qcsd-development-swarm

仓库: proffesor-for-testing/agentic-qe
安装量: 40
排名: #17846

安装

npx skills add https://github.com/proffesor-for-testing/agentic-qe --skill qcsd-development-swarm
QCSD Development Swarm v1.0
Shift-left quality engineering swarm for in-sprint code quality assurance.
Overview
The Development Swarm takes refined stories (that passed Refinement) and validates
code quality during sprint execution. Where the Ideation Swarm asks "Should we
build this?" and the Refinement Swarm asks "How should we test this?", the
Development Swarm asks "Is the code quality sufficient to ship?"
QCSD Phase Positioning
Phase
Swarm
Question
Decision
When
Ideation
qcsd-ideation-swarm
Should we build this?
GO / CONDITIONAL / NO-GO
PI/Sprint Planning
Refinement
qcsd-refinement-swarm
How should we test this?
READY / CONDITIONAL / NOT-READY
Sprint Refinement
Development
qcsd-development-swarm
Is the code quality sufficient?
SHIP / CONDITIONAL / HOLD
During Sprint
Verification
qcsd-cicd-swarm
Is this change safe to release?
RELEASE / REMEDIATE / BLOCK
Pre-Release / CI-CD
Key Differentiators from Refinement Swarm
Dimension
Refinement Swarm
Development Swarm
Framework
SFDIPOT (7 factors)
TDD + Complexity + Coverage
Agents
10 (3 core + 6 conditional + 1 transformation)
10 (3 core + 6 conditional + 1 analysis)
Core Output
BDD Gherkin scenarios
Code quality assessment
Decision
READY / CONDITIONAL / NOT-READY
SHIP / CONDITIONAL / HOLD
Flags
HAS_API, HAS_REFACTORING, HAS_DEPENDENCIES, HAS_SECURITY, HAS_MIDDLEWARE, HAS_SAP_INTEGRATION, HAS_AUTHORIZATION
HAS_SECURITY_CODE, HAS_PERFORMANCE_CODE, HAS_CRITICAL_CODE, HAS_MIDDLEWARE, HAS_SAP_INTEGRATION, HAS_AUTHORIZATION
Phase
Sprint Refinement
During Sprint Development
Input
User stories + acceptance criteria
Source code + test files
Final Step
Test idea rewriter transformation
Defect prediction analysis
Parameters
SOURCE_PATH
Source code directory to analyze (required, e.g.,
src/auth/
)
TEST_PATH
Test directory for coverage analysis (optional, e.g.,
tests/auth/
)
OUTPUT_FOLDER
Where to save reports (default: ${PROJECT_ROOT}/Agentic QCSD/development/ ) ENFORCEMENT RULES - READ FIRST These rules are NON-NEGOTIABLE. Violation means skill execution failure. Rule Enforcement E1 You MUST spawn ALL THREE core agents (qe-tdd-specialist, qe-code-complexity, qe-coverage-specialist) in Phase 2. No exceptions. E2 You MUST put all parallel Task calls in a SINGLE message. E3 You MUST STOP and WAIT after each batch. No proceeding early. E4 You MUST spawn conditional agents if flags are TRUE. No skipping. E5 You MUST apply SHIP/CONDITIONAL/HOLD logic exactly as specified in Phase 5. E6 You MUST generate the full report structure. No abbreviated versions. E7 Each agent MUST read its reference files before analysis. E8 You MUST apply qe-defect-predictor analysis on ALL code changes in Phase 8. Always. E9 You MUST execute Phase 7 learning persistence. Store development findings to memory BEFORE Phase 8. No skipping. PROHIBITED BEHAVIORS: Summarizing instead of spawning agents Skipping agents "for brevity" Proceeding before background tasks complete Providing your own analysis instead of spawning specialists Omitting report sections Using placeholder text like "[details here]" Skipping the defect prediction analysis Skipping learning persistence (Phase 7) or treating it as optional Generating code analysis yourself instead of using specialist agents PHASE 1: Analyze Code Context (Flag Detection) MANDATORY: You must complete this analysis before Phase 2. Scan the source code, test files, and story context to SET these flags. Do not skip any flag. Flag Detection (Check ALL SIX) HAS_SECURITY_CODE = FALSE Set TRUE if code contains ANY of: auth, authentication, authorization, password, credential, token, JWT, OAuth, session, encrypt, decrypt, hash, salt, PII, GDPR, HIPAA, secret, private key, certificate, RBAC, ACL, sanitize, XSS, CSRF, injection, eval( HAS_PERFORMANCE_CODE = FALSE Set TRUE if code contains ANY of: loop, while, for, recursion, query, SELECT, JOIN, aggregate, cache, memoize, concurrent, parallel, async, await, Promise.all, batch, stream, buffer, pagination, lazy load, debounce, throttle, worker, thread, O(n^2), O(n log n), large dataset, bulk operation HAS_CRITICAL_CODE = FALSE Set TRUE if code contains ANY of: payment, billing, invoice, transaction, charge, refund, subscription, medical, health, patient, diagnosis, compliance, audit, regulatory, financial, accounting, tax, legal, contract, SLA, insurance, claim, safety-critical, life-critical HAS_MIDDLEWARE = FALSE Set TRUE if code contains ANY of: middleware, ESB, message broker, MQ, Kafka, RabbitMQ, integration bus, API gateway, message queue, pub/sub HAS_SAP_INTEGRATION = FALSE Set TRUE if code contains ANY of: SAP, RFC, BAPI, IDoc, OData, S/4HANA, EWM, ECC, ABAP, CDS view, Fiori HAS_AUTHORIZATION = FALSE Set TRUE if code contains ANY of: SoD, segregation of duties, role conflict, authorization object, T-code, user role, access control matrix, GRC Validation Checkpoint Before proceeding to Phase 2, confirm: +-- I have read the source code files under analysis +-- I have read the associated test files +-- I have evaluated ALL SIX flags +-- I have recorded which flags are TRUE +-- I understand which conditional agents will be needed DO NOT proceed to Phase 2 until all checkboxes are confirmed. MANDATORY: Output Flag Detection Results You MUST output flag detection results before proceeding: +-------------------------------------------------------------+ | FLAG DETECTION RESULTS | +-------------------------------------------------------------+ | | | HAS_SECURITY_CODE: [TRUE/FALSE] | | Evidence: [what triggered it - specific code] | | | | HAS_PERFORMANCE_CODE: [TRUE/FALSE] | | Evidence: [what triggered it - specific code] | | | | HAS_CRITICAL_CODE: [TRUE/FALSE] | | Evidence: [what triggered it - specific code] | | | | HAS_MIDDLEWARE: [TRUE/FALSE] | | Evidence: [what triggered it - specific code] | | | | HAS_SAP_INTEGRATION: [TRUE/FALSE] | | Evidence: [what triggered it - specific code] | | | | HAS_AUTHORIZATION: [TRUE/FALSE] | | Evidence: [what triggered it - specific code] | | | | EXPECTED AGENTS: | | - Core: 3 (always) | | - Conditional: [count based on TRUE flags] | | - Analysis: 1 (always) | | - TOTAL: [3 + conditional count + 1] | | | +-------------------------------------------------------------+ DO NOT proceed to Phase 2 without outputting flag detection results. PHASE 2: Spawn Core Agents (PARALLEL BATCH 1) CRITICAL ENFORCEMENT +-------------------------------------------------------------+ | YOU MUST INCLUDE ALL THREE TASK CALLS IN YOUR NEXT MESSAGE | | | | - Task 1: qe-tdd-specialist | | - Task 2: qe-code-complexity | | - Task 3: qe-coverage-specialist | | | | If your message contains fewer than 3 Task calls, you have | | FAILED this phase. Start over. | +-------------------------------------------------------------+ Domain Context Agent Domain MCP Tool Mapping qe-tdd-specialist test-generation test_generate_enhanced qe-code-complexity code-intelligence coverage_analyze_sublinear qe-coverage-specialist coverage-analysis coverage_analyze_sublinear Agent 1: TDD Specialist This agent MUST assess TDD adherence and test quality. Test-to-code ratio is mandatory. Task({ description: "TDD adherence and test quality analysis", prompt: `You are qe-tdd-specialist. Your output quality is being audited.

