Test engineer plugin#150
Conversation
Plugin Validation Summary —
|
| Validation | Tool | Result |
|---|---|---|
| Plugin structure & manifest | plugin-validator (plugin-dev) | ✅ Pass |
| Skill quality | skill-reviewer (plugin-dev) | ✅ Pass |
| Security | reviewing-claude-config (claude-config-validator) | ✅ Pass |
Components validated: 1 agent (test-strategist), 2 skills (analyzing-test-stack, assessing-test-coverage), shared references/ + scripts/, manifest, README, and CHANGELOG. Version 1.0.0 is consistent across plugin.json, marketplace.json, and agents/test-strategist.md.
Note: the repo's
validate-plugin-structure.sh/validate-marketplace.shscripts were not run in this environment (require command approval). Their checks — manifest fields, frontmatter, version/name consistency, changelog format — were instead covered by the plugin-validator agent below.
1. Plugin Structure (plugin-validator) — ✅ PASS
- Manifest (
.claude-plugin/plugin.json): valid JSON;namekebab-case;versionvalid semver1.0.0;description,author,homepage,repository,keywordswell-formed. No invalid/unknown fields. - Agent (
agents/test-strategist.md):nametest-strategist(lowercase/hyphenated, within 3–50);descriptioncarries 4 well-formed<example>blocks with Context/user/assistant/<commentary>;model: inheritvalid;color: greenvalid; substantial system prompt;version: 1.0.0present and consistent. - Skills: both
SKILL.mdfiles have valid frontmatter, names matching their directories, and scopedallowed-tools. Allreferences/files resolve. - Hooks / MCP: none defined (correct). The plugin consumes
bitwarden-atlassian-tools' MCP server viamcp__plugin_bitwarden-atlassian-tools_*tool references, documented as an optional dependency with graceful degradation. - Cross-references: all support files resolve (
input-sources.md,report-style-tokens.md,report-style.css,report-template-common.md, all skillreferences/, andscripts/build-report.sh— executable0755). - CHANGELOG.md: Keep a Changelog format, references SemVer, single
## [1.0.0] - 2026-06-15entry under### Added, version matches manifest. - File organization: README present and comprehensive; no stray files (
.DS_Store,node_modules,.env, etc.).
Minor / advisory (no action required):
agents/test-strategist.md— grantsWrite,Task, and scopedBash(...). Appropriate for an orchestrator that fans out subagents and runsbuild-report.sh; every Bash entry is tightly scoped (e.g.Bash(gh pr view:*),Bash(${CLAUDE_PLUGIN_ROOT}/scripts/build-report.sh:*)), no blanketBash. Flagged only so a reviewer confirmsWriteis intended (it is).agents/test-strategist.mdfilename — the file istest-strategist.md, notAGENT.md. Auto-discovery accepts any*.mdunderagents/, so this is valid; howeverbump-plugin-version.shtargetsAGENT.md(uppercase), so manually confirm the agentversionfield on the next version bump.
2. Skill Review (skill-reviewer) — ✅ PASS (both skills)
Both skills pass the core quality bar. Frontmatter valid; descriptions are third-person/imperative with specific trigger phrases and exemplary mutual disambiguation ("does NOT … for that, use the other skill") preventing the forward/backward-looking skills from cross-triggering. Progressive disclosure is textbook — lean cores, detail offloaded to references/, shared plugin-level references/ reused across both skills. All referenced files and named section anchors resolve. allowed-tools tightly scoped (read-only git/gh + the single build script).
Minor / warnings (should-fix / optional):
skills/assessing-test-coverage/references/finding-coverage.md:20,40— bare relative reference toreferences/monorepo-layout.md, which actually lives in the siblinganalyzing-test-stackskill. A reader following that path fromassessing-test-coverage/references/would not find it. Recommend qualifying it the wayassessing-test-coverage/SKILL.md:27does ("theanalyzing-test-stackskill'sreferences/monorepo-layout.md"). This is the only finding with real reader-confusion risk.analyzing-test-stack/SKILL.md:3(~660 chars) andassessing-test-coverage/SKILL.md:3(~580 chars) — descriptions exceed the ~500-char guideline. Length is earned by disambiguation; trim or accept as a deliberate trade-off.- Body word counts (802 / 712) are below the 1,000-word soft target — acceptable given strong progressive disclosure.
- Neither skill has an
examples/directory; a sample generated HTML report would aid the model (optional enhancement).
3. Security Review (reviewing-claude-config) — ✅ PASS
- Secrets: no API keys, tokens, passwords, private keys, or hardcoded credentials in any changed file. (All "token" hits across the plugin refer to CSS style tokens and LLM token cost/pool — benign.)
- No
settings.local.jsoncommitted; no settings files in the changeset. scripts/build-report.sh: hardened —set -euo pipefail; all inputs validated (--kindallowlist,--slugregex,--dateregex, file-existence checks); CSS path resolved viaBASH_SOURCE(portable, no hardcoded absolute paths); CSS spliced viaawkline-by-line so no shell escaping touches content. Nocurl/wget/eval/nc//dev/tcp/base64 -d/rm -rfor other network or destructive operations.- Permission scoping: agent
toolsare least-privilege — allBash(...)entries are command-prefix-scoped, the build script is referenced via${CLAUDE_PLUGIN_ROOT}(portable), and MCP access is limited to the specific Atlassian read tools. No dangerous auto-approvals, no overly broad file access. - URLs: all HTTPS; no insecure
http://or WS endpoints.
Recommended actions (none blocking)
- Should-fix: qualify the
monorepo-layout.mdreferences inskills/assessing-test-coverage/references/finding-coverage.md:20,40to name the sibling skill. - Optional: trim the two skill descriptions toward ~500 chars; add
examples/with a sample report. - Reminder: on the next version bump, manually verify the
versionfield inagents/test-strategist.md(the bump script targetsAGENT.md, not this filename).
Verdict: APPROVE. No errors (must-fix) found; remaining items are warnings/optional.
🤖 Bitwarden Claude Code ReviewOverall Assessment: APPROVE Reviewed the new Code Review DetailsNo blocking findings. Notes considered and dismissed:
|
|
Is there viability to factoring these in as skills for the existing software engineer? We want to unify test development here. |
I think that's possible but seems to go against the persona-per-plugin pattern. The two skills included don't necessarily need to be a part of this persona, but I think it fits pretty well. Note that these two skills are explicitly not targeting test development, but planning/strategy. Software-engineer's description states, "collaborates with QA on testing questions" - so I could see it being a consumer or peer of testing, rather than it's owner. I don't think the reports these skills generate should be limited to software-engineers, either. A product-analyst could potentially make use of them, or any role that doesn't have or need to have the software-engineer plugin installed. For test development specifically - I would think those Skill definitions would exist alongside each repo. |
# Conflicts: # .cspell.json
|
closing in favor of smaller iteration #152 |
🎟️ Tracking
https://bitwarden.atlassian.net/browse/QA-1983
📔 Objective
This branch introduces a new bitwarden-test-engineer plugin to the marketplace -a test-engineering toolkit whose first role is the test-strategist agent.
Given a change (feature, bugfix, refactor, or migration), the agent recommends what to test, at which layer, and why, shaped to each repo's actual test practice. It does test planning only - it does not author, run, or maintain tests.
Key design principle: each behavior is tested at the cheapest layer that buys the needed confidence, with layer weighting decided per repo (unit-heavy pyramid for server/clients, integration/snapshot trophy for ios, all-E2E for the dedicated private test repo). Atlassian integration is optional with graceful degradation.