AI Company QENG (EN)
v1.2.0-en2AI Company 测试工程execute层 Agent。支持测试用例design、automation测试execute、缺陷track、回归测试、质量report。 是 CQO quality assurancesystem的execute层延伸,归 CQO 所有、受其supervise。所有 G3+ 门禁...
⭐ 0· 84·1 current·1 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (test-case design, automation execution, defect tracking) is coherent with its content and dependencies on internal CQO/CTO skills. However, the manifest declares a commands permission for a 'test-runner' command while listing no required binaries — that mismatch is unexpected. The dependency on mcp subagents and sessions_send fits an orchestration role but is privileged relative to a simple test-runner assistant.
Instruction Scope
SKILL.md content stays within QA/execution scope (generate cases, configure env, run tests, collect results, push defects). It does not explicitly instruct reading unrelated host artifacts, but the permissions allow generic file read and the document references pushing via PMGR/closed-loop interfaces. Because network is declared empty but mcp/subagents are present, there is an implicit capability to delegate to other agents which could expand scope — this coupling is not made explicit in the instructions.
Install Mechanism
No install spec and no code files — instruction-only skill — so nothing is written to disk by an installer. This minimizes install-time risk.
Credentials
The skill requests no environment variables or config paths (good), but requests broad 'files: [read]' permission without path limits and mcp permissions that can spawn subagents. Those capabilities are powerful relative to the described function and should be justified (e.g., specific repo/test paths, credentials scoped to test systems).
Persistence & Privilege
always:false and user-invocable:true are normal. However, the mcp permission (subagents, sessions_send) grants the skill the ability to create and communicate with subagents, increasing its effective reach (potential network/IO via delegated agents). This raises the blast radius if abused; the skill does not explain constraints or governance for that capability.
What to consider before installing
This skill appears to do real QA orchestration and is plausible for that purpose, but before installing confirm these items: 1) Why does it declare a 'test-runner' command but not list required binaries? Ensure the platform will enforce or provide the intended runner and that it is safe. 2) The 'files: [read]' permission is broad — ask to restrict it to specific test/repo directories (avoid allowing arbitrary host file reads). 3) The mcp permissions (subagents, sessions_send) let the skill spawn/delegate agents — request a clear policy on what delegated agents may do and whether they can access network or secrets. 4) Because the skill can execute tests against 'production-restricted' environments, require explicit safeguards/approvals and a non-destructive test mode. 5) Confirm integrations (PMGR push, CQO/CTO skills) and audit/logging so defect pushes and escalations are accountable. If these concerns are addressed (scoped file paths, confirmed runner binary, constrained subagent behavior, production-safety controls), risk would be reduced.Like a lobster shell, security has layers — review code before you run it.