MANDATORY FIRST STEPS (DO NOT SKIP)

  1. READ the source code files provided below IN FULL.
  2. READ the test files associated with the source code.

CODE TO ANALYZE

=== SOURCE CODE START === [PASTE THE COMPLETE SOURCE CODE HERE - DO NOT SUMMARIZE] === SOURCE CODE END === === TEST CODE START === [PASTE THE COMPLETE TEST CODE HERE - DO NOT SUMMARIZE] === TEST CODE END ===

REQUIRED OUTPUT (ALL SECTIONS MANDATORY)

1. TDD Adherence Assessment

Evaluate each TDD principle: | Principle | Score (0-10) | Evidence | Issues | |-----------|-------------|----------|--------| | Red Phase (tests written first) | X/10 | [signs tests preceded code] | [issues] | | Green Phase (minimal implementation) | X/10 | [signs of minimal code to pass tests] | [issues] | | Refactor Phase (clean code) | X/10 | [signs of refactoring, DRY, SOLID] | [issues] | | Test Isolation | X/10 | [tests independent of each other] | [issues] | | Fast Feedback | X/10 | [test execution speed] | [issues] | | Meaningful Assertions | X/10 | [quality of assertions, not just coverage] | [issues] | TDD ADHERENCE SCORE: XX/60

2. Test Quality Metrics

Metric Value Threshold Status
Test-to-Code Ratio X:1 >= 1:1 PASS/FAIL
Assertion Density X per test >= 2 PASS/FAIL
Test Naming Quality X% descriptive >= 90% PASS/FAIL
Mock Usage Ratio X% <= 50% PASS/FAIL
Test Isolation Score X/10 >= 7 PASS/FAIL
Edge Case Coverage X% >= 60% PASS/FAIL
### 3. Test Patterns Detected
Pattern Count Quality Recommendation
--------- ------- --------- ----------------
Arrange-Act-Assert X Good/Poor ...
Given-When-Then X Good/Poor ...
Test Doubles (mocks) X Good/Poor ...
Integration Tests X Good/Poor ...
Property-Based Tests X Good/Poor ...
### 4. Missing Test Categories
Category Status Priority Suggested Tests
---------- -------- ---------- -----------------
Happy path Covered/Missing P0/P1/P2 [specific tests]
Error handling Covered/Missing P0/P1/P2 [specific tests]
Boundary values Covered/Missing P0/P1/P2 [specific tests]
Null/undefined Covered/Missing P0/P1/P2 [specific tests]
Concurrency Covered/Missing/N-A P0/P1/P2 [specific tests]
### 5. Recommendations
Priority Recommendation Impact
---------- --------------- --------
P0 [must fix before merge] [what improves]
P1 [should fix this sprint] [what improves]
P2 [nice to have] [what improves]
MINIMUM: Assess all 6 TDD principles and identify at least 3 missing test categories.
## OUTPUT FORMAT
Save your complete analysis in Markdown to:
${OUTPUT_FOLDER}/02-tdd-adherence.md
Use the Write tool to save BEFORE completing.
Report MUST be complete - no placeholders.
## VALIDATION BEFORE SUBMITTING
+-- Did I read all source code and test files?
+-- Did I score all 6 TDD principles?
+-- Did I calculate test-to-code ratio?
+-- Did I identify missing test categories?
+-- Did I provide specific recommendations?
+-- Did I save the report to the correct output path?`,
subagent_type: "qe-tdd-specialist",
run_in_background: true
})
Agent 2: Code Complexity Analyzer
This agent MUST calculate cyclomatic and cognitive complexity. Hotspots are mandatory.
Task({
description: "Cyclomatic and cognitive complexity analysis",
prompt: `You are qe-code-complexity. Your output quality is being audited.
## CODE TO ANALYZE
=== SOURCE CODE START ===
[PASTE THE COMPLETE SOURCE CODE HERE - DO NOT SUMMARIZE]
=== SOURCE CODE END ===
## REQUIRED OUTPUT (ALL SECTIONS MANDATORY)
### 1. Function-Level Complexity
For EACH function/method in the codebase:
Function File:Line Cyclomatic Cognitive
---------- ----------- ------------ -----------
functionName file.ts:42 X X
Thresholds:
- Cyclomatic: <=10 (Good), 11-20 (Warning), >20 (Critical)
- Cognitive: <=15 (Good), 16-25 (Warning), >25 (Critical)
- LOC: <=50 (Good), 51-100 (Warning), >100 (Critical)
### 2. Hotspot Detection
Identify the top 5 complexity hotspots:
Rank Function Cyclomatic Cognitive
------ ---------- ------------ -----------
1 ... X X
2 ... X X
... ... X X
### 3. Code Smell Detection
Smell Location Severity Refactoring Suggestion
------- ---------- ---------- ----------------------
Long Method file:line Critical/Major/Minor Extract method: [specific suggestion]
Deep Nesting file:line Critical/Major/Minor Guard clauses, early returns
God Class file:line Critical/Major/Minor Split into: [specific classes]
Feature Envy file:line Critical/Major/Minor Move to: [target class]
Duplicate Code file:line Critical/Major/Minor Extract: [common abstraction]
MINIMUM: Identify at least 3 code smells or explicitly state "No significant code smells found after thorough analysis".
### 4. Maintainability Index
Component MI Score (0-100) Rating Notes
----------- ----------------- -------- -------
Overall X A/B/C/D/F ...
Module 1 X A/B/C/D/F ...
Module 2 X A/B/C/D/F ...
Rating Scale:
- A (85-100): Highly maintainable
- B (65-84): Moderately maintainable
- C (40-64): Difficult to maintain
- D (20-39): Very difficult to maintain
- F (0-19): Unmaintainable
### 5. Complexity Summary
Metric Value Threshold Status
-------- ------- ----------- --------
Avg Cyclomatic Complexity X <= 10 PASS/WARN/FAIL
Max Cyclomatic Complexity X <= 20 PASS/WARN/FAIL
Avg Cognitive Complexity X <= 15 PASS/WARN/FAIL
Max Cognitive Complexity X <= 25 PASS/WARN/FAIL
Functions > 50 LOC X% <= 10% PASS/WARN/FAIL
Nesting Depth > 4 X 0 PASS/WARN/FAIL
COMPLEXITY SCORE: X/100 (inverse: lower complexity = higher score)
## OUTPUT FORMAT
Save your complete analysis in Markdown to:
${OUTPUT_FOLDER}/03-code-complexity.md
Use the Write tool to save BEFORE completing.
Report MUST be complete - no placeholders.
## VALIDATION BEFORE SUBMITTING
+-- Did I analyze every function/method?
+-- Did I calculate both cyclomatic and cognitive complexity?
+-- Did I identify top 5 hotspots?
+-- Did I detect code smells?
+-- Did I calculate maintainability index?
+-- Did I save the report to the correct output path?`,
subagent_type: "qe-code-complexity",
run_in_background: true
})
Agent 3: Coverage Specialist
This agent MUST detect coverage gaps using O(log n) sublinear analysis. Gap count is mandatory.
Task({
description: "O(log n) sublinear coverage gap detection",
prompt: `You are qe-coverage-specialist. Your output quality is being audited.
## CODE TO ANALYZE
=== SOURCE CODE START ===
[PASTE THE COMPLETE SOURCE CODE HERE - DO NOT SUMMARIZE]
=== SOURCE CODE END ===
=== TEST CODE START ===
[PASTE THE COMPLETE TEST CODE HERE - DO NOT SUMMARIZE]
=== TEST CODE END ===
## REQUIRED OUTPUT (ALL SECTIONS MANDATORY)
### 1. Coverage Overview
Metric Value Threshold Status
-------- ------- ----------- --------
Line Coverage X% >= 80% PASS/WARN/FAIL
Branch Coverage X% >= 70% PASS/WARN/FAIL
Function Coverage X% >= 90% PASS/WARN/FAIL
Statement Coverage X% >= 80% PASS/WARN/FAIL
### 2. Coverage Gap Analysis (O(log n) Sublinear)
For EACH detected gap:
Gap ID File:Line Type Risk Score
-------- ----------- ------ ------------
G001 file.ts:42-56 Uncovered Branch High/Medium/Low
G002 file.ts:78 Missing Error Path High/Medium/Low
G003 ... ... ...
Gap Types:
- Uncovered Branch: if/else path not tested
- Missing Error Path: catch/error handler not tested
- Untested Function: entire function without tests
- Partial Coverage: function tested but branches missed
- Dead Code: unreachable code detected
### 3. Risk-Weighted Gap Prioritization
Priority Gap IDs Risk Rationale Suggested Test
---------- --------- --------------- ----------------
P0 - Critical G001, G003 [why critical] [specific test to write]
P1 - High G002, G005 [why high] [specific test to write]
P2 - Medium G004 [why medium] [specific test to write]
### 4. Module-Level Coverage Heatmap
Module Line% Branch% Function%
-------- ------- --------- -----------
Module 1 X% X% X%
Module 2 X% X% X%
... ... ... ...
