY file in the **Screens** category from the Master File List (Step 3B).
383
+ Do not skip any screen file.
384
+
385
+ Platform screen patterns (for file categorization reference):
386
+ | Platform | Screen Patterns |
387
+ |---|---|
388
+ | React Native | `*Screen.tsx`, `*Screen.ts`, `*Page.tsx`, `*View.tsx`; exports from `screens/` directories |
389
+ | React | `*Page.tsx`, `*View.tsx`, route-registered components |
390
+ | Angular | `*.component.ts` registered in routing modules |
391
+ | Flutter | `*_screen.dart`, `*_page.dart`; widgets with `Scaffold` |
392
+ | Android | `*Activity.kt`, `*Fragment.kt`, `*Activity.java`, `*Fragment.java` |
393
+ | iOS | `*ViewController.swift`, `*View.swift`, UIViewController subclasses |
394
+
395
+ For each screen, record:
396
+ - File path
397
+ - Screen name
398
+ - Parent module/feature
399
+ - Every form field (name, type, placeholder, label)
400
+ - Every button (label, action)
401
+ - Every conditional UI element (condition, element shown/hidden)
402
+ - Navigation calls in/out
403
+ - API calls made (note the call site)
404
+ - State management usage (which store/slice/BLoC)
405
+ - Loading state indicator present: Yes/No
406
+ - Empty state component present: Yes/No
407
+ - Error state handling: Yes/No
408
+
409
+ Output: **Screen Inventory**.
410
+
411
+ #### Pass 2B — Component Discovery
412
+
413
+ Read EVERY file in the **Components** category from the Master File List.
414
+ Do not skip any component file — every reusable widget, card, modal, button, input, bottom sheet,
415
+ loader, banner, form field, header, footer, list item, empty state, and error state component
416
+ must be inspected.
417
+
418
+ For each component, record:
419
+ - File path
420
+ - Component name
421
+ - Props accepted (especially: label, placeholder, errorMessage, value, onPress)
422
+ - UI elements it renders
423
+ - Any hardcoded text (button labels, default messages, placeholder text)
424
+ - Any conditional rendering logic
425
+ - Any validation it performs internally
426
+ - Which screens import and use it (back-reference from Screen Inventory)
427
+
428
+ **Why components matter**: Requirements may prescribe specific button text, placeholder text,
429
+ or error messages that live inside shared components, not in screen files. A compliance check
430
+ on the screen alone will miss these. Every component that renders text or validation feedback
431
+ must be read.
432
+
433
+ Output: **Component Inventory**.
434
+
435
+ #### Pass 2C — Hook Discovery
436
+
437
+ Read EVERY file in the **Hooks** category from the Master File List.
438
+ Custom hooks often contain the actual business logic, validation, and state management
439
+ that screens delegate to.
440
+
441
+ For each hook, record:
442
+ - File path
443
+ - Hook name
444
+ - What it does (state it manages, side effects, API calls)
445
+ - Validation rules it contains
446
+ - Business conditions it evaluates
447
+ - Which screens/components use it
448
+
449
+ Output: **Hook Inventory**.
450
+
451
+ ---
452
+
453
+ ### Pass 3 — API Discovery
454
+
455
+ **Goal**: Enumerate ALL API calls made from the project. Every single endpoint call.
456
+
457
+ Read EVERY file in the **APILayer** category from the Master File List.
458
+ Also read every file in **Core/Security** (interceptors, middleware, request wrappers).
459
+ Also read every file in **Hooks** that makes API calls (check Hook Inventory from Pass 2C).
460
+ Also read every **Screen** file for inline API calls not delegated to a service.
461
+
462
+ Do NOT stop after finding the obvious service files. Check:
463
+ - Shared API client / axios instance configuration files
464
+ - Interceptor files (request interceptors, response interceptors)
465
+ - Auth interceptor / token injection files
466
+ - Retry logic files
467
+ - Error handler middleware
468
+ - Any file that calls `fetch(`, `axios.`, `.get(`, `.post(`, `.request(`, `dio.`, `http.`
469
+
470
+ Scan all repository, service, and data source files. Using the platform reference:
471
+
472
+ | Platform | API Patterns |
473
+ |---|---|
474
+ | React Native / React | `axios.get/post/put/delete`, `fetch(`, `apiClient.`, `.request(`, service class methods |
475
+ | Angular | `HttpClient.get/post/put/delete`, `http.`, service class `@Injectable` |
476
+ | Flutter | `dio.get/post/put/delete`, `http.get/post`, repository class methods |
477
+ | Android | `OkHttp.newCall`, `Retrofit` interface methods, `HttpURLConnection` |
478
+ | iOS | `URLSession.dataTask`, `Alamofire.request`, `AF.request` |
479
+
480
+ For each API call, record:
481
+ - HTTP method (GET/POST/PUT/PATCH/DELETE)
482
+ - Endpoint URL or path template
483
+ - Request payload structure
484
+ - Response model
485
+ - Authentication (token injected? which header?)
486
+ - Error handling (which HTTP codes handled?)
487
+ - Retry logic
488
+ - Timeout configuration
489
+ - File path and function name
490
+
491
+ Output: **API Inventory** — complete list of all API calls with metadata.
492
+
493
+ ---
494
+
495
+ ### Pass 4 — Business Logic Discovery
496
+
497
+ **Goal**: Enumerate ALL business rules, conditions, and decision trees implemented.
498
+ Every file that contains conditional logic related to a business outcome must be read.
499
+
500
+ Read EVERY file in: **BusinessLogic**, **StateManagement**, **Hooks**, **Utilities** categories.
501
+ Also read: every Screen file (screens often contain inline business logic).
502
+ Also read: every Component file (components may encode business rules in their props/rendering).
503
+ Also read: every file in Core/Security (security rules are business rules).
504
+
505
+ Do NOT assume business logic only lives in "service" files. It can be in:
506
+ - Redux thunks and selectors
507
+ - React hooks (useEffect with conditions, useMemo with calculations)
508
+ - ViewModel computed properties
509
+ - BLoC event handlers
510
+ - Screen-level onSubmit handlers
511
+ - Utility functions used by multiple screens
512
+ - Constants files that define business thresholds (MIN_AMOUNT, MAX_RETRIES, etc.)
513
+
514
+ Scan: Service files, BLoC files, ViewModel files, Thunks, Reducers, Use Cases, Interactors, Helpers, Utilities.
