npm - qa-skills - Versions diffs - 3.0.0 - Mend

qa-skills 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

package/README.md +168 -0
package/bin/cli.js +42 -0
package/dist/agents/registry.d.ts +5 -0
package/dist/agents/registry.d.ts.map +1 -0
package/dist/agents/registry.js +101 -0
package/dist/agents/registry.js.map +1 -0
package/dist/agents/types.d.ts +9 -0
package/dist/agents/types.d.ts.map +1 -0
package/dist/agents/types.js +2 -0
package/dist/agents/types.js.map +1 -0
package/dist/dependencies.d.ts +21 -0
package/dist/dependencies.d.ts.map +1 -0
package/dist/dependencies.js +125 -0
package/dist/dependencies.js.map +1 -0
package/dist/installer.d.ts +25 -0
package/dist/installer.d.ts.map +1 -0
package/dist/installer.js +437 -0
package/dist/installer.js.map +1 -0
package/dist/scaffold.d.ts +27 -0
package/dist/scaffold.d.ts.map +1 -0
package/dist/scaffold.js +182 -0
package/dist/scaffold.js.map +1 -0
package/package.json +40 -0
package/skills/qa-accessibility-test-writer/SKILL.md +127 -0
package/skills/qa-accessibility-test-writer/references/axe-core-patterns.md +349 -0
package/skills/qa-accessibility-test-writer/references/best-practices.md +184 -0
package/skills/qa-accessibility-test-writer/references/wcag-tests.md +331 -0
package/skills/qa-api-contract-curator/SKILL.md +104 -0
package/skills/qa-api-contract-curator/references/breaking-changes.md +363 -0
package/skills/qa-api-contract-curator/references/openapi-structure.md +404 -0
package/skills/qa-browser-data-collector/SKILL.md +132 -0
package/skills/qa-browser-data-collector/references/data-collection-checklist.md +91 -0
package/skills/qa-browser-data-collector/references/playwright-mcp-patterns.md +113 -0
package/skills/qa-bug-ticket-creator/SKILL.md +148 -0
package/skills/qa-bug-ticket-creator/references/bug-report-format.md +149 -0
package/skills/qa-bug-ticket-creator/references/severity-guide.md +81 -0
package/skills/qa-bug-ticket-creator/templates/bug-ticket-template.md +39 -0
package/skills/qa-changelog-analyzer/SKILL.md +134 -0
package/skills/qa-changelog-analyzer/references/git-analysis-patterns.md +138 -0
package/skills/qa-changelog-analyzer/references/impact-mapping.md +120 -0
package/skills/qa-clickup-integration/SKILL.md +166 -0
package/skills/qa-clickup-integration/references/api-patterns.md +102 -0
package/skills/qa-clickup-integration/references/field-mapping.md +71 -0
package/skills/qa-codeceptjs-writer/SKILL.md +136 -0
package/skills/qa-codeceptjs-writer/references/best-practices.md +207 -0
package/skills/qa-codeceptjs-writer/references/config.md +255 -0
package/skills/qa-codeceptjs-writer/references/patterns.md +285 -0
package/skills/qa-coverage-analyzer/SKILL.md +166 -0
package/skills/qa-coverage-analyzer/references/best-practices.md +142 -0
package/skills/qa-coverage-analyzer/references/coverage-dimensions.md +155 -0
package/skills/qa-coverage-analyzer/references/tools.md +204 -0
package/skills/qa-cypress-writer/SKILL.md +134 -0
package/skills/qa-cypress-writer/references/assertions.md +121 -0
package/skills/qa-cypress-writer/references/best-practices.md +82 -0
package/skills/qa-cypress-writer/references/config.md +121 -0
package/skills/qa-cypress-writer/references/patterns.md +170 -0
package/skills/qa-data-factory/SKILL.md +126 -0
package/skills/qa-data-factory/references/factory-patterns.md +164 -0
package/skills/qa-data-factory/references/faker-guide.md +131 -0
package/skills/qa-diagram-generator/SKILL.md +125 -0
package/skills/qa-diagram-generator/references/c4-model.md +53 -0
package/skills/qa-diagram-generator/references/charts.md +58 -0
package/skills/qa-diagram-generator/references/class-diagram.md +85 -0
package/skills/qa-diagram-generator/references/er-diagram.md +69 -0
package/skills/qa-diagram-generator/references/flowchart.md +92 -0
package/skills/qa-diagram-generator/references/from-screenshot.md +45 -0
package/skills/qa-diagram-generator/references/gantt.md +49 -0
package/skills/qa-diagram-generator/references/journey.md +50 -0
package/skills/qa-diagram-generator/references/mindmap.md +75 -0
package/skills/qa-diagram-generator/references/sequence.md +69 -0
package/skills/qa-diagram-generator/references/state-diagram.md +56 -0
package/skills/qa-discovery-interview/SKILL.md +182 -0
