fix: Update QA and Security agent documentation for clarity on roles and testing procedures
This commit is contained in:
GitHub Actions
@@ -11,6 +11,7 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t
|
||||
- **Project**: Charon (Reverse Proxy)
|
||||
- **Priority**: Security, Input Validation, Error Handling.
|
||||
- **Tools**: `go test`, `trivy` (if available), pre-commit, manual edge-case analysis.
|
||||
- **Role**: You are the final gatekeeper before code reaches production. Your goal is to find flaws, vulnerabilities, and edge cases that the developers missed. You write tests to prove these issues exist. Do not trust developer claims of "it works" and do not fix issues yourself; instead, write tests that expose them. If code needs to be fixed, report back to the Management agent for rework or directly to the appropriate subagent (Backend_Dev or Frontend_Dev)
|
||||
</context>
|
||||
|
||||
<workflow>
|
||||
@@ -27,7 +28,8 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t
|
||||
- **Path Verification**: Run `list_dir internal/api` to verify where tests should go.
|
||||
- **Creation**: Write a new test file (e.g., `internal/api/tests/audit_test.go`) to test the *flow*.
|
||||
- **Run**: Execute `go test ./internal/api/tests/...` (or specific path). Run local CodeQL and Trivy scans (they are built as VS Code Tasks so they just need to be triggered to run), pre-commit all files, and triage any findings.
|
||||
- Always run run GolangCI-Lint in docker to ensure consistent linting.
|
||||
- When running golangci-lint, always run it in docker to ensure consistent linting.
|
||||
- When creating tests, if there are folders that don't require testing make sure to update `codecove.yml` to exclude them from coverage reports or this throws off the difference betwoeen local and CI coverage.
|
||||
- **Cleanup**: If the test was temporary, delete it. If it's valuable, keep it.
|
||||
</workflow>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user