qaa-agent 1.9.1 → 1.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/CHANGELOG.md +43 -22
  2. package/CLAUDE.md +170 -9
  3. package/README.md +384 -357
  4. package/VERSION +1 -0
  5. package/agents/qa-pipeline-orchestrator.md +336 -22
  6. package/agents/qaa-analyzer.md +0 -1
  7. package/agents/qaa-bug-detective.md +163 -4
  8. package/agents/qaa-codebase-mapper.md +50 -1
  9. package/agents/qaa-discovery.md +421 -384
  10. package/agents/qaa-e2e-runner.md +163 -1
  11. package/agents/qaa-executor.md +142 -1
  12. package/agents/qaa-planner.md +14 -1
  13. package/agents/qaa-project-researcher.md +194 -0
  14. package/agents/qaa-scanner.md +77 -1
  15. package/agents/qaa-testid-injector.md +0 -1
  16. package/agents/qaa-validator.md +86 -1
  17. package/bin/install.cjs +375 -253
  18. package/bin/lib/context7-cache.cjs +299 -0
  19. package/bin/lib/intent-detector.cjs +488 -0
  20. package/commands/qa-audit.md +255 -126
  21. package/commands/qa-create-test.md +666 -365
  22. package/commands/qa-fix.md +684 -513
  23. package/commands/qa-map.md +283 -139
  24. package/commands/qa-pr.md +63 -0
  25. package/commands/qa-research.md +181 -157
  26. package/commands/qa-start.md +62 -6
  27. package/commands/qa-test-report.md +219 -219
  28. package/frameworks/cypress.json +54 -0
  29. package/frameworks/jest.json +59 -0
  30. package/frameworks/playwright.json +58 -0
  31. package/frameworks/pytest.json +59 -0
  32. package/frameworks/robot-framework.json +54 -0
  33. package/frameworks/selenium.json +65 -0
  34. package/frameworks/vitest.json +57 -0
  35. package/package.json +7 -3
  36. package/workflows/qa-analyze.md +100 -4
  37. package/workflows/qa-from-ticket.md +50 -2
  38. package/workflows/qa-gap.md +50 -2
  39. package/workflows/qa-start.md +819 -33
  40. package/workflows/qa-testid.md +50 -2
  41. package/workflows/qa-validate.md +50 -2
@@ -1,6 +1,70 @@
1
+ <critical_directive priority="MANDATORY">
2
+
3
+ ## ⚠ MANDATORY EXECUTION RULES — READ AND OBEY BEFORE ANYTHING ELSE
4
+
5
+ These rules are non-negotiable. Read them before any other section of this file.
6
+
7
+ ### Rule 1 — Execute every step literally
8
+
9
+ This workflow is a script, NOT a guide. Run each `<step>` in order. Do NOT skip steps. Do NOT reorder steps. Do NOT adapt steps to "fit" the user's situation.
10
+
11
+ ### Rule 2 — Your FIRST tool call MUST be the bash block in Step 1 (initialize)
12
+
13
+ Specifically: run `node ~/.claude/qaa/bin/lib/intent-detector.cjs --resolve ...` as your very first action. Do NOT explore the repo first. Do NOT analyze the user's prompt independently. Do NOT make assumptions about whether the pipeline "applies".
14
+
15
+ ### Rule 3 — NEVER improvise an alternative pipeline
16
+
17
+ If you find yourself thinking "the standard pipeline doesn't apply because [empty repo / external URL / different framework / X / Y]", **STOP**. The pipeline applies. Run it as written.
18
+
19
+ If a stage genuinely cannot complete, the workflow itself handles that case (with non-blocking failures, fallbacks, or stop-pipeline directives). Your job is to **execute**, not to redesign.
20
+
21
+ ### Rule 4 — If a step fails, report failure — do not adapt
22
+
23
+ When a bash command fails or a sub-agent returns an error, report it as a pipeline failure following the `<error_handling>` rules at the bottom of this file. Do NOT "work around" it. Do NOT scaffold an alternative.
24
+
25
+ ### Rule 5 — Empty target repos are NORMAL and expected
26
+
27
+ The pipeline handles empty repos. Many stages produce skeleton output or report "nothing to do" for empty repos. This is **by design**. Do NOT interpret "empty repo" as a signal to abandon the workflow and start scaffolding things directly.
28
+
29
+ ### Rule 6 — Your role is execution, not architecture
30
+
31
+ You are running a defined process. The user chose this process by invoking `/qa-start`. Do NOT second-guess the design. Do NOT decide that a different approach would be better. Run the workflow.
32
+
33
+ ### Rule 7 — Pass `$ARGUMENTS` to the intent detector LITERALLY
34
+
35
+ When Step 1 says `node ~/.claude/qaa/bin/lib/intent-detector.cjs --resolve "$ARGUMENTS" ...`, the placeholder `$ARGUMENTS` must be substituted with the **raw user input as received**, with no mental translation, parsing, or restructuring.
36
+
37
+ **WRONG** — pre-translating NL to flag form before invoking the detector:
38
+ ```
39
+ # User prompt: "from URL https://x.com to C:\foo using cypress"
40
+ # DON'T DO THIS:
41
+ node ~/.claude/qaa/bin/lib/intent-detector.cjs --resolve '--app-url https://x.com --dev-repo "C:\foo" --framework cypress' ...
42
+ ```
43
+
44
+ **RIGHT** — passing the raw prompt as-is so the detector does its job:
45
+ ```
46
+ node ~/.claude/qaa/bin/lib/intent-detector.cjs --resolve 'from URL https://x.com to C:\foo using cypress' ...
47
+ ```
48
+
49
+ The detector handles NL parsing. If you pre-translate, the detector sees flags and reports `source: flag` for everything, which **bypasses the confirmation checkpoint** that exists specifically to catch NL-misinterpretation errors. That defeats the purpose.
50
+
51
+ ### Failure mode to recognize and prevent: IMPROVISATION
52
+
53
+ If, after reading this workflow, you find yourself doing any of the following, you have FAILED:
54
+
55
+ - Listing the target repo and saying "this is empty, I'll scaffold files directly"
56
+ - Saying "the standard pipeline assumes X, I'll adapt"
57
+ - Calling sub-agents that the workflow does not explicitly invoke
58
+ - Generating files (.spec.ts, .robot, etc.) before reaching the `<step name="generate">` stage
59
+ - Skipping the `<step name="initialize">` bash block and going straight to other steps
60
+
61
+ If you catch yourself about to do any of these, **stop, return to the top of this workflow, and execute Step 1 first**.
62
+
63
+ </critical_directive>
64
+
1
65
  <purpose>
2
66
 
3
- Orchestrate the full QA automation pipeline: scan -> analyze -> [testid-inject if frontend] -> plan -> generate -> validate -> [bug-detective if failures] -> deliver. Detects workflow option (1/2/3) from arguments, spawns specialized agents for each stage, manages state transitions, handles checkpoints (safe auto-approve, risky always pause), and delivers a draft PR with per-stage atomic commits.
67
+ Orchestrate the full QA automation pipeline: scan -> analyze -> [testid-inject if frontend] -> plan -> generate -> validate -> [e2e-runner if E2E tests AND app URL] -> [bug-detective if failures] -> deliver. Detects workflow option (1/2/3) from arguments, spawns specialized agents for each stage, manages state transitions, handles checkpoints (safe auto-approve, risky always pause), and delivers a draft PR with per-stage atomic commits.
