qa-expert
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseQA Expert
QA专家
Establish world-class QA testing processes for any software project using proven methodologies from Google Testing Standards and OWASP security best practices.
借助Google Testing Standards的成熟方法论和OWASP安全最佳实践,为任何软件项目建立世界级的QA测试流程。
When to Use This Skill
何时使用此Skill
Trigger this skill when:
- Setting up QA infrastructure for a new or existing project
- Writing standardized test cases (AAA pattern compliance)
- Executing comprehensive test plans with progress tracking
- Implementing security testing (OWASP Top 10)
- Filing bugs with proper severity classification (P0-P4)
- Generating QA reports (daily summaries, weekly progress)
- Calculating quality metrics (pass rate, coverage, gates)
- Preparing QA documentation for third-party team handoffs
- Enabling autonomous LLM-driven test execution
在以下场景触发此Skill:
- 为新项目或现有项目搭建QA基础设施
- 编写标准化测试用例(符合AAA模式)
- 执行带进度跟踪的全面测试计划
- 实施安全测试(OWASP Top 10)
- 按正确的严重等级分类(P0-P4)提交Bug
- 生成QA报告(每日总结、每周进度)
- 计算质量指标(通过率、覆盖率、质量门限)
- 准备供第三方团队交接的QA文档
- 启用由LLM驱动的自主测试执行
Quick Start
快速开始
One-command initialization:
bash
python scripts/init_qa_project.py <project-name> [output-directory]What gets created:
- Directory structure (,
tests/docs/,tests/e2e/)tests/fixtures/ - Tracking CSVs (,
TEST-EXECUTION-TRACKING.csv)BUG-TRACKING-TEMPLATE.csv - Documentation templates (,
BASELINE-METRICS.md)WEEKLY-PROGRESS-REPORT.md - Master QA Prompt for autonomous execution
- README with complete quickstart guide
For autonomous execution (recommended): See - single copy-paste command for 100x speedup.
references/master_qa_prompt.md一键初始化:
bash
python scripts/init_qa_project.py <project-name> [output-directory]生成内容:
- 目录结构(,
tests/docs/,tests/e2e/)tests/fixtures/ - 跟踪CSV文件(,
TEST-EXECUTION-TRACKING.csv)BUG-TRACKING-TEMPLATE.csv - 文档模板(,
BASELINE-METRICS.md)WEEKLY-PROGRESS-REPORT.md - 用于自主执行的主QA提示词
- 包含完整快速入门指南的README
自主执行(推荐): 查看 - 单次复制粘贴命令可提升100倍效率。
references/master_qa_prompt.mdCore Capabilities
核心能力
1. QA Project Initialization
1. QA项目初始化
Initialize complete QA infrastructure with all templates:
bash
python scripts/init_qa_project.py <project-name> [output-directory]Creates directory structure, tracking CSVs, documentation templates, and master prompt for autonomous execution.
Use when: Starting QA from scratch or migrating to structured QA process.
通过所有模板初始化完整的QA基础设施:
bash
python scripts/init_qa_project.py <project-name> [output-directory]创建目录结构、跟踪CSV文件、文档模板以及用于自主执行的主提示词。
适用场景: 从零开始搭建QA流程或迁移至结构化QA流程。
2. Test Case Writing
2. 测试用例编写
Write standardized, reproducible test cases following AAA pattern (Arrange-Act-Assert):
- Read template:
assets/templates/TEST-CASE-TEMPLATE.md - Follow structure: Prerequisites (Arrange) → Test Steps (Act) → Expected Results (Assert)
- Assign priority: P0 (blocker) → P4 (low)
- Include edge cases and potential bugs
Test case format: TC-[CATEGORY]-[NUMBER] (e.g., TC-CLI-001, TC-WEB-042, TC-SEC-007)
Reference: See for complete AAA pattern guidelines and coverage thresholds.