515
+
516
+ Look for:
517
+ - Conditional branches related to eligibility, approval, status
518
+ - Threshold and limit checks (amount limits, count limits, age checks)
519
+ - Status transitions and state machines
520
+ - Interest / charge / fee / tax calculations
521
+ - Date-based rules (maturity, expiry, lockout periods)
522
+ - Discount and tier logic
523
+ - Permission-gated behavior
524
+ - Role-based logic
525
+
526
+ For each business rule, record:
527
+ - Rule description (inferred from code)
528
+ - File path, function name, line range
529
+ - Input conditions
530
+ - Output/effect
531
+ - Related constants or config values
532
+
533
+ Output: **Business Logic Inventory**.
534
+
535
+ ---
536
+
537
+ ### Pass 5 — Validation Discovery
538
+
539
+ **Goal**: Enumerate ALL input validations implemented — in every file they appear in.
540
+ Validation is scattered. It appears in schemas, components, hooks, screens, services, and
541
+ even constants files. Read ALL of them.
542
+
543
+ Read EVERY file in: **Validation**, **Screens**, **Components**, **Hooks**, **Models** categories.
544
+ Also read: every Constants file (regex constants, min/max value constants).
545
+ Also read: every Localization file (already done in Pass 1 — use the String Map).
546
+
547
+ Validation can appear in:
548
+ - Yup / Zod / Joi schema definitions
549
+ - React Hook Form `register()` options
550
+ - Angular Validators in FormGroup / FormControl
551
+ - Flutter TextFormField `validator:` callbacks
552
+ - Android binding error setters
553
+ - iOS guard statements and NSPredicate matchers
554
+ - Custom hooks that validate before API calls
555
+ - Shared input components that have built-in validation props
556
+ - Constants that define REGEX patterns, MIN lengths, MAX lengths
557
+ - Server-side validation response mapping (what API error codes become what UI messages)
558
+
559
+ For every validation found, also check:
560
+ - Is the same field validated in a shared component AND in a screen schema? Do they conflict?
561
+ - Is the validation message hardcoded or resolved from a constant/localization key?
562
+ - If it's a key, resolve the actual string using the String Map from Pass 1.
563
+
564
+ Scan: Form files, screen files, validators, schema files (Yup, Joi, Formik, reactive forms, BLoC validators, ViewModel validators).
565
+
566
+ For every validation found, record:
567
+ - Field name
568
+ - Validation type (required, min, max, regex, custom, cross-field)
569
+ - Validation rule (exact regex or condition)
570
+ - Error message (exact string or string resource key — resolve to actual string)
571
+ - Where triggered (onBlur, onChange, onSubmit, server-side)
572
+ - File path
573
+
574
+ Also scan:
575
+ - Server-side validation responses (API error codes mapped to messages)
576
+ - Localization files for validation strings
577
+
578
+ Output: **Validation Inventory** — field by field, rule by rule.
579
+
580
+ ---
581
+
582
+ ### Pass 6 — Navigation Discovery
583
+
584
+ **Goal**: Map ALL navigation flows implemented — in every file they appear in.
585
+
586
+ Read EVERY file in the **Navigation** category from the Master File List.
587
+ Also read: every Screen file (navigation calls originate in screens).
588
+ Also read: every Hook file (navigation is often in custom hooks).
589
+ Also read: every Component file (some components navigate on press).
590
+ Also read: Auth files (authentication triggers navigation).
591
+
592
+ Do NOT just check the router config file. Also check:
593
+ - Deep link handler files
594
+ - Notification tap handlers (navigate on notification)
595
+ - App-level lifecycle files (navigate on session expiry, on cold start)
596
+ - Auth middleware (redirect on unauthorized)
597
+ - Error boundary files (navigate on fatal error)
598
+
599
+ Using the platform reference, scan for:
600
+
601
+ | Platform | Navigation Patterns |
602
+ |---|---|
603
+ | React Native | `navigation.navigate(`, `navigation.push(`, `navigation.goBack(`, `useNavigation`, Stack/Tab/Drawer navigators |
604
+ | React | `useNavigate`, `<Link to=`, `useRouter`, `router.push(`, route definitions |
605
+ | Angular | `router.navigate(`, `routerLink=`, `Router.navigateByUrl`, route guards |
606
+ | Flutter | `Navigator.push(`, `Navigator.pushNamed(`, `GoRouter.go(`, `context.go(` |
607
+ | Android | `startActivity(Intent(`, `NavController.navigate(`, `findNavController(` |
608
+ | iOS | `navigationController?.pushViewController`, `present(`, `NavigationLink(` |
609
+
610
+ For each navigation, record:
611
+ - Source screen
612
+ - Destination screen
613
+ - Trigger (button tap, API success, error, lifecycle)
614
+ - Parameters passed
615
+ - Back navigation behavior
616
+ - Deep link pattern (if any)
617
+ - Authentication guard (if any)
618
+
619
+ Output: **Navigation Flow Map**.
620
+
621
+ ---
622
+
623
+ ### Pass 7 — Calculation Discovery
624
+
625
+ **Goal**: Find ALL mathematical or business calculations in the codebase — wherever they live.
626
+
627
+ Read EVERY file in: **Utilities**, **BusinessLogic**, **Hooks**, **StateManagement** categories.
628
+ Also re-scan every Screen file for inline calculations not extracted to a utility.
629
+ Also read every Component file for calculations within render logic.
630
+
631
+ Calculations can hide in:
632
+ - A single line inside a screen's `onSubmit` handler
633
+ - A `useMemo` or `useSelector` in a hook
634
+ - A formatted display value computed in a list item component
635
+ - A computed property in a ViewModel
636
+ - An event handler in a BLoC
637
+
638
+ Scan: Calculation services, utility files, business logic files, ViewModel files, BLoC handlers, reducers.
639
+
640
+ Look for:
641
+ - Interest rate calculations
642
+ - EMI / installment calculations
643
+ - Fee and charge computations
644
+ - Tax calculations
645
+ - Discount computations
646
+ - Date difference calculations (days, months, years between dates)
647
+ - Percentage calculations
648
+ - Currency formatting logic
649
+ - Amount rounding rules
650
+ - Limit and threshold computations
651
+
652
+ For each calculation, record:
653
+ - Formula (expressed as algebraic formula: `result = a op b`)
654
+ - File path, function name, exact code snippet
655
+ - Input parameters and types
656
+ - Output type
657
+ - Edge case handling (null, zero division, negative)
658
+
659
+ Output: **Calculation Inventory**.
660
+
661
+ ---
662
+
663
+ ### Pass 7B — Security Deep-Dive
664
+
665
+ **Goal**: Perform a dedicated security audit of all security-related files before the BRD comparison.