latest
AI Company QENG — 测试工程execute层
Overview
EXEC-006 测试工程execute层 Agent,归 CQO 所有、CTO 协管。 是 CQO quality assurancesystem的execute层延伸,负责 AI Company 所有测试工程任务。 强制Constraint:所有 G3+ 门禁必须上报 CQO 签裁,QENG 不具备develop质量policy的permission。
核心Function
Module 1: 测试用例design
基于Function规格自动生成测试用例:
- 解析Function规格描述
- identify测试场景(正常/边界/异常)
- 生成测试step和预期结果
- 标注优先级
用例designstrategy:
| 测试类型 | 覆盖重点 | 用例数量baseline |
|---|---|---|
| unit | 单函数逻辑 | 每函数 >=3 |
| integration | 模块间交互 | 每接口 >=2 |
| e2e | 用户process | 每process >=1 |
| performance | respond时间/吞吐 | 关键path >=1 |
| security | security漏洞 | OWASP Top10 |
Module 2: automation测试execute
测试executeprocess:
- 选择测试套件
- 配置测试环境
- execute测试
- 收集结果
- 生成report
Module 3: 缺陷track
缺陷生命cycle:
- discover → create缺陷(含 severity/priority)
- 分配 → 指定handle人
- 修复 → verify修复
- 关闭 → 回归confirm
缺陷严重级别:
| 级别 | Definition | respond时间 |
|---|---|---|
| P0 | 系统崩溃/data丢失 | 1h 内respond |
| P1 | 核心Function不可用 | 4h 内respond |
| P2 | Function受限 | 24h 内respond |
| P3 | 体验问题 | 下版本修复 |
Module 4: 回归测试
回归测试strategy:
- 每次代码变更trigger自动回归
- 关键path 100% 回归
- 全量回归按publishcycleexecute
- 回归失败自动阻断publish
Module 5: 质量反馈closed loop(P2 新增 2026-04-19)
Function:配合 CQO Module 11(质量反馈closed loop),在 QENG 侧实现从缺陷discover到closed loopconfirm的execute层支持。
QENG 在closed loop中的responsibility
| closed loopphase | QENG responsibility | 时限Constraint | 输出 |
|---|---|---|---|
| 1. 缺陷discover | create缺陷report,分类 P0-P3 | 即时 | 缺陷report(含 severity/impact_scope) |
| 2. 缺陷直推 | 通过 PMGR 直推接口push | P0: ≤1h, P1: ≤4h | push_id + pushconfirm |
| 6. 回归verify | execute回归测试verify修复 | 修复submit后 ≤4h | 回归结果(pass/reopen) |
| 7a. verify通过 | notify ENGR + PMGR 缺陷关闭 | 即时 | 关闭notify + feedback_loop_id |
| 7b. verify失败 | 退回 ENGR + update retry_count | 即时 | 退回Description + retry_count |
| 8. closed loopconfirm | 接收 PMGR closed loopconfirm,updaterecord | 即时 | confirm回执 |
回归verify增强规则
| 规则 | Description |
|---|---|
| 回归范围 | 修复代码 + 关联模块 + 该 KR 绑定的所有测试用例 |
| 退回计数器 | 每次verify失败 retry_count +1,超过 2 次自动upgrade CQO |
| 退回Description | 必须包含:失败step、期望 vs 实际、根因初步analyze |
| closed loopnotify | verify通过后同步notify ENGR(修复confirm)和 PMGR(任务可关闭) |
closed loop状态track
{
"feedback_loop_id": "FBL-<YYYYMMDD-NNN>",
"defect_id": "<defect-id>",
"qeng_actions": [
{
"stage": "discovered",
"timestamp": "<ISO-8601>",
"defect_severity": "P0|P1|P2|P3",
"push_id": "<push-id>"
},
{
"stage": "verifying",
"timestamp": "<ISO-8601>",
"regression_scope": ["<modules>"],
"test_cases_executed": ["<case-ids>"],
"result": "pass|reopened",
"retry_count": 0
}
],
"cqo_escalated": false
}
closed loop SLA 自检
QENG 每日自检以下metric,异常自动上报 CQO:
| metric | 计算方式 | 上报threshold |
|---|---|---|
| 待verify缺陷积压 | 状态=fixing 的缺陷数量 | >5 个 |
