Files
wehub-resource-sync 23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:02:19 +08:00
..

@claude-flow/plugin-agentic-qe

AI-powered quality engineering that writes tests, finds bugs, and breaks things (safely) so your users don't have to.

What is this?

This plugin adds 58 AI agents to Claude Flow that handle all aspects of software quality:

  • Write tests for you - Unit tests, integration tests, E2E tests, even chaos tests
  • Find coverage gaps - Shows exactly which code paths aren't tested
  • Predict bugs before they happen - ML-based defect prediction from code patterns
  • Security scanning - Find vulnerabilities, secrets, and compliance issues
  • Break things on purpose - Chaos engineering to test resilience (safely!)

Think of it as having a team of QA engineers who never sleep, never miss edge cases, and learn from every bug they find.

Installation

Via Claude Flow CLI (recommended):

npx claude-flow plugins install --name @claude-flow/plugin-agentic-qe

Via npm:

npm install @claude-flow/plugin-agentic-qe

Verify installation:

npx claude-flow plugins list

Practical Examples

🟢 Basic: Generate Unit Tests

The simplest use case - point it at a file and get tests:

npx claude-flow@v3alpha mcp call aqe/generate-tests \
  --targetPath ./src/utils/calculator.ts \
  --testType unit \
  --framework vitest

What you get:

// Generated: calculator.test.ts
describe('Calculator', () => {
  it('should add two numbers', () => {
    expect(add(2, 3)).toBe(5);
  });

  it('should handle negative numbers', () => {
    expect(add(-1, 5)).toBe(4);
  });

  it('should handle decimal precision', () => {
    expect(add(0.1, 0.2)).toBeCloseTo(0.3);
  });
});

🟡 Intermediate: TDD Workflow

Give it a requirement, and it runs the full red-green-refactor cycle:

npx claude-flow@v3alpha mcp call aqe/tdd-cycle \
  --requirement "Users can reset their password via email" \
  --targetPath ./src/auth \
  --style london

What happens:

  1. Writes failing tests for password reset
  2. Implements minimal code to pass
  3. Refactors for clean code
  4. Verifies 100% coverage of the requirement

🟡 Intermediate: Find Security Issues

Scan your code for vulnerabilities:

npx claude-flow@v3alpha mcp call aqe/security-scan \
  --targetPath ./src \
  --scanType sast \
  --compliance owasp-top-10

Output:

{
  "vulnerabilities": [
    {
      "severity": "high",
      "type": "SQL Injection",
      "file": "src/db/queries.ts",
      "line": 42,
      "fix": "Use parameterized queries instead of string concatenation"
    }
  ],
  "compliance": {
    "owasp-top-10": { "passed": 8, "failed": 2 }
  }
}

🟠 Advanced: Quality Gates for CI/CD

Block releases that don't meet quality standards:

const evaluation = await mcp.call('aqe/evaluate-quality-gate', {
  gates: [
    { metric: 'line_coverage', operator: '>=', threshold: 80 },
    { metric: 'test_pass_rate', operator: '==', threshold: 100 },
    { metric: 'security_vulnerabilities', operator: '==', threshold: 0 },
    { metric: 'accessibility_violations', operator: '<=', threshold: 5 }
  ]
});

if (!evaluation.passed) {
  console.log('Release blocked:', evaluation.failedCriteria);
  process.exit(1);
}

🟠 Advanced: Predict Bugs Before They Ship

Use ML to find likely defects:

npx claude-flow@v3alpha mcp call aqe/predict-defects \
  --targetPath ./src/checkout \
  --includeRootCause true

Output:

{
  "predictions": [
    {
      "file": "src/checkout/payment.ts",
      "probability": 0.78,
      "reason": "High cyclomatic complexity + recent churn + no error handling for network failures",
      "suggestedTests": ["network timeout", "partial payment failure", "currency conversion edge cases"]
    }
  ]
}

🔴 Expert: Chaos Engineering

Test how your system handles failures. Always use dryRun first!

