{
"schemaVersion": "1.0",
"item": {
"slug": "afrexai-qa-testing-engine",
"name": "QA & Testing Engine",
"source": "tencent",
"type": "skill",
"category": "开发工具",
"sourceUrl": "https://clawhub.ai/1kalin/afrexai-qa-testing-engine",
"canonicalUrl": "https://clawhub.ai/1kalin/afrexai-qa-testing-engine",
"targetPlatform": "OpenClaw"
},
"install": {
"downloadMode": "redirect",
"downloadUrl": "/downloads/afrexai-qa-testing-engine",
"sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-qa-testing-engine",
"sourcePlatform": "tencent",
"targetPlatform": "OpenClaw",
"installMethod": "Manual import",
"extraction": "Extract archive",
"prerequisites": [
"OpenClaw"
],
"packageFormat": "ZIP package",
"includedAssets": [
"README.md",
"SKILL.md"
],
"primaryDoc": "SKILL.md",
"quickSetup": [
"Download the package from Yavira.",
"Extract the archive and review SKILL.md first.",
"Import or place the package into your OpenClaw setup."
],
"agentAssist": {
"summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
"steps": [
"Download the package from Yavira.",
"Extract it into a folder your agent can access.",
"Paste one of the prompts below and point your agent at the extracted folder."
],
"prompts": [
{
"label": "New install",
"body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
},
{
"label": "Upgrade existing",
"body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
}
]
},
"sourceHealth": {
"source": "tencent",
"status": "healthy",
"reason": "direct_download_ok",
"recommendedAction": "download",
"checkedAt": "2026-05-07T17:22:31.273Z",
"expiresAt": "2026-05-14T17:22:31.273Z",
"httpStatus": 200,
"finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report",
"contentType": "application/zip",
"probeMethod": "head",
"details": {
"probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report",
"contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"",
"redirectLocation": null,
"bodySnippet": null
},
"scope": "source",
"summary": "Source download looks usable.",
"detail": "Yavira can redirect you to the upstream package for this source.",
"primaryActionLabel": "Download for OpenClaw",
"primaryActionHref": "/downloads/afrexai-qa-testing-engine"
},
"validation": {
"installChecklist": [
"Use the Yavira download entry.",
"Review SKILL.md after the package is downloaded.",
"Confirm the extracted package contains the expected setup assets."
],
"postInstallChecks": [
"Confirm the extracted package includes the expected docs or setup files.",
"Validate the skill or prompts are available in your target agent workspace.",
"Capture any manual follow-up steps the agent could not complete."
]
},
"downloadPageUrl": "https://openagent3.xyz/downloads/afrexai-qa-testing-engine",
"agentPageUrl": "https://openagent3.xyz/skills/afrexai-qa-testing-engine/agent",
"manifestUrl": "https://openagent3.xyz/skills/afrexai-qa-testing-engine/agent.json",
"briefUrl": "https://openagent3.xyz/skills/afrexai-qa-testing-engine/agent.md"
},
"agentAssist": {
"summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
"steps": [
"Download the package from Yavira.",
"Extract it into a folder your agent can access.",
"Paste one of the prompts below and point your agent at the extracted folder."
],
"prompts": [
{
"label": "New install",
"body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
},
{
"label": "Upgrade existing",
"body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
}
]
},
"documentation": {
"source": "clawhub",
"primaryDoc": "SKILL.md",
"sections": [
{
"title": "QA & Testing Engine — Complete Software Quality System",
"body": "The definitive testing methodology for AI agents. From test strategy to execution, coverage to reporting — everything you need to ship quality software."
},
{
"title": "Phase 1: Test Strategy Design",
"body": "Before writing a single test, design the strategy."
},
{
"title": "Strategy Brief Template",
"body": "project:\n name: \"\"\n type: web-app | api | mobile | library | cli | data-pipeline\n languages: [typescript, python, go, java]\n frameworks: [react, express, django, spring]\n \nrisk_profile:\n data_sensitivity: low | medium | high | critical # PII, financial, health\n user_impact: internal | b2b | b2c | life-safety\n deployment_frequency: daily | weekly | monthly\n regulatory: [none, SOC2, HIPAA, PCI-DSS, GDPR]\n\ntest_scope:\n in_scope: [] # Features, services, components\n out_of_scope: [] # Explicitly excluded (with reason)\n \nenvironments:\n dev: { url: \"\", db: \"local\" }\n staging: { url: \"\", db: \"seeded\" }\n prod: { url: \"\", smoke_only: true }"
},
{
"title": "Test Type Decision Matrix",
"body": "Risk ProfileUnitIntegrationE2EPerformanceSecurityAccessibilityInternal tool✅ Core✅ API⚠️ Happy path❌⚠️ Basic❌B2B SaaS✅ Full✅ Full✅ Critical flows✅ Load✅ OWASP Top 10✅ WCAG AAB2C high-traffic✅ Full✅ Full✅ Full✅ Stress + soak✅ Full✅ WCAG AAFinancial/Health✅ Full + mutation✅ Full + contract✅ Full + chaos✅ Full suite✅ Pen test✅ WCAG AAA"
},
{
"title": "Test Pyramid Architecture",
"body": "/ E2E \\ 5-10% — Critical user journeys only\n / Integration \\ 20-30% — API contracts, service boundaries\n / Unit Tests \\ 60-70% — Business logic, pure functions\n\nAnti-pattern: Ice cream cone — More E2E than unit tests. Slow, flaky, expensive. Fix by pushing test coverage DOWN the pyramid.\n\nAnti-pattern: Hourglass — Lots of unit + E2E, no integration. Misses contract bugs between services."
