05b6d799f0
Three more learnings from alirezarezvani/claude-skills, applied: 1. SkillCheck validator (scripts/skillcheck.mjs) — validates every SKILL.md against the authoring standard (frontmatter, name/folder match, trigger + produces clauses, required headings) plus tier referential integrity. Errors fail CI; --strict fails on warnings too. New skillcheck.yml workflow and a SkillCheck status badge in the README. Current: 0 errors / 14 advisory warnings across 172 skills. 2. Cursor export platform — build-exports.mjs now generates exports/cursor/<bundle>/<skill>/<skill>.mdc rule files. The PLATFORMS registry now supports per-skill filenames (file as a function). 3. Per-agent installers — scripts/install.sh unifies install for claude/hermes/codex/openclaw/cursor (--link, --target, --dry-run, --list). Curl-able one-liners codex-install.sh, openclaw-install.sh, and cursor-install.sh clone the library and install in a single command. README documents the one-line installs and Cursor exports; CHANGELOG and the authoring standard updated. Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px Co-authored-by: Claude <noreply@anthropic.com>
140 lines
6.3 KiB
Plaintext
140 lines
6.3 KiB
Plaintext
---
|
||
description: "Write a test strategy document from a feature spec, PRD, or system description. Use when asked to create a test plan, write a test strategy, define QA approach, or plan testing for a feature or release. Produces a complete test strategy with scope, risk assessment, test types, coverage targets, and a prioritised test case outline."
|
||
globs:
|
||
alwaysApply: false
|
||
---
|
||
|
||
# Test Strategy Document Skill
|
||
|
||
Produces a complete test strategy from a feature spec, PRD, or system description — covering scope, test types, risk areas, coverage requirements, and a prioritised test case outline.
|
||
|
||
## Required Inputs
|
||
|
||
Ask for these if not provided:
|
||
- **Feature or system being tested** (paste a spec, PRD, or describe it in plain English)
|
||
- **Tech stack** (language and framework — e.g. TypeScript + React, Python + FastAPI)
|
||
- **Existing test coverage** (e.g. "we have unit tests but no E2E tests", "we use Jest + Playwright already", or "starting from scratch")
|
||
- **Deployment cadence** (e.g. continuous deployment / weekly releases / quarterly — affects what must be automated vs. manual)
|
||
- **Risk level** (low / medium / high / critical — affects depth and coverage requirements)
|
||
- **Timeline** (when does this need to ship — affects prioritisation)
|
||
- **Team context** (who is doing the testing — developers / dedicated QA / both)
|
||
|
||
## Output Format
|
||
|
||
### 1. Test Scope
|
||
|
||
**In scope:**
|
||
- [Specific functionality being tested]
|
||
- [Integration points covered]
|
||
- [User-facing flows included]
|
||
|
||
**Out of scope:**
|
||
- [What is deliberately not tested here — and why]
|
||
- [Dependencies owned by other teams]
|
||
|
||
**Assumptions:**
|
||
- [What the test strategy assumes is true — e.g. mocked services, test data availability]
|
||
|
||
### 2. Risk Assessment
|
||
|
||
Identify the highest-risk areas first — these drive depth and coverage:
|
||
|
||
| Area | Risk Level | Why | Test Priority |
|
||
|---|---|---|---|
|
||
| [e.g. Payment processing] | High | Money movement, regulatory | P0 — exhaustive |
|
||
| [e.g. User authentication] | High | Security boundary | P0 — exhaustive |
|
||
| [e.g. Email notifications] | Medium | External dependency | P1 — happy path + key failures |
|
||
| [e.g. UI copy changes] | Low | Visual only, reversible | P2 — smoke only |
|
||
|
||
### 3. Test Types and Coverage
|
||
|
||
**Unit Tests**
|
||
- **What:** Individual functions and methods in isolation
|
||
- **Who writes:** Developer
|
||
- **Coverage target:** [e.g. 80% line coverage on new code / 100% on critical paths]
|
||
- **Tools:** [e.g. Jest, pytest, go test]
|
||
- **Focus areas for this feature:** [Specific logic that needs unit coverage]
|
||
|
||
**Integration Tests**
|
||
- **What:** Service interactions, database operations, API contracts
|
||
- **Who writes:** Developer / QA
