- QCSD Ideation Swarm v7.0
- Shift-left quality engineering swarm for PI Planning and Sprint Planning.
- URL-Based Analysis Mode (v7.1)
- When analyzing a live website URL, use this specialized execution pattern.
- Parameters
- URL
-
- Website to analyze (required)
- OUTPUT_FOLDER
- Where to save reports (default: ${PROJECT_ROOT}/Agentic QCSD/{domain}/ or ./Agentic QCSD/{domain}/ ) ⛔ URL MODE: COMPLETE EXECUTION FLOW You MUST follow ALL phases in order. Skipping phases is a FAILURE. PHASE URL-1: Setup and Content Fetch (AUTOMATED CASCADE) The browser cascade is now FULLY AUTOMATED via scripts/fetch-content.js . Single command - automatic tier fallback with 30s timeout per tier:
SINGLE COMMAND - handles all tiers automatically:
Use npx for installed package, or node with relative path for local development
npx aqe fetch-content " ${URL} " " ${OUTPUT_FOLDER} " --timeout 30000
OR if running from project root:
node
./scripts/fetch-content.js
"
${URL}
"
"
${OUTPUT_FOLDER}
"
--timeout
30000
What the script does automatically:
Creates output folder
Tries Playwright+Stealth (30s timeout)
Falls back to HTTP Fetch (30s timeout)
Falls back to WebSearch placeholder (30s timeout)
Saves
content.html
,
screenshot.png
, and
fetch-result.json
Execution:
// 1. Run the automated fetch cascade (use relative path from project root)
const
fetchResult
=
Bash
(
{
command
:
node ./scripts/fetch-content.js "
${
URL
}
" "
${
OUTPUT_FOLDER
}
" --timeout 30000
,
timeout
:
120000
// 2 min total max
}
)
// 2. Parse the JSON result from stdout
const
result
=
JSON
.
parse
(
fetchResult
.
stdout
)
// 3. Read the content
const
content
=
Read
(
{
file_path
:
${
OUTPUT_FOLDER
}
/content.html
}
)
const
fetchMethod
=
result
.
tier
const
contentSize
=
result
.
contentSize
If script is not available, fall back to inline Playwright:
// FALLBACK: Only if scripts/fetch-content.js doesn't exist
Bash
(
{
command
:
mkdir -p "
${
OUTPUT_FOLDER
}
"
}
)
// Quick Playwright fetch (single tier, no cascade)
Bash
(
{
command
:
cd /tmp && rm -rf qcsd-fetch && mkdir qcsd-fetch && cd qcsd-fetch && npm init -y && npm install playwright-extra puppeteer-extra-plugin-stealth playwright 2>/dev/null
,
timeout
:
60000
}
)
// ... minimal inline script as last resort
MANDATORY: Output fetch method used:
┌─────────────────────────────────────────────────────────────┐
│ CONTENT FETCH RESULT │
├─────────────────────────────────────────────────────────────┤
│ Method Used: [vibium/agent-browser/playwright/webfetch/ │
│ websearch-fallback] │
│ Content Size: [X KB] │
│ Status: [SUCCESS/DEGRADED] │
│ │
│ If DEGRADED (websearch-fallback), analysis is based on │
│ public information, not live page inspection. │
└─────────────────────────────────────────────────────────────┘
PHASE URL-2: Programmatic Flag Detection (MANDATORY)
You MUST detect flags from the fetched content. Do NOT skip this phase.
// Detect HAS_UI
const
HAS_UI
=
(
/
<
(
form
|
button
|
input
|
select
|
textarea
|
img
|
video
|
canvas
|
nav
|
header
|
footer
|
aside
)
/
i
.
test
(
content
)
||
/
carousel
|
slider
|
modal
|
dialog
|
dropdown
|
menu
|
tab
|
accordion
/
i
.
test
(
content
)
||
/
class=
[
"'
]
[
^
"'
]
*
btn
|
button
|
card
|
grid
|
flex
/
i
.
test
(
content
)
)
;
// Detect HAS_SECURITY
const
HAS_SECURITY
=
(
/
login
|
password
|
auth
|
token
|
session
|
credential
|
oauth
|
jwt
|
sso
/
i
.
test
(
content
)
||
/
newsletter
|
subscribe
|
signup
|
email
.