666
+ This pass builds the Security Inventory that feeds into File 15.
667
+
668
+ Read EVERY file in the **Core/Security** category from the Master File List.
669
+ Also read: interceptor files, middleware files, auth wrapper files, token handler files.
670
+ Also grep for: encryption, jwt, bcrypt, hash, salt, cipher, session, pin, password, biometric.
671
+
672
+ For each security control found, record:
673
+ - Control type: Encryption | Token | PIN | Session | Auth | SSL | Error Safety | Logging
674
+ - Implementation file path and function name
675
+ - Data protected (what is being secured)
676
+ - Algorithm or mechanism used
677
+ - Key/secret management approach
678
+ - Expiry or rotation behavior
679
+
680
+ **Security checks to perform**:
681
+ 1. **Encryption** — read the encryption utility. Confirm algorithm (AES-256? RSA? ECDH?).
682
+ Confirm key derivation. Confirm IV/salt generation. Compare against BRD security requirements.
683
+ 2. **Token storage** — find where access tokens and refresh tokens are stored.
684
+ Flag if stored in plain AsyncStorage/localStorage without encryption.
685
+ 3. **PIN lockout** — find the lockout logic. Confirm threshold, duration, and reset behavior.
686
+ Compare against BRD requirements.
687
+ 4. **Session timeout** — find the session timeout logic. Confirm enforcement.
688
+ 5. **SSL pinning** — check if certificate pinning is configured for production.
689
+ 6. **Sensitive data in logs** — grep for console.log / Log.d / print near PIN, password, token, OTP.
690
+ 7. **Error message safety** — find global error handlers. Check that stack traces and internal
691
+ paths are not exposed in error messages shown to the user.
692
+ 8. **Biometric auth** — if required, verify it is wired to the auth flow correctly.
693
+
694
+ Output: **Security Inventory** — used by Pass 11H Self-Verification and File 15.
695
+
696
+ ---
697
+
698
+ ### Pass 8 — BRD Comparison
699
+
700
+ **Goal**: For every requirement in the BRD Requirement Catalog, find evidence in the source code.
701
+
702
+ **Before starting this pass**: Load `assets/status-definitions.md` — it is the ONLY authoritative
703
+ source for all status definitions. Do not rely on status descriptions elsewhere in this file.
704
+
705
+ For each BRD requirement:
706
+
707
+ 1. Identify the requirement type (from Step 2A)
708
+ 2. Search relevant layers based on type (use findings from Inventories built in Passes 1–7B):
709
+ - UI requirement → Search Screen Inventory AND Component Inventory AND Hook Inventory.
710
+ If a UI requirement is not found in screen files, check ALL components used by those screens
711
+ before declaring MISSING. UI elements often live in shared components, not in screen files.
712
+ - API requirement → Search API Inventory, service files
713
+ - Validation requirement → Search Validation Inventory
714
+ - Business Logic requirement → Search Business Logic Inventory, service files
715
+ - Navigation requirement → Search Navigation Flow Map
716
+ - Calculation requirement → Search Calculation Inventory
717
+ - Security requirement → Search Security Inventory (from Pass 7B), Core/Security files
718
+ - Performance requirement → Search config files, loading indicators, lazy loading
719
+ 3. For every search: read actual source files to confirm evidence
720
+ 4. **Before marking MISSING**: Follow the protocol in `assets/multi-strategy-search.md`.
721
+ All six search strategies must be exhausted (or confirmed inapplicable for the requirement type).
722
+ Record evidence from each strategy attempted. Two strategies is never sufficient.
723
+ 5. **Feature Flag handling**: If a requirement's implementation is gated behind a feature flag,
724
+ mark IMPLEMENTED with qualifier "FEATURE FLAG GATED: {flag name}". Check the flag's default
725
+ value and environment-specific values. If the flag is off in all environments, downgrade to
726
+ PARTIALLY_IMPLEMENTED.
727
+ 6. Assign status using `assets/status-definitions.md` (the loaded authoritative source)
728
+ 7. Record evidence: file path, function/class name, line range, code excerpt (max 5 lines)
729
+
730
+ **Status options** (see `assets/status-definitions.md` for full definitions):
731
+ - `IMPLEMENTED` — complete, correct implementation found with evidence
732
+ - `PARTIALLY_IMPLEMENTED` — implementation exists but incomplete or deviates
733
+ - `MISSING` — no implementation found after exhaustive six-strategy search
734
+ - `INCORRECT` — implementation exists but contradicts the requirement
735
+ - `EXTRA` — implemented feature not requested in BRD (flag as extra)
736
+ - `NOT_VERIFIED` — insufficient evidence to make a determination
737
+ - `CONFLICTED` — contradictory specifications across documents (set in Step 2D)
738
+ - `SCOPED_OUT` — excluded from audit scope via Q8
739
+
740
+ Record confidence level: `HIGH` | `MEDIUM` | `LOW` (per decision tree in status-definitions.md)
741
+
742
+ Output: **BRD Compliance Matrix**.
743
+
744
+ ---
745
+
746
+ ### Pass 9 — User Story Comparison
747
+
748
+ **Goal**: For every user story and every acceptance criterion, verify implementation.
749
+
750
+ For each User Story:
751
+ 1. Identify the business flow being tested
752
+ 2. Verify the complete end-to-end flow:
753
+ - UI elements (form, buttons, labels, icons) — check Screen Inventory + screen files
754
+ - Navigation (from where, to where) — check Navigation Flow Map
755
+ - API calls (which endpoint, payload, response mapping) — check API Inventory
756
+ - Business rules (eligibility, conditions) — check Business Logic Inventory
757
+ - Validation (every field mentioned) — check Validation Inventory
758
+ - Calculations (any formula mentioned) — check Calculation Inventory
759
+ - Error handling (what happens on failure) — read error handling in files
760
+ - Loading states — check screen files for loading indicators
761
+ - Empty states — check screen files for empty state components
762
+ - Retry behavior — check error handling, retry logic
763
+ - Offline handling — check network error handling
764
+ - Localization — check string resources / i18n files
765
+ - Accessibility — check accessibility labels, screen readers
766
+
767
+ For each Acceptance Criterion (AC):
768
+ - Verify individually
769
+ - Assign status: `SATISFIED` | `PARTIALLY_SATISFIED` | `NOT_SATISFIED` | `NOT_VERIFIABLE`
770
+ - Record evidence
771
+
772
+ Output: **User Story Compliance Matrix**.
773
+
774
+ ---
775
+
776
+ ### Pass 10 — Test Case Comparison
777
+
778
+ **Goal**: For every test case, logically execute it against the implementation.
