npm - qa-skills - Versions diffs - 3.0.0 - Mend

qa-skills 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

package/README.md +168 -0
package/bin/cli.js +42 -0
package/dist/agents/registry.d.ts +5 -0
package/dist/agents/registry.d.ts.map +1 -0
package/dist/agents/registry.js +101 -0
package/dist/agents/registry.js.map +1 -0
package/dist/agents/types.d.ts +9 -0
package/dist/agents/types.d.ts.map +1 -0
package/dist/agents/types.js +2 -0
package/dist/agents/types.js.map +1 -0
package/dist/dependencies.d.ts +21 -0
package/dist/dependencies.d.ts.map +1 -0
package/dist/dependencies.js +125 -0
package/dist/dependencies.js.map +1 -0
package/dist/installer.d.ts +25 -0
package/dist/installer.d.ts.map +1 -0
package/dist/installer.js +437 -0
package/dist/installer.js.map +1 -0
package/dist/scaffold.d.ts +27 -0
package/dist/scaffold.d.ts.map +1 -0
package/dist/scaffold.js +182 -0
package/dist/scaffold.js.map +1 -0
package/package.json +40 -0
package/skills/qa-accessibility-test-writer/SKILL.md +127 -0
package/skills/qa-accessibility-test-writer/references/axe-core-patterns.md +349 -0
package/skills/qa-accessibility-test-writer/references/best-practices.md +184 -0
package/skills/qa-accessibility-test-writer/references/wcag-tests.md +331 -0
package/skills/qa-api-contract-curator/SKILL.md +104 -0
package/skills/qa-api-contract-curator/references/breaking-changes.md +363 -0
package/skills/qa-api-contract-curator/references/openapi-structure.md +404 -0
package/skills/qa-browser-data-collector/SKILL.md +132 -0
package/skills/qa-browser-data-collector/references/data-collection-checklist.md +91 -0
package/skills/qa-browser-data-collector/references/playwright-mcp-patterns.md +113 -0
package/skills/qa-bug-ticket-creator/SKILL.md +148 -0
package/skills/qa-bug-ticket-creator/references/bug-report-format.md +149 -0
package/skills/qa-bug-ticket-creator/references/severity-guide.md +81 -0
package/skills/qa-bug-ticket-creator/templates/bug-ticket-template.md +39 -0
package/skills/qa-changelog-analyzer/SKILL.md +134 -0
package/skills/qa-changelog-analyzer/references/git-analysis-patterns.md +138 -0
package/skills/qa-changelog-analyzer/references/impact-mapping.md +120 -0
package/skills/qa-clickup-integration/SKILL.md +166 -0
package/skills/qa-clickup-integration/references/api-patterns.md +102 -0
package/skills/qa-clickup-integration/references/field-mapping.md +71 -0
package/skills/qa-codeceptjs-writer/SKILL.md +136 -0
package/skills/qa-codeceptjs-writer/references/best-practices.md +207 -0
package/skills/qa-codeceptjs-writer/references/config.md +255 -0
package/skills/qa-codeceptjs-writer/references/patterns.md +285 -0
package/skills/qa-coverage-analyzer/SKILL.md +166 -0
package/skills/qa-coverage-analyzer/references/best-practices.md +142 -0
package/skills/qa-coverage-analyzer/references/coverage-dimensions.md +155 -0
package/skills/qa-coverage-analyzer/references/tools.md +204 -0
package/skills/qa-cypress-writer/SKILL.md +134 -0
package/skills/qa-cypress-writer/references/assertions.md +121 -0
package/skills/qa-cypress-writer/references/best-practices.md +82 -0
package/skills/qa-cypress-writer/references/config.md +121 -0
package/skills/qa-cypress-writer/references/patterns.md +170 -0
package/skills/qa-data-factory/SKILL.md +126 -0
package/skills/qa-data-factory/references/factory-patterns.md +164 -0
package/skills/qa-data-factory/references/faker-guide.md +131 -0
package/skills/qa-diagram-generator/SKILL.md +125 -0
package/skills/qa-diagram-generator/references/c4-model.md +53 -0
package/skills/qa-diagram-generator/references/charts.md +58 -0
package/skills/qa-diagram-generator/references/class-diagram.md +85 -0
package/skills/qa-diagram-generator/references/er-diagram.md +69 -0
package/skills/qa-diagram-generator/references/flowchart.md +92 -0
package/skills/qa-diagram-generator/references/from-screenshot.md +45 -0
package/skills/qa-diagram-generator/references/gantt.md +49 -0
package/skills/qa-diagram-generator/references/journey.md +50 -0
package/skills/qa-diagram-generator/references/mindmap.md +75 -0
package/skills/qa-diagram-generator/references/sequence.md +69 -0
package/skills/qa-diagram-generator/references/state-diagram.md +56 -0
package/skills/qa-discovery-interview/SKILL.md +182 -0