},
{
"title": "The AAA Pattern (Arrange-Act-Assert)",
"body": "Every unit test follows this structure:\n\ndescribe('PricingCalculator', () => {\n // Group by behavior, not by method\n describe('when customer has volume discount', () => {\n it('applies tiered pricing above threshold', () => {\n // ARRANGE — Set up the scenario\n const calculator = new PricingCalculator();\n const customer = createCustomer({ tier: 'enterprise', units: 150 });\n \n // ACT — Execute the behavior under test\n const price = calculator.calculate(customer);\n \n // ASSERT — Verify the outcome (ONE logical assertion)\n expect(price).toEqual({\n subtotal: 12000,\n discount: 1800, // 15% volume discount\n total: 10200,\n });\n });\n });\n});"
},
{
"title": "Test Naming Convention",
"body": "Format: [unit] [scenario] [expected behavior]\n\n✅ Good:\n\nPricingCalculator applies 15% discount when units exceed 100\nUserService throws NotFoundError when user ID is invalid\nparseDate returns null for malformed ISO strings\n\n❌ Bad:\n\ntest1, should work, calculates price"
},
{
"title": "What to Unit Test (Priority Order)",
"body": "Business logic — Pricing, rules, calculations, state machines\nData transformations — Parsers, formatters, serializers, mappers\nEdge cases — Boundaries, null/undefined, empty collections, overflow\nError handling — Every catch block, every validation path\nPure functions — Easiest to test, highest ROI"
},
{
"title": "What NOT to Unit Test",
"body": "Framework internals (React rendering, Express routing)\nSimple getters/setters with no logic\nThird-party library behavior\nImplementation details (private methods, internal state)"
},
{
"title": "Mocking Rules",
"body": "Dependency TypeStrategyExampleDatabaseMock the repository/DAOjest.mock('./userRepo')HTTP APIMock the client or use MSWmsw.http.get('/api/users', ...)File systemMock fs or use temp dirsjest.mock('fs/promises')Time/DateFake timersjest.useFakeTimers()RandomnessSeed or mockjest.spyOn(Math, 'random')EnvironmentOverride env varsprocess.env.NODE_ENV = 'test'\n\nRule: Mock at boundaries, not internals. If you're mocking a class you own, your design might need refactoring."
},
{
"title": "Coverage Targets",
"body": "MetricMinimumGoodExcellentLine coverage70%85%95%+Branch coverage60%80%90%+Function coverage75%90%95%+Critical path coverage100%100%100%\n\nWarning: 100% coverage ≠ quality. Coverage measures what code ran, not what was verified. A test with no assertions has coverage but no value."
},
{
"title": "API Testing Checklist",
"body": "For every API endpoint, test:\n\nendpoint: POST /api/orders\ntests:\n happy_path:\n - Valid request returns 201 with order ID\n - Response matches schema\n - Database record created correctly\n - Events/webhooks fired\n \n validation:\n - Missing required fields → 400 with field errors\n - Invalid data types → 400 with type errors\n - Business rule violations → 422 with explanation\n \n authentication:\n - No token → 401\n - Expired token → 401\n - Wrong role → 403\n - Valid token → proceeds\n \n edge_cases:\n - Duplicate request (idempotency) → same response\n - Concurrent requests → no race condition\n - Maximum payload size → 413 or graceful handling\n - Special characters in input → no injection\n \n error_handling:\n - Database down → 503 with retry hint\n - External service timeout → 504 or fallback\n - Rate limit exceeded → 429 with retry-after"
},
{
"title": "Contract Testing",
"body": "When services communicate, test the contract:\n\ncontract:\n consumer: order-service\n provider: payment-service\n \n interactions:\n - description: \"Process payment\"\n request:\n method: POST\n path: /payments\n body:\n amount: 99.99\n currency: USD\n order_id: \"ord_123\"\n response:\n status: 200\n body:\n payment_id: \"pay_xxx\" # string, not null\n status: \"completed\" # enum: completed|pending|failed\n \n breaking_changes: # NEVER do these without versioning\n - Remove a field from response\n - Change a field's type\n - Add a required field to request\n - Change the URL path\n - Change error response format"
},
{
"title": "Database Testing Rules",
"body": "Each test gets a clean state — Use transactions that rollback, or truncate between tests\nUse factories, not fixtures — createUser({ role: 'admin' }) > hardcoded SQL dumps\nTest migrations — Run migrate-up, migrate-down, migrate-up (roundtrip)\nTest constraints — Unique violations, FK cascades, NOT NULL\nTest queries — Especially complex JOINs, aggregations, window functions"
},
{
"title": "Critical User Journey Mapping",
"body": "Identify and test the flows that generate revenue or block users:\n\ncritical_journeys:\n - name: \"Sign up → First value\"\n steps:\n - Visit landing page\n - Click sign up\n - Fill registration form\n - Verify email\n - Complete onboarding\n - Perform first key action\n max_duration: 3 minutes\n \n - name: \"Purchase flow\"\n steps:\n - Browse products\n - Add to cart\n - Enter shipping\n - Enter payment\n - Confirm order\n - Receive confirmation email\n max_duration: 2 minutes\n \n - name: \"Login → Core task → Logout\"\n steps:\n - Login (password + SSO + MFA variants)\n - Navigate to core feature\n - Complete primary workflow\n - Verify result\n - Logout\n max_duration: 1 minute"
},
{
"title": "E2E Best Practices",
"body": "Test user behavior, not implementation — Click buttons by text/role, not by CSS class\nUse data-testid sparingly — Only when no accessible selector exists\nWait for state, not time — waitFor(element) not sleep(3000)\nIsolate test data — Each test creates its own users/data\nRun in CI with retries — 1 retry for flaky network, investigate if >5% flake rate"
},
{
"title": "Selector Priority (Best → Worst)",
"body": "getByRole('button', { name: 'Submit' }) — Accessible, resilient\ngetByLabelText('Email') — Form-specific, accessible\ngetByText('Welcome back') — Content-based\ngetByTestId('submit-btn') — Explicit test hook\nquerySelector('.btn-primary') — ❌ Fragile, breaks on CSS changes"
},
{
"title": "Flaky Test Triage",
"body": "SymptomLikely CauseFixPasses locally, fails in CITiming/race conditionAdd explicit waits, check CI resource limitsFails intermittentlyShared state between testsIsolate test data, reset stateFails after deployEnvironment differenceCheck env vars, API versions, feature flagsFails at specific timeTime-dependent logicMock dates/times, avoid time-sensitive assertionsFails in parallelResource contentionUse unique ports/DBs per worker\n\nRule: Quarantine flaky tests within 24 hours. A flaky test suite that everyone ignores is worse than no tests."
