qa-review

Use when reviewing or planning QA strategy for a feature, PR, or release so test coverage, test quality, reliability, and defect reporting are handled as a coherent engineering discipline instead of ad hoc checks.

8 stars

Best use case

qa-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when reviewing or planning QA strategy for a feature, PR, or release so test coverage, test quality, reliability, and defect reporting are handled as a coherent engineering discipline instead of ad hoc checks.

Teams using qa-review should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/qa-review/SKILL.md --create-dirs "https://raw.githubusercontent.com/drvoss/everything-copilot-cli/main/skills/testing/qa-review/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/qa-review/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How qa-review Compares

Feature / Agentqa-reviewStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when reviewing or planning QA strategy for a feature, PR, or release so test coverage, test quality, reliability, and defect reporting are handled as a coherent engineering discipline instead of ad hoc checks.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# QA Review

Review quality strategy the way a strong QA engineer would: choose the right test
layers, verify the tests are readable and deterministic, and make failures easy
to act on.

## When to Use

- A feature or PR needs a QA-oriented review before merge or release
- Test coverage exists, but you are not sure it is at the right pyramid level
- A team needs a repeatable checklist for API, UI, regression, or performance coverage
- Bug reports or CI failures are noisy and need better quality standards

## When NOT to Use

| Instead of qa-review | Use |
|----------------------|-----|
| Writing one failing test before implementation | `tdd-workflow` |
| Building an LLM or agent evaluation suite | `eval-harness` |
| Writing or debugging browser automation for a specific flow | `e2e-testing` or `browser-devtools` |
| General UX or usability critique | `ux-audit` |

## QA Model

Balance the test pyramid first:

| Layer | Goal | Typical share |
|-------|------|---------------|
| Unit | business logic, edge cases, fast feedback | 60-70% |
| Integration | module boundaries, DB, API, contracts | 20-30% |
| End-to-end | critical user journeys and smoke flows | 5-10% |

If a change leans too heavily on slow end-to-end tests or skips contract-level
checks entirely, treat that as a QA design issue, not just a missing test.

## Workflow

### 1. Define the quality risk

Before reading tests, ask:

1. what can break for the user or operator?
2. which layer should catch it first?
3. what would make a failure actionable in CI?

Use that to decide whether you primarily need unit, integration, E2E, or
performance evidence.

### 2. Inspect the current test surface

```powershell
rg -n "describe\\(|test\\(|it\\(" . -g "*.{test,spec}.{js,jsx,ts,tsx}"
rg -n "def test_|class Test" . -g "*_test.py" -g "test_*.py"
rg -n "@playwright/test|cypress|selenium" .
```

Check whether the tests already map to the right layer or whether important paths
are covered only indirectly.

### 3. Review test case quality

Prefer names that read as standalone behavior statements:

- `should return 404 when product id does not exist`
- `given an expired token, when the user calls /me, then it returns 401`

Flag names like `test1`, `works`, or implementation-detail phrasing that makes
failures harder to interpret.

For assertions:

- prefer exact expected values over truthiness
- prefer specific matchers over generic equality
- keep one logical behavior per test when practical
- check both exception type and message for failure-path tests

### 4. Review data isolation and mocks

Look for:

- factories or builders instead of repeated raw fixture blobs
- minimal test data shaped only around the behavior under review
- unique IDs or reset hooks to prevent shared-state collisions
- mocking at the boundary (HTTP client, DB adapter, queue), not deep inside the core logic

Treat random sleeps, global state reuse, and order-dependent tests as reliability
bugs.

### 5. Review boundary coverage

For APIs, verify:

- status code
- response schema
- headers
- authn/authz cases
- boundary inputs
- error-body consistency
- idempotency where relevant

For UI or E2E coverage, verify:

- user-visible behavior rather than implementation details
- accessible selectors first (`role`, `label`, then `test-id`)
- explicit waits instead of fixed sleeps
- isolated and stable execution environment

For performance-sensitive work, verify:

- explicit SLOs or target latency/throughput expectations
- realistic data volume
- distinction between load, stress, and soak concerns
- regression tracking over time instead of one-off anecdotes

### 6. Review CI and bug reporting readiness

A strong QA pass should leave behind:

