15582e2538
## New Skill: qa-expert (v1.0.0) Comprehensive QA testing infrastructure with autonomous LLM execution: - One-command QA project initialization with complete templates - Google Testing Standards (AAA pattern, 90% coverage targets) - Autonomous LLM-driven test execution via master prompts (100x speedup) - OWASP Top 10 security testing (90% coverage target) - Bug tracking with P0-P4 severity classification - Quality gates enforcement (100% execution, ≥80% pass rate, 0 P0 bugs) - Ground Truth Principle for preventing doc/CSV sync issues - Day 1 onboarding guide (5-hour timeline) - 30+ ready-to-use LLM prompts for QA tasks - Bundled scripts: init_qa_project.py, calculate_metrics.py ## Documentation Updates - Updated marketplace to v1.10.0 (16 → 17 skills) - Updated CHANGELOG.md with v1.10.0 entry - Updated README.md (EN) with qa-expert skill section - Updated README.zh-CN.md (ZH) with skills 11-16 and qa-expert - Updated CLAUDE.md with qa-expert in available skills list - Updated marketplace.json with qa-expert plugin entry ## SOP Improvements Enhanced "Adding a New Skill to Marketplace" workflow: - Added mandatory Step 7: Update README.zh-CN.md - Added 6 new Chinese documentation checklist items - Added Chinese documentation to Common Mistakes (#2, #3, #4, #5, #7, #8) - Updated File Update Summary Template (7 files including zh-CN) - Added verification commands for EN/ZH sync - Made Chinese documentation updates MANDATORY Total: 17 production-ready skills 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
4.4 KiB
4.4 KiB
Test Case Template
Use this template for writing standardized, reproducible test cases.
Template Structure
### TC-[CATEGORY]-[NUMBER]: [Descriptive Title]
**Priority**: P0/P1/P2/P3/P4
**Type**: Unit/Integration/E2E/Security/Performance
**Estimated Time**: [X] minutes
**Prerequisites**:
- Prerequisite 1 (specific and verifiable)
- Prerequisite 2
**Test Steps**:
1. Step 1 (exact command or action)
2. Step 2 (specific input data)
3. Step 3 (verification action)
**Expected Result**:
✅ Specific outcome with example output
✅ Measurable verification criteria
**Pass/Fail Criteria**:
- ✅ PASS: All verification steps succeed
- ❌ FAIL: Any error, missing data, or deviation
**Potential Bugs to Watch For**:
- Known edge case or vulnerability
- Related security concern
Example: CLI Install Test
### TC-CLI-001: Install Skill from GitHub Repository
**Priority**: P0
**Type**: Integration
**Estimated Time**: 5 minutes
**Prerequisites**:
- CLI installed globally (`which ccpm` returns path)
- Internet connection active
- `~/.claude/skills/` directory exists or can be created
- No existing installation of `cli-demo-generator`
**Test Steps**:
1. Open terminal
2. Run: `ccpm install cli-demo-generator`
3. Observe success message
4. Run: `ls ~/.claude/skills/`
5. Verify directory exists
6. Run: `cat ~/.claude/skills/cli-demo-generator/package.json`
7. Verify valid JSON with name field
**Expected Result**:
✅ Terminal shows: "Successfully installed cli-demo-generator"
✅ Directory created: `~/.claude/skills/cli-demo-generator/`
✅ package.json exists with valid content
✅ No errors in terminal output
**Pass/Fail Criteria**:
- ✅ PASS: All 4 verification criteria met, exit code 0
- ❌ FAIL: Any error message, missing directory, or malformed package.json
**Potential Bugs to Watch For**:
- Path traversal vulnerability (test with `../../../etc/passwd`)
- Network timeout with no retry logic
- Incorrect permissions on `~/.claude` directory
- Race condition if multiple installs concurrent
Example: Security Test
### TC-SEC-001: SQL Injection Protection - Login Form
**Priority**: P0
**Type**: Security
**Estimated Time**: 3 minutes
**Prerequisites**:
- Application running on http://localhost:8080
- Test user account exists: `test@example.com` / `password123`
- Database seeded with sample data
**Test Steps**:
1. Navigate to login page
2. Enter username: `admin' OR '1'='1`
3. Enter password: `anything`
4. Click "Login" button
5. Observe response
**Expected Result**:
✅ Login FAILS with error: "Invalid credentials"
✅ SQL injection attempt logged in security_events table
✅ No database data exposed in error message
✅ User NOT authenticated
**Pass/Fail Criteria**:
- ✅ PASS: Login fails, injection logged, no data leak
- ❌ FAIL: Login succeeds, no logging, or SQL error exposed
**Potential Bugs to Watch For**:
- Verbose error messages exposing schema
- Second-order SQL injection in profile fields
- NoSQL injection if using MongoDB
- Timing-based blind SQL injection
Guidelines
Writing Clear Prerequisites
❌ Bad: "System running"
✅ Good: "Docker containers healthy (docker ps shows 5 running), port 8080 accessible"
Writing Specific Steps
❌ Bad: "Test the login" ✅ Good: "Enter 'test@example.com' in email field, enter 'Password123!' in password field, click 'Login' button"
Writing Measurable Results
❌ Bad: "It works" ✅ Good: "HTTP 200 response, redirects to /dashboard, session cookie set with 30min expiry"
Estimating Time
- Simple validation: 1-2 min
- API call test: 2-3 min
- E2E workflow: 5-10 min
- Security audit: 3-5 min per test
Category Codes
- CLI: Command-line interface tests
- WEB: Web UI tests
- API: Backend API tests
- DB: Database tests
- SEC: Security tests
- PERF: Performance tests
- INT: Integration tests
- E2E: End-to-end tests
Priority Assignment Rules
Assign P0 if:
- Prevents core functionality
- Security vulnerability (OWASP Top 10)
- Data loss or corruption
- System crash
Assign P1 if:
- Major feature broken (with workaround)
- Significant UX degradation
- Performance regression >50%
Assign P2 if:
- Minor feature issue
- Edge case failure
- Non-critical bug
Assign P3/P4 for cosmetic or documentation issues.
Usage: Copy this template when writing new test cases. Replace all bracketed placeholders with actual values.