4
68
 
5
69
  Invoked by the `/qa-start` slash command. Accepts `--dev-repo`, `--qa-repo`, and `--auto` flags.
6
70
 
@@ -21,36 +85,134 @@ Read these files BEFORE executing any pipeline stage. Do NOT skip.
21
85
 
22
86
  ## Step 1: Initialize Pipeline
23
87
 
24
- Parse `$ARGUMENTS` for flags:
88
+ Parse `$ARGUMENTS` using the intent detector (handles flags + natural language + paths with spaces):
25
89
 
26
90
  ```bash
27
- DEV_REPO=""
28
- QA_REPO=""
29
- IS_AUTO=false
91
+ # Resolve flags + NL + defaults via shared intent detector
92
+ # IMPORTANT: $ARGUMENTS must be the RAW user input, NOT a pre-translated flag string.
93
+ # The detector handles NL parsing — pre-translation defeats the confirmation checkpoint.
94
+ RESOLVED=$(node ~/.claude/qaa/bin/lib/intent-detector.cjs --resolve "$ARGUMENTS" --aliases '{"dev_repo":"dev-repo","qa_repo":"qa-repo","app_url":"app-url","framework":"framework"}')
95
+
96
+ # Extract resolved values
97
+ DEV_REPO=$(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(j.resolved.dev_repo?.value || '')")
98
+ QA_REPO=$(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(j.resolved.qa_repo?.value || '')")
99
+ APP_URL=$(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(j.resolved.app_url?.value || '')")
100
+ FRAMEWORK=$(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(j.resolved.framework?.value || '')")
101
+ IS_AUTO=$(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(j.resolved.auto?.value === true ? 'true' : 'false')")
102
+
103
+ # Print the INPUT DETECTION banner (always shown — with flags, with NL, or defaults)
104
+ echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(j.banner)"
105
+ ```
30
106
 
31
- # Parse --dev-repo flag
32
- if echo "$ARGUMENTS" | grep -qE '\-\-dev-repo'; then
33
- DEV_REPO=$(echo "$ARGUMENTS" | grep -oE '\-\-dev-repo\s+[^\s]+' | awk '{print $2}')
107
+ **If no --dev-repo provided and not detected from NL**, use the current working directory:
108
+ ```bash
109
+ if [ -z "$DEV_REPO" ]; then
110
+ DEV_REPO=$(pwd)
111
+ echo " (no dev-repo specified, defaulting to cwd: $DEV_REPO)"
34
112
  fi
113
+ ```
114
+
115
+ **Input Validation (5 pre-pipeline checks — Capa 1 of 3-layer validation system):**
35
116
 
36
- # Parse --qa-repo flag
37
- if echo "$ARGUMENTS" | grep -qE '\-\-qa-repo'; then
38
- QA_REPO=$(echo "$ARGUMENTS" | grep -oE '\-\-qa-repo\s+[^\s]+' | awk '{print $2}')
117
+ ```bash
118
+ echo "=== INPUT VALIDATION ==="
119
+ VALIDATION_FAIL=false
120
+
121
+ # Check 1: URL reachable (warning only, not fatal)
122
+ if [ -n "$APP_URL" ]; then
123
+ if curl -sf -o /dev/null -m 5 "$APP_URL" 2>/dev/null; then
124
+ echo " OK: AUT URL reachable ($APP_URL)"
125
+ else
126
+ echo " WARN: AUT URL not reachable from this network — proceeding anyway"
127
+ fi
39
128
  fi
40
129
 
41
- # Parse --auto flag
42
- if echo "$ARGUMENTS" | grep -qE '\-\-auto'; then
43
- IS_AUTO=true
130
+ # Check 2: Path destino writable or creatable
131
+ if [ -n "$DEV_REPO" ]; then
132
+ if [ -d "$DEV_REPO" ] && [ -w "$DEV_REPO" ]; then
133
+ echo " OK: dev-repo path exists and is writable"
134
+ elif [ ! -d "$DEV_REPO" ]; then
135
+ parent=$(dirname "$DEV_REPO")
136
+ if [ -d "$parent" ] && [ -w "$parent" ]; then
137
+ echo " OK: dev-repo path can be created"
138
+ else
139
+ echo " FAIL: dev-repo path is not writable: $DEV_REPO"
140
+ VALIDATION_FAIL=true
141
+ fi
142
+ fi
143
+ fi
144
+
145
+ # Check 3: URL not ambiguous with ticket platforms
146
+ if [ -n "$APP_URL" ]; then
147
+ if echo "$APP_URL" | grep -qE "github\.com.*(issues|pull)|atlassian\.net|linear\.app|dev\.azure\.com"; then
148
+ echo " WARN: $APP_URL looks like a ticket URL — did you mean /qa-from-ticket? Proceeding anyway."
149
+ fi
150
+ fi
151
+
152
+ # Check 4: No multiple AUT URLs detected
153
+ URL_COUNT=$(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(j.intent.aut_urls.length)")
154
+ if [ "$URL_COUNT" -gt 1 ]; then
155
+ echo " FAIL: $URL_COUNT AUT URLs detected, expected at most 1"
156
+ echo " Found: $(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(j.intent.aut_urls.join(', '))")"
157
+ VALIDATION_FAIL=true
158
+ fi
159
+
160
+ # Check 5: Framework target exists in registry (warn if not, falls back to Context7)
161
+ if [ -n "$FRAMEWORK" ]; then
162
+ if [ -f "frameworks/${FRAMEWORK}.json" ]; then
163
+ echo " OK: framework '$FRAMEWORK' found in registry"
164
+ else
165
+ echo " WARN: framework '$FRAMEWORK' not in frameworks/ registry — relying on Context7 only"
166
+ fi
167
+ fi
168
+
169
+ if [ "$VALIDATION_FAIL" = "true" ]; then
170
+ echo "=== VALIDATION FAILED — pipeline stopped ==="
171
+ exit 1
44
172
  fi
173
+ echo "=== VALIDATION OK ==="
174
+
175
+ # Detect if any value came from NL or default (i.e., not all explicit flags)
176
+ ALL_FROM_FLAGS=$(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); const sources=Object.values(j.resolved).map(v=>v.source); console.log(sources.length>0 && sources.every(s=>s==='flag') ? 'true' : 'false')")
177
+ HAS_ANY_NL=$(echo "$RESOLVED" | node -e "const j=JSON.parse(require('fs').readFileSync(0,'utf8')); console.log(Object.values(j.resolved).some(v=>v.source==='NL') ? 'true' : 'false')")
178
+ ```
179
+
180
+ **Confirmation checkpoint** (only in interactive mode):
181
+
182
+ If `IS_AUTO=false` AND `ALL_FROM_FLAGS=false` (i.e., some values came from NL or defaults), the agent **MUST PAUSE** and ask the user to confirm before proceeding to scan/codebase-map/research stages.
183
+
184
+ The pause is justified because:
185
+ - NL detection can be wrong (e.g., wrong path inferred from a sentence)
186
+ - All-defaults case may mean user is running from wrong cwd
187
+
188
+ Format the confirmation prompt like this:
189
+
45
190
  ```
191
+ The values above were resolved from {natural language | defaults | a mix of flags and NL}.