- fast tests on every commit
- slower suites on PR, merge, or scheduled gates
- visible failure output with the exact broken test and reason
- retained artifacts such as traces, screenshots, JUnit XML, or coverage output

Bug reports should include:

1. precise title
2. environment
3. numbered repro steps
4. expected result
5. actual result
6. severity
7. relevant attachments

## Output Template

```markdown
## QA Review

### Coverage Shape
- ...

### Test Quality
- ...

### Reliability Risks
- ...

### Missing Cases
- ...

### CI / Reporting Gaps
- ...

### Recommended Next Step
1. ...
2. ...
3. ...
```

## Review Checklist

- [ ] The changed behavior is covered at the right test-pyramid layer
- [ ] Test names are readable and behavior-focused
- [ ] Tests are deterministic and isolated
- [ ] Mocks are boundary-level and reset between tests
- [ ] API or UI boundary cases are covered where relevant
- [ ] CI output and artifacts would make a failure actionable

## Common Rationalizations

| Rationalization | Reality |
|----------------|---------|
| "The E2E test covers everything already." | Slow end-to-end coverage does not replace unit or contract coverage. |
| "This assertion is good enough." | Vague assertions create vague failures. |
| "A little sleep makes the test stable." | Arbitrary waits hide race conditions instead of fixing them. |
| "Coverage is high, so QA is done." | Coverage percentages do not prove critical paths or edge cases were tested well. |

## See Also

- [`tdd-workflow`](../../development/tdd-workflow/SKILL.md) - write the first failing tests before implementation
- [`eval-harness`](../eval-harness/SKILL.md) - evaluate LLM or agent workflows with tracked test cases
- [`e2e-testing`](../e2e-testing/SKILL.md) - build and run critical user-flow automation
- [`test-coverage`](../test-coverage/SKILL.md) - measure and close structural coverage gaps

Related Skills

implementation-review

8
from drvoss/everything-copilot-cli

Use after an implementation pass lands — compare the original task spec or handoff against the delivered diff, classify each requested item, and produce an actionable follow-up report.

pr-security-review

8
from drvoss/everything-copilot-cli

Use when reviewing a pull request for security issues — automatically analyzes the diff for vulnerabilities, hardcoded secrets, injection risks, and broken access control before merging

gha-security-review

8
from drvoss/everything-copilot-cli

Use when reviewing GitHub Actions workflows for exploitable vulnerabilities — finds pwn-request patterns, expression injection, credential escalation, config poisoning, and supply chain risks, and reports only HIGH and MEDIUM confidence findings with concrete attack paths.

review

8
from drvoss/everything-copilot-cli

Use when you want to check whether a code change follows the repository's documented conventions (Standards) and aligns with the originating issue or PRD (Spec) — compared against a pinned git reference

pr-multi-perspective-review

8
from drvoss/everything-copilot-cli

Review a pull request from 6 perspectives (PM, Dev, QA, Security, DevOps, UX) for comprehensive, bias-free feedback

code-review

8
from drvoss/everything-copilot-cli

Use when reviewing code changes for quality, correctness, and security — runs a structured checklist with severity-rated findings

verification-before-completion

8
from drvoss/everything-copilot-cli

Use before claiming any task is done — run the exact command that proves the fix works, read the output, and only then report success.

using-git-worktrees

8
from drvoss/everything-copilot-cli

Use when you need multiple branches checked out at once — create isolated working directories for parallel development without cloning the repository repeatedly

triage

8
from drvoss/everything-copilot-cli

Use when a single issue needs structured triage — classify it, reproduce if needed, request missing information, and leave a durable brief or close-out note in the tracker.

to-issues

8
from drvoss/everything-copilot-cli

Use when a plan, spec, or PRD must become an actionable backlog — break it into thin dependency-aware issues that each deliver a verifiable vertical slice

sprint-workflow

8
from drvoss/everything-copilot-cli

Use when starting a new feature, refactor, or multi-step dev task — runs the full sprint cycle (Think → Plan → Build → Review → Test → Ship → Monitor) using Copilot CLI's plan/autopilot modes.

sprint-retro

8
from drvoss/everything-copilot-cli

Use at the end of a sprint to run a data-driven retrospective — analyzes session history and git metrics to surface what shipped, what slowed you down, and concrete improvements.