|
||
- **Coverage target:** [All happy paths + key failure modes]
|
||
- **Tools:** [e.g. Supertest, pytest + testcontainers]
|
||
- **Focus areas:** [Specific integrations at risk — e.g. third-party API, DB schema changes]
|
||
|
||
**End-to-End Tests**
|
||
- **What:** Critical user journeys from browser/client to database
|
||
- **Who writes:** QA / Developer
|
||
- **Coverage target:** [Top N user journeys — list them]
|
||
- **Tools:** [e.g. Playwright, Cypress, Selenium]
|
||
- **Focus areas:** [The 3–5 most critical user flows]
|
||
|
||
**Performance Tests** *(include if any row in the Risk Assessment table has performance as a risk factor, regardless of overall risk level)*
|
||
- **What:** Load, stress, or latency testing
|
||
- **Targets:** [Specific numbers — e.g. 200 req/sec at p95 < 200ms]
|
||
- **Tools:** [e.g. k6, Locust, JMeter]
|
||
|
||
**Security Tests** *(include only if risk is high+)*
|
||
- **What:** OWASP Top 10 checks relevant to this feature
|
||
- **Focus:** [Auth bypasses, injection, data exposure]
|
||
- **Tools:** [e.g. OWASP ZAP, manual penetration testing, Snyk]
|
||
|
||
### 4. Test Case Outline
|
||
|
||
Priority-ordered list of specific test cases:
|
||
|
||
**P0 — Must pass before merge:**
|
||
| Test Case | Type | Expected Outcome |
|
||
|---|---|---|
|
||
| [e.g. User can log in with valid credentials] | E2E | [Redirect to dashboard, session created] |
|
||
| [e.g. Invalid login returns 401] | Integration | [Error message displayed, no session] |
|
||
| [e.g. Password is never stored in plain text] | Unit | [bcrypt hash in DB] |
|
||
|
||
**P1 — Must pass before release:**
|
||
| Test Case | Type | Expected Outcome |
|
||
|---|---|---|
|
||
| [e.g. Login fails gracefully when DB is down] | Integration | [User sees friendly error, 503] |
|
||
| [e.g. Rate limiting blocks after 5 failed attempts] | Integration | [429 returned, account flagged] |
|
||
|
||
**P2 — Should pass, can ship with known issues tracked:**
|
||
| Test Case | Type | Expected Outcome |
|
||
|---|---|---|
|
||
| [e.g. Login page renders correctly on mobile] | E2E | [Layout matches design] |
|
||
|
||
### 5. Test Data Requirements
|
||
- [Specific test data needed — e.g. test user accounts with various states]
|
||
- [External service stubs or mocks needed]
|
||
- [Database seed data requirements]
|
||
- [Any PII concerns and how test data handles them]
|
||
|
||
### 6. Definition of Done
|
||
Testing is complete when:
|
||
- [ ] All P0 test cases pass
|
||
- [ ] All P1 test cases pass
|
||
- [ ] Code coverage meets the stated target
|
||
- [ ] No critical or high severity bugs open
|
||
- [ ] Performance targets met (if applicable)
|
||
- [ ] Security checks completed (if applicable)
|
||
|
||
## Quality Checks
|
||
- [ ] Risk table is populated and drives test priority (not filled in generically)
|
||
- [ ] Every "P0 — exhaustive" row in the Risk Assessment table has at least one corresponding P0 test case
|
||
- [ ] "Out of scope" section names at least one explicit exclusion (not left blank)
|
||
- [ ] Each test type names a concrete tool (not "some testing framework")
|
||
- [ ] Definition of Done is measurable (not "tests are done when QA is happy")
|
||
|
||
## Anti-Patterns
|
||
|
||
- [ ] Do not write a test strategy without a risk table that drives test priority — generic coverage targets are not a strategy
|
||
- [ ] Do not leave the "out of scope" section blank — every test strategy must explicitly name what is not being tested and why
|
||
- [ ] Do not specify test types without naming a concrete tool for each — "some testing framework" is not actionable
|
||
- [ ] Do not define a Definition of Done that is not measurable — "QA is happy" is not a completion criterion
|
||
- [ ] Do not create P0 risk areas without corresponding P0 test cases — risk rating must map to test coverage
|
||
|
||
## Usage Examples
|
||
- "Write a test strategy for [feature]" + [paste spec or PRD]
|
||
- "Create a test plan for [system]"
|
||
- "How should we test [feature]?"
|
||
- "I need a QA plan for this sprint"
|
||
- "What tests do we need for [X]?"
|