package/skills/qa-discovery-interview/references/completeness-checklist.md +53 -0
package/skills/qa-discovery-interview/references/conflict-patterns.md +101 -0
package/skills/qa-discovery-interview/references/qa-categories.md +147 -0
package/skills/qa-discovery-interview/templates/qa-brief-template.md +168 -0
package/skills/qa-environment-checker/SKILL.md +142 -0
package/skills/qa-environment-checker/references/dependency-matrix.md +101 -0
package/skills/qa-environment-checker/references/health-checks.md +209 -0
package/skills/qa-environment-checker/templates/env-readiness-template.md +64 -0
package/skills/qa-flaky-detector/SKILL.md +153 -0
package/skills/qa-flaky-detector/references/ci-analysis.md +140 -0
package/skills/qa-flaky-detector/references/flaky-patterns.md +247 -0
package/skills/qa-github-issues-enhanced/SKILL.md +175 -0
package/skills/qa-github-issues-enhanced/references/issue-templates.md +425 -0
package/skills/qa-github-issues-enhanced/references/label-taxonomy.md +130 -0
package/skills/qa-github-issues-enhanced/references/workflow-patterns.md +188 -0
package/skills/qa-httpx-writer/SKILL.md +138 -0
package/skills/qa-httpx-writer/references/assertions.md +195 -0
package/skills/qa-httpx-writer/references/best-practices.md +140 -0
package/skills/qa-httpx-writer/references/config.md +212 -0
package/skills/qa-httpx-writer/references/patterns.md +262 -0
package/skills/qa-jest-writer/SKILL.md +131 -0
package/skills/qa-jest-writer/references/assertions.md +125 -0
package/skills/qa-jest-writer/references/best-practices.md +136 -0
package/skills/qa-jest-writer/references/config.md +134 -0
package/skills/qa-jest-writer/references/patterns.md +172 -0
package/skills/qa-jira-integration/SKILL.md +135 -0
package/skills/qa-jira-integration/references/api-patterns.md +143 -0
package/skills/qa-jira-integration/references/field-mapping.md +79 -0
package/skills/qa-jira-integration/references/xray-integration.md +85 -0
package/skills/qa-jmeter-writer/SKILL.md +171 -0
package/skills/qa-jmeter-writer/references/best-practices.md +157 -0
package/skills/qa-jmeter-writer/references/config.md +204 -0
package/skills/qa-jmeter-writer/references/patterns.md +242 -0
package/skills/qa-junit5-writer/SKILL.md +157 -0
package/skills/qa-junit5-writer/references/assertions.md +118 -0
package/skills/qa-junit5-writer/references/config.md +97 -0
package/skills/qa-junit5-writer/references/patterns.md +162 -0
package/skills/qa-k6-writer/SKILL.md +155 -0
package/skills/qa-k6-writer/references/best-practices.md +236 -0
package/skills/qa-k6-writer/references/config.md +219 -0
package/skills/qa-k6-writer/references/patterns.md +304 -0
package/skills/qa-linear-integration/SKILL.md +137 -0
package/skills/qa-linear-integration/references/api-patterns.md +249 -0
package/skills/qa-linear-integration/references/field-mapping.md +121 -0
package/skills/qa-locust-writer/SKILL.md +151 -0
package/skills/qa-locust-writer/references/best-practices.md +126 -0
package/skills/qa-locust-writer/references/config.md +170 -0
package/skills/qa-locust-writer/references/patterns.md +235 -0
package/skills/qa-manual-test-designer/SKILL.md +145 -0
package/skills/qa-manual-test-designer/references/exploratory-charters.md +138 -0
package/skills/qa-manual-test-designer/references/personas.md +146 -0
package/skills/qa-manual-test-designer/templates/exploratory-charter-template.md +47 -0
package/skills/qa-manual-test-designer/templates/test-case-template.md +31 -0
package/skills/qa-mobile-test-writer/SKILL.md +144 -0
package/skills/qa-mobile-test-writer/references/best-practices.md +214 -0
package/skills/qa-mobile-test-writer/references/config.md +309 -0
package/skills/qa-mobile-test-writer/references/patterns.md +304 -0
package/skills/qa-nfr-analyst/SKILL.md +177 -0
package/skills/qa-nfr-analyst/references/iso-25010-model.md +159 -0
package/skills/qa-nfr-analyst/references/owasp-wstg-baseline.md +202 -0
package/skills/qa-nfr-analyst/references/wcag-checklist.md +184 -0
package/skills/qa-nfr-analyst/templates/owasp-checklist-template.md +89 -0
package/skills/qa-nfr-analyst/templates/wcag-checklist-template.md +48 -0
package/skills/qa-orchestrator/SKILL.md +132 -0
package/skills/qa-orchestrator/references/handoff-chains.md +105 -0