references/google_testing_standards.md遵循AAA模式(Arrange-Act-Assert)编写标准化、可复现的测试用例:
- 阅读模板:
assets/templates/TEST-CASE-TEMPLATE.md - 遵循结构:前置条件(Arrange)→ 测试步骤(Act)→ 预期结果(Assert)
- 分配优先级:P0(阻塞级)→ P4(低级)
- 包含边缘情况和潜在Bug
测试用例格式: TC-[分类]-[编号](例如:TC-CLI-001, TC-WEB-042, TC-SEC-007)
参考: 查看获取完整的AAA模式指南和覆盖率阈值。
references/google_testing_standards.md3. Test Execution & Tracking
3. 测试执行与跟踪
Ground Truth Principle (critical):
- Test case documents (e.g., ) = authoritative source for test steps
02-CLI-TEST-CASES.md - Tracking CSV = execution status only (do NOT trust CSV for test specifications)
- See for preventing doc/CSV sync issues
references/ground_truth_principle.md
Manual execution:
- Read test case from category document (e.g., ) ← always start here
02-CLI-TEST-CASES.md - Execute test steps exactly as documented
- Update immediately after EACH test (never batch)
TEST-EXECUTION-TRACKING.csv - File bug in if test fails
BUG-TRACKING-TEMPLATE.csv
Autonomous execution (recommended):
- Copy master prompt from
references/master_qa_prompt.md - Paste to LLM session
- LLM auto-executes, auto-tracks, auto-files bugs, auto-generates reports
Innovation: 100x faster vs manual + zero human error in tracking + auto-resume capability.
基准真相原则(关键):
- 测试用例文档(例如)= 测试步骤的权威来源
02-CLI-TEST-CASES.md - 跟踪CSV文件仅记录执行状态(请勿依赖CSV获取测试规范)
- 查看了解如何避免文档与CSV同步问题
references/ground_truth_principle.md
手动执行:
- 从分类文档中读取测试用例(例如)← 始终从此处开始
02-CLI-TEST-CASES.md - 严格按照文档执行测试步骤
- 每次测试后立即更新(切勿批量更新)
TEST-EXECUTION-TRACKING.csv - 若测试失败,在中提交Bug
BUG-TRACKING-TEMPLATE.csv
自主执行(推荐):
- 从复制主提示词
references/master_qa_prompt.md - 粘贴到LLM会话中
- LLM自动执行、自动跟踪、自动提交Bug、自动生成报告
创新点: 比手动执行快100倍 + 跟踪零人为错误 + 自动续执行能力。
4. Bug Reporting
4. Bug报告
File bugs with proper severity classification:
Required fields:
- Bug ID: Sequential (BUG-001, BUG-002, ...)
- Severity: P0 (24h fix) → P4 (optional)
- Steps to Reproduce: Numbered, specific
- Environment: OS, versions, configuration
Severity classification:
- P0 (Blocker): Security vulnerability, core functionality broken, data loss
- P1 (Critical): Major feature broken with workaround
- P2 (High): Minor feature issue, edge case
- P3 (Medium): Cosmetic issue
- P4 (Low): Documentation typo
Reference: See for complete template with examples.
BUG-TRACKING-TEMPLATE.csv按正确的严重等级分类提交Bug:
必填字段:
- Bug ID: 连续编号(BUG-001, BUG-002, ...)