192
+ Some values were not explicitly specified via flags.
193
+
194
+ Do you want to continue with these inputs? (yes/no)
195
+ - yes → proceed with the pipeline
196
+ - no → cancel; re-run with explicit flags
197
+ ```
198
+
199
+ **Skip the pause when:**
200
+ - `IS_AUTO=true` (auto mode bypasses all safe checkpoints)
201
+ - `ALL_FROM_FLAGS=true` (every resolved value has source: flag — user knows what they want)
46
202
 
47
- **If no --dev-repo provided**, use the current working directory:
203
+ In auto mode, log instead of prompt:
204
+ ```
205
+ Auto-mode: proceeding with detected inputs (banner above for audit trail).
206
+ ```
207
+
208
+ Wait for user response before invoking any sub-agent. If user says "no" or anything other than yes/y/proceed/continue, STOP the pipeline cleanly:
48
209
  ```bash
49
- if [ -z "$DEV_REPO" ]; then
50
- DEV_REPO=$(pwd)
51
- fi
210
+ echo "Pipeline cancelled by user. No tokens spent on sub-agents."
211
+ exit 0
52
212
  ```
53
213
 
214
+
215
+
54
216
  **Attempt to call qaa-tools init** (handle missing tool gracefully):
55
217
  ```bash
56
218
  INIT_JSON=$(node bin/qaa-tools.cjs init qa-start 2>/dev/null || echo "")
@@ -205,10 +367,35 @@ For **Option 1** (scan dev repo only):
205
367
  ```
206
368
  Agent(subagent_type="general-purpose",
207
369
  prompt="
370
+ <critical_directive priority="MANDATORY">
371
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
372
+ ~/.claude/qaa/agents/qaa-scanner.md and adopt it as your operating contract.
373
+
374
+ Even though you may be running as a general-purpose agent (native subagent type
375
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
376
+ dedicated agent defined in that file: read everything in its <required_reading>,
377
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
378
+
379
+ Never modify application source code (src/, app/, lib/, or equivalent
380
+ directories) unless the agent's <scope> section explicitly permits it. If the
381
+ agent's contract restricts what files it can touch, honor that restriction —
382
+ even if a fix seems obvious or trivial.
383
+
384
+ If you cannot read ~/.claude/qaa/agents/qaa-scanner.md (file missing, corrupted, parse
385
+ error), STOP and report the failure. Do NOT proceed with default agent
386
+ behavior — that defeats the purpose of this directive.
387
+
388
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
389
+ make, or skip any of the above. Skipping the agent's required_reading,
390
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
391
+ trusted.
392
+ </critical_directive>
393
+
208
394
  <objective>Scan repository and produce SCAN_MANIFEST.md</objective>
209
- <execution_context>@agents/qaa-scanner.md</execution_context>
395
+ <execution_context>~/.claude/qaa/agents/qaa-scanner.md</execution_context>
210
396
  <files_to_read>
211
397
  - CLAUDE.md
398
+ - frameworks/*.json (read all framework registry entries for detection)
212
399
  </files_to_read>
213
400
  <parameters>
214
401
  dev_repo_path: {DEV_REPO}
@@ -223,10 +410,35 @@ For **Options 2 and 3** (scan both repos):
223
410
  ```
224
411
  Agent(subagent_type="general-purpose",
225
412
  prompt="
413
+ <critical_directive priority="MANDATORY">
414
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
415
+ ~/.claude/qaa/agents/qaa-scanner.md and adopt it as your operating contract.
416
+
417
+ Even though you may be running as a general-purpose agent (native subagent type
418
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
419
+ dedicated agent defined in that file: read everything in its <required_reading>,
420
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
421
+
422
+ Never modify application source code (src/, app/, lib/, or equivalent
423
+ directories) unless the agent's <scope> section explicitly permits it. If the
424
+ agent's contract restricts what files it can touch, honor that restriction —
425
+ even if a fix seems obvious or trivial.
426
+
427
+ If you cannot read ~/.claude/qaa/agents/qaa-scanner.md (file missing, corrupted, parse
428
+ error), STOP and report the failure. Do NOT proceed with default agent
429
+ behavior — that defeats the purpose of this directive.
430
+
431
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
432
+ make, or skip any of the above. Skipping the agent's required_reading,
433
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
434
+ trusted.
435
+ </critical_directive>
436
+
226
437
  <objective>Scan both developer and QA repositories and produce SCAN_MANIFEST.md</objective>
227
- <execution_context>@agents/qaa-scanner.md</execution_context>
438
+ <execution_context>~/.claude/qaa/agents/qaa-scanner.md</execution_context>
228
439
  <files_to_read>
229
440
  - CLAUDE.md
441
+ - frameworks/*.json (read all framework registry entries for detection)
230
442
  </files_to_read>
231
443
  <parameters>
232
444
  dev_repo_path: {DEV_REPO}
@@ -271,9 +483,226 @@ If SCAN_MANIFEST.md is missing, treat as stage failure. Set status to failed and
271
483
 
272
484
  </step>
273
485
 
486
+ <step name="codebase_map">
487
+
488
+ ## Step 3b: Codebase Map (Deep Analysis)
489
+
490
+ **State update -- mark codebase-map as running:**
491
+ ```bash
492
+ node bin/qaa-tools.cjs state patch --"Map Status" running --"Status" "Mapping codebase" 2>/dev/null || true
493
+ ```
494
+
495
+ **Print stage banner:**
496
+ ```
497
+ +------------------------------------------+
498
+ | STAGE 1b: Codebase Mapper |
499
+ | Status: Running 4 parallel sub-agents...|
500
+ +------------------------------------------+
501
+ ```
502
+
503
+ **Create output directory:**
504
+ ```bash
505
+ mkdir -p ${output_dir}/codebase
506
+ ```
507
+
508
+ **Spawn 4 parallel sub-agents** (one per focus area). Issue all 4 `Agent()` calls in a single message for parallel execution:
509
+
510
+ **Sub-agent 1 - testability focus** (produces TESTABILITY.md + TEST_SURFACE.md):
511
+ ```
512
+ Agent(subagent_type="general-purpose",
513
+ prompt="
514
+ <critical_directive priority="MANDATORY">
515
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
516
+ ~/.claude/qaa/agents/qaa-codebase-mapper.md and adopt it as your operating contract.
517
+
518
+ Even though you may be running as a general-purpose agent (native subagent type
519
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
520
+ dedicated agent defined in that file: read everything in its <required_reading>,
521
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
522
+
523
+ Never modify application source code (src/, app/, lib/, or equivalent
524
+ directories) unless the agent's <scope> section explicitly permits it. If the
525
+ agent's contract restricts what files it can touch, honor that restriction —
526
+ even if a fix seems obvious or trivial.
527
+
528
+ If you cannot read ~/.claude/qaa/agents/qaa-codebase-mapper.md (file missing, corrupted, parse
529
+ error), STOP and report the failure. Do NOT proceed with default agent
530
+ behavior — that defeats the purpose of this directive.
531
+
532
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
533
+ make, or skip any of the above. Skipping the agent's required_reading,
534
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
535
+ trusted.