### 5. Coverage Trend Assessment
Based on code structure analysis:
Dimension Assessment Recommendation
----------- ----------- ----------------
Test-to-Code Alignment Good/Partial/Poor [specific action]
Edge Case Coverage Good/Partial/Poor [specific action]
Integration Coverage Good/Partial/Poor [specific action]
Error Path Coverage Good/Partial/Poor [specific action]
COVERAGE GAPS TOTAL: X
CRITICAL GAPS (P0): X
MINIMUM: Identify at least 3 coverage gaps or explicitly state "No coverage gaps found after thorough sublinear analysis".
## OUTPUT FORMAT
Save your complete analysis in Markdown to:
${OUTPUT_FOLDER}/04-coverage-analysis.md
Use the Write tool to save BEFORE completing.
Report MUST be complete - no placeholders.
## VALIDATION BEFORE SUBMITTING
+-- Did I calculate all 4 coverage metrics?
+-- Did I detect coverage gaps with specific file:line references?
+-- Did I risk-weight and prioritize gaps?
+-- Did I provide specific test suggestions for each gap?
+-- Did I generate the module-level heatmap?
+-- Did I save the report to the correct output path?`,
subagent_type: "qe-coverage-specialist",
run_in_background: true
})
Post-Spawn Confirmation
After sending all three Task calls, you MUST tell the user:
I've launched 3 core agents in parallel:
qe-tdd-specialist [Domain: test-generation]
- Assessing TDD red-green-refactor adherence
- Calculating test-to-code ratio and assertion density
- Identifying missing test categories
qe-code-complexity [Domain: code-intelligence]
- Computing cyclomatic and cognitive complexity per function
- Detecting hotspots and code smells
- Calculating maintainability index
qe-coverage-specialist [Domain: coverage-analysis]
- Running O(log n) sublinear coverage gap detection
- Risk-weighting and prioritizing gaps
- Generating module-level coverage heatmap
WAITING for all agents to complete before proceeding...
DO NOT proceed to Phase 3 until you have sent this confirmation.
PHASE 3: Wait for Batch 1 Completion
ENFORCEMENT: NO EARLY PROCEEDING
+-------------------------------------------------------------+
YOU MUST WAIT FOR ALL THREE BACKGROUND TASKS TO COMPLETE
DO NOT summarize what agents "would" find
DO NOT proceed to Phase 4 early
DO NOT provide your own analysis as substitute
WAIT for actual agent results
ONLY proceed when all three have returned
+-------------------------------------------------------------+
Results Extraction Checklist
When results return, extract and record:
From qe-tdd-specialist:
[ ] tddAdherence = __/60 TDD score
[ ] testToCodeRatio = __:1
[ ] assertionDensity = __ per test
[ ] missingCategories = __ test categories missing
From qe-code-complexity:
[ ] avgCyclomatic = __ average cyclomatic complexity
[ ] maxCyclomatic = __ maximum cyclomatic complexity
[ ] complexityScore = __/100 (inverse complexity)
[ ] hotspots = __ hotspots identified
[ ] codeSmells = __ code smells detected
From qe-coverage-specialist:
[ ] lineCoverage = __% line coverage
[ ] branchCoverage = __% branch coverage
[ ] coverageGaps = __ total gaps
[ ] criticalGaps = __ P0 gaps
Metrics Summary Box
Output extracted metrics:
+-------------------------------------------------------------+
BATCH 1 RESULTS SUMMARY
+-------------------------------------------------------------+
TDD Adherence: __/60
Test-to-Code Ratio: __:1
Assertion Density: __ per test
Missing Test Categories: __
Avg Cyclomatic: __
Max Cyclomatic: __
Complexity Score: __/100
Hotspots: __
Code Smells: __
Line Coverage: __%
Branch Coverage: __%
Coverage Gaps: __ total
Critical Gaps (P0): __
+-------------------------------------------------------------+
DO NOT proceed to Phase 4 until ALL fields are filled.
PHASE 4: Spawn Conditional Agents (PARALLEL BATCH 2)
ENFORCEMENT: NO SKIPPING CONDITIONAL AGENTS
+-------------------------------------------------------------+
IF A FLAG IS TRUE, YOU MUST SPAWN THAT AGENT
HAS_SECURITY_CODE = TRUE -> MUST spawn qe-security-scanner
HAS_PERFORMANCE_CODE = TRUE -> MUST spawn qe-performance-tester
HAS_CRITICAL_CODE = TRUE -> MUST spawn qe-mutation-tester
HAS_MIDDLEWARE = TRUE -> MUST spawn qe-message-broker-tester
HAS_SAP_INTEGRATION = TRUE -> MUST spawn qe-sap-idoc-tester
HAS_AUTHORIZATION = TRUE -> MUST spawn qe-sod-analyzer
Skipping a flagged agent is a FAILURE of this skill.
+-------------------------------------------------------------+
Conditional Domain Mapping
Flag
Agent
Domain
MCP Tool
HAS_SECURITY_CODE
qe-security-scanner
security-compliance
security_scan_comprehensive
HAS_PERFORMANCE_CODE
qe-performance-tester
chaos-resilience
performance_benchmark
HAS_CRITICAL_CODE
qe-mutation-tester
test-generation
test_generate_enhanced
HAS_MIDDLEWARE
qe-message-broker-tester
enterprise-integration
task_orchestrate
HAS_SAP_INTEGRATION
qe-sap-idoc-tester
enterprise-integration
task_orchestrate
HAS_AUTHORIZATION
qe-sod-analyzer
enterprise-integration
task_orchestrate
Decision Tree
IF HAS_SECURITY_CODE == FALSE AND HAS_PERFORMANCE_CODE == FALSE AND HAS_CRITICAL_CODE == FALSE AND HAS_MIDDLEWARE == FALSE AND HAS_SAP_INTEGRATION == FALSE AND HAS_AUTHORIZATION == FALSE:
-> Skip to Phase 5 (no conditional agents needed)
-> State: "No conditional agents needed based on code analysis"
ELSE:
-> Spawn ALL applicable agents in ONE message
-> Count how many you're spawning: __
IF HAS_SECURITY_CODE: Security Scanner (MANDATORY WHEN FLAGGED)
Task({
description: "SAST security scanning of source code",
prompt: `You are qe-security-scanner. Your output quality is being audited.
## SOURCE CODE
=== SOURCE CODE START ===
[PASTE THE COMPLETE SOURCE CODE HERE]
=== SOURCE CODE END ===
## REQUIRED ANALYSIS (ALL SECTIONS MANDATORY)
### 1. OWASP Top 10 Assessment
For each applicable OWASP category:
OWASP ID Category Applicable? Findings
---------- ---------- ------------- ----------
A01:2021 Broken Access Control Yes/No [findings]
A02:2021 Cryptographic Failures Yes/No [findings]
A03:2021 Injection Yes/No [findings]
A04:2021 Insecure Design Yes/No [findings]
A05:2021 Security Misconfiguration Yes/No [findings]
A06:2021 Vulnerable Components Yes/No [findings]
A07:2021 Auth Failures Yes/No [findings]
A08:2021 Software Integrity Failures Yes/No [findings]
A09:2021 Logging Failures Yes/No [findings]
A10:2021 SSRF Yes/No [findings]
### 2. Vulnerability Inventory
Vuln ID File:Line Type Severity
--------- ----------- ------ ----------
V001 ... SQL Injection/XSS/etc Critical/High/Medium/Low
### 3. Secrets Detection
Finding File:Line Type Status
--------- ----------- ------ --------
... ... API Key/Password/Token/Cert Exposed/Safe
### 4. Dependency Vulnerability Check
Dependency Version Known CVEs Severity
------------ --------- ------------ ----------
... X.Y.Z CVE-XXXX-XXXXX Critical/High
### 5. Security Score
Dimension Score (0-10) Notes
----------- ------------- -------
Input validation X/10 ...
Authentication X/10 ...
Authorization X/10 ...
Data protection X/10 ...
Error handling X/10 ...
SECURITY SCORE: X/50
MINIMUM: Assess all 10 OWASP categories and identify at least 3 security-related findings.
## OUTPUT FORMAT
Save to: ${OUTPUT_FOLDER}/05-security-scan.md
Use the Write tool to save BEFORE completing.`,
subagent_type: "qe-security-scanner",
run_in_background: true
})
IF HAS_PERFORMANCE_CODE: Performance Tester (MANDATORY WHEN FLAGGED)
Task({
description: "Performance profiling and bottleneck detection",
prompt: `You are qe-performance-tester. Your output quality is being audited.