779
+
780
+ Do NOT check if a test file exists. Instead, determine if the actual implementation can satisfy the test case.
781
+
782
+ For each Test Case:
783
+
784
+ 1. Read the test steps and expected result
785
+ 2. Trace through the actual implementation:
786
+ - Step 1 of TC → Which screen does this map to? Does it exist?
787
+ - Step 2 of TC → Which action is performed? Is it implemented?
788
+ - ...
789
+ - Expected Result → Does the implementation produce this result?
790
+ 3. Check:
791
+ - Is the relevant screen implemented?
792
+ - Is the required API call made with the correct payload?
793
+ - Is the response correctly mapped?
794
+ - Is the expected validation message displayed with exact text?
795
+ - Is the expected navigation triggered?
796
+ - Is the expected UI state shown?
797
+ 4. Assign test case verdict:
798
+ - `PASS` — implementation fully satisfies all test steps and expected result
799
+ - `PARTIAL_PASS` — most steps pass but one or more expected results are wrong
800
+ - `FAIL` — implementation cannot satisfy the test case
801
+ - `NOT_IMPLEMENTED` — required feature/screen/API does not exist
802
+ - `BLOCKED` — test case depends on another missing feature
803
+ - `UNKNOWN` — cannot determine due to insufficient code evidence
804
+
805
+ For FAIL, PARTIAL_PASS, and NOT_IMPLEMENTED, record:
806
+ - Which step fails
807
+ - What is missing
808
+ - Which file is the gap in
809
+ - What specific function, validation, or UI element is absent
810
+
811
+ Output: **Test Case Results Matrix**.
812
+
813
+ ---
814
+
815
+ ### Pass 11 — Cross-Validation
816
+
817
+ **Goal**: Identify inconsistencies and gaps across all previous passes.
818
+
819
+ Perform the following cross-checks:
820
+
821
+ **11A — Validation Message Audit**
822
+ For every validation message found in the Validation Inventory:
823
+ - Compare exact message text against BRD requirements
824
+ - Compare against User Story acceptance criteria
825
+ - Compare against Test Case expected results
826
+ - Flag any mismatch, even minor (e.g., "Mobile required" vs "Please enter mobile number")
827
+
828
+ **11B — API Contract Audit**
829
+ For every API in the API Inventory:
830
+ - Compare endpoint, method, payload against BRD / API documentation if provided
831
+ - Verify response mapping against model definitions
832
+ - Check that every required API mentioned in BRD / User Stories is present
833
+ - Flag extra APIs not mentioned in requirements
834
+
835
+ **11C — UI Label Audit**
836
+ For every screen in the Screen Inventory:
837
+ - Extract all visible text labels, button text, placeholder text, error messages
838
+ - Compare against BRD / User Stories where specific text is prescribed
839
+ - Flag mismatches
840
+
841
+ **11D — Navigation Flow Audit**
842
+ - Compare Navigation Flow Map against required flows in BRD / User Stories
843
+ - Flag missing flows
844
+ - Flag extra flows not requested
845
+
846
+ **11E — Extra Implementation Detection**
847
+ Using all inventories, identify:
848
+ - Screens that exist but are not mentioned in any requirement
849
+ - APIs called that are not referenced in any requirement
850
+ - Business logic / calculations not traced to any requirement
851
+ - Validations not mentioned in any requirement
852
+ - Navigation flows not mentioned in any requirement
853
+
854
+ **11F — Orphan Analysis**
855
+ - BRD requirements with no User Story or Test Case coverage → flag as orphan
856
+ - User Stories with no BRD traceability → flag as orphan
857
+ - Test Cases with no User Story or BRD traceability → flag as orphan
858
+ - Implemented features with no requirement traceability → flag as extra
859
+
860
+ **11G — Localization Audit**
861
+ - Read the primary locale file (en.json / en.strings / Localizable.strings / app_en.arb)
862
+ - Read all other locale files (fr.json, es.json, ar.json, etc.)
863
+ - For each key in the primary locale, verify it exists in all other locale files
864
+ - Flag missing translation keys (primary key absent from another locale)
865
+ - Also compare required string keys from BRD against the primary locale file
866
+ - Flag BRD-required strings that are absent from ALL locale files
867
+ - Add findings to File 06 §Localization Coverage table
868
+
869
+ **11H — Self-Verification Protocol** (mandatory before Pass 12)
870
+ Before generating any report:
871
+ 1. Randomly select 3 IMPLEMENTED findings and 2 INCORRECT findings from the BRD Compliance Matrix
872
+ 2. For each selected finding, re-open the cited file at the cited function
873
+ 3. Confirm: (a) the file path exists, (b) the function/component exists, (c) the described behavior
874
+ matches what the code actually does
875
+ 4. If any verification fails: downgrade the status to NOT_VERIFIED (citing "Self-verification failed:
876
+ {reason}") and extend the verification check to ALL findings in that category
877
+ 5. Record self-verification results: "{N} of 5 spot-checks CONFIRMED, {M} REVISED"
878
+
879
+ Output: **Cross-Validation Findings** + **Self-Verification Summary**.
880
+
881
+ ---
882
+
883
+ ### Pass 12 — Report Generation
884
+
885
+ **Goal**: Generate all 15 output files.
886
+
887
+ Load `assets/output-file-contracts.md` before generating any file.
888
+ Follow each file's content contract exactly.
889
+ **Generate files in this sequence** (see §Generation Order in output-file-contracts.md for rationale):
890
+
891
+ **Phase 1** — Detail files (any order within this phase):
892
+ Files 02, 03, 04, 05, 06, 07, 08, 09, 10, 11
893
+
894
+ **Phase 2** — Extra implementation:
895
+ File 12
896
+
897
+ **Phase 3** — Scorecard (aggregates all Phase 1 + Phase 2 scores):
898
+ File 13
899
+
900
+ **Phase 4** — Executive Summary (derived from File 13 scorecard — MUST be after File 13):
901
+ File 01
902
+
903
+ **Phase 5** — Recommendations and Security:
904
+ Files 14 and 15
905
+
906
+ Do NOT generate File 01 first. File 01 requires the weighted score from File 13.
907
+ Do NOT skip any file. Do NOT leave placeholder text (`[...]`, `TODO`, `N/A`) in any file
908
+ unless explicitly allowed by the contract.
909
+
910
+ ---
911
+
912
+ ## Status Definitions
913
+
914
+ Load `assets/status-definitions.md` before Pass 8. This is the ONLY authoritative source for all
915
+ status definitions, confidence levels, message match statuses, CONFLICTED, and SCOPED_OUT.