*
input
|
register
/
i
.
test
(
content
)
||
// PII collection
/
payment
|
checkout
|
credit
.
*
card
|
billing
/
i
.
test
(
content
)
||
/
cookie
|
consent
|
gdpr
|
privacy
/
i
.
test
(
content
)
)
;
// Detect HAS_UX
const
HAS_UX
=
(
/
user
|
customer
|
visitor
|
journey
|
experience
|
engagement
/
i
.
test
(
content
)
||
/
<form
/
i
.
test
(
content
)
&&
/
<button
/
i
.
test
(
content
)
||
// Interactive forms
/
onboarding
|
wizard
|
step
.
*
step
|
progress
/
i
.
test
(
content
)
||
/
feedback
|
rating
|
review
|
comment
/
i
.
test
(
content
)
)
;
// Detect HAS_VIDEO (for a11y-ally follow-up recommendation)
const
HAS_VIDEO
=
(
/
<video
/
i
.
test
(
content
)
||
/
youtube
.
com
\/
embed
|
vimeo
.
com
|
wistia
.
com
/
i
.
test
(
content
)
||
/
.
mp4
|
.
webm
|
.
m3u8
/
i
.
test
(
content
)
||
/
data-video-url
|
data-mobile-url
|
data-desktop-url
/
i
.
test
(
content
)
)
;
// Detect HAS_MIDDLEWARE
const
HAS_MIDDLEWARE
=
(
/
middleware
|
ESB
|
message
.
?
broker
|
MQ
|
Kafka
|
RabbitMQ
/
i
.
test
(
content
)
||
/
integration
.
?
bus
|
API
.
?
gateway
|
message
.
?
queue
|
pub
.
?
sub
/
i
.
test
(
content
)
)
;
// Detect HAS_SAP_INTEGRATION
const
HAS_SAP_INTEGRATION
=
(
/
\b
SAP
\b
|
RFC
|
BAPI
|
IDoc
|
OData
|
S
\/
4HANA
/
i
.
test
(
content
)
||
/
\b
EWM
\b
|
\b
ECC
\b
|
\b
ABAP
\b
|
CDS
.
?
view
|
Fiori
/
i
.
test
(
content
)
)
;
// Detect HAS_AUTHORIZATION
const
HAS_AUTHORIZATION
=
(
/
\b
SoD
\b
|
segregation
.
?
of
.
?
duties
|
role
.
?
conflict
/
i
.
test
(
content
)
||
/
authorization
.
?
object
|
T-
?
code
|
user
.
?
role
/
i
.
test
(
content
)
||
/
access
.
?
control
.
?
matrix
|
\b
GRC
\b
/
i
.
test
(
content
)
)
;
You MUST output flag detection results before proceeding:
┌─────────────────────────────────────────────────────────────┐
│ FLAG DETECTION RESULTS │
├─────────────────────────────────────────────────────────────┤
│ │
│ HAS_UI: [TRUE/FALSE] │
│ Evidence: [what triggered it - specific patterns] │
│ │
│ HAS_SECURITY: [TRUE/FALSE] │
│ Evidence: [what triggered it - specific patterns] │
│ │
│ HAS_UX: [TRUE/FALSE] │
│ Evidence: [what triggered it - specific patterns] │
│ │
│ HAS_VIDEO: [TRUE/FALSE] │
│ Evidence: [video URLs found - for a11y follow-up] │
│ │
│ HAS_MIDDLEWARE: [TRUE/FALSE] │
│ Evidence: [what triggered it - specific patterns] │
│ │
│ HAS_SAP_INTEGRATION: [TRUE/FALSE] │
│ Evidence: [what triggered it - specific patterns] │
│ │
│ HAS_AUTHORIZATION: [TRUE/FALSE] │
│ Evidence: [what triggered it - specific patterns] │
│ │
│ EXPECTED AGENTS: │
│ - Core: 3 (always) │
│ - Conditional: [count based on TRUE flags] │
│ - TOTAL: [3 + conditional count] │
│ │
│ FOLLOW-UP RECOMMENDED: │
│ - /a11y-ally: [YES if HAS_VIDEO=TRUE, else NO] │
│ │
└─────────────────────────────────────────────────────────────┘
❌ DO NOT proceed to Phase URL-3 without outputting flag detection results.