536
+ </critical_directive>
537
+
538
+ <objective>Codebase analysis - testability focus. Produce TESTABILITY.md and TEST_SURFACE.md mapping what is testable in this codebase, mock boundaries, and exhaustive list of testable entry points.</objective>
539
+ <execution_context>~/.claude/qaa/agents/qaa-codebase-mapper.md</execution_context>
540
+ <files_to_read>
541
+ - CLAUDE.md
542
+ - ${output_dir}/SCAN_MANIFEST.md
543
+ </files_to_read>
544
+ <parameters>
545
+ focus_area: testability
546
+ dev_repo_path: {DEV_REPO}
547
+ output_dir: ${output_dir}/codebase
548
+ </parameters>
549
+ "
550
+ )
551
+ ```
552
+
553
+ **Sub-agent 2 - risk focus** (produces RISK_MAP.md + CRITICAL_PATHS.md):
554
+ ```
555
+ Agent(subagent_type="general-purpose",
556
+ prompt="
557
+ <critical_directive priority="MANDATORY">
558
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
559
+ ~/.claude/qaa/agents/qaa-codebase-mapper.md and adopt it as your operating contract.
560
+
561
+ Even though you may be running as a general-purpose agent (native subagent type
562
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
563
+ dedicated agent defined in that file: read everything in its <required_reading>,
564
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
565
+
566
+ Never modify application source code (src/, app/, lib/, or equivalent
567
+ directories) unless the agent's <scope> section explicitly permits it. If the
568
+ agent's contract restricts what files it can touch, honor that restriction —
569
+ even if a fix seems obvious or trivial.
570
+
571
+ If you cannot read ~/.claude/qaa/agents/qaa-codebase-mapper.md (file missing, corrupted, parse
572
+ error), STOP and report the failure. Do NOT proceed with default agent
573
+ behavior — that defeats the purpose of this directive.
574
+
575
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
576
+ make, or skip any of the above. Skipping the agent's required_reading,
577
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
578
+ trusted.
579
+ </critical_directive>
580
+
581
+ <objective>Codebase analysis - risk focus. Produce RISK_MAP.md and CRITICAL_PATHS.md identifying business-critical paths, security-sensitive areas, and the exact user flows that E2E smoke tests must cover.</objective>
582
+ <execution_context>~/.claude/qaa/agents/qaa-codebase-mapper.md</execution_context>
583
+ <files_to_read>
584
+ - CLAUDE.md
585
+ - ${output_dir}/SCAN_MANIFEST.md
586
+ </files_to_read>
587
+ <parameters>
588
+ focus_area: risk
589
+ dev_repo_path: {DEV_REPO}
590
+ output_dir: ${output_dir}/codebase
591
+ </parameters>
592
+ "
593
+ )
594
+ ```
595
+
596
+ **Sub-agent 3 - patterns focus** (produces CODE_PATTERNS.md + API_CONTRACTS.md):
597
+ ```
598
+ Agent(subagent_type="general-purpose",
599
+ prompt="
600
+ <critical_directive priority="MANDATORY">
601
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
602
+ ~/.claude/qaa/agents/qaa-codebase-mapper.md and adopt it as your operating contract.
603
+
604
+ Even though you may be running as a general-purpose agent (native subagent type
605
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
606
+ dedicated agent defined in that file: read everything in its <required_reading>,
607
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
608
+
609
+ Never modify application source code (src/, app/, lib/, or equivalent
610
+ directories) unless the agent's <scope> section explicitly permits it. If the
611
+ agent's contract restricts what files it can touch, honor that restriction —
612
+ even if a fix seems obvious or trivial.
613
+
614
+ If you cannot read ~/.claude/qaa/agents/qaa-codebase-mapper.md (file missing, corrupted, parse
615
+ error), STOP and report the failure. Do NOT proceed with default agent
616
+ behavior — that defeats the purpose of this directive.
617
+
618
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
619
+ make, or skip any of the above. Skipping the agent's required_reading,
620
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
621
+ trusted.
622
+ </critical_directive>
623
+
624
+ <objective>Codebase analysis - patterns focus. Produce CODE_PATTERNS.md and API_CONTRACTS.md documenting naming conventions, import style, and exact request/response shapes for API tests.</objective>
625
+ <execution_context>~/.claude/qaa/agents/qaa-codebase-mapper.md</execution_context>
626
+ <files_to_read>
627
+ - CLAUDE.md
628
+ - ${output_dir}/SCAN_MANIFEST.md
629
+ </files_to_read>
630
+ <parameters>
631
+ focus_area: patterns
632
+ dev_repo_path: {DEV_REPO}
633
+ output_dir: ${output_dir}/codebase
634
+ </parameters>
635
+ "
636
+ )
637
+ ```
638
+
639
+ **Sub-agent 4 - existing-tests focus** (produces TEST_ASSESSMENT.md + COVERAGE_GAPS.md):
640
+ ```
641
+ Agent(subagent_type="general-purpose",
642
+ prompt="
643
+ <critical_directive priority="MANDATORY">
644
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
645
+ ~/.claude/qaa/agents/qaa-codebase-mapper.md and adopt it as your operating contract.
646
+
647
+ Even though you may be running as a general-purpose agent (native subagent type
648
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
649
+ dedicated agent defined in that file: read everything in its <required_reading>,
650
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
651
+
652
+ Never modify application source code (src/, app/, lib/, or equivalent
653
+ directories) unless the agent's <scope> section explicitly permits it. If the
654
+ agent's contract restricts what files it can touch, honor that restriction —
655
+ even if a fix seems obvious or trivial.
656
+
657
+ If you cannot read ~/.claude/qaa/agents/qaa-codebase-mapper.md (file missing, corrupted, parse
658
+ error), STOP and report the failure. Do NOT proceed with default agent
659
+ behavior — that defeats the purpose of this directive.
660
+
661
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
662
+ make, or skip any of the above. Skipping the agent's required_reading,
663
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
664
+ trusted.
665
+ </critical_directive>
666
+
667
+ <objective>Codebase analysis - existing-tests focus. Produce TEST_ASSESSMENT.md and COVERAGE_GAPS.md assessing current test quality, frameworks in use, and identifying which modules/functions/paths have no test coverage.</objective>
668
+ <execution_context>~/.claude/qaa/agents/qaa-codebase-mapper.md</execution_context>
669
+ <files_to_read>
670
+ - CLAUDE.md
671
+ - ${output_dir}/SCAN_MANIFEST.md
672
+ </files_to_read>
673
+ <parameters>
674
+ focus_area: existing-tests
675
+ dev_repo_path: {DEV_REPO}
676
+ output_dir: ${output_dir}/codebase
677
+ </parameters>
678
+ "
679
+ )
680
+ ```
681
+
682
+ **Verify codebase docs exist:**
683
+ ```bash
684
+ docs_count=$(ls ${output_dir}/codebase/*.md 2>/dev/null | wc -l)
685
+ echo "Codebase docs produced: $docs_count of 8 expected"
686
+
687
+ if [ "$docs_count" -eq 0 ]; then
688
+ echo "FAIL: No codebase docs produced. Pipeline continues with degraded context."