916
+ Do not rely on the brief descriptions in this file — they are for orientation only.
917
+
918
+ The status taxonomy covers: IMPLEMENTED, PARTIALLY_IMPLEMENTED, MISSING, INCORRECT, EXTRA,
919
+ NOT_VERIFIED, CONFLICTED, SCOPED_OUT (BRD requirements); PASS, PARTIAL_PASS, FAIL,
920
+ NOT_IMPLEMENTED, BLOCKED, UNKNOWN (Test Cases); SATISFIED, PARTIALLY_SATISFIED, NOT_SATISFIED,
921
+ NOT_VERIFIABLE (Acceptance Criteria).
922
+
923
+ ---
924
+
925
+ ## Coverage Calculation
926
+
927
+ Load `assets/coverage-calculation-rules.md` for the complete authoritative formula set.
928
+ `coverage-calculation-rules.md` is the single source of truth for:
929
+ - Dimension weight percentages (including Q9 project type preset adjustments)
930
+ - Zero-denominator guards and weight redistribution
931
+ - Grade scale (A+/A/A-/B+/B/B-/C+/C/C-/D/F)
932
+ - Risk band definitions
933
+
934
+ Coverage is NEVER based on file existence. Coverage is based on verified implementation.
935
+
936
+ Key formula (from coverage-calculation-rules.md — use the file for exact weights):
937
+ ```
938
+ TC Fail % = (FAIL + NOT_IMPLEMENTED + BLOCKED-with-no-BRD-link) / (Total TCs − BLOCKED-linked-to-MISSING) × 100
939
+ Note: BLOCKED tests that are blocked by a MISSING BRD requirement already counted as MISSING
940
+ are excluded from both numerator and denominator to avoid double-penalizing the same gap.
941
+
942
+ SCOPED_OUT items are excluded from ALL denominators — they do not affect any coverage score.
943
+ CONFLICTED items score 0% until resolved.
944
+ ```
945
+
946
+ Overall Compliance Score = weighted sum of all dimension scores (use weights from coverage-calculation-rules.md).
947
+ If Q9 was set to a non-default project type, apply the matching weight preset from that file.
948
+
949
+ ---
950
+
951
+ ## Output Files
952
+
953
+ Load `assets/output-file-contracts.md` for complete content specifications.
954
+
955
+ ### File 01 — 01_EXECUTIVE_SUMMARY.md
956
+ **Audience**: Project managers, stakeholders, QA leads
957
+ **Content**:
958
+ - Project name, audit date, auditor (Claude Code)
959
+ - Overall Compliance % (large, prominent)
960
+ - Risk Score: `CRITICAL` (0–49%) | `HIGH` (50–69%) | `MEDIUM` (70–84%) | `LOW` (85–94%) | `MINIMAL` (95–100%)
961
+ - Production Readiness: `NOT READY` | `NEEDS WORK` | `CONDITIONAL` | `READY`
962
+ - Quality Score (weighted composite)
963
+ - Coverage summary table (all dimensions in one table)
964
+ - Top 5 critical missing features (with BRD IDs)
965
+ - Top 5 critical test case failures (with TC IDs)
966
+ - Key risks (3–5 bullets)
967
+ - Immediate action items (3–5 bullets)
968
+
969
+ ### File 02 — 02_BRD_COMPLIANCE.md
970
+ **Audience**: Business analysts, product managers
971
+ **Content**:
972
+ - BRD compliance summary table (counts by status)
973
+ - BRD coverage pie chart (ASCII bar chart by status)
974
+ - Detailed requirement table — for every BRD requirement:
975
+
976
+ | Column | Content |
977
+ |---|---|
978
+ | BRD-ID | Requirement identifier |
979
+ | Category | Requirement type |
980
+ | Priority | Business priority |
981
+ | Requirement | Requirement text |
982
+ | Status | Implementation status |
983
+ | Coverage % | Partial coverage percentage if PARTIALLY_IMPLEMENTED |
984
+ | Evidence | File paths and function names |
985
+ | Issues | What is missing or incorrect |
986
+ | Recommendation | What needs to be done |
987
+
988
+ - Group by Category (UI, API, Validation, Business Logic, Navigation, etc.)
989
+ - Color-code: use markdown bold for MISSING, italics for PARTIAL
990
+
991
+ ### File 03 — 03_USER_STORY_COMPLIANCE.md
992
+ **Audience**: Product owners, QA leads
993
+ **Content**:
994
+ - User story compliance summary
995
+ - For each user story:
996
+ - Story ID, Role, Goal, Business Value
997
+ - Overall story status
998
+ - Acceptance criteria table: AC-ID | Criterion Text | Status | Evidence | Issues
999
+ - Business flow verified: Yes/Partial/No
1000
+ - Missing elements list
1001
+ - Recommendation
1002
+ - Group by feature/epic if detectable from story structure
1003
+
1004
+ ### File 04 — 04_TEST_CASE_COMPLIANCE.md
1005
+ **Audience**: QA engineers, test managers
1006
+ **Content**:
1007
+ - Test case summary (total, PASS, PARTIAL_PASS, FAIL, NOT_IMPLEMENTED, BLOCKED, UNKNOWN counts)
1008
+ - Pass rate as ASCII bar chart
1009
+ - For every test case:
1010
+
1011
+ | Column | Content |
1012
+ |---|---|
1013
+ | TC-ID | Test case identifier |
1014
+ | Scenario | Test scenario name |
1015
+ | Type | Test type |
1016
+ | Related Story | US-ID |
1017
+ | Related BRD | BRD-ID |
1018
+ | Status | Verdict |
1019
+ | Expected Result | From test case |
1020
+ | Actual Implementation | What the code actually does |
1021
+ | Evidence | File paths |
1022
+ | Reason for Failure | If FAIL/PARTIAL_PASS |
1023
+ | Recommendation | What must be fixed |
1024
+
1025
+ - Group by: FAIL first, then PARTIAL_PASS, then NOT_IMPLEMENTED, then BLOCKED, then PASS
1026
+
1027
+ ### File 05 — 05_VALIDATION_ANALYSIS.md
1028
+ **Audience**: Developers, QA
1029
+ **Content**:
1030
+ - Validation coverage summary
1031
+ - For every required validation (from BRD/Stories):
1032
+ - Field name
1033
+ - Required rule (from BRD)
1034
+ - Implemented rule (from code, exact regex or condition)
1035
+ - Required message (from BRD, exact text)
1036
+ - Implemented message (from code, exact string)
1037
+ - Message match: `EXACT` | `SIMILAR` | `MISMATCH` | `MISSING`
1038
+ - Status
1039
+ - File path
1040
+ - Validation Message Mismatch Table (all mismatches in one table)
1041
+ - Missing validations list
1042
+ - Extra validations list (implemented but not required)
1043
+ - Server-side validation coverage
1044
+ - Validation timing issues (required onChange but implemented onSubmit only)
1045
+
1046
+ ### File 06 — 06_UI_ANALYSIS.md
1047
+ **Audience**: UI developers, QA
1048
+ **Content**:
1049
