home / skills / doanchienthangdev / omgkit / omega-testing
This skill helps you implement comprehensive testing across accuracy, performance, security, and accessibility to ensure production-grade quality.
npx playbooks add skill doanchienthangdev/omgkit --skill omega-testingReview the files below or copy the command above to add this skill to your agents.
---
name: testing-omega-quality
description: Implements comprehensive testing across all quality dimensions - accuracy, performance, security, and accessibility. Use when building test strategies or ensuring production-grade quality assurance.
category: omega
triggers:
- omega testing
- comprehensive testing
- test strategy
- quality assurance
---
# Testing Omega Quality
Master **comprehensive testing strategies** covering all quality dimensions - accuracy, performance, security, and accessibility.
## Quick Start
```yaml
# 1. Define test strategy with 4 dimensions
TestStrategy:
Accuracy: { unit: 80%, integration: 60%, e2e: "critical paths" }
Performance: { p95: "<200ms", concurrent: 50 }
Security: { injection: true, auth: true, xss: true }
Accessibility: { wcag: "2.1 AA", keyboard: true }
# 2. Follow the test pyramid
Pyramid:
Unit: 80% # Fast, isolated, business logic
Component: 70% # UI components with mocks
Integration: 60% # API endpoints, data flow
E2E: "critical" # Happy paths, auth, checkout
# 3. Run quality gates in CI
Gates: ["coverage > 80%", "no-security-issues", "a11y-pass"]
```
## Features
| Feature | Description | Guide |
|---------|-------------|-------|
| 4D Testing | Accuracy, Performance, Security, Accessibility | Cover all quality dimensions |
| Test Pyramid | Unit, Component, Integration, E2E layers | More units, fewer E2E |
| Property-Based | Test with generated inputs | Catch edge cases automatically |
| Performance | Response time, load, memory testing | Percentile-based thresholds |
| Security | SQL injection, XSS, auth bypass tests | OWASP-aligned coverage |
| Accessibility | WCAG compliance, keyboard, screen reader | Automated a11y scanning |
| Visual Regression | Screenshot comparison testing | Catch UI regressions |
## Common Patterns
### The Omega Test Pyramid
```
/\
/E2E\ <- Critical paths only (slowest)
/─────\
/ Visual \ <- Screenshot comparisons
/───────────\
/ Integration \ <- Service boundaries, APIs
/───────────────\
/ Component \ <- UI components isolated
/───────────────────\
/ Unit \ <- Fast, business logic (most)
/─────────────────────────\
```
### Four Quality Dimensions
```typescript
interface OmegaTestSuite {
accuracy: {
happyPath: Test[]; // Normal use cases
edgeCases: Test[]; // Boundary conditions
errorCases: Test[]; // Failure handling
};
performance: {
responseTime: Test[]; // p50, p95, p99 latency
throughput: Test[]; // Requests per second
memory: Test[]; // Leak detection
};
security: {
authentication: Test[];
authorization: Test[];
injection: Test[]; // SQL, XSS prevention
};
accessibility: {
wcag: Test[]; // WCAG 2.1 AA
keyboard: Test[]; // Tab navigation
screenReader: Test[]; // ARIA labels
};
}
```
### Unit Testing Patterns
```typescript
// Arrange-Act-Assert pattern
describe('calculateDiscount', () => {
it('applies 10% discount for orders over $100', () => {
// Arrange
const order = createOrder({ subtotal: 150 });
// Act
const result = calculateDiscount(order);
// Assert
expect(result.discount).toBe(15);
expect(result.total).toBe(135);
});
});
// Parameterized edge cases
it.each([
['missing @', 'userexample.com', false],
['valid format', '[email protected]', true],
['empty string', '', false],
])('validateEmail %s: %s -> %s', (_desc, email, expected) => {
expect(validateEmail(email)).toBe(expected);
});
// Property-based testing
it('sorted array has same length as input', () => {
fc.assert(fc.property(fc.array(fc.nat()), (arr) => {
return sortArray(arr).length === arr.length;
}));
});
```
### Integration Testing
```typescript
describe('UserService Integration', () => {
let db: TestDatabase;
beforeAll(async () => { db = await createTestDatabase(); });
afterAll(async () => { await cleanupTestDatabase(db); });
it('persists user to database', async () => {
const user = await userService.createUser({
email: '[email protected]', name: 'Test'
});
const dbUser = await db.query('SELECT * FROM users WHERE id = $1', [user.id]);
expect(dbUser.email).toBe('[email protected]');
});
it('rolls back transaction on failure', async () => {
vi.spyOn(db, 'commit').mockRejectedValueOnce(new Error('DB error'));
await expect(userService.transfer(from, to, 50)).rejects.toThrow();
// Verify no changes persisted
expect(await userService.getBalance(from)).toBe(originalBalance);
});
});
```
### Performance Testing
```typescript
describe('API Performance', () => {
it('responds within SLA', async () => {
const times: number[] = [];
for (let i = 0; i < 100; i++) {
const start = performance.now();
await api.get('/users');
