omgkit 2.21.7 → 2.22.0

package/plugin/workflows/testing/comprehensive-testing.md

@@ -0,0 +1,130 @@
+---
+name: testing/comprehensive-testing
+description: Comprehensive Omega testing workflow covering all 4 dimensions - Accuracy, Performance, Security, and Accessibility
+category: testing
+complexity: high
+agents:
+  - tester
+  - security-auditor
+  - performance-engineer
+  - code-reviewer
+skills:
+  - testing/comprehensive-testing
+  - testing/property-testing
+  - testing/mutation-testing
+  - testing/security-testing
+  - testing/performance-testing
+commands:
+  - /quality:test-omega
+  - /quality:test-property
+  - /quality:test-mutate
+  - /quality:test-security
+  - /quality:test-performance
+tags:
+  - testing
+  - quality
+  - omega
+  - comprehensive
+---
+
+# Omega Testing Workflow
+
+Comprehensive testing workflow that covers all 4 dimensions of software quality.
+
+## Overview
+
+This workflow orchestrates comprehensive testing across:
+1. **Accuracy** - Correctness of functionality
+2. **Performance** - Speed and resource efficiency
+3. **Security** - Protection against vulnerabilities
+4. **Accessibility** - Usability for all users
+
+## Steps
+
+1. **Plan**: Define testing dimensions and coverage targets
+2. **Accuracy**: Run unit, integration, and E2E tests
+3. **Performance**: Execute benchmarks and load tests
+4. **Security**: Run OWASP and vulnerability tests
+5. **Accessibility**: Check WCAG compliance
+6. **Mutation**: Verify test quality with mutations
+7. **Report**: Generate quality dashboard
+
+## Workflow Phases
+
+### Phase 1: Test Planning
+1. Analyze codebase for testable components
+2. Identify critical paths and risk areas
+3. Define coverage targets per dimension
+4. Establish SLAs and thresholds
+
+### Phase 2: Accuracy Testing
+1. Run unit tests with property-based tests
+2. Execute integration tests
+3. Run E2E tests for critical flows
+4. Measure code coverage
+
+### Phase 3: Performance Testing
+1. Run benchmarks for key operations
+2. Execute load tests for APIs
+3. Perform memory leak detection
+4. Compare against performance budget
+
+### Phase 4: Security Testing
+1. Run OWASP Top 10 tests
+2. Execute injection tests
+3. Verify authentication/authorization
+4. Scan for vulnerabilities
+
+### Phase 5: Accessibility Testing
+1. Run WCAG compliance checks
+2. Test keyboard navigation
+3. Verify screen reader compatibility
+4. Check color contrast and focus indicators
+
+### Phase 6: Mutation Testing
+1. Generate code mutations
+2. Verify test quality
+3. Identify weak assertions
+4. Improve mutation score
+
+### Phase 7: Reporting
+1. Aggregate test results
+2. Generate quality dashboard
+3. Create action items for failures
+4. Document lessons learned
+
+## Quality Gates
+
+| Dimension | Minimum | Target | Excellent |
+|-----------|---------|--------|-----------|
+| Unit Coverage | 80% | 90% | 95% |
+| Integration Coverage | 60% | 75% | 85% |
+| Performance SLA | Pass | <100ms p95 | <50ms p95 |
+| Security | No critical | No high | No medium |
+| Accessibility | AA | AAA partial | Full AAA |
+| Mutation Score | 50% | 75% | 85% |
+
+## Triggers
+
+- Pre-commit (fast tests only)
+- Pre-merge (full suite)
+- Scheduled (comprehensive + performance)
+- Release (all + security audit)
+
+## Agent Responsibilities
+
+| Agent | Responsibility |
+|-------|----------------|
+| tester | Unit, integration, E2E, property tests |
+| security-auditor | Security tests, vulnerability scanning |
+| performance-engineer | Benchmarks, load tests, profiling |
+| code-reviewer | Test quality review, coverage analysis |
+
+## Success Criteria
+
+- All tests pass
+- Coverage meets thresholds
+- No security vulnerabilities
+- Performance within SLAs
+- Accessibility compliant
+- Mutation score above threshold