package/skills/qa-orchestrator/references/pipeline-modes.md +115 -0
package/skills/qa-orchestrator/references/scheduler-rules.md +84 -0
package/skills/qa-pact-writer/SKILL.md +133 -0
package/skills/qa-pact-writer/references/best-practices.md +100 -0
package/skills/qa-pact-writer/references/config.md +135 -0
package/skills/qa-pact-writer/references/patterns.md +161 -0
package/skills/qa-plan-creator/SKILL.md +139 -0
package/skills/qa-plan-creator/references/introduction-plan.md +43 -0
package/skills/qa-plan-creator/references/migration-plan.md +44 -0
package/skills/qa-plan-creator/references/onboarding-plan.md +46 -0
package/skills/qa-plan-creator/references/performance-plan.md +44 -0
package/skills/qa-plan-creator/references/regression-plan.md +45 -0
package/skills/qa-plan-creator/references/release-plan.md +45 -0
package/skills/qa-plan-creator/references/sprint-plan.md +44 -0
package/skills/qa-plan-creator/references/test-plan.md +59 -0
package/skills/qa-plan-creator/references/uat-plan.md +43 -0
package/skills/qa-plan-creator/templates/checklist-template.md +36 -0
package/skills/qa-plan-creator/templates/regression-checklist-template.md +49 -0
package/skills/qa-plan-creator/templates/release-checklist-template.md +46 -0
package/skills/qa-plan-creator/templates/test-plan-template.md +74 -0
package/skills/qa-playwright-py-writer/SKILL.md +156 -0
package/skills/qa-playwright-py-writer/references/best-practices.md +194 -0
package/skills/qa-playwright-py-writer/references/config.md +195 -0
package/skills/qa-playwright-py-writer/references/patterns.md +212 -0
package/skills/qa-playwright-ts-writer/SKILL.md +151 -0
package/skills/qa-playwright-ts-writer/references/assertions.md +109 -0
package/skills/qa-playwright-ts-writer/references/best-practices.md +191 -0
package/skills/qa-playwright-ts-writer/references/config.md +144 -0
package/skills/qa-playwright-ts-writer/references/patterns.md +171 -0
package/skills/qa-pytest-writer/SKILL.md +145 -0
package/skills/qa-pytest-writer/references/assertions.md +149 -0
package/skills/qa-pytest-writer/references/best-practices.md +97 -0
package/skills/qa-pytest-writer/references/config.md +176 -0
package/skills/qa-pytest-writer/references/patterns.md +251 -0
package/skills/qa-qase-integration/SKILL.md +149 -0
package/skills/qa-qase-integration/references/api-reference.md +354 -0
package/skills/qa-qase-integration/references/ci-integration.md +196 -0
package/skills/qa-qase-integration/references/field-mapping.md +157 -0
package/skills/qa-requirements-generator/SKILL.md +152 -0
package/skills/qa-requirements-generator/references/iso-29148-structure.md +153 -0
package/skills/qa-requirements-generator/references/requirement-patterns.md +278 -0
package/skills/qa-rest-assured-writer/SKILL.md +137 -0
package/skills/qa-rest-assured-writer/references/best-practices.md +50 -0
package/skills/qa-rest-assured-writer/references/config.md +124 -0
package/skills/qa-rest-assured-writer/references/patterns.md +192 -0
package/skills/qa-risk-analyzer/SKILL.md +158 -0
package/skills/qa-risk-analyzer/references/impact-analysis.md +133 -0
package/skills/qa-risk-analyzer/references/risk-factors.md +123 -0
package/skills/qa-robot-framework-writer/SKILL.md +147 -0
package/skills/qa-robot-framework-writer/references/best-practices.md +249 -0
package/skills/qa-robot-framework-writer/references/config.md +204 -0
package/skills/qa-robot-framework-writer/references/libraries.md +273 -0
package/skills/qa-robot-framework-writer/references/patterns.md +216 -0
package/skills/qa-security-test-writer/SKILL.md +123 -0
package/skills/qa-security-test-writer/references/best-practices.md +155 -0
package/skills/qa-security-test-writer/references/owasp-top10.md +331 -0
package/skills/qa-security-test-writer/references/zap-config.md +258 -0
package/skills/qa-selenium-java-writer/SKILL.md +143 -0
package/skills/qa-selenium-java-writer/references/best-practices.md +59 -0
package/skills/qa-selenium-java-writer/references/config.md +143 -0
package/skills/qa-selenium-java-writer/references/patterns.md +170 -0
package/skills/qa-selenium-py-writer/SKILL.md +150 -0
package/skills/qa-selenium-py-writer/references/best-practices.md +175 -0
package/skills/qa-selenium-py-writer/references/config.md +224 -0