+ - UI coverage summary
1050
+ - For each required screen:
1051
+ - Screen name
1052
+ - Implemented: Yes/No
1053
+ - File path
1054
+ - Required UI elements vs implemented (table: element, required, implemented, status)
1055
+ - Label/text mismatches (required text vs implemented text)
1056
+ - Missing elements
1057
+ - Extra elements
1058
+ - Conditional UI analysis (conditions that control element visibility)
1059
+ - Loading state: implemented Yes/No
1060
+ - Empty state: implemented Yes/No
1061
+ - Error state: implemented Yes/No
1062
+ - Missing screens list
1063
+ - Extra screens list (no requirement reference)
1064
+
1065
+ ### File 07 — 07_API_ANALYSIS.md
1066
+ **Audience**: Backend developers, QA
1067
+ **Content**:
1068
+ - API coverage summary
1069
+ - For each required API (from BRD/Stories):
1070
+ - Requirement reference (BRD-ID or US-ID)
1071
+ - Required: method, endpoint, payload, response
1072
+ - Implemented: method, endpoint (from API Inventory)
1073
+ - Endpoint match: Yes/No
1074
+ - Method match: Yes/No
1075
+ - Authentication: required/implemented
1076
+ - Error handling: required/implemented
1077
+ - Retry: required/implemented
1078
+ - Status
1079
+ - File path
1080
+ - API not in requirements (extra APIs)
1081
+ - APIs in requirements but not implemented (missing APIs)
1082
+ - Response mapping issues
1083
+ - Authentication gaps
1084
+
1085
+ ### File 08 — 08_BUSINESS_LOGIC_ANALYSIS.md
1086
+ **Audience**: Developers, business analysts
1087
+ **Content**:
1088
+ - Business logic coverage summary
1089
+ - For each required business rule (from BRD/Stories):
1090
+ - BRD-ID / US-ID reference
1091
+ - Business rule description
1092
+ - Rule type (condition, calculation, threshold, eligibility, state machine)
1093
+ - Implementation status
1094
+ - Evidence: file path, function name, code excerpt
1095
+ - Issues (if PARTIAL or INCORRECT)
1096
+ - Recommendation
1097
+ - Calculation verification:
1098
+ - For each required calculation: formula, implemented formula (from code), match status, worked example
1099
+ - Missing business rules
1100
+ - Extra business logic (not in requirements)
1101
+ - Decision tree coverage
1102
+
1103
+ ### File 09 — 09_NAVIGATION_ANALYSIS.md
1104
+ **Audience**: Developers, QA
1105
+ **Content**:
1106
+ - Navigation coverage summary
1107
+ - Required navigation flows vs implemented flows (table)
1108
+ - For each required flow:
1109
+ - Flow ID (from BRD / User Story)
1110
+ - From screen → To screen
1111
+ - Trigger condition
1112
+ - Parameters
1113
+ - Implemented: Yes/No
1114
+ - File path
1115
+ - Status
1116
+ - Missing navigation flows
1117
+ - Extra navigation (not in requirements)
1118
+ - Back navigation analysis
1119
+ - Deep link analysis (if required)
1120
+ - Auth guard on navigation: required vs implemented
1121
+
1122
+ ### File 10 — 10_TRACEABILITY_MATRIX.md
1123
+ **Audience**: Project managers, QA, auditors
1124
+ **Content**:
1125
+ Complete horizontal traceability table:
1126
+
1127
+ | BRD-ID | BRD Requirement | Story-ID | Story Title | AC-IDs | TC-IDs | Implementation Files | Status |
1128
+ |---|---|---|---|---|---|---|---|
1129
+
1130
+ - One row per BRD requirement
1131
+ - Orphan analysis section: BRD requirements with no story/TC, stories with no BRD, TCs with no story/BRD
1132
+ - Implementation gap analysis
1133
+ - Full traceability score (% of items with complete chain)
1134
+
1135
+ ### File 11 — 11_MISSING_FEATURES.md
1136
+ **Audience**: Developers, project managers
1137
+ **Content**:
1138
+ - Total missing features count
1139
+ - Grouped by priority: Critical, High, Medium, Low
1140
+ - For each missing feature:
1141
+ - BRD-ID / US-ID
1142
+ - Feature description
1143
+ - Priority
1144
+ - Impact assessment (what breaks without this)
1145
+ - Effort estimate: High/Medium/Low (based on complexity)
1146
+ - Dependencies (what other features depend on this)
1147
+ - Recommendation
1148
+ - Missing API endpoints
1149
+ - Missing screens
1150
+ - Missing validations
1151
+ - Missing business rules
1152
+ - Missing navigation flows
1153
+ - Missing calculations
1154
+
1155
+ ### File 12 — 12_EXTRA_IMPLEMENTATION.md
1156
+ **Audience**: Project managers, architects
1157
+ **Content**:
1158
+ - Total extra implementation items found
1159
+ - For each extra item:
1160
+ - Item type: Screen | API | Business Logic | Validation | Navigation | Calculation
1161
+ - Description
1162
+ - File path
1163
+ - Assessment: Intentional (known extension) | Leftover (orphaned code) | Speculative (premature feature)
1164
+ - Recommendation: Keep | Remove | Document as requirement | Defer
1165
+ - Risk assessment of extra implementation
1166
+ - Dead code analysis
1167
+
1168
+ ### File 13 — 13_COMPLIANCE_SCORECARD.md
1169
+ **Audience**: All stakeholders
1170
+ **Content**:
1171
+ - Visual scorecard (ASCII tables with scores)
1172
+ - Dimension scores:
1173
+
1174
+ | Dimension | Score | Status |
1175
+ |---|---|---|
1176
+ | BRD Compliance | XX% | ✓ / ✗ |
1177
+ | User Story Fulfillment | XX% | |
1178
+ | Acceptance Criteria | XX% | |
1179
+ | Test Case Pass Rate | XX% | |
1180
+ | Validation Coverage | XX% | |
1181
+ | API Coverage | XX% | |
1182
+ | UI Coverage | XX% | |
1183
+ | Business Logic Coverage | XX% | |
1184
+ | Navigation Coverage | XX% | |
1185
+ | **Overall Compliance** | **XX%** | |
1186
+
1187
+ - ASCII bar charts for each dimension
1188
+ - Benchmark comparisons:
1189
+ - Production ready: ≥ 90%
1190
+ - Acceptable for beta: ≥ 75%
1191
+ - Needs significant work: < 75%
1192
+ - Not shippable: < 50%
1193
+ - Trend indicators (if prior audit data available)
1194
+ - Quality gates status
1195
+
1196
+ ### File 14 — 14_FINAL_RECOMMENDATIONS.md
1197
+ **Audience**: All stakeholders, developers
1198
+ **Content**:
1199
+ - Executive decision: SHIP / CONDITIONAL SHIP / DO NOT SHIP
1200
+ - Rationale
1201
+ - Prioritized action plan — ordered list of what to fix:
1202
+ - Priority 1 (Blockers): must fix before any release
1203
+ - Priority 2 (Critical): fix before production release
1204
+ - Priority 3 (Important): fix before stable release
1205
+ - Priority 4 (Nice to have): can defer
1206
+ - Sprint plan suggestion: T-shirt size groupings (XL/L/M/S) — see output-file-contracts.md §File 14
1207
+ - Risk register (identified risks with likelihood and impact)
1208
+ - Technical debt items identified during audit
1209
+ - Process recommendations (what went wrong in requirements to implementation handoff)
1210
+ - Team recommendations (areas needing knowledge transfer or additional QA)
1211
+
1212
+ ### File 15 — 15_SECURITY_ANALYSIS.md
1213
+ **Audience**: Security engineers, compliance teams, all stakeholders
1214
+ **Content**:
1215
+ - Security findings summary (CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL)
1216
+ - Encryption compliance (algorithm, key management, data at rest and in transit)
1217
+ - Token and session security (storage, expiry, refresh, revocation)
1218
+ - PIN / password security (lockout, complexity, change flow, biometric)
1219
+ - Error message safety (stack trace exposure, internal path leakage)
1220
+ - SSL / certificate pinning status
1221
+ - Sensitive data logging scan results
1222
+ - Missing security requirements (required but not implemented)
1223
+ - Security recommendations (ordered by severity)
1224
+ See `assets/output-file-contracts.md` §File 15 for full contract.
1225
+
1226
+ ---
1227
+
1228
+ ## §Extensibility Guide
1229
+
1230
+ ### Adding a New Platform
1231
+
1232
+ To add support for a new platform (e.g., Python/Django), touch these 4 files:
1233
+
1234
+ 1. **detect-platform.ps1** — Add a new detection block that checks for the platform's marker file
1235
+ (e.g., `requirements.txt` containing `django`). Set `$result.platform = "Django"`.
1236
+
1237
+ 2. **scan-repository.ps1** — Add the new platform to the `[ValidateSet]` on the `$Platform` param.
1238
+ Add file extensions to the `$extensions` switch block. Add backend category rules to
1239
+ `Get-FileCategory` for the platform's file patterns.
1240
+
1241
+ 3. **SKILL.md §Step 1 routing table** — Add a row: `| Django | references/django-patterns.md |`
1242
+
1243
+ 4. **references/django-patterns.md** (new file) — Create following the same structure as
1244
+ `backend-patterns.md`. Add "## Django — read this section only if Platform=Django" header.
1245
+
1246
+ ### Adding a New Output File
1247
+
1248
+ 1. **assets/output-file-contracts.md** — Add a new §File NN section with full content contract.
1249
+ 2. **SKILL.md §Output Files** — Add a description of the new file.
1250
+ 3. **SKILL.md §Pass 12** — Add the file to the appropriate generation phase.
1251
+ 4. **SKILL.md Completion Report** — Add `[NN] NN_FILENAME.md` to the Files Generated list.
1252
+
1253
+ ### Adding a New Requirement Type
1254
+
1255
+ 1. **SKILL.md §Pass 8 Step 2** — Add a routing rule: `{Type} requirement → Search {Inventory}`.
1256
+ 2. **assets/multi-strategy-search.md §Minimum Strategies** — Add the new type and its minimum
1257
+ required strategies.
1258
+
1259
+ ---
1260
+
1261
+ ## Strict Rules (MUST follow every rule)
1262
+
1263
+ 1. **Never guess.** If you cannot find evidence in the source code, the status is `MISSING` or `NOT_VERIFIED`, never `IMPLEMENTED`.
1264
+ 2. **Never hallucinate.** Do not invent file paths, function names, or code behavior. Only cite files you have read.
1265
+ 3. **Never mark as implemented without evidence.** A requirement is not implemented until you have read the actual code that implements it.
1266
+ 4. **Every finding must cite.** Every IMPLEMENTED, PARTIAL, or INCORRECT status must include: file path, function/class name (if applicable), and a brief description of what was found.
1267
+ 5. **Never skip a requirement.** Every single BRD requirement, User Story, Acceptance Criterion, and Test Case must appear in the reports with a status.
1268
+ 6. **Perform all 12 passes.** Do not combine passes. Do not skip passes. Each pass builds on the previous.
1269
+ 7. **Read files, do not assume.** Use the Glob tool to find files and the Read/Grep tools to read them. Do not assume what a file contains based on its name alone.
1270
+ 8. **Read EVERY source file — no exceptions.** The Master File List from Step 3B is a read obligation. Every file in every category (except Assets) must be opened and read at least once. A file that has not been opened cannot be claimed as searched.
1271
+ 9. **Components are not optional.** Reusable UI components must be read. They contain text labels, placeholders, error messages, conditional rendering, and inline validation that screens delegate to them. A compliance check that only reads screens will miss component-level requirements.
1272
+ 10. **Hooks are not optional.** Custom hooks contain business logic, validation, API calls, and state management. Every hook must be read and its logic catalogued.
1273
+ 11. **Core and security files are not optional.** Interceptors, middleware, encryption modules, session managers, and auth wrappers implement critical cross-cutting requirements. Read them all.
1274
+ 12. **Follow import chains.** When a screen imports a component, a component imports a hook, or a hook imports a service — that is an implementation chain. Follow it one level deep for every requirement being verified.
1275
+ 13. **Constants define requirements.** Constant files (min/max values, regex patterns, timeout durations, retry counts) encode business rules. Every constant file must be read and its values compared against BRD requirements.
1276
+ 14. **Validation messages must be exact.** When comparing validation messages, compare character-by-character. "Mobile number is required" and "Mobile number required" are a mismatch. Resolve string keys using the String Map built in Pass 1.