## SOURCE CODE
=== SOURCE CODE START ===
[PASTE THE COMPLETE SOURCE CODE HERE]
=== SOURCE CODE END ===
## REQUIRED ANALYSIS (ALL SECTIONS MANDATORY)
### 1. Algorithm Complexity Analysis
For each significant function:
Function File:Line Time Complexity Space Complexity
---------- ----------- ----------------- ------------------
... ... O(n)/O(n^2)/etc O(1)/O(n)/etc
### 2. Performance Bottleneck Detection
Bottleneck File:Line Type Impact
------------ ----------- ------ --------
... ... CPU/Memory/I-O/Network High/Medium/Low
Bottleneck Types:
- CPU Bound: nested loops, complex calculations, regex backtracking
- Memory Bound: large allocations, memory leaks, unbounded caches
- I/O Bound: synchronous file ops, blocking network calls, N+1 queries
- Network Bound: excessive API calls, large payloads, no batching
### 3. Database Query Analysis (if applicable)
Query Location Estimated Cost Index Used?
------- ---------- --------------- -------------
... file:line High/Medium/Low Yes/No
### 4. Resource Usage Estimation
Resource Current Pattern Risk Recommendation
---------- ---------------- ------ ----------------
Memory allocation [pattern] High/Medium/Low [action]
Connection pooling [pattern] High/Medium/Low [action]
Cache strategy [pattern] High/Medium/Low [action]
Concurrency model [pattern] High/Medium/Low [action]
### 5. Performance Score
Dimension Score (0-10) Notes
----------- ------------- -------
Algorithm efficiency X/10 ...
Memory management X/10 ...
I/O optimization X/10 ...
Concurrency safety X/10 ...
PERFORMANCE SCORE: X/40
MINIMUM: Analyze at least 5 functions for complexity or explain why fewer exist.
## OUTPUT FORMAT
Save to: ${OUTPUT_FOLDER}/06-performance-profile.md
Use the Write tool to save BEFORE completing.`,
subagent_type: "qe-performance-tester",
run_in_background: true
})
IF HAS_CRITICAL_CODE: Mutation Tester (MANDATORY WHEN FLAGGED)
Task({
description: "Mutation testing for test suite effectiveness",
prompt: `You are qe-mutation-tester. Your output quality is being audited.
## SOURCE CODE
=== SOURCE CODE START ===
[PASTE THE COMPLETE SOURCE CODE HERE]
=== SOURCE CODE END ===
=== TEST CODE START ===
[PASTE THE COMPLETE TEST CODE HERE]
=== TEST CODE END ===
## REQUIRED ANALYSIS (ALL SECTIONS MANDATORY)
### 1. Mutation Analysis
Apply these mutation operators to critical code paths:
Operator Mutations Applied Killed Survived
---------- ------------------ -------- ----------
Arithmetic (+,-,*,/) X X X
Relational (<,>,==,!=) X X X
Logical (&&, or, !) X X X
Conditional (if/else) X X X
Return Value X X X
Null/Undefined X X X
TOTAL X X X
### 2. Surviving Mutants (Test Suite Weaknesses)
For each surviving mutant:
Mutant ID File:Line Original Mutation
----------- ----------- ---------- ----------
M001 file:42 a > b a >= b
M002 ... ... ...
### 3. Critical Path Mutation Score
Critical Path Mutations Killed Score
--------------- ----------- -------- -------
Payment flow X X X%
Auth flow X X X%
Data validation X X X%
Error handling X X X%
### 4. Test Suite Effectiveness
Metric Value Threshold Status
-------- ------- ----------- --------
Overall Mutation Score X% >= 80% PASS/FAIL
Critical Path Score X% >= 95% PASS/FAIL
Equivalent Mutants X (informational) -
Test Strength Index X/10 >= 7 PASS/FAIL
### 5. Recommendations
Priority Action Impact Effort
---------- -------- -------- --------
P0 [critical path mutation escapes] [what risk] [effort]
P1 [high-value missing tests] [what risk] [effort]
MUTATION SCORE: X%
MINIMUM: Apply at least 20 mutations across at least 3 mutation operators.
## OUTPUT FORMAT
Save to: ${OUTPUT_FOLDER}/07-mutation-analysis.md
Use the Write tool to save BEFORE completing.`,
subagent_type: "qe-mutation-tester",
run_in_background: true
})
IF HAS_MIDDLEWARE: Message Broker Tester (MANDATORY WHEN FLAGGED)
Task({
description: "Message broker and middleware testing for integration reliability",
prompt: `You are qe-message-broker-tester. Your output quality is being audited.
## SOURCE CODE
=== SOURCE CODE START ===
[PASTE THE COMPLETE SOURCE CODE HERE]
=== SOURCE CODE END ===
=== TEST CODE START ===
[PASTE THE COMPLETE TEST CODE HERE]
=== TEST CODE END ===
## REQUIRED ANALYSIS (ALL SECTIONS MANDATORY)
### 1. Message Broker Inventory
Identify all middleware/message broker components in the source code:
Component Type Protocol Direction
----------- ------ ---------- -----------
[name] Queue/Topic/Exchange AMQP/Kafka/JMS/MQ Producer/Consumer/Both
### 2. Message Flow Analysis
For each message flow:
Flow ID Producer Broker Consumer
--------- ---------- -------- ----------
MF-001 [source] [broker] [target]
### 3. Error Handling & Retry Assessment
Pattern Implemented Correct Issue
--------- ------------- --------- -------
Dead Letter Queue (DLQ) Yes/No Yes/No [issue]
Retry with backoff Yes/No Yes/No [issue]
Circuit breaker Yes/No Yes/No [issue]
Poison message handling Yes/No Yes/No [issue]
Duplicate detection Yes/No Yes/No [issue]
### 4. Pub/Sub Verification
Topic/Exchange Publishers Subscribers Fan-out
---------------- ------------ ------------- ---------
[name] [count] [count] [type]
### 5. Message Contract Validation
Contract Schema Validation Versioning Backward Compatible
---------- ------------------- ------------ ---------------------
[name] Yes/No [strategy] Yes/No
### 6. Recommendations
Priority Action Impact Effort
---------- -------- -------- --------
P0 [critical middleware issues] [what risk] [effort]
P1 [important improvements] [what risk] [effort]
MIDDLEWARE HEALTH SCORE: X/50
## OUTPUT FORMAT
Save to: ${OUTPUT_FOLDER}/10-middleware-testing.md
Use the Write tool to save BEFORE completing.`,
subagent_type: "qe-message-broker-tester",
run_in_background: true
})
IF HAS_SAP_INTEGRATION: SAP IDoc Tester (MANDATORY WHEN FLAGGED)
Task({
description: "SAP IDoc processing and BAPI testing for data flow validation",
prompt: `You are qe-sap-idoc-tester. Your output quality is being audited.
## SOURCE CODE
=== SOURCE CODE START ===
[PASTE THE COMPLETE SOURCE CODE HERE]
=== SOURCE CODE END ===
=== TEST CODE START ===
[PASTE THE COMPLETE TEST CODE HERE]
=== TEST CODE END ===
## REQUIRED ANALYSIS (ALL SECTIONS MANDATORY)
### 1. SAP Integration Inventory
Identify all SAP integration points in the source code:
Integration Point Type Direction SAP System
------------------- ------ ----------- ------------
[name] RFC/BAPI/IDoc/OData/CDS Inbound/Outbound S/4HANA/ECC/EWM
### 2. IDoc Processing Analysis
For each IDoc type:
IDoc Type Message Type Direction Segments
----------- ------------- ----------- ----------
[type] [msg type] In/Out [count]
### 3. BAPI/RFC Call Assessment
BAPI/RFC Parameters Commit Handling Error Codes
---------- ------------ ----------------- -------------
[name] In:[n] Out:[n] BAPI_TRANSACTION_COMMIT? [handled codes]
### 4. Data Flow Validation
Flow Source Mapping Target
------ -------- --------- --------
[name] [field map] [logic] [SAP field]
### 5. SAP-Specific Test Coverage
Test Type Coverage Critical Gaps
----------- ---------- ---------------
IDoc parsing/generation [%] [gaps]
BAPI call/response [%] [gaps]
RFC error handling [%] [gaps]
Data mapping accuracy [%] [gaps]
Transaction integrity [%] [gaps]
### 6. Recommendations
Priority Action Impact Effort
---------- -------- -------- --------
P0 [critical SAP integration issues] [what risk] [effort]
P1 [important improvements] [what risk] [effort]
SAP INTEGRATION HEALTH SCORE: X/50
## OUTPUT FORMAT
Save to: ${OUTPUT_FOLDER}/11-sap-idoc-testing.md
Use the Write tool to save BEFORE completing.`,
subagent_type: "qe-sap-idoc-tester",
run_in_background: true
})
IF HAS_AUTHORIZATION: SoD Analyzer (MANDATORY WHEN FLAGGED)
Task({
description: "Segregation of duties and authorization conflict analysis",
prompt: `You are qe-sod-analyzer. Your output quality is being audited.