},
{
"title": "Load Test Design",
"body": "performance_tests:\n smoke:\n vus: 5\n duration: 1m\n purpose: \"Verify test works\"\n \n load:\n vus: 100 # Expected concurrent users\n duration: 10m\n ramp_up: 2m\n purpose: \"Normal traffic behavior\"\n thresholds:\n p95_response: <500ms\n error_rate: <1%\n \n stress:\n vus: 300 # 3x expected load\n duration: 15m\n ramp_up: 5m\n purpose: \"Find breaking point\"\n \n soak:\n vus: 80\n duration: 2h\n purpose: \"Memory leaks, connection exhaustion\"\n \n spike:\n stages:\n - { vus: 50, duration: 2m }\n - { vus: 500, duration: 30s } # Sudden spike\n - { vus: 50, duration: 2m }\n purpose: \"Recovery behavior\""
},
{
"title": "Performance Budgets",
"body": "MetricWeb AppAPIBackground JobResponse time (p50)<200ms<100msN/AResponse time (p95)<1s<500msN/AResponse time (p99)<3s<1sN/AThroughput>100 rps>500 rps>1000/minError rate<0.1%<0.1%<0.5%CPU usage<70%<70%<90%Memory growth<5%/hr<2%/hr<10%/hr"
},
{
"title": "Database Performance Testing",
"body": "db_performance:\n query_tests:\n - name: \"Dashboard aggregate query\"\n baseline: 50ms\n max_acceptable: 200ms\n with_1M_rows: measure\n with_10M_rows: measure\n \n index_verification:\n - Run EXPLAIN ANALYZE on all critical queries\n - Verify no sequential scans on tables >10K rows\n - Check index usage statistics weekly\n \n connection_pool:\n - Test at max connections\n - Verify graceful handling when pool exhausted\n - Monitor connection wait time"
},
{
"title": "OWASP Top 10 Test Checklist",
"body": "security_tests:\n A01_broken_access_control:\n - [ ] Horizontal privilege escalation (access other user's data)\n - [ ] Vertical privilege escalation (access admin functions)\n - [ ] IDOR (Insecure Direct Object References)\n - [ ] Missing function-level access control\n - [ ] CORS misconfiguration\n \n A02_cryptographic_failures:\n - [ ] Sensitive data in transit (TLS 1.2+)\n - [ ] Sensitive data at rest (encryption)\n - [ ] Password hashing (bcrypt/argon2, not MD5/SHA)\n - [ ] No secrets in code/logs/URLs\n \n A03_injection:\n - [ ] SQL injection (parameterized queries)\n - [ ] NoSQL injection\n - [ ] Command injection (OS commands)\n - [ ] XSS (stored, reflected, DOM-based)\n - [ ] Template injection (SSTI)\n \n A04_insecure_design:\n - [ ] Rate limiting on auth endpoints\n - [ ] Account lockout after N failures\n - [ ] CAPTCHA on public forms\n - [ ] Business logic abuse scenarios\n \n A05_security_misconfiguration:\n - [ ] Default credentials removed\n - [ ] Error messages don't leak stack traces\n - [ ] Security headers set (CSP, HSTS, X-Frame-Options)\n - [ ] Directory listing disabled\n - [ ] Unnecessary HTTP methods disabled\n \n A07_auth_failures:\n - [ ] Brute force protection\n - [ ] Session fixation\n - [ ] Session timeout\n - [ ] JWT validation (signature, expiry, issuer)\n - [ ] MFA bypass attempts"
},
{
"title": "Input Validation Test Payloads",
"body": "Test every user input with:\n\ninjection_payloads:\n sql: [\"' OR 1=1--\", \"'; DROP TABLE users;--\", \"1 UNION SELECT * FROM users\"]\n xss: [\"\", \"
\", \"javascript:alert(1)\"]\n path_traversal: [\"../../etc/passwd\", \"..\\\\..\\\\windows\\\\system32\", \"%2e%2e%2f\"]\n command: [\"; ls -la\", \"| cat /etc/passwd\", \"$(whoami)\", \"`id`\"]\n \nboundary_values:\n strings: [\"\", \" \", \"a\"*10000, null, undefined, \"emoji: 🎯\", \"unicode: é à ü\", \"rtl: مرحبا\"]\n numbers: [0, -1, 2147483647, -2147483648, NaN, Infinity, 0.1+0.2]\n arrays: [[], [null], Array(10000)]\n dates: [\"1970-01-01\", \"2099-12-31\", \"invalid-date\", \"2024-02-29\", \"2023-02-29\"]"
},
{
"title": "Framework Selection Guide",
"body": "NeedJavaScript/TSPythonGoJavaUnitVitest / Jestpytesttesting + testifyJUnit 5APISupertesthttpx + pytestnet/http/httptestRestAssuredE2E (browser)PlaywrightPlaywrightchromedpSeleniumPerformancek6LocustvegetaGatlingContractPactPactPactPactSecurityZAP + customBandit + customgosecSpotBugs"
},
{
"title": "CI Pipeline Test Stages",
"body": "pipeline:\n stage_1_fast: # <2 min, blocks PR\n - Lint + type check\n - Unit tests\n - Security: dependency scan (npm audit / safety)\n \n stage_2_thorough: # <10 min, blocks merge\n - Integration tests\n - Contract tests\n - Security: SAST scan\n - Coverage report + threshold check\n \n stage_3_confidence: # <30 min, blocks deploy\n - E2E critical journeys\n - Visual regression (if applicable)\n - Security: container scan\n \n stage_4_post_deploy: # After deploy to staging\n - Smoke tests against staging\n - Performance baseline check\n - Security: DAST scan (ZAP)\n \n stage_5_production: # After prod deploy\n - Smoke tests (critical paths only)\n - Synthetic monitoring enabled\n - Canary metrics watching"
},
{
"title": "Test Data Management",