package/plugin/workflows/testing/security-hardening.md

@@ -0,0 +1,196 @@
+---
+name: testing/security-hardening
+description: Security hardening workflow with vulnerability assessment, penetration testing, and remediation
+category: testing
+complexity: high
+agents:
+  - security-auditor
+  - vulnerability-scanner
+  - tester
+  - fullstack-developer
+skills:
+  - testing/security-testing
+  - security/owasp
+  - security/security-hardening
+  - testing/comprehensive-testing
+commands:
+  - /quality:test-security
+  - /security:scan
+  - /quality:security-scan
+tags:
+  - security
+  - testing
+  - hardening
+  - owasp
+---
+
+# Security Hardening Workflow
+
+Comprehensive security testing and hardening workflow.
+
+## Overview
+
+This workflow provides systematic security assessment and hardening through:
+1. Vulnerability scanning and assessment
+2. Penetration testing simulation
+3. Security test development
+4. Remediation and verification
+
+## Steps
+
+1. **Inventory**: Identify assets, endpoints, and data flows
+2. **Scan**: Run vulnerability and dependency scanning
+3. **Test**: Execute OWASP Top 10 test suite
+4. **Penetrate**: Simulate attacker perspective
+5. **Remediate**: Fix vulnerabilities by severity
+6. **Verify**: Re-run tests and confirm fixes
+7. **Document**: Update security documentation
+
+## Workflow Phases
+
+### Phase 1: Asset Inventory
+1. Identify all endpoints and entry points
+2. Map authentication/authorization flows
+3. Catalog sensitive data handling
+4. Document third-party dependencies
+
+### Phase 2: Vulnerability Assessment
+1. Run dependency vulnerability scan
+2. Perform static analysis (SAST)
+3. Execute dynamic analysis (DAST)
+4. Review security configurations
+
+```bash
+# Dependency scanning
+npm audit
+npx snyk test
+
+# Static analysis
+npx eslint --plugin security .
+
+# Configuration review
+npx audit-ci
+```
+
+### Phase 3: OWASP Top 10 Testing
+
+#### A01: Injection
+- SQL injection tests
+- Command injection tests
+- XSS tests
+- YAML/XML injection tests
+
+#### A02: Broken Authentication
+- Password policy tests
+- Session management tests
+- Token validation tests
+- Brute force protection tests
+
+#### A03: Sensitive Data Exposure
+- Encryption at rest tests
+- Encryption in transit tests
+- PII handling tests
+- Secret exposure tests
+
+#### A04: Access Control
+- Horizontal escalation tests
+- Vertical escalation tests
+- Resource ownership tests
+- CORS configuration tests
+
+#### A05: Security Misconfiguration
+- Default credential tests
+- Debug mode tests
+- Error handling tests
+- Security header tests
+
+#### A06: Vulnerable Components
+- Dependency audit
+- Known CVE checks
+- Outdated package detection
+
+#### A07: Auth Failures
+- Login flow tests
+- Password reset tests
+- MFA bypass attempts
+- Session fixation tests
+
+#### A08: Data Integrity
+- Input validation tests
+- File upload tests
+- Deserialization tests
+
+#### A09: Logging Failures
+- Audit log tests
+- Log injection tests
+- Sensitive data in logs tests
+
+#### A10: SSRF
+- URL validation tests
+- Internal network access tests
+- Redirect tests
+
+### Phase 4: Penetration Testing
+1. Simulate attacker perspective
+2. Test attack chains
+3. Verify defense in depth
+4. Document exploitation paths
+
+### Phase 5: Remediation
+1. Prioritize by severity and exploitability
+2. Develop fixes for each vulnerability
+3. Write tests to prevent regression
+4. Review and approve fixes
+
+### Phase 6: Verification
+1. Re-run all security tests
+2. Verify fixes are effective
+3. Ensure no new vulnerabilities
+4. Update security documentation
+
+## Severity Levels
+
+| Level | Response Time | Examples |
+|-------|---------------|----------|
+| Critical | 24 hours | RCE, auth bypass, data breach |
+| High | 1 week | SQL injection, XSS, CSRF |
+| Medium | 1 month | Info disclosure, weak crypto |
+| Low | Next release | Minor misconfigs, best practices |
+
+## Security Headers Checklist
+
+```
+Content-Security-Policy: default-src 'self'
+X-Content-Type-Options: nosniff
+X-Frame-Options: DENY
+X-XSS-Protection: 1; mode=block
+Strict-Transport-Security: max-age=31536000
+Referrer-Policy: strict-origin-when-cross-origin
+Permissions-Policy: geolocation=()
+```
+
+## Agent Responsibilities
+
+| Agent | Responsibility |
+|-------|----------------|
+| security-auditor | Overall security assessment, OWASP review |
+| vulnerability-scanner | Automated scanning, CVE detection |
+| tester | Security test development |
+| fullstack-developer | Remediation implementation |
+
+## Quality Gates
+
+- No critical vulnerabilities
+- No high vulnerabilities in new code
+- All OWASP categories tested
+- Security headers configured
+- Dependencies up to date
+- Secrets not exposed
+
+## Success Criteria
+
+- All critical/high vulnerabilities resolved
+- Security test suite comprehensive
+- No regression in security posture
+- Documentation updated
+- Team security awareness increased