- 严重等级: P0(24小时修复)→ P4(可选)
- 复现步骤: 编号列表,具体明确
- 环境: 操作系统、版本、配置
严重等级分类:
- P0(阻塞级): 安全漏洞、核心功能失效、数据丢失
- P1(严重级): 主要功能失效但有替代方案
- P2(高级): 次要功能问题、边缘情况
- P3(中级): 界面显示问题
- P4(低级): 文档拼写错误
参考: 查看获取带示例的完整模板。
BUG-TRACKING-TEMPLATE.csv5. Quality Metrics Calculation
5. 质量指标计算
Calculate comprehensive QA metrics and quality gates status:
bash
python scripts/calculate_metrics.py <path/to/TEST-EXECUTION-TRACKING.csv>Metrics dashboard includes:
- Test execution progress (X/Y tests, Z% complete)
- Pass rate (passed/executed %)
- Bug analysis (unique bugs, P0/P1/P2 breakdown)
- Quality gates status (✅/❌ for each gate)
Quality gates (all must pass for release):
| Gate | Target | Blocker |
|---|---|---|
| Test Execution | 100% | Yes |
| Pass Rate | ≥80% | Yes |
| P0 Bugs | 0 | Yes |
| P1 Bugs | ≤5 | Yes |
| Code Coverage | ≥80% | Yes |
| Security | 90% OWASP | Yes |
计算全面的QA指标和质量门限状态:
bash
python scripts/calculate_metrics.py <path/to/TEST-EXECUTION-TRACKING.csv>指标仪表板包含:
- 测试执行进度(已执行X/Y测试,完成Z%)
- 通过率(通过/已执行 %)
- Bug分析(唯一Bug数量、P0/P1/P2分布)
- 质量门限状态(每个门限的✅/❌)
质量门限(发布前必须全部通过):
| 门限 | 目标 | 是否阻塞发布 |
|---|---|---|
| 测试执行 | 100% | 是 |
| 通过率 | ≥80% | 是 |
| P0 Bug | 0 | 是 |
| P1 Bug | ≤5 | 是 |
| 代码覆盖率 | ≥80% | 是 |
| 安全测试 | 90% OWASP覆盖率 | 是 |
6. Progress Reporting
6. 进度报告
Generate QA reports for stakeholders:
Daily summary (end-of-day):
- Tests executed, pass rate, bugs filed
- Blockers (or None)
- Tomorrow's plan
Weekly report (every Friday):
- Use template: (created by init script)
WEEKLY-PROGRESS-REPORT.md - Compare against baseline:
BASELINE-METRICS.md - Assess quality gates and trends
Reference: See for 30+ ready-to-use reporting prompts.
references/llm_prompts_library.md为利益相关者生成QA报告:
每日总结(下班前):
- 已执行测试数、通过率、已提交Bug数
- 阻塞问题(无则填None)
- 次日计划
每周报告(每周五):
- 使用模板:(由初始化脚本生成)
WEEKLY-PROGRESS-REPORT.md - 与基准对比:
BASELINE-METRICS.md - 评估质量门限和趋势
参考: 查看获取30+现成的报告提示词。
references/llm_prompts_library.md7. Security Testing (OWASP)
7. 安全测试(OWASP)
Implement OWASP Top 10 security testing:
Coverage targets:
- A01: Broken Access Control - RLS bypass, privilege escalation
- A02: Cryptographic Failures - Token encryption, password hashing
- A03: Injection - SQL injection, XSS, command injection
- A04: Insecure Design - Rate limiting, anomaly detection
- A05: Security Misconfiguration - Verbose errors, default credentials
- A07: Authentication Failures - Session hijacking, CSRF
- Others: Data integrity, logging, SSRF
Target: 90% OWASP coverage (9/10 threats mitigated).
Each security test follows AAA pattern with specific attack vectors documented.
实施OWASP Top 10安全测试:
覆盖率目标:
- A01: 访问控制失效 - RLS绕过、权限提升
- A02: 加密失败 - 令牌加密、密码哈希
- A03: 注入攻击 - SQL注入、XSS、命令注入
- A04: 不安全设计 - 速率限制、异常检测
- A05: 安全配置错误 - 详细错误信息、默认凭据
- A07: 认证失败 - 会话劫持、CSRF
- 其他: 数据完整性、日志、SSRF
目标: 90% OWASP覆盖率(缓解9/10威胁)。
每个安全测试均遵循AAA模式,并记录了具体的攻击向量。
Day 1 Onboarding
首日入职指南
For new QA engineers joining a project, complete 5-hour onboarding guide:
Read:
references/day1_onboarding.mdTimeline:
- Hour 1: Environment setup (database, dev server, dependencies)
- Hour 2: Documentation review (test strategy, quality gates)
- Hour 3: Test data setup (users, CLI, DevTools)
- Hour 4: Execute first test case
- Hour 5: Team onboarding & Week 1 planning
Checkpoint: By end of Day 1, environment running, first test executed, ready for Week 1.