"body": "test_data_strategy:\n unit_tests:\n approach: factories # Builder pattern, create exactly what you need\n example: \"createUser({ role: 'admin', plan: 'enterprise' })\"\n \n integration_tests:\n approach: seeded_database\n reset: per_test_suite # Transaction rollback or truncate\n sensitive_data: anonymized # Never use real PII\n \n e2e_tests:\n approach: api_setup # Create data via API before test\n cleanup: after_each # Delete created data\n isolation: unique_identifiers # Timestamp or UUID in test data\n \n performance_tests:\n approach: representative_dataset\n volume: 10x_production # Test with more data than prod\n generation: faker_libraries # Realistic but synthetic"
},
{
"title": "Test Health Dashboard",
"body": "metrics:\n test_suite_health:\n total_tests: 0\n passing: 0\n failing: 0\n skipped: 0 # >5% skipped = tech debt alarm\n flaky: 0 # >2% flaky = quarantine immediately\n \n coverage:\n line: \"0%\"\n branch: \"0%\"\n critical_paths: \"0%\" # Must be 100%\n \n execution:\n unit_duration: \"0s\" # Target: <30s\n integration_duration: \"0s\" # Target: <5m\n e2e_duration: \"0s\" # Target: <15m\n total_ci_time: \"0s\" # Target: <20m\n \n defect_metrics:\n bugs_found_in_test: 0\n bugs_escaped_to_prod: 0\n escape_rate: \"0%\" # Target: <5%\n mttr: \"0h\" # Mean time to resolve\n \n trends: # Track weekly\n new_tests_added: 0\n tests_deleted: 0 # Healthy deletion = removing redundant tests\n coverage_delta: \"+0%\"\n flake_rate_delta: \"+0%\""
},
{
"title": "Test Report Template",
"body": "# Test Report — [Feature/Sprint/Release]\n\n## Summary\n- **Status:** ✅ PASS / ⚠️ PASS WITH RISKS / ❌ FAIL\n- **Tests Run:** X | **Passed:** X | **Failed:** X | **Skipped:** X\n- **Coverage:** Line X% | Branch X% | Critical 100%\n- **Duration:** Xm Xs\n\n## Key Findings\n\n### 🔴 Critical (Block Release)\n1. [Finding] — [Impact] — [Fix recommendation]\n\n### 🟡 High (Fix Before Next Release)\n1. [Finding] — [Impact] — [Fix recommendation]\n\n### 🟢 Medium/Low (Backlog)\n1. [Finding] — [Impact]\n\n## Risk Assessment\n- **Untested areas:** [list]\n- **Known flaky tests:** [list with ticket IDs]\n- **Performance concerns:** [if any]\n\n## Recommendation\n[Ship / Ship with monitoring / Hold for fixes]"
},
{
"title": "Quality Score (0-100)",
"body": "DimensionWeightScoringTest coverage20%<60%=0, 60-70%=5, 70-80%=10, 80-90%=15, 90%+=20Critical path coverage20%<100%=0, 100%=20Defect escape rate15%>10%=0, 5-10%=5, 2-5%=10, <2%=15Test suite speed10%>30m=0, 20-30m=3, 10-20m=7, <10m=10Flake rate10%>5%=0, 2-5%=3, 1-2%=7, <1%=10Security test coverage10%None=0, Basic=3, OWASP Top 10=7, Full=10Documentation5%None=0, Basic=2, Complete=5Automation ratio10%<50%=0, 50-70%=3, 70-90%=7, 90%+=10\n\nScoring: 0-40 = 🔴 Critical | 41-60 = 🟡 Needs Work | 61-80 = 🟢 Good | 81-100 = 💎 Excellent"
},
{
"title": "Accessibility Testing (WCAG 2.1)",
"body": "accessibility_checklist:\n level_a: # Minimum compliance\n - [ ] All images have alt text\n - [ ] All form inputs have labels\n - [ ] Color is not the only visual indicator\n - [ ] Page has proper heading hierarchy (h1→h2→h3)\n - [ ] All functionality available via keyboard\n - [ ] Focus is visible and logical\n - [ ] No content flashes >3 times/second\n \n level_aa: # Standard compliance (recommended)\n - [ ] Color contrast ratio ≥4.5:1 (normal text)\n - [ ] Color contrast ratio ≥3:1 (large text)\n - [ ] Text resizable to 200% without loss\n - [ ] Skip navigation links\n - [ ] Consistent navigation across pages\n - [ ] Error suggestions provided\n - [ ] ARIA landmarks for page regions\n \n tools:\n - axe-core (automated, catches ~30% of issues)\n - Lighthouse accessibility audit\n - Manual keyboard navigation test\n - Screen reader testing (VoiceOver/NVDA)"
},
{
"title": "API Backward Compatibility Testing",
"body": "compatibility_tests:\n when_updating_api:\n - [ ] All existing fields still present in response\n - [ ] No field type changes (string→number)\n - [ ] New required request fields have defaults\n - [ ] Deprecated fields still work (with warning header)\n - [ ] Error format unchanged\n - [ ] Pagination behavior unchanged\n - [ ] Rate limits not reduced\n \n versioning_strategy:\n - URL versioning: /v1/users, /v2/users\n - Header versioning: Accept: application/vnd.api+json;version=2\n - Sunset header for deprecated versions\n - Minimum 6-month deprecation notice"
},
{
"title": "Chaos Engineering Principles",
"body": "chaos_tests:\n network:\n - Service dependency goes down → graceful degradation?\n - Network latency increases 10x → timeout handling?\n - DNS resolution fails → fallback behavior?\n \n infrastructure:\n - Database primary fails → replica promotion?\n - Cache (Redis) goes down → DB fallback works?\n - Disk fills up → alerting + graceful failure?\n \n application:\n - Memory pressure → OOM handling?\n - CPU saturation → request queuing?\n - Certificate expiry → monitoring alert?\n \n data:\n - Corrupt message in queue → dead letter + alert?\n - Schema migration fails mid-way → rollback works?\n - Clock skew between services → idempotency holds?"