PHASE URL-3: Spawn Core Agents (PARALLEL)
All 3 core agents MUST be spawned. Fewer is a FAILURE.
Spawn ALL THREE in a single message:
// Agent 1: Quality Criteria (HTSM v6.3)
Task
(
{
description
:
"QCSD Quality Criteria Analysis"
,
prompt
:
`
You are qe-quality-criteria-recommender analyzing
${
URL
}
.
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Analyze ALL 10 HTSM v6.3 categories with weight and testability score for each.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /02-quality-criteria-analysis.md
- Use the Write tool to save BEFORE completing
- Report MUST be complete - no placeholders
, subagent_type : "qe-quality-criteria-recommender" , run_in_background : true } ) // Agent 2: Risk Assessment (SFDIPOT) Task ( { description : "QCSD Risk Assessment" , prompt :You are qe-risk-assessor analyzing ${ URL } .
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Apply SFDIPOT framework: Structure, Function, Data, Interfaces, Platform, Operations, Time. Identify minimum 10 risks with probability, impact, and score.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /04-risk-assessment.md
- Use the Write tool to save BEFORE completing
- Report MUST be complete - no placeholders
, subagent_type : "qe-risk-assessor" , run_in_background : true } ) // Agent 3: Requirements Validator (Testability) Task ( { description : "QCSD Testability Assessment" , prompt :You are qe-requirements-validator analyzing ${ URL } .
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Apply 10 Principles of Testability. Score each principle 0-100. Identify blockers and recommendations.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /03-testability-assessment.md
- Use the Write tool to save BEFORE completing
- Report MUST be complete - no placeholders
, subagent_type : "qe-requirements-validator" , run_in_background : true } ) PHASE URL-4: Spawn Conditional Agents (PARALLEL) Spawn agents based on flags detected in Phase URL-2. // IF HAS_UI === TRUE Task ( { description : "QCSD Accessibility Audit" , prompt :You are qe-accessibility-auditor analyzing ${ URL } .
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Perform WCAG 2.2 AA compliance assessment. Identify accessibility barriers, missing ARIA, color contrast issues.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /07-accessibility-audit.md
- Use the Write tool to save BEFORE completing
, subagent_type : "qe-accessibility-auditor" , run_in_background : true } ) // IF HAS_SECURITY === TRUE Task ( { description : "QCSD Security Threat Model" , prompt :You are qe-security-auditor analyzing ${ URL } .
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Apply STRIDE threat modeling framework. Identify vulnerabilities, attack vectors, and mitigations.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /05-security-threat-model.md
- Use the Write tool to save BEFORE completing
, subagent_type : "qe-security-auditor" , run_in_background : true } ) // IF HAS_UX === TRUE Task ( { description : "QCSD Quality Experience Analysis" , prompt :You are qe-qx-partner analyzing ${ URL } .
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Analyze user journeys, experience quality, friction points. Map key user flows and identify UX risks.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /08-quality-experience.md
- Use the Write tool to save BEFORE completing
, subagent_type : "qe-qx-partner" , run_in_background : true } ) // IF HAS_MIDDLEWARE === TRUE Task ( { description : "QCSD Middleware Integration Quality Criteria" , prompt :You are qe-middleware-validator analyzing ${ URL } .