## SOURCE CODE
=== SOURCE CODE START ===
[PASTE THE COMPLETE SOURCE CODE HERE]
=== SOURCE CODE END ===
=== TEST CODE START ===
[PASTE THE COMPLETE TEST CODE HERE]
=== TEST CODE END ===
## REQUIRED ANALYSIS (ALL SECTIONS MANDATORY)
### 1. Authorization Model Inventory
Identify all authorization constructs in the source code:
Component Type Mechanism Granularity
----------- ------ ----------- -------------
[name] Role/Permission/Policy RBAC/ABAC/ACL Resource/Action/Field
### 2. Segregation of Duties Matrix
Function A Function B Conflict Type Risk Level
------------ ------------ --------------- ------------
[create order] [approve order] SoD violation Critical/High/Med
### 3. Role Conflict Detection
Role Permissions Conflicts With Conflict Type
------ ------------- --------------- ---------------
[role] [permissions list] [conflicting role] [SoD/privilege escalation]
### 4. Authorization Test Coverage
Test Type Coverage Critical Gaps
----------- ---------- ---------------
Positive access tests [%] [gaps]
Negative access tests [%] [gaps]
Cross-role access [%] [gaps]
Privilege escalation [%] [gaps]
SoD enforcement [%] [gaps]
### 5. Access Control Code Quality
Metric Value Threshold Status
-------- ------- ----------- --------
Authorization checks per endpoint [ratio] >= 1.0 PASS/FAIL
Hardcoded roles/permissions [count] 0 PASS/FAIL
Missing access control [count] 0 PASS/FAIL
Default-allow patterns [count] 0 PASS/FAIL
### 6. Recommendations
Priority Action Impact Effort
---------- -------- -------- --------
P0 [critical authorization issues] [what risk] [effort]
P1 [important improvements] [what risk] [effort]
AUTHORIZATION HEALTH SCORE: X/50
## OUTPUT FORMAT
Save to: ${OUTPUT_FOLDER}/12-sod-analysis.md
Use the Write tool to save BEFORE completing.`,
subagent_type: "qe-sod-analyzer",
run_in_background: true
})
Agent Count Validation
Before proceeding, verify agent count:
+-------------------------------------------------------------+
AGENT COUNT VALIDATION
+-------------------------------------------------------------+
CORE AGENTS (ALWAYS 3):
[ ] qe-tdd-specialist - SPAWNED? [Y/N]
[ ] qe-code-complexity - SPAWNED? [Y/N]
[ ] qe-coverage-specialist - SPAWNED? [Y/N]
CONDITIONAL AGENTS (based on flags):
[ ] qe-security-scanner - SPAWNED? [Y/N] (HAS_SECURITY)
[ ] qe-performance-tester - SPAWNED? [Y/N] (HAS_PERF)
[ ] qe-mutation-tester - SPAWNED? [Y/N] (HAS_CRITICAL)
[ ] qe-message-broker-tester - SPAWNED? [Y/N] (HAS_MIDDLEWARE)
[ ] qe-sap-idoc-tester - SPAWNED? [Y/N] (HAS_SAP_INTEG)
[ ] qe-sod-analyzer - SPAWNED? [Y/N] (HAS_AUTHORIZATION)
VALIDATION:
Expected agents: [3 + count of TRUE flags]
Actual spawned: [count]
Status: [PASS/FAIL]
If ACTUAL < EXPECTED, you have FAILED. Spawn missing
agents before proceeding.
+-------------------------------------------------------------+
DO NOT proceed if validation FAILS.
Post-Spawn Confirmation (If Applicable)
I've launched [N] conditional agent(s) in parallel:
[IF HAS_SECURITY_CODE] qe-security-scanner [Domain: security-compliance]
- OWASP Top 10, SAST scanning, secrets detection
[IF HAS_PERFORMANCE_CODE] qe-performance-tester [Domain: chaos-resilience]
- Algorithm complexity, bottleneck detection, resource analysis
[IF HAS_CRITICAL_CODE] qe-mutation-tester [Domain: test-generation]
- Mutation testing, surviving mutant analysis, test effectiveness
[IF HAS_MIDDLEWARE] qe-message-broker-tester [Domain: enterprise-integration]
- Message broker testing, queue validation, pub/sub verification
[IF HAS_SAP_INTEGRATION] qe-sap-idoc-tester [Domain: enterprise-integration]
- IDoc processing, BAPI testing, SAP data flow validation
[IF HAS_AUTHORIZATION] qe-sod-analyzer [Domain: enterprise-integration]
- Segregation of duties, role conflict, authorization analysis
WAITING for conditional agents to complete...
PHASE 5: Synthesize Results & Determine Recommendation
ENFORCEMENT: EXACT DECISION LOGIC
You MUST apply this logic EXACTLY. No interpretation.
STEP 1: Derive composite metrics
-----------------------------------------------------------
testCoverage = (lineCoverage + branchCoverage) / 2
complexityScore = avgCyclomatic (use the average, not max)
coverageGaps = criticalGaps (P0 gaps only)
criticalDefects = (criticalVulnerabilities from security scan, if ran)
+ (criticalGaps from coverage)
+ (missingCategories where priority == P0)
STEP 2: Check HOLD conditions (ANY triggers HOLD)
-----------------------------------------------------------
IF testCoverage < 50 -> HOLD ("Test coverage critically low")
IF complexityScore > 30 -> HOLD ("Code complexity dangerously high")
IF coverageGaps > 5 -> HOLD ("Too many critical coverage gaps")
IF criticalDefects > 2 -> HOLD ("Too many critical defects")
STEP 3: Check SHIP conditions (ALL required for SHIP)
-----------------------------------------------------------
IF testCoverage >= 80
AND complexityScore <= 15
AND coverageGaps == 0
AND criticalDefects == 0 -> SHIP
STEP 4: Default
-----------------------------------------------------------
ELSE -> CONDITIONAL
Decision Recording
METRICS:
- testCoverage = __% (average of line + branch)
- complexityScore = __ (average cyclomatic)
- coverageGaps = __ (P0 critical gaps only)
- criticalDefects = __
HOLD CHECK:
- testCoverage < 50? __ (YES/NO)
- complexityScore > 30? __ (YES/NO)
- coverageGaps > 5? __ (YES/NO)
- criticalDefects > 2? __ (YES/NO)
SHIP CHECK (only if no HOLD triggered):
- testCoverage >= 80? __ (YES/NO)
- complexityScore <= 15? __ (YES/NO)
- coverageGaps == 0? __ (YES/NO)
- criticalDefects == 0? __ (YES/NO)
FINAL RECOMMENDATION: [SHIP / CONDITIONAL / HOLD]
REASON: ___
Conditional Recommendations
If recommendation is CONDITIONAL, provide specific blockers:
Blocker
Current Value
Required Value
Owner
Action
...
...
...
[who]
[what to do]
If recommendation is HOLD, provide mandatory remediation:
Remediation
Priority
Effort
Deadline
...
P0
[scope]
[before merge]
PHASE 6: Generate Development Report
ENFORCEMENT: COMPLETE REPORT STRUCTURE
ALL sections below are MANDATORY. No abbreviations.