},
{
"title": "For New Features",
"body": "Review requirements — Identify test scenarios before code is written (shift-left)\nWrite test cases — Cover happy path, edge cases, error cases, security\nReview PR tests — Are tests meaningful? Do they test behavior, not implementation?\nRun full suite — Unit + integration + E2E for affected areas\nReport findings — Use the test report template above"
},
{
"title": "For Bug Fixes",
"body": "Write failing test first — Reproduce the bug as a test\nVerify fix makes test pass — The test IS the proof\nCheck for regression — Run related test suites\nAdd to regression suite — Bug tests prevent re-introduction"
},
{
"title": "Weekly QA Review",
"body": "weekly_review:\n monday:\n - Review flaky test quarantine — fix or delete\n - Check coverage trends — declining = tech debt\n - Review escaped defects — update test strategy\n \n friday:\n - Update test health dashboard\n - Clean up obsolete tests\n - Document new testing patterns discovered\n - Plan next week's testing focus"
},
{
"title": "Natural Language Commands",
"body": "\"Create test strategy for [project/feature]\" → Full strategy brief\n\"Write unit tests for [function/class]\" → AAA pattern tests with edge cases\n\"Test this API endpoint: [method] [path]\" → Full API test checklist\n\"Review these tests for quality\" → Test code review with scoring\n\"Generate performance test plan\" → k6/Locust test design\n\"Security test [feature/endpoint]\" → OWASP-based test checklist\n\"Create test report for [release]\" → Formatted test report\n\"What's our test health?\" → Dashboard with metrics and recommendations\n\"Find gaps in our test coverage\" → Analysis with prioritized recommendations\n\"Help debug this flaky test\" → Root cause analysis with fix suggestions\n\"Set up CI test pipeline\" → Stage-by-stage pipeline config\n\"Accessibility audit [page/component]\" → WCAG checklist with findings"
}
],
"body": "QA & Testing Engine — Complete Software Quality System\n\nThe definitive testing methodology for AI agents. From test strategy to execution, coverage to reporting — everything you need to ship quality software.\n\nPhase 1: Test Strategy Design\n\nBefore writing a single test, design the strategy.\n\nStrategy Brief Template\nproject:\n name: \"\"\n type: web-app | api | mobile | library | cli | data-pipeline\n languages: [typescript, python, go, java]\n frameworks: [react, express, django, spring]\n \nrisk_profile:\n data_sensitivity: low | medium | high | critical # PII, financial, health\n user_impact: internal | b2b | b2c | life-safety\n deployment_frequency: daily | weekly | monthly\n regulatory: [none, SOC2, HIPAA, PCI-DSS, GDPR]\n\ntest_scope:\n in_scope: [] # Features, services, components\n out_of_scope: [] # Explicitly excluded (with reason)\n \nenvironments:\n dev: { url: \"\", db: \"local\" }\n staging: { url: \"\", db: \"seeded\" }\n prod: { url: \"\", smoke_only: true }\n\nTest Type Decision Matrix\nRisk Profile\tUnit\tIntegration\tE2E\tPerformance\tSecurity\tAccessibility\nInternal tool\t✅ Core\t✅ API\t⚠️ Happy path\t❌\t⚠️ Basic\t❌\nB2B SaaS\t✅ Full\t✅ Full\t✅ Critical flows\t✅ Load\t✅ OWASP Top 10\t✅ WCAG AA\nB2C high-traffic\t✅ Full\t✅ Full\t✅ Full\t✅ Stress + soak\t✅ Full\t✅ WCAG AA\nFinancial/Health\t✅ Full + mutation\t✅ Full + contract\t✅ Full + chaos\t✅ Full suite\t✅ Pen test\t✅ WCAG AAA\nTest Pyramid Architecture\n / E2E \\ 5-10% — Critical user journeys only\n / Integration \\ 20-30% — API contracts, service boundaries\n / Unit Tests \\ 60-70% — Business logic, pure functions\n\n\nAnti-pattern: Ice cream cone — More E2E than unit tests. Slow, flaky, expensive. Fix by pushing test coverage DOWN the pyramid.\n\nAnti-pattern: Hourglass — Lots of unit + E2E, no integration. Misses contract bugs between services.\n\nPhase 2: Unit Testing Mastery\nThe AAA Pattern (Arrange-Act-Assert)\n\nEvery unit test follows this structure:\n\ndescribe('PricingCalculator', () => {\n // Group by behavior, not by method\n describe('when customer has volume discount', () => {\n it('applies tiered pricing above threshold', () => {\n // ARRANGE — Set up the scenario\n const calculator = new PricingCalculator();\n const customer = createCustomer({ tier: 'enterprise', units: 150 });\n \n // ACT — Execute the behavior under test\n const price = calculator.calculate(customer);\n \n // ASSERT — Verify the outcome (ONE logical assertion)\n expect(price).toEqual({\n subtotal: 12000,\n discount: 1800, // 15% volume discount\n total: 10200,\n });\n });\n });\n});\n\nTest Naming Convention\n\nFormat: [unit] [scenario] [expected behavior]\n\n✅ Good:\n\nPricingCalculator applies 15% discount when units exceed 100\nUserService throws NotFoundError when user ID is invalid\nparseDate returns null for malformed ISO strings\n\n❌ Bad:\n\ntest1, should work, calculates price\nWhat to Unit Test (Priority Order)\nBusiness logic — Pricing, rules, calculations, state machines\nData transformations — Parsers, formatters, serializers, mappers\nEdge cases — Boundaries, null/undefined, empty collections, overflow\nError handling — Every catch block, every validation path\nPure functions — Easiest to test, highest ROI\nWhat NOT to Unit Test\nFramework internals (React rendering, Express routing)\nSimple getters/setters with no logic\nThird-party library behavior\nImplementation details (private methods, internal state)\nMocking Rules\nDependency Type\tStrategy\tExample\nDatabase\tMock the repository/DAO\tjest.mock('./userRepo')\nHTTP API\tMock the client or use MSW\tmsw.http.get('/api/users', ...)