针对加入项目的新QA工程师,完成5小时入职指南:
阅读:
references/day1_onboarding.md时间线:
- 第1小时:环境搭建(数据库、开发服务器、依赖)
- 第2小时:文档审阅(测试策略、质量门限)
- 第3小时:测试数据准备(用户、CLI、DevTools)
- 第4小时:执行第一个测试用例
- 第5小时:团队融入与第1周计划
检查点: 首日结束前,环境运行正常,已执行第一个测试用例,准备好开展第1周工作。
Autonomous Execution (⭐ Recommended)
自主执行(⭐ 推荐)
Enable LLM-driven autonomous QA testing with single master prompt:
Read:
references/master_qa_prompt.mdFeatures:
- Auto-resume from last completed test (reads tracking CSV)
- Auto-execute test cases (Week 1-5 progression)
- Auto-track results (updates CSV after each test)
- Auto-file bugs (creates bug reports for failures)
- Auto-generate reports (daily summaries, weekly reports)
- Auto-escalate P0 bugs (stops testing, notifies stakeholders)
Benefits:
- 100x faster execution vs manual
- Zero human error in tracking
- Consistent bug documentation
- Immediate progress visibility
Usage: Copy master prompt, paste to LLM, let it run autonomously for 5 weeks.
通过单个主提示词启用LLM驱动的自主QA测试:
阅读:
references/master_qa_prompt.md功能:
- 从上次完成的测试自动续执行(读取跟踪CSV)
- 自动执行测试用例(按第1-5周进度)
- 自动更新结果(每次测试后更新CSV)
- 自动提交Bug(为失败测试创建Bug报告)
- 自动生成报告(每日总结、每周报告)
- 自动升级P0 Bug(停止测试,通知利益相关者)
优势:
- 比手动执行快100倍
- 跟踪零人为错误
- Bug文档一致规范
- 进度实时可见
使用方法: 复制主提示词,粘贴到LLM中,让其自主运行5周。
Adapting for Your Project
适配不同项目规模
Small Project (50 tests)
小型项目(50个测试用例)
- Timeline: 2 weeks
- Categories: 2-3 (e.g., Frontend, Backend)
- Daily: 5-7 tests
- Reports: Daily summary only
- 时间线:2周
- 分类:2-3个(例如:前端、后端)
- 每日:5-7个测试用例
- 报告:仅每日总结
Medium Project (200 tests)
中型项目(200个测试用例)
- Timeline: 4 weeks
- Categories: 4-5 (CLI, Web, API, DB, Security)
- Daily: 10-12 tests
- Reports: Daily + weekly
- 时间线:4周
- 分类:4-5个(CLI、Web、API、数据库、安全)
- 每日:10-12个测试用例
- 报告:每日总结 + 每周报告
Large Project (500+ tests)
大型项目(500+测试用例)
- Timeline: 8-10 weeks
- Categories: 6-8 (multiple components)
- Daily: 10-15 tests
- Reports: Daily + weekly + bi-weekly stakeholder
- 时间线:8-10周
- 分类:6-8个(多组件)
- 每日:10-15个测试用例
- 报告:每日总结 + 每周报告 + 双周利益相关者报告
Reference Documents
参考文档
Access detailed guidelines from bundled references:
- - 5-hour onboarding guide for new QA engineers
references/day1_onboarding.md - - Single command for autonomous LLM execution (100x speedup)
references/master_qa_prompt.md - - 30+ ready-to-use prompts for specific QA tasks
references/llm_prompts_library.md - - AAA pattern, coverage thresholds, fail-fast validation
references/google_testing_standards.md - - Preventing doc/CSV sync issues (critical for test suite integrity)
references/ground_truth_principle.md
从内置参考中获取详细指南:
- - 新QA工程师的5小时入职指南
references/day1_onboarding.md - - 用于LLM自主执行的单条命令(效率提升100倍)
references/master_qa_prompt.md - - 30+适用于特定QA任务的现成提示词
references/llm_prompts_library.md - - AAA模式、覆盖率阈值、快速失败验证
references/google_testing_standards.md - - 避免文档与CSV同步问题(对测试套件完整性至关重要)
references/ground_truth_principle.md