package/skills/qa-discovery-interview/references/completeness-checklist.md +53 -0
package/skills/qa-discovery-interview/references/conflict-patterns.md +101 -0
package/skills/qa-discovery-interview/references/qa-categories.md +147 -0
package/skills/qa-discovery-interview/templates/qa-brief-template.md +168 -0
package/skills/qa-environment-checker/SKILL.md +142 -0
package/skills/qa-environment-checker/references/dependency-matrix.md +101 -0
package/skills/qa-environment-checker/references/health-checks.md +209 -0
package/skills/qa-environment-checker/templates/env-readiness-template.md +64 -0
package/skills/qa-flaky-detector/SKILL.md +153 -0
package/skills/qa-flaky-detector/references/ci-analysis.md +140 -0
package/skills/qa-flaky-detector/references/flaky-patterns.md +247 -0
package/skills/qa-github-issues-enhanced/SKILL.md +175 -0
package/skills/qa-github-issues-enhanced/references/issue-templates.md +425 -0
package/skills/qa-github-issues-enhanced/references/label-taxonomy.md +130 -0
package/skills/qa-github-issues-enhanced/references/workflow-patterns.md +188 -0
package/skills/qa-httpx-writer/SKILL.md +138 -0
package/skills/qa-httpx-writer/references/assertions.md +195 -0
package/skills/qa-httpx-writer/references/best-practices.md +140 -0
package/skills/qa-httpx-writer/references/config.md +212 -0
package/skills/qa-httpx-writer/references/patterns.md +262 -0
package/skills/qa-jest-writer/SKILL.md +131 -0
package/skills/qa-jest-writer/references/assertions.md +125 -0
package/skills/qa-jest-writer/references/best-practices.md +136 -0
package/skills/qa-jest-writer/references/config.md +134 -0
package/skills/qa-jest-writer/references/patterns.md +172 -0
package/skills/qa-jira-integration/SKILL.md +135 -0
package/skills/qa-jira-integration/references/api-patterns.md +143 -0
package/skills/qa-jira-integration/references/field-mapping.md +79 -0
package/skills/qa-jira-integration/references/xray-integration.md +85 -0
package/skills/qa-jmeter-writer/SKILL.md +171 -0
package/skills/qa-jmeter-writer/references/best-practices.md +157 -0
package/skills/qa-jmeter-writer/references/config.md +204 -0
package/skills/qa-jmeter-writer/references/patterns.md +242 -0
package/skills/qa-junit5-writer/SKILL.md +157 -0
package/skills/qa-junit5-writer/references/assertions.md +118 -0
package/skills/qa-junit5-writer/references/config.md +97 -0
package/skills/qa-junit5-writer/references/patterns.md +162 -0
package/skills/qa-k6-writer/SKILL.md +155 -0
package/skills/qa-k6-writer/references/best-practices.md +236 -0
package/skills/qa-k6-writer/references/config.md +219 -0
package/skills/qa-k6-writer/references/patterns.md +304 -0
package/skills/qa-linear-integration/SKILL.md +137 -0
package/skills/qa-linear-integration/references/api-patterns.md +249 -0
package/skills/qa-linear-integration/references/field-mapping.md +121 -0
package/skills/qa-locust-writer/SKILL.md +151 -0
package/skills/qa-locust-writer/references/best-practices.md +126 -0
package/skills/qa-locust-writer/references/config.md +170 -0
package/skills/qa-locust-writer/references/patterns.md +235 -0
package/skills/qa-manual-test-designer/SKILL.md +145 -0
package/skills/qa-manual-test-designer/references/exploratory-charters.md +138 -0
package/skills/qa-manual-test-designer/references/personas.md +146 -0
package/skills/qa-manual-test-designer/templates/exploratory-charter-template.md +47 -0
package/skills/qa-manual-test-designer/templates/test-case-template.md +31 -0
package/skills/qa-mobile-test-writer/SKILL.md +144 -0
package/skills/qa-mobile-test-writer/references/best-practices.md +214 -0
package/skills/qa-mobile-test-writer/references/config.md +309 -0
package/skills/qa-mobile-test-writer/references/patterns.md +304 -0
package/skills/qa-nfr-analyst/SKILL.md +177 -0
package/skills/qa-nfr-analyst/references/iso-25010-model.md +159 -0
package/skills/qa-nfr-analyst/references/owasp-wstg-baseline.md +202 -0
package/skills/qa-nfr-analyst/references/wcag-checklist.md +184 -0
package/skills/qa-nfr-analyst/templates/owasp-checklist-template.md +89 -0
package/skills/qa-nfr-analyst/templates/wcag-checklist-template.md +48 -0
package/skills/qa-orchestrator/SKILL.md +132 -0
package/skills/qa-orchestrator/references/handoff-chains.md +105 -0