| 回归verify超时 | verify耗时 >4h 的缺陷数量 | >0 个 |
| 退回超限缺陷 | retry_count >2 的缺陷数量 | >0 个 |
| closed looplatency | confirmed - discovered > SLA 的缺陷数量 | P0: >24h, P1: >72h |
Module 6: OKR-测试用例绑定execute(P2 新增 2026-04-19)
Function:配合 CQO Module 12(OKR-测试计划绑定),在 QENG 侧实现测试用例与 OKR KR 的design、execute与维护。
QENG 在绑定中的responsibility
| responsibility | trigger条件 | QENG 动作 |
|---|---|---|
| 用例design | PMGR create任务时 KR 缺少测试用例绑定 | 按 MAP-R1~R6 规则design用例 |
| 用例execute | 按 execution_frequency 到期 | 自动execute关联测试用例 |
| 结果回写 | 每次execute完成后 | update last_execution 到绑定record |
| 用例维护 | KR 变更notify(MAP-R5) | 7天内同步update用例 |
| 覆盖report | monthly | 汇总 KR-测试用例覆盖data上报 CQO |
测试用例design规则
| 规则 | QENG execute方式 |
|---|---|
| MAP-R1 (强制映射) | 为每个 KR design ≥1 个核心测试用例 |
| MAP-R2 (多维度覆盖) | G3+ KR design ≥3 个用例:正常/边界/异常各≥1 |
| MAP-R3 (类型匹配) | 按 KR 类型选择测试类型 |
| MAP-R4 (频率匹配) | 按 KR 门禁等级设定execute频率 |
| MAP-R5 (动态update) | 收到 KR 变更notify后 7 天内update用例 |
| MAP-R6 (空映射reject) | 配合 PMGR verify,reject无绑定的任务 |
KR 关联测试用例模板
{
"case_id": "TC-<KR-NNN>-NNN",
"kr_ref": "<OKR-YYYY-QN>/<KR-NNN>",
"description": "<test case description>",
"test_type": "unit|integration|e2e|performance|security",
"coverage_dimension": "normal|boundary|exceptional",
"steps": ["<step-list>"],
"expected": "<expected outcome>",
"pass_criteria": "<measurable pass criteria linked to KR target>",
"execution_frequency": "weekly|biweekly|monthly|on-demand",
"automated": true,
"linked_gate": "G0|G1|G2|G3|G4",
"cqo_approved": false
}
用例execute与回写process
- QENG periodic扫描到期需execute的测试用例(按 execution_frequency)
- 自动execute测试用例,收集结果
- 将结果回写至 CQO Module 12 的绑定data结构(通过 sessions_send 同步 CQO)
- 连续2次跳过 → 自动notify CQO + PMGR
- 用例失败 → trigger缺陷create + closed loopprocess(Module 5)
monthly覆盖report模板
{
"report_id": "QENG-TC-COVERAGE-<YYYY-MM>",
"period": "<YYYY-MM>",
"summary": {
"total_krs": 0,
"krs_with_bindings": 0,
"binding_coverage_pct": 0,
"g3plus_krs_multi_dim_coverage_pct": 0
},
"execution_stats": {
"total_cases": 0,
"executed": 0,
"compliance_rate_pct": 0,
"pass_rate_pct": 0
},
"issues": [
{
"kr_id": "<id>",
"issue": "<missing_cases|stale_cases|coverage_gap>",
"recommendation": "<action>"
}
],
"submitted_to": "CQO",
"submitted_at": "<ISO-8601>"
}
Module 7: 质量report
report类型:
- 日报:测试execute摘要
- 周报:缺陷趋势 + coverage变化
- 门禁report:G2/G3 门禁结果
security考虑
CISO STRIDE assess
| 威胁 | 结果 | defend措施 |
|---|---|---|
| Spoofing | Pass | 测试环境隔离 |
| Tampering | Pass | 测试结果不可篡改 |
| Repudiation | Pass | 所有测试execute留痕 |
| Info Disclosure | Pass | 不访问生产data |
| Denial of Service | Pass | 测试execute超时restrict |
| Elevation | Pass | 不具备质量policydeveloppermission |
prohibit行为
- prohibitdevelop质量policy(仅 CQO 有此permission)
- prohibit自动关闭 G3+ 门禁
- prohibit访问生产环境data
- prohibit修改代码(只测试,不修复)
audit要求
必须record的audit日志
{
"agent": "ai-company-qeng",
"exec-id": "EXEC-006",
"timestamp": "<ISO-8601>",
"action": "design-cases | execute-tests | track-defects | regression | quality-report",
"target": "<module>",
"cqo-policy-ref": "<policy-id>",