package/skills/qa-selenium-py-writer/references/patterns.md +255 -0
package/skills/qa-shortcut-integration/SKILL.md +143 -0
package/skills/qa-shortcut-integration/references/api-patterns.md +126 -0
package/skills/qa-shortcut-integration/references/field-mapping.md +66 -0
package/skills/qa-spec-auditor/SKILL.md +162 -0
package/skills/qa-spec-auditor/references/audit-checklist.md +144 -0
package/skills/qa-spec-auditor/references/drift-patterns.md +207 -0
package/skills/qa-spec-writer/SKILL.md +143 -0
package/skills/qa-spec-writer/references/gherkin-guide.md +253 -0
package/skills/qa-spec-writer/references/specification-patterns.md +274 -0
package/skills/qa-spring-test-writer/SKILL.md +170 -0
package/skills/qa-spring-test-writer/references/best-practices.md +57 -0
package/skills/qa-spring-test-writer/references/config.md +179 -0
package/skills/qa-spring-test-writer/references/patterns.md +235 -0
package/skills/qa-supertest-writer/SKILL.md +150 -0
package/skills/qa-supertest-writer/references/assertions.md +192 -0
package/skills/qa-supertest-writer/references/best-practices.md +102 -0
package/skills/qa-supertest-writer/references/config.md +166 -0
package/skills/qa-supertest-writer/references/patterns.md +242 -0
package/skills/qa-task-creator/SKILL.md +142 -0
package/skills/qa-task-creator/references/linking-patterns.md +127 -0
package/skills/qa-task-creator/references/task-types.md +169 -0
package/skills/qa-task-creator/templates/task-template.md +24 -0
package/skills/qa-test-doc-compiler/SKILL.md +114 -0
package/skills/qa-test-doc-compiler/references/agile-tailoring.md +220 -0
package/skills/qa-test-doc-compiler/references/iso-29119-3-documents.md +302 -0
package/skills/qa-test-healer/SKILL.md +101 -0
package/skills/qa-test-healer/references/diagnosis-patterns.md +142 -0
package/skills/qa-test-healer/references/fix-strategies.md +177 -0
package/skills/qa-test-reporter/SKILL.md +130 -0
package/skills/qa-test-reporter/references/best-practices.md +162 -0
package/skills/qa-test-reporter/references/iso-29119-reports.md +236 -0
package/skills/qa-test-reporter/references/report-formats.md +287 -0
package/skills/qa-test-reviewer/SKILL.md +142 -0
package/skills/qa-test-reviewer/references/anti-patterns.md +268 -0
package/skills/qa-test-reviewer/references/review-checklist.md +93 -0
package/skills/qa-test-strategy/SKILL.md +133 -0
package/skills/qa-test-strategy/references/entry-exit-criteria.md +176 -0
package/skills/qa-test-strategy/references/risk-matrix.md +102 -0
package/skills/qa-test-strategy/references/testing-types.md +143 -0
package/skills/qa-testcase-from-docs/SKILL.md +161 -0
package/skills/qa-testcase-from-docs/references/test-case-format.md +196 -0
package/skills/qa-testcase-from-docs/references/test-design-techniques.md +126 -0
package/skills/qa-testcase-from-docs/templates/test-case-template.md +31 -0
package/skills/qa-testcase-from-ui/SKILL.md +109 -0
package/skills/qa-testcase-from-ui/references/ui-element-patterns.md +126 -0
package/skills/qa-testcase-from-ui/references/visual-analysis-guide.md +146 -0
package/skills/qa-testcase-from-ui/templates/test-case-template.md +31 -0
package/skills/qa-visual-regression-writer/SKILL.md +175 -0
package/skills/qa-visual-regression-writer/references/best-practices.md +154 -0
package/skills/qa-visual-regression-writer/references/config.md +220 -0
package/skills/qa-visual-regression-writer/references/patterns.md +213 -0
package/skills/qa-vitest-writer/SKILL.md +141 -0
package/skills/qa-vitest-writer/references/assertions.md +105 -0
package/skills/qa-vitest-writer/references/best-practices.md +62 -0
package/skills/qa-vitest-writer/references/config.md +127 -0
package/skills/qa-vitest-writer/references/patterns.md +141 -0
package/skills/qa-webdriverio-writer/SKILL.md +145 -0
package/skills/qa-webdriverio-writer/references/best-practices.md +176 -0
package/skills/qa-webdriverio-writer/references/config.md +240 -0
package/skills/qa-webdriverio-writer/references/patterns.md +269 -0

package/skills/qa-security-test-writer/references/zap-config.md ADDED Viewed

@@ -0,0 +1,258 @@
+# OWASP ZAP Configuration
+Configuration guide for OWASP ZAP (Zed Attack Proxy) for DAST scanning. Use with qa-security-test-writer when generating ZAP automation configs.