package/skills/qa-orchestrator/references/pipeline-modes.md +115 -0
package/skills/qa-orchestrator/references/scheduler-rules.md +84 -0
package/skills/qa-pact-writer/SKILL.md +133 -0
package/skills/qa-pact-writer/references/best-practices.md +100 -0
package/skills/qa-pact-writer/references/config.md +135 -0
package/skills/qa-pact-writer/references/patterns.md +161 -0
package/skills/qa-plan-creator/SKILL.md +139 -0
package/skills/qa-plan-creator/references/introduction-plan.md +43 -0
package/skills/qa-plan-creator/references/migration-plan.md +44 -0
package/skills/qa-plan-creator/references/onboarding-plan.md +46 -0
package/skills/qa-plan-creator/references/performance-plan.md +44 -0
package/skills/qa-plan-creator/references/regression-plan.md +45 -0
package/skills/qa-plan-creator/references/release-plan.md +45 -0
package/skills/qa-plan-creator/references/sprint-plan.md +44 -0
package/skills/qa-plan-creator/references/test-plan.md +59 -0
package/skills/qa-plan-creator/references/uat-plan.md +43 -0
package/skills/qa-plan-creator/templates/checklist-template.md +36 -0
package/skills/qa-plan-creator/templates/regression-checklist-template.md +49 -0
package/skills/qa-plan-creator/templates/release-checklist-template.md +46 -0
package/skills/qa-plan-creator/templates/test-plan-template.md +74 -0
package/skills/qa-playwright-py-writer/SKILL.md +156 -0
package/skills/qa-playwright-py-writer/references/best-practices.md +194 -0
package/skills/qa-playwright-py-writer/references/config.md +195 -0
package/skills/qa-playwright-py-writer/references/patterns.md +212 -0
package/skills/qa-playwright-ts-writer/SKILL.md +151 -0
package/skills/qa-playwright-ts-writer/references/assertions.md +109 -0
package/skills/qa-playwright-ts-writer/references/best-practices.md +191 -0
package/skills/qa-playwright-ts-writer/references/config.md +144 -0
package/skills/qa-playwright-ts-writer/references/patterns.md +171 -0
package/skills/qa-pytest-writer/SKILL.md +145 -0
package/skills/qa-pytest-writer/references/assertions.md +149 -0
package/skills/qa-pytest-writer/references/best-practices.md +97 -0
package/skills/qa-pytest-writer/references/config.md +176 -0
package/skills/qa-pytest-writer/references/patterns.md +251 -0
package/skills/qa-qase-integration/SKILL.md +149 -0
package/skills/qa-qase-integration/references/api-reference.md +354 -0
package/skills/qa-qase-integration/references/ci-integration.md +196 -0
package/skills/qa-qase-integration/references/field-mapping.md +157 -0
package/skills/qa-requirements-generator/SKILL.md +152 -0
package/skills/qa-requirements-generator/references/iso-29148-structure.md +153 -0
package/skills/qa-requirements-generator/references/requirement-patterns.md +278 -0
package/skills/qa-rest-assured-writer/SKILL.md +137 -0
package/skills/qa-rest-assured-writer/references/best-practices.md +50 -0
package/skills/qa-rest-assured-writer/references/config.md +124 -0
package/skills/qa-rest-assured-writer/references/patterns.md +192 -0
package/skills/qa-risk-analyzer/SKILL.md +158 -0
package/skills/qa-risk-analyzer/references/impact-analysis.md +133 -0
package/skills/qa-risk-analyzer/references/risk-factors.md +123 -0
package/skills/qa-robot-framework-writer/SKILL.md +147 -0
package/skills/qa-robot-framework-writer/references/best-practices.md +249 -0
package/skills/qa-robot-framework-writer/references/config.md +204 -0
package/skills/qa-robot-framework-writer/references/libraries.md +273 -0
package/skills/qa-robot-framework-writer/references/patterns.md +216 -0
package/skills/qa-security-test-writer/SKILL.md +123 -0
package/skills/qa-security-test-writer/references/best-practices.md +155 -0
package/skills/qa-security-test-writer/references/owasp-top10.md +331 -0
package/skills/qa-security-test-writer/references/zap-config.md +258 -0
package/skills/qa-selenium-java-writer/SKILL.md +143 -0
package/skills/qa-selenium-java-writer/references/best-practices.md +59 -0
package/skills/qa-selenium-java-writer/references/config.md +143 -0
package/skills/qa-selenium-java-writer/references/patterns.md +170 -0
package/skills/qa-selenium-py-writer/SKILL.md +150 -0
package/skills/qa-selenium-py-writer/references/best-practices.md +175 -0
package/skills/qa-selenium-py-writer/references/config.md +224 -0