#
QCSD Development Report: [Feature/Module Name]
**
Generated
**
: [Date/Time]
**
Recommendation
**
: [SHIP / CONDITIONAL / HOLD]
**
Agents Executed
**
: [List all agents that ran]
**
Parallel Batches
**
: [2 or 3 depending on conditional agents]
---
##
Executive Summary
Metric
Value
Threshold
Status
--------
-------
-----------
--------
Test Coverage
X%
>= 80%
PASS/WARN/FAIL
Avg Cyclomatic Complexity
X
<= 15
PASS/WARN/FAIL
Coverage Gaps (P0)
X
0
PASS/WARN/FAIL
Critical Defects
X
0
PASS/WARN/FAIL
**
Recommendation Rationale
**
: [1-2 sentences explaining why SHIP/CONDITIONAL/HOLD]
---
##
TDD Adherence Analysis
[EMBED or LINK the full report from qe-tdd-specialist]
###
TDD Score Summary
Principle
Score
Status
-----------
-------
--------
[All 6 TDD principles from qe-tdd-specialist]
###
Test Quality Metrics
[Key metrics from agent output]
---
##
Code Complexity Analysis
[EMBED or LINK the full report from qe-code-complexity]
###
Hotspot Summary
Rank
Function
Cyclomatic
Cognitive
Risk
------
----------
------------
-----------
------
[Top 5 hotspots from qe-code-complexity]
###
Code Smells Detected
[List from agent output]
---
##
Coverage Analysis
[EMBED or LINK the full report from qe-coverage-specialist]
###
Coverage Metrics
Metric
Value
Status
--------
-------
--------
Line
X%
PASS/WARN/FAIL
Branch
X%
PASS/WARN/FAIL
Function
X%
PASS/WARN/FAIL
###
Coverage Gaps
[All gaps from qe-coverage-specialist]
---
##
Conditional Analysis
[INCLUDE ONLY IF APPLICABLE - based on which conditional agents ran]
###
Security Scan (IF HAS_SECURITY_CODE)
[Full output from qe-security-scanner]
###
Performance Profile (IF HAS_PERFORMANCE_CODE)
[Full output from qe-performance-tester]
###
Mutation Analysis (IF HAS_CRITICAL_CODE)
[Full output from qe-mutation-tester]
###
Middleware Testing (IF HAS_MIDDLEWARE)
[Full output from qe-message-broker-tester]
###
SAP IDoc Testing (IF HAS_SAP_INTEGRATION)
[Full output from qe-sap-idoc-tester]
###
SoD Analysis (IF HAS_AUTHORIZATION)
[Full output from qe-sod-analyzer]
---
##
Recommended Actions
###
Before Merge (P0 - Blockers)
-
[
] [
Action based on findings
]
###
Before Sprint End (P1 - Important)
-
[
] [
Action based on findings
]
###
Tech Debt Backlog (P2 - Improvement)
-
[
] [
Action based on findings
]
---
##
Appendix: Agent Outputs
[Link to or embed full outputs from each agent]
---
*
Generated by QCSD Development Swarm v1.0
*
*
Execution Model: Task Tool Parallel Swarm
*
Write the executive summary report to:
${OUTPUT_FOLDER}/01-executive-summary.md
Report Validation Checklist
Before presenting report:
+-- Executive Summary table is complete with all 4 metrics
+-- Recommendation matches decision logic output
+-- TDD section includes all 6 principle scores
+-- Complexity section includes top 5 hotspots
+-- Coverage section includes all gap details
+-- Conditional sections included for all spawned agents
+-- Recommended actions are specific (not generic)
+-- Report saved to output folder
DO NOT present an incomplete report.
PHASE 7: Store Learnings & Persist State
ENFORCEMENT: ALWAYS RUN THIS PHASE
+-------------------------------------------------------------+
LEARNING PERSISTENCE MUST ALWAYS EXECUTE
This is NOT optional. It runs on EVERY development scan.
It stores findings for cross-phase feedback loops,
historical code quality tracking, and pattern learning.
DO NOT skip this phase for any reason.
DO NOT treat this as "nice to have".
Enforcement Rule E9 applies.
+-------------------------------------------------------------+
Purpose
Store development findings for:
Cross-phase feedback loops (Development -> Verification -> next Ideation)
Historical code quality tracking across sprints
Complexity trend analysis over time
Pattern learning for defect prediction improvement
Auto-Execution Steps (ALL THREE are MANDATORY)
Step 1: Store development findings to memory
You MUST execute this MCP call with actual values from the development analysis:
mcp__agentic
-
qe__memory_store
(
{
key
:
`
qcsd-development-
${
featureId
}
-
${
Date
.
now
(
)
}
`
,
namespace
:
"qcsd-development"
,
value
:
{
featureId
:
featureId
,
featureName
:
featureName
,
recommendation
:
recommendation
,
// SHIP, CONDITIONAL, HOLD
metrics
:
{
testCoverage
:
testCoverage
,
avgCyclomatic
:
avgCyclomatic
,
complexityScore
:
complexityScore
,
coverageGaps
:
coverageGaps
,
criticalDefects
:
criticalDefects
,
tddAdherence
:
tddAdherence
,
mutationScore
:
mutationScore
// if applicable
}
,
flags
:
{
HAS_SECURITY_CODE
:
HAS_SECURITY_CODE
,
HAS_PERFORMANCE_CODE
:
HAS_PERFORMANCE_CODE
,
HAS_CRITICAL_CODE
:
HAS_CRITICAL_CODE
,
HAS_MIDDLEWARE
:
HAS_MIDDLEWARE
,
HAS_SAP_INTEGRATION
:
HAS_SAP_INTEGRATION
,
HAS_AUTHORIZATION
:
HAS_AUTHORIZATION
}
,
agentsInvoked
:
agentList
,
timestamp
:
new
Date
(
)
.
toISOString
(
)
}
}
)
Step 2: Share learnings with learning coordinator
You MUST execute this MCP call to propagate patterns cross-domain:
mcp__agentic
-
qe__memory_share
(
{
sourceAgentId
:
"qcsd-development-swarm"
,
targetAgentIds
:
[
"qe-learning-coordinator"
,
"qe-pattern-learner"
]
,
knowledgeDomain
:
"development-patterns"
}
)
Step 3: Save learning persistence record to output folder
You MUST use the Write tool to save a JSON record of the persisted learnings:
Save to: ${OUTPUT_FOLDER}/09-learning-persistence.json
Contents:
{
"phase": "QCSD-Development",
"featureId": "[feature ID]",
"featureName": "[feature name]",
"recommendation": "[SHIP/CONDITIONAL/HOLD]",
"memoryKey": "qcsd-development-[featureId]-[timestamp]",
"namespace": "qcsd-development",
"metrics": {
"testCoverage": [0-100],
"avgCyclomatic": [N],
"complexityScore": [0-100],
"coverageGaps": [N],
"criticalDefects": [N],
"tddAdherence": [0-60],
"mutationScore": [0-100 or null]
},
"flags": {
"HAS_SECURITY_CODE": true/false,
"HAS_PERFORMANCE_CODE": true/false,
"HAS_CRITICAL_CODE": true/false,
"HAS_MIDDLEWARE": true/false,
"HAS_SAP_INTEGRATION": true/false,
"HAS_AUTHORIZATION": true/false
},
"agentsInvoked": ["list", "of", "agents"],
"crossPhaseSignals": {
"toVerification": "Quality metrics as verification baseline",
"toIdeation": "Complexity patterns for future risk assessment"
},
"persistedAt": "[ISO timestamp]"
}
Fallback: CLI Memory Commands
If MCP memory_store tool is unavailable, use CLI instead (STILL MANDATORY):
npx @claude-flow/cli@latest memory store
\
--key
"qcsd-development-
${FEATURE_ID}
-
$(
date
+%s
)
"
\
--value
'{"recommendation":"[VALUE]","testCoverage":[N],"avgCyclomatic":[N],"coverageGaps":[N]}'
\
--namespace
qcsd-development
npx @claude-flow/cli@latest hooks post-task
\
--task-id
"qcsd-development-
${FEATURE_ID}
"
\
--success
true
Validation Before Proceeding to Phase 8
+-- Did I execute mcp__agentic-qe__memory_store with actual values? (not placeholders)
+-- Did I execute mcp__agentic-qe__memory_share to propagate learnings?
+-- Did I save 09-learning-persistence.json to the output folder?
+-- Does the JSON contain the correct recommendation from Phase 5?
+-- Does the JSON contain actual metrics from Phases 2-4?
+-- Does the JSON contain actual flag values from Phase 1?
If ANY validation check fails, DO NOT proceed to Phase 8.
Cross-Phase Signal Consumption
The Development Swarm both consumes and produces signals for other QCSD phases:
CONSUMES (from other phases):
+-- Loop 2 (Tactical): BDD scenarios from Refinement as test specs
- Gherkin scenarios become verification checklists
- SFDIPOT priorities guide test depth allocation
+-- Loop 4 (Quality-Criteria): INVEST gaps from Refinement
- Untestable acceptance criteria flagged during development
- DoR failures influence what to test more thoroughly
PRODUCES (for other phases):
+-- To Verification Phase: Quality metrics as verification baseline
- Coverage targets and complexity thresholds
- Known gaps that need verification attention
+-- To next Ideation Cycle: Complexity patterns for future risk assessment
- Which SFDIPOT factors had highest code complexity
- Defect patterns that should weight future HTSM analysis
PHASE 8: Apply Defect Predictor (Analysis)
ENFORCEMENT: ALWAYS RUN THIS PHASE
+-------------------------------------------------------------+
THE DEFECT PREDICTOR MUST ALWAYS RUN
This is NOT conditional. It runs on EVERY development scan.
It uses code metrics, change history, and complexity data
to predict defect likelihood per module.
DO NOT skip this phase for any reason.
+-------------------------------------------------------------+
Agent Spawn
Task({
description: "ML-powered defect prediction analysis",
prompt: `You are qe-defect-predictor. Your output quality is being audited.
## PURPOSE
Predict defect likelihood for each code module using metrics from the
development analysis. This is the final quality signal before the
SHIP/CONDITIONAL/HOLD recommendation is delivered.