+---
+## Overview
+| Mode | Purpose |
+|------|---------|
+| **Passive scan** | Observe traffic; detect issues without sending attack payloads |
+| **Active scan** | Send probes to find vulnerabilities (injection, XSS, etc.) |
+| **API scan** | Target OpenAPI/Swagger-defined endpoints |
+| **AJAX spider** | Crawl SPAs and dynamic content |
+---
+## Basic Configuration
+### Target URL
+```yaml
+# zap-config.yaml (conceptual)
+target:
+  url: "https://staging.example.com"
+  include: ["https://staging.example.com/*"]
+  exclude: ["https://staging.example.com/logout", "https://staging.example.com/admin/dangerous"]
+```
+### Command-Line (Docker)
+```bash
+docker run -t owasp/zap2docker-stable zap-baseline.py \
+  -t https://staging.example.com \
+  -r zap-report.html
+```
+```bash
+# Full scan (active + passive)
+docker run -t owasp/zap2docker-stable zap-full-scan.py \
+  -t https://staging.example.com \
+  -r zap-report.html
+```
+---
+## Scan Policies
+### Policy Levels
+| Policy | Risk | Description |
+|--------|------|-------------|
+| **Low** | Lower false positives, may miss issues |
+| **Medium** | Balanced |
+| **High** | More thorough, more false positives |
+### Custom Policy (API)
+```python
+# Python ZAP API example
+import zapv2
+zap = zapv2.ZAPv2(apikey='your-api-key', proxies={'http': 'http://127.0.0.1:8080'})
+# Enable/disable specific scanners
+zap.ascan.enable_all_scanners()
+zap.ascan.disable_scanners(['40018'])  # Disable specific scanner ID
+# Set scan policy
+zap.ascan.set_scanner_alert_threshold('40018', 'HIGH')  # SQL Injection
+```
+### Scanner IDs (Common)
+| ID | Scanner |
+|----|---------|
+| 40018 | SQL Injection |
+| 40014 | Cross Site Scripting (Reflected) |
+| 40016 | Cross Site Scripting (Persistent) |
+| 40012 | Cross Site Scripting (DOM) |
+| 90011 | Content Security Policy |
+| 90033 | X-Content-Type-Options |
+| 40009 | Path Traversal |
+---
+## Authentication
+### Form-Based Authentication
+```yaml
+auth:
+  type: form
+  login_url: "https://staging.example.com/login"
+  login_request:
+    method: POST
+    url: "https://staging.example.com/login"
+    body: "username={%username%}&password={%password%}"
+  logout:
+    url: "https://staging.example.com/logout"
+  credentials:
+    username: "${TEST_USER}"
+    password: "${TEST_PASSWORD}"
+```
+### JSON API Authentication
+```yaml
+auth:
+  type: json
+  login_url: "https://staging.example.com/api/auth/login"
+  login_request:
+    method: POST
+    body: '{"email":"{%username%}","password":"{%password%}"}'
+  token_extract:
+    from: response.body
+    json_path: "$.token"
+  token_usage:
+    header: "Authorization"
+    value: "Bearer {%token%}"
+```
+### Script-Based Authentication (ZAP API)
+```python
+# Configure auth via ZAP API
+zap.authentication.set_authentication_method(
+    contextid='1',
+    authmethodname='formBasedAuthentication',
+    authmethodconfigparams='loginUrl=https://staging.example.com/login' +
+        '&loginRequestData=username%3D%7B%25username%25%7D%26password%3D%7B%25password%25%7D'
+)
+zap.users.new_user(contextid='1', name='TestUser')
+zap.users.set_authentication_credentials(
+    contextid='1', userid='0',
+    authcredentialsconfigparams='username=testuser&password=TestPass123!'
+)
+zap.users.set_user_enabled(contextid='1', userid='0', enabled='true')
+```
+---
+## API Scan
+### OpenAPI/Swagger
+```bash
+# ZAP with OpenAPI definition
+docker run -t owasp/zap2docker-stable zap-api-scan.py \
+  -t https://staging.example.com \
+  -f openapi \
+  -d openapi.json \
+  -r zap-api-report.html
+```
+```yaml
+# Config for API scan
+api_scan:
+  definition_url: "https://staging.example.com/openapi.json"
+  # or local file path
+  definition_file: "./openapi.json"
+  target_url: "https://staging.example.com"
+```
+---
+## Passive Scan
+- Runs by default when proxying or spidering
+- No attack payloads; analyzes requests/responses
+- Detects: missing security headers, sensitive data exposure, cookie flags
+### Passive Scan Tuning
+```python
+# Enable all passive scanners
+zap.pscan.enable_all_scanners()
+# Set alert threshold for a passive rule
+zap.pscan.set_scanner_alert_threshold('10021', 'HIGH')  # Content-Type
+```
+---
+## Active Scan
+- Sends probes to find vulnerabilities
+- **Always run against test/staging only**
+- Can be destructive; configure exclusions
+### Active Scan Scope
+```python
+# Scan only in-scope URLs
+zap.ascan.scan(url='https://staging.example.com/api', recurse=True)
+# Exclude sensitive paths
+zap.context.exclude_from_context(contextname='Default', regex='https://staging.example.com/admin/.*')
+```
+---
+## Headless / CI Integration
+### GitHub Actions Example
+```yaml
+- name: ZAP Baseline Scan
+  uses: zaproxy/action-baseline@v0.10.0
+  with:
+    target: 'https://staging.example.com'
+    rules_file_name: '.zap/rules.tsv'
+    fail_action: true
+```
+### Zaproxy Jenkins Plugin
+- Configure target URL, auth, and scan policy
+- Publish HTML/XML report
+- Fail build on high/critical findings
+---
+## Report Output
+| Format | Use Case |
+|--------|----------|
+| HTML | Human review |
+| JSON | CI parsing, custom tooling |
+| XML | JUnit-style, SARIF |
+```bash
+# Generate multiple formats
+zap-full-scan.py -t https://staging.example.com \
+  -r report.html \
+  -J report.json \
+  -x report.xml
+```
+---
+## Best Practices
+1. **Never scan production** without explicit approval and change window
+2. **Use test credentials** stored in env vars; never hardcode
+3. **Exclude destructive endpoints** (delete, reset, admin actions)
+4. **Whitelist test environment** in WAF/firewall to avoid blocking
+5. **Tune false positives** by adjusting policy or excluding known-safe patterns
+6. **Run during off-peak** to minimize impact on shared staging
+---
+## References
+- [ZAP Docker](https://www.zaproxy.org/docs/docker/)
+- [ZAP API](https://www.zaproxy.org/docs/api/)
+- [ZAP Jenkins Plugin](https://plugins.jenkins.io/zaproxy/)
+- [ZAP GitHub Action](https://github.com/zaproxy/action-baseline)

package/skills/qa-selenium-java-writer/SKILL.md ADDED Viewed

@@ -0,0 +1,143 @@
+---
+name: qa-selenium-java-writer
+description: Generate Selenium Java E2E tests with JUnit 5, Page Object Model, explicit waits, AssertJ assertions, and Allure reporting integration.