package/skills/qa-selenium-py-writer/references/patterns.md +255 -0
package/skills/qa-shortcut-integration/SKILL.md +143 -0
package/skills/qa-shortcut-integration/references/api-patterns.md +126 -0
package/skills/qa-shortcut-integration/references/field-mapping.md +66 -0
package/skills/qa-spec-auditor/SKILL.md +162 -0
package/skills/qa-spec-auditor/references/audit-checklist.md +144 -0
package/skills/qa-spec-auditor/references/drift-patterns.md +207 -0
package/skills/qa-spec-writer/SKILL.md +143 -0
package/skills/qa-spec-writer/references/gherkin-guide.md +253 -0
package/skills/qa-spec-writer/references/specification-patterns.md +274 -0
package/skills/qa-spring-test-writer/SKILL.md +170 -0
package/skills/qa-spring-test-writer/references/best-practices.md +57 -0
package/skills/qa-spring-test-writer/references/config.md +179 -0
package/skills/qa-spring-test-writer/references/patterns.md +235 -0
package/skills/qa-supertest-writer/SKILL.md +150 -0
package/skills/qa-supertest-writer/references/assertions.md +192 -0
package/skills/qa-supertest-writer/references/best-practices.md +102 -0
package/skills/qa-supertest-writer/references/config.md +166 -0
package/skills/qa-supertest-writer/references/patterns.md +242 -0
package/skills/qa-task-creator/SKILL.md +142 -0
package/skills/qa-task-creator/references/linking-patterns.md +127 -0
package/skills/qa-task-creator/references/task-types.md +169 -0
package/skills/qa-task-creator/templates/task-template.md +24 -0
package/skills/qa-test-doc-compiler/SKILL.md +114 -0
package/skills/qa-test-doc-compiler/references/agile-tailoring.md +220 -0
package/skills/qa-test-doc-compiler/references/iso-29119-3-documents.md +302 -0
package/skills/qa-test-healer/SKILL.md +101 -0
package/skills/qa-test-healer/references/diagnosis-patterns.md +142 -0
package/skills/qa-test-healer/references/fix-strategies.md +177 -0
package/skills/qa-test-reporter/SKILL.md +130 -0
package/skills/qa-test-reporter/references/best-practices.md +162 -0
package/skills/qa-test-reporter/references/iso-29119-reports.md +236 -0
package/skills/qa-test-reporter/references/report-formats.md +287 -0
package/skills/qa-test-reviewer/SKILL.md +142 -0
package/skills/qa-test-reviewer/references/anti-patterns.md +268 -0
package/skills/qa-test-reviewer/references/review-checklist.md +93 -0
package/skills/qa-test-strategy/SKILL.md +133 -0
package/skills/qa-test-strategy/references/entry-exit-criteria.md +176 -0
package/skills/qa-test-strategy/references/risk-matrix.md +102 -0
package/skills/qa-test-strategy/references/testing-types.md +143 -0
package/skills/qa-testcase-from-docs/SKILL.md +161 -0
package/skills/qa-testcase-from-docs/references/test-case-format.md +196 -0
package/skills/qa-testcase-from-docs/references/test-design-techniques.md +126 -0
package/skills/qa-testcase-from-docs/templates/test-case-template.md +31 -0
package/skills/qa-testcase-from-ui/SKILL.md +109 -0
package/skills/qa-testcase-from-ui/references/ui-element-patterns.md +126 -0
package/skills/qa-testcase-from-ui/references/visual-analysis-guide.md +146 -0
package/skills/qa-testcase-from-ui/templates/test-case-template.md +31 -0
package/skills/qa-visual-regression-writer/SKILL.md +175 -0
package/skills/qa-visual-regression-writer/references/best-practices.md +154 -0
package/skills/qa-visual-regression-writer/references/config.md +220 -0
package/skills/qa-visual-regression-writer/references/patterns.md +213 -0
package/skills/qa-vitest-writer/SKILL.md +141 -0
package/skills/qa-vitest-writer/references/assertions.md +105 -0
package/skills/qa-vitest-writer/references/best-practices.md +62 -0
package/skills/qa-vitest-writer/references/config.md +127 -0
package/skills/qa-vitest-writer/references/patterns.md +141 -0
package/skills/qa-webdriverio-writer/SKILL.md +145 -0
package/skills/qa-webdriverio-writer/references/best-practices.md +176 -0
package/skills/qa-webdriverio-writer/references/config.md +240 -0
package/skills/qa-webdriverio-writer/references/patterns.md +269 -0

package/skills/qa-supertest-writer/SKILL.md ADDED Viewed

@@ -0,0 +1,150 @@
+---
+name: qa-supertest-writer
+description: Generate Supertest API and integration tests for TypeScript/Node.js with Express/Koa integration, chained assertions, and authentication handling.