Assets & Templates
资源与模板
Test case templates and bug report formats:
- - Complete template with CLI and security examples
assets/templates/TEST-CASE-TEMPLATE.md
测试用例模板和Bug报告格式:
- - 包含CLI和安全测试示例的完整模板
assets/templates/TEST-CASE-TEMPLATE.md
Scripts
脚本
Automation scripts for QA infrastructure:
- - Initialize QA infrastructure (one command setup)
scripts/init_qa_project.py - - Generate quality metrics dashboard
scripts/calculate_metrics.py
用于QA基础设施的自动化脚本:
- - 初始化QA基础设施(一键搭建)
scripts/init_qa_project.py - - 生成质量指标仪表板
scripts/calculate_metrics.py
Common Patterns
常见模式
Pattern 1: Starting Fresh QA
模式1:从零开始搭建QA
1. python scripts/init_qa_project.py my-app ./
2. Fill in BASELINE-METRICS.md (document current state)
3. Write test cases using assets/templates/TEST-CASE-TEMPLATE.md
4. Copy master prompt from references/master_qa_prompt.md
5. Paste to LLM → autonomous execution begins1. python scripts/init_qa_project.py my-app ./
2. 填写BASELINE-METRICS.md(记录当前状态)
3. 使用assets/templates/TEST-CASE-TEMPLATE.md编写测试用例
4. 从references/master_qa_prompt.md复制主提示词
5. 粘贴到LLM → 开始自主执行Pattern 2: LLM-Driven Testing (Autonomous)
模式2:LLM驱动测试(自主)
1. Read references/master_qa_prompt.md
2. Copy the single master prompt (one paragraph)
3. Paste to LLM conversation
4. LLM executes all 342 test cases over 5 weeks
5. LLM updates tracking CSVs automatically
6. LLM generates weekly reports automatically1. 阅读references/master_qa_prompt.md
2. 复制单条主提示词(一段内容)
3. 粘贴到LLM对话中
4. LLM在5周内执行全部342个测试用例
5. LLM自动更新跟踪CSV文件
6. LLM自动生成每周报告Pattern 3: Adding Security Testing
模式3:添加安全测试
1. Read references/google_testing_standards.md (OWASP section)
2. Write TC-SEC-XXX test cases for each OWASP threat
3. Target 90% coverage (9/10 threats)
4. Document mitigations in test cases1. 阅读references/google_testing_standards.md(OWASP章节)
2. 为每个OWASP威胁编写TC-SEC-XXX测试用例
3. 目标:90%覆盖率(缓解9/10威胁)
4. 在测试用例中记录缓解措施Pattern 4: Third-Party QA Handoff
模式4:第三方QA团队交接
1. Ensure all templates populated
2. Verify BASELINE-METRICS.md complete
3. Package tests/docs/ folder
4. Include references/master_qa_prompt.md for autonomous execution
5. QA team can start immediately (Day 1 onboarding → 5 weeks testing)1. 确保所有模板已填充完整
2. 验证BASELINE-METRICS.md已完成
3. 打包tests/docs/文件夹
4. 包含references/master_qa_prompt.md以支持自主执行
5. QA团队可立即开始工作(首日入职 → 5周测试)Success Criteria
成功标准
This skill is effective when:
- ✅ Test cases are reproducible by any engineer
- ✅ Quality gates objectively measured
- ✅ Bugs fully documented with repro steps
- ✅ Progress visible in real-time (CSV tracking)
- ✅ Autonomous execution enabled (LLM can execute full plan)
- ✅ Third-party QA teams can start testing immediately
当满足以下条件时,此Skill生效:
- ✅ 测试用例可被任何工程师复现
- ✅ 质量门限可客观衡量
- ✅ Bug包含完整的复现步骤文档
- ✅ 进度可实时查看(CSV跟踪)
- ✅ 已启用自主执行(LLM可执行完整计划)
- ✅ 第三方QA团队可立即开始测试