+output_dir: tests/e2e
+---
+# QA Selenium Java Writer
+## Purpose
+Write Selenium Java E2E tests from test case specifications. Transform structured test cases (from qa-testcase-from-docs, qa-manual-test-designer, qa-browser-data-collector, or specs) into executable Selenium Java test files with JUnit 5, Page Object Model, explicit waits, AssertJ assertions, and Allure reporting.
+## Trigger Phrases
+- "Write Selenium Java tests for [feature/flow]"
+- "Generate Selenium E2E tests in Java"
+- "Create Selenium Java tests with POM"
+- "Add Selenium Java tests for [URL/page]"
+- "Selenium Java with JUnit 5 and Allure"
+- "Selenium Java Page Object Model tests"
+- "Headless Selenium Java tests for [feature]"
+- "Selenium Java tests with WebDriverWait"
+- "Heal my failing Selenium Java tests"
+## Key Features
+| Feature | Description |
+| ------- | ----------- |
+| **Java 21+** | Modern Java with records, pattern matching, virtual threads support |
+| **Selenium WebDriver** | Chrome, Firefox, Edge via WebDriver API |
+| **JUnit 5** | @Test, @BeforeEach/@AfterEach, @DisplayName, @Tag |
+| **Page Object Model** | POM with PageFactory; base page + page-specific classes |
+| **Explicit waits** | WebDriverWait + ExpectedConditions; avoid implicit waits |
+| **AssertJ** | Fluent assertions: assertThat(element).isDisplayed().isEnabled() |
+| **Allure** | @Step, @Description, @Severity, @Epic, @Feature for reporting |
+| **Headless mode** | Chrome/Firefox headless for CI |
+| **Parallel execution** | maven-surefire-plugin parallel configuration |
+## Workflow
+1. **Read test cases** — From specs, requirements, manual test designs, or browser-collected data
+2. **Analyze app** — Inspect pages, forms, flows; identify locators and interactions
+3. **Generate test classes with POM** — Produce `{Feature}Test.java` with Page Objects in `pages/`
+4. **Configure WebDriver** — Set up driver lifecycle, headless options, timeouts
+5. **Add Allure annotations** — @Step for steps, @Description, @Severity for reporting
+6. **Run** — User runs `mvn test` or `./gradlew test` to execute tests
+## Context7 MCP
+Use **Context7 MCP** for Selenium Java documentation when:
+- WebDriver API or ExpectedConditions syntax is uncertain
+- PageFactory, Actions, or Select handling needs verification
+- Browser-specific options (Chrome, Firefox headless) require up-to-date reference
+## Key Patterns
+| Pattern | Usage |
+| ------- | ----- |
+| `@Test` | JUnit 5 test method |
+| `@BeforeEach` / `@AfterEach` | Driver setup and teardown |
+| `WebDriverWait(driver, Duration.ofSeconds(10))` | Explicit wait |
+| `ExpectedConditions.visibilityOfElementLocated(By.id("id"))` | Wait for element |
+| `PageFactory.initElements(driver, PageClass.class)` | POM initialization |
+| `assertThat(element).isDisplayed().isEnabled()` | AssertJ assertions |
+| `@Step("User clicks submit")` | Allure step |
+| `@Description("Verify login flow")` | Allure description |
+| `@Severity(SeverityLevel.CRITICAL)` | Allure severity |
+## Wait Strategies
+Prefer explicit waits; avoid implicit waits for reliability:
+```java
+WebDriverWait wait = new WebDriverWait(driver, Duration.ofSeconds(10));
+WebElement element = wait.until(ExpectedConditions.elementToBeClickable(By.id("submit-btn")));
+element.click();
+```
+Common expected conditions: `visibilityOfElementLocated`, `elementToBeClickable`, `presenceOfElementLocated`, `textToBePresentInElement`, `urlContains`.