+output_dir: tests/api
+dependencies:
+  recommended:
+    - qa-api-contract-curator
+---
+# QA Supertest Writer
+## Purpose
+Write API and integration tests using Supertest from test case specifications and API contracts. Transform structured test cases (from qa-testcase-from-docs, qa-manual-test-designer) and OpenAPI contracts (from qa-api-contract-curator) into executable Supertest code with chained assertions, authentication support, and response validation.
+## Trigger Phrases
+- "Write Supertest tests for [API/endpoint]"
+- "Generate API tests from OpenAPI contract"
+- "Create Supertest integration tests for Express"
+- "Add API tests for [endpoint] with auth"
+- "Supertest tests from test cases"
+- "API contract to Supertest tests"
+- "Test file upload with Supertest"
+- "Supertest tests for Koa server"
+## Key Features
+| Feature | Description |
+| ------- | ----------- |
+| **Express/Koa integration** | `request(app)` — no server startup; tests run against app instance |
+| **Chained HTTP assertions** | `.expect(statusCode)`, `.expect(contentType)`, `.expect(body)` — fluent API |
+| **Request/response validation** | Headers, status, body shape; JSON Schema or Zod/Joi for schema validation |
+| **Authentication support** | Bearer tokens, cookies, API keys via `.set()` |
+| **File upload testing** | `.attach()` for multipart/form-data |
+## Workflow
+1. **Read test cases + API contract** — From qa-testcase-from-docs, qa-manual-test-designer, or qa-api-contract-curator (OpenAPI)
+2. **Generate API test files** — Produce `{endpoint}.api.test.ts` with `describe` per endpoint, `it` per scenario
+3. **Add auth setup** — Bearer token, cookies, or API key fixtures in `beforeEach`/`beforeAll`
+4. **Validate responses** — Status codes, headers, body matching; optional schema validation (Zod, Joi, JSON Schema)
+## Context7 MCP
+Use **Context7 MCP** for current Supertest documentation when:
+- API signatures or chaining behavior are uncertain
+- New Supertest features need verification
+- Express vs Koa setup differences require clarification
+## Key Patterns
+| Pattern | Usage |
+| ------- | ----- |
+| `request(app)` | Wrap Express/Koa app; no `listen()` needed |
+| `.get(path)` / `.post(path)` / `.put(path)` / `.delete(path)` | HTTP method + path |
+| `.set(header, value)` | Set request headers (Authorization, Content-Type, etc.) |
+| `.send(body)` | Request body (JSON, form) |
+| `.expect(statusCode)` | Assert response status |
+| `.expect(contentType, /json/)` | Assert Content-Type header |
+| `.expect(body)` | Assert response body (string, regex, function) |
+| Chained assertions | `.get('/users').expect(200).expect('Content-Type', /json/)` |
+| Bearer token | `.set('Authorization', 'Bearer ' + token)` |
+| Cookies | `.set('Cookie', cookieString)` or use agent for session |
+| File upload | `.attach(field, filePath)` |
+See `references/patterns.md` for CRUD, auth, file upload, error responses, pagination.
+## Test Structure
+- **describe** per endpoint (e.g., `describe('GET /users')`)
+- **it** per scenario: success, validation error, unauthorized, not found, conflict
+- **beforeAll/beforeEach** for auth tokens, DB seeding, cleanup
+- **afterEach/afterAll** for cleanup (e.g., truncate test data)
+## Integration with Express/Koa
+```ts
+import request from 'supertest'
+import { app } from '../src/app'
+describe('API', () => {
+  it('GET /health returns 200', () =>
+    request(app).get('/health').expect(200))
+})
+```
+No `app.listen()` — Supertest handles the request internally.
