v2.0 — State-Aware QA Skills

What's New in v2.0

A complete rewrite of QA Toolkit — from generic prompt templates to a state-aware, interconnected QA system.

🧠 Two-Layer State System

• Project state (.qa-context.json): persists tech stack, known risks, coverage gaps across sessions
• Session state (.qa-session.json): tracks current feature under test, findings, skill history
• Schema versioning with validation to prevent silent failures

🔍 Enhanced Project Detection

• Monorepo support (npm/yarn/pnpm workspaces, Lerna, Nx)
• Convention scanning: detects test patterns, page objects, fixtures from actual codebase
• 500ms performance budget with timed phases — later phases skipped if budget exceeded
• Cold-start graceful degradation — all skills work with zero prior state
• --dry-run flag to preview detection without writing files
• --verbose flag for phase-by-phase timing output

🛠 13 QA Skills (Redesigned + New)

Skill	What's New
test-cases	BDD/table/JSON output, traceability IDs, state-grounded coverage
e2e-test	Convention scanner, Playwright page object detection, findings write-back
pr-review	Change-impact analysis, state-aware risk assessment
bug-report	Environment auto-fill from session state, multi-format output
regression-planner	Cross-skill consumption from pr-review findings
test-plan	Full plan from PRD/epic (scope, approach, environments, risks)
exploratory-testing	Charter-based sessions, SFDIPOT heuristics, time-boxing
coverage-gap	Requirements vs code path analysis, state-based severity escalation
risk-prioritization	Weighted scoring (criticality 40%, change freq 35%, defect density 25%)
flaky-test-diagnosis	Root cause classification (timing, state leakage, external deps)
test-data	Stack-aware synthetic data (JSON, CSV, SQL), schema detection
api-test	OpenAPI/Swagger contract validation, framework-specific assertions
setup	Project initialization with state scaffolding

🤖 3 Subagent Personas (Redesigned)

• qa-reviewer: Code review with tool restrictions, return contract, persistent memory
• qa-lead: Strategic QA planning with session state awareness
• qa-explorer: Parallel exploratory analysis with knowledge accumulation

📄 Multi-Format Output

All artifact-producing skills support: Jira, GitHub Issues, Azure DevOps, TestRail, plain Markdown

📁 Smart Artifact Organization

Artifacts organized by feature or sprint context. Recursive directory discovery replaces hardcoded lists.

📊 Skill Budget Validation

validate-skill-budget.js verifies skill registrations stay within Claude Code's 16K character limit — runs in CI.

🌐 GitHub Pages Documentation Site

Full command reference and quick-start guide at https://cyberwalk3r.github.io/qa-toolkit/

Fixes

• Removed .claude/settings.local.json — permissions are approved interactively on first use, not pre-approved via shipped settings
• Log rotation capped at 512 KB to prevent unbounded growth
• walkDir depth bounded at 10 to prevent runaway filesystem scans
• run-test.js uses execFileSync array form (no shell injection surface)

Breaking Changes

This is a full rewrite. All skill output formats have changed. No migration path from v1.x — start fresh.

Requirements

• Claude Code with plugin support
• Node.js 18+ (no npm dependencies — stdlib only)

Install

claude plugin add https://github.com/cyberwalk3r/qa-toolkit

v1.1.0

Fixed

• Replace invalid TaskCompleted hook event with Stop — activity logging now works
• Remove dead code (unused detector arrays)
• Stop eagerly creating empty artifact subdirectories on session start
• Parse pyproject.toml dependencies by TOML section instead of regex-matching all quoted strings
• Recursive glob matching (depth 3) for .csproj/.sln detection
• Validate --browser argument in run-test.js against chromium/firefox/webkit
• Shell injection prevention: replaced execSync with execFileSync in run-test.js
• Scoped permissions: removed broad Bash(node:*) and Bash(gh api:*)
• Validate outputDir against path traversal (../ and absolute paths)

Added

• Monorepo detection — scans immediate subdirectories for language markers, dependency files, test frameworks, lock files, and test directories
• Configurable output directory via settings.json outputDir field
• hooksEnabled toggle to disable hooks without removing the plugin
• 27 automated tests using Node.js built-in test runner (zero dependencies)
• GitHub Actions CI workflow running tests on Node 18/20/22
• .qa-config.json schema documentation in README
• .gitignore suggestion step in setup skill workflow
• "Permissions & Side Effects" section in README with Bash(git:*) mechanism explained
• Contextual "Suggested Next Steps" cross-references in all skills
• CLAUDE.md with plugin development conventions
• "Agents vs Skills" section in README

QA Toolkit v1.0.0

Initial release.

10 QA Skills

• pr-review - QA-focused PR review with risk flags and testing checklist
• bug-report - Structured bug reports from plain-English descriptions
• test-cases - Test case generation in table, Gherkin, or checklist format
• api-test - API test suites in cURL, Postman, or Playwright format
• e2e-test - Playwright test scaffolds with line-by-line comments
• regression-planner - Risk-based regression plans with time estimates
• accessibility - WCAG 2.1 audit with manual test scripts
• release-readiness - Go/no-go release assessment with quality gates
• test-data - Synthetic test data in JSON, CSV, or SQL
• setup - Project onboarding and configuration

3 QA Agents

• qa-reviewer - PR review from a testing perspective
• qa-explorer - Exploratory testing and edge case generation
• qa-lead - Release decisions and strategic QA planning

Install

claude plugin add github:cyberwalk3r/qa-toolkit