\nFile system\tMock fs or use temp dirs\tjest.mock('fs/promises')\nTime/Date\tFake timers\tjest.useFakeTimers()\nRandomness\tSeed or mock\tjest.spyOn(Math, 'random')\nEnvironment\tOverride env vars\tprocess.env.NODE_ENV = 'test'\n\nRule: Mock at boundaries, not internals. If you're mocking a class you own, your design might need refactoring.\n\nCoverage Targets\nMetric\tMinimum\tGood\tExcellent\nLine coverage\t70%\t85%\t95%+\nBranch coverage\t60%\t80%\t90%+\nFunction coverage\t75%\t90%\t95%+\nCritical path coverage\t100%\t100%\t100%\n\nWarning: 100% coverage ≠ quality. Coverage measures what code ran, not what was verified. A test with no assertions has coverage but no value.\n\nPhase 3: Integration Testing\nAPI Testing Checklist\n\nFor every API endpoint, test:\n\nendpoint: POST /api/orders\ntests:\n happy_path:\n - Valid request returns 201 with order ID\n - Response matches schema\n - Database record created correctly\n - Events/webhooks fired\n \n validation:\n - Missing required fields → 400 with field errors\n - Invalid data types → 400 with type errors\n - Business rule violations → 422 with explanation\n \n authentication:\n - No token → 401\n - Expired token → 401\n - Wrong role → 403\n - Valid token → proceeds\n \n edge_cases:\n - Duplicate request (idempotency) → same response\n - Concurrent requests → no race condition\n - Maximum payload size → 413 or graceful handling\n - Special characters in input → no injection\n \n error_handling:\n - Database down → 503 with retry hint\n - External service timeout → 504 or fallback\n - Rate limit exceeded → 429 with retry-after\n\nContract Testing\n\nWhen services communicate, test the contract:\n\ncontract:\n consumer: order-service\n provider: payment-service\n \n interactions:\n - description: \"Process payment\"\n request:\n method: POST\n path: /payments\n body:\n amount: 99.99\n currency: USD\n order_id: \"ord_123\"\n response:\n status: 200\n body:\n payment_id: \"pay_xxx\" # string, not null\n status: \"completed\" # enum: completed|pending|failed\n \n breaking_changes: # NEVER do these without versioning\n - Remove a field from response\n - Change a field's type\n - Add a required field to request\n - Change the URL path\n - Change error response format\n\nDatabase Testing Rules\nEach test gets a clean state — Use transactions that rollback, or truncate between tests\nUse factories, not fixtures — createUser({ role: 'admin' }) > hardcoded SQL dumps\nTest migrations — Run migrate-up, migrate-down, migrate-up (roundtrip)\nTest constraints — Unique violations, FK cascades, NOT NULL\nTest queries — Especially complex JOINs, aggregations, window functions\nPhase 4: End-to-End Testing\nCritical User Journey Mapping\n\nIdentify and test the flows that generate revenue or block users:\n\ncritical_journeys:\n - name: \"Sign up → First value\"\n steps:\n - Visit landing page\n - Click sign up\n - Fill registration form\n - Verify email\n - Complete onboarding\n - Perform first key action\n max_duration: 3 minutes\n \n - name: \"Purchase flow\"\n steps:\n - Browse products\n - Add to cart\n - Enter shipping\n - Enter payment\n - Confirm order\n - Receive confirmation email\n max_duration: 2 minutes\n \n - name: \"Login → Core task → Logout\"\n steps:\n - Login (password + SSO + MFA variants)\n - Navigate to core feature\n - Complete primary workflow\n - Verify result\n - Logout\n max_duration: 1 minute\n\nE2E Best Practices\nTest user behavior, not implementation — Click buttons by text/role, not by CSS class\nUse data-testid sparingly — Only when no accessible selector exists\nWait for state, not time — waitFor(element) not sleep(3000)\nIsolate test data — Each test creates its own users/data\nRun in CI with retries — 1 retry for flaky network, investigate if >5% flake rate\nSelector Priority (Best → Worst)\ngetByRole('button', { name: 'Submit' }) — Accessible, resilient\ngetByLabelText('Email') — Form-specific, accessible\ngetByText('Welcome back') — Content-based\ngetByTestId('submit-btn') — Explicit test hook\nquerySelector('.btn-primary') — ❌ Fragile, breaks on CSS changes\nFlaky Test Triage\nSymptom\tLikely Cause\tFix\nPasses locally, fails in CI\tTiming/race condition\tAdd explicit waits, check CI resource limits\nFails intermittently\tShared state between tests\tIsolate test data, reset state\nFails after deploy\tEnvironment difference\tCheck env vars, API versions, feature flags\nFails at specific time\tTime-dependent logic\tMock dates/times, avoid time-sensitive assertions\nFails in parallel\tResource contention\tUse unique ports/DBs per worker\n\nRule: Quarantine flaky tests within 24 hours. A flaky test suite that everyone ignores is worse than no tests.\n\nPhase 5: Performance Testing\nLoad Test Design\nperformance_tests:\n smoke:\n vus: 5\n duration: 1m\n purpose: \"Verify test works\"\n \n load:\n vus: 100 # Expected concurrent users\n duration: 10m\n ramp_up: 2m\n purpose: \"Normal traffic behavior\"\n thresholds:\n p95_response: <500ms\n error_rate: <1%\n \n stress:\n vus: 300 # 3x expected load\n duration: 15m\n ramp_up: 5m\n purpose: \"Find breaking point\"\n \n soak:\n vus: 80\n duration: 2h\n purpose: \"Memory leaks, connection exhaustion\"\n \n spike:\n stages:\n - { vus: 50, duration: 2m }\n - { vus: 500, duration: 30s } # Sudden spike\n - { vus: 50, duration: 2m }\n purpose: \"Recovery behavior\"\n\nPerformance Budgets\nMetric\tWeb App\tAPI\tBackground Job\nResponse time (p50)\t<200ms\t<100ms\tN/A\nResponse time (p95)\t<1s\t<500ms\tN/A\nResponse time (p99)\t<3s\t<1s\tN/A\nThroughput\t>100 rps\t>500 rps\t>1000/min\nError rate\t<0.1%\t<0.1%\t<0.5%\nCPU usage\t<70%\t<70%\t<90%\nMemory growth\t<5%/hr\t<2%/hr\t<10%/hr\nDatabase Performance Testing\ndb_performance:\n query_tests:\n - name: \"Dashboard aggregate query\"\n baseline: 50ms\n max_acceptable: 200ms\n with_1M_rows: measure\n with_10M_rows: measure\n \n index_verification:\n - Run EXPLAIN ANALYZE on all critical queries\n - Verify no sequential scans on tables >10K rows\n - Check index usage statistics weekly\n \n connection_pool:\n - Test at max connections\n - Verify graceful handling when pool exhausted\n - Monitor connection wait time\n\nPhase 6: Security Testing\nOWASP Top 10 Test Checklist\nsecurity_tests:\n A01_broken_access_control:\n - [ ] Horizontal privilege escalation (access other user's data)\n - [ ] Vertical privilege escalation (access admin functions)\n - [ ] IDOR (Insecure Direct Object References)\n - [ ] Missing function-level access control\n - [ ] CORS misconfiguration\n \n A02_cryptographic_failures:\n - [ ] Sensitive data in transit (TLS 1.2+)\n - [ ] Sensitive data at rest (encryption)\n - [ ] Password hashing (bcrypt/argon2, not MD5/SHA)\n - [ ] No secrets in code/logs/URLs\n \n A03_injection:\n - [ ] SQL injection (parameterized queries)\n - [ ] NoSQL injection\n - [ ] Command injection (OS commands)\n - [ ] XSS (stored, reflected, DOM-based)\n - [ ] Template injection (SSTI)\n \n A04_insecure_design:\n - [ ] Rate limiting on auth endpoints\n - [ ] Account lockout after N failures\n - [ ] CAPTCHA on public forms\n - [ ] Business logic abuse scenarios\n \n A05_security_misconfiguration:\n - [ ] Default credentials removed\n - [ ] Error messages don't leak stack traces\n - [ ] Security headers set (CSP, HSTS, X-Frame-Options)\n - [ ] Directory listing disabled\n - [ ] Unnecessary HTTP methods disabled\n \n A07_auth_failures:\n - [ ] Brute force protection\n - [ ] Session fixation\n - [ ] Session timeout\n - [ ] JWT validation (signature, expiry, issuer)\n - [ ] MFA bypass attempts\n\nInput Validation Test Payloads\n\nTest every user input with:\n\ninjection_payloads:\n sql: [\"' OR 1=1--\", \"'; DROP TABLE users;--\", \"1 UNION SELECT * FROM users\"]\n xss: [\"\", \"\", \"javascript:alert(1)\"]\n path_traversal: [\"../../etc/passwd\", \"..\\\\..\\\\windows\\\\system32\", \"%2e%2e%2f\"]\n command: [\"; ls -la\", \"| cat /etc/passwd\", \"$(whoami)\", \"`id`\"]\n \nboundary_values:\n strings: [\"\", \" \", \"a\"*10000, null, undefined, \"emoji: 🎯\", \"unicode: é à ü\", \"rtl: مرحبا\"]\n numbers: [0, -1, 2147483647, -2147483648, NaN, Infinity, 0.1+0.2]\n arrays: [[], [null], Array(10000)]\n dates: [\"1970-01-01\", \"2099-12-31\", \"invalid-date\", \"2024-02-29\", \"2023-02-29\"]\n\nPhase 7: Test Automation Architecture\nFramework Selection Guide\nNeed\tJavaScript/TS\tPython\tGo\tJava\nUnit\tVitest / Jest\tpytest\ttesting + testify\tJUnit 5\nAPI\tSupertest\thttpx + pytest\tnet/http/httptest\tRestAssured\nE2E (browser)\tPlaywright\tPlaywright\tchromedp\tSelenium\nPerformance\tk6\tLocust\tvegeta\tGatling\nContract\tPact\tPact\tPact\tPact\nSecurity\tZAP + custom\tBandit + custom\tgosec\tSpotBugs\nCI Pipeline Test Stages\npipeline:\n stage_1_fast: # <2 min, blocks PR\n - Lint + type check\n - Unit tests\n - Security: dependency scan (npm audit / safety)\n \n stage_2_thorough: # <10 min, blocks merge\n - Integration tests\n - Contract tests\n - Security: SAST scan\n - Coverage report + threshold check\n \n stage_3_confidence: # <30 min, blocks deploy\n - E2E critical journeys\n - Visual regression (if applicable)\n - Security: container scan\n \n stage_4_post_deploy: # After deploy to staging\n - Smoke tests against staging\n - Performance baseline check\n - Security: DAST scan (ZAP)\n \n stage_5_production: # After prod deploy\n - Smoke tests (critical paths only)\n - Synthetic monitoring enabled\n - Canary metrics watching\n\nTest Data Management\ntest_data_strategy:\n unit_tests:\n approach: factories # Builder pattern, create exactly what you need\n example: \"createUser({ role: 'admin', plan: 'enterprise' })\"\n \n integration_tests:\n approach: seeded_database\n reset: per_test_suite # Transaction rollback or truncate\n sensitive_data: anonymized # Never use real PII\n \n e2e_tests:\n approach: api_setup # Create data via API before test\n cleanup: after_each # Delete created data\n isolation: unique_identifiers # Timestamp or UUID in test data\n \n performance_tests:\n approach: representative_dataset\n volume: 10x_production # Test with more data than prod\n generation: faker_libraries # Realistic but synthetic\n\nPhase 8: Quality Metrics & Reporting\nTest Health Dashboard\nmetrics:\n test_suite_health:\n total_tests: 0\n passing: 0\n failing: 0\n skipped: 0 # >5% skipped = tech debt alarm\n flaky: 0 # >2% flaky = quarantine immediately\n \n coverage:\n line: \"0%\"\n branch: \"0%\"\n critical_paths: \"0%\" # Must be 100%\n \n execution:\n unit_duration: \"0s\" # Target: <30s\n integration_duration: \"0s\" # Target: <5m\n e2e_duration: \"0s\" # Target: <15m\n total_ci_time: \"0s\" # Target: <20m\n \n defect_metrics:\n bugs_found_in_test: 0\n bugs_escaped_to_prod: 0\n escape_rate: \"0%\" # Target: <5%\n mttr: \"0h\" # Mean time to resolve\n \n trends: # Track weekly\n new_tests_added: 0\n tests_deleted: 0 # Healthy deletion = removing redundant tests\n coverage_delta: \"+0%\"\n flake_rate_delta: \"+0%\"\n\nTest Report Template\n# Test Report — [Feature/Sprint/Release]\n\n## Summary\n- **Status:** ✅ PASS / ⚠️ PASS WITH RISKS / ❌ FAIL\n- **Tests Run:** X | **Passed:** X | **Failed:** X | **Skipped:** X\n- **Coverage:** Line X% | Branch X% | Critical 100%\n- **Duration:** Xm Xs\n\n## Key Findings\n\n### 🔴 Critical (Block Release)\n1. [Finding] — [Impact] — [Fix recommendation]\n\n### 🟡 High (Fix Before Next Release)\n1. [Finding] — [Impact] — [Fix