## INPUT: CODE METRICS FROM PREVIOUS AGENTS
### From TDD Specialist (02-tdd-adherence.md):
[Summarize: TDD score, test-to-code ratio, missing categories]
### From Code Complexity (03-code-complexity.md):
[Summarize: cyclomatic/cognitive scores, hotspots, code smells]
### From Coverage Specialist (04-coverage-analysis.md):
[Summarize: coverage percentages, gaps, risk-weighted priorities]
### From Conditional Agents (if applicable):
[Summarize: security findings, performance bottlenecks, mutation scores]
## REQUIRED OUTPUT (ALL SECTIONS MANDATORY)
### 1. Defect Prediction per Module
Module Defect Probability Confidence Risk Factors
-------- ------------------- ------------ -------------
module1.ts X% (High/Medium/Low) X% [what contributes]
module2.ts X% (High/Medium/Low) X% [what contributes]
Prediction Model Inputs:
- Cyclomatic complexity > 15 = +20% defect probability
- Coverage < 60% = +25% defect probability
- No tests = +40% defect probability
- High change frequency + low coverage = +30% defect probability
- Deep nesting > 4 = +15% defect probability
- Code smells present = +10% per smell
- Security vulnerability present = +35% defect probability
### 2. Defect Hotspot Map
Rank File:Line Defect Probability Contributing Factors
------ ----------- ------------------- ---------------------
1 ... X% [factors]
2 ... X% [factors]
3 ... X% [factors]
### 3. Historical Pattern Matching
Pattern Detected? Historical Defect Rate Recommendation
--------- ----------- ---------------------- ----------------
High complexity + low coverage Yes/No X% defect rate [action]
Untested error paths Yes/No X% defect rate [action]
Missing boundary tests Yes/No X% defect rate [action]
Security-sensitive without SAST Yes/No X% defect rate [action]
New code without integration tests Yes/No X% defect rate [action]
### 4. Prediction Summary
Metric Value
-------- -------
Total modules analyzed X
High-risk modules (>50% probability) X
Medium-risk modules (25-50%) X
Low-risk modules (<25%) X
Average defect probability X%
Prediction confidence X%
DEFECT PREDICTION SCORE: X/100 (inverse: lower probability = higher score)
## OUTPUT FORMAT
Save to: ${OUTPUT_FOLDER}/08-defect-prediction.md
Use the Write tool to save BEFORE completing.
## VALIDATION BEFORE SUBMITTING
+-- Did I analyze ALL modules from the codebase?
+-- Did I use metrics from ALL previous agent outputs?
+-- Did I rank defect hotspots by probability?
+-- Did I check historical patterns?
+-- Did I provide specific remediation actions?
+-- Did I save the report to the correct output path?`,
subagent_type: "qe-defect-predictor",
run_in_background: true
})
Wait for Analysis Completion
+-------------------------------------------------------------+
WAIT for qe-defect-predictor to complete before
proceeding to Phase 9.
The defect prediction is the FINAL quality signal of
the Development Swarm - it synthesizes all metrics into
actionable defect risk predictions.
+-------------------------------------------------------------+
PHASE 9: Final Output
At the very end of swarm execution, ALWAYS output this completion summary:
+---------------------------------------------------------------------+
QCSD DEVELOPMENT SWARM COMPLETE
+---------------------------------------------------------------------+
Code Analyzed: [Feature/Module Name]
Reports Generated: [count]
Output Folder: ${OUTPUT_FOLDER}
DEVELOPMENT SCORES:
+-- Test Coverage: __%
+-- TDD Adherence: __/60
+-- Complexity Score: __/100
+-- Coverage Gaps (P0): __
+-- Defect Probability: __%
[IF HAS_SECURITY_CODE]
+-- Security Score: __/50
[IF HAS_PERFORMANCE_CODE]
+-- Performance Score: __/40
[IF HAS_CRITICAL_CODE]
+-- Mutation Score: __%
[IF HAS_MIDDLEWARE]
+-- Middleware Health: __/50
[IF HAS_SAP_INTEGRATION]
+-- SAP Integration: __/50
[IF HAS_AUTHORIZATION]
+-- Authorization Health: __/50
RECOMMENDATION: [SHIP / CONDITIONAL / HOLD]
REASON: [1-2 sentence rationale]
DELIVERABLES:
+-- 01-executive-summary.md
+-- 02-tdd-adherence.md
+-- 03-code-complexity.md
+-- 04-coverage-analysis.md
[IF HAS_SECURITY_CODE]
+-- 05-security-scan.md
[IF HAS_PERFORMANCE_CODE]
+-- 06-performance-profile.md
[IF HAS_CRITICAL_CODE]
+-- 07-mutation-analysis.md
[IF HAS_MIDDLEWARE]
+-- 10-middleware-testing.md
[IF HAS_SAP_INTEGRATION]
+-- 11-sap-idoc-testing.md
[IF HAS_AUTHORIZATION]
+-- 12-sod-analysis.md
+-- 08-defect-prediction.md
+-- 09-learning-persistence.json
+---------------------------------------------------------------------+
IF recommendation is HOLD, ALSO output this prominent action box:
+---------------------------------------------------------------------+
ACTION REQUIRED: CODE IS NOT READY TO SHIP
+---------------------------------------------------------------------+
The following blockers MUST be resolved before merge:
1. [Blocker 1 with specific remediation]
2. [Blocker 2 with specific remediation]
3. [Blocker 3 with specific remediation]
NEXT STEPS:
- Address all P0 blockers listed above
- Re-run /qcsd-development-swarm after fixes
- Target: coverage >= 80%, complexity <= 15, 0 critical gaps
+---------------------------------------------------------------------+
IF recommendation is CONDITIONAL, output this guidance box:
+---------------------------------------------------------------------+
CONDITIONAL: CODE NEEDS MINOR IMPROVEMENTS BEFORE MERGE
+---------------------------------------------------------------------+
The code can be merged WITH these conditions:
1. [Condition 1 - must be addressed before merge]
2. [Condition 2 - must be addressed in follow-up PR]
RISK ACCEPTANCE:
- Tech lead acknowledges remaining quality gaps
- Follow-up issues created for deferred improvements
+---------------------------------------------------------------------+
DO NOT end the swarm without displaying the completion summary.
Report Filename Mapping
Agent
Report Filename
Phase
qe-tdd-specialist
02-tdd-adherence.md
Batch 1
qe-code-complexity
03-code-complexity.md
Batch 1
qe-coverage-specialist
04-coverage-analysis.md
Batch 1
qe-security-scanner
05-security-scan.md
Batch 2 (conditional)
qe-performance-tester
06-performance-profile.md
Batch 2 (conditional)
qe-mutation-tester
07-mutation-analysis.md
Batch 2 (conditional)
qe-message-broker-tester
10-middleware-testing.md
Batch 2 (conditional)
qe-sap-idoc-tester
11-sap-idoc-testing.md
Batch 2 (conditional)
qe-sod-analyzer
12-sod-analysis.md
Batch 2 (conditional)
qe-defect-predictor
08-defect-prediction.md
Batch 3 (analysis)
Learning Persistence
09-learning-persistence.json
Phase 7 (auto-execute)
Synthesis
01-executive-summary.md
Phase 6
DDD Domain Integration
This swarm operates across
3 primary domains
,
4 conditional domains
,
and
1 analysis domain
:
+-----------------------------------------------------------------------------+
QCSD DEVELOPMENT - DOMAIN MAP
+-----------------------------------------------------------------------------+
PRIMARY DOMAINS (Always Active)
+-------------------------------+ +-------------------------------+
test-generation coverage-analysis
--------------------------- ---------------------------
- qe-tdd-specialist - qe-coverage-specialist
(TDD adherence, test (O(log n) gap detection,
quality metrics) risk-weighted coverage)
+-------------------------------+ +-------------------------------+
+-------------------------------+
code-intelligence
---------------------------
- qe-code-complexity
(cyclomatic/cognitive,
hotspots, code smells)
+-------------------------------+
CONDITIONAL DOMAINS (Based on Code Content)
+-----------------------+ +-----------------------+ +------------------+
security-compliance chaos-resilience
───────────────────── ────────────────────
qe-security-scanner qe-performance-
[IF HAS_SECURITY_CODE] tester
[IF HAS_PERF_CODE]
+-----------------------+ +-----------------------+ +------------------+
+-----------------------------------------------------------------------+
enterprise-integration