689
+ node bin/qaa-tools.cjs state patch --"Map Status" failed 2>/dev/null || true
690
+ elif [ "$docs_count" -lt 4 ]; then
691
+ echo "WARNING: Fewer than 4 codebase docs produced. Downstream agents will have limited context."
692
+ node bin/qaa-tools.cjs state patch --"Map Status" "partial" 2>/dev/null || true
693
+ else
694
+ echo "OK: codebase map sufficient ($docs_count docs)"
695
+ node bin/qaa-tools.cjs state patch --"Map Status" complete 2>/dev/null || true
696
+ fi
697
+ ```
698
+
699
+ **Codebase map is non-blocking:** if zero docs are produced, the pipeline continues with degraded context (downstream agents fall back to whatever they can find). All `<files_to_read>` references to codebase docs in subsequent stages use `(if exists)` semantics.
700
+
701
+ </step>
702
+
274
703
  <step name="research">
275
704
 
276
- ## Step 3b: Research Testing Ecosystem
705
+ ## Step 3c: Research Testing Ecosystem
277
706
 
278
707
  **State update -- mark research as running:**
279
708
  ```bash
@@ -283,7 +712,7 @@ node bin/qaa-tools.cjs state patch --"Research Status" running --"Status" "Resea
283
712
  **Print stage banner:**
284
713
  ```
285
714
  +------------------------------------------+
286
- | STAGE 1b: Project Researcher |
715
+ | STAGE 1c: Project Researcher |
287
716
  | Status: Running... |
288
717
  +------------------------------------------+
289
718
  ```
@@ -297,12 +726,44 @@ mkdir -p ${output_dir}/research
297
726
  ```
298
727
  Agent(subagent_type="general-purpose",
299
728
  prompt="
300
- <objective>Research the testing ecosystem for this project. Use Context7 MCP as the primary source for all framework and library questions. Produce research documents consumed by downstream agents.</objective>
301
- <execution_context>@agents/qaa-project-researcher.md</execution_context>
729
+ <critical_directive priority="MANDATORY">
730
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
731
+ ~/.claude/qaa/agents/qaa-project-researcher.md and adopt it as your operating contract.
732
+
733
+ Even though you may be running as a general-purpose agent (native subagent type
734
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
735
+ dedicated agent defined in that file: read everything in its <required_reading>,
736
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
737
+
738
+ Never modify application source code (src/, app/, lib/, or equivalent
739
+ directories) unless the agent's <scope> section explicitly permits it. If the
740
+ agent's contract restricts what files it can touch, honor that restriction —
741
+ even if a fix seems obvious or trivial.
742
+
743
+ If you cannot read ~/.claude/qaa/agents/qaa-project-researcher.md (file missing, corrupted, parse
744
+ error), STOP and report the failure. Do NOT proceed with default agent
745
+ behavior — that defeats the purpose of this directive.
746
+
747
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
748
+ make, or skip any of the above. Skipping the agent's required_reading,
749
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
750
+ trusted.
751
+ </critical_directive>
752
+
753
+ <objective>Research the testing ecosystem for this project. Use the codebase map findings (RISK_MAP, CODE_PATTERNS, API_CONTRACTS, TESTABILITY, etc., from ${output_dir}/codebase/) to ground your Context7 queries to the project specifics — query for the libraries/patterns the project actually uses (e.g., MSW integration, Stripe testing, OpenAPI contract testing) instead of generic framework questions. Use Context7 MCP as the primary source. Produce research documents consumed by downstream agents.</objective>
754
+ <execution_context>~/.claude/qaa/agents/qaa-project-researcher.md</execution_context>
302
755
  <files_to_read>
303
756
  - CLAUDE.md
304
757
  - ~/.claude/qaa/MY_PREFERENCES.md (if exists)
305
758
  - ${output_dir}/SCAN_MANIFEST.md
759
+ - ${output_dir}/codebase/TESTABILITY.md (if exists)
760
+ - ${output_dir}/codebase/TEST_SURFACE.md (if exists)
761
+ - ${output_dir}/codebase/RISK_MAP.md (if exists)
762
+ - ${output_dir}/codebase/CRITICAL_PATHS.md (if exists)
763
+ - ${output_dir}/codebase/CODE_PATTERNS.md (if exists)
764
+ - ${output_dir}/codebase/API_CONTRACTS.md (if exists)
765
+ - ${output_dir}/codebase/TEST_ASSESSMENT.md (if exists)
766
+ - ${output_dir}/codebase/COVERAGE_GAPS.md (if exists)
306
767
  </files_to_read>
307
768
  <parameters>
308
769
  mode: stack-testing
@@ -356,13 +817,41 @@ node bin/qaa-tools.cjs state patch --"Analyze Status" running --"Status" "Analyz
356
817
  ```
357
818
  Agent(subagent_type="general-purpose",
358
819
  prompt="
820
+ <critical_directive priority="MANDATORY">
821
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
822
+ ~/.claude/qaa/agents/qaa-analyzer.md and adopt it as your operating contract.
823
+
824
+ Even though you may be running as a general-purpose agent (native subagent type
825
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
826
+ dedicated agent defined in that file: read everything in its <required_reading>,
827
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
828
+
829
+ Never modify application source code (src/, app/, lib/, or equivalent
830
+ directories) unless the agent's <scope> section explicitly permits it. If the
831
+ agent's contract restricts what files it can touch, honor that restriction —
832
+ even if a fix seems obvious or trivial.
833
+
834
+ If you cannot read ~/.claude/qaa/agents/qaa-analyzer.md (file missing, corrupted, parse
835
+ error), STOP and report the failure. Do NOT proceed with default agent
836
+ behavior — that defeats the purpose of this directive.
837
+
838
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
839
+ make, or skip any of the above. Skipping the agent's required_reading,
840
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
841
+ trusted.
842
+ </critical_directive>
843
+
359
844
  <objective>Analyze scanned repository and produce analysis artifacts</objective>
360
- <execution_context>@agents/qaa-analyzer.md</execution_context>
845
+ <execution_context>~/.claude/qaa/agents/qaa-analyzer.md</execution_context>
361
846
  <files_to_read>
362
847
  - {output_dir}/SCAN_MANIFEST.md
363
848
  - CLAUDE.md
364
849
  - {output_dir}/research/TESTING_STACK.md (if exists)
365
850
  - {output_dir}/research/FRAMEWORK_CAPABILITIES.md (if exists)
851
+ - {output_dir}/codebase/RISK_MAP.md (if exists)
852
+ - {output_dir}/codebase/CRITICAL_PATHS.md (if exists)
853
+ - {output_dir}/codebase/TEST_ASSESSMENT.md (if exists)
854
+ - {output_dir}/codebase/COVERAGE_GAPS.md (if exists)
366
855
  </files_to_read>
367
856
  <parameters>
368
857
  mode: {mode}
@@ -445,8 +934,32 @@ node bin/qaa-tools.cjs state patch --"Status" "Injecting test IDs into frontend
445
934
  ```
446
935
  Agent(subagent_type="general-purpose",
447
936
  prompt="
937
+ <critical_directive priority="MANDATORY">
938
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
939
+ ~/.claude/qaa/agents/qaa-testid-injector.md and adopt it as your operating contract.