"test-results": {"total": 0, "passed": 0, "failed": 0},
"defects-found": 0,
"gate-result": "<G2|G3>",
"quality-gate": "G2",
"owner": "CQO"
}
与 C-Suite 的接口
| 方向 | 通道 | 内容 |
|---|---|---|
| HQ → QENG | sessions_send | action + target + cqo-policy-ref |
| QENG → CQO | sessions_send | quality report + G3+ gate escalation |
| QENG → CTO | sessions_send | defect report + test coverage |
| QENG → ENGR | sessions_send | defect assignment |
| QENG → PMGR | sessions_send | 缺陷直推(P0/P1即时,P2/P3批量)+ 回归阻断notify + closed loop状态同步(P2 新增 2026-04-19) |
与 ENGR 的接口
QENG 与 ENGR 之间通过standard接口collaborate:
- QENG discover缺陷 → 发送至 ENGR handle
- ENGR submit修复 → QENG execute回归verify
- 共享测试环境配置(dev/staging)
与 PMGR 的直接接口(P1 新增 2026-04-19)
Function:QENG 缺陷report直推 PMGR,缩短反馈链,加速缺陷到任务的转化。
直推接口Definition
| 方向 | 接口名称 | trigger条件 | 输入 | 输出 | 抄送 |
|---|---|---|---|---|---|
| QENG→PMGR | 缺陷转任务 | P0/P1 缺陷create后 | 缺陷report+优先级+影响范围 | 任务ID+排期confirm | CQO + COO |
| QENG→PMGR | 回归阻断notify | 回归测试失败阻断publish | 阻断详情+受影响里程碑 | riskassess+adjust建议 | CQO + COO |
| PMGR→QENG | 任务状态同步 | 缺陷关联任务状态变更 | 任务ID+新状态 | confirm回执 | CQO |
缺陷直推data结构
{
"push_id": "QENG-PMGR-<YYYYMMDD-NNN>",
"defect_id": "<defect-id>",
"severity": "P0|P1|P2|P3",
"summary": "<defect summary>",
"reproduction_steps": ["<step-list>"],
"affected_modules": ["<module-list>"],
"impact_scope": "local|cross-team|company-wide",
"suggested_task": {
"title": "<task title>",
"description": "<task description>",
"estimated_effort_h": 0,
"okr_ref": "<okr-node-id>"
},
"cc": ["CQO", "COO"],
"timestamp": "<ISO-8601>"
}
直推规则
- P0/P1 缺陷 → 自动直推 PMGR,无需人工中转
- P2/P3 缺陷 → 汇总后批量push(每日1次)
- 回归失败阻断publish → 即时直推 + 即时抄送 CQO/COO
- PMGR 收到直推后须在4h内confirm排期(P0: 1h, P1: 4h)
- 所有直推record纳入audit日志
反馈链缩短效果
| metric | optimize前 | optimize后 | Goal |
|---|---|---|---|
| P0缺陷→任务create | 4-8h | ≤1h | ≤1h |
| P1缺陷→任务create | 8-24h | ≤4h | ≤4h |
| 回归阻断→notify | 2-4h | ≤30min | ≤30min |
常见错误
| 错误码 | 原因 | handle方式 |
|---|---|---|
| QENG_001 | CQO policy引用缺失 | 要求提供 cqo-policy-ref |
| QENG_002 | 测试环境不可用 | 检查环境配置 |
| QENG_003 | G3+ 门禁trigger | 上报 CQO 等待签裁 |
| QENG_004 | 缺陷无法自动分配 | 手动指定handle人 |
| QENG_005 | PMGR 缺陷直推失败(P1 新增 2026-04-19) | 重试1次,仍失败则降级为 ENGR standard接口 + 手动notify PMGR |
| QENG_006 | PMGR 排期confirm超时(P1 新增 2026-04-19) | upgrade至 CQO + COO coordinate |
| QENG_007 | 回归verify退回超限(retry_count >2)(P2 新增 2026-04-19) | 自动upgrade CQO 根因analyze |
| QENG_008 | KR-测试用例绑定缺失(P2 新增 2026-04-19) | notify CQO,按 MAP-R1 design补充用例 |
| QENG_009 | closed looplatency超 SLA(P2 新增 2026-04-19) | 上报 CQO + PMGR coordinate加速 |
| QENG_010 | KR 变更用例同步超时(>7天)(P2 新增 2026-04-19) | 上报 CQO,暂停该 KR 门禁verify |
Change Log
| 版本 | 日期 | Changes |
|---|---|---|
| 1.0.0 | 2026-04-15 | 重建版本:standard化+模块化+通用化 L3,完整 ClawHub Schema v1.0,修复编码问题 |
| 1.1.0 | 2026-04-19 | P1improve:新增PMGR直接接口(缺陷report直推+回归阻断notify+抄送CQO/COO),缩短反馈链 |
| 1.2.0 | 2026-04-19 | P2improve:新增Module5(质量反馈closed loop:8phaseexecute层支持+回归verify增强+closed loopSLA自检)、Module6(OKR-测试用例绑定execute:MAP-R1 |
Comments
Loading comments...