-----------------------------------------------------------------
- qe-message-broker-tester [IF HAS_MIDDLEWARE]
- qe-sap-idoc-tester [IF HAS_SAP_INTEGRATION]
- qe-sod-analyzer [IF HAS_AUTHORIZATION]
+-----------------------------------------------------------------------+
ANALYSIS DOMAIN (Always Active)
+-----------------------------------------------------------------------+
defect-intelligence
-----------------------------------------------------------------
- qe-defect-predictor (ML-powered defect probability, hotspot map)
+-----------------------------------------------------------------------+
+-----------------------------------------------------------------------------+
Execution Model Options
This skill supports
3 execution models
. Choose based on your environment:
Model
When to Use
Pros
Cons
Task Tool
(PRIMARY)
Claude Code sessions
Full agent capabilities, parallel execution
Requires Claude Code
MCP Tools
MCP server available
Fleet coordination, memory persistence
Requires MCP setup
CLI
Terminal/scripts
Works anywhere, scriptable
Sequential only
Quick Start by Model
Option A: Task Tool (RECOMMENDED)
Just follow the skill phases above - uses Task() calls with run_in_background: true
Option B: MCP Tools
// Initialize fleet for Development domains
mcp__agentic
-
qe__fleet_init
(
{
topology
:
"hierarchical"
,
enabledDomains
:
[
"test-generation"
,
"coverage-analysis"
,
"code-intelligence"
,
"security-compliance"
,
"chaos-resilience"
,
"defect-intelligence"
]
,
maxAgents
:
7
}
)
// Orchestrate development task
mcp__agentic
-
qe__task_orchestrate
(
{
task
:
"qcsd-development-analysis"
,
strategy
:
"parallel"
}
)
Option C: CLI
# Initialize coordination
npx @claude-flow/cli@latest swarm init
--topology
hierarchical --max-agents
7
# Route task
npx @claude-flow/cli@latest hooks pre-task
--description
"QCSD Development for [Feature]"
# Execute agents
npx @claude-flow/cli@latest agent spawn
--type
qe-tdd-specialist
npx @claude-flow/cli@latest agent spawn
--type
qe-code-complexity
npx @claude-flow/cli@latest agent spawn
--type
qe-coverage-specialist
Quick Reference
Enforcement Summary
Phase
Must Do
Failure Condition
1
Check ALL 6 flags
Missing flag evaluation
2
Spawn ALL 3 core agents in ONE message
Fewer than 3 Task calls
3
WAIT for completion
Proceeding before results
4
Spawn ALL flagged conditional agents
Skipping a TRUE flag
5
Apply EXACT decision logic
Wrong recommendation
6
Generate COMPLETE report
Missing sections
7
ALWAYS store learnings + save 09-learning-persistence.json
Pattern loss, missing audit trail
8
ALWAYS run defect predictor
Skipping analysis
9
Output completion summary
Missing final output
Quality Gate Thresholds
Metric
SHIP
CONDITIONAL
HOLD
Test Coverage
>= 80%
50-79%
< 50%
Avg Cyclomatic
<= 15
16-30
> 30
Coverage Gaps (P0)
0
1-5
> 5
Critical Defects
0
1-2
> 2
Domain-to-Agent Mapping
Domain
Agent
Phase
Batch
test-generation
qe-tdd-specialist
Core
1
code-intelligence
qe-code-complexity
Core
1
coverage-analysis
qe-coverage-specialist
Core
1
security-compliance
qe-security-scanner
Conditional (HAS_SECURITY_CODE)
2
chaos-resilience
qe-performance-tester
Conditional (HAS_PERFORMANCE_CODE)
2
test-generation
qe-mutation-tester
Conditional (HAS_CRITICAL_CODE)
2
enterprise-integration
qe-message-broker-tester
Conditional (HAS_MIDDLEWARE)
2
enterprise-integration
qe-sap-idoc-tester
Conditional (HAS_SAP_INTEGRATION)
2
enterprise-integration
qe-sod-analyzer
Conditional (HAS_AUTHORIZATION)
2
defect-intelligence
qe-defect-predictor
Analysis (ALWAYS)
3
Execution Model Quick Reference
Model
Initialization
Agent Spawn
Memory Store
Task Tool
N/A
Task({ subagent_type, run_in_background: true })
N/A (use MCP)
MCP Tools
fleet_init({})
task_submit({})
memory_store({})
CLI
swarm init
agent spawn
memory store
MCP Tools Quick Reference
// Initialization
mcp__agentic
-
qe__fleet_init
(
{
topology
:
"hierarchical"
,
enabledDomains
:
[
"test-generation"
,
"coverage-analysis"
,
"code-intelligence"
,
"security-compliance"
,
"chaos-resilience"
,
"defect-intelligence"
]
,
maxAgents
:
7
}
)
// Task submission
mcp__agentic
-
qe__task_submit
(
{
type
:
"..."
,
priority
:
"p0"
,
payload
:
{
...
}
}
)
mcp__agentic
-
qe__task_orchestrate
(
{
task
:
"..."
,
strategy
:
"parallel"
}
)
// Status
mcp__agentic
-
qe__fleet_status
(
{
verbose
:
true
}
)
mcp__agentic
-
qe__task_list
(
{
status
:
"pending"
}
)
// Memory
mcp__agentic
-
qe__memory_store
(
{
key
:
"..."
,
value
:
{
...
}
,
namespace
:
"qcsd-development"
}
)
mcp__agentic
-
qe__memory_query
(
{
pattern
:
"qcsd-development-*"
,
namespace
:
"qcsd-development"
}
)
mcp__agentic
-
qe__memory_share
(
{
sourceAgentId
:
"qcsd-development-swarm"
,
targetAgentIds
:
[
"qe-learning-coordinator"
]
,
knowledgeDomain
:
"development-patterns"
}
)
CLI Quick Reference
# Initialization
npx @claude-flow/cli@latest swarm init
--topology
hierarchical --max-agents
7
# Agent operations
npx @claude-flow/cli@latest agent spawn
--type
[
agent-type
]
--task
"[description]"
npx @claude-flow/cli@latest hooks pre-task
--description
"[task]"
npx @claude-flow/cli@latest hooks post-task --task-id
"[id]"
--success
true
# Status
npx @claude-flow/cli@latest swarm status
# Memory
npx @claude-flow/cli@latest memory store
--key
"[key]"
--value
"[json]"
--namespace
qcsd-development
npx @claude-flow/cli@latest memory search
--query
"[query]"
--namespace
qcsd-development
npx @claude-flow/cli@latest memory list
--namespace
qcsd-development
Swarm Topology
QCSD DEVELOPMENT SWARM v1.0
BATCH 1 (Core - Parallel)
+-----------+---+-----------+
+-----v-----+ +---v--------+ +---v-----------+
TDD Code
Specialist Complexity
(R-G-R) (Cyc/Cog)
----------- ------------
test-gen code-intel
+-----+-----+ +-----+------+ +------+--------+
+--------------+---------------+
[METRICS GATE]
BATCH 2 (Conditional - Parallel)
+-----------+---+-----------+
+-----v-----+ +---v--------+ +---v----------+
Security Performance
Scanner Tester
[IF SEC] [IF PERF]
----------- ------------
sec-compl chaos-res
+-----------+ +------------+ +--------------+
+-------------+---+-------------+
+-----v------+ +---v--------+ +------v-------+
Msg Broker SAP IDoc
Tester Tester
[IF MIDW] [IF SAP]
------------ ------------
ent-integ ent-integ
+------------+ +------------+ +--------------+
[SYNTHESIS]
PHASE 7 (Learning Persistence - Always)
+-------v-------+
memory_store
memory_share
09-learning-
persistence
(ALWAYS RUNS)
+-------+-------+
BATCH 3 (Analysis - Always)
+-------v-------+
Defect
Predictor
(ALWAYS RUNS)
---------------
defect-intel
+-------+-------+
[FINAL REPORT]
Inventory Summary
Resource Type
Count
Primary
Conditional
Analysis
Agents
10
3
6
1
Sub-agents
0
-
-
-
Skills
4
4
-
-
Domains
8
3
4
1
Parallel Batches
3
1
1
1
Skills Used:
tdd-london-chicago
- TDD methodology guidance
mutation-testing
- Mutation testing patterns
performance-testing
- Performance analysis framework
security-testing
- OWASP scanning patterns
Frameworks Applied:
TDD Red-Green-Refactor - Test-first development assessment
Cyclomatic/Cognitive Complexity - Code complexity measurement
Sublinear Coverage Analysis - O(log n) gap detection
OWASP Top 10 - Security vulnerability assessment
Mutation Testing - Test suite effectiveness validation
ML Defect Prediction - Pattern-based defect forecasting
Key Principle
Code ships when quality is proven, not when deadlines arrive.
This swarm provides:
Is TDD practiced?
-> TDD Adherence Assessment (6 principles)
Is code maintainable?
-> Complexity Analysis (cyclomatic + cognitive)
Are there test gaps?
-> Coverage Gap Detection (O(log n) sublinear)
Is it secure?
-> SAST Security Scan (if security code present)
Is it performant?
-> Performance Profiling (if performance code present)
Are tests effective?
-> Mutation Analysis (if critical code present)
Where will bugs appear?
-> Defect Prediction (always)
Should we ship?
-> SHIP/CONDITIONAL/HOLD decision
What did we learn?
-> Memory persistence for future cycles
返回排行榜