times.push(performance.now() - start);
}
expect(percentile(times, 50)).toBeLessThan(50); // p50 < 50ms
expect(percentile(times, 95)).toBeLessThan(100); // p95 < 100ms
expect(percentile(times, 99)).toBeLessThan(200); // p99 < 200ms
});
it('handles concurrent load', async () => {
const requests = Array(50).fill(null).map(() => api.get('/users'));
const responses = await Promise.all(requests);
expect(responses.every(r => r.status === 200)).toBe(true);
});
});
```
### Security Testing
```typescript
describe('Security Tests', () => {
const sqlPayloads = ["'; DROP TABLE users; --", "' OR '1'='1"];
const xssPayloads = ['<script>alert("xss")</script>', '<img onerror=alert(1)>'];
it.each(sqlPayloads)('prevents SQL injection: %s', async (payload) => {
const response = await api.get(`/users?search=${encodeURIComponent(payload)}`);
expect(response.status).not.toBe(500);
expect(await db.query('SELECT * FROM users')).toBeDefined();
});
it.each(xssPayloads)('escapes XSS payload: %s', async (payload) => {
await api.post('/posts', { content: payload });
const html = (await api.get('/posts')).body.posts[0].content;
expect(html).not.toContain('<script>');
});
it('rate limits login attempts', async () => {
for (let i = 0; i < 10; i++) {
await api.post('/login', { email: 'x', password: 'wrong' });
}
const response = await api.post('/login', { email: 'x', password: 'wrong' });
expect(response.status).toBe(429);
});
});
```
### Accessibility Testing
```typescript
test.describe('Accessibility', () => {
test('page has no WCAG violations', async ({ page }) => {
await page.goto('/');
const results = await new AxeBuilder({ page })
.withTags(['wcag2a', 'wcag2aa', 'wcag21aa'])
.analyze();
expect(results.violations).toEqual([]);
});
test('keyboard navigation works', async ({ page }) => {
await page.goto('/');
const focusable = 'a, button, input, [tabindex]:not([tabindex="-1"])';
const elements = await page.locator(focusable).all();
for (const _ of elements) {
await page.keyboard.press('Tab');
const focused = await page.evaluate(() => document.activeElement?.tagName);
expect(focused).toBeDefined();
}
});
test('images have alt text', async ({ page }) => {
const images = await page.locator('img').all();
for (const img of images) {
expect(await img.getAttribute('alt')).toBeTruthy();
}
});
});
```
### E2E Critical Path
```typescript
test('complete purchase flow', async ({ page }) => {
// Login
await loginAsTestUser(page);
// Add to cart
await page.goto('/products/test-product');
await page.click('[data-testid="add-to-cart"]');
// Checkout
await page.click('[data-testid="checkout-button"]');
await page.fill('[data-testid="card-number"]', '4242424242424242');
await page.click('[data-testid="place-order"]');
// Verify
await expect(page).toHaveURL(/\/orders\/[a-z0-9-]+/);
await expect(page.locator('[data-testid="order-status"]'))
.toHaveText('Order Confirmed');
});
```
## Best Practices
| Do | Avoid |
|----|-------|
| Test all four quality dimensions | Testing only happy paths |
| Follow the test pyramid (more units) | Relying heavily on E2E tests |
| Use descriptive test names | Testing implementation details |
| Test edge cases systematically | Writing flaky tests |
| Keep tests independent (no shared state) | Using sleep/delays for timing |
| Use factories for test data | Hardcoding test data |
| Mock external dependencies in unit tests | Over-mocking in integration tests |
| Run tests in CI on every commit | Ignoring failing tests |
| Fix flaky tests immediately | Skipping tests without reason |
| Chase meaningful coverage, not 100% | Testing framework code |
This skill implements a comprehensive testing framework that covers accuracy, performance, security, and accessibility to achieve production-grade quality. It codifies a test pyramid, quality gates for CI, and repeatable patterns for unit, integration, performance, security, and accessibility tests. The goal is to help teams define measurable SLAs and run reliable automated checks across the full delivery pipeline.
The skill provides templates and patterns for building test suites across four dimensions: accuracy (unit/integration/e2e), performance (percentile SLAs and load), security (OWASP-style payloads and rate limits), and accessibility (WCAG checks and keyboard/screen-reader tests). It recommends a test pyramid with focused E2E coverage for critical paths, integrates property-based and visual regression strategies, and defines CI quality gates like coverage thresholds and no-security-issues. Examples show how to structure tests, mock dependencies, run performance scenarios, and automate accessibility scans.
How much E2E coverage do I need?
Focus E2E on critical user journeys only; rely on unit and component tests for broader coverage.
What SLAs should I enforce in CI?
Start with realistic percentile targets (example: p50 < 50ms, p95 < 200ms) and tighten them as the system stabilizes.