+## File Naming
+- `{Feature}Test.java` — Test classes (e.g., `LoginTest.java`, `CheckoutTest.java`)
+- `pages/{Feature}Page.java` — Page objects (e.g., `pages/LoginPage.java`, `pages/CheckoutPage.java`)
+- Place in `src/test/java` per Maven/Gradle convention
+## Scope
+**Can do (autonomous):**
+- Generate Selenium Java E2E tests from test case specs
+- Apply Page Object Model with PageFactory
+- Use explicit waits (WebDriverWait + ExpectedConditions)
+- Configure WebDriver (Chrome, Firefox, Edge, headless)
+- Use AssertJ for fluent assertions
+- Add Allure annotations for reporting
+- Configure maven-surefire-plugin for parallel execution
+- Use Context7 MCP for Selenium Java docs
+- Delegate to qa-test-healer when tests fail (Heal Mode)
+**Cannot do (requires confirmation):**
+- Change production code structure
+- Add dependencies not in pom.xml/build.gradle
+- Override project Selenium/JUnit config without approval
+- Navigate to URLs not provided
+**Will not do (out of scope):**
+- Execute tests (user runs `mvn test`)
+- Write Playwright/Cypress tests (use qa-playwright-ts-writer, qa-cypress-writer)
+- Modify CI/CD pipelines
+- Bypass security or access restricted areas
+## References
+- `references/patterns.md` — POM, waits, selectors, actions, Select, alerts, frames
+- `references/config.md` — Maven/Gradle config, WebDriver setup, parallel execution
+- `references/best-practices.md` — Java Selenium best practices
+## Quality Checklist
+- [ ] Explicit waits used; avoid implicit waits where possible
+- [ ] No Thread.sleep; prefer WebDriverWait + ExpectedConditions
+- [ ] POM pattern applied with PageFactory
+- [ ] Stable locators (ID, data attributes, CSS; XPath as fallback)
+- [ ] Tests independent (no shared state, order-independent)
+- [ ] Proper teardown (driver.quit in @AfterEach)
+- [ ] AssertJ used for assertions
+- [ ] Allure annotations (@Step, @Description, @Severity) where applicable
+- [ ] Traceability to test case IDs where applicable
+- [ ] No hardcoded secrets (use env vars)
+- [ ] File naming follows `{Feature}Test.java` convention
+## Troubleshooting
+| Symptom | Likely Cause | Fix |
+| ------- | ------------ | --- |
+| Element not found | Selector too specific, timing | Use explicit wait; prefer ID/CSS over fragile XPath |
+| StaleElementReferenceException | DOM changed after find | Re-find element before interaction; use explicit wait |
+| Timeout | Element not ready, slow page | Increase WebDriverWait timeout; check for overlays/modals |
+| Flaky tests | Implicit wait, race conditions | Replace implicit with explicit waits; ensure test isolation |
+| Driver not found | WebDriver binary missing | Use WebDriverManager; ensure browser installed |
+| Headless fails | Browser options incorrect | Verify Chrome/Firefox headless options for your Selenium version |
+| PageFactory null | Not initialized | Call PageFactory.initElements in constructor or @BeforeEach |
+| Allure not showing | Surefire config missing | Add allure-maven-plugin and surefire properties |

package/skills/qa-selenium-java-writer/references/best-practices.md ADDED Viewed

@@ -0,0 +1,59 @@
+# Selenium Java Best Practices
+## Explicit Waits Over Implicit
+- Set `implicitlyWait(Duration.ZERO)` and use `WebDriverWait` + `ExpectedConditions` for all waits
+- Avoid `Thread.sleep()` — use explicit waits for reliability
+- Choose the right condition: `visibilityOf` for UI, `presenceOf` for DOM-only checks
+## Page Object Model
+- One page class per page/screen; extend `BasePage` for shared logic
+- Use `PageFactory.initElements()` in constructor
+- Encapsulate locators with `@FindBy`; expose actions as methods
+- Do not expose `WebElement` directly when an action method is clearer
+## Locator Strategy
+1. **ID** — Fast, stable when present
+2. **data-testid** — Explicit test hooks: `By.cssSelector("[data-testid='submit']")`
+3. **CSS** — Readable, fast; avoid deep hierarchies
+4. **XPath** — Use when CSS cannot express; prefer relative paths
+Avoid: brittle text-based XPath, index-based selectors, dynamic class names.
+## AssertJ Assertions
+```java
+assertThat(element).isDisplayed().isEnabled();
+assertThat(element.getText()).contains("Expected");
+assertThat(driver.getCurrentUrl()).contains("/dashboard");
+assertThat(elements).hasSize(3);
+```
+Prefer AssertJ over JUnit `assertEquals` for readability and failure messages.