+## Schema Validation
+- **JSON Schema** — Use `ajv` or similar to validate response against schema
+- **Zod** — `zodSchema.parse(response.body)` in custom `.expect()` callback
+- **Joi** — `Joi.assert(response.body, schema)` in callback
+## File Naming
+- `{endpoint}.api.test.ts` — e.g., `users.api.test.ts`, `auth.api.test.ts`
+- `{resource}.api.test.ts` — e.g., `products.api.test.ts`
+## Scope
+**Can do (autonomous):**
+- Generate Supertest API tests from test cases and OpenAPI contracts
+- Add auth setup (Bearer, cookies, API key)
+- Use chained assertions, `.set()`, `.send()`, `.attach()`
+- Configure test server, DB seeding, cleanup
+- Validate responses with status, headers, body; add schema validation (Zod/Joi)
+- Call qa-api-contract-curator for contract when needed
+- Use Context7 MCP for Supertest docs
+**Cannot do (requires confirmation):**
+- Change production API implementation
+- Add dependencies not in package.json
+- Override project test config without approval
+**Will not do (out of scope):**
+- Execute tests (user runs `npm test` or `vitest`)
+- Write E2E browser tests (use qa-playwright-ts-writer)
+- Modify CI/CD pipelines
+## References
+- `references/patterns.md` — CRUD, auth, file upload, error responses, pagination
+- `references/assertions.md` — Status codes, headers, body matching, schema validation
+- `references/config.md` — Test server config, DB seeding, cleanup
+- `references/best-practices.md` — Test isolation, DB state, auth fixtures, response validation
+## Quality Checklist
+- [ ] Tests match test case steps and expected results
+- [ ] Each endpoint has success and error scenarios (validation, 401, 404)
+- [ ] Auth setup is correct (Bearer, cookies) and isolated per test
+- [ ] No hardcoded secrets; use env vars or test fixtures
+- [ ] Response assertions are specific (status, body shape, headers)
+- [ ] File naming follows `{endpoint}.api.test.ts`
+- [ ] DB state is reset or isolated between tests
+- [ ] Schema validation used where contract specifies response shape
+## Troubleshooting
+| Symptom | Likely Cause | Fix |
+| ------- | ------------ | --- |
+| `request(app)` returns 404 | App not mounted or route missing | Verify app exports; check route registration order |
+| Tests pass individually, fail together | Shared DB state or auth leakage | Reset DB in `beforeEach`; use fresh tokens per test |
+| `.expect(body)` fails on dynamic fields | Body has timestamps, IDs, etc. | Use partial match, regex, or custom callback |
+| Auth not working | Token expired or wrong header | Check `Authorization` format; ensure token in scope |
+| File upload fails | Wrong field name or path | Match `field` to form field; use absolute path |
+| Koa app not working | Different API than Express | Use `request(app.callback())` for Koa |
+| CORS errors in tests | CORS middleware blocking | Supertest bypasses network; check middleware order |

package/skills/qa-supertest-writer/references/assertions.md ADDED Viewed

@@ -0,0 +1,192 @@
+# Supertest Assertion Reference
+Supertest provides chained `.expect()` methods for HTTP assertions. Combine with Vitest/Jest `expect()` for body validation.
+## Status Codes
+```ts
+request(app).get('/users').expect(200)
+request(app).post('/users').send({}).expect(201)
+request(app).get('/users/999').expect(404)
+request(app).get('/users').expect(401)  // Unauthorized
+request(app).post('/users').send({}).expect(400)  // Bad Request
+request(app).get('/error').expect(500)  // Server Error
+```
+| Code | Typical Use |
+| ---- | ----------- |
+| 200 | OK — GET, PUT, PATCH success |
+| 201 | Created — POST success |
+| 204 | No Content — DELETE success |
+| 400 | Bad Request — validation error |
+| 401 | Unauthorized — missing/invalid auth |
+| 403 | Forbidden — insufficient permissions |
+| 404 | Not Found — resource missing |
+| 409 | Conflict — duplicate, constraint violation |
+| 422 | Unprocessable Entity — semantic validation |
+| 500 | Internal Server Error |
+## Content-Type
+```ts
+request(app)
+  .get('/users')
+  .expect('Content-Type', /json/)
+  .expect(200)
+// Exact match
+request(app)
+  .get('/users')
+  .expect('Content-Type', 'application/json; charset=utf-8')
+```
+## Body Assertions
+### String Match
+```ts
+request(app)
+  .get('/health')
+  .expect(200)
+  .expect('OK')
+```
+### Regex Match
+```ts
+request(app)
+  .get('/users/1')
+  .expect((res) => {
+    expect(res.body.email).toMatch(/^[\w.-]+@[\w.-]+\.\w+$/)
+  })
+```
+### Custom Callback
+```ts