# Step 1: Preview what would happen (safe)
npx claude-flow@v3alpha mcp call aqe/chaos-inject \
  --target payment-service \
  --failureType network-latency \
  --duration 30 \
  --intensity 0.5 \
  --dryRun true

# Step 2: Run the actual experiment
npx claude-flow@v3alpha mcp call aqe/chaos-inject \
  --target payment-service \
  --failureType network-latency \
  --duration 30 \
  --intensity 0.5 \
  --dryRun false

Failure types available:

  • network-latency - Add delays to network calls
  • network-partition - Isolate services from each other
  • cpu-stress - Simulate high CPU load
  • memory-pressure - Simulate memory exhaustion
  • disk-failure - Simulate storage issues
  • process-kill - Randomly kill processes
  • dns-failure - Break DNS resolution

🔴 Expert: Visual Regression Testing

Catch UI changes automatically:

// Compare against baseline
const result = await mcp.call('aqe/visual-regression', {
  targetUrl: 'http://localhost:3000',
  viewports: [
    { width: 1920, height: 1080 },  // Desktop
    { width: 768, height: 1024 },   // Tablet
    { width: 375, height: 812 }     // Mobile
  ],
  threshold: 0.1  // 10% difference allowed
});

if (result.hasRegressions) {
  console.log('Visual changes detected:', result.diffs);
}

🟣 Exotic: Full Automated QA Pipeline

Combine everything for comprehensive quality assurance:

// 1. Generate tests for uncovered code
const tests = await mcp.call('aqe/generate-tests', {
  targetPath: './src',
  coverage: { target: 90, focusGaps: true }
});

// 2. Run security scan
const security = await mcp.call('aqe/security-scan', {
  targetPath: './src',
  scanType: 'sast',
  compliance: ['owasp-top-10', 'sans-25']
});

// 3. Check accessibility
const a11y = await mcp.call('aqe/check-accessibility', {
  targetUrl: 'http://localhost:3000',
  standard: 'WCAG21-AA'
});

// 4. Predict defects
const defects = await mcp.call('aqe/predict-defects', {
  targetPath: './src'
});

// 5. Assess release readiness
const readiness = await mcp.call('aqe/assess-readiness', {
  criteria: [
    { name: 'coverage', required: true },
    { name: 'security', required: true },
    { name: 'accessibility', required: false }
  ]
});

console.log('Ready to ship:', readiness.approved);

🟣 Exotic: Self-Learning Test Patterns

The plugin learns from your codebase and improves over time:

// The plugin stores patterns in memory
// After running on your codebase, it learns:
// - Your testing style and conventions
// - Common edge cases in your domain
// - Patterns that historically caused bugs

// Query learned patterns
const patterns = await mcp.call('aqe/suggest-tests', {
  targetPath: './src/new-feature.ts',
  useLearned: true  // Use patterns learned from your codebase
});

// Patterns are stored in:
// - aqe/v3/test-patterns (test generation)
// - aqe/v3/defect-patterns (bug prediction)
// - aqe/v3/learning-trajectories (improvement over time)

Available Tools

Category Tools What They Do
Test Generation generate-tests, tdd-cycle, suggest-tests Write tests automatically
Coverage analyze-coverage, prioritize-gaps, track-trends Find untested code
Quality evaluate-quality-gate, assess-readiness, calculate-risk Release decisions
Defects predict-defects, analyze-root-cause, find-similar-defects Bug prediction
Security security-scan, audit-compliance, detect-secrets Vulnerability scanning
Contracts validate-contract, compare-contracts API validation
Visual visual-regression, check-accessibility UI testing
Chaos chaos-inject, assess-resilience, load-test Resilience testing

Configuration

# claude-flow.config.yaml
plugins:
  agentic-qe:
    enabled: true
    config:
      defaultFramework: vitest
      coverageTarget: 80
      tddStyle: london
      complianceStandards:
        - owasp-top-10
        - sans-25

Safety

  • Chaos operations default to dry-run mode - Nothing breaks until you explicitly confirm
  • All code runs in a sandbox - 30s timeout, 512MB memory limit, no network access
  • Production targets are blocked - Can't accidentally chaos-test production

License

MIT