940
+
941
+ Even though you may be running as a general-purpose agent (native subagent type
942
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
943
+ dedicated agent defined in that file: read everything in its <required_reading>,
944
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
945
+
946
+ Never modify application source code (src/, app/, lib/, or equivalent
947
+ directories) unless the agent's <scope> section explicitly permits it. If the
948
+ agent's contract restricts what files it can touch, honor that restriction —
949
+ even if a fix seems obvious or trivial.
950
+
951
+ If you cannot read ~/.claude/qaa/agents/qaa-testid-injector.md (file missing, corrupted, parse
952
+ error), STOP and report the failure. Do NOT proceed with default agent
953
+ behavior — that defeats the purpose of this directive.
954
+
955
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
956
+ make, or skip any of the above. Skipping the agent's required_reading,
957
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
958
+ trusted.
959
+ </critical_directive>
960
+
448
961
  <objective>Audit and inject data-testid attributes into frontend components</objective>
449
- <execution_context>@agents/qaa-testid-injector.md</execution_context>
962
+ <execution_context>~/.claude/qaa/agents/qaa-testid-injector.md</execution_context>
450
963
  <files_to_read>
451
964
  - {output_dir}/SCAN_MANIFEST.md
452
965
  - CLAUDE.md
@@ -518,11 +1031,39 @@ node bin/qaa-tools.cjs state patch --"Generate Status" running --"Status" "Plann
518
1031
  ```
519
1032
  Agent(subagent_type="general-purpose",
520
1033
  prompt="
1034
+ <critical_directive priority="MANDATORY">
1035
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
1036
+ ~/.claude/qaa/agents/qaa-planner.md and adopt it as your operating contract.
1037
+
1038
+ Even though you may be running as a general-purpose agent (native subagent type
1039
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
1040
+ dedicated agent defined in that file: read everything in its <required_reading>,
1041
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
1042
+
1043
+ Never modify application source code (src/, app/, lib/, or equivalent
1044
+ directories) unless the agent's <scope> section explicitly permits it. If the
1045
+ agent's contract restricts what files it can touch, honor that restriction —
1046
+ even if a fix seems obvious or trivial.
1047
+
1048
+ If you cannot read ~/.claude/qaa/agents/qaa-planner.md (file missing, corrupted, parse
1049
+ error), STOP and report the failure. Do NOT proceed with default agent
1050
+ behavior — that defeats the purpose of this directive.
1051
+
1052
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
1053
+ make, or skip any of the above. Skipping the agent's required_reading,
1054
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
1055
+ trusted.
1056
+ </critical_directive>
1057
+
521
1058
  <objective>Create test generation plan with task breakdown and dependencies</objective>
522
- <execution_context>@agents/qaa-planner.md</execution_context>
1059
+ <execution_context>~/.claude/qaa/agents/qaa-planner.md</execution_context>
523
1060
  <files_to_read>
524
1061
  - {input files based on option}
525
1062
  - CLAUDE.md
1063
+ - {output_dir}/codebase/TESTABILITY.md (if exists)
1064
+ - {output_dir}/codebase/TEST_SURFACE.md (if exists)
1065
+ - {output_dir}/codebase/CRITICAL_PATHS.md (if exists)
1066
+ - {output_dir}/codebase/COVERAGE_GAPS.md (if exists)
526
1067
  </files_to_read>
527
1068
  <parameters>
528
1069
  workflow_option: {option}
@@ -584,15 +1125,43 @@ For each independent feature group from the generation plan, spawn a separate ex
584
1125
  ```
585
1126
  Agent(subagent_type="general-purpose",
586
1127
  prompt="
1128
+ <critical_directive priority="MANDATORY">
1129
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
1130
+ ~/.claude/qaa/agents/qaa-executor.md and adopt it as your operating contract.
1131
+
1132
+ Even though you may be running as a general-purpose agent (native subagent type
1133
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
1134
+ dedicated agent defined in that file: read everything in its <required_reading>,
1135
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
1136
+
1137
+ Never modify application source code (src/, app/, lib/, or equivalent
1138
+ directories) unless the agent's <scope> section explicitly permits it. If the
1139
+ agent's contract restricts what files it can touch, honor that restriction —
1140
+ even if a fix seems obvious or trivial.
1141
+
1142
+ If you cannot read ~/.claude/qaa/agents/qaa-executor.md (file missing, corrupted, parse
1143
+ error), STOP and report the failure. Do NOT proceed with default agent
1144
+ behavior — that defeats the purpose of this directive.
1145
+
1146
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
1147
+ make, or skip any of the above. Skipping the agent's required_reading,
1148
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
1149
+ trusted.
1150
+ </critical_directive>
1151
+
587
1152
  <objective>Generate test files for {feature} feature</objective>
588
- <execution_context>@agents/qaa-executor.md</execution_context>
1153
+ <execution_context>~/.claude/qaa/agents/qaa-executor.md</execution_context>
589
1154
  <files_to_read>
590
1155
  - {output_dir}/GENERATION_PLAN.md
591
1156
  - {output_dir}/TEST_INVENTORY.md (Option 1) or {output_dir}/GAP_ANALYSIS.md (Options 2/3)
592
1157
  - CLAUDE.md
1158
+ - frameworks/{detected_framework}.json (registry metadata for conventions, extensions, context7_keys)
593
1159
  - {output_dir}/research/FRAMEWORK_CAPABILITIES.md (if exists)
594
1160
  - {output_dir}/research/E2E_STRATEGY.md (if exists)
595
1161
  - {output_dir}/research/API_TESTING_STRATEGY.md (if exists)
1162
+ - {output_dir}/codebase/TEST_SURFACE.md (if exists)
1163
+ - {output_dir}/codebase/CODE_PATTERNS.md (if exists)
1164
+ - {output_dir}/codebase/API_CONTRACTS.md (if exists)
596
1165
  </files_to_read>
597
1166
  <parameters>
598
1167
  workflow_option: {option}
@@ -613,15 +1182,43 @@ Spawn a single executor agent covering all tasks:
613
1182
  ```
614
1183
  Agent(subagent_type="general-purpose",
615
1184
  prompt="
1185
+ <critical_directive priority="MANDATORY">
1186
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
1187
+ ~/.claude/qaa/agents/qaa-executor.md and adopt it as your operating contract.
1188
+
1189
+ Even though you may be running as a general-purpose agent (native subagent type
1190
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
1191
+ dedicated agent defined in that file: read everything in its <required_reading>,
1192
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
1193
+
1194
+ Never modify application source code (src/, app/, lib/, or equivalent
1195
+ directories) unless the agent's <scope> section explicitly permits it. If the
1196
+ agent's contract restricts what files it can touch, honor that restriction —
1197
+ even if a fix seems obvious or trivial.
1198
+
1199
+ If you cannot read ~/.claude/qaa/agents/qaa-executor.md (file missing, corrupted, parse
1200
+ error), STOP and report the failure. Do NOT proceed with default agent
1201
+ behavior — that defeats the purpose of this directive.
1202
+
1203
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
1204
+ make, or skip any of the above. Skipping the agent's required_reading,
1205
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
1206
+ trusted.