+request(app)
+  .get('/users')
+  .expect(200)
+  .expect((res) => {
+    expect(res.body).toHaveProperty('users')
+    expect(res.body.users.length).toBeGreaterThan(0)
+    expect(res.body.users[0]).toHaveProperty('id')
+  })
+```
+### With Vitest/Jest expect()
+```ts
+const res = await request(app).get('/users').expect(200)
+expect(res.body).toHaveProperty('users')
+expect(res.body.users).toEqual(expect.arrayContaining([
+  expect.objectContaining({ id: 1, email: expect.any(String) }),
+]))
+expect(res.body.users[0]).toMatchObject({ id: 1, name: 'Alice' })
+```
+## Header Assertions
+```ts
+request(app)
+  .get('/users')
+  .expect('Content-Type', /json/)
+  .expect('X-Request-ID', (val) => expect(val).toBeDefined())
+  .expect(200)
+// Or capture and assert
+const res = await request(app).get('/users').expect(200)
+expect(res.headers['content-type']).toMatch(/json/)
+expect(res.headers['x-request-id']).toBeDefined()
+```
+## Schema Validation
+### Zod
+```ts
+import { z } from 'zod'
+const UserSchema = z.object({
+  id: z.number(),
+  email: z.string().email(),
+  name: z.string(),
+})
+request(app)
+  .get('/users/1')
+  .expect(200)
+  .expect((res) => {
+    const parsed = UserSchema.parse(res.body)
+    expect(parsed.id).toBe(1)
+  })
+```
+### Joi
+```ts
+import Joi from 'joi'
+const userSchema = Joi.object({
+  id: Joi.number().required(),
+  email: Joi.string().email().required(),
+  name: Joi.string().required(),
+})
+request(app)
+  .get('/users/1')
+  .expect(200)
+  .expect((res) => {
+    Joi.assert(res.body, userSchema)
+  })
+```
+### JSON Schema (ajv)
+```ts
+import Ajv from 'ajv'
+const ajv = new Ajv()
+const validate = ajv.compile(userJsonSchema)
+request(app)
+  .get('/users/1')
+  .expect(200)
+  .expect((res) => {
+    const valid = validate(res.body)
+    expect(valid).toBe(true)
+    if (!valid) expect(validate.errors).toBeDefined()
+  })
+```
+## Chained Assertions
+```ts
+await request(app)
+  .post('/users')
+  .set('Content-Type', 'application/json')
+  .send({ email: 'a@b.com', name: 'Alice' })
+  .expect(201)
+  .expect('Content-Type', /json/)
+  .expect((res) => {
+    expect(res.body).toHaveProperty('id')
+    expect(res.body.email).toBe('a@b.com')
+  })
+```
+## Async vs Sync
+Use `await` when you need the response for further assertions:
+```ts
+const res = await request(app).get('/users').expect(200)
+const firstUser = res.body.users[0]
+expect(firstUser).toHaveProperty('email')
+```
+Return the chain when Supertest assertions are sufficient:
+```ts
+it('returns 200', () => request(app).get('/users').expect(200))
+```

package/skills/qa-supertest-writer/references/best-practices.md ADDED Viewed

@@ -0,0 +1,102 @@
+# API Testing Best Practices
+## Test Isolation
+1. **Independent tests** — Each test should pass or fail regardless of order. Use `beforeEach` to reset state.
+2. **No shared mutable state** — Avoid global variables that tests modify; use fixtures or factories.
+3. **Clean database** — Truncate or delete test data between tests, or use transactions that rollback.
+## Database State
+| Approach | Pros | Cons |
+| -------- | ---- | ---- |
+| **Truncate + seed** | Clean slate each run | Slower; may conflict with parallel tests |
+| **Transactions** | Fast; automatic rollback | Requires transaction support in app |
+| **Isolated DB per worker** | No cross-test pollution | More setup; resource usage |
+| **Factory + unique data** | Flexible; no truncate | Must avoid collisions (unique emails, etc.) |
+### Transaction Rollback Example
+```ts
+beforeEach(async () => {
+  await db.transaction.begin()
+})
+afterEach(async () => {
+  await db.transaction.rollback()
+})
+```
+## Auth Fixtures
+1. **Use test-only accounts** — Never use production credentials.
+2. **Create tokens in beforeAll** — Reuse when tests don't mutate auth state.
+3. **Fresh token per test** — When testing logout, token expiry, or auth changes.
+4. **Store in env** — `TEST_USER_EMAIL`, `TEST_USER_PASSWORD` in `.env.test`.
+```ts
+beforeAll(async () => {
+  token = await getAuthToken(
+    process.env.TEST_USER_EMAIL!,
+    process.env.TEST_USER_PASSWORD!
+  )
+})
+```
+## Response Validation
+1. **Assert status first** — `.expect(200)` before body checks.
+2. **Prefer partial match** — Use `toMatchObject` for dynamic fields (id, createdAt).
+3. **Schema validation** — Use Zod/Joi for contract compliance when OpenAPI is available.
+4. **Avoid over-asserting** — Test what matters; don't lock in implementation details.