recommendation]\n\n### 🟢 Medium/Low (Backlog)\n1. [Finding] — [Impact]\n\n## Risk Assessment\n- **Untested areas:** [list]\n- **Known flaky tests:** [list with ticket IDs]\n- **Performance concerns:** [if any]\n\n## Recommendation\n[Ship / Ship with monitoring / Hold for fixes]\n\nQuality Score (0-100)\nDimension\tWeight\tScoring\nTest coverage\t20%\t<60%=0, 60-70%=5, 70-80%=10, 80-90%=15, 90%+=20\nCritical path coverage\t20%\t<100%=0, 100%=20\nDefect escape rate\t15%\t>10%=0, 5-10%=5, 2-5%=10, <2%=15\nTest suite speed\t10%\t>30m=0, 20-30m=3, 10-20m=7, <10m=10\nFlake rate\t10%\t>5%=0, 2-5%=3, 1-2%=7, <1%=10\nSecurity test coverage\t10%\tNone=0, Basic=3, OWASP Top 10=7, Full=10\nDocumentation\t5%\tNone=0, Basic=2, Complete=5\nAutomation ratio\t10%\t<50%=0, 50-70%=3, 70-90%=7, 90%+=10\n\nScoring: 0-40 = 🔴 Critical | 41-60 = 🟡 Needs Work | 61-80 = 🟢 Good | 81-100 = 💎 Excellent\n\nPhase 9: Specialized Testing\nAccessibility Testing (WCAG 2.1)\naccessibility_checklist:\n level_a: # Minimum compliance\n - [ ] All images have alt text\n - [ ] All form inputs have labels\n - [ ] Color is not the only visual indicator\n - [ ] Page has proper heading hierarchy (h1→h2→h3)\n - [ ] All functionality available via keyboard\n - [ ] Focus is visible and logical\n - [ ] No content flashes >3 times/second\n \n level_aa: # Standard compliance (recommended)\n - [ ] Color contrast ratio ≥4.5:1 (normal text)\n - [ ] Color contrast ratio ≥3:1 (large text)\n - [ ] Text resizable to 200% without loss\n - [ ] Skip navigation links\n - [ ] Consistent navigation across pages\n - [ ] Error suggestions provided\n - [ ] ARIA landmarks for page regions\n \n tools:\n - axe-core (automated, catches ~30% of issues)\n - Lighthouse accessibility audit\n - Manual keyboard navigation test\n - Screen reader testing (VoiceOver/NVDA)\n\nAPI Backward Compatibility Testing\ncompatibility_tests:\n when_updating_api:\n - [ ] All existing fields still present in response\n - [ ] No field type changes (string→number)\n - [ ] New required request fields have defaults\n - [ ] Deprecated fields still work (with warning header)\n - [ ] Error format unchanged\n - [ ] Pagination behavior unchanged\n - [ ] Rate limits not reduced\n \n versioning_strategy:\n - URL versioning: /v1/users, /v2/users\n - Header versioning: Accept: application/vnd.api+json;version=2\n - Sunset header for deprecated versions\n - Minimum 6-month deprecation notice\n\nChaos Engineering Principles\nchaos_tests:\n network:\n - Service dependency goes down → graceful degradation?\n - Network latency increases 10x → timeout handling?\n - DNS resolution fails → fallback behavior?\n \n infrastructure:\n - Database primary fails → replica promotion?\n - Cache (Redis) goes down → DB fallback works?\n - Disk fills up → alerting + graceful failure?\n \n application:\n - Memory pressure → OOM handling?\n - CPU saturation → request queuing?\n - Certificate expiry → monitoring alert?\n \n data:\n - Corrupt message in queue → dead letter + alert?\n - Schema migration fails mid-way → rollback works?\n - Clock skew between services → idempotency holds?\n\nPhase 10: Daily QA Workflow\nFor New Features\nReview requirements — Identify test scenarios before code is written (shift-left)\nWrite test cases — Cover happy path, edge cases, error cases, security\nReview PR tests — Are tests meaningful? Do they test behavior, not implementation?\nRun full suite — Unit + integration + E2E for affected areas\nReport findings — Use the test report template above\nFor Bug Fixes\nWrite failing test first — Reproduce the bug as a test\nVerify fix makes test pass — The test IS the proof\nCheck for regression — Run related test suites\nAdd to regression suite — Bug tests prevent re-introduction\nWeekly QA Review\nweekly_review:\n monday:\n - Review flaky test quarantine — fix or delete\n - Check coverage trends — declining = tech debt\n - Review escaped defects — update test strategy\n \n friday:\n - Update test health dashboard\n - Clean up obsolete tests\n - Document new testing patterns discovered\n - Plan next week's testing focus\n\nNatural Language Commands\n\"Create test strategy for [project/feature]\" → Full strategy brief\n\"Write unit tests for [function/class]\" → AAA pattern tests with edge cases\n\"Test this API endpoint: [method] [path]\" → Full API test checklist\n\"Review these tests for quality\" → Test code review with scoring\n\"Generate performance test plan\" → k6/Locust test design\n\"Security test [feature/endpoint]\" → OWASP-based test checklist\n\"Create test report for [release]\" → Formatted test report\n\"What's our test health?\" → Dashboard with metrics and recommendations\n\"Find gaps in our test coverage\" → Analysis with prioritized recommendations\n\"Help debug this flaky test\" → Root cause analysis with fix suggestions\n\"Set up CI test pipeline\" → Stage-by-stage pipeline config\n\"Accessibility audit [page/component]\" → WCAG checklist with findings"
},
"trust": {
"sourceLabel": "tencent",
"provenanceUrl": "https://clawhub.ai/1kalin/afrexai-qa-testing-engine",
"publisherUrl": "https://clawhub.ai/1kalin/afrexai-qa-testing-engine",
"owner": "1kalin",
"version": "1.0.0",
"license": null,
"verificationStatus": "Indexed source record"
},
"links": {
"detailUrl": "https://openagent3.xyz/skills/afrexai-qa-testing-engine",
"downloadUrl": "https://openagent3.xyz/downloads/afrexai-qa-testing-engine",
"agentUrl": "https://openagent3.xyz/skills/afrexai-qa-testing-engine/agent",
"manifestUrl": "https://openagent3.xyz/skills/afrexai-qa-testing-engine/agent.json",
"briefUrl": "https://openagent3.xyz/skills/afrexai-qa-testing-engine/agent.md"
}
}