+## Allure Annotations
+- `@Step("User logs in with {username}")` — Wrap actions for step reporting
+- `@Description("Verify checkout flow with valid cart")` — Test description
+- `@Severity(SeverityLevel.CRITICAL)` — For prioritization
+- `@Epic`, `@Feature`, `@Story` — For hierarchical reporting
+## Test Independence
+- Each test should run in isolation
+- Use `@BeforeEach` for fresh driver; `@AfterEach` for cleanup
+- No shared mutable state between tests
+- Use `@Order` only when truly required; prefer independent tests
+## Headless for CI
+- Enable headless via `--headless=new` (Chrome) or `-headless` (Firefox)
+- Set `window-size` to avoid layout issues
+- Use `WebDriverManager` for driver binaries in CI
+## Security
+- Never hardcode credentials; use env vars or secrets
+- Use `System.getenv("BASE_URL")` or config files for URLs

package/skills/qa-selenium-java-writer/references/config.md ADDED Viewed

@@ -0,0 +1,143 @@
+# Selenium Java Configuration
+## Maven Dependencies
+```xml
+<dependencies>
+    <dependency>
+        <groupId>org.seleniumhq.selenium</groupId>
+        <artifactId>selenium-java</artifactId>
+        <version>4.25.0</version>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>org.junit.jupiter</groupId>
+        <artifactId>junit-jupiter</artifactId>
+        <version>5.10.2</version>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>org.assertj</groupId>
+        <artifactId>assertj-core</artifactId>
+        <version>3.25.3</version>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>io.qameta.allure</groupId>
+        <artifactId>allure-junit5</artifactId>
+        <version>2.29.0</version>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>io.github.bonigarcia</groupId>
+        <artifactId>webdrivermanager</artifactId>
+        <version>5.7.0</version>
+        <scope>test</scope>
+    </dependency>
+</dependencies>
+```
+## Gradle Dependencies
+```groovy
+dependencies {
+    testImplementation 'org.seleniumhq.selenium:selenium-java:4.25.0'
+    testImplementation 'org.junit.jupiter:junit-jupiter:5.10.2'
+    testImplementation 'org.assertj:assertj-core:3.25.3'
+    testImplementation 'io.qameta.allure:allure-junit5:2.29.0'
+    testImplementation 'io.github.bonigarcia:webdrivermanager:5.7.0'
+}
+```
+## WebDriver Setup with WebDriverManager
+```java
+@BeforeEach
+void setUp() {
+    WebDriverManager.chromedriver().setup();
+    ChromeOptions options = new ChromeOptions();
+    if (Boolean.parseBoolean(System.getProperty("headless", "false"))) {
+        options.addArguments("--headless=new", "--disable-gpu", "--window-size=1920,1080");
+    }
+    driver = new ChromeDriver(options);
+    driver.manage().timeouts().implicitlyWait(Duration.ZERO); // Prefer explicit
+    driver.manage().timeouts().pageLoadTimeout(Duration.ofSeconds(30));
+}
+@AfterEach
+void tearDown() {
+    if (driver != null) {
+        driver.quit();
+    }
+}
+```
+## Base Test Class Pattern
+```java
+@ExtendWith(AllureJunit5.class)
+public abstract class BaseSeleniumTest {
+    protected WebDriver driver;
+    @BeforeEach
+    void initDriver() {
+        driver = createDriver();
+    }
+    @AfterEach
+    void closeDriver() {
+        if (driver != null) driver.quit();
+    }
+    protected abstract WebDriver createDriver();
+}
+```
+## Parallel Execution (maven-surefire-plugin)
+```xml
+<plugin>
+    <groupId>org.apache.maven.plugins</groupId>
+    <artifactId>maven-surefire-plugin</artifactId>
+    <version>3.2.5</version>
+    <configuration>
+        <properties>
+            <configurationParameters>
+                junit.jupiter.execution.parallel.enabled=true
+                junit.jupiter.execution.parallel.mode.default=concurrent
+                junit.jupiter.execution.parallel.config.strategy=fixed
+                junit.jupiter.execution.parallel.config.fixed.parallelism=4
+            </configurationParameters>
+        </properties>
+        <systemPropertyVariables>
+            <headless>true</headless>
+        </systemPropertyVariables>
+    </configuration>
+</plugin>
+```
+## Allure Configuration
+```xml
+<plugin>
+    <groupId>io.qameta.allure</groupId>
+    <artifactId>allure-maven</artifactId>
+    <version>2.12.0</version>
+</plugin>
+```
+```properties
+# allure.properties (src/test/resources)
+allure.results.directory=target/allure-results
+allure.link.issue.pattern=https://jira.example.com/browse/{}
+allure.link.tms.pattern=https://testlink.example.com/linkto.php?tprojectPrefix=QA&item=testcase&id={}
+```
+## Environment Variables
+| Variable | Purpose |
+| -------- | ------- |
+| `BASE_URL` | Application base URL |
+| `HEADLESS` | Run browser headless |
+| `BROWSER` | chrome, firefox, edge |
+| `IMPLICIT_WAIT` | Fallback implicit wait (prefer 0) |