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Assess middleware and integration bus quality criteria. Identify message routing risks, transformation issues, and integration patterns. Evaluate ESB, message broker, API gateway, and pub/sub quality concerns.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /09-middleware-quality.md
- Use the Write tool to save BEFORE completing
, subagent_type : "qe-middleware-validator" , run_in_background : true } ) // IF HAS_SAP_INTEGRATION === TRUE Task ( { description : "QCSD SAP Integration Quality Criteria" , prompt :You are qe-sap-rfc-tester analyzing ${ URL } .
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Assess SAP-specific quality criteria including RFC, BAPI, IDoc, OData, and Fiori concerns. Identify S/4HANA integration risks, CDS view dependencies, and ABAP quality issues. Evaluate SAP interface stability, data consistency, and transport risks.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /10-sap-quality.md
- Use the Write tool to save BEFORE completing
, subagent_type : "qe-sap-rfc-tester" , run_in_background : true } ) // IF HAS_AUTHORIZATION === TRUE Task ( { description : "QCSD Authorization Quality Criteria" , prompt :You are qe-sod-analyzer analyzing ${ URL } .
WEBSITE CONTENT
${ content }
ANALYSIS REQUIREMENTS
Assess authorization and segregation of duties quality criteria. Identify SoD conflicts, role misconfigurations, and access control matrix gaps. Evaluate T-code restrictions, authorization object coverage, and GRC compliance risks.
OUTPUT REQUIREMENTS (MANDATORY)
- Write your complete analysis to: ${ OUTPUT_FOLDER } /11-authorization-quality.md
- Use the Write tool to save BEFORE completing ` , subagent_type : "qe-sod-analyzer" , run_in_background : true } ) PHASE URL-5: Agent Count Validation Before proceeding, verify agent count: ┌─────────────────────────────────────────────────────────────┐ │ AGENT COUNT VALIDATION │ ├─────────────────────────────────────────────────────────────┤ │ │ │ CORE AGENTS (ALWAYS 3): │ │ □ qe-quality-criteria-recommender - SPAWNED? [Y/N] │ │ □ qe-risk-assessor - SPAWNED? [Y/N] │ │ □ qe-requirements-validator - SPAWNED? [Y/N] │ │ │ │ CONDITIONAL AGENTS (based on flags): │ │ □ qe-accessibility-auditor - SPAWNED? [Y/N] (HAS_UI) │ │ □ qe-security-auditor - SPAWNED? [Y/N] (HAS_SECURITY) │ │ □ qe-qx-partner - SPAWNED? [Y/N] (HAS_UX) │ │ □ qe-middleware-validator - SPAWNED? [Y/N] (HAS_MIDDLEWARE)│ │ □ qe-sap-rfc-tester - SPAWNED? [Y/N] (HAS_SAP_INTEG) │ │ □ qe-sod-analyzer - SPAWNED? [Y/N] (HAS_AUTHORIZATION) │ │ │ │ VALIDATION: │ │ Expected agents: [3 + count of TRUE flags] │ │ Actual spawned: [count] │ │ Status: [PASS/FAIL] │ │ │ │ If ACTUAL < EXPECTED, you have FAILED. Spawn missing │ │ agents before proceeding. │ │ │ └─────────────────────────────────────────────────────────────┘ ❌ DO NOT proceed if validation FAILS. PHASE URL-6: Wait for Agents and Verify Reports After spawning, inform user and wait: I've launched [N] agents in background:
- 📊 Quality Criteria Recommender: HTSM v6.3 analysis → 02-quality-criteria-analysis.md
- ⚠️ Risk Assessor: SFDIPOT analysis → 04-risk-assessment.md
- 🧪 Requirements Validator: Testability assessment → 03-testability-assessment.md [IF HAS_UI]
- ♿ Accessibility Auditor: WCAG 2.2 audit → 07-accessibility-audit.md [IF HAS_SECURITY]
- 🔒 Security Auditor: STRIDE threat model → 05-security-threat-model.md [IF HAS_UX]
- 🎯 QX Partner: User experience analysis → 08-quality-experience.md Each agent will write directly to: ${OUTPUT_FOLDER}/ Verify reports exist before synthesis: ls -la " ${OUTPUT_FOLDER} " PHASE URL-7: Invoke