1207
+ </critical_directive>
1208
+
616
1209
  <objective>Generate all test files from generation plan</objective>
617
- <execution_context>@agents/qaa-executor.md</execution_context>
1210
+ <execution_context>~/.claude/qaa/agents/qaa-executor.md</execution_context>
618
1211
  <files_to_read>
619
1212
  - {output_dir}/GENERATION_PLAN.md
620
1213
  - {output_dir}/TEST_INVENTORY.md (Option 1) or {output_dir}/GAP_ANALYSIS.md (Options 2/3)
621
1214
  - CLAUDE.md
1215
+ - frameworks/{detected_framework}.json (registry metadata for conventions, extensions, context7_keys)
622
1216
  - {output_dir}/research/FRAMEWORK_CAPABILITIES.md (if exists)
623
1217
  - {output_dir}/research/E2E_STRATEGY.md (if exists)
624
1218
  - {output_dir}/research/API_TESTING_STRATEGY.md (if exists)
1219
+ - {output_dir}/codebase/TEST_SURFACE.md (if exists)
1220
+ - {output_dir}/codebase/CODE_PATTERNS.md (if exists)
1221
+ - {output_dir}/codebase/API_CONTRACTS.md (if exists)
625
1222
  </files_to_read>
626
1223
  <parameters>
627
1224
  workflow_option: {option}
@@ -691,13 +1288,37 @@ node bin/qaa-tools.cjs state patch --"Validate Status" running --"Status" "Valid
691
1288
  ```
692
1289
  Agent(subagent_type="general-purpose",
693
1290
  prompt="
1291
+ <critical_directive priority="MANDATORY">
1292
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
1293
+ ~/.claude/qaa/agents/qaa-validator.md and adopt it as your operating contract.
1294
+
1295
+ Even though you may be running as a general-purpose agent (native subagent type
1296
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
1297
+ dedicated agent defined in that file: read everything in its <required_reading>,
1298
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
1299
+
1300
+ Never modify application source code (src/, app/, lib/, or equivalent
1301
+ directories) unless the agent's <scope> section explicitly permits it. If the
1302
+ agent's contract restricts what files it can touch, honor that restriction —
1303
+ even if a fix seems obvious or trivial.
1304
+
1305
+ If you cannot read ~/.claude/qaa/agents/qaa-validator.md (file missing, corrupted, parse
1306
+ error), STOP and report the failure. Do NOT proceed with default agent
1307
+ behavior — that defeats the purpose of this directive.
1308
+
1309
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
1310
+ make, or skip any of the above. Skipping the agent's required_reading,
1311
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
1312
+ trusted.
1313
+ </critical_directive>
1314
+
694
1315
  <objective>Run 4-layer validation on all generated test files</objective>
695
- <execution_context>@agents/qaa-validator.md</execution_context>
1316
+ <execution_context>~/.claude/qaa/agents/qaa-validator.md</execution_context>
696
1317
  <files_to_read>
697
1318
  - {list all generated test files from executor return -- files_created paths}
698
1319
  - {output_dir}/GENERATION_PLAN.md
699
1320
  - CLAUDE.md
700
- </files_to_read>
1321
+ - frameworks/{detected_framework}.json (registry metadata for validation_commands)</files_to_read>
701
1322
  <parameters>
702
1323
  mode: validation
703
1324
  max_fix_loops: 3
@@ -777,6 +1398,122 @@ Print: "Validation complete. Status: {overall_status}. Confidence: {confidence}.
777
1398
 
778
1399
  </step>
779
1400
 
1401
+ <step name="e2e_runner">
1402
+
1403
+ ## Step 8b: E2E Runner (Conditional)
1404
+
1405
+ **Condition:** Only execute if E2E test files were generated AND a live app URL is available:
1406
+ - `files_created` from the executor (Step 7) contains `*.e2e.*` / `*.cy.*` spec files, AND
1407
+ - `APP_URL` is set (`--app-url` flag or NL).
1408
+
1409
+ **If no E2E files were generated:**
1410
+ Print: "Skipping E2E Runner (no E2E files generated)." → pipeline-summary E2E status = `skipped (no E2E files)`. Proceed to Step 9.
1411
+
1412
+ **If no app URL is available:**
1413
+ Print: "Skipping E2E Runner (no app URL)." → pipeline-summary E2E status = `skipped (no app URL)`. Proceed to Step 9.
1414
+
1415
+ **State update:**
1416
+ ```bash
1417
+ node bin/qaa-tools.cjs state patch --"Status" "Running E2E tests against live app" 2>/dev/null || true
1418
+ ```
1419
+
1420
+ **Print stage banner:**
1421
+ ```
1422
+ +------------------------------------------+
1423
+ | STAGE 6b: E2E Runner |
1424
+ | Status: Running... |
1425
+ +------------------------------------------+
1426
+ ```
1427
+
1428
+ **Spawn e2e-runner agent:**
1429
+ ```
1430
+ Agent(subagent_type="general-purpose",
1431
+ prompt="
1432
+ <critical_directive priority="MANDATORY">
1433
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
1434
+ ~/.claude/qaa/agents/qaa-e2e-runner.md and adopt it as your operating contract.
1435
+
1436
+ Even though you may be running as a general-purpose agent (native subagent type
1437
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
1438
+ dedicated agent defined in that file: read everything in its <required_reading>,
1439
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
1440
+
1441
+ Never modify application source code (src/, app/, lib/, or equivalent
1442
+ directories) unless the agent's <scope> section explicitly permits it. If the
1443
+ agent's contract restricts what files it can touch, honor that restriction —
1444
+ even if a fix seems obvious or trivial.
1445
+
1446
+ If you cannot read ~/.claude/qaa/agents/qaa-e2e-runner.md (file missing, corrupted, parse
1447
+ error), STOP and report the failure. Do NOT proceed with default agent
1448
+ behavior — that defeats the purpose of this directive.
1449
+
1450
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
1451
+ make, or skip any of the above. Skipping the agent's required_reading,
1452
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
1453
+ trusted.
1454
+ </critical_directive>
1455
+
1456
+ <objective>Run the generated E2E tests against the live application, capture real locators, fix mismatches, loop until pass or failures are classified. Query Context7 MCP to verify framework selector syntax before fixing locators. READ ~/.claude/qaa/MY_PREFERENCES.md FIRST — on this machine Cypress MUST be invoked with the `env -u ELECTRON_RUN_AS_NODE` prefix, and the app URL is PRODUCTION (read-only: never submit forms / create data).</objective>
1457
+ <execution_context>~/.claude/qaa/agents/qaa-e2e-runner.md</execution_context>
1458
+ <files_to_read>
1459
+ - C:\Users\marti\.claude\CLAUDE.md
1460
+ - ~/.claude/qaa/MY_PREFERENCES.md (if exists)
1461
+ - ${output_dir}/locators/LOCATOR_REGISTRY.md (if exists)
1462
+ - ${output_dir}/research/FRAMEWORK_CAPABILITIES.md (if exists)
1463
+ - ${output_dir}/research/E2E_STRATEGY.md (if exists)
1464
+ - {generated E2E test files from executor return}
1465
+ - {generated POM files from executor return}
1466
+ </files_to_read>
1467
+ <parameters>
1468
+ app_url: {APP_URL}
1469
+ output_dir: ${output_dir}
1470
+ dev_repo_path: {DEV_REPO}
1471
+ </parameters>
1472
+ "
1473
+ )
1474
+ ```
1475
+
1476
+ **Parse e2e-runner return:**
1477
+ ```
1478
+ E2E_RUNNER_COMPLETE:
1479
+ app_url: "..."
