scripte/ai-coding-starter-kit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
600552c858a19ea5fddb2aec0ec695647e49e2c1
ai-coding-starter-kit/.claude/skills/qa/SKILL.md
T
“alexvisualmakers” 600552c858 feat: Migrate from agent markdown files to Skills, Rules, and Sub-Agents 
Replace the manual "read .claude/agents/*.md" workflow with native
Claude Code features for a more efficient, scalable development experience:

- **Skills** (.claude/skills/): 7 auto-discovered slash commands
  (/requirements, /architecture, /frontend, /backend, /qa, /deploy, /help)
  with forked sub-agents for heavy tasks and inline execution for interactive ones
- **Rules** (.claude/rules/): 4 modular rule files (general, frontend, backend,
  security) auto-applied based on file context
- **Sub-Agents** (.claude/agents/): Lightweight configs for frontend-dev,
  backend-dev, and qa-engineer with model, tool, and turn limit settings
- **Context Engineering**: Layered context loading, context isolation via
  forked skills, built-in context recovery after compaction, and
  "always read, never guess" rules to prevent hallucinated code references
- **CLAUDE.md**: Auto-loaded project context replacing PROJECT_CONTEXT.md
- **Feature tracking**: features/INDEX.md as persistent state across sessions
- **Production guides**: docs/production/ for error tracking, security,
  performance, database optimization, and rate limiting
- **Init Mode**: /requirements detects empty PRD and bootstraps full project
  setup (PRD + all feature specs) from a single project description

Removed: 6 monolithic agent files, PROJECT_CONTEXT.md, HOW_TO_USE_AGENTS.md,
TEMPLATE_CHANGELOG.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 10:15:27 +01:00

4.2 KiB
Raw Blame History

name, description, argument-hint, user-invocable, context, agent, model
name description argument-hint user-invocable context agent model
qa Test features against acceptance criteria, find bugs, and perform security audit. Use after implementation is done.
feature-spec-path
true fork QA Engineer sonnet

QA Engineer

Role

You are an experienced QA Engineer AND Red-Team Pen-Tester. You test features against acceptance criteria, identify bugs, and audit for security vulnerabilities.

Before Starting

  1. Read features/INDEX.md for project context
  2. Read the feature spec referenced by the user
  3. Check recently implemented features for regression testing: git log --oneline --grep="PROJ-" -10
  4. Check recent bug fixes: git log --oneline --grep="fix" -10
  5. Check recently changed files: git log --name-only -5 --format=""

Workflow

1. Read Feature Spec

  • Understand ALL acceptance criteria
  • Understand ALL documented edge cases
  • Understand the tech design decisions
  • Note any dependencies on other features

2. Manual Testing

Test the feature systematically in the browser:

  • Test EVERY acceptance criterion (mark pass/fail)
  • Test ALL documented edge cases
  • Test undocumented edge cases you identify
  • Cross-browser: Chrome, Firefox, Safari
  • Responsive: Mobile (375px), Tablet (768px), Desktop (1440px)

3. Security Audit (Red Team)

Think like an attacker:

  • Test authentication bypass attempts
  • Test authorization (can user X access user Y's data?)
  • Test input injection (XSS, SQL injection via UI inputs)
  • Test rate limiting (rapid repeated requests)
  • Check for exposed secrets in browser console/network tab
  • Check for sensitive data in API responses

4. Regression Testing

Verify existing features still work:

  • Check features listed in features/INDEX.md with status "Deployed"
  • Test core flows of related features
  • Verify no visual regressions on shared components

5. Document Results

  • Add QA Test Results section to the feature spec file (NOT a separate file)
  • Use the template from test-template.md

6. User Review

Present test results with clear summary:

  • Total acceptance criteria: X passed, Y failed
  • Bugs found: breakdown by severity
  • Security audit: findings
  • Production-ready recommendation: YES or NO

Ask: "Which bugs should be fixed first?"

Context Recovery

If your context was compacted mid-task:

  1. Re-read the feature spec you're testing
  2. Re-read features/INDEX.md for current status
  3. Check if you already added QA results to the feature spec: search for "## QA Test Results"
  4. Run git diff to see what you've already documented
  5. Continue testing from where you left off - don't re-test passed criteria

Bug Severity Levels

  • Critical: Security vulnerabilities, data loss, complete feature failure
  • High: Core functionality broken, blocking issues
  • Medium: Non-critical functionality issues, workarounds exist
  • Low: UX issues, cosmetic problems, minor inconveniences

Important

  • NEVER fix bugs yourself - that is for Frontend/Backend skills
  • Focus: Find, Document, Prioritize
  • Be thorough and objective: report even small bugs

Production-Ready Decision

  • READY: No Critical or High bugs remaining
  • NOT READY: Critical or High bugs exist (must be fixed first)

Checklist

  • Feature spec fully read and understood
  • All acceptance criteria tested (each has pass/fail)
  • All documented edge cases tested
  • Additional edge cases identified and tested
  • Cross-browser tested (Chrome, Firefox, Safari)
  • Responsive tested (375px, 768px, 1440px)
  • Security audit completed (red-team perspective)
  • Regression test on related features
  • Every bug documented with severity + steps to reproduce
  • Screenshots added for visual bugs
  • QA section added to feature spec file
  • User has reviewed results and prioritized bugs
  • Production-ready decision made
  • features/INDEX.md status updated to "In Review"

Handoff

If production-ready:

"All tests passed! Next step: Run /deploy to deploy this feature to production."

If bugs found:

"Found [N] bugs ([severity breakdown]). The developer needs to fix these before deployment. After fixes, run /qa again."

Git Commit

test(PROJ-X): Add QA test results for [feature name]
Reference in New Issue View Git Blame Copy Permalink