+## Error Scenarios
+Cover at least:
+- **Success** — 200/201/204 as per contract
+- **Validation error** — 400 with error payload
+- **Unauthorized** — 401 when missing/invalid auth
+- **Forbidden** — 403 when insufficient permissions
+- **Not found** — 404 for missing resources
+- **Conflict** — 409 for duplicates (where applicable)
+## File Naming and Structure
+```
+tests/
+  api/
+    users.api.test.ts
+    auth.api.test.ts
+    products.api.test.ts
+  fixtures/
+    seed.ts
+    users.ts
+  helpers/
+    auth.ts
+```
+## Avoid
+1. **Hardcoded secrets** — Use env vars or test fixtures.
+2. **Testing implementation** — Test behavior and contract, not internal routes.
+3. **Flaky tests** — No sleep/timeout; use deterministic data.
+4. **Large payloads** — Minimize fixture size; use factories for scale.
+5. **External services** — Mock HTTP calls to third-party APIs.
+## Parallel Execution
+When running tests in parallel:
+- Use separate DB/schema per worker, or
+- Use unique data (UUIDs, timestamps) to avoid collisions, or
+- Run API tests sequentially (`--pool=forks` or `--run` with single worker)
+## Contract-Driven Tests
+When using OpenAPI from qa-api-contract-curator:
+1. Generate tests from paths and operations.
+2. Map status codes from `responses` to `.expect()`.
+3. Use `requestBody` schema for `.send()` payloads.
+4. Use `responses.*.content.*.schema` for body validation (Zod/JSON Schema).

package/skills/qa-supertest-writer/references/config.md ADDED Viewed

@@ -0,0 +1,166 @@
+# Supertest Configuration
+## Test Server Configuration
+### Express
+```ts
+import request from 'supertest'
+import { app } from '../src/app'
+// app is the Express instance; no listen() needed
+describe('API', () => {
+  it('works', () => request(app).get('/health').expect(200))
+})
+```
+### Koa
+```ts
+import request from 'supertest'
+import { app } from '../src/app'
+// Koa: use app.callback()
+describe('API', () => {
+  it('works', () => request(app.callback()).get('/health').expect(200))
+})
+```
+### HTTP Server (if app is wrapped)
+```ts
+import http from 'http'
+import { app } from '../src/app'
+const server = http.createServer(app)
+describe('API', () => {
+  it('works', () => request(server).get('/health').expect(200))
+})
+```
+## Test Runner Setup
+### Vitest
+```ts
+// vitest.config.ts
+import { defineConfig } from 'vitest/config'
+export default defineConfig({
+  test: {
+    environment: 'node',
+    include: ['**/*.api.test.ts'],
+    testTimeout: 10000,
+  },
+})
+```
+### Jest
+```ts
+// jest.config.js
+module.exports = {
+  testEnvironment: 'node',
+  testMatch: ['**/*.api.test.ts'],
+  testTimeout: 10000,
+}
+```
+## Database Seeding
+### beforeAll (once per suite)
+```ts
+import { seedTestData } from '../test/fixtures/seed'
+beforeAll(async () => {
+  await seedTestData()
+})
+```
+### beforeEach (per test)
+```ts
+beforeEach(async () => {
+  await db.users.truncate()
+  await db.users.insert(testUsers)
+})
+```
+### Factory-based
+```ts
+beforeEach(async () => {
+  await userFactory.create({ email: 'test@example.com' })
+})
+```
+## Cleanup
+### afterEach
+```ts
+afterEach(async () => {
+  await db.users.deleteMany({ email: { $regex: /@test\.example\.com$/ } })
+})
+```
+### afterAll
+```ts
+afterAll(async () => {
+  await db.disconnect()
+})
+```
+## Environment Variables
+```ts
+// tests/setup.ts or vitest.config.ts
+process.env.NODE_ENV = 'test'
+process.env.DATABASE_URL = process.env.TEST_DATABASE_URL ?? 'postgres://localhost:5432/test_db'
+```
+## Base URL (when testing remote)
+```ts
+// For remote API (not typical with Supertest)
+import request from 'supertest'
+const baseUrl = process.env.API_BASE_URL ?? 'http://localhost:3000'
+describe('Remote API', () => {
+  it('works', () => request(baseUrl).get('/health').expect(200))
+})
+```
+## Timeouts
+```ts
+// vitest.config.ts
+test: {
+  testTimeout: 15000,  // 15s for slow DB/API tests
+}
+```
+## Shared Auth Fixture
+```ts
+// tests/helpers/auth.ts
+export async function getAuthToken(): Promise<string> {
+  const res = await request(app)
+    .post('/auth/login')
+    .send({ email: 'test@example.com', password: 'test' })
+  return res.body.token
+}
+```
+```ts
+// In test file
+let token: string
+beforeAll(async () => {
+  token = await getAuthToken()
+})
+```