package/plugin/workflows/testing/test-driven-development.md

@@ -0,0 +1,181 @@
+---
+name: testing/test-driven-development
+description: Test-Driven Development workflow with red-green-refactor cycle and continuous test feedback
+category: testing
+complexity: medium
+agents:
+  - tester
+  - fullstack-developer
+  - code-reviewer
+skills:
+  - methodology/test-driven-development
+  - testing/comprehensive-testing
+  - testing/property-testing
+  - testing/vitest
+commands:
+  - /dev:test
+  - /dev:feature
+  - /quality:test-property
+tags:
+  - testing
+  - tdd
+  - methodology
+  - development
+---
+
+# Test-Driven Development Workflow
+
+Systematic TDD workflow following the red-green-refactor cycle.
+
+## Overview
+
+This workflow implements Test-Driven Development where:
+1. **Red** - Write a failing test first
+2. **Green** - Write minimal code to pass
+3. **Refactor** - Improve code while tests pass
+
+## Steps
+
+1. **Analyze**: Break down feature into testable behaviors
+2. **Red**: Write a failing test first
+3. **Green**: Write minimal code to pass the test
+4. **Refactor**: Improve code while tests pass
+5. **Iterate**: Add more tests and repeat
+6. **Integrate**: Run full test suite and commit
+
+## Workflow Phases
+
+### Phase 1: Requirement Analysis
+1. Break down feature into testable behaviors
+2. Identify edge cases and error conditions
+3. Define expected inputs and outputs
+4. Prioritize test cases by importance
+
+### Phase 2: Red Phase - Write Failing Test
+1. Write the simplest test that fails
+2. Verify test fails for the right reason
+3. Ensure test is readable and descriptive
+4. Add assertions for expected behavior
+
+```javascript
+// Example: Red phase
+describe('calculateDiscount', () => {
+  it('applies 10% discount for orders over $100', () => {
+    const order = { total: 150 };
+    expect(calculateDiscount(order)).toBe(15);
+  });
+});
+// Run: Test should fail (function doesn't exist yet)
+```
+
+### Phase 3: Green Phase - Make Test Pass
+1. Write minimal code to pass the test
+2. Don't worry about elegance yet
+3. Focus on correctness only
+4. Verify test passes
+
+```javascript
+// Example: Green phase
+function calculateDiscount(order) {
+  if (order.total > 100) {
+    return order.total * 0.1;
+  }
+  return 0;
+}
+// Run: Test should pass now
+```
+
+### Phase 4: Refactor Phase - Improve Code
+1. Clean up implementation
+2. Remove duplication
+3. Improve naming and structure
+4. Verify tests still pass
+
+```javascript
+// Example: Refactor phase
+const DISCOUNT_THRESHOLD = 100;
+const DISCOUNT_RATE = 0.1;
+
+function calculateDiscount(order) {
+  return order.total > DISCOUNT_THRESHOLD
+    ? order.total * DISCOUNT_RATE
+    : 0;
+}
+// Run: Tests should still pass
+```
+
+### Phase 5: Add More Tests
+1. Add edge cases
+2. Add error handling tests
+3. Add property-based tests
+4. Repeat red-green-refactor
+
+```javascript
+// Additional tests
+it('returns 0 for orders exactly $100', () => {
+  expect(calculateDiscount({ total: 100 })).toBe(0);
+});
+
+it('returns 0 for orders under $100', () => {
+  expect(calculateDiscount({ total: 50 })).toBe(0);
+});
+
+it('handles negative totals', () => {
+  expect(calculateDiscount({ total: -10 })).toBe(0);
+});
+```
+
+### Phase 6: Integration
+1. Run full test suite
+2. Check coverage metrics
+3. Update documentation
+4. Commit with test evidence
+
+## TDD Best Practices
+
+### Do
+- Write tests before implementation
+- Keep tests focused and simple
+- Test one thing at a time
+- Use descriptive test names
+- Refactor only when green
+
+### Don't
+- Skip the red phase
+- Write multiple tests at once
+- Over-engineer in green phase
+- Refactor while tests fail
+- Ignore edge cases
+
+## F.I.R.S.T. Principles
+
+| Principle | Description |
+|-----------|-------------|
+| **Fast** | Tests run in milliseconds |
+| **Independent** | No test depends on another |
+| **Repeatable** | Same result every time |
+| **Self-Validating** | Pass or fail, no manual check |
+| **Timely** | Written before or with code |
+
+## Agent Responsibilities
+
+| Agent | Responsibility |
+|-------|----------------|
+| tester | Write failing tests, verify coverage |
+| fullstack-developer | Implement to pass tests |
+| code-reviewer | Review test quality, suggest improvements |
+
+## Quality Gates
+
+- All tests pass
+- Coverage above 80%
+- No skipped tests
+- Property tests included for pure functions
+- Edge cases documented
+
+## Success Criteria
+
+- Feature implemented with full test coverage
+- All edge cases handled
+- Code is refactored and clean
+- Tests serve as documentation