1277
+ 15. **Resolve string resources.** If an error message is stored in a strings file (strings.xml, en.json, Localizable.strings), read that file and resolve the actual string before comparing.
1278
+ 16. **Extra features are not failures.** Extra implementation is not a defect but must be reported separately in File 12.
1279
+ 17. **Confidence must be honest.** Do not assign HIGH confidence unless you have directly read the implementing code. Do not assign LOW confidence speculatively — LOW means you found something suggestive but not conclusive.
1280
+ 18. **Generate all 15 files.** Do not omit any output file, even if a section has nothing to report (report "None found"). File 15 (Security Analysis) is always generated regardless of platform.
1281
+ 19. **No placeholder text in output files.** Every table cell, every finding, every recommendation must be filled. No `[TODO]`, `[TBD]`, or `[N/A]` unless the contract explicitly allows it.
1282
+ 20. **Use all six search strategies.** Before marking any requirement as `MISSING`, follow the complete protocol in `assets/multi-strategy-search.md`. All six strategies must be exhausted (or confirmed inapplicable). Record evidence from each strategy. Two searches is never sufficient.
1283
+ 21. **Search in components AND screens.** When a requirement mentions a UI element (button, field, label), search both Screen files AND Component files. The element may be in a shared component used by the screen.
1284
+ 22. **Prioritize correctness over speed.** This audit takes precedence over response time. Scan thoroughly.
1285
+ 23. **Framework agnostic.** Apply the platform reference loaded in Step 1. Do not impose assumptions from one framework onto another.
1286
+ 24. **Report format must be professional.** Use proper markdown: headers, tables, bold for status, code blocks for code excerpts. The reports are read by non-technical stakeholders and developers alike.
1287
+ 25. **No emojis in output files.** Use plain text status indicators and markdown formatting only.
1288
+ 26. **Scores must be calculated, not estimated.** Every coverage percentage must be computed from actual counts. Show the calculation.
1289
+ 27. **Output folder must be created at project root** unless the user specifies otherwise.
1290
+ 28. **Report files read in completion summary.** The final completion report must include `Files read: {N}` — the total count of files actually opened during the audit. This number must match or exceed the non-asset, non-generated file count from the Master File List.
1291
+ 29. **Unread files = coverage gap.** If a file category was not fully read, every requirement that could be implemented in that category must be marked `NOT_VERIFIED`, not `MISSING` or `IMPLEMENTED`. Partial scanning produces unreliable results.
1292
+
1293
+ ---
1294
+
1295
+ ## Completion Report
1296
+
1297
+ After generating all 15 files, print:
1298
+
1299
+ ```
1300
+ AUDIT COMPLETE
1301
+ ==============
1302
+ Skill Version: 3.0.0
1303
+ Project: {project name}
1304
+ Platform: {detected platform}
1305
+ Output Folder: {Q5}/
1306
+ Delta Mode: {Yes — compared against {Q10} | No}
1307
+
1308
+ Input Documents:
1309
+ BRD: {Q1} — {N} requirements parsed ({SCOPED_OUT} scoped out, {CONFLICTED} conflicts)
1310
+ User Stories: {Q2} — {M} stories, {K} acceptance criteria
1311
+ Test Cases: {Q3} — {P} test cases
1312
+
1313
+ Repository Scan Coverage:
1314
+ Total source files in project: {N}
1315
+ Files read during audit: {N}
1316
+ Coverage by category:
1317
+ Screens: {read}/{total}
1318
+ Components: {read}/{total}
1319
+ Hooks: {read}/{total}
1320
+ APILayer: {read}/{total}
1321
+ StateManagement: {read}/{total}
1322
+ Navigation: {read}/{total}
1323
+ BusinessLogic: {read}/{total}
1324
+ Validation: {read}/{total}
1325
+ Models: {read}/{total}
1326
+ Core/Security: {read}/{total}
1327
+ Constants: {read}/{total}
1328
+ Utilities: {read}/{total}
1329
+ Localization: {read}/{total}
1330
+ Other: {read}/{total}
1331
+ Files NOT read (if any): {list unread files or "None — 100% coverage"}
1332
+
1333
+ Self-Verification Results: {N} of 5 spot-checks CONFIRMED | {M} REVISED
1334
+
1335
+ Files Generated (in generation order):
1336
+ [02] 02_BRD_COMPLIANCE.md — Status: COMPLETE | PARTIAL
1337
+ [03] 03_USER_STORY_COMPLIANCE.md — Status: COMPLETE | PARTIAL
1338
+ [04] 04_TEST_CASE_COMPLIANCE.md — Status: COMPLETE | PARTIAL
1339
+ [05] 05_VALIDATION_ANALYSIS.md — Status: COMPLETE | PARTIAL
1340
+ [06] 06_UI_ANALYSIS.md — Status: COMPLETE | PARTIAL
1341
+ [07] 07_API_ANALYSIS.md — Status: COMPLETE | PARTIAL
1342
+ [08] 08_BUSINESS_LOGIC_ANALYSIS.md — Status: COMPLETE | PARTIAL
1343
+ [09] 09_NAVIGATION_ANALYSIS.md — Status: COMPLETE | PARTIAL
1344
+ [10] 10_TRACEABILITY_MATRIX.md — Status: COMPLETE | PARTIAL
1345
+ [11] 11_MISSING_FEATURES.md — Status: COMPLETE | PARTIAL
1346
+ [12] 12_EXTRA_IMPLEMENTATION.md — Status: COMPLETE | PARTIAL
1347
+ [13] 13_COMPLIANCE_SCORECARD.md — Status: COMPLETE | PARTIAL
1348
+ [01] 01_EXECUTIVE_SUMMARY.md — Status: COMPLETE | PARTIAL
1349
+ [14] 14_FINAL_RECOMMENDATIONS.md — Status: COMPLETE | PARTIAL
1350
+ [15] 15_SECURITY_ANALYSIS.md — Status: COMPLETE | PARTIAL
1351
+
1352
+ Overall Compliance Score: {X}%
1353
+ Risk Level: {CRITICAL | HIGH | MEDIUM | LOW | MINIMAL}
1354
+ Production Readiness: {NOT READY | NEEDS WORK | CONDITIONAL | READY}
1355
+
1356
+ File Read Obligation: FULFILLED ({N}/{N} files) | PARTIAL ({N}/{N} files — list gaps)
1357
+ Placeholder Validation: PASS (0 remaining) | FAIL (list occurrences)
1358
+ ```