1480
+ total_tests: N
1481
+ passed: N
1482
+ failed: N
1483
+ locator_fixes: N
1484
+ app_bugs_found: N
1485
+ fix_loops_used: N
1486
+ runner_executed: true | false
1487
+ runner_exit_code: N
1488
+ runner_status: OK | BROKEN
1489
+ report_path: "..."
1490
+ screenshots: [...]
1491
+ ```
1492
+
1493
+ **Transition: validate → e2e-runner → { bug-detective | deliver | HALT }.**
1494
+
1495
+ **HARD STOP on broken runner (#47/#48):** If the e2e-runner returns `runner_executed: false` (or `runner_status: BROKEN`, or an ENVIRONMENT ISSUE — e.g. Cypress not installed, binary cannot launch), the test runner could not execute. **HALT the pipeline** — do NOT advance to bug-detective and do NOT advance to deliver:
1496
+ ```bash
1497
+ node bin/qaa-tools.cjs state patch --"Status" "Pipeline halted: E2E runner unavailable (env issue)" 2>/dev/null || true
1498
+ ```
1499
+ - Set the pipeline-summary E2E Runner row to `halted (runner unavailable — env issue)`.
1500
+ - Print the halt banner (see Error Handling) and STOP. A DOM probe is NEVER accepted as a substitute for a real run; if the report presents probe evidence as "verified" while `runner_executed: false`, treat the run as INVALID.
1501
+
1502
+ **Otherwise (`runner_executed: true`):**
1503
+ - Pipeline-summary E2E Runner status = `{passed}/{total_tests} passed ({fix_loops_used} fix loops)`.
1504
+ - If `app_bugs_found > 0`: surface the application bugs to the user (developer action required; the e2e-runner never modifies app code), then continue.
1505
+ - If `failed > 0` and `app_bugs_found == 0`: proceed to Step 9 (Bug Detective) for classification.
1506
+ - Else: proceed to Step 10 (Deliver).
1507
+
1508
+ **Verify artifact exists:**
1509
+ ```bash
1510
+ [ -f "${output_dir}/E2E_RUN_REPORT.md" ] && echo "OK" || echo "MISSING: E2E_RUN_REPORT.md"
1511
+ ```
1512
+
1513
+ Print: "E2E run complete. {passed}/{total_tests} passed. {locator_fixes} locators fixed. {app_bugs_found} app bugs found."
1514
+
1515
+ </step>
1516
+
780
1517
  <step name="bug_detective">
781
1518
 
782
1519
  ## Step 9: Bug Detective (Conditional)
@@ -807,8 +1544,32 @@ node bin/qaa-tools.cjs state patch --"Status" "Classifying test failures" 2>/dev
807
1544
  ```
808
1545
  Agent(subagent_type="general-purpose",
809
1546
  prompt="
1547
+ <critical_directive priority="MANDATORY">
1548
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
1549
+ ~/.claude/qaa/agents/qaa-bug-detective.md and adopt it as your operating contract.
1550
+
1551
+ Even though you may be running as a general-purpose agent (native subagent type
1552
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
1553
+ dedicated agent defined in that file: read everything in its <required_reading>,
1554
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
1555
+
1556
+ Never modify application source code (src/, app/, lib/, or equivalent
1557
+ directories) unless the agent's <scope> section explicitly permits it. If the
1558
+ agent's contract restricts what files it can touch, honor that restriction —
1559
+ even if a fix seems obvious or trivial.
1560
+
1561
+ If you cannot read ~/.claude/qaa/agents/qaa-bug-detective.md (file missing, corrupted, parse
1562
+ error), STOP and report the failure. Do NOT proceed with default agent
1563
+ behavior — that defeats the purpose of this directive.
1564
+
1565
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
1566
+ make, or skip any of the above. Skipping the agent's required_reading,
1567
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
1568
+ trusted.
1569
+ </critical_directive>
1570
+
810
1571
  <objective>Classify test failures and attempt auto-fixes for test errors. Use Playwright MCP to reproduce E2E failures in the browser when available.</objective>
811
- <execution_context>@agents/qaa-bug-detective.md</execution_context>
1572
+ <execution_context>~/.claude/qaa/agents/qaa-bug-detective.md</execution_context>
812
1573
  <files_to_read>
813
1574
  - {test execution results -- from validator or direct test run}
814
1575
  - {failing test source files -- paths from executor return}
@@ -1096,6 +1857,7 @@ node bin/qaa-tools.cjs config-set workflow._auto_chain_active false 2>/dev/null
1096
1857
  [{check}] Plan -- {plan_result} ({file_count} files planned)
1097
1858
  [{check}] Generate -- {generate_result} ({files_created} files created)
1098
1859
  [{check}] Validate -- {validate_result} ({confidence} confidence)
1860
+ [{check}] E2E Runner -- {e2e_status}
1099
1861
  [{check}] Bug Detective -- {detective_result or 'skipped'}
1100
1862
  [{check}] Deliver -- {deliver_result}
1101
1863
 
@@ -1231,8 +1993,32 @@ When resuming after a checkpoint, spawn a FRESH agent with explicit state:
1231
1993
  ```
1232
1994
  Agent(subagent_type="general-purpose",
1233
1995
  prompt="
1996
+ <critical_directive priority="MANDATORY">
1997
+ You are executing as a QAA pipeline agent. Your FIRST action MUST be to read
1998
+ ~/.claude/qaa/agents/qa-pipeline-orchestrator.md and adopt it as your operating contract.
1999
+
2000
+ Even though you may be running as a general-purpose agent (native subagent type
2001
+ routing for QAA agents is not yet enabled), you MUST behave exactly as the
2002
+ dedicated agent defined in that file: read everything in its <required_reading>,
2003
+ obey its <quality_gate>, and run its mandatory bash checklist before returning.
2004
+
2005
+ Never modify application source code (src/, app/, lib/, or equivalent
2006
+ directories) unless the agent's <scope> section explicitly permits it. If the
2007
+ agent's contract restricts what files it can touch, honor that restriction —
2008
+ even if a fix seems obvious or trivial.
2009
+
2010
+ If you cannot read ~/.claude/qaa/agents/qa-pipeline-orchestrator.md (file missing, corrupted, parse
2011
+ error), STOP and report the failure. Do NOT proceed with default agent
2012
+ behavior — that defeats the purpose of this directive.
2013
+
2014
+ Do NOT improvise, substitute steps, apply changes the agent isn't allowed to
2015
+ make, or skip any of the above. Skipping the agent's required_reading,
2016
+ quality_gate, or bash checklist makes the run INVALID — its output cannot be
2017
+ trusted.
2018
+ </critical_directive>
2019
+
1234
2020
  <objective>Continue QA pipeline from {stage} stage</objective>
1235
- <execution_context>@agents/qa-pipeline-orchestrator.md</execution_context>
2021
+ <execution_context>~/.claude/qaa/agents/qa-pipeline-orchestrator.md</execution_context>
1236
2022
  <resume_context>
1237
2023
  Pipeline state:
1238
2024
  